last executing test programs: 7m56.035215674s ago: executing program 0 (id=348): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) socket$kcm(0x2, 0xa, 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000000010000fd00", @ANYRES32=0x1, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0400"/28], 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0) sendmsg$NL80211_CMD_FRAME(r2, 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000080)=[@in6={0xa, 0x4e24, 0xf1, @loopback, 0x19f49a9}], 0x1c) recvfrom$inet_nvme(0xffffffffffffffff, 0x0, 0x0, 0x20, &(0x7f00000003c0)=@hci={0x1f, 0x1}, 0x80) r3 = syz_open_dev$vcsa(&(0x7f0000000040), 0x1, 0x48042) writev(r3, 0x0, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)={0x2c, 0x40, 0x107, 0xfffffffe, 0x2, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x14}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4048011}, 0xc800) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xe, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad44afac11d875397bdb22d0000b4a0d93481b232b11b819ef6167d3d458dd4992861ac00", "f4bd1a8000801900", [0x0, 0x1000008]}}) 7m54.462979522s ago: executing program 0 (id=352): socket$kcm(0x2, 0x1, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r1, 0x1, 0x100, 0x25dfdbfd, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x6048800) syz_usb_connect(0x2, 0x2d, 0x0, 0x0) 7m51.095032364s ago: executing program 0 (id=360): r0 = socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.empty_time\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) close(r0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r2}) r3 = getpgrp(0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(r3, 0xe, &(0x7f0000000140)={0xa, 0x8c}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt(0xffffffffffffffff, 0x84, 0x82, &(0x7f00000002c0)="1af30500", 0x4) unshare(0x20060400) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1", 0x12) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000003, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) brk(0x20000005b000) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f00000001c0)={0x28, 0x5, r2, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1004000}) 7m48.661813108s ago: executing program 0 (id=369): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file2\x00', 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) lstat(&(0x7f0000000080)='./file0\x00', 0x0) lsetxattr$security_capability(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x1240020, 0x0) 7m48.387373597s ago: executing program 0 (id=373): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x2, 0xa, 0x5, 0x9, 0x2, 0x0, 0x70bd2c, 0x25dfdbfd}, 0x10}}, 0x40004) 7m48.200509082s ago: executing program 0 (id=375): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="01000000420000000600000008000000000000"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001, 0x0, r0}, 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r1}, 0x38) 7m33.101862743s ago: executing program 32 (id=375): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="01000000420000000600000008000000000000"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001, 0x0, r0}, 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r1}, 0x38) 5m33.672226366s ago: executing program 3 (id=883): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x204092, &(0x7f0000000200), 0x6, 0x515, &(0x7f0000000c00)="$eJzs3V1PY3kZAPDnlHYGdtGyu16smziL+xLG6BRY9oV4sS6JL1ebGNd7BqEQQqETKLsDmSjzCTRmoibe6JU3Jn4AEzMfwZhMondeeKWZKONceGNqTns6A6XFTqa0M/D7JYfzP/8/Pc/zFFrOGz0BXFiTEfFRRIxExNsRUcz6c9kUB80p/b4Hh7eW0ymJev2TfyaRZH3t63wxe1jqe9+J+EFyMu7O3v7GUqVS3j7evX9tfXNprbxW3pqbm31//oP59+ZneqwkyZ82+lJEfPjNhz/78W++/eEfvvbZ3xb/cfWHaVrXs/FOdfRDs/RCjB5bPj/S35t8o0IAAJ4Hr0TEyxHxRkR8JYoxEqduRgMAAADPofo3xi+3mgAAAMD5lIuI8Uhypex63/HI5Uql5jW8X4gXcpXqTu2rq9XdrZV0LGIiCrnV9Up5JrtWeCIKSbo822g/Xn6nbXkuuwb3TnEsXW6MAQAAAIOx0Lb//7DY3P8HAAAAzpnOJ+NHBp4HAAAAcHZcjA8AAADnn/1/AAAAONe++/HH6VR/cHircR+AlU/3djeqn15bKe9slDZ3l0vL1e0bpbVqda1SLvXwHwGVavXGu7G1e3O6lt+pTe/s7S9uVne3aouN+3ovll8eQE0AAADAcS+9fvcvSUQcfH2sMaUuZWOFoWYGPEOSfFvH9S8PKROgLzoc0h879QGTu2eXDDBQ7X/TgYvDPj6QtHe0bRiMdttU+GN7x5X/G8s2BwAADMfUF53/h4sqN+wEgKH5yYmeS0PJAxi8no/FT55tHsDgFdzmDy68E+f/24x2Gzhx/r+bev2JEgIAAPpuvDk7iOxc4HjkcqXSo9OCyep6pTwTEZ+PiD8XC5fT5dkh5gsAAAAAAAAAAAAAAAAAAAAAAAAAz6N6PYk6AAAAcK5F5P6eZPf/miq+Nd5+fOBS8p9iZHcF/uyXn/z85lKttj2b9v/rUX/tF1n/O8M4ggEAAAAXUeHU0dZ+ems/HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD66cHhreXWNMi49xdiLCY6xc/HaGM+GoWIeOHfSeSPPC6JiJE+xD+4HRGvdoqfpGnFRJZFe/xcRIwNOf6LfYgPF9ndhYj4qNPrLxeTjXnn118+m57W/YXGi7xj/Nb730iX97/P9RjjtXu/m+4a/3bEa/mT8ccjeRQ/6RL/zR7jX//+/n63sfqvI6Y6/v1JmrNc9o21zRvTO3v719Y3l9bKa+WtubnZ9+c/mH9vfmZ6db1Szr52jPHTL/3+4E7X+psBjsZv1TnRzPBH3ep/q8f6/3vv5uErzWbhZPyIq292/vm/2ph3fv7T34m3s6cnHZ9qtQ+a7aOu/PZPV7rllsZf6fL8N3/+xfrj+Plj9V/trfyjNf+qt4cAAGdpZ29/Y6lSKW8PoPHGu/1bYdJopFtBA0p+2I3WwY5nJZ/R4US/HMOt/VtPvZ7W5vDTrOevfasr3WfoPDTENyUAAOBMPN7oH3YmAAAAAAAAAAAAAAAAAAAAcHE1/v9/5Ak/CPD1J/uksfaYB8MpFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgVP8LAAD//9WHwV0=") r0 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000000)={0xa, @sliced={0x3, [0xf, 0x100, 0x7, 0x9, 0x5, 0x8, 0xf01b, 0x9, 0x3, 0x8, 0x4, 0x1000, 0x3, 0x49bd, 0xffff, 0x5, 0x6, 0xf711, 0xff81, 0x0, 0x7092, 0x6, 0x0, 0x2, 0x5, 0x7ff, 0x78c6, 0xc, 0x9, 0xfff9, 0x40, 0x8, 0x1, 0x7ff, 0x9, 0x0, 0x2, 0x6, 0x8001, 0x7ff, 0x400, 0x2, 0x2, 0x4, 0x0, 0x3, 0x9, 0x4], 0x56e}}) ioctl$VIDIOC_S_STD(r0, 0x40085618, &(0x7f0000000100)=0x3fb11a0) 5m31.422613533s ago: executing program 3 (id=889): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) write$bt_hci(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="032b040900a5cea0f3f452a790"], 0xd) 5m30.14671624s ago: executing program 3 (id=895): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x1a00048, &(0x7f00000003c0)=ANY=[@ANYBLOB="73686f72746e616d653d7769b139352c756e695f786c6174253d302c726f6469722c636865636b3d6e6f726d616c2c6b6f6e6f6e756d7461696c3d302c757466383d312c636f6465706167653d3837342c777466383d302c71756965742c73686f72746e616d653d6c6f7765722c757466383d312c756e695f786c6174653d302ce21a66383d302c696f636861727365743d69736f383835392d31332c000000000000000000000000000000003980d43049a3d23306d785aa0fbcc7ade2df794c8c253cff1000ce1c053e0e3758937e8191499c5084c554d0440168a13b041c908249a5b9ba1c5ab8a2bc280d01d93e8d855e"], 0x3, 0x356, &(0x7f0000000580)="$eJzs3UFoW/UfAPBv9tKkHezfHv4wFISn4EHQslU86KlldDDMRSVMPYjBdSpNHTQY7A7N6s2j4FFP3jzowcPOIijizYNXJ8hUPOhuA4dPkpc0L03SdUI7i5/PIXz3/X2/+f3e8mheX5tfX12O9UszcfnWrZsxO1uK8vK55bhdioVIYuBajKtMyAEAx8PtLIs/stwBW0qHvCQA4JD13v9fP1XIvPvVfvWZd38AOPb63//P7VczO23gyqEsCQA4ZGP3/x8ZGa6M/qi/XPitAADguHrhpZefXalFPJ+msxEbFx+NqMczw/GVy/FmNGMtzsR83InILxS6D6Xe4/kLtdUzaZp24ueFqHc72vWIjU67nl8prCS9/mqcjflY6Pf3rzayLEvOf15bPZv2RMS1Trve6y+16zNxsj//DydjLZYijf+P9UdcqK0upf0nqG8M+jsRO8P7Ft31L8Z8fPdaXIlmXIpu7+Cypra6fTZNz2W1kf52vdqry029AwIAAAAAAAAAAAAAAAAAAAAAAP/IYrprYXf/m2y4f8/i4oTx3v44eX9/f6CdfH+grJpFlv3+zhP195IY2R9o7/487Xo5TtzfQwcAAAAAAAAAAAAAAAAAAIB/jdZWJRrN5tpma+vqejHobLa2TkREN/PWN59+ORfjNXcJyv05CkNpP3V1vZElg+IsGanpB0l38kHmk+u7Ky7WVHePYuIyqtOHms1TD//04TDzUDJ45r+GNUlMPsBkzzKKwcb/8iXdy3/UbrB0l5obWZZNa99+ZbwrShHle3/h9g+ybvD1zTceeLJ1+qle5oss99jj8xdvfPDxr+uNZnfm6L2Clc3WnWy90f/35JNtepAUzp9S5EGpeCaU92vfGc00ku9/e/HB97892OxZMfP2hJokP5zP9g5V8qC7zD1Dc5Pmmplw8h9CcPqj5cb17R9/mV5THTlpC18kbNQBAAAAAAAAAAAAAAAAAABHovBZ8Yi5GH7Yd2a/rqefO5rVAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDRGP79/0KwM5Y5SPBnJ8aHqmubrYjK/T5MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+4/4OAAD//x2CbEo=") r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'team_slave_0\x00'}) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_read_part_table(0x5da, &(0x7f0000000600)="$eJzs071rJGUYAPBn5lzGU+IucniFzcJteSrE4ix2wSPsLdu44TjlGsFOrjiLE4srQsLdFVbR/AOGfNikCZZCwEYSISSwaQxBLEIaGyEhTaqR3RlMCBZCEk2O3694P5+ZZ16ed4IrLY2fylGeRUQWI+U0O47Jfps6tVIZttfj46X2vW59/O79BxFJ/Pn7yGfJtSIiGTTlOH6N+GHQ1yJ65Vu62Wh/bn3sYKm2cWtrrbGQlq9fSSMG2R7vLlaHC5/PXNzhufKWB9fmxZPO9NPWo+3OxN778VqxcWe+OfnJzebDtJiuFP2P556/tVp9fiJ/o5/GZt7bH9z14ico5OedmEvhdP1nbzzbeXb0URJfvXf7zZ2fJ78t78Bh8n9/KQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8LJbvh7VePGkM/209ejLryM+XXin/fY37S9m7sw3J7ObzYdpEbeSHj/zR/Xv4Stnzt9arT4v8091JvYa/Q++38x7+9+NvFtZ6x+N/lLG3U7OmonLqKx/DOq/3ZnYm73xakRUhnv5iZofJhFvnX749Tz7Tz8WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgS2ve69fG79x9EJMP5WFqrDPo8K/aTsq2U8b1yvZuN9ufWxw6Wahu3ttYaC+NZ1Nv1iDyNmIqIx7uL1YgP/ynltaJ746KPxr/wVwAAAP//C0l24A==") sched_setscheduler(0x0, 0x3, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x153042, 0x80) sendfile(r5, r5, 0x0, 0x7a680000) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000040)) sendmsg$TEAM_CMD_OPTIONS_SET(r3, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f0000000080)={[{@i_version}, {@nogrpid}, {@bh}]}, 0x1, 0x51d, &(0x7f0000000200)="$eJzs3c9vHFcdAPDvTLK2k7h1WnoABG1oCwFFWceb1qp6gHJCCFVC9AhSauyNZXnXa3nXpTaRcM9ckajECY78AZx74s4FwY1LOSDxwwLVSBwGzezY2di79uaHvZb385FG89688X7fizPvzbxd7wtgbN2IiJ2ImIiI9yNipjyelFu8093y8z7bfbC4t/tgMYkse++fSVGeH4uen8ldK19zKiJ+8J2IHydH47a3tlcXGo36Rpmf7TTXZ9tb27dXmgvL9eX6Wq02Pzd/5627b9YeozVTx5a+0pwoU1/+9A873/hpXq3p8khvO56lbtMrB3FylyPie6cRbAQule2ZGHVFeCJpRLwYEa8W1/9MXCp+mwDARZZlM5HN9OYBgIsuLebAkrRazgVMR5pWq905vJfiatpotTu37rc215a6c2XXo5LeX2nU75RzhdejkuT5uSL9MF87lL8bES9ExC8mrxT56mKrsTTKGx8AGGPXDo3//5nsjv8AwAV3/MdmAICLyPgPAOPH+A8A48f4DwDjpzv+X3ncH8uy7GenUR0A4Ax4/geA8WP8B4Cx8v133823bK/8/uulD7Y2V1sf3F6qt1erzc3F6mJrY7263GotF9/Z0zzp9Rqt1vrcG7H54fVvrrc7s+2t7XvN1uZa517xvd736pXirJ0zaBkAMMgLr3zy5yQfkd++UmzRs5ZDZaQ1A05bOuoKACNzadQVAEbGal8wvh4+4z/2hwBMD8AF0WeJ3kdM9fsDoSzLstOrEnDKbn7B/D+Mq575f58ChjFz0vx/sTawNwnhQjL/D+Mry5Jh1/yPYU8EAM63Y+b4r5/lfQgwOgPe/3+x3P+2fHPgR0uHz/j4NGsFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA59v++r/Vcpnf6UjTajXiuWIBoEpyf6VRvxMRz0fEnyYrk3l+bsR1BgCeVvq3pFz/6+bM69OPFL187SA5ERE/+dV7v/xwodPZ+GPERPKvyf3jnY/L47UTg02dRgsAgOPtj9PFvudB/rPdB4v721nW5+/f7t4V5HH3didi7yD+5bhc7KeiEhFX/52U+a6kZ+7iaex8FBGf79f+JKaLOZDuLcvh+Hns5840fvpI/LRcoDkt/y0+9wzqAuPmk7z/eaff9ZfGjWLf//qfKnqop1f2f/lLLe4VfeDD+Pv936UB/d+NYWO88fvvdlNXjpZ9FPHFyxH7sfd6+p/9+MmA+K8PGf8vX3r51UFl2a8jbkb/+L2xZjvN9dn21vbtlebCcn25vlarzc/N33nr7pu12WKOenbwaPCPt289P6gsb//VAfGnTmj/V4ds/2/+9/4Pv3JM/K+/1i9+Gi8dEz8fE782ZPyFq78b+Nydx1862v5kmN//rSHjf/rX7SPLhgMAo9Pe2l5daDTqGxIS5z+R/5c9B9Xom/jWWcWaiP5FP3+te00fKsqyJ4o1qMd4FrNuwHlwcNFHxH9HXRkAAAAAAAAAAAAAAKCvs/iLpVG3EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIvr/wEAAP//Rb3T2A==") openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0x148) 5m25.896168546s ago: executing program 3 (id=902): syz_emit_ethernet(0x3e, &(0x7f00000000c0)={@local, @random="7f0a00030011", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}}}, 0x0) 5m25.474164448s ago: executing program 3 (id=906): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) mount$overlay(0x0, 0x0, 0x0, 0x8, &(0x7f0000000200)) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) 5m21.751232099s ago: executing program 3 (id=924): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000884) ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80}], 0x1, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r2 = getpid() r3 = syz_pidfd_open(r2, 0x0) setns(r3, 0x24020000) syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81902) 5m6.622877506s ago: executing program 33 (id=924): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000884) ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80}], 0x1, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r2 = getpid() r3 = syz_pidfd_open(r2, 0x0) setns(r3, 0x24020000) syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81902) 3m47.504094057s ago: executing program 2 (id=1143): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x15) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000002c0)=0x7e) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000540)=0x9) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000240)) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x7e) 3m47.251289955s ago: executing program 2 (id=1148): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000140)=@get={0x1, &(0x7f0000000040)=""/220, 0x5}) 3m45.02497591s ago: executing program 2 (id=1141): openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x80782, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000000)=0x0) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000040)={0x0, 0x0, 0xa9f5, 0x85}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) write(r0, &(0x7f0000000900)="b0", 0x1) write(r0, &(0x7f0000000340)="0e", 0x1) 3m38.585655372s ago: executing program 2 (id=1145): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000001c0)='./file0\x00', 0x2048c5, &(0x7f0000000400)={[{@uni_xlateno}, {@fat=@tz_utc}, {@uni_xlate}, {@fat=@usefree}, {@uni_xlateno}, {@fat=@nfs_nostale_ro}, {@shortname_lower}, {@rodir}, {@iocharset={'iocharset', 0x3d, 'maccroatian'}}, {@uni_xlateno}, {@fat=@quiet}, {@utf8no}]}, 0x0, 0x29f, &(0x7f0000000840)="$eJzs3UFrE1sYxvGnSdukKW2yKBfuhct9uW50M7TxEwRpQQwotRF1IUztREPGpGRiJCK2O7d+juLSlYL6Bbpx517cFEFw04UYaZKxaRswra1Tzf8HYU7OOe/MmZyZ8M5AJlvXn94rFwOn6NYVS5pi0rq2pcxOqWuku4y1y+Pqta5zk5/f/Xv1xs1LuXx+ftFsIbd0Pmtm0/+9evDo2f9v6pPXnk+/TGgzc2vrU/b95l+bf299XQrXXpVcW65W6+6y79lKKSg7Zld8zw08K1UCr1a3nvaiX11dbZpbWZlKrda8IDC30rSy17R61eq1prl33FLFHMexqZSGTfzQEYWNxUU3dyKDQRQm+lXWajk33rexsPErBgUAAE6XqPL/u6XASoFVqnvy+4P5f0yHyP+loc7/D4/8fxjs5P+p7vm7F/k/AAAAAAAAAAAAAAAAAAAAAAC/g+1WK91qtdLhMnwlJCUlhe+jHidOBvM/3Hp+uJeU/CeNQqPQWXbac0WV5MvT7Jj0pX08dHXKCxfz87PWltFrf60bv9YoxJUI40OZ/vFznXjrjV/TmFK9288qrZn+8dk+8Y3CuM6eaSW6W/bkKK23t1WVr5X2cb0b/3jO7MLl/L74iXY/AAAAAAD+BI59d+D6vd3uWPjYkH3tncrd+wNK/+D+wL7r61H9MxrdfgMAAAAAMEyC5sOy6/tebQgK4f8fHMsKo//okoN2HpXUrXlxWuZikEJM0lHD4z83yx8l7amZiXy6j6Pw4X7nDBikc5TfSgAAAABOQpj0j0Q9EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhtigDw8L+x/l2WM9m4tHs5cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA6fAtAAD//2kbF4o=") r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00') mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0) mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0) mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x3225808, 0x0) read$FUSE(r0, &(0x7f0000002c00)={0x2020}, 0x2020) 3m37.979161219s ago: executing program 2 (id=1149): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x15) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000002c0)=0x7e) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x7) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000240)) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x7e) 3m36.967046789s ago: executing program 2 (id=1155): bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x40, 0x1ff) socket$inet6(0xa, 0x80000, 0xe6a2) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r5 = getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) kcmp(r5, r5, 0x0, r7, r6) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={0x0}, 0x1, 0x0, 0x0, 0x8040}, 0x44000) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000f00)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x118, 0x1170, 0x1170, 0x0, 0x1170, 0x208, 0x1398, 0x1398, 0x208, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @private2={0xfc, 0x2, '\x00', 0x1}, [0xffffffff, 0xff000000, 0xffffffff], [0x0, 0x0, 0xffffff00, 0xffffff00], 'veth0_vlan\x00', 'veth0_to_hsr\x00', {}, {}, 0x2e, 0x0, 0x0, 0x46}, 0x0, 0xd0, 0xf0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x6}}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310) fcntl$lock(0xffffffffffffffff, 0x24, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) mount$nfs(0x0, &(0x7f0000000340)='./file1\x00', 0x0, 0x20887b, 0x0) mount$nfs(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000500), 0x20040c1, 0x0) syz_usb_connect$uac3(0x0, 0x80, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x40, 0x17cc, 0x1020, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6e, 0x3, 0x1, 0x1, 0xc0, 0x10, {0x8, 0xb, 0x0, 0x1, 0x1, 0x26, 0x30, 0x7}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x30, 0x0, {{0xa, 0x24, 0x1, 0x1, 0xa, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x87, 0xd4, 0x84, {0xa, 0x25, 0x25, 0x800000, 0x11, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x210, 0xfa, 0xa, 0x2, {0xa, 0x25, 0x25, 0x80000000, 0x45, 0x9}}}}}}}}]}}, 0x0) 3m35.963777789s ago: executing program 34 (id=1155): bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x40, 0x1ff) socket$inet6(0xa, 0x80000, 0xe6a2) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r5 = getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) kcmp(r5, r5, 0x0, r7, r6) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={0x0}, 0x1, 0x0, 0x0, 0x8040}, 0x44000) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000f00)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x118, 0x1170, 0x1170, 0x0, 0x1170, 0x208, 0x1398, 0x1398, 0x208, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @private2={0xfc, 0x2, '\x00', 0x1}, [0xffffffff, 0xff000000, 0xffffffff], [0x0, 0x0, 0xffffff00, 0xffffff00], 'veth0_vlan\x00', 'veth0_to_hsr\x00', {}, {}, 0x2e, 0x0, 0x0, 0x46}, 0x0, 0xd0, 0xf0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x6}}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310) fcntl$lock(0xffffffffffffffff, 0x24, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) mount$nfs(0x0, &(0x7f0000000340)='./file1\x00', 0x0, 0x20887b, 0x0) mount$nfs(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000500), 0x20040c1, 0x0) syz_usb_connect$uac3(0x0, 0x80, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x40, 0x17cc, 0x1020, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6e, 0x3, 0x1, 0x1, 0xc0, 0x10, {0x8, 0xb, 0x0, 0x1, 0x1, 0x26, 0x30, 0x7}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x30, 0x0, {{0xa, 0x24, 0x1, 0x1, 0xa, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x87, 0xd4, 0x84, {0xa, 0x25, 0x25, 0x800000, 0x11, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x210, 0xfa, 0xa, 0x2, {0xa, 0x25, 0x25, 0x80000000, 0x45, 0x9}}}}}}}}]}}, 0x0) 3m14.528981413s ago: executing program 6 (id=1156): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x2, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000001c0)={0x9, 0x2, 0x1}) ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc058560f, &(0x7f0000000200)=@multiplanar_mmap={0x0, 0x2, 0x4, 0xffffff7f, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "68ab0498"}, 0x0, 0x1, {0x0}}) 3m13.668177469s ago: executing program 6 (id=1190): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000001c0)='./file0\x00', 0x2048c5, &(0x7f0000000400)={[{@uni_xlateno}, {@fat=@tz_utc}, {@uni_xlate}, {@fat=@usefree}, {@uni_xlateno}, {@fat=@nfs_nostale_ro}, {@shortname_lower}, {@rodir}, {@iocharset={'iocharset', 0x3d, 'maccroatian'}}, {@uni_xlateno}, {@fat=@quiet}, {@utf8no}]}, 0x0, 0x29f, &(0x7f0000000840)="$eJzs3UFrE1sYxvGnSdukKW2yKBfuhct9uW50M7TxEwRpQQwotRF1IUztREPGpGRiJCK2O7d+juLSlYL6Bbpx517cFEFw04UYaZKxaRswra1Tzf8HYU7OOe/MmZyZ8M5AJlvXn94rFwOn6NYVS5pi0rq2pcxOqWuku4y1y+Pqta5zk5/f/Xv1xs1LuXx+ftFsIbd0Pmtm0/+9evDo2f9v6pPXnk+/TGgzc2vrU/b95l+bf299XQrXXpVcW65W6+6y79lKKSg7Zld8zw08K1UCr1a3nvaiX11dbZpbWZlKrda8IDC30rSy17R61eq1prl33FLFHMexqZSGTfzQEYWNxUU3dyKDQRQm+lXWajk33rexsPErBgUAAE6XqPL/u6XASoFVqnvy+4P5f0yHyP+loc7/D4/8fxjs5P+p7vm7F/k/AAAAAAAAAAAAAAAAAAAAAAC/g+1WK91qtdLhMnwlJCUlhe+jHidOBvM/3Hp+uJeU/CeNQqPQWXbac0WV5MvT7Jj0pX08dHXKCxfz87PWltFrf60bv9YoxJUI40OZ/vFznXjrjV/TmFK9288qrZn+8dk+8Y3CuM6eaSW6W/bkKK23t1WVr5X2cb0b/3jO7MLl/L74iXY/AAAAAAD+BI59d+D6vd3uWPjYkH3tncrd+wNK/+D+wL7r61H9MxrdfgMAAAAAMEyC5sOy6/tebQgK4f8fHMsKo//okoN2HpXUrXlxWuZikEJM0lHD4z83yx8l7amZiXy6j6Pw4X7nDBikc5TfSgAAAABOQpj0j0Q9EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhtigDw8L+x/l2WM9m4tHs5cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA6fAtAAD//2kbF4o=") r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00') mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0) mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0) mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x3225808, 0x0) read$FUSE(r0, &(0x7f0000002c00)={0x2020}, 0x2020) 3m13.257322701s ago: executing program 6 (id=1191): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x2, 0x0, @ioapic={0x8000000, 0x9, 0x10004, 0xfffffffe, 0x0, [{0x2, 0x4, 0x87, '\x00', 0x87}, {0x0, 0x8, 0x40, '\x00', 0xb}, {0xff, 0x7f, 0xd3, '\x00', 0x67}, {0x0, 0x5, 0xf5, '\x00', 0xf}, {0x7, 0x9, 0xc, '\x00', 0xfb}, {0x0, 0x2, 0x54, '\x00', 0xff}, {0x71, 0xd5, 0xf1, '\x00', 0x7b}, {0x3, 0x4, 0xc}, {0x7f, 0x5, 0xb, '\x00', 0xb}, {0xd7, 0xd, 0x8, '\x00', 0x6}, {0x0, 0x28, 0x80, '\x00', 0xdc}, {0xff, 0x1, 0xfe, '\x00', 0x1}, {0xfe, 0x7, 0x26}, {0xcf, 0x3, 0x1, '\x00', 0x6}, {0xf, 0xee, 0x7, '\x00', 0x3}, {0x39, 0x2, 0x6, '\x00', 0xb}, {0x9, 0x6, 0x2, '\x00', 0x8}, {0x5, 0xc, 0x5, '\x00', 0xc}, {0x7, 0xe1, 0x7, '\x00', 0xc2}, {0x0, 0x80, 0xe, '\x00', 0x7f}, {0x1, 0xc, 0x80, '\x00', 0x7f}, {0x10, 0x6, 0x3, '\x00', 0x10}, {0x1, 0x23, 0xf3, '\x00', 0x4}, {0x7, 0x6, 0x4}]}}) 3m12.147157883s ago: executing program 6 (id=1192): socket$inet_smc(0x2b, 0x1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$vim2m(0x0, 0x2000000f5, 0x2) r1 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='mountstats\x00') preadv2(r2, &(0x7f00000001c0)=[{&(0x7f0000002240)=""/138, 0x8a}], 0x1, 0x4, 0x0, 0x17) ioctl$IOMMU_VFIO_SET_IOMMU(r1, 0x3b66, 0x1) ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r1, 0x3b72, &(0x7f0000000440)=ANY=[]) socket(0x10, 0x3, 0x0) sendmsg$xdp(0xffffffffffffffff, 0x0, 0x0) io_uring_setup(0x899, 0x0) 3m11.703435136s ago: executing program 35 (id=1192): socket$inet_smc(0x2b, 0x1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$vim2m(0x0, 0x2000000f5, 0x2) r1 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='mountstats\x00') preadv2(r2, &(0x7f00000001c0)=[{&(0x7f0000002240)=""/138, 0x8a}], 0x1, 0x4, 0x0, 0x17) ioctl$IOMMU_VFIO_SET_IOMMU(r1, 0x3b66, 0x1) ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r1, 0x3b72, &(0x7f0000000440)=ANY=[]) socket(0x10, 0x3, 0x0) sendmsg$xdp(0xffffffffffffffff, 0x0, 0x0) io_uring_setup(0x899, 0x0) 7.933756025s ago: executing program 7 (id=1906): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400"], 0x48) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0xe, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000f0cd00000000000004000000850000000500000095"], &(0x7f0000000000)='GPL\x00'}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000001780)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20) sendmsg$unix(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="b3", 0x1}], 0x1, &(0x7f0000000640)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18, 0x20048000}, 0x4000080) 7.671056052s ago: executing program 7 (id=1908): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000001a00)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc) 7.016903881s ago: executing program 7 (id=1910): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x1a00048, &(0x7f00000003c0)=ANY=[@ANYBLOB="73686f72746e616d653d7769b139352c756e695f786c6174253d302c726f6469722c636865636b3d6e6f726d616c2c6b6f6e6f6e756d7461696c3d302c757466383d312c636f6465706167653d3837342c777466383d302c71756965742c73686f72746e616d653d6c6f7765722c757466383d312c756e695f786c6174653d302ce21a66383d302c696f636861727365743d69736f383835392d31332c000000000000000000000000000000003980d43049a3d23306d785aa0fbcc7ade2df794c8c253cff1000ce1c053e0e3758937e8191499c5084c554d0440168a13b041c908249a5b9ba1c5ab8a2bc280d01d93e8d855e"], 0x3, 0x356, &(0x7f0000000580)="$eJzs3UFoW/UfAPBv9tKkHezfHv4wFISn4EHQslU86KlldDDMRSVMPYjBdSpNHTQY7A7N6s2j4FFP3jzowcPOIijizYNXJ8hUPOhuA4dPkpc0L03SdUI7i5/PIXz3/X2/+f3e8mheX5tfX12O9UszcfnWrZsxO1uK8vK55bhdioVIYuBajKtMyAEAx8PtLIs/stwBW0qHvCQA4JD13v9fP1XIvPvVfvWZd38AOPb63//P7VczO23gyqEsCQA4ZGP3/x8ZGa6M/qi/XPitAADguHrhpZefXalFPJ+msxEbFx+NqMczw/GVy/FmNGMtzsR83InILxS6D6Xe4/kLtdUzaZp24ueFqHc72vWIjU67nl8prCS9/mqcjflY6Pf3rzayLEvOf15bPZv2RMS1Trve6y+16zNxsj//DydjLZYijf+P9UdcqK0upf0nqG8M+jsRO8P7Ft31L8Z8fPdaXIlmXIpu7+Cypra6fTZNz2W1kf52vdqry029AwIAAAAAAAAAAAAAAAAAAAAAAP/IYrprYXf/m2y4f8/i4oTx3v44eX9/f6CdfH+grJpFlv3+zhP195IY2R9o7/487Xo5TtzfQwcAAAAAAAAAAAAAAAAAAIB/jdZWJRrN5tpma+vqejHobLa2TkREN/PWN59+ORfjNXcJyv05CkNpP3V1vZElg+IsGanpB0l38kHmk+u7Ky7WVHePYuIyqtOHms1TD//04TDzUDJ45r+GNUlMPsBkzzKKwcb/8iXdy3/UbrB0l5obWZZNa99+ZbwrShHle3/h9g+ybvD1zTceeLJ1+qle5oss99jj8xdvfPDxr+uNZnfm6L2Clc3WnWy90f/35JNtepAUzp9S5EGpeCaU92vfGc00ku9/e/HB97892OxZMfP2hJokP5zP9g5V8qC7zD1Dc5Pmmplw8h9CcPqj5cb17R9/mV5THTlpC18kbNQBAAAAAAAAAAAAAAAAAABHovBZ8Yi5GH7Yd2a/rqefO5rVAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDRGP79/0KwM5Y5SPBnJ8aHqmubrYjK/T5MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+4/4OAAD//x2CbEo=") r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'team_slave_0\x00'}) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_read_part_table(0x5da, &(0x7f0000000600)="$eJzs071rJGUYAPBn5lzGU+IucniFzcJteSrE4ix2wSPsLdu44TjlGsFOrjiLE4srQsLdFVbR/AOGfNikCZZCwEYSISSwaQxBLEIaGyEhTaqR3RlMCBZCEk2O3694P5+ZZ16ed4IrLY2fylGeRUQWI+U0O47Jfps6tVIZttfj46X2vW59/O79BxFJ/Pn7yGfJtSIiGTTlOH6N+GHQ1yJ65Vu62Wh/bn3sYKm2cWtrrbGQlq9fSSMG2R7vLlaHC5/PXNzhufKWB9fmxZPO9NPWo+3OxN778VqxcWe+OfnJzebDtJiuFP2P556/tVp9fiJ/o5/GZt7bH9z14ico5OedmEvhdP1nbzzbeXb0URJfvXf7zZ2fJ78t78Bh8n9/KQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8LJbvh7VePGkM/209ejLryM+XXin/fY37S9m7sw3J7ObzYdpEbeSHj/zR/Xv4Stnzt9arT4v8091JvYa/Q++38x7+9+NvFtZ6x+N/lLG3U7OmonLqKx/DOq/3ZnYm73xakRUhnv5iZofJhFvnX749Tz7Tz8WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgS2ve69fG79x9EJMP5WFqrDPo8K/aTsq2U8b1yvZuN9ufWxw6Wahu3ttYaC+NZ1Nv1iDyNmIqIx7uL1YgP/ynltaJ746KPxr/wVwAAAP//C0l24A==") sched_setscheduler(0x0, 0x3, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x153042, 0x80) sendfile(r5, r5, 0x0, 0x7a680000) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000040)) sendmsg$TEAM_CMD_OPTIONS_SET(r3, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f0000000080)={[{@i_version}, {@nogrpid}, {@bh}]}, 0x1, 0x51d, &(0x7f0000000200)="$eJzs3c9vHFcdAPDvTLK2k7h1WnoABG1oCwFFWceb1qp6gHJCCFVC9AhSauyNZXnXa3nXpTaRcM9ckajECY78AZx74s4FwY1LOSDxwwLVSBwGzezY2di79uaHvZb385FG89688X7fizPvzbxd7wtgbN2IiJ2ImIiI9yNipjyelFu8093y8z7bfbC4t/tgMYkse++fSVGeH4uen8ldK19zKiJ+8J2IHydH47a3tlcXGo36Rpmf7TTXZ9tb27dXmgvL9eX6Wq02Pzd/5627b9YeozVTx5a+0pwoU1/+9A873/hpXq3p8khvO56lbtMrB3FylyPie6cRbAQule2ZGHVFeCJpRLwYEa8W1/9MXCp+mwDARZZlM5HN9OYBgIsuLebAkrRazgVMR5pWq905vJfiatpotTu37rc215a6c2XXo5LeX2nU75RzhdejkuT5uSL9MF87lL8bES9ExC8mrxT56mKrsTTKGx8AGGPXDo3//5nsjv8AwAV3/MdmAICLyPgPAOPH+A8A48f4DwDjpzv+X3ncH8uy7GenUR0A4Ax4/geA8WP8B4Cx8v133823bK/8/uulD7Y2V1sf3F6qt1erzc3F6mJrY7263GotF9/Z0zzp9Rqt1vrcG7H54fVvrrc7s+2t7XvN1uZa517xvd736pXirJ0zaBkAMMgLr3zy5yQfkd++UmzRs5ZDZaQ1A05bOuoKACNzadQVAEbGal8wvh4+4z/2hwBMD8AF0WeJ3kdM9fsDoSzLstOrEnDKbn7B/D+Mq575f58ChjFz0vx/sTawNwnhQjL/D+Mry5Jh1/yPYU8EAM63Y+b4r5/lfQgwOgPe/3+x3P+2fHPgR0uHz/j4NGsFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA59v++r/Vcpnf6UjTajXiuWIBoEpyf6VRvxMRz0fEnyYrk3l+bsR1BgCeVvq3pFz/6+bM69OPFL187SA5ERE/+dV7v/xwodPZ+GPERPKvyf3jnY/L47UTg02dRgsAgOPtj9PFvudB/rPdB4v721nW5+/f7t4V5HH3didi7yD+5bhc7KeiEhFX/52U+a6kZ+7iaex8FBGf79f+JKaLOZDuLcvh+Hns5840fvpI/LRcoDkt/y0+9wzqAuPmk7z/eaff9ZfGjWLf//qfKnqop1f2f/lLLe4VfeDD+Pv936UB/d+NYWO88fvvdlNXjpZ9FPHFyxH7sfd6+p/9+MmA+K8PGf8vX3r51UFl2a8jbkb/+L2xZjvN9dn21vbtlebCcn25vlarzc/N33nr7pu12WKOenbwaPCPt289P6gsb//VAfGnTmj/V4ds/2/+9/4Pv3JM/K+/1i9+Gi8dEz8fE782ZPyFq78b+Nydx1862v5kmN//rSHjf/rX7SPLhgMAo9Pe2l5daDTqGxIS5z+R/5c9B9Xom/jWWcWaiP5FP3+te00fKsqyJ4o1qMd4FrNuwHlwcNFHxH9HXRkAAAAAAAAAAAAAAKCvs/iLpVG3EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIvr/wEAAP//Rb3T2A==") openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0x148) 3.829918376s ago: executing program 7 (id=1914): bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xfffffff9) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/246, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400005}, 0x94) 3.727211929s ago: executing program 4 (id=1916): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400"], 0x48) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0xe, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000f0cd00000000000004000000850000000500000095"], &(0x7f0000000000)='GPL\x00'}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000001780)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20) sendmsg$unix(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="b3", 0x1}], 0x1, &(0x7f0000000640)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18, 0x20048000}, 0x4000080) 3.454512177s ago: executing program 4 (id=1921): bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x6, 0x4, 0x8000, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe}, 0x48) 3.34145223s ago: executing program 5 (id=1923): socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x80000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffbfffb702000008000000b703000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x22, 0x0, &(0x7f0000000140)="e02742e8680d01000010762f080070e9b38c62d9bdcea91a062aacc07f624e9ccbdf", 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x404000) ioctl$VT_RESIZE(r1, 0x5609, &(0x7f0000000080)={0x7, 0x4, 0x2}) r2 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001080)=ANY=[@ANYBLOB="380000000314010002070000000000000900020073797a25000000000800410072786500140033"], 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x118) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220) openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r3, r3) setpgid(0x0, r3) lsetxattr$security_capability(&(0x7f0000000100)='./file0\x00', &(0x7f0000000500), 0x0, 0x0, 0x3) 3.123593587s ago: executing program 7 (id=1925): r0 = socket(0xa, 0x3, 0x3a) recvmmsg(r0, &(0x7f00000091c0)=[{{0x0, 0x0, 0x0}, 0x10}], 0x2f, 0x2, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@random="d9ea693249ca", @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, "fbddf0", 0x8, 0x3a, 0xff, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, {[], @echo_reply={0x81, 0x0, 0x0, 0x2, 0x4}}}}}}, 0x0) 2.932641802s ago: executing program 4 (id=1926): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x1000804, &(0x7f0000000100), 0x1, 0x4bf, &(0x7f0000000540)="$eJzs3c9vG1kdAPDvTJImm81usrASPwRsWRYKqtZO3N1otaflAkKrlRArThzakLhRFDuOYqc0oYf0f0CiEif4EzggcUDqiTs3uCGkckAqUIEaJA5GM56kaWqnEU08Vfz5SE8zb57t73tt573pt41fACPrckTsRcSliLgREbPF9aQo8VGvZK97/OjO8v6jO8tJdLuf/iPJ27NrceQ9mVeLz5yKiB98N+LHybNx2zu760uNRn2rqFc7zc1qe2f3L2vNpdX6an2jVltcWJz/4Nr7tTMb61vNXz/8ztrHP/zdb7/84A973/pp1q2Zou3oOM5Sb+gTh3Ey4xHx8XkEK8FYMZ5LZXeE/0saEZ+JiLez+79bdm8AgGHodmejO3u0DgBcdGmeA0vSSpELmIk0rVR6Obw3YzpttNqdqzdb2xsrvVzZXEykN9ca9fkiVzgXE0lWX8jPn9Rrx+rXIuKNiPjZ5Ct5vbLcaqyU+eADACPs1WPr/78ne+s/AHDBTZXdAQBg6Kz/ADB6rP8AMHqs/wAweqz/ADB6rP8AMHqs/wAwUr7/ySdZ6e4X33+9cmtne711692Venu90txeriy3tjYrq63Wav6dPc3nfV6j1dpceC+2b1c79Xan2t7Zvd5sbW90ruff6329PjGUUQEAJ3njrft/SiJi78NX8hJH9nKwVsPFlpbdAaA0Y2V3ACjNeNkdAErj7/hAny16nzLwvwjdG/gWUwu85K58Qf4fRpX8P4wu+X8YXfL/MLq63cSe/wAwYuT4gXP4938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC48GbykqSVYi/wmUjTSiXitYiYi4nk5lqjPh8Rr0fEHycnJrP6QtmdBgBeUPq3pNj/68rsOzPHWy8l/5nMjxHxk198+vPbS53O1kJ2/Z+H1zv3iuu1EwPZahAASnKwTh+s4wceP7qzfFCG2Z+H3+5tLprF3S9Kr2U8xvPjVP7gMP2vpKj3ZM8rY2cQf+9uRHy+3/iTPDcyV+x8ejx+Fvu1ocZPn4qf5m29Y/Zr8dkz6AuMmvvZ/PNRv/svjcv5sf/9P5XPUC/uYP7bf2b+Sw/nv7EB89/l08Z47/ffG9h2N+KL4/3iJ4fxkwHx3zll/D9/6StvD2rr/jLiSvSPfzRWtdPcrLZ3dt9day6t1lfrG7Xa4sLi/AfX3q9V8xx19SBT/ay/f3j19ZPGPz0g/tRzxv/1U47/V/+98aOvnhD/m1/r//v/5gnxszXxG6eMvzT9m4Hbd2fxV/qPv3jP4PFfPWX8B3/dXTnlSwGAIWjv7K4vNRr1LSdDO8me3V6Cbjgp7ST7E3AWn/O5c+xq2TMTcN6e3PRl9wQAAAAAAAAAAAAAABhkGD/wVPYYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+FwAA//+vctdr") openat(0xffffffffffffff9c, 0x0, 0x0, 0x10) r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) read$FUSE(r2, &(0x7f0000000480)={0x2020}, 0x2020) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000240)='./file0\x00', 0x220408a, &(0x7f0000000340)=ANY=[@ANYBLOB="756e695f786c6174653d312c6e6f6e756d7461696c3d302c756e695f786c6174653d312c696f636861727365743d6b6f69382d752c636f6465706167653d3933322c696f636861727365743d6575632d6a702c747a3d5554432c73686f72746e616d653d6d697865642c726f6469722c73686f72746e616d653d6c6f7765722c757466383d312c756e695f786c6174653d312c6e66732c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e39352c00416786a537fd"], 0x1, 0x376, &(0x7f00000007c0)="$eJzs3U1oHOUbAPBnO0k2Ke0/e/hD0dPqTZDSRDzoKaFUKOaglaV+XFxs6kd2LWRxIYLZ7EUpngQvgj1560GPPYsHEW8evFpBquLFgodCgyOzO/u96Qe4seLvdyhP3+d59n1ndsjMhuTNq63YujAfF2/evBGLi4WYWzu9FrcKUYojkUTXXkz14cL0cQDgAXcrTeP3tOuuxUtxtBe69wPAv1fn/v/68cFA8Y7laTL8v8vHZrYuAGB27vHz/3NTRy/NbFkAwAxN3P8fHUmPfZt/LkY+/8fS7BcIAPztXnjp5WfXNyLOlcuLEfUPmpVmJZ4e5NcvxptRi804FcuxH9F9UOg+LWT/PnN248ypcubnUlSyjmYlot5qVrpPCutJp78YK7Ecpbw/7fcnWf9Kp78cEXutzvxRLzQr850fNsjm/+FobMZqLMf/J/ojzm6cWS3nL1Cp9/pbEe1Y7B1Etv6TsRzfvRaXohYXIusdrH93pVw+nW6M9DevFjt1AAAAAAAAAAAAAAAAAAAAAAAwCyfLfaU4lu9/k9ZbzffPjReURvbHqXTT+f5A7e7+QGmxmO/OczkZ3x9odH+eZmUujvyjRw4AAAAAAAAAAAAAAAAAAAAPjsbOQlRrtc3txs67W8NBa2jk7W8+/2opeqm5vPWtZNAV+eDI6/QKh145if4Uab89TUZq8iCJ6BXvVa9e6694uKbYP4qJ9iwoTqQK+ZqqtdrxR376dFrXn1mw1xlJYuK0jAaFfP6hVP1/2cBiROwf1HVwsHqXmutpmmbBfD7vcM3uJ+Nd+VYMrftexnhQ2JtIfX3jjYeeaJx4sjPyZT7TY48vn7/+8We/blVr0e6tcGG7sZ/eeYq0FbEThYjJVDJ0/RTy81yYciVMD9qDkfZ2Y6eafP/biw9/9O1YcTL9+kmHR96ZOsV7V/44X/tiPLXQDQoRpcm3aTKYn3LxTw9eud2/eu//rTxxZa16bffHX6bVZGd0vGvoi4SNOgAAAAAAAAAAAAAAAAAA4FAMful3LJGmaevArqeen/nCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAQDf7+/1DQnhi5l+B2KyZTxc3txoGTLx3qoQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8B/2VwAAAP//rnh3Vw==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r3 = getpid() sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='cpuacct.usage_all\x00', 0x275a, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r6, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000001c0)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) bind$can_j1939(r1, &(0x7f0000000080)={0x1d, r6, 0x1, {0x2, 0xff, 0x2}, 0xff}, 0x18) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x63, &(0x7f0000000240)={&(0x7f0000000000)=@newtfilter={0x24, 0x11, 0x1, 0x70bd26, 0x25dfdbfc, {0x0, 0x0, 0x74, r6, {0xb, 0xf}, {0xfff1, 0x9}, {0x2, 0xb}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x20000050) 2.438699617s ago: executing program 7 (id=1927): syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @link_local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x24, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x0, 0x66, 0x0, 0x0, 0x29, 0x0, @private, @dev={0xac, 0x14, 0x14, 0x44}}, "200022ebffff0000"}}}}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r0) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000440)={0x34, r1, 0x1, 0x170bc2c, 0x25dfdbfe, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}]}, @ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x82}, 0x40040) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da07000000000001090224000100000000090400000903000000092100000001222200090581030800000000"], 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00222200000096231306e53f070c0000002a9010070900be0083000000000b09007a150b5d8c3dda"], 0x0}, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x2d00) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r3, 0xc058534b, &(0x7f00000000c0)={0x4, 0x751a, 0xb4, 0x8, 0x7f, 0x604}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_GET(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000004c0)={0x3c, r6, 0x1, 0xfffffffd, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0) sendmsg$DEVLINK_CMD_TRAP_GET(r4, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0xfc, r6, 0x100, 0x70bd2a, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}]}, 0xfc}, 0x1, 0x0, 0x0, 0x1}, 0x10) syz_usb_ep_write(r2, 0x81, 0x7, &(0x7f0000000000)='BBBBBBB') prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, &(0x7f0000000140)='[\x00') syz_usb_ep_write(r2, 0x81, 0x7, &(0x7f0000000000)='BBBBBBB') 1.65808229s ago: executing program 5 (id=1929): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f0000000400000004000000"], 0x48) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0xe, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000f0cd00000000000004000000850000000500000095"], &(0x7f0000000000)='GPL\x00'}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000001780)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20) sendmsg$unix(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="b3", 0x1}], 0x1, &(0x7f0000000640)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18, 0x20048000}, 0x4000080) 1.302650511s ago: executing program 1 (id=1930): openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat(0xffffffffffffff9c, 0x0, 0x40, 0x1) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[]) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x3}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000140)={0x800042, 0xf8, 0x1}, 0x10) r2 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2) ioctl$FE_SET_PROPERTY(r2, 0x40106f52, &(0x7f0000000000)={0x3, 0x0}) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_NODES(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r4, 0x1, 0x4, 0x0, {{}, {0x0, 0x6}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4081}, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000010400)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r6 = accept4(r5, 0x0, 0x0, 0x80800) sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000640)=""/88, 0x58}, {&(0x7f0000000740)=""/105, 0xfffffe0b}], 0x2}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001340)=@delqdisc={0x24, 0x25, 0x400, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x9, 0xa}, {0xe, 0x4}, {0x3, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x40080c1}, 0x0) 1.301995171s ago: executing program 5 (id=1931): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000001a00)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc) 750.228437ms ago: executing program 4 (id=1932): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xc4) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) ioctl$FUSE_DEV_IOC_CLONE(0xffffffffffffffff, 0x8004e500, &(0x7f00000002c0)=r0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r1, 0xffffffffffffffff, 0x0) 652.75042ms ago: executing program 1 (id=1933): bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xfffffff9) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/246, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400005}, 0x94) 507.214444ms ago: executing program 5 (id=1934): openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f00007af000/0x3000)=nil, &(0x7f00007fd000/0x800000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000a4a000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 490.942405ms ago: executing program 4 (id=1935): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xd53}) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_SET_LAPIC(r0, 0x4400ae8f, &(0x7f0000000a40)={"4379000ff315b56e69b9cc76d26049a58f978005e5f638e5fc6ec3977b5c47741a7099d4f35fddc39c8ac5fe533787fc695ce403ab8c62006a5056b9048342205aced415af9c406f3ee6afec0207ddee7789c8e2528b65d364252b031463cbdd47a503ed595e3ace934a1788861da1435d9aa65e69473370beaa0935bce861262537b4c43432a36bf5b26ca2803a62fe12fce180bb8e5ecded498ae20424f25fe62d0c3f5a9ecacf8c10cc7a2c2b3b49a6f516afab5c7c0a3650f54247d469e2d03aa63324a6a24dfaf28e5b1c2ed96c6b416ce7217a93607217f12ec93bf7dbb6970e5dbc8547505005b4b7f6573f04666c65ec547fd341df8f332e6e0ad541a01ec2e500b3eb59cc9355d8ab86c79684b98ffddb148d23a735ece3a39d3504bd8d6a4f8151e80fd5136a36448648a9922e24928a32f4e7b03b22cfa5012ddb75e6268f9290ad5b92355853c0f6d23f19f78cd50726eac9fd00ba228ab29bc70b5db01fe95576852be74b4b5e05530d25911f879e64f9b2beb506e033ec95bad8f4e1622dc1bebcbaed52678d9a6d1c7a2538f0427c195a41c399905b365a73dd467a44a10a27828385fda3a63bb3ea5be911823a0b0ac4ad9fa00fb27a63c065ddd11cd812e087b48578e7709a59beee3f2833a69f9b5dfd12ef9d0db04ff59983631fde7be6a43c6245befb1c48c7d2c2d0b7fed41654f4925b362a60f37bc3b9af4fb310178423f779a9722cacc0f181232ced0a1f1e8ca7f57eaa2af565337bf2e518e668383ee3ba3ba9f2557947bf91ea1e0614afea0577297885726eb5513a981a22dece85e6ff55c37fd320e340fe9ab1447ad2f06f3ba78b788915b91a067feabc955482c9768c82d4582a5f8b639615223a73f3ef7fc7a7a67a6d7dbf6513e67c27963c83b35918bbe8fe17bdf78def8fc1290d10a756ead0bbc8ea4f3ae88c83eb5840f1b09b973925d2fca629ccd006de8ca8ae8812077218fb8f5fd76ae174da9e0fc427272d54bdc15b0c3c3b640b829f32bdbb35d0d2c17ff5a3045c66490b900f6ab56fd870af61f17b041fae3d48d4edc64449e2ee7b2ef4de012a55c8a4a264c00c876265a99971d9695aac2f1a4dd41939c07ddb0f7dfb97b548d38f5719101a0312ad849660a6a0631460ab46db502f118377a1ce0c11551d4d6f655665b49ebd6e81b88ad9da1a3e8e17ee64bd5eb8146d5f99c0743ea526ff4e9c9d47664548e62e520f0ece4917e29478df3c8a6ead1a2ab7d815b8cadae4e7fe3110875e25c34df04f0d9ba252ef45db63d8d15e53585b45965de43d4c8a1d9ceb545f6564684dbd0fd4bf7624410f764ce858fa133a4e33013130adc51222478b0a73f3f9e7175a803e8caee675ceda26995315a55b13c20e96b63c6f69fc22c73d8c852549cf3dee3ba42e9346d880a34c54a9fa11a632e38c"}) ioctl$KVM_GET_LAPIC(r0, 0x8400ae8e, &(0x7f0000000340)) 478.226915ms ago: executing program 1 (id=1936): bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@map, 0xffffffffffffffff, 0x26}, 0x10) 379.209718ms ago: executing program 5 (id=1937): bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x6, 0x4, 0x8000, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe}, 0x48) 313.39709ms ago: executing program 1 (id=1938): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x5b) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f00000007c0)=[{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000003c0)="96e6e14d06cd2cd1dc6969313336a9017d", 0x11}, {&(0x7f0000000400)="499b7fee4035c5b8beb1f70453870f0783c185665f5661dc54c5a1a1ad65e127a6", 0x21}], 0x2, 0x0, 0x0, 0x40088c0}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) 308.31588ms ago: executing program 4 (id=1939): r0 = creat(0x0, 0x100) setsockopt$packet_buf(r0, 0x107, 0x16, &(0x7f0000000680)="e028ee951be0a65494c1a5c852b3c1fd73f4745ec53f25a0f8d6513adb81a43aa175b155f82d3654bb62fccce0999b5e00da4d42caf4356320d8db2df4b405fa5222334aeceb61944b3419d38287904c98ab6b44a46ae9fe7a7beaa4c6d710daca8f87c1ed957f5477f2d0d1c144dd0fa2d5f2d12ad646d35d2a1c9c47fa618731c2ec1a7a23d2d42717991ee69c1aee40afea486c777f0e16eb463e99c4204b7e0fb45376a0d9e3aca6231f8060047285347d8890f16f5a5bc52f9f51d1991f28bd6c9c2b8d82a7ba2a8e25f2921193c0df08478cabf75e3fc703d342eb927ff802c87a270fee814b998e9e5998b1edc54ebb72d5a8da2ceeae695cd3806a35fee42ae2e0b4f49a7ff9b0ac2281870692157b416c7e49765c8b3c7d602a5d61f2dec9303f9326579ba00c9ddff97773a736f7d39db35fc3fee09b5f4c92102ea29e293d90a75e04fc18e5456fe311a0507008dda01df7e86053489a5c03ae1948f5543efa246aec6b37e53906402b6362e6e61a63755773ca3a85d5cab1912ba245e676938a3c0da33d562818805a0da744da75dff530b42315718c4a5d11ff5a4fe9969819075e90fd3e0de8f479357dd1c09bd8cd117c808ede21bac0c2608f26a60882c6f6be07fe003dbc0544193e1fbce219f668dc45ad156743a626e07b55363883e1d3dd0b806cbed96b63df32dd5342f23ea6f4079bf1dc3eac95d8c6168fd969b54f45386974a35301ced7e1b0989fe41b923b60f82bbe1712474abcdb1f9430e33e0b4ab60b35e8eedb0b865d2c68b1456275da8d48954a16d997d04c9e2f426c10160e17c2ef9dd2967b18ca06de5453f89f3dc9b09b614bfaf1c93f0523be46718ba9051c9b4d1d00210ebc54197d20c463c2bd72c0baaa7acdd8143cdf479ac913d6c607656e65109105f087b06ac8ed5ce57f6a4bdd1d7bad30db8ec76141897ce93ce9f313dbaaa9abc6938d00821882d97aa205e5f9cf43c50593ae315722896f505fa06697cf653682f8d1dfc99954e8239b48381d8d76db2a3a3706ecca90f3deccfb035e94668f659ea3b003efe9c852be0682f9b6e2eee631cae3cb22539a2abb723d431f1a0d439f20cad80faa0a6809c575ed21f6944e4cc42c66c24d65ef1d1e5128a50729c422ac4028417ed24d894e217b6dd30e4ed85478a0c7ad0e682ca12efb039ee58bbe73d71d98ffc4777396700707955f42ace69248ee7798ed76d21de8528d06458072a208bdce16e6827cc6ab7ff200d7ec93ada3786003cf5a51b9321e2203d0e7d993a75dc7f3712653f77f94b2302f2d1858c8cde974cbc4da2feebecc1e38b92fe4582ae9d032d745f6c2f4f29fff048eb16a6e83b9beb3a945115c3129ac1ff72389caecc4f4262952f7c272aa1cf88b5b1bd63c913f4bb3c9932a34bab69f192c37a0eda6646b1759145defb579fb37bdb8627fe7075fa7fafc2f34b4af820a98f548a2e1794c763200a4ae41b44c21e6c09616a90ba6c5cbba065f16513066ba954207fa7b5661c47709205d60fda68d13054cfe3f0c62ba845aa0b16190ca931e94ce4900446b4ec3d4c9b5756427282762d169391bc7973edee945f8e1910125834f70c3ab8de464330e6826d9b155e1130784221b6b6aa1b705502d409ed90f1952ee4c65a56893caee6ea2ff2a45a3be6bdfb660c3268efaac7d360d826b51680ab32467252629df870b245c787656e3d3efeccd2463f7e403aff31982af76ce31402b7e6e53c0de3546658b6791ed9ca1b3cc59948f6289c86232cd63544978bcbbfb8a28d144405a10497e005bb5b3892a8f577ef204be09b54907fcb9d53a3bfa890d44a0ca3ff439475db461ba7fb7f2401ab30d0265da3039852bea80157f3a4453dee25830e18a50883752842536e6c7775abf58de9986fb03adaa7dfdce9ebc458e5c70674887e32c7396b5722ff9057282ae6edee20d54952f0038d26d3a72ff90b5b835733792bd0ef8c472e93e8de2fdb58a6c5cd38bd219d9965fe6540e713de6d875c5542881b83ea0bd28bb1aee93a06b31af7a2d16d747dea383e2534cd1ca2e235aee2a1ca0ca5ac800f729f7840e78b7e6cc8c96ff803324faba716993d0e2eae4da9b86c72627d7d2009b7d38a171e2e2052d3f1e0fefb59012d91f50142314b9f7904b252c2133ed8780d5b91690105f93ca796259859f84bb01d54e41e7f75d09b9d7b8672858f4f9ae325255fcfc68a0593f813d2ca643ac186a6caad07410f729c5e147c1bca6be86f81c720d8deb982a6ab46ef372cb9a51ded06e1d4894128132c0650cfde4d5fe63408a8ba51bf709edc468df5753a9467ba582521c209759767cf0974f7c78e037ca4abb184bc468f877a33acc6d6495efa674bfabcabcd032602ddfe35d2560702bc141782726e4f314d7d36f0728ff853c577535e725df553fffaab00cbcfd1be40fa9176953d0bb1ec54ea939c4a3b6dce94187200ca63debe0933ba91cd6ddd43487e73a111a395fd63f79c51e6540e5cb6b605184045785c2cd5b9546739c45de0fcf91ef0412b676942ce612ef", 0x71a) socket$kcm(0x11, 0x3, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100003f7a7e40720c12009622010203010902120001000000000904"], 0x0) 129.131326ms ago: executing program 1 (id=1940): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f0000000400000004000000"], 0x48) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0xe, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000f0cd00000000000004000000850000000500000095"], &(0x7f0000000000)='GPL\x00'}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000001780)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20) sendmsg$unix(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000000c0)="b3", 0x1}], 0x1, &(0x7f0000000640)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18, 0x20048000}, 0x4000080) 90.550906ms ago: executing program 5 (id=1941): openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat(0xffffffffffffff9c, 0x0, 0x40, 0x1) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[]) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x3}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000140)={0x800042, 0xf8, 0x1}, 0x10) r2 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2) ioctl$FE_SET_PROPERTY(r2, 0x40106f52, &(0x7f0000000000)={0x3, 0x0}) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_NODES(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r4, 0x1, 0x4, 0x0, {{}, {0x0, 0x6}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4081}, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000010400)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r6 = accept4(r5, 0x0, 0x0, 0x80800) sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000640)=""/88, 0x58}, {&(0x7f0000000740)=""/105, 0xfffffe0b}], 0x2}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001340)=@delqdisc={0x24, 0x25, 0x400, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x9, 0xa}, {0xe, 0x4}, {0x3, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x40080c1}, 0x0) 0s ago: executing program 1 (id=1942): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000001a00)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc) kernel console output (not intermixed with test programs): _hcd [ 231.705539][ T2131] glorious 0003:22D4:1503.0004: unknown main item tag 0x0 [ 231.708005][ T5814] usb 3-1: SerialNumber: syz [ 231.713192][ T2131] glorious 0003:22D4:1503.0004: unknown main item tag 0x0 [ 231.765754][ T2131] glorious 0003:22D4:1503.0004: unknown main item tag 0x0 [ 231.788144][ T2131] glorious 0003:22D4:1503.0004: unknown main item tag 0x0 [ 231.795388][ T2131] glorious 0003:22D4:1503.0004: unknown main item tag 0x0 [ 231.813151][ T2131] glorious 0003:22D4:1503.0004: unknown main item tag 0x0 [ 231.821927][ T2131] glorious 0003:22D4:1503.0004: unknown main item tag 0x0 [ 231.835351][ T2131] glorious 0003:22D4:1503.0004: unknown main item tag 0x0 [ 231.844776][ T2131] glorious 0003:22D4:1503.0004: unknown main item tag 0x0 [ 231.897237][ T2131] glorious 0003:22D4:1503.0004: hidraw0: USB HID vff.7f Device [Glorious Model I] on usb-dummy_hcd.1-1/input0 [ 231.918667][ T5837] usb 4-1: Using ep0 maxpacket: 16 [ 231.936369][ T5837] usb 4-1: config index 0 descriptor too short (expected 65, got 36) [ 231.938303][ T2131] usb 2-1: USB disconnect, device number 9 [ 231.956287][ T5837] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 231.989999][ T5837] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 231.990357][ T5814] usb 3-1: 0:1 : does not exist [ 232.018166][ T5837] usb 4-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 232.030440][ T5837] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.060331][ T5837] usb 4-1: config 0 descriptor?? [ 232.067648][ T7430] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 232.106965][ T5837] pxrc 4-1:0.0: Could not find endpoint [ 232.137130][ T5837] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 232.154192][ T7437] fido_id[7437]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 232.300360][ T5817] usb 4-1: USB disconnect, device number 9 [ 232.338304][ T5814] usb 3-1: USB disconnect, device number 10 [ 232.409022][ T2131] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 232.608772][ T2131] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 232.627321][ T2131] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.669136][ T2131] usb 2-1: Product: syz [ 232.698777][ T2131] usb 2-1: Manufacturer: syz [ 232.708331][ T2131] usb 2-1: SerialNumber: syz [ 232.727422][ T2131] usb 2-1: config 0 descriptor?? [ 232.965109][ T2131] usb 2-1: USB disconnect, device number 10 [ 234.068886][ T7469] EXT4-fs (nullb0): VFS: Can't find ext4 filesystem [ 235.181961][ T7475] netlink: 48 bytes leftover after parsing attributes in process `syz.2.573'. [ 235.208310][ T7477] netlink: 148 bytes leftover after parsing attributes in process `syz.1.574'. [ 235.358776][ T7477] netlink: 148 bytes leftover after parsing attributes in process `syz.1.574'. [ 235.637900][ T7487] 9pnet: p9_errstr2errno: server reported unknown error ˝p [ 235.927919][ T2131] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 236.940052][ T2131] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 236.959712][ T2131] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 236.971328][ T2131] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 236.983388][ T2131] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 237.002127][ T2131] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 237.011562][ T2131] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.041408][ T2131] usb 4-1: Product: syz [ 237.045691][ T2131] usb 4-1: Manufacturer: syz [ 237.050756][ T2131] usb 4-1: SerialNumber: syz [ 237.076243][ T2131] cdc_mbim 4-1:1.0: skipping garbage [ 237.282247][ T7490] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 237.976297][ T7490] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 238.264369][ T2131] cdc_mbim 4-1:1.0: bind() failure [ 238.288694][ T2131] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 238.306229][ T2131] cdc_ncm 4-1:1.1: bind() failure [ 238.469211][ T2131] libceph: connect (1)[c::]:6789 error -101 [ 238.473636][ T5818] usb 4-1: USB disconnect, device number 10 [ 238.483098][ T7513] autofs4:pid:7513:autofs_fill_super: called with bogus options [ 238.527761][ T5837] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 238.530175][ T2131] libceph: mon0 (1)[c::]:6789 connect error [ 238.759160][ T5837] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 238.771926][ T5837] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 238.790136][ T5837] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 238.803983][ T5837] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 238.815557][ T5837] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.830028][ T2131] libceph: connect (1)[c::]:6789 error -101 [ 238.835505][ T5837] usb 2-1: config 0 descriptor?? [ 238.842472][ T2131] libceph: mon0 (1)[c::]:6789 connect error [ 238.992916][ T1101] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.097417][ T1101] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.165014][ T1101] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.229498][ T7510] ceph: No mds server is up or the cluster is laggy [ 239.259707][ T1101] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.269838][ T5837] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 239.323607][ T5837] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 239.494168][ T5837] usb 2-1: USB disconnect, device number 11 [ 241.577564][ T5814] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 243.227924][ T5814] usb 2-1: Using ep0 maxpacket: 16 [ 243.251258][ T5814] usb 2-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 243.307612][ T5814] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 243.348182][ T5814] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 243.365246][ T5814] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.389409][ T7561] overlay: Unknown parameter 'smackfsroot' [ 243.427624][ T5814] usb 2-1: Product: syz [ 243.431857][ T5814] usb 2-1: Manufacturer: syz [ 243.436501][ T5814] usb 2-1: SerialNumber: syz [ 243.709774][ T5814] usb 2-1: 0:2 : does not exist [ 243.714781][ T5814] usb 2-1: unit 9 not found! [ 243.774803][ T5814] usb 2-1: 4:0: cannot get min/max values for control 1 (id 4) [ 243.827459][ T5814] usb 2-1: 4:0: cannot get min/max values for control 2 (id 4) [ 243.870134][ T5814] usb 2-1: 4:0: cannot get min/max values for control 3 (id 4) [ 243.924165][ T5814] usb 2-1: 4:0: cannot get min/max values for control 4 (id 4) [ 243.951205][ T5814] usb 2-1: 4:0: cannot get min/max values for control 5 (id 4) [ 243.988364][ T5814] usb 2-1: 4:0: cannot get min/max values for control 6 (id 4) [ 244.071657][ T5814] usb 2-1: USB disconnect, device number 12 [ 244.166057][ T6615] udevd[6615]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 246.005203][ T7588] netlink: 136 bytes leftover after parsing attributes in process `syz.2.603'. [ 246.335366][ T7609] trusted_key: encrypted_key: insufficient parameters specified [ 246.418042][ T7603] syz_tun: entered allmulticast mode [ 246.482597][ T7603] syz_tun: left allmulticast mode [ 247.045364][ T7629] netlink: 5268 bytes leftover after parsing attributes in process `syz.2.615'. [ 247.084026][ T1101] hsr_slave_0: left promiscuous mode [ 247.097028][ T7628] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 247.110335][ T1101] hsr_slave_1: left promiscuous mode [ 247.128455][ T1101] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 247.165276][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 247.195714][ T1101] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 247.228902][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 247.278205][ T1101] bridge_slave_1: left allmulticast mode [ 247.285089][ T1101] bridge_slave_1: left promiscuous mode [ 247.309593][ T1101] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.345093][ T1101] bridge_slave_0: left allmulticast mode [ 247.358544][ T1101] bridge_slave_0: left promiscuous mode [ 247.367379][ T1101] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.417249][ T5814] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 247.539287][ T1101] veth1_macvtap: left promiscuous mode [ 247.557909][ T1101] veth0_macvtap: left promiscuous mode [ 247.576027][ T1101] veth1_vlan: left promiscuous mode [ 247.590968][ T1101] veth0_vlan: left promiscuous mode [ 247.637375][ T5814] usb 4-1: Using ep0 maxpacket: 8 [ 247.645805][ T5814] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 247.667220][ T5814] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 247.708157][ T5814] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 247.719247][ T7649] fuse: Bad value for 'fd' [ 247.737318][ T5814] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 247.767123][ T5814] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 247.812971][ T5814] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 247.832651][ T5814] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.141405][ T5814] usb 4-1: usb_control_msg returned -32 [ 248.171053][ T5814] usbtmc 4-1:16.0: can't read capabilities [ 248.624287][ T7635] usbtmc 4-1:16.0: usb_control_msg returned -71 [ 248.625451][ T5817] usb 4-1: USB disconnect, device number 11 [ 248.672783][ T7660] usbtmc 4-1:16.0: send_request_dev_dep_msg_in returned -19 [ 249.030750][ T5814] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 250.656996][ T5814] usb 5-1: Using ep0 maxpacket: 16 [ 250.686861][ T5814] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 250.805797][ T5814] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 250.820414][ T5814] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.837110][ T5814] usb 5-1: Product: syz [ 250.847064][ T5814] usb 5-1: Manufacturer: syz [ 250.851726][ T5814] usb 5-1: SerialNumber: syz [ 250.888421][ T5814] usb 5-1: config 0 descriptor?? [ 251.158281][ T5814] usb 5-1: USB disconnect, device number 3 [ 251.243308][ T1101] team0 (unregistering): Port device team_slave_1 removed [ 251.461653][ T1101] team0 (unregistering): Port device team_slave_0 removed [ 251.623999][ T1101] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 251.756027][ T1101] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 254.582063][ T1101] bond0 (unregistering): Released all slaves [ 254.876313][ T7713] netlink: 4 bytes leftover after parsing attributes in process `syz.4.645'. [ 256.115736][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.128602][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.030598][ T7773] netlink: 20 bytes leftover after parsing attributes in process `syz.4.663'. [ 259.431005][ T7795] overlayfs: missing 'lowerdir' [ 260.794200][ T7825] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=4015170203 (32121361624 ns) > initial count (30716351936 ns). Using initial count to start timer. [ 261.569576][ T7840] fuse: Bad value for 'fd' [ 261.887036][ T2131] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 262.188049][ T2131] usb 3-1: device descriptor read/64, error -71 [ 262.573026][ T2131] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 262.866524][ T2131] usb 3-1: device descriptor read/64, error -71 [ 263.046603][ T2131] usb usb3-port1: attempt power cycle [ 263.277255][ T7906] netlink: 28 bytes leftover after parsing attributes in process `syz.1.684'. [ 263.306430][ T5817] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 263.382714][ T5843] usb 5-1: new low-speed USB device number 4 using dummy_hcd [ 263.516533][ T2131] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 263.526682][ T5817] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 263.548979][ T2131] usb 3-1: device descriptor read/8, error -71 [ 263.559189][ T5817] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 263.592715][ T5817] usb 4-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 263.606866][ T5843] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 263.614533][ T5843] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 263.630377][ T5817] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.641279][ T5843] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 263.661457][ T5817] usb 4-1: config 0 descriptor?? [ 263.682204][ T5843] usb 5-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 263.702321][ T5843] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 263.719522][ T5843] usb 5-1: config 168 interface 0 has no altsetting 0 [ 263.730340][ T5843] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 263.740448][ T5843] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 263.754894][ T5843] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 263.771634][ T5843] usb 5-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 263.789520][ T5843] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 263.804458][ T5843] usb 5-1: config 168 interface 0 has no altsetting 0 [ 263.830721][ T5843] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 263.838589][ T5843] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 263.850855][ T2131] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 263.863793][ T5843] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 263.882229][ T5843] usb 5-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 263.894377][ T2131] usb 3-1: device descriptor read/8, error -71 [ 263.910584][ T5843] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 263.927860][ T5843] usb 5-1: config 168 interface 0 has no altsetting 0 [ 263.942669][ T5843] usb 5-1: string descriptor 0 read error: -22 [ 263.957717][ T5843] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 263.971904][ T5843] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.011495][ T5843] adutux 5-1:168.0: interrupt endpoints not found [ 264.026826][ T2131] usb usb3-port1: unable to enumerate USB device [ 264.107513][ T5817] playstation 0003:054C:0DF2.0007: unknown main item tag 0x0 [ 264.128391][ T5817] playstation 0003:054C:0DF2.0007: unknown main item tag 0x0 [ 264.140763][ T5817] playstation 0003:054C:0DF2.0007: unknown main item tag 0x0 [ 264.157346][ T5817] playstation 0003:054C:0DF2.0007: unknown main item tag 0x0 [ 264.166535][ T5817] playstation 0003:054C:0DF2.0007: unknown main item tag 0x0 [ 264.177721][ T5817] playstation 0003:054C:0DF2.0007: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.3-1/input0 [ 264.318933][ T7900] playstation 0003:054C:0DF2.0007: pid 7900 passed too short report [ 264.336330][ T5817] playstation 0003:054C:0DF2.0007: Failed to retrieve feature with reportID 9: -71 [ 264.366390][ T5817] playstation 0003:054C:0DF2.0007: Failed to retrieve DualSense pairing info: -71 [ 264.384555][ T5817] playstation 0003:054C:0DF2.0007: Failed to get MAC address from DualSense [ 264.397534][ T5817] playstation 0003:054C:0DF2.0007: Failed to create dualsense. [ 264.431836][ T5817] playstation: probe of 0003:054C:0DF2.0007 failed with error -71 [ 264.433069][ T5814] usb 5-1: USB disconnect, device number 4 [ 264.482198][ T5817] usb 4-1: USB disconnect, device number 12 [ 265.743783][ T5814] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 266.459882][ T5814] usb 5-1: device descriptor read/all, error -71 [ 267.166082][ T5818] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 267.248939][ T7983] netlink: 20 bytes leftover after parsing attributes in process `syz.1.702'. [ 267.378220][ T5818] usb 3-1: Using ep0 maxpacket: 32 [ 267.397911][ T5818] usb 3-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 268.361817][ T5818] usb 3-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 268.379597][ T5818] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.398727][ T5818] usb 3-1: Product: syz [ 268.402966][ T5818] usb 3-1: Manufacturer: syz [ 268.425935][ T5818] usb 3-1: SerialNumber: syz [ 268.472761][ T5818] usb 3-1: config 0 descriptor?? [ 268.573277][ T5818] usb 3-1: bad CDC descriptors [ 268.598873][ T5818] usb 3-1: unsupported MDLM descriptors [ 268.774294][ T5818] usb 3-1: USB disconnect, device number 15 [ 271.556475][ T2131] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 271.801125][ T2131] usb 4-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 271.936410][ T2131] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 272.206211][ T2131] usb 4-1: Product: syz [ 272.210454][ T2131] usb 4-1: Manufacturer: syz [ 272.215073][ T2131] usb 4-1: SerialNumber: syz [ 272.282476][ T2131] usb 4-1: config 0 descriptor?? [ 272.522953][ T2131] peak_usb 4-1:0.0 can0: unable to request usb[type=0 value=1] err=-71 [ 272.542880][ T2131] peak_usb 4-1:0.0: unable to read PCAN-USB FD firmware info (err -71) [ 272.636829][ T2131] peak_usb: probe of 4-1:0.0 failed with error -71 [ 272.670404][ T2131] usb 4-1: USB disconnect, device number 13 [ 279.793709][ T8260] loop2: detected capacity change from 0 to 8192 [ 281.746054][ T8313] loop3: detected capacity change from 0 to 512 [ 281.780824][ T8313] EXT4-fs: EXT4-fs: inode_readahead_blks must be 0 or a power of 2 smaller than 2^31 [ 283.379429][ T8337] Can't find a SQUASHFS superblock on nullb0 [ 283.718957][ T8347] loop2: detected capacity change from 0 to 512 [ 283.819081][ T8347] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.819: bg 0: block 127: padding at end of block bitmap is not set [ 283.862098][ T8357] (null): rxe_set_mtu: Set mtu to 4096 [ 283.869167][ T8357] lo speed is unknown, defaulting to 1000 [ 283.877445][ T8357] lo speed is unknown, defaulting to 1000 [ 283.883539][ T8347] EXT4-fs (loop2): Remounting filesystem read-only [ 283.892712][ T8347] EXT4-fs warning (device loop2): ext4_xattr_inode_lookup_create:1609: inode #18: comm syz.2.819: cleanup dec ref error -28 [ 283.906533][ T8357] lo speed is unknown, defaulting to 1000 [ 283.915457][ T8347] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -5) [ 283.936778][ T8347] EXT4-fs (loop2): 1 orphan inode deleted [ 283.943988][ T8347] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 284.761607][ T8358] netlink: 16 bytes leftover after parsing attributes in process `syz.3.823'. [ 284.844448][ T5776] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 285.334623][ T8357] infiniband sz1: set active [ 285.339963][ T5817] lo speed is unknown, defaulting to 1000 [ 285.590956][ T8357] infiniband sz1: added lo [ 285.638394][ T8357] sz1: rxe_create_cq: returned err = -12 [ 285.820021][ T8357] infiniband sz1: Couldn't create ib_mad CQ [ 285.936338][ T8357] infiniband sz1: Couldn't open port 1 [ 286.446845][ T8357] RDS/IB: sz1: added [ 286.450959][ T8357] smc: adding ib device sz1 with port count 1 [ 286.493159][ T8357] smc: ib device sz1 port 1 has pnetid [ 286.504800][ T2131] lo speed is unknown, defaulting to 1000 [ 286.523161][ T8357] lo speed is unknown, defaulting to 1000 [ 286.533880][ T5782] Bluetooth: hci0: unexpected event for opcode 0x0c7a [ 288.306454][ T8357] lo speed is unknown, defaulting to 1000 [ 293.047251][ T8357] lo speed is unknown, defaulting to 1000 [ 295.000570][ T8357] lo speed is unknown, defaulting to 1000 [ 295.881865][ T8357] lo speed is unknown, defaulting to 1000 [ 299.070453][ T8514] netlink: 8 bytes leftover after parsing attributes in process `syz.3.857'. [ 299.159361][ T5782] Bluetooth: hci0: Dropping invalid advertising data [ 299.213700][ T8514] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 299.302079][ T8516] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 301.305764][ T8553] syzkaller0: entered promiscuous mode [ 301.335607][ T8553] syzkaller0: entered allmulticast mode [ 302.954096][ T8570] overlayfs: failed to get inode (-116) [ 302.961137][ T8570] overlayfs: failed to get inode (-116) [ 303.444218][ T8586] random: crng reseeded on system resumption [ 303.639259][ T8587] loop4: detected capacity change from 0 to 512 [ 303.854960][ T8587] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 303.868264][ T8587] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 304.877697][ T8587] EXT4-fs error (device loop4): ext4_orphan_get:1430: comm syz.4.875: bad orphan inode 131083 [ 304.898888][ T8587] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 306.514411][ T28] audit: type=1326 audit(1781758915.651:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8592 comm="syz.2.878" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffb1119ce59 code=0x0 [ 306.832451][ T7059] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 307.339632][ T8609] loop3: detected capacity change from 0 to 512 [ 307.421288][ T8609] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 308.736239][ T8609] EXT4-fs error (device loop3): ext4_orphan_get:1404: inode #17: comm syz.3.883: inode has both inline data and extents flags [ 308.853356][ T8609] EXT4-fs error (device loop3): ext4_orphan_get:1409: comm syz.3.883: couldn't read orphan inode 17 (err -117) [ 308.969153][ T8609] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 309.409834][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 309.564764][ T8633] binder: 8632:8633 ioctl 4018620d 0 returned -22 [ 309.808131][ T8637] loop2: detected capacity change from 0 to 512 [ 309.902884][ T8637] EXT4-fs error (device loop2): ext4_iget_extra_inode:4739: inode #15: comm syz.2.891: corrupted in-inode xattr: bad e_name length [ 309.996530][ T8637] EXT4-fs error (device loop2): ext4_orphan_get:1409: comm syz.2.891: couldn't read orphan inode 15 (err -117) [ 310.096899][ T8637] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 310.394829][ T5776] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 311.289681][ T8660] loop3: detected capacity change from 0 to 256 [ 311.297299][ T8660] FAT-fs (loop3): Unrecognized mount option "shortname=wią95" or missing value [ 311.830796][ T8660] loop3: detected capacity change from 0 to 2048 [ 311.920861][ T8660] loop3: p1 p3 p4 [ 311.920861][ T8660] p1: [ 311.955506][ T8660] loop3: p4 size 589824 extends beyond EOD, truncated [ 312.333290][ T8660] loop3: detected capacity change from 0 to 512 [ 312.345489][ T8660] EXT4-fs: Ignoring removed i_version option [ 312.351614][ T8660] EXT4-fs: Ignoring removed bh option [ 312.491386][ T8660] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 312.515217][ T8660] ext4 filesystem being mounted at /207/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 312.919306][ T8666] netlink: 4 bytes leftover after parsing attributes in process `syz.1.896'. [ 313.008462][ T8666] tipc: Started in network mode [ 313.063718][ T8666] tipc: Node identity 5f3a00005f0700000000000000000001, cluster identity 4711 [ 313.072725][ T8666] tipc: Enabling of bearer rejected, failed to enable media [ 314.576170][ T5782] Bluetooth: hci4: command 0x0406 tx timeout [ 314.887141][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 314.967957][ T6615] udevd[6615]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 314.978386][ T6459] udevd[6459]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 314.978873][ T5765] udevd[5765]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 315.775384][ T8716] loop4: detected capacity change from 0 to 256 [ 315.883522][ T8716] FAT-fs (loop4): Directory bread(block 64) failed [ 315.890134][ T8716] FAT-fs (loop4): Directory bread(block 65) failed [ 315.918695][ T8716] FAT-fs (loop4): Directory bread(block 66) failed [ 315.938721][ T8716] FAT-fs (loop4): Directory bread(block 67) failed [ 315.963790][ T8716] FAT-fs (loop4): Directory bread(block 68) failed [ 316.003641][ T8716] FAT-fs (loop4): Directory bread(block 69) failed [ 316.010584][ T8716] FAT-fs (loop4): Directory bread(block 70) failed [ 316.027427][ T8716] FAT-fs (loop4): Directory bread(block 71) failed [ 316.056933][ T8716] FAT-fs (loop4): Directory bread(block 72) failed [ 316.086296][ T8716] FAT-fs (loop4): Directory bread(block 73) failed [ 317.153836][ T8737] netlink: 4 bytes leftover after parsing attributes in process `syz.1.914'. [ 317.361564][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.368447][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.093452][ T8750] 9pnet_fd: Insufficient options for proto=fd [ 318.982525][ T5780] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11 [ 319.396252][ T8777] loop4: detected capacity change from 0 to 256 [ 319.405019][ T8778] netlink: 'syz.2.928': attribute type 16 has an invalid length. [ 319.423389][ T8778] netlink: 'syz.2.928': attribute type 17 has an invalid length. [ 319.443137][ T8778] netlink: 'syz.2.928': attribute type 27 has an invalid length. [ 319.649418][ T8782] netlink: 4 bytes leftover after parsing attributes in process `syz.1.930'. [ 319.683950][ T8782] tipc: Enabling of bearer rejected, failed to enable media [ 319.686516][ T8784] loop2: detected capacity change from 0 to 128 [ 319.769707][ T8784] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 319.794115][ T8784] ext4 filesystem being mounted at /240/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 319.909973][ T8784] syz.2.932 (pid 8784) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 320.166079][ T5780] Bluetooth: hci4: unexpected event for opcode 0x0419 [ 320.278127][ T8784] fscrypt: Adiantum using implementation "adiantum(xchacha12-simd,aes-aesni,nhpoly1305-avx2)" [ 320.419443][ T5776] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 322.335484][ T8829] netlink: 12 bytes leftover after parsing attributes in process `syz.2.945'. [ 322.355652][ T8829] netlink: 20 bytes leftover after parsing attributes in process `syz.2.945'. [ 322.532480][ T8834] loop2: detected capacity change from 0 to 256 [ 322.586454][ T8833] loop4: detected capacity change from 0 to 512 [ 322.615648][ T8834] FAT-fs (loop2): Directory bread(block 64) failed [ 322.625149][ T8833] EXT4-fs: Ignoring removed i_version option [ 322.633492][ T8834] FAT-fs (loop2): Directory bread(block 65) failed [ 322.640184][ T8834] FAT-fs (loop2): Directory bread(block 66) failed [ 322.659775][ T8833] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 322.689596][ T8834] FAT-fs (loop2): Directory bread(block 67) failed [ 322.732022][ T8834] FAT-fs (loop2): Directory bread(block 68) failed [ 322.761297][ T8833] EXT4-fs (loop4): 1 truncate cleaned up [ 322.761653][ T8834] FAT-fs (loop2): Directory bread(block 69) failed [ 322.775614][ T8834] FAT-fs (loop2): Directory bread(block 70) failed [ 322.782198][ T8834] FAT-fs (loop2): Directory bread(block 71) failed [ 322.789172][ T8834] FAT-fs (loop2): Directory bread(block 72) failed [ 322.796294][ T8834] FAT-fs (loop2): Directory bread(block 73) failed [ 322.817185][ T8833] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 322.881524][ T7059] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 324.211271][ T8852] netlink: 4 bytes leftover after parsing attributes in process `syz.2.954'. [ 324.640868][ T8861] loop4: detected capacity change from 0 to 512 [ 325.775428][ T8861] EXT4-fs error (device loop4): ext4_orphan_get:1404: inode #15: comm syz.4.956: inode has both inline data and extents flags [ 325.789925][ T8861] EXT4-fs error (device loop4): ext4_orphan_get:1409: comm syz.4.956: couldn't read orphan inode 15 (err -117) [ 325.810790][ T8861] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 326.931335][ T7059] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 328.523219][ T8883] netlink: 28 bytes leftover after parsing attributes in process `syz.1.961'. [ 329.546561][ T8888] loop4: detected capacity change from 0 to 8 [ 329.634831][ T8888] SQUASHFS error: zlib decompression failed, data probably corrupt [ 329.643034][ T8888] SQUASHFS error: Failed to read block 0x9b: -5 [ 329.649309][ T8888] SQUASHFS error: Unable to read metadata cache entry [99] [ 329.656657][ T8888] SQUASHFS error: Unable to read inode 0x127 [ 333.486275][ T8903] netlink: 4 bytes leftover after parsing attributes in process `syz.2.967'. [ 334.393857][ T8914] loop2: detected capacity change from 0 to 7 [ 334.449046][ T8914] Dev loop2: unable to read RDB block 7 [ 334.482739][ T8914] loop2: unable to read partition table [ 334.488714][ T8914] loop2: partition table beyond EOD, truncated [ 334.503913][ T8914] loop_reread_partitions: partition scan of loop2 (ţ袍xü—ŸŃŕ– ) failed (rc=-5) [ 336.531025][ T8931] IPv6: Can't replace route, no match found [ 336.839409][ T5782] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 336.917961][ T5782] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 336.926708][ T5782] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 336.935703][ T5782] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 336.944047][ T5782] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 336.951568][ T5782] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 338.686667][ T8931] loop4: detected capacity change from 0 to 8 [ 339.032772][ T5780] Bluetooth: hci3: command tx timeout [ 339.240593][ T7888] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 339.857632][ T7888] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 340.456802][ T7888] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 340.539607][ T8932] lo speed is unknown, defaulting to 1000 [ 340.805173][ T7888] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 341.261021][ T5780] Bluetooth: hci3: command tx timeout [ 341.400055][ T8976] loop4: detected capacity change from 0 to 512 [ 343.481693][ T5780] Bluetooth: hci3: command tx timeout [ 343.672028][ T8976] EXT4-fs error (device loop4): ext4_orphan_get:1409: comm syz.4.988: couldn't read orphan inode 26 (err -116) [ 343.712581][ T8976] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 343.726642][ T8976] ext4 filesystem being mounted at /142/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 344.332720][ T8984] syzkaller0: entered promiscuous mode [ 344.372931][ T8984] syzkaller0: entered allmulticast mode [ 344.624700][ T7059] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 345.511930][ T5780] Bluetooth: hci3: command tx timeout [ 345.800463][ T8932] chnl_net:caif_netlink_parms(): no params data found [ 346.830846][ T9035] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1001'. [ 346.939369][ T8932] bridge0: port 1(bridge_slave_0) entered blocking state [ 346.967914][ T8932] bridge0: port 1(bridge_slave_0) entered disabled state [ 346.985665][ T8932] bridge_slave_0: entered allmulticast mode [ 346.999898][ T8932] bridge_slave_0: entered promiscuous mode [ 347.555786][ T9035] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1001'. [ 347.575109][ T8932] bridge0: port 2(bridge_slave_1) entered blocking state [ 347.591167][ T8932] bridge0: port 2(bridge_slave_1) entered disabled state [ 347.611765][ T8932] bridge_slave_1: entered allmulticast mode [ 347.627279][ T8932] bridge_slave_1: entered promiscuous mode [ 347.644914][ T9051] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 347.816718][ T8932] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 347.863456][ T8932] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 348.280180][ T8932] team0: Port device team_slave_0 added [ 348.496004][ T8932] team0: Port device team_slave_1 added [ 348.600143][ T8932] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 348.624023][ T8932] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 348.652927][ T8932] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 348.776372][ T7888] hsr_slave_0: left promiscuous mode [ 348.879170][ T7888] hsr_slave_1: left promiscuous mode [ 348.966894][ T7888] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 349.123374][ T7888] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 349.384138][ T7888] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 349.572206][ T7888] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 349.600951][ T7888] bridge_slave_1: left allmulticast mode [ 349.611521][ T7888] bridge_slave_1: left promiscuous mode [ 349.618434][ T7888] bridge0: port 2(bridge_slave_1) entered disabled state [ 349.664032][ T7888] bridge_slave_0: left allmulticast mode [ 349.680548][ T7888] bridge_slave_0: left promiscuous mode [ 349.686556][ T7888] bridge0: port 1(bridge_slave_0) entered disabled state [ 349.751258][ T7888] veth1_macvtap: left promiscuous mode [ 349.771773][ T7888] veth0_macvtap: left promiscuous mode [ 349.777549][ T7888] veth1_vlan: left promiscuous mode [ 349.801731][ T7888] veth0_vlan: left promiscuous mode [ 350.052537][ T7888] infiniband sz1: set down [ 350.579552][ T9103] loop2: detected capacity change from 0 to 8192 [ 350.720109][ T9103] syz.2.1014: attempt to access beyond end of device [ 350.720109][ T9103] loop2: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 350.763463][ T9103] Buffer I/O error on dev loop2, logical block 57847, async page read [ 350.800860][ T9103] syz.2.1014: attempt to access beyond end of device [ 350.800860][ T9103] loop2: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 350.821881][ T9103] Buffer I/O error on dev loop2, logical block 57847, async page read [ 350.830550][ T28] audit: type=1800 audit(1781758960.263:14): pid=9103 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1014" name="file2" dev="loop2" ino=1048611 res=0 errno=0 [ 351.182712][ T7888] team0 (unregistering): Port device team_slave_1 removed [ 351.241656][ T7888] team0 (unregistering): Port device team_slave_0 removed [ 351.301628][ T7888] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 351.360638][ T7888] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 351.826019][ T7888] bond0 (unregistering): Released all slaves [ 351.919592][ T7589] smc: removing ib device sz1 [ 351.928617][ T8932] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 351.943776][ T8932] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 351.976608][ T8932] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 352.240343][ T5818] lo speed is unknown, defaulting to 1000 [ 352.329345][ T9107] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1015'. [ 352.357614][ T9108] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1015'. [ 352.773051][ T8932] hsr_slave_0: entered promiscuous mode [ 353.063389][ T8932] hsr_slave_1: entered promiscuous mode [ 353.456562][ T8932] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 353.480048][ T8932] Cannot create hsr debugfs directory [ 353.977671][ T9130] syz_tun: entered allmulticast mode [ 354.742822][ T9125] syz_tun: left allmulticast mode [ 354.871981][ T9133] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1022'. [ 355.508389][ T8932] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 355.528882][ T8932] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 355.558302][ T8932] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 355.589596][ T8932] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 355.722012][ T8932] 8021q: adding VLAN 0 to HW filter on device bond0 [ 355.749581][ T8932] 8021q: adding VLAN 0 to HW filter on device team0 [ 355.772638][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 355.779857][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 355.826675][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 355.833954][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 356.183401][ T8932] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 356.628465][ T8932] veth0_vlan: entered promiscuous mode [ 356.646128][ T8932] veth1_vlan: entered promiscuous mode [ 356.698111][ T8932] veth0_macvtap: entered promiscuous mode [ 356.720591][ T8932] veth1_macvtap: entered promiscuous mode [ 356.749825][ T8932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 356.762436][ T8932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 356.777635][ T8932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 356.793390][ T8932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 356.811073][ T8932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 356.828879][ T8932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 356.840573][ T8932] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 356.869458][ T8932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 356.889538][ T8932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 356.911411][ T8932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 356.928811][ T8932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 356.940113][ T8932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 356.959583][ T8932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 356.971569][ T8932] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 356.996142][ T8932] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.009498][ T8932] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.019910][ T8932] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.046304][ T8932] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.153032][ T7888] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 357.166340][ T7888] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 357.216962][ T7888] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 357.235489][ T7888] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 357.453157][ T9201] netlink: 'syz.5.970': attribute type 1 has an invalid length. [ 360.138566][ T9245] loop4: detected capacity change from 0 to 512 [ 360.300942][ T9245] EXT4-fs (loop4): orphan cleanup on readonly fs [ 360.321985][ T9245] EXT4-fs warning (device loop4): ext4_xattr_inode_get:560: inode #11: comm syz.4.1041: EA inode hash validation failed [ 360.335216][ T9245] EXT4-fs error (device loop4): ext4_xattr_inode_update_ref:1037: inode #11: comm syz.4.1041: EA inode 11 ref wraparound: ref_count=0 ref_change=-1 [ 360.355823][ T9245] EXT4-fs warning (device loop4): ext4_xattr_inode_dec_ref_all:1231: inode #11: comm syz.4.1041: ea_inode dec ref err=-117 [ 360.369250][ T9245] EXT4-fs (loop4): 1 orphan inode deleted [ 360.420564][ T9245] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 360.813541][ T7059] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 363.202507][ T9279] loop2: detected capacity change from 0 to 1024 [ 363.310050][ T9279] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 363.429101][ T9279] EXT4-fs error (device loop2): ext4_empty_dir:3177: inode #11: block 35: comm syz.2.1050: bad entry in directory: rec_len is smaller than minimal - offset=3200, inode=0, rec_len=0, size=1024 fake=0 [ 363.634110][ T9286] loop5: detected capacity change from 0 to 128 [ 363.675032][ T9286] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 363.724884][ T9286] ext4 filesystem being mounted at /3/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 363.884791][ T5776] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 364.307696][ T8932] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 370.437375][ T9347] loop5: detected capacity change from 0 to 128 [ 370.602393][ T9347] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 370.617404][ T9347] ext4 filesystem being mounted at /7/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 371.308134][ T8932] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 372.627394][ T9376] loop2: detected capacity change from 0 to 512 [ 373.850623][ T9376] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 373.863874][ T9376] ext4 filesystem being mounted at /281/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 373.918024][ T9376] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 373.982008][ T9376] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28 [ 374.038598][ T9376] EXT4-fs (loop2): This should not happen!! Data will be lost [ 374.038598][ T9376] [ 374.051617][ T9376] EXT4-fs (loop2): Total free blocks count 0 [ 374.057771][ T9376] EXT4-fs (loop2): Free/Dirty block details [ 374.065418][ T9376] EXT4-fs (loop2): free_blocks=65280 [ 381.726345][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 381.733043][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 381.969814][ T9376] EXT4-fs (loop2): dirty_blocks=33 [ 382.065462][ T9376] EXT4-fs (loop2): Block reservation details [ 382.109962][ T9376] EXT4-fs (loop2): i_reserved_data_blocks=33 [ 382.499400][ T9410] loop5: detected capacity change from 0 to 256 [ 382.782674][ T5776] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 383.217688][ T9411] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1082'. [ 383.279734][ T9411] xfrm1: entered promiscuous mode [ 383.289622][ T9411] xfrm1: entered allmulticast mode [ 383.307589][ T9411] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1082'. [ 383.681863][ T9437] netlink: 84 bytes leftover after parsing attributes in process `syz.5.1087'. [ 384.075817][ T9441] loop4: detected capacity change from 0 to 128 [ 387.939650][ T9441] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR [ 387.940029][ T9441] EXT4-fs: failed to create workqueue [ 387.956065][ T9441] EXT4-fs (loop4): mount failed [ 388.829641][ T9461] loop4: detected capacity change from 0 to 2048 [ 388.951966][ T9461] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 389.027972][ T9461] ext4 filesystem being mounted at /172/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 390.816693][ T9461] fs-verity: sha512 using implementation "sha512-avx2" [ 392.454736][ T7059] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 395.012258][ T9528] loop2: detected capacity change from 0 to 128 [ 402.709204][ T9528] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR [ 402.709654][ T9528] EXT4-fs: failed to create workqueue [ 402.724758][ T9528] EXT4-fs (loop2): mount failed [ 404.456263][ T5780] block nbd5: Receive control failed (result -32) [ 404.458649][ T9545] block nbd5: shutting down sockets [ 408.425397][ T9595] block nbd2: shutting down sockets [ 410.239388][ T5780] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 410.506165][ T9620] loop2: detected capacity change from 0 to 512 [ 410.833216][ T9623] netlink: 'syz.2.1128': attribute type 29 has an invalid length. [ 413.487464][ T7877] Bluetooth: hci1: Frame reassembly failed (-84) [ 414.261307][ T9674] block nbd4: shutting down sockets [ 415.508192][ T5782] Bluetooth: hci1: command 0x1003 tx timeout [ 415.516329][ T5780] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 422.287355][ T5780] Bluetooth: hci0: link tx timeout [ 422.294794][ T5780] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 422.360714][ T9712] loop2: detected capacity change from 0 to 128 [ 424.190206][ T7877] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 424.308788][ T5782] Bluetooth: hci0: command 0x0406 tx timeout [ 424.391041][ T7877] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 424.620665][ T7877] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 424.879694][ T7877] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 424.989025][ T9751] block nbd5: shutting down sockets [ 426.182964][ T9763] loop5: detected capacity change from 0 to 128 [ 431.309117][ T5782] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 431.328861][ T5782] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 431.339443][ T5782] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 431.357002][ T5782] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 431.366378][ T5782] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 431.373992][ T5782] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 433.596763][ T5782] Bluetooth: hci1: command tx timeout [ 434.536365][ T9813] loop2: detected capacity change from 0 to 7 [ 434.574907][ T9813] Dev loop2: unable to read RDB block 7 [ 434.619136][ T9813] loop2: unable to read partition table [ 434.625268][ T9813] loop2: partition table beyond EOD, truncated [ 434.677727][ T9813] loop_reread_partitions: partition scan of loop2 (ţ袍xü—ŸŃŕ– ) failed (rc=-5) [ 435.553936][ T9781] chnl_net:caif_netlink_parms(): no params data found [ 435.672854][ T5782] Bluetooth: hci1: command tx timeout [ 435.844352][ T9841] loop4: detected capacity change from 0 to 128 [ 436.025539][ T7877] hsr_slave_0: left promiscuous mode [ 436.050280][ T7877] hsr_slave_1: left promiscuous mode [ 436.059669][ T7877] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 436.085185][ T7877] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 437.741609][ T7877] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 437.754153][ T7877] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 437.756456][ T5782] Bluetooth: hci1: command tx timeout [ 438.068870][ T7877] bridge_slave_1: left allmulticast mode [ 438.074614][ T7877] bridge_slave_1: left promiscuous mode [ 438.112559][ T7877] bridge0: port 2(bridge_slave_1) entered disabled state [ 438.217131][ T7877] bridge_slave_0: left allmulticast mode [ 438.222937][ T7877] bridge_slave_0: left promiscuous mode [ 438.230211][ T7877] bridge0: port 1(bridge_slave_0) entered disabled state [ 438.275036][ T7877] veth1_macvtap: left promiscuous mode [ 438.282620][ T7877] veth0_macvtap: left promiscuous mode [ 438.288453][ T7877] veth1_vlan: left promiscuous mode [ 438.294033][ T7877] veth0_vlan: left promiscuous mode [ 438.526521][ T7877] infiniband syz0: set down [ 439.236089][ T7877] team0 (unregistering): Port device team_slave_1 removed [ 439.304165][ T7877] team0 (unregistering): Port device team_slave_0 removed [ 439.367329][ T7877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 439.427174][ T7877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 439.437591][ T37] smc: removing ib device syz0 [ 439.826784][ T5782] Bluetooth: hci1: command tx timeout [ 439.827026][ T7877] bond0 (unregistering): Released all slaves [ 440.233833][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.240816][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.307876][ T9781] bridge0: port 1(bridge_slave_0) entered blocking state [ 440.319515][ T9781] bridge0: port 1(bridge_slave_0) entered disabled state [ 440.356655][ T9781] bridge_slave_0: entered allmulticast mode [ 440.388215][ T9781] bridge_slave_0: entered promiscuous mode [ 440.407345][ T9781] bridge0: port 2(bridge_slave_1) entered blocking state [ 440.414560][ T9781] bridge0: port 2(bridge_slave_1) entered disabled state [ 440.436761][ T9781] bridge_slave_1: entered allmulticast mode [ 440.548036][ T9781] bridge_slave_1: entered promiscuous mode [ 440.693129][ T9781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 440.740395][ T9781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 441.010634][ T9781] team0: Port device team_slave_0 added [ 441.080236][ T9781] team0: Port device team_slave_1 added [ 441.257109][ T9781] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 441.264218][ T9781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 441.295624][ T9781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 441.319780][ T9781] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 441.328793][ T9781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 441.376216][ T9781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 441.427685][ T7877] IPVS: stop unused estimator thread 0... [ 441.489327][ T9781] hsr_slave_0: entered promiscuous mode [ 441.496088][ T9781] hsr_slave_1: entered promiscuous mode [ 441.623801][ T7877] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 441.761551][ T7877] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 441.849505][ T7877] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 441.914403][ T9781] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 441.935679][ T9781] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 441.946991][ T9781] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 441.984596][ T7877] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.003123][ T9781] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 442.293980][ T9781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 442.439569][ T9781] 8021q: adding VLAN 0 to HW filter on device team0 [ 442.478502][ T7882] bridge0: port 1(bridge_slave_0) entered blocking state [ 442.485709][ T7882] bridge0: port 1(bridge_slave_0) entered forwarding state [ 442.528721][ T7882] bridge0: port 2(bridge_slave_1) entered blocking state [ 442.535972][ T7882] bridge0: port 2(bridge_slave_1) entered forwarding state [ 443.060288][ T9781] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 443.694638][ T9781] veth0_vlan: entered promiscuous mode [ 443.723176][ T7877] hsr_slave_0: left promiscuous mode [ 443.730097][ T7877] hsr_slave_1: left promiscuous mode [ 443.745010][ T7877] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 443.757029][ T7877] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 443.772658][ T7877] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 443.781663][ T7877] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 443.803001][ T7877] bridge_slave_1: left allmulticast mode [ 443.810577][ T7877] bridge_slave_1: left promiscuous mode [ 443.820587][ T7877] bridge0: port 2(bridge_slave_1) entered disabled state [ 443.832308][ T7877] bridge_slave_0: left allmulticast mode [ 443.841756][ T7877] bridge_slave_0: left promiscuous mode [ 443.849648][ T7877] bridge0: port 1(bridge_slave_0) entered disabled state [ 443.895734][ T7877] veth1_macvtap: left promiscuous mode [ 443.909843][ T7877] veth0_macvtap: left promiscuous mode [ 443.915584][ T7877] veth1_vlan: left promiscuous mode [ 443.925927][ T7877] veth0_vlan: left promiscuous mode [ 444.830510][ T7877] team0 (unregistering): Port device team_slave_1 removed [ 444.894168][ T7877] team0 (unregistering): Port device team_slave_0 removed [ 444.953804][ T7877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 445.015047][ T7877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 445.490904][ T7877] bond0 (unregistering): Released all slaves [ 445.569994][ T9781] veth1_vlan: entered promiscuous mode [ 445.648938][ T9781] veth0_macvtap: entered promiscuous mode [ 445.682580][ T9781] veth1_macvtap: entered promiscuous mode [ 445.711520][ T9781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 445.723066][ T9781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 445.735746][ T9781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 445.751071][ T9781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 445.772703][ T9781] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 445.783949][ T9781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 445.798821][ T9781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 445.812004][ T9781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 445.824741][ T9781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 445.846609][ T9781] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 445.867170][ T9781] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.879613][ T9781] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.888923][ T9781] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.898281][ T9781] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.089417][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 446.111735][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 446.153841][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 446.162496][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 446.781772][ T5780] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 446.802174][ T5780] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 446.813564][ T5780] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 446.835433][ T5780] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 446.844149][ T5780] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 446.852834][ T5780] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 447.231135][ T9966] loop6: detected capacity change from 0 to 128 [ 447.641339][ T9954] chnl_net:caif_netlink_parms(): no params data found [ 447.877342][ T9954] bridge0: port 1(bridge_slave_0) entered blocking state [ 447.884612][ T9954] bridge0: port 1(bridge_slave_0) entered disabled state [ 447.892080][ T9954] bridge_slave_0: entered allmulticast mode [ 447.899864][ T9954] bridge_slave_0: entered promiscuous mode [ 447.909530][ T9954] bridge0: port 2(bridge_slave_1) entered blocking state [ 447.917089][ T9954] bridge0: port 2(bridge_slave_1) entered disabled state [ 447.924320][ T9954] bridge_slave_1: entered allmulticast mode [ 447.932101][ T9954] bridge_slave_1: entered promiscuous mode [ 447.971271][ T9954] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 447.984399][ T9954] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 448.029810][ T9954] team0: Port device team_slave_0 added [ 448.040432][ T9954] team0: Port device team_slave_1 added [ 448.077206][ T9954] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 448.084501][ T9954] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 448.111292][ T9954] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 448.124709][ T9954] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 448.132073][ T9954] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 448.162852][ T9954] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 448.240373][ T9954] hsr_slave_0: entered promiscuous mode [ 448.247933][ T9954] hsr_slave_1: entered promiscuous mode [ 448.254474][ T9954] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 448.263310][ T9954] Cannot create hsr debugfs directory [ 448.697730][ T7882] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 448.946803][ T5782] Bluetooth: hci2: command tx timeout [ 449.021111][ T7882] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.179228][ T7882] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.633941][ T7882] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.048903][ T9954] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 450.082137][ T9954] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 450.132630][ T9954] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 450.165072][ T9954] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 450.458953][ T5780] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 450.487177][ T5780] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 450.497555][ T5780] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 450.506922][ T5780] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 450.522979][ T5780] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 450.530593][ T5780] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 450.995524][ T9954] 8021q: adding VLAN 0 to HW filter on device bond0 [ 451.026103][ T5782] Bluetooth: hci2: command tx timeout [ 451.255176][ T9954] 8021q: adding VLAN 0 to HW filter on device team0 [ 451.304121][ T7873] bridge0: port 1(bridge_slave_0) entered blocking state [ 451.311358][ T7873] bridge0: port 1(bridge_slave_0) entered forwarding state [ 451.378927][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 451.386250][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 452.097960][T10021] chnl_net:caif_netlink_parms(): no params data found [ 452.370480][ T7882] hsr_slave_0: left promiscuous mode [ 452.377482][ T7882] hsr_slave_1: left promiscuous mode [ 452.383355][ T7882] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 452.392894][ T7882] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 452.402928][ T7882] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 452.410650][ T7882] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 452.419938][ T7882] bridge_slave_1: left allmulticast mode [ 452.426020][ T7882] bridge_slave_1: left promiscuous mode [ 452.431903][ T7882] bridge0: port 2(bridge_slave_1) entered disabled state [ 452.441087][ T7882] bridge_slave_0: left allmulticast mode [ 452.447217][ T7882] bridge_slave_0: left promiscuous mode [ 452.453040][ T7882] bridge0: port 1(bridge_slave_0) entered disabled state [ 452.478506][ T7882] veth1_macvtap: left promiscuous mode [ 452.485323][ T7882] veth0_macvtap: left promiscuous mode [ 452.491099][ T7882] veth1_vlan: left promiscuous mode [ 452.497775][ T7882] veth0_vlan: left promiscuous mode [ 452.625913][ T5782] Bluetooth: hci1: command tx timeout [ 453.105641][ T5782] Bluetooth: hci2: command tx timeout [ 453.265277][ T7882] team0 (unregistering): Port device team_slave_1 removed [ 453.329363][ T7882] team0 (unregistering): Port device team_slave_0 removed [ 453.384978][ T7882] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 453.449513][ T7882] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 453.931306][ T7882] bond0 (unregistering): Released all slaves [ 454.083363][T10021] bridge0: port 1(bridge_slave_0) entered blocking state [ 454.099742][T10021] bridge0: port 1(bridge_slave_0) entered disabled state [ 454.110121][T10021] bridge_slave_0: entered allmulticast mode [ 454.117955][T10021] bridge_slave_0: entered promiscuous mode [ 454.128429][ T9954] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 454.137398][T10021] bridge0: port 2(bridge_slave_1) entered blocking state [ 454.144536][T10021] bridge0: port 2(bridge_slave_1) entered disabled state [ 454.166074][T10021] bridge_slave_1: entered allmulticast mode [ 454.173661][T10021] bridge_slave_1: entered promiscuous mode [ 454.244960][T10021] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 454.263680][T10021] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 454.385274][T10021] team0: Port device team_slave_0 added [ 454.420669][T10021] team0: Port device team_slave_1 added [ 454.478152][T10021] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 454.485321][T10021] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 454.577426][T10021] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 454.592213][T10021] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 454.620555][T10021] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 454.680741][T10021] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 454.705981][ T5782] Bluetooth: hci1: command tx timeout [ 454.815098][T10021] hsr_slave_0: entered promiscuous mode [ 454.823214][T10021] hsr_slave_1: entered promiscuous mode [ 454.942048][ T9954] veth0_vlan: entered promiscuous mode [ 454.974755][ T9954] veth1_vlan: entered promiscuous mode [ 455.101249][ T9954] veth0_macvtap: entered promiscuous mode [ 455.144485][ T9954] veth1_macvtap: entered promiscuous mode [ 455.176779][ T9954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 455.186929][ T5782] Bluetooth: hci2: command tx timeout [ 455.207420][ T9954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 455.225060][ T9954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 455.246286][ T9954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 455.262979][ T9954] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 455.322449][ T9954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 455.340149][ T9954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 455.354047][ T9954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 455.365967][ T9954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 455.378328][ T9954] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 455.419519][ T9954] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.434262][ T9954] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.443560][ T9954] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.455052][ T9954] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.506407][T10021] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 455.520665][T10021] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 455.546506][T10021] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 455.562909][T10021] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 455.686111][ T7877] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 455.694000][ T7877] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 455.767074][ T7877] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 455.774973][ T7877] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 455.823888][T10021] 8021q: adding VLAN 0 to HW filter on device bond0 [ 455.884514][T10021] 8021q: adding VLAN 0 to HW filter on device team0 [ 455.921552][ T1088] bridge0: port 1(bridge_slave_0) entered blocking state [ 455.928770][ T1088] bridge0: port 1(bridge_slave_0) entered forwarding state [ 455.963573][ T1088] bridge0: port 2(bridge_slave_1) entered blocking state [ 455.971002][ T1088] bridge0: port 2(bridge_slave_1) entered forwarding state [ 456.031122][T10021] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 456.590044][T10021] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 456.786064][ T5782] Bluetooth: hci1: command tx timeout [ 458.318605][T10021] veth0_vlan: entered promiscuous mode [ 458.378803][T10021] veth1_vlan: entered promiscuous mode [ 458.470989][T10021] veth0_macvtap: entered promiscuous mode [ 458.509482][T10021] veth1_macvtap: entered promiscuous mode [ 458.564776][T10021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 458.582124][T10021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 458.592703][T10021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 458.605994][T10021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 458.618197][T10021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 458.629888][T10021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 458.641440][T10021] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 458.663540][T10021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 458.676164][T10021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 458.686457][T10021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 458.697133][T10021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 458.707909][T10021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 458.719002][T10021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 458.731430][T10021] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 458.742851][T10021] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 458.751806][T10021] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 458.761272][T10021] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 458.770185][T10021] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 458.865857][ T5782] Bluetooth: hci1: command tx timeout [ 458.947195][ T7877] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 458.955099][ T7877] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 459.037642][ T7877] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 459.051367][ T7877] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 459.665353][ T5843] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 459.883838][ T5843] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 460.042237][ T5843] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 460.615376][ T5843] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 460.692535][ T5843] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 460.734950][ T5843] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 460.792845][ T5843] usb 5-1: config 0 descriptor?? [ 461.324604][ T5843] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 461.400002][ T5843] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 461.694270][ T5843] usb 5-1: USB disconnect, device number 7 [ 461.789362][T10180] fido_id[10180]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory [ 462.785168][ T5780] Bluetooth: hci3: command 0x0406 tx timeout [ 464.795505][ T23] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 464.985598][ T23] usb 6-1: Using ep0 maxpacket: 16 [ 465.006498][ T23] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 465.026714][ T23] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 465.056850][ T23] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 465.078326][ T23] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 465.104235][ T23] usb 6-1: config 0 descriptor?? [ 465.568098][ T23] hid_map_usage: 4377 callbacks suppressed [ 465.568118][ T23] HID 045e:07da: Invalid code 65791 type 1 [ 466.051075][ T23] HID 045e:07da: Invalid code 768 type 1 [ 466.157236][ T23] HID 045e:07da: Invalid code 769 type 1 [ 466.580798][ T23] HID 045e:07da: Invalid code 770 type 1 [ 466.587088][ T23] HID 045e:07da: Invalid code 771 type 1 [ 466.594467][ T23] HID 045e:07da: Invalid code 772 type 1 [ 466.609416][ T23] HID 045e:07da: Invalid code 773 type 1 [ 466.617396][ T23] HID 045e:07da: Invalid code 774 type 1 [ 466.623558][ T23] HID 045e:07da: Invalid code 775 type 1 [ 466.629956][ T23] HID 045e:07da: Invalid code 776 type 1 [ 466.653019][ T23] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.0009/input/input9 [ 466.775798][ T23] microsoft 0003:045E:07DA.0009: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0 [ 467.295534][T10275] input: syz1 as /devices/virtual/input/input10 [ 467.396363][ T5814] usb 6-1: USB disconnect, device number 2 [ 471.054791][ T5814] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 471.256349][ T5814] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 471.267623][ T5814] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 471.278437][ T5814] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 471.292518][ T5814] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 471.308674][ T5814] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 471.324887][ T5814] usb 6-1: config 0 descriptor?? [ 471.773842][ T5814] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving [ 471.812455][ T5814] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 471.999360][ T5817] usb 6-1: USB disconnect, device number 3 [ 473.945768][ T2131] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 474.164591][ T2131] usb 8-1: Using ep0 maxpacket: 16 [ 474.173280][ T2131] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 474.205740][ T2131] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 474.288311][ T2131] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 474.385842][ T2131] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 474.533296][ T2131] usb 8-1: config 0 descriptor?? [ 474.705658][ T5780] Bluetooth: hci4: command 0x1003 tx timeout [ 474.712271][ T5782] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 475.089539][ T2131] hid_map_usage: 4377 callbacks suppressed [ 475.089557][ T2131] HID 045e:07da: Invalid code 65791 type 1 [ 475.129510][ T2131] HID 045e:07da: Invalid code 768 type 1 [ 475.146205][ T2131] HID 045e:07da: Invalid code 769 type 1 [ 475.165353][ T2131] HID 045e:07da: Invalid code 770 type 1 [ 475.171517][ T2131] HID 045e:07da: Invalid code 771 type 1 [ 475.350303][ T2131] HID 045e:07da: Invalid code 772 type 1 [ 475.358273][ T2131] HID 045e:07da: Invalid code 773 type 1 [ 475.364124][ T2131] HID 045e:07da: Invalid code 774 type 1 [ 475.370051][ T2131] HID 045e:07da: Invalid code 775 type 1 [ 475.375902][ T2131] HID 045e:07da: Invalid code 776 type 1 [ 476.234755][ T2131] input: HID 045e:07da as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:045E:07DA.000B/input/input11 [ 476.392658][ T2131] microsoft 0003:045E:07DA.000B: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.7-1/input0 [ 477.249487][ T5818] usb 8-1: USB disconnect, device number 2 [ 477.493726][T10442] input: syz1 as /devices/virtual/input/input12 [ 479.498482][T10497] cgroup: Invalid name [ 480.103538][T10500] input: syz1 as /devices/virtual/input/input13 [ 480.217097][ T5780] Bluetooth: hci4: command 0x1003 tx timeout [ 480.234118][ T5782] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 480.554313][ T5819] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 480.755561][ T5819] usb 5-1: not running at top speed; connect to a high speed hub [ 480.808468][ T5819] usb 5-1: config 3 has an invalid interface number: 52 but max is 0 [ 480.824012][ T5819] usb 5-1: config 3 has no interface number 0 [ 480.844981][ T5819] usb 5-1: config 3 interface 52 has no altsetting 0 [ 480.859537][ T5819] usb 5-1: New USB device found, idVendor=1164, idProduct=0622, bcdDevice=ef.ca [ 480.876908][ T5819] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 480.904896][ T5819] usb 5-1: Product: syz [ 480.909145][ T5819] usb 5-1: Manufacturer: syz [ 480.913791][ T5819] usb 5-1: SerialNumber: syz [ 481.152713][ T12] Bluetooth: hci4: Frame reassembly failed (-84) [ 481.297898][ T5819] pvrusb2: Hardware description: Gotview USB 2.0 DVD 2 [ 481.306393][ T5819] usb 5-1: selecting invalid altsetting 0 [ 481.306569][T10536] input: syz1 as /devices/virtual/input/input14 [ 481.314350][ T2322] pvrusb2: control-write URB failure, status=-71 [ 481.375611][T10537] cgroup: Invalid name [ 481.413055][ T2322] pvrusb2: Device being rendered inoperable [ 481.607896][ T2322] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 481.920054][ T2322] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 482.053774][ T5819] usb 5-1: USB disconnect, device number 8 [ 483.490953][ T5780] Bluetooth: hci4: command 0x1003 tx timeout [ 483.504433][ T5782] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 485.242922][T10582] input: syz1 as /devices/virtual/input/input15 [ 485.383939][ T5762] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 485.574312][ T5762] usb 5-1: Using ep0 maxpacket: 16 [ 485.592412][ T5762] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 485.618819][ T5762] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 485.671444][ T5762] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 485.674409][ T2131] usb 6-1: new full-speed USB device number 4 using dummy_hcd [ 485.687424][ T5762] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 485.715653][ T5762] usb 5-1: config 0 descriptor?? [ 485.885231][ T2131] usb 6-1: not running at top speed; connect to a high speed hub [ 485.900237][ T2131] usb 6-1: config 3 has an invalid interface number: 52 but max is 0 [ 485.914308][ T2131] usb 6-1: config 3 has no interface number 0 [ 485.927982][ T2131] usb 6-1: config 3 interface 52 has no altsetting 0 [ 485.945440][ T2131] usb 6-1: New USB device found, idVendor=1164, idProduct=0622, bcdDevice=ef.ca [ 485.958294][ T2131] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 485.967540][ T2131] usb 6-1: Product: syz [ 485.971765][ T2131] usb 6-1: Manufacturer: syz [ 485.978903][ T2131] usb 6-1: SerialNumber: syz [ 486.246558][ T5762] hid_map_usage: 4377 callbacks suppressed [ 486.246577][ T5762] HID 045e:07da: Invalid code 65791 type 1 [ 486.297807][ T5762] HID 045e:07da: Invalid code 768 type 1 [ 486.323656][ T5762] HID 045e:07da: Invalid code 769 type 1 [ 486.354644][ T5762] HID 045e:07da: Invalid code 770 type 1 [ 486.389534][ T5762] HID 045e:07da: Invalid code 771 type 1 [ 486.411133][ T2131] pvrusb2: Hardware description: Gotview USB 2.0 DVD 2 [ 486.434019][ T2131] usb 6-1: selecting invalid altsetting 0 [ 486.451158][ T2131] usb 6-1: USB disconnect, device number 4 [ 486.451504][ T2322] pvrusb2: Failed to submit write-control URB status=-19 [ 486.474036][ T5762] HID 045e:07da: Invalid code 772 type 1 [ 486.496913][ T5762] HID 045e:07da: Invalid code 773 type 1 [ 486.499917][ T2322] pvrusb2: Device being rendered inoperable [ 486.535453][ T2322] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 486.830291][ T2322] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 487.693434][ T5762] HID 045e:07da: Invalid code 774 type 1 [ 487.699264][ T5762] HID 045e:07da: Invalid code 775 type 1 [ 487.705385][ T5762] HID 045e:07da: Invalid code 776 type 1 [ 488.684945][ T5762] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.000C/input/input16 [ 489.003699][ T5762] microsoft 0003:045E:07DA.000C: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 489.048231][ T5762] usb 5-1: USB disconnect, device number 9 [ 489.171400][ T7873] Bluetooth: hci4: Frame reassembly failed (-84) [ 489.452376][T10651] fido_id[10651]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 491.183580][ T5780] Bluetooth: hci4: command 0x1003 tx timeout [ 491.191197][ T5782] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 492.563974][T10686] nfs4: Unknown parameter 'no' [ 493.451437][T10701] input: syz1 as /devices/virtual/input/input17 [ 494.489719][ T1088] Bluetooth: hci4: Frame reassembly failed (-84) [ 496.368402][ T5782] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 497.610715][T10750] nfs4: Unknown parameter 'no' [ 499.253202][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 499.568107][ T5782] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 500.634149][T10800] nfs4: Unknown parameter 'no' [ 501.763393][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.769766][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 504.109814][ T5780] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 504.117248][ T5782] Bluetooth: hci4: command 0x1003 tx timeout [ 506.523082][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 510.597407][ T5084] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 512.094310][ T788] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 512.302708][ T788] usb 6-1: Using ep0 maxpacket: 16 [ 512.315051][ T788] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 512.337755][ T788] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 512.380182][ T788] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 512.407157][ T788] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 512.469073][ T788] usb 6-1: config 0 descriptor?? [ 512.893249][ T788] hid_map_usage: 4377 callbacks suppressed [ 512.893267][ T788] HID 045e:07da: Invalid code 65791 type 1 [ 512.932670][ T788] HID 045e:07da: Invalid code 768 type 1 [ 512.938394][ T788] HID 045e:07da: Invalid code 769 type 1 [ 512.962502][ T788] HID 045e:07da: Invalid code 770 type 1 [ 512.968229][ T788] HID 045e:07da: Invalid code 771 type 1 [ 512.995822][ T788] HID 045e:07da: Invalid code 772 type 1 [ 513.001552][ T788] HID 045e:07da: Invalid code 773 type 1 [ 513.051907][ T788] HID 045e:07da: Invalid code 774 type 1 [ 513.112646][ T788] HID 045e:07da: Invalid code 775 type 1 [ 513.132338][ T788] HID 045e:07da: Invalid code 776 type 1 [ 514.692305][ T788] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.000D/input/input20 [ 515.742495][ T788] microsoft 0003:045E:07DA.000D: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0 [ 515.862339][ T788] usb 6-1: USB disconnect, device number 5 [ 516.069977][T10977] fido_id[10977]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 520.541985][ T5780] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 522.291817][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 522.464628][T11029] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 523.300507][T11098] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 525.442706][ T5084] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 525.996156][T11155] input: syz1 as /devices/virtual/input/input21 [ 526.031860][ T2131] usb 6-1: new full-speed USB device number 6 using dummy_hcd [ 526.476087][ T2131] usb 6-1: New USB device found, idVendor=0c72, idProduct=0013, bcdDevice=ba.be [ 526.488499][ T2131] usb 6-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3 [ 526.498542][ T2131] usb 6-1: Product: syz [ 526.503093][ T2131] usb 6-1: Manufacturer: syz [ 526.508192][ T2131] usb 6-1: SerialNumber: syz [ 526.521028][ T2131] usb 6-1: config 0 descriptor?? [ 526.931210][T11175] netlink: 'syz.7.1447': attribute type 4 has an invalid length. [ 527.381481][ T2131] peak_usb 6-1:0.0: PEAK-System PCAN-Chip USB v0 fw v0.0.0 (1 channels) [ 527.851177][ T2131] peak_usb 6-1:0.0 can0: sending command failure: -22 [ 527.859254][ T2131] peak_usb 6-1:0.0 can0: sending command failure: -22 [ 527.866620][ T2131] peak_usb 6-1:0.0 can0: sending command failure: -22 [ 528.622779][ T2131] peak_usb: probe of 6-1:0.0 failed with error -22 [ 528.641052][ T2131] usb 6-1: USB disconnect, device number 6 [ 529.089429][T11201] (null): rxe_set_mtu: Set mtu to 1024 [ 529.099096][T11201] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 529.984065][ T5780] Bluetooth: hci4: command 0x1003 tx timeout [ 530.032978][ T5084] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 530.192447][T11204] input: syz1 as /devices/virtual/input/input22 [ 531.132985][T11219] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 533.071986][T11236] overlayfs: failed to clone lowerpath [ 533.531249][ T2131] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 533.661226][ T5084] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 533.669494][ T5782] Bluetooth: hci4: command 0x1003 tx timeout [ 533.721746][ T2131] usb 5-1: Using ep0 maxpacket: 16 [ 533.761453][ T2131] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 533.774937][ T2131] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 533.788779][ T2131] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 533.797985][ T2131] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 533.851399][ T2131] usb 5-1: config 0 descriptor?? [ 534.269543][T11255] input: syz1 as /devices/virtual/input/input23 [ 534.295981][ T2131] hid_map_usage: 4377 callbacks suppressed [ 534.295999][ T2131] HID 045e:07da: Invalid code 65791 type 1 [ 534.319812][ T2131] HID 045e:07da: Invalid code 768 type 1 [ 534.329978][ T2131] HID 045e:07da: Invalid code 769 type 1 [ 534.340600][ T2131] HID 045e:07da: Invalid code 770 type 1 [ 534.348440][ T2131] HID 045e:07da: Invalid code 771 type 1 [ 534.358161][ T2131] HID 045e:07da: Invalid code 772 type 1 [ 534.365921][ T2131] HID 045e:07da: Invalid code 773 type 1 [ 534.398712][ T2131] HID 045e:07da: Invalid code 774 type 1 [ 534.406183][ T2131] HID 045e:07da: Invalid code 775 type 1 [ 534.418271][ T2131] HID 045e:07da: Invalid code 776 type 1 [ 534.447156][ T2131] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.000E/input/input24 [ 534.538412][ T2131] microsoft 0003:045E:07DA.000E: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 536.543450][ T5819] usb 5-1: USB disconnect, device number 10 [ 537.621381][T11283] 9pnet_virtio: no channels available for device syz [ 537.670900][T11283] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 537.826043][T11283] overlayfs: failed to look up (tracing) for ino (-66) [ 538.921206][T11288] input: syz1 as /devices/virtual/input/input25 [ 539.504227][ T5084] Bluetooth: hci4: command 0x1003 tx timeout [ 539.513368][ T5780] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 541.369091][T11317] input: syz1 as /devices/virtual/input/input26 [ 543.420705][ T5843] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 543.610564][ T5843] usb 5-1: Using ep0 maxpacket: 16 [ 543.629340][ T5843] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 543.654985][ T5843] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 543.697926][ T5843] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 543.724546][ T5843] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 543.760984][ T5843] usb 5-1: config 0 descriptor?? [ 544.215712][ T5843] hid_map_usage: 4377 callbacks suppressed [ 544.215730][ T5843] HID 045e:07da: Invalid code 65791 type 1 [ 544.282198][ T5843] HID 045e:07da: Invalid code 768 type 1 [ 544.303293][ T5843] HID 045e:07da: Invalid code 769 type 1 [ 544.341951][ T5843] HID 045e:07da: Invalid code 770 type 1 [ 544.354373][ T5843] HID 045e:07da: Invalid code 771 type 1 [ 544.360092][ T5843] HID 045e:07da: Invalid code 772 type 1 [ 544.383198][ T5843] HID 045e:07da: Invalid code 773 type 1 [ 544.398936][ T5843] HID 045e:07da: Invalid code 774 type 1 [ 544.430715][ T5843] HID 045e:07da: Invalid code 775 type 1 [ 544.444983][ T5843] HID 045e:07da: Invalid code 776 type 1 [ 544.489857][ T5843] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.000F/input/input27 [ 544.641722][ T5843] microsoft 0003:045E:07DA.000F: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 544.896575][ T5843] usb 5-1: USB disconnect, device number 11 [ 544.991745][T11373] netlink: 100 bytes leftover after parsing attributes in process `syz.7.1521'. [ 546.470912][T11394] input: syz1 as /devices/virtual/input/input28 [ 547.106067][ T5843] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 547.930317][ T5843] usb 6-1: Using ep0 maxpacket: 16 [ 547.939518][ T5843] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 547.959063][ T5843] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 547.979362][ T5843] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 547.989525][ T5843] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 548.007989][ T5843] usb 6-1: config 0 descriptor?? [ 548.460355][ T5084] Bluetooth: hci4: command 0x1003 tx timeout [ 548.468047][ T5780] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 548.567810][ T5843] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.0010/input/input29 [ 548.713862][ T5843] microsoft 0003:045E:07DA.0010: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0 [ 550.886899][T11407] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 550.922985][ T5818] usb 6-1: USB disconnect, device number 7 [ 551.620621][ T5818] usb 8-1: new full-speed USB device number 3 using dummy_hcd [ 551.780120][ T788] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 551.853469][ T5818] usb 8-1: New USB device found, idVendor=0c72, idProduct=0013, bcdDevice=ba.be [ 551.862714][ T5818] usb 8-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3 [ 551.954608][T11443] netlink: 'syz.5.1546': attribute type 4 has an invalid length. [ 552.690984][ T5818] usb 8-1: Product: syz [ 552.695238][ T5818] usb 8-1: Manufacturer: syz [ 552.700349][ T5818] usb 8-1: SerialNumber: syz [ 552.710701][ T5818] usb 8-1: config 0 descriptor?? [ 552.790302][ T788] usb 5-1: Using ep0 maxpacket: 16 [ 552.807638][ T788] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 552.848954][ T788] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 552.907572][ T788] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 552.949977][ T788] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 552.968206][ T5818] peak_usb 8-1:0.0: PEAK-System PCAN-Chip USB v0 fw v0.0.0 (1 channels) [ 552.996493][ T788] usb 5-1: config 0 descriptor?? [ 554.119926][ T5818] peak_usb 8-1:0.0 can0: sending command failure: -22 [ 554.150332][ T5818] peak_usb 8-1:0.0 can0: sending command failure: -22 [ 554.177901][ T5818] peak_usb 8-1:0.0 can0: sending command failure: -22 [ 554.322952][ T5818] peak_usb: probe of 8-1:0.0 failed with error -22 [ 554.358498][ T5818] usb 8-1: USB disconnect, device number 3 [ 555.113333][T11467] input: syz1 as /devices/virtual/input/input30 [ 555.727626][ T788] usbhid 5-1:0.0: can't add hid device: -71 [ 555.736453][ T788] usbhid: probe of 5-1:0.0 failed with error -71 [ 555.782510][ T788] usb 5-1: USB disconnect, device number 12 [ 557.145559][T11487] netlink: 'syz.4.1563': attribute type 4 has an invalid length. [ 557.779533][T11496] input: syz1 as /devices/virtual/input/input31 [ 559.399658][T11518] netlink: 'syz.7.1576': attribute type 4 has an invalid length. [ 560.045375][ T5762] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 560.251292][ T5762] usb 6-1: Using ep0 maxpacket: 16 [ 560.267321][ T5762] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 560.296143][ T5762] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 560.341024][ T5762] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 560.366968][ T5762] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 560.468873][ T5762] usb 6-1: config 0 descriptor?? [ 560.558260][T11529] (null): rxe_set_mtu: Set mtu to 1024 [ 560.565472][T11529] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 562.312796][ T5762] usb 6-1: can't set config #0, error -71 [ 562.488231][ T5762] usb 6-1: USB disconnect, device number 8 [ 563.081081][T11531] overlayfs: overlapping lowerdir path [ 563.105231][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.112013][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.329928][T11559] 9pnet_virtio: no channels available for device syz [ 564.630449][T11559] overlayfs: failed to clone lowerpath [ 566.359568][ T23] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 566.539206][ T23] usb 6-1: Using ep0 maxpacket: 16 [ 566.546337][ T23] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 566.557477][ T23] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 566.570403][ T23] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 566.579740][ T23] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 566.589767][ T23] usb 6-1: config 0 descriptor?? [ 567.003196][ T23] hid_map_usage: 8764 callbacks suppressed [ 567.003213][ T23] HID 045e:07da: Invalid code 65791 type 1 [ 567.017029][ T23] HID 045e:07da: Invalid code 768 type 1 [ 567.023314][ T23] HID 045e:07da: Invalid code 769 type 1 [ 567.029003][ T23] HID 045e:07da: Invalid code 770 type 1 [ 567.039390][ T23] HID 045e:07da: Invalid code 771 type 1 [ 567.045055][ T23] HID 045e:07da: Invalid code 772 type 1 [ 567.051323][ T23] HID 045e:07da: Invalid code 773 type 1 [ 567.057015][ T23] HID 045e:07da: Invalid code 774 type 1 [ 567.062811][ T23] HID 045e:07da: Invalid code 775 type 1 [ 567.068469][ T23] HID 045e:07da: Invalid code 776 type 1 [ 567.082379][ T23] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.0011/input/input32 [ 567.164390][ T23] microsoft 0003:045E:07DA.0011: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0 [ 567.839619][ T23] usb 6-1: USB disconnect, device number 9 [ 568.735493][T11580] (null): rxe_set_mtu: Set mtu to 1024 [ 568.741571][T11580] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 570.418506][ T5084] Bluetooth: hci2: command 0x0406 tx timeout [ 570.419255][ T5814] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 573.789369][T11600] overlayfs: overlapping lowerdir path [ 574.791550][T11614] input: syz1 as /devices/virtual/input/input33 [ 575.238747][ T5814] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 575.421186][ T5780] Bluetooth: hci1: command 0x0406 tx timeout [ 575.429109][ T5814] usb 6-1: Using ep0 maxpacket: 16 [ 575.503535][T11632] 9pnet_virtio: no channels available for device syz [ 575.541010][T11632] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 575.675541][T11632] overlayfs: failed to look up (tracing) for ino (-66) [ 577.421360][ T5814] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 577.448593][ T5814] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 577.518541][ T5814] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 577.538867][ T5814] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.560215][ T5814] usb 6-1: config 0 descriptor?? [ 577.976192][ T5814] hid_map_usage: 4377 callbacks suppressed [ 577.976212][ T5814] HID 045e:07da: Invalid code 65791 type 1 [ 577.988352][ T5814] HID 045e:07da: Invalid code 768 type 1 [ 577.996860][ T5814] HID 045e:07da: Invalid code 769 type 1 [ 578.002611][ T5814] HID 045e:07da: Invalid code 770 type 1 [ 578.009108][ T5814] HID 045e:07da: Invalid code 771 type 1 [ 578.014807][ T5814] HID 045e:07da: Invalid code 772 type 1 [ 578.020653][ T5814] HID 045e:07da: Invalid code 773 type 1 [ 578.026335][ T5814] HID 045e:07da: Invalid code 774 type 1 [ 578.032714][ T5814] HID 045e:07da: Invalid code 775 type 1 [ 578.038508][ T5814] HID 045e:07da: Invalid code 776 type 1 [ 578.050432][ T5814] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.0012/input/input34 [ 578.134970][ T5814] microsoft 0003:045E:07DA.0012: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0 [ 578.801542][ T23] usb 6-1: USB disconnect, device number 10 [ 580.109898][T11656] input: syz1 as /devices/virtual/input/input35 [ 580.116981][T11648] overlayfs: overlapping lowerdir path [ 580.608456][ T5843] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 580.790901][ T5843] usb 5-1: Using ep0 maxpacket: 16 [ 580.797916][ T5843] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 580.809105][ T5843] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 580.822061][ T5843] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 580.831219][ T5843] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 580.842091][ T5843] usb 5-1: config 0 descriptor?? [ 581.465934][ T5843] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0013/input/input36 [ 581.728792][ T5084] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 581.928500][ T5843] microsoft 0003:045E:07DA.0013: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 582.683562][ T5843] usb 5-1: USB disconnect, device number 14 [ 584.758880][ T5843] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 584.790387][T11736] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1655'. [ 584.880761][T11740] input: syz1 as /devices/virtual/input/input37 [ 584.960377][ T5843] usb 5-1: Using ep0 maxpacket: 16 [ 584.991303][ T5843] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 585.018193][ T5843] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 585.046510][ T5843] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 585.080429][ T5843] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 585.097359][ T5843] usb 5-1: config 0 descriptor?? [ 585.583827][ T5843] hid_map_usage: 8764 callbacks suppressed [ 585.583843][ T5843] HID 045e:07da: Invalid code 65791 type 1 [ 585.596842][ T5843] HID 045e:07da: Invalid code 768 type 1 [ 585.602918][ T5843] HID 045e:07da: Invalid code 769 type 1 [ 585.608976][ T5843] HID 045e:07da: Invalid code 770 type 1 [ 585.614682][ T5843] HID 045e:07da: Invalid code 771 type 1 [ 585.620532][ T5843] HID 045e:07da: Invalid code 772 type 1 [ 585.626717][ T5843] HID 045e:07da: Invalid code 773 type 1 [ 585.632477][ T5843] HID 045e:07da: Invalid code 774 type 1 [ 585.638651][ T5843] HID 045e:07da: Invalid code 775 type 1 [ 585.644371][ T5843] HID 045e:07da: Invalid code 776 type 1 [ 585.661374][ T5843] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0014/input/input38 [ 586.075446][ T5843] microsoft 0003:045E:07DA.0014: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 586.786298][ T788] usb 5-1: USB disconnect, device number 15 [ 587.258654][ T5084] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 587.259301][ T5780] Bluetooth: hci4: command 0x1003 tx timeout [ 587.546796][T11778] netlink: 100 bytes leftover after parsing attributes in process `syz.4.1670'. [ 587.886119][T11791] input: syz1 as /devices/virtual/input/input39 [ 588.258381][ T5084] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 588.270068][ T5084] CPU: 1 PID: 5084 Comm: kworker/u5:1 Not tainted syzkaller #0 [ 588.277751][ T5084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 588.287844][ T5084] Workqueue: hci1 hci_rx_work [ 588.292811][ T5084] Call Trace: [ 588.296160][ T5084] [ 588.299173][ T5084] dump_stack_lvl+0x18c/0x250 [ 588.304027][ T5084] ? show_regs_print_info+0x20/0x20 [ 588.309303][ T5084] ? load_image+0x420/0x420 [ 588.313901][ T5084] sysfs_create_dir_ns+0x26e/0x2a0 [ 588.319099][ T5084] ? sysfs_warn_dup+0xa0/0xa0 [ 588.323815][ T5084] ? do_raw_spin_unlock+0x121/0x230 [ 588.329092][ T5084] kobject_add_internal+0x61c/0xcc0 [ 588.334361][ T5084] kobject_add+0x164/0x240 [ 588.338832][ T5084] ? kobject_init+0x1e0/0x1e0 [ 588.343556][ T5084] ? _raw_spin_unlock+0x3a/0x40 [ 588.348531][ T5084] ? get_device_parent+0x366/0x390 [ 588.353737][ T5084] device_add+0x408/0xc50 [ 588.358115][ T5084] hci_conn_add_sysfs+0xd5/0x1e0 [ 588.363174][ T5084] le_conn_complete_evt+0xf5d/0x1540 [ 588.368502][ T5084] ? hci_event_packet+0x4cb/0x1270 [ 588.373670][ T5084] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 588.380053][ T5084] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 588.385769][ T5084] ? skb_pull_data+0xfb/0x200 [ 588.390610][ T5084] hci_le_conn_complete_evt+0x187/0x440 [ 588.396220][ T5084] ? hci_remote_host_features_evt+0x150/0x150 [ 588.402333][ T5084] hci_event_packet+0x7ba/0x1270 [ 588.407325][ T5084] ? bis_list+0x290/0x290 [ 588.411708][ T5084] ? kcov_remote_start+0x2b/0x7e0 [ 588.416794][ T5084] ? hci_send_to_monitor+0xd7/0x4f0 [ 588.422215][ T5084] hci_rx_work+0x43a/0xd60 [ 588.426688][ T5084] ? process_scheduled_works+0x96f/0x15d0 [ 588.432497][ T5084] process_scheduled_works+0xa5d/0x15d0 [ 588.438118][ T5084] ? worker_attach_to_pool+0x380/0x380 [ 588.443623][ T5084] ? assign_work+0x3d2/0x5d0 [ 588.448262][ T5084] worker_thread+0xa55/0xfc0 [ 588.452894][ T5084] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 588.458829][ T5084] ? _raw_spin_unlock+0x40/0x40 [ 588.463723][ T5084] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 588.469704][ T5084] kthread+0x2fa/0x390 [ 588.474250][ T5084] ? pr_cont_work+0x560/0x560 [ 588.478972][ T5084] ? kthread_blkcg+0xd0/0xd0 [ 588.483597][ T5084] ret_from_fork+0x48/0x80 [ 588.488076][ T5084] ? kthread_blkcg+0xd0/0xd0 [ 588.492711][ T5084] ret_from_fork_asm+0x11/0x20 [ 588.497554][ T5084] [ 588.528337][ T5084] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 588.549163][ T5084] Bluetooth: hci1: failed to register connection device [ 589.068088][ T2131] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 589.508174][ T2131] usb 6-1: Using ep0 maxpacket: 16 [ 589.964921][ T2131] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 589.977097][ T2131] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 589.991444][ T2131] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 590.000646][ T2131] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 590.017913][ T2131] usb 6-1: config 0 descriptor?? [ 590.287655][T11817] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=4015170203 (32121361624 ns) > initial count (30716351936 ns). Using initial count to start timer. [ 590.477064][ T2131] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.0015/input/input40 [ 590.655353][ T2131] microsoft 0003:045E:07DA.0015: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0 [ 591.301073][ T5843] usb 6-1: USB disconnect, device number 11 [ 592.317867][ T788] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 592.368229][ T5084] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 592.378636][ T5084] CPU: 0 PID: 5084 Comm: kworker/u5:1 Not tainted syzkaller #0 [ 592.386225][ T5084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 592.396324][ T5084] Workqueue: hci3 hci_rx_work [ 592.401053][ T5084] Call Trace: [ 592.404384][ T5084] [ 592.407351][ T5084] dump_stack_lvl+0x18c/0x250 [ 592.412105][ T5084] ? show_regs_print_info+0x20/0x20 [ 592.417455][ T5084] ? load_image+0x420/0x420 [ 592.422040][ T5084] sysfs_create_dir_ns+0x26e/0x2a0 [ 592.427203][ T5084] ? sysfs_warn_dup+0xa0/0xa0 [ 592.432022][ T5084] ? do_raw_spin_unlock+0x121/0x230 [ 592.437274][ T5084] kobject_add_internal+0x61c/0xcc0 [ 592.442530][ T5084] kobject_add+0x164/0x240 [ 592.447005][ T5084] ? __rwlock_init+0x150/0x150 [ 592.451815][ T5084] ? kobject_init+0x1e0/0x1e0 [ 592.456535][ T5084] ? _raw_spin_unlock+0x28/0x40 [ 592.461443][ T5084] ? get_device_parent+0x366/0x390 [ 592.467469][ T5084] device_add+0x408/0xc50 [ 592.471854][ T5084] hci_conn_add_sysfs+0xd5/0x1e0 [ 592.476838][ T5084] le_conn_complete_evt+0xf5d/0x1540 [ 592.482195][ T5084] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 592.488529][ T5084] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 592.494312][ T5084] ? lockdep_hardirqs_on+0x98/0x150 [ 592.499564][ T5084] ? skb_pull_data+0xfb/0x200 [ 592.504326][ T5084] hci_le_conn_complete_evt+0x187/0x440 [ 592.509923][ T5084] ? hci_remote_host_features_evt+0x150/0x150 [ 592.516059][ T5084] hci_event_packet+0x7ba/0x1270 [ 592.521076][ T5084] ? bis_list+0x290/0x290 [ 592.525465][ T5084] ? kcov_remote_start+0x2b/0x7e0 [ 592.530534][ T5084] ? hci_send_to_monitor+0xd7/0x4f0 [ 592.535788][ T5084] hci_rx_work+0x43a/0xd60 [ 592.540263][ T5084] ? process_scheduled_works+0x96f/0x15d0 [ 592.546022][ T5084] process_scheduled_works+0xa5d/0x15d0 [ 592.551648][ T5084] ? worker_attach_to_pool+0x380/0x380 [ 592.557245][ T5084] ? assign_work+0x3d2/0x5d0 [ 592.561887][ T5084] worker_thread+0xa55/0xfc0 [ 592.566520][ T5084] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 592.572465][ T5084] ? _raw_spin_unlock+0x40/0x40 [ 592.577391][ T5084] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 592.583390][ T5084] kthread+0x2fa/0x390 [ 592.587508][ T5084] ? pr_cont_work+0x560/0x560 [ 592.592405][ T5084] ? kthread_blkcg+0xd0/0xd0 [ 592.597034][ T5084] ret_from_fork+0x48/0x80 [ 592.601487][ T5084] ? kthread_blkcg+0xd0/0xd0 [ 592.606121][ T5084] ret_from_fork_asm+0x11/0x20 [ 592.610948][ T5084] [ 592.614034][ C0] vkms_vblank_simulate: vblank timer overrun [ 592.638695][ T5084] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 592.658454][ T5084] Bluetooth: hci3: failed to register connection device [ 592.837694][ T788] usb 5-1: Using ep0 maxpacket: 16 [ 592.848503][ T788] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 592.860074][ T788] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 592.884174][ T788] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 592.910478][ T788] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 592.937296][ T788] usb 5-1: config 0 descriptor?? [ 594.222280][ T788] hid_map_usage: 8764 callbacks suppressed [ 594.222297][ T788] HID 045e:07da: Invalid code 65791 type 1 [ 594.286811][T11856] input: syz1 as /devices/virtual/input/input42 [ 594.377963][ T788] HID 045e:07da: Invalid code 768 type 1 [ 594.383737][ T788] HID 045e:07da: Invalid code 769 type 1 [ 594.393740][ T788] HID 045e:07da: Invalid code 770 type 1 [ 594.401864][ T788] HID 045e:07da: Invalid code 771 type 1 [ 594.407637][ T788] HID 045e:07da: Invalid code 772 type 1 [ 594.413317][ T788] HID 045e:07da: Invalid code 773 type 1 [ 594.421422][ T788] HID 045e:07da: Invalid code 774 type 1 [ 594.427687][ T788] HID 045e:07da: Invalid code 775 type 1 [ 594.434039][ T788] HID 045e:07da: Invalid code 776 type 1 [ 594.460929][ T788] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0016/input/input41 [ 594.577207][ T788] microsoft 0003:045E:07DA.0016: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 594.951614][ T788] usb 5-1: USB disconnect, device number 16 [ 595.261058][ T5780] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 596.655283][T11888] input: syz1 as /devices/virtual/input/input43 [ 596.967560][ T5814] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 597.162694][ T5814] usb 5-1: Using ep0 maxpacket: 32 [ 597.189000][ T5814] usb 5-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 597.220071][ T5814] usb 5-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 597.230183][ T5814] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 597.249152][ T5814] usb 5-1: Product: syz [ 597.253973][ T5814] usb 5-1: Manufacturer: syz [ 597.260342][ T5814] usb 5-1: SerialNumber: syz [ 597.281243][ T5814] usb 5-1: config 0 descriptor?? [ 597.312586][ T5814] usb 5-1: bad CDC descriptors [ 597.320253][ T5814] usb 5-1: unsupported MDLM descriptors [ 597.540294][ T23] usb 5-1: USB disconnect, device number 17 [ 598.497434][ T23] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 598.699731][ T23] usb 8-1: Using ep0 maxpacket: 16 [ 598.706803][ T23] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 598.718426][ T23] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 598.731477][ T23] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 598.740636][ T23] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 598.751424][ T23] usb 8-1: config 0 descriptor?? [ 599.249886][ T23] input: HID 045e:07da as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:045E:07DA.0017/input/input44 [ 599.420791][ T23] microsoft 0003:045E:07DA.0017: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.7-1/input0 [ 600.355566][ T2131] usb 8-1: USB disconnect, device number 4 [ 600.787290][ T23] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 600.972057][ T23] usb 5-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 600.981447][ T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 600.990470][ T23] usb 5-1: Product: syz [ 600.994767][ T23] usb 5-1: Manufacturer: syz [ 601.000242][ T23] usb 5-1: SerialNumber: syz [ 601.015227][ T23] usb 5-1: config 0 descriptor?? [ 601.200862][ T5814] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 601.245232][ T23] peak_usb 5-1:0.0 can0: unable to request usb[type=0 value=1] err=-71 [ 601.266569][ T23] peak_usb 5-1:0.0: unable to read PCAN-USB FD firmware info (err -71) [ 601.319138][ T23] peak_usb: probe of 5-1:0.0 failed with error -71 [ 601.352778][ T23] usb 5-1: USB disconnect, device number 18 [ 601.397866][ T5814] usb 6-1: Using ep0 maxpacket: 16 [ 601.418183][ T5814] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 601.450972][ T5814] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 601.476499][ T5814] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 601.490031][ T5814] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 601.521662][ T5814] usb 6-1: config 0 descriptor?? [ 601.970330][ T5814] hid_map_usage: 8764 callbacks suppressed [ 601.970347][ T5814] HID 045e:07da: Invalid code 65791 type 1 [ 602.001696][ T5814] HID 045e:07da: Invalid code 768 type 1 [ 602.008281][ T5814] HID 045e:07da: Invalid code 769 type 1 [ 602.013980][ T5814] HID 045e:07da: Invalid code 770 type 1 [ 602.025083][ T5814] HID 045e:07da: Invalid code 771 type 1 [ 602.031139][ T5814] HID 045e:07da: Invalid code 772 type 1 [ 602.036828][ T5814] HID 045e:07da: Invalid code 773 type 1 [ 602.052143][ T5814] HID 045e:07da: Invalid code 774 type 1 [ 602.065146][ T5814] HID 045e:07da: Invalid code 775 type 1 [ 602.080711][ T5814] HID 045e:07da: Invalid code 776 type 1 [ 602.102012][ T5814] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.0018/input/input45 [ 602.194650][ T5814] microsoft 0003:045E:07DA.0018: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0 [ 602.785987][ T2131] usb 6-1: USB disconnect, device number 12 [ 603.820488][ T8] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 604.196402][ T8] usb 5-1: Using ep0 maxpacket: 16 [ 604.228127][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 604.247390][ T8] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 604.270291][ T8] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 604.289202][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 604.308537][ T8] usb 5-1: config 0 descriptor?? [ 605.357836][ T8] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0019/input/input46 [ 605.587855][ T8] microsoft 0003:045E:07DA.0019: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 605.886072][ T8] usb 5-1: USB disconnect, device number 19 [ 608.164790][T12054] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=4015170203 (32121361624 ns) > initial count (30716351936 ns). Using initial count to start timer. [ 608.185039][ T23] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 608.387064][ T23] usb 8-1: Using ep0 maxpacket: 16 [ 608.395452][ T23] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 608.417626][ T23] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 608.437738][ T23] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 608.448136][ T23] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 608.467541][ T23] usb 8-1: config 0 descriptor?? [ 608.881911][ T23] hid_map_usage: 8764 callbacks suppressed [ 608.881931][ T23] HID 045e:07da: Invalid code 65791 type 1 [ 609.689674][ T23] HID 045e:07da: Invalid code 768 type 1 [ 609.695426][ T23] HID 045e:07da: Invalid code 769 type 1 [ 609.701214][ T23] HID 045e:07da: Invalid code 770 type 1 [ 609.706994][ T23] HID 045e:07da: Invalid code 771 type 1 [ 609.712985][ T23] HID 045e:07da: Invalid code 772 type 1 [ 609.718760][ T23] HID 045e:07da: Invalid code 773 type 1 [ 609.724444][ T23] HID 045e:07da: Invalid code 774 type 1 [ 609.730225][ T23] HID 045e:07da: Invalid code 775 type 1 [ 609.738010][ T23] HID 045e:07da: Invalid code 776 type 1 [ 609.754628][ T23] input: HID 045e:07da as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:045E:07DA.001A/input/input47 [ 609.856783][ T23] microsoft 0003:045E:07DA.001A: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.7-1/input0 [ 610.050421][ T23] usb 8-1: USB disconnect, device number 5 [ 613.717146][ T788] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 613.979232][ T788] usb 6-1: Using ep0 maxpacket: 32 [ 614.135892][ T788] usb 6-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 614.352983][ T788] usb 6-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 614.376855][ T788] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 614.419355][ T788] usb 6-1: Product: syz [ 614.423602][ T788] usb 6-1: Manufacturer: syz [ 614.436671][ T788] usb 6-1: SerialNumber: syz [ 614.448790][ T788] usb 6-1: config 0 descriptor?? [ 614.481928][ T788] usb 6-1: bad CDC descriptors [ 614.521377][ T788] usb 6-1: unsupported MDLM descriptors [ 614.738204][ T5819] usb 6-1: USB disconnect, device number 13 [ 619.376146][ T788] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 623.728532][ T788] usb 5-1: Using ep0 maxpacket: 16 [ 623.744856][ T788] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 623.756485][ T788] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 623.771272][ T788] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 623.781041][ T788] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.791187][ T788] usb 5-1: config 0 descriptor?? [ 624.020525][ T788] usbhid 5-1:0.0: can't add hid device: -71 [ 624.044728][ T788] usbhid: probe of 5-1:0.0 failed with error -71 [ 624.080950][ T788] usb 5-1: USB disconnect, device number 20 [ 624.176148][ T8] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 624.387124][ T8] usb 8-1: Using ep0 maxpacket: 32 [ 624.439174][ T8] usb 8-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 624.550249][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.556759][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.631190][ T8] usb 8-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 624.789127][ T8] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 624.839853][ T8] usb 8-1: Product: syz [ 624.844129][ T8] usb 8-1: Manufacturer: syz [ 624.849889][ T8] usb 8-1: SerialNumber: syz [ 624.877445][ T8] usb 8-1: config 0 descriptor?? [ 624.896118][ T8] usb 8-1: bad CDC descriptors [ 624.905336][ T8] usb 8-1: unsupported MDLM descriptors [ 624.911379][ T788] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 625.107905][ T788] usb 5-1: Using ep0 maxpacket: 16 [ 625.137581][ T788] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 625.148627][ T5819] usb 8-1: USB disconnect, device number 6 [ 625.185882][ T788] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 625.212924][ T788] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 625.224917][ T788] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 625.245449][ T788] usb 5-1: config 0 descriptor?? [ 625.609434][T12299] fuse: Bad value for 'fd' [ 625.670163][ T788] hid_map_usage: 4377 callbacks suppressed [ 625.670181][ T788] HID 045e:07da: Invalid code 65791 type 1 [ 625.712599][ T788] HID 045e:07da: Invalid code 768 type 1 [ 625.729867][ T788] HID 045e:07da: Invalid code 769 type 1 [ 625.735589][ T788] HID 045e:07da: Invalid code 770 type 1 [ 625.773287][ T788] HID 045e:07da: Invalid code 771 type 1 [ 625.786324][ T788] HID 045e:07da: Invalid code 772 type 1 [ 625.792053][ T788] HID 045e:07da: Invalid code 773 type 1 [ 625.827656][ T788] HID 045e:07da: Invalid code 774 type 1 [ 625.833368][ T788] HID 045e:07da: Invalid code 775 type 1 [ 625.858009][ T788] HID 045e:07da: Invalid code 776 type 1 [ 625.991187][ T788] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.001B/input/input50 [ 626.569640][ T788] microsoft 0003:045E:07DA.001B: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 626.837638][ T5819] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 626.960231][ T5814] usb 5-1: USB disconnect, device number 21 [ 627.050822][ T5819] usb 6-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 627.066208][ T5819] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 627.084077][ T5819] usb 6-1: Product: syz [ 627.089102][ T5819] usb 6-1: Manufacturer: syz [ 627.093749][ T5819] usb 6-1: SerialNumber: syz [ 627.134866][T12326] fuse: Bad value for 'fd' [ 627.188118][ T5819] usb 6-1: config 0 descriptor?? [ 629.162952][ T5819] peak_usb 6-1:0.0 can0: unable to request usb[type=0 value=1] err=-71 [ 629.331461][ T5819] peak_usb 6-1:0.0: unable to read PCAN-USB FD firmware info (err -71) [ 629.488464][ T5819] peak_usb: probe of 6-1:0.0 failed with error -71 [ 629.518723][ T5819] usb 6-1: USB disconnect, device number 14 [ 629.978605][ T28] audit: type=1326 audit(1781759239.369:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12342 comm="syz.7.1894" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f804e99ce59 code=0x0 [ 631.100102][T12358] fuse: Bad value for 'fd' [ 632.209222][T12366] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 632.760279][T12376] loop4: detected capacity change from 0 to 256 [ 632.781921][T12376] FAT-fs (loop4): "posix" option is obsolete, not supported now [ 633.958452][T12395] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1909'. [ 634.008627][T12395] tipc: Started in network mode [ 634.013571][T12395] tipc: Node identity 5f3a00005f0700000000000000000001, cluster identity 4711 [ 634.075663][T12395] tipc: Enabling of bearer rejected, failed to enable media [ 634.361838][T12402] loop7: detected capacity change from 0 to 256 [ 634.379816][T12402] FAT-fs (loop7): Unrecognized mount option "shortname=wią95" or missing value [ 634.610868][T12402] loop7: detected capacity change from 0 to 2048 [ 634.699793][T12402] loop7: p1 p3 p4 [ 634.699793][T12402] p1: [ 634.726943][T12402] loop7: p4 size 589824 extends beyond EOD, truncated [ 635.076521][T12402] loop7: detected capacity change from 0 to 512 [ 635.087315][T12402] EXT4-fs: Ignoring removed i_version option [ 635.093422][T12402] EXT4-fs: Ignoring removed bh option [ 635.195865][T12402] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 635.213209][T12402] ext4 filesystem being mounted at /163/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 636.614046][T12403] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 637.081112][T10021] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 637.374777][ T9707] udevd[9707]: inotify_add_watch(7, /dev/loop7p3, 10) failed: No such file or directory [ 637.394004][ T9766] udevd[9766]: inotify_add_watch(7, /dev/loop7p1, 10) failed: No such file or directory [ 637.437650][T10005] udevd[10005]: inotify_add_watch(7, /dev/loop7p4, 10) failed: No such file or directory [ 637.970752][T12437] loop4: detected capacity change from 0 to 512 [ 638.103638][T12437] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 638.292636][T12437] ext4 filesystem being mounted at /147/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 639.515103][ T8] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 639.579697][T12453] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1926'. [ 639.845473][ T8] usb 8-1: Using ep0 maxpacket: 16 [ 640.009779][ T9954] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 640.030491][ T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 640.053034][ T8] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 640.080289][ T8] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 640.096338][ T8] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 640.166817][ T8] usb 8-1: config 0 descriptor?? [ 640.589988][ T8] hid_map_usage: 4377 callbacks suppressed [ 640.590006][ T8] HID 045e:07da: Invalid code 65791 type 1 [ 640.615803][ T8] HID 045e:07da: Invalid code 768 type 1 [ 640.622032][ T8] HID 045e:07da: Invalid code 769 type 1 [ 640.634395][ T8] HID 045e:07da: Invalid code 770 type 1 [ 640.640852][ T8] HID 045e:07da: Invalid code 771 type 1 [ 640.652159][ T8] HID 045e:07da: Invalid code 772 type 1 [ 640.659651][ T8] HID 045e:07da: Invalid code 773 type 1 [ 640.680749][ T8] HID 045e:07da: Invalid code 774 type 1 [ 640.701715][ T8] HID 045e:07da: Invalid code 775 type 1 [ 640.716350][ T8] HID 045e:07da: Invalid code 776 type 1 [ 640.745610][ T8] input: HID 045e:07da as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:045E:07DA.001C/input/input51 [ 640.845136][ T5819] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 640.871953][T12478] ================================================================== [ 640.880162][T12478] BUG: KASAN: slab-use-after-free in dvb_device_open+0xca/0x370 [ 640.887986][T12478] Read of size 8 at addr ffff88814165b618 by task syz.5.1941/12478 [ 640.895957][T12478] [ 640.898321][T12478] CPU: 0 PID: 12478 Comm: syz.5.1941 Not tainted syzkaller #0 [ 640.905883][T12478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 640.915975][T12478] Call Trace: [ 640.919285][T12478] [ 640.922246][T12478] dump_stack_lvl+0x18c/0x250 [ 640.926973][T12478] ? __lock_acquire+0x7d40/0x7d40 [ 640.932039][T12478] ? show_regs_print_info+0x20/0x20 [ 640.937274][T12478] ? load_image+0x420/0x420 [ 640.941810][T12478] ? _raw_spin_lock_irqsave+0xc0/0x100 [ 640.947318][T12478] ? __virt_addr_valid+0x18c/0x540 [ 640.952470][T12478] ? __virt_addr_valid+0x469/0x540 [ 640.957617][T12478] print_report+0xa8/0x210 [ 640.962067][T12478] ? dvb_device_open+0xca/0x370 [ 640.966958][T12478] kasan_report+0x117/0x150 [ 640.971533][T12478] ? chrdev_open+0x3e3/0x6a0 [ 640.976165][T12478] ? dvb_device_open+0xca/0x370 [ 640.981058][T12478] dvb_device_open+0xca/0x370 [ 640.985775][T12478] ? do_raw_spin_unlock+0x121/0x230 [ 640.991017][T12478] chrdev_open+0x5cc/0x6a0 [ 640.995468][T12478] ? cd_forget+0x160/0x160 [ 640.999917][T12478] ? fsnotify_perm+0x3ed/0x5e0 [ 641.004754][T12478] ? cd_forget+0x160/0x160 [ 641.009207][T12478] do_dentry_open+0x8c6/0x1500 [ 641.014019][T12478] path_openat+0x27f1/0x3230 [ 641.018734][T12478] ? trace_irq_disable+0x37/0xe0 [ 641.023719][T12478] ? do_sys_openat2+0xda/0x1d0 [ 641.028615][T12478] ? verify_lock_unused+0x140/0x140 [ 641.033856][T12478] ? do_filp_open+0x430/0x430 [ 641.038567][T12478] ? __virt_addr_valid+0x18c/0x540 [ 641.043727][T12478] do_filp_open+0x1f5/0x430 [ 641.048265][T12478] ? vfs_tmpfile+0x490/0x490 [ 641.052911][T12478] ? _raw_spin_unlock+0x28/0x40 [ 641.057802][T12478] ? alloc_fd+0x58f/0x630 [ 641.062285][T12478] do_sys_openat2+0x134/0x1d0 [ 641.067006][T12478] ? do_sys_open+0xe0/0xe0 [ 641.071464][T12478] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 641.077570][T12478] ? lock_chain_count+0x20/0x20 [ 641.082468][T12478] __x64_sys_openat+0x139/0x160 [ 641.087370][T12478] do_syscall_64+0x55/0xb0 [ 641.091835][T12478] ? clear_bhb_loop+0x40/0x90 [ 641.096563][T12478] ? clear_bhb_loop+0x40/0x90 [ 641.101356][T12478] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 641.107357][T12478] RIP: 0033:0x7f6e0555d68e [ 641.111821][T12478] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 641.131689][T12478] RSP: 002b:00007f6e063ffb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 641.140183][T12478] RAX: ffffffffffffffda RBX: 00007f6e064006c0 RCX: 00007f6e0555d68e [ 641.148190][T12478] RDX: 0000000000000002 RSI: 00007f6e063ffc00 RDI: ffffffffffffff9c [ 641.156197][T12478] RBP: 00007f6e063ffc00 R08: 0000000000000000 R09: 0000000000000000 [ 641.164196][T12478] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd [ 641.172200][T12478] R13: 00007f6e05816128 R14: 00007f6e05816090 R15: 00007ffef57eed48 [ 641.180215][T12478] [ 641.183260][T12478] [ 641.185606][T12478] Allocated by task 1: [ 641.189754][T12478] kasan_set_track+0x4e/0x70 [ 641.194378][T12478] __kasan_kmalloc+0x8f/0xa0 [ 641.199106][T12478] dvb_register_device+0x2fd/0x2210 [ 641.204339][T12478] dvb_register_frontend+0x649/0x930 [ 641.209653][T12478] vidtv_bridge_probe+0x9ab/0xf80 [ 641.214771][T12478] platform_probe+0x13b/0x1c0 [ 641.219490][T12478] really_probe+0x25b/0xb20 [ 641.224026][T12478] __driver_probe_device+0x1ef/0x390 [ 641.229347][T12478] driver_probe_device+0x4f/0x420 [ 641.234410][T12478] __driver_attach+0x451/0x6e0 [ 641.239290][T12478] bus_for_each_dev+0x235/0x2b0 [ 641.244171][T12478] bus_add_driver+0x340/0x630 [ 641.248879][T12478] driver_register+0x23a/0x310 [ 641.253764][T12478] vidtv_bridge_init+0x3d/0x70 [ 641.258723][T12478] do_one_initcall+0x242/0x790 [ 641.263539][T12478] do_initcall_level+0x137/0x1f0 [ 641.268573][T12478] do_initcalls+0x69/0xd0 [ 641.272956][T12478] kernel_init_freeable+0x3ed/0x580 [ 641.278286][T12478] kernel_init+0x1d/0x1c0 [ 641.282657][T12478] ret_from_fork+0x48/0x80 [ 641.287110][T12478] ret_from_fork_asm+0x11/0x20 [ 641.291909][T12478] [ 641.294255][T12478] Freed by task 12403: [ 641.298399][T12478] kasan_set_track+0x4e/0x70 [ 641.303026][T12478] kasan_save_free_info+0x2e/0x50 [ 641.308090][T12478] ____kasan_slab_free+0x126/0x1e0 [ 641.313236][T12478] slab_free_freelist_hook+0x130/0x1a0 [ 641.318904][T12478] __kmem_cache_free+0xba/0x1e0 [ 641.323796][T12478] dvb_device_open+0x2ee/0x370 [ 641.328597][T12478] chrdev_open+0x5cc/0x6a0 [ 641.333041][T12478] do_dentry_open+0x8c6/0x1500 [ 641.337834][T12478] path_openat+0x27f1/0x3230 [ 641.342448][T12478] do_filp_open+0x1f5/0x430 [ 641.346976][T12478] do_sys_openat2+0x134/0x1d0 [ 641.351684][T12478] __x64_sys_openat+0x139/0x160 [ 641.356568][T12478] do_syscall_64+0x55/0xb0 [ 641.361019][T12478] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 641.366946][T12478] [ 641.369298][T12478] The buggy address belongs to the object at ffff88814165b600 [ 641.369298][T12478] which belongs to the cache kmalloc-256 of size 256 [ 641.383441][T12478] The buggy address is located 24 bytes inside of [ 641.383441][T12478] freed 256-byte region [ffff88814165b600, ffff88814165b700) [ 641.397351][T12478] [ 641.399699][T12478] The buggy address belongs to the physical page: [ 641.406167][T12478] page:ffffea0005059680 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14165a [ 641.416440][T12478] head:ffffea0005059680 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 641.425401][T12478] flags: 0x57ff00000000840(slab|head|node=1|zone=2|lastcpupid=0x7ff) [ 641.433488][T12478] page_type: 0xffffffff() [ 641.437841][T12478] raw: 057ff00000000840 ffff888017c41b40 dead000000000122 0000000000000000 [ 641.446453][T12478] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 641.455065][T12478] page dumped because: kasan: bad access detected [ 641.461496][T12478] page_owner tracks the page as allocated [ 641.467232][T12478] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 15650095221, free_ts 0 [ 641.486985][T12478] post_alloc_hook+0x1c1/0x200 [ 641.491828][T12478] get_page_from_freelist+0x1951/0x19e0 [ 641.497409][T12478] __alloc_pages+0x1f0/0x460 [ 641.502024][T12478] alloc_page_interleave+0x24/0x1e0 [ 641.507260][T12478] alloc_slab_page+0x5d/0x160 [ 641.511990][T12478] new_slab+0x87/0x2d0 [ 641.516094][T12478] ___slab_alloc+0xc5d/0x12f0 [ 641.520810][T12478] __kmem_cache_alloc_node+0x19e/0x250 [ 641.526312][T12478] kmalloc_trace+0x2a/0xe0 [ 641.530765][T12478] bus_add_driver+0x162/0x630 [ 641.535487][T12478] driver_register+0x23a/0x310 [ 641.540296][T12478] usb_register_driver+0x206/0x3d0 [ 641.545568][T12478] do_one_initcall+0x242/0x790 [ 641.550366][T12478] do_initcall_level+0x137/0x1f0 [ 641.555358][T12478] do_initcalls+0x69/0xd0 [ 641.559730][T12478] kernel_init_freeable+0x3ed/0x580 [ 641.564994][T12478] page_owner free stack trace missing [ 641.570384][T12478] [ 641.572733][T12478] Memory state around the buggy address: [ 641.578437][T12478] ffff88814165b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 641.586523][T12478] ffff88814165b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 641.594613][T12478] >ffff88814165b600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 641.602707][T12478] ^ [ 641.607840][T12478] ffff88814165b680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 641.615933][T12478] ffff88814165b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 641.624017][T12478] ================================================================== [ 641.673542][T12478] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 641.680816][T12478] CPU: 0 PID: 12478 Comm: syz.5.1941 Not tainted syzkaller #0 [ 641.688309][T12478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 641.698404][T12478] Call Trace: [ 641.701715][T12478] [ 641.704682][T12478] dump_stack_lvl+0x18c/0x250 [ 641.709415][T12478] ? show_regs_print_info+0x20/0x20 [ 641.714646][T12478] ? load_image+0x420/0x420 [ 641.719194][T12478] panic+0x2dc/0x730 [ 641.723167][T12478] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 641.729373][T12478] ? bpf_jit_dump+0xd0/0xd0 [ 641.733920][T12478] ? _raw_spin_unlock_irqrestore+0x111/0x120 [ 641.740114][T12478] ? _raw_spin_unlock+0x40/0x40 [ 641.745097][T12478] ? dvb_device_open+0xca/0x370 [ 641.749988][T12478] check_panic_on_warn+0x84/0xa0 [ 641.755034][T12478] ? dvb_device_open+0xca/0x370 [ 641.759950][T12478] end_report+0x6f/0x130 [ 641.764244][T12478] kasan_report+0x128/0x150 [ 641.768817][T12478] ? chrdev_open+0x3e3/0x6a0 [ 641.773462][T12478] ? dvb_device_open+0xca/0x370 [ 641.778386][T12478] dvb_device_open+0xca/0x370 [ 641.783118][T12478] ? do_raw_spin_unlock+0x121/0x230 [ 641.788369][T12478] chrdev_open+0x5cc/0x6a0 [ 641.792915][T12478] ? cd_forget+0x160/0x160 [ 641.797366][T12478] ? fsnotify_perm+0x3ed/0x5e0 [ 641.802160][T12478] ? cd_forget+0x160/0x160 [ 641.806618][T12478] do_dentry_open+0x8c6/0x1500 [ 641.811429][T12478] path_openat+0x27f1/0x3230 [ 641.816056][T12478] ? trace_irq_disable+0x37/0xe0 [ 641.821061][T12478] ? do_sys_openat2+0xda/0x1d0 [ 641.825861][T12478] ? verify_lock_unused+0x140/0x140 [ 641.831109][T12478] ? do_filp_open+0x430/0x430 [ 641.835826][T12478] ? __virt_addr_valid+0x18c/0x540 [ 641.840979][T12478] do_filp_open+0x1f5/0x430 [ 641.845514][T12478] ? vfs_tmpfile+0x490/0x490 [ 641.850154][T12478] ? _raw_spin_unlock+0x28/0x40 [ 641.855045][T12478] ? alloc_fd+0x58f/0x630 [ 641.859430][T12478] do_sys_openat2+0x134/0x1d0 [ 641.864145][T12478] ? do_sys_open+0xe0/0xe0 [ 641.868597][T12478] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 641.874634][T12478] ? lock_chain_count+0x20/0x20 [ 641.879516][T12478] __x64_sys_openat+0x139/0x160 [ 641.884408][T12478] do_syscall_64+0x55/0xb0 [ 641.888889][T12478] ? clear_bhb_loop+0x40/0x90 [ 641.893592][T12478] ? clear_bhb_loop+0x40/0x90 [ 641.898399][T12478] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 641.904391][T12478] RIP: 0033:0x7f6e0555d68e [ 641.908854][T12478] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 641.928498][T12478] RSP: 002b:00007f6e063ffb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 641.936947][T12478] RAX: ffffffffffffffda RBX: 00007f6e064006c0 RCX: 00007f6e0555d68e [ 641.944943][T12478] RDX: 0000000000000002 RSI: 00007f6e063ffc00 RDI: ffffffffffffff9c [ 641.952944][T12478] RBP: 00007f6e063ffc00 R08: 0000000000000000 R09: 0000000000000000 [ 641.960940][T12478] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd [ 641.968937][T12478] R13: 00007f6e05816128 R14: 00007f6e05816090 R15: 00007ffef57eed48 [ 641.976949][T12478] [ 641.980275][T12478] Kernel Offset: disabled [ 641.984648][T12478] Rebooting in 86400 seconds..