last executing test programs: 2m56.416994091s ago: executing program 0 (id=72): r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$PPPIOCSMRU(r0, 0x40047452, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3e, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() poll(0x0, 0x0, 0xa) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4, 0x0, 0x7}, 0x18) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x6) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r5, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r6}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r5, 0xc01064ab, &(0x7f0000000380)={0x1, r7, r6}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r5, 0xc01064ab, &(0x7f0000000080)={0x0, r7, r6}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000800000000500000a40000000060a8bae00000000000000000a0000010900010073797a31000000001400048010000180090001006d617371000000000900020073797a320000000014000000110001"], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) socket$inet6_tcp(0xa, 0x1, 0x0) 2m53.533181951s ago: executing program 0 (id=73): bind$netlink(0xffffffffffffffff, 0x0, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000500), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ADD(r1, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000000600)=ANY=[@ANYRES16=r2, @ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x4000010) r3 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff) r4 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount$fuse(0x0, 0x0, &(0x7f00000020c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) close_range(r0, 0xffffffffffffffff, 0x0) chown(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) r5 = socket(0x8000000010, 0x2, 0x0) write(r5, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000015481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc) 2m52.764256604s ago: executing program 0 (id=76): socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001000)={'team_slave_1\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000001040)={@mcast1, @mcast1, @loopback, 0x0, 0x2, 0x0, 0x100, 0x2, 0x100092, r1}) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f00000000c0)) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r2, 0x40000000af01, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r3, &(0x7f0000000680)={&(0x7f0000000140)={0x2, 0x4623, @private=0xa010101}, 0x10, &(0x7f0000000940)=[{&(0x7f0000000580)="3688", 0x2}], 0x1}, 0x0) r4 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d0002847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 2m50.97759801s ago: executing program 0 (id=77): socket$inet_udp(0x2, 0x2, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) sched_setscheduler(0x0, 0x2, 0x0) r5 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r5, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x40, 0x0, 0xfffffd8b) 2m49.373279927s ago: executing program 0 (id=79): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x847ba, 0x0, 0xe, 0x0, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001}) ppoll(&(0x7f0000000200)=[{r3, 0x1}], 0x1, 0x0, 0x0, 0x3) memfd_create(&(0x7f0000000480)='[\v\xdbX\xae[5\xa9\x90\xffc\x1f\x1a\xa9\xfd\xfa\xad\xd1md\xe7\xe2\x7f\x9b\xd5R\x10\xf3\xb6\xffT\xbf\xd1\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\x9fc\xda\xa9\x83r\xd8\x98\x00\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9', 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) syz_open_dev$sg(0x0, 0x5e, 0x80000) 2m41.998304689s ago: executing program 0 (id=87): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x847ba, 0x0, 0xe, 0x0, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001}) ppoll(&(0x7f0000000200)=[{r3, 0x1}], 0x1, 0x0, 0x0, 0x3) memfd_create(&(0x7f0000000480)='[\v\xdbX\xae[5\xa9\x90\xffc\x1f\x1a\xa9\xfd\xfa\xad\xd1md\xe7\xe2\x7f\x9b\xd5R\x10\xf3\xb6\xffT\xbf\xd1\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\x9fc\xda\xa9\x83r\xd8\x98\x00\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9', 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) syz_open_dev$sg(0x0, 0x5e, 0x80000) 2m23.681820174s ago: executing program 32 (id=87): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x847ba, 0x0, 0xe, 0x0, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001}) ppoll(&(0x7f0000000200)=[{r3, 0x1}], 0x1, 0x0, 0x0, 0x3) memfd_create(&(0x7f0000000480)='[\v\xdbX\xae[5\xa9\x90\xffc\x1f\x1a\xa9\xfd\xfa\xad\xd1md\xe7\xe2\x7f\x9b\xd5R\x10\xf3\xb6\xffT\xbf\xd1\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\x9fc\xda\xa9\x83r\xd8\x98\x00\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9', 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) syz_open_dev$sg(0x0, 0x5e, 0x80000) 1m30.445242634s ago: executing program 2 (id=169): timer_create(0x4, &(0x7f00000000c0)={0x0, 0x24, 0x2, @thr={&(0x7f00000002c0)="05ab9b4fc875d81ffff240a4626af6e6f762d38d51de50c67bc4eb0c2db0d45451f965f1545bd276be9e16f633a1bec3401e8b45b7de008b6625f09570c60c7496050918df4daaedde31fd76422cec", &(0x7f00000003c0)}}, &(0x7f0000000080)) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) mprotect(&(0x7f0000047000/0x4000)=nil, 0x4000, 0x3000004) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x721, 0x0, 0x0, 0x7fff0000}]}) mkdir(&(0x7f0000000140)='./control\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xd, &(0x7f00000002c0)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x200}, 0x1c) listen(0xffffffffffffffff, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) unshare(0x2040400) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000001c0)) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r1, @ANYBLOB="010000000000fbdbdf250100000008000200000000000500050000000000080003000100000048000180050002002000000006000100020000000800060003000000080003"], 0x84}}, 0x20000000) 1m28.306280346s ago: executing program 2 (id=173): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6(0x10, 0x2, 0x4) 1m25.659169509s ago: executing program 2 (id=175): socket$inet_udp(0x2, 0x2, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r4, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x40, 0x0, 0xfffffd8b) 1m20.281856601s ago: executing program 2 (id=180): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) msgget(0x2, 0x340) r3 = socket$phonet(0x23, 0x2, 0x1) ioctl$SIOCPNDELRESOURCE(r3, 0x89ef, &(0x7f00000000c0)=0xfffffffd) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0) sched_getattr(0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@subsystem='cpuacct'}, {@xattr}]}) mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x40078, &(0x7f0000000000)) syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040), &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$HCIINQUIRY(r4, 0x400448ca, 0x0) ioctl$sock_bt_hci(r4, 0x400448c9, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) 1m17.463950387s ago: executing program 2 (id=183): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x847ba, 0x0, 0xe, 0x0, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001}) ppoll(&(0x7f0000000200)=[{r3, 0x1}], 0x1, 0x0, 0x0, 0x3) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, 0x0) 1m6.838827765s ago: executing program 2 (id=190): lstat(0xfffffffffffffffe, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0xa, 0x2, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x33e, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mmap(&(0x7f00000fe000/0xd000)=nil, 0xd000, 0x1000005, 0xd2952, 0xffffffffffffffff, 0xc996000) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f0000002840)={0x0, 0x0, &(0x7f0000002800)={&(0x7f0000000000)=ANY=[@ANYBLOB="24000800000b030000000000000000000a00000f08000240000000020800024000000005"], 0x24}, 0x1, 0x0, 0x0, 0x24040045}, 0x4004010) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) fsopen(&(0x7f0000000180)='ubifs\x00', 0x1) 50.838615277s ago: executing program 33 (id=190): lstat(0xfffffffffffffffe, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0xa, 0x2, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x33e, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mmap(&(0x7f00000fe000/0xd000)=nil, 0xd000, 0x1000005, 0xd2952, 0xffffffffffffffff, 0xc996000) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f0000002840)={0x0, 0x0, &(0x7f0000002800)={&(0x7f0000000000)=ANY=[@ANYBLOB="24000800000b030000000000000000000a00000f08000240000000020800024000000005"], 0x24}, 0x1, 0x0, 0x0, 0x24040045}, 0x4004010) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) fsopen(&(0x7f0000000180)='ubifs\x00', 0x1) 22.955963533s ago: executing program 3 (id=232): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, 0x0, 0x6040) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) io_uring_setup(0x1148, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) syz_open_procfs(0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) timerfd_create(0x7, 0x80000) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, 0x0, 0x0) sendmmsg(r2, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}}], 0x3e8, 0x0) 19.504280671s ago: executing program 1 (id=235): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_procfs(0x0, 0x0) r3 = syz_clone(0x40010000, 0x0, 0x4f, 0x0, 0x0, 0x0) ptrace(0x10, r3) r4 = syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x0) r5 = inotify_init() inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x400017e) r6 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_FREE_STREAMS(r6, 0x8008551d, &(0x7f0000000140)=ANY=[@ANYBLOB="7851160007"]) r7 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x141842, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r4, 0xc05c6104, &(0x7f0000004180)={"2370491d", 0x0, 0x5, 0x2, 0x8, 0x5, "000064640000001503fe00", "037ec42b", '\x00', "64bdac32", ["e8668c391f77c50600", "3549ffffffffffffff010800", "2fc7977386a7a0236a9cc1f0", "cf6cce2296b3f853e224c4e0"]}) futimesat(r7, &(0x7f0000000240)='./file1/file0\x00', &(0x7f0000000300)) r8 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r8, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4) openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x42, 0x0) keyctl$join(0x1, 0x0) 18.778186123s ago: executing program 3 (id=236): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) pipe(&(0x7f00000000c0)) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0) getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, &(0x7f0000001040)=0x5d) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000200), 0x101143, 0x0) ioctl$IOCTL_GET_NUM_DEVICES(r3, 0x40046104, &(0x7f0000000240)) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f00000002c0)='cdg\x00', 0x4) r4 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000bc0)={0x4c, 0x12, 0x301, 0x0, 0x25dfdbfd, {0x0, 0x6, 0x0, 0x0, {0x4e23, 0x4e23, [0x0, 0x0, 0x81], [0x1, 0xfffffffd, 0x10000], 0x0, [0x0, 0x7fff]}, 0x7}}, 0x4c}, 0x1, 0x0, 0x0, 0x20044190}, 0x20040000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b) inotify_init1(0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)=0xffff0018) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 18.498762213s ago: executing program 1 (id=237): r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$PPPIOCSMRU(r0, 0x40047452, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3e, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() poll(0x0, 0x0, 0xa) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4007fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x6) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r5, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r6}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r5, 0xc01064ab, &(0x7f0000000380)={0x1, r7, r6}) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000800000000500000a40000000060a8bae00000000000000000a0000010900010073797a31000000001400048010000180090001006d617371000000000900020073797a320000000014000000110001"], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) 16.676719598s ago: executing program 1 (id=238): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) syz_open_procfs(0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000040)={0x18, 0x0, {0x1, @empty, 'ip6gre0\x00'}}, 0x1e) sendmmsg(r2, &(0x7f0000002340), 0x0, 0x0) 13.5961644s ago: executing program 4 (id=240): socket$can_j1939(0x1d, 0x2, 0x7) syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) openat$audio(0xffffff9c, 0x0, 0x402, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) rmdir(0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 11.857767123s ago: executing program 1 (id=241): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x847ba, 0x0, 0xe, 0x0, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001}) ppoll(&(0x7f0000000200)=[{r3, 0x1}], 0x1, 0x0, 0x0, 0x3) memfd_create(&(0x7f0000000480)='[\v\xdbX\xae[5\xa9\x90\xffc\x1f\x1a\xa9\xfd\xfa\xad\xd1md\xe7\xe2\x7f\x9b\xd5R\x10\xf3\xb6\xffT\xbf\xd1\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\x9fc\xda\xa9\x83r\xd8\x98\x00\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9', 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, 0x0) 11.697270073s ago: executing program 3 (id=242): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x847ba, 0x0, 0xe, 0x0, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001}) memfd_create(&(0x7f0000000480)='[\v\xdbX\xae[5\xa9\x90\xffc\x1f\x1a\xa9\xfd\xfa\xad\xd1md\xe7\xe2\x7f\x9b\xd5R\x10\xf3\xb6\xffT\xbf\xd1\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\x9fc\xda\xa9\x83r\xd8\x98\x00\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9', 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) r4 = syz_open_dev$sg(0x0, 0x5e, 0x80000) ioctl$SG_GET_SG_TABLESIZE(r4, 0x227f, 0x0) 9.847011964s ago: executing program 4 (id=243): sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_RMID(r1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200009b1aecb60000000000000000850000007500000095"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f0000000580)=ANY=[@ANYRES8=r3, @ANYBLOB="f720df0646db9413d11f78c36b5abe1014f95d351165ee", @ANYRES64, @ANYRESOCT, @ANYRES64=r3, @ANYRESHEX, @ANYRESHEX=r2, @ANYRES64=r0], &(0x7f0000000340)='syzkaller\x00', 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r8 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x20400, 0x0) ioctl$COMEDI_DEVCONFIG(r8, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r8, 0x40946400, &(0x7f0000000600)={'pcl812\x00', [0x83fb, 0x789b1c25, 0x29, 0x4, 0x5, 0xcc7, 0x408, 0x8d, 0x8, 0x0, 0x2, 0x1, 0xffffffff, 0x1, 0x6, 0x81, 0x6, 0x1a449, 0x3, 0x40000003, 0x89, 0x3, 0x0, 0x20001e5c, 0xb, 0xffc00004, 0x3c, 0x8, 0x100006, 0xf7fffff7, 0xfffffff8]}) 8.198479694s ago: executing program 4 (id=244): ioctl$PPPIOCSMRU(0xffffffffffffffff, 0x40047452, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3e, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() poll(0x0, 0x0, 0xa) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4007fff}, 0x94) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x6) r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r3, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r4}) 6.928762125s ago: executing program 4 (id=245): lstat(0xfffffffffffffffe, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0xa, 0x2, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x33e, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mmap(&(0x7f00000fe000/0xd000)=nil, 0xd000, 0x1000005, 0xd2952, 0xffffffffffffffff, 0xc996000) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_COMPAT_GET(r2, &(0x7f0000002840)={0x0, 0x0, &(0x7f0000002800)={&(0x7f0000000000)=ANY=[@ANYBLOB="24000800000b030000000000000000000a00000f08000240000000020800024000000005"], 0x24}, 0x1, 0x0, 0x0, 0x24040045}, 0x4004010) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) fsopen(&(0x7f0000000180)='ubifs\x00', 0x1) 6.242335179s ago: executing program 1 (id=246): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0) getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, &(0x7f0000001040)=0x5d) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000200), 0x101143, 0x0) ioctl$IOCTL_GET_NUM_DEVICES(r4, 0x40046104, &(0x7f0000000240)) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000002c0)='cdg\x00', 0x4) r5 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000bc0)={0x4c, 0x12, 0x301, 0x0, 0x25dfdbfd, {0x0, 0x6, 0x0, 0x0, {0x4e23, 0x4e23, [0x0, 0x0, 0x81], [0x1, 0xfffffffd, 0x10000], 0x0, [0x0, 0x7fff]}, 0x7}}, 0x4c}, 0x1, 0x0, 0x0, 0x20044190}, 0x20040000) r6 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b) r7 = inotify_init1(0x0) inotify_add_watch(r7, &(0x7f0000000180)='./control\x00', 0xa4000960) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)=0xffff0018) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="480000000206050000000000000000d0e75af08e19cf74a040a4dd57a08f0000000005000300070095b7090100010000000000000000040007800c000300686173683ae970000500"], 0x48}, 0x1, 0x0, 0x0, 0x4004000}, 0x40080) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19) sched_setattr(r6, &(0x7f00000001c0)={0x38, 0x3, 0xc, 0x101, 0x6, 0x7, 0x6b4, 0x510000000, 0x6, 0x40}, 0x0) setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0xffe, 0x0, 0x0) 5.941545002s ago: executing program 3 (id=247): socket$can_j1939(0x1d, 0x2, 0x7) syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) openat$audio(0xffffff9c, 0x0, 0x402, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) rmdir(0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 3.918483258s ago: executing program 3 (id=248): bind$netlink(0xffffffffffffffff, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000500), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000000600)=ANY=[@ANYRES16=r1, @ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x4000010) r2 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r2, 0x42, 0x1ff) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = socket(0x8000000010, 0x2, 0x0) write(r3, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000015481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc) 2.345813528s ago: executing program 1 (id=249): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x847ba, 0x0, 0xe, 0x0, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001}) ppoll(&(0x7f0000000200)=[{r3, 0x1}], 0x1, 0x0, 0x0, 0x3) memfd_create(&(0x7f0000000480)='[\v\xdbX\xae[5\xa9\x90\xffc\x1f\x1a\xa9\xfd\xfa\xad\xd1md\xe7\xe2\x7f\x9b\xd5R\x10\xf3\xb6\xffT\xbf\xd1\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\x9fc\xda\xa9\x83r\xd8\x98\x00\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9', 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, 0x0) 2.011087604s ago: executing program 3 (id=250): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) syz_open_procfs(0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000040)={0x18, 0x0, {0x1, @empty, 'ip6gre0\x00'}}, 0x1e) sendmmsg(r2, &(0x7f0000002340), 0x0, 0x0) 1.818024772s ago: executing program 4 (id=251): socket$pppl2tp(0x18, 0x1, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3e, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() poll(0x0, 0x0, 0xa) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4007fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3, 0x0, 0x7}, 0x18) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x6) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) socket(0x10, 0x3, 0x9) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r5, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r6}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r5, 0xc01064ab, &(0x7f0000000380)={0x1, r7, r6}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r5, 0xc01064ab, &(0x7f0000000080)={0x0, r7, r6}) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000500)=ANY=[@ANYBLOB="1907000000000000030000000000000003000000f8ffffff09000000000000000a00000000000000807900000000000009000000000000000000000000000000000000000000000004200000000000000000000000000000ff0700000000000007000000000000000b00000000000000000000000000000000000000000000000b0600000000000000000000000000008300000000000000325e0a00000000000f0000000000000000000093f900000000000000000000000a00000000000000000000000000000085000000000000000400000000000000000000000000000000000000000000008c3100000000000000000000000000001000000020000000010000000000000006000000000000000000f3ff000000000000000000000000001800000000000000000000000000000900000000000000000000000000000007000000000000000000000000000000000000000000f10002000000000000000000000000000000010001000000000001000000000000000200000000000000000000000000000000000000000000008001000000000000000000000000000007000000000000000080000000000000ffffffffffffffff0000000000000000000000000000000080000000000000000000000000000000ffff00000000000080000000000000000b0000000000000000000000000000000000000000000000800800"/528]) 0s ago: executing program 4 (id=252): r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$PPPIOCSMRU(r0, 0x40047452, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3e, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() poll(0x0, 0x0, 0xa) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4007fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4, 0x0, 0x7}, 0x18) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x6) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r5, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r6}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r5, 0xc01064ab, &(0x7f0000000380)={0x1, r7, r6}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r5, 0xc01064ab, &(0x7f0000000080)={0x0, r7, r6}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000800000000500000a40000000060a8bae00000000000000000a0000010900010073797a31000000001400048010000180090001006d617371000000000900020073797a320000000014000000110001"], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) socket$inet6_tcp(0xa, 0x1, 0x0) kernel console output (not intermixed with test programs): [ 92.253508][ T9] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.17' (ED25519) to the list of known hosts. [ 99.530583][ T5830] cgroup: Unknown subsys name 'net' [ 99.844911][ T5830] cgroup: Unknown subsys name 'cpuset' [ 99.909233][ T5830] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 102.065437][ T5830] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 106.378067][ T5849] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 106.391594][ T5849] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 106.392556][ T5849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 106.394139][ T5849] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 106.395409][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 106.420056][ T5853] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 106.423250][ T5853] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 106.426026][ T5853] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 106.430684][ T5853] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 106.431695][ T5853] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 106.466390][ T5853] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 106.471431][ T5853] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 106.500322][ T5853] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 106.529754][ T5849] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 106.539186][ T59] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 106.560012][ T5158] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 106.562057][ T5158] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 106.562886][ T5158] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 106.564213][ T5158] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 106.565083][ T5158] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 106.785747][ T5158] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 106.790277][ T5158] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 106.791371][ T5158] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 106.792891][ T5158] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 106.793850][ T5158] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 107.670626][ T5856] chnl_net:caif_netlink_parms(): no params data found [ 107.761019][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 107.798208][ T5850] chnl_net:caif_netlink_parms(): no params data found [ 107.941803][ T5854] chnl_net:caif_netlink_parms(): no params data found [ 108.497886][ T5862] chnl_net:caif_netlink_parms(): no params data found [ 108.570588][ T5158] Bluetooth: hci1: command tx timeout [ 108.578821][ T5158] Bluetooth: hci0: command tx timeout [ 108.648757][ T5849] Bluetooth: hci3: command tx timeout [ 108.649129][ T5158] Bluetooth: hci2: command tx timeout [ 108.687758][ T5856] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.698782][ T5856] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.699770][ T5856] bridge_slave_0: entered allmulticast mode [ 108.703698][ T5856] bridge_slave_0: entered promiscuous mode [ 108.808976][ T5158] Bluetooth: hci4: command tx timeout [ 108.897680][ T5856] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.897802][ T5856] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.897981][ T5856] bridge_slave_1: entered allmulticast mode [ 108.902117][ T5856] bridge_slave_1: entered promiscuous mode [ 109.080355][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.080504][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.080719][ T5847] bridge_slave_0: entered allmulticast mode [ 109.083731][ T5847] bridge_slave_0: entered promiscuous mode [ 109.269609][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.269735][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.269883][ T5850] bridge_slave_0: entered allmulticast mode [ 109.271913][ T5850] bridge_slave_0: entered promiscuous mode [ 109.354176][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.354350][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.354571][ T5847] bridge_slave_1: entered allmulticast mode [ 109.357722][ T5847] bridge_slave_1: entered promiscuous mode [ 109.461435][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.461611][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.461844][ T5850] bridge_slave_1: entered allmulticast mode [ 109.465341][ T5850] bridge_slave_1: entered promiscuous mode [ 109.467127][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.467275][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.467469][ T5854] bridge_slave_0: entered allmulticast mode [ 109.478327][ T5854] bridge_slave_0: entered promiscuous mode [ 109.593499][ T5856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.670850][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.671007][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.671202][ T5854] bridge_slave_1: entered allmulticast mode [ 109.674614][ T5854] bridge_slave_1: entered promiscuous mode [ 109.783643][ T5856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 109.995188][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 110.193371][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 110.303271][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 110.425842][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 110.440152][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 110.510113][ T5862] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.510335][ T5862] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.510545][ T5862] bridge_slave_0: entered allmulticast mode [ 110.512867][ T5862] bridge_slave_0: entered promiscuous mode [ 110.518197][ T5856] team0: Port device team_slave_0 added [ 110.597531][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 110.648740][ T5849] Bluetooth: hci1: command tx timeout [ 110.648999][ T5158] Bluetooth: hci0: command tx timeout [ 110.691992][ T5862] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.692221][ T5862] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.692472][ T5862] bridge_slave_1: entered allmulticast mode [ 110.695688][ T5862] bridge_slave_1: entered promiscuous mode [ 110.703734][ T5856] team0: Port device team_slave_1 added [ 110.732209][ T5158] Bluetooth: hci2: command tx timeout [ 110.732223][ T5849] Bluetooth: hci3: command tx timeout [ 110.852127][ T5847] team0: Port device team_slave_0 added [ 110.888687][ T5849] Bluetooth: hci4: command tx timeout [ 111.013666][ T5850] team0: Port device team_slave_0 added [ 111.090543][ T5847] team0: Port device team_slave_1 added [ 111.396393][ T5850] team0: Port device team_slave_1 added [ 111.400490][ T5854] team0: Port device team_slave_0 added [ 111.473380][ T5862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 111.474929][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 111.474942][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.474962][ T5856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 111.651966][ T5854] team0: Port device team_slave_1 added [ 111.742954][ T5862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 111.744038][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 111.744055][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.744078][ T5856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 111.912351][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 111.912370][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.912398][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.018195][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.018212][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.018231][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.052271][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 112.052293][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.052325][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 112.256772][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 112.256791][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.256820][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 112.273191][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.273211][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.273250][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.278113][ T5862] team0: Port device team_slave_0 added [ 112.303793][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 112.303816][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.303847][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 112.307670][ T5862] team0: Port device team_slave_1 added [ 112.728880][ T5158] Bluetooth: hci1: command tx timeout [ 112.729046][ T5849] Bluetooth: hci0: command tx timeout [ 112.801994][ T5856] hsr_slave_0: entered promiscuous mode [ 112.803439][ T5856] hsr_slave_1: entered promiscuous mode [ 112.818786][ T5849] Bluetooth: hci3: command tx timeout [ 112.818821][ T5849] Bluetooth: hci2: command tx timeout [ 112.893382][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.893402][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.893431][ T5862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.968953][ T5158] Bluetooth: hci4: command tx timeout [ 113.002779][ T5847] hsr_slave_0: entered promiscuous mode [ 113.003943][ T5847] hsr_slave_1: entered promiscuous mode [ 113.004744][ T5847] debugfs: 'hsr0' already exists in 'hsr' [ 113.004842][ T5847] Cannot create hsr debugfs directory [ 113.082811][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 113.082831][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.082859][ T5862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 113.093936][ T5850] hsr_slave_0: entered promiscuous mode [ 113.095589][ T5850] hsr_slave_1: entered promiscuous mode [ 113.096608][ T5850] debugfs: 'hsr0' already exists in 'hsr' [ 113.096639][ T5850] Cannot create hsr debugfs directory [ 113.274009][ T5854] hsr_slave_0: entered promiscuous mode [ 113.275030][ T5854] hsr_slave_1: entered promiscuous mode [ 113.276220][ T5854] debugfs: 'hsr0' already exists in 'hsr' [ 113.276243][ T5854] Cannot create hsr debugfs directory [ 114.177586][ T5862] hsr_slave_0: entered promiscuous mode [ 114.179514][ T5862] hsr_slave_1: entered promiscuous mode [ 114.180804][ T5862] debugfs: 'hsr0' already exists in 'hsr' [ 114.180849][ T5862] Cannot create hsr debugfs directory [ 114.808613][ T5158] Bluetooth: hci0: command tx timeout [ 114.808649][ T5158] Bluetooth: hci1: command tx timeout [ 114.898753][ T5849] Bluetooth: hci2: command tx timeout [ 114.898789][ T5849] Bluetooth: hci3: command tx timeout [ 115.048854][ T5158] Bluetooth: hci4: command tx timeout [ 115.597096][ T5856] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 115.652304][ T5856] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 115.684645][ T5856] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 115.724187][ T5856] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 115.877209][ T5847] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 115.926868][ T5847] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 115.975382][ T5847] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 116.045802][ T5847] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 116.230471][ T5850] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 116.297840][ T5850] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 116.333485][ T5850] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 116.422435][ T5850] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 116.625345][ T5854] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 116.672345][ T5854] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 116.731565][ T5854] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 116.789383][ T5854] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 116.980497][ T5862] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 117.031989][ T5862] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 117.086877][ T5862] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 117.137623][ T5856] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.159262][ T5862] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 117.325560][ T5856] 8021q: adding VLAN 0 to HW filter on device team0 [ 117.346910][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.397530][ T3035] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.398241][ T3035] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.471072][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.471231][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.552153][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 117.613096][ T3035] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.613864][ T3035] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.649910][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.696803][ T1353] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.697574][ T1353] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.807242][ T5850] 8021q: adding VLAN 0 to HW filter on device team0 [ 117.866132][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.884696][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.884928][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.984653][ T3035] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.984842][ T3035] bridge0: port 2(bridge_slave_1) entered forwarding state [ 118.136782][ T5854] 8021q: adding VLAN 0 to HW filter on device team0 [ 118.154246][ T5862] 8021q: adding VLAN 0 to HW filter on device bond0 [ 118.213756][ T3035] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.213990][ T3035] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.328548][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.328710][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 118.346718][ T5862] 8021q: adding VLAN 0 to HW filter on device team0 [ 118.416722][ T3035] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.417007][ T3035] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.455879][ T3035] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.456036][ T3035] bridge0: port 2(bridge_slave_1) entered forwarding state [ 118.592602][ T5856] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 119.001211][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 119.092002][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 119.151467][ T5856] veth0_vlan: entered promiscuous mode [ 119.292784][ T5856] veth1_vlan: entered promiscuous mode [ 119.454389][ T5847] veth0_vlan: entered promiscuous mode [ 119.533906][ T5847] veth1_vlan: entered promiscuous mode [ 119.635229][ T5856] veth0_macvtap: entered promiscuous mode [ 119.710841][ T5856] veth1_macvtap: entered promiscuous mode [ 119.737143][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 119.812502][ T5862] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 119.844244][ T5847] veth0_macvtap: entered promiscuous mode [ 119.872254][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 119.890117][ T5847] veth1_macvtap: entered promiscuous mode [ 119.915209][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 119.977065][ T3035] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.992217][ T3035] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.997785][ T3035] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.030518][ T3035] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.035969][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 120.090100][ T5850] veth0_vlan: entered promiscuous mode [ 120.143447][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 120.239054][ T5854] veth0_vlan: entered promiscuous mode [ 120.245898][ T1520] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.275936][ T1520] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.277568][ T5850] veth1_vlan: entered promiscuous mode [ 120.358999][ T1520] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.399269][ T1520] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.434828][ T5862] veth0_vlan: entered promiscuous mode [ 120.523851][ T5854] veth1_vlan: entered promiscuous mode [ 120.630852][ T1353] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.630891][ T1353] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.686976][ T5862] veth1_vlan: entered promiscuous mode [ 120.916747][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.916772][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.947237][ T5850] veth0_macvtap: entered promiscuous mode [ 120.990528][ T1353] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.990552][ T1353] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.038706][ T5850] veth1_macvtap: entered promiscuous mode [ 121.042084][ T5854] veth0_macvtap: entered promiscuous mode [ 121.085886][ T5854] veth1_macvtap: entered promiscuous mode [ 121.178223][ T5862] veth0_macvtap: entered promiscuous mode [ 121.232322][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.232347][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.280660][ T5862] veth1_macvtap: entered promiscuous mode [ 121.297051][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 121.396625][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 121.413867][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 122.505686][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 122.569266][ T1520] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.587745][ T1520] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.638716][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 122.657257][ T1520] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.675585][ T1520] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.723156][ T1520] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.747738][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 122.747837][ T1520] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.757850][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.803712][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.641140][ T1428] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.647473][ T1428] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.676024][ T1428] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.834607][ T1428] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.445838][ T1428] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.445863][ T1428] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.723830][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.723854][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.824528][ T4567] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.824553][ T4567] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.135481][ T4567] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.135506][ T4567] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.363291][ T975] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.363339][ T975] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.485526][ T1520] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.485548][ T1520] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.658444][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 128.438425][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 128.438475][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 128.598534][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 128.598609][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 128.598695][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 128.598739][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 128.598780][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 128.598861][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 128.598903][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 134.194824][ T6015] Bluetooth: MGMT ver 1.23 [ 137.957775][ C1] vkms_vblank_simulate: vblank timer overrun [ 138.065828][ C1] vkms_vblank_simulate: vblank timer overrun [ 138.769194][ C1] vkms_vblank_simulate: vblank timer overrun [ 139.067674][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 139.067794][ T1325] ieee802154 phy1 wpan1: encryption failed: -22 [ 139.555998][ C1] vkms_vblank_simulate: vblank timer overrun [ 139.892892][ C1] vkms_vblank_simulate: vblank timer overrun [ 140.486508][ C1] vkms_vblank_simulate: vblank timer overrun [ 141.290466][ C1] vkms_vblank_simulate: vblank timer overrun [ 141.797424][ C1] vkms_vblank_simulate: vblank timer overrun [ 142.311413][ C1] vkms_vblank_simulate: vblank timer overrun [ 146.458835][ T6008] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 146.668516][ T6008] usb 3-1: Using ep0 maxpacket: 16 [ 146.689612][ T6008] usb 3-1: config 0 has an invalid descriptor of length 198, skipping remainder of the config [ 146.689660][ T6008] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 40, using maximum allowed: 30 [ 146.689704][ T6008] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 40 [ 146.689751][ T6008] usb 3-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 146.689775][ T6008] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.798755][ T6008] usb 3-1: config 0 descriptor?? [ 147.394601][ T6077] netlink: 12 bytes leftover after parsing attributes in process `syz.2.24'. [ 150.187182][ T6008] usb 3-1: string descriptor 0 read error: -71 [ 150.269475][ T6008] usb 3-1: USB disconnect, device number 2 [ 152.932228][ T6093] syz.2.29 (6093) used greatest stack depth: 16760 bytes left [ 160.112119][ T1232] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 160.328681][ T1232] usb 3-1: Using ep0 maxpacket: 16 [ 160.330781][ T1232] usb 3-1: config 0 has an invalid descriptor of length 198, skipping remainder of the config [ 160.330832][ T1232] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 40, using maximum allowed: 30 [ 160.333527][ T1232] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 40 [ 160.333565][ T1232] usb 3-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 160.333582][ T1232] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.374006][ T1232] usb 3-1: config 0 descriptor?? [ 161.094435][ T6137] netlink: 12 bytes leftover after parsing attributes in process `syz.2.39'. [ 161.950661][ C0] vkms_vblank_simulate: vblank timer overrun [ 162.611021][ C0] vkms_vblank_simulate: vblank timer overrun [ 162.813624][ C0] vkms_vblank_simulate: vblank timer overrun [ 163.523035][ T1232] usb 3-1: string descriptor 0 read error: -71 [ 163.648065][ T1232] usb 3-1: USB disconnect, device number 3 [ 164.686641][ T6153] ======================================================= [ 164.686641][ T6153] WARNING: The mand mount option has been deprecated and [ 164.686641][ T6153] and is ignored by this kernel. Remove the mand [ 164.686641][ T6153] option from the mount to silence this warning. [ 164.686641][ T6153] ======================================================= [ 164.690965][ T6153] new mount options do not match the existing superblock, will be ignored [ 164.784660][ T6153] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 165.249675][ T38] audit: type=1326 audit(1757869909.756:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6147 comm="syz.2.42" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb42b8ceba9 code=0x7ffc0000 [ 165.249736][ T38] audit: type=1326 audit(1757869909.756:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6147 comm="syz.2.42" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb42b8ceba9 code=0x7ffc0000 [ 165.249796][ T38] audit: type=1326 audit(1757869909.776:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6147 comm="syz.2.42" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fb42b8ceba9 code=0x7ffc0000 [ 166.088907][ T6155] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 173.488133][ C0] vkms_vblank_simulate: vblank timer overrun [ 174.738472][ T5931] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 174.932624][ T5931] usb 2-1: Using ep0 maxpacket: 16 [ 174.934746][ T5931] usb 2-1: config 0 has an invalid descriptor of length 198, skipping remainder of the config [ 174.934783][ T5931] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 40, using maximum allowed: 30 [ 174.934810][ T5931] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 40 [ 174.934840][ T5931] usb 2-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 174.934856][ T5931] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.017385][ T5931] usb 2-1: config 0 descriptor?? [ 179.626713][ T5931] usb 2-1: string descriptor 0 read error: -71 [ 179.658473][ T5931] usb 2-1: USB disconnect, device number 2 [ 184.075292][ C0] vkms_vblank_simulate: vblank timer overrun [ 185.225790][ C0] vkms_vblank_simulate: vblank timer overrun [ 185.853883][ T6264] /dev/nullb0: Can't open blockdev [ 185.938870][ T6264] new mount options do not match the existing superblock, will be ignored [ 185.985268][ T6264] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 186.639722][ T38] audit: type=1326 audit(1757869931.096:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6261 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d5179eba9 code=0x7ffc0000 [ 186.639773][ T38] audit: type=1326 audit(1757869931.096:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6261 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d5179eba9 code=0x7ffc0000 [ 186.639809][ T38] audit: type=1326 audit(1757869931.116:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6261 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f4d5179eba9 code=0x7ffc0000 [ 186.639844][ T38] audit: type=1326 audit(1757869931.146:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6261 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d5179eba9 code=0x7ffc0000 [ 186.639879][ T38] audit: type=1326 audit(1757869931.146:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6261 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d5179eba9 code=0x7ffc0000 [ 186.639913][ T38] audit: type=1326 audit(1757869931.176:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6261 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=315 compat=0 ip=0x7f4d5179eba9 code=0x7ffc0000 [ 186.639949][ T38] audit: type=1326 audit(1757869931.176:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6261 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d5179eba9 code=0x7ffc0000 [ 186.639983][ T38] audit: type=1326 audit(1757869931.186:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6261 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d5179eba9 code=0x7ffc0000 [ 186.640017][ T38] audit: type=1326 audit(1757869931.186:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6261 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f4d5179eba9 code=0x7ffc0000 [ 186.640052][ T38] audit: type=1326 audit(1757869931.196:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6261 comm="syz.3.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d5179eba9 code=0x7ffc0000 [ 186.891401][ T6265] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 190.858640][ T5794] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 191.008598][ T5794] usb 2-1: Using ep0 maxpacket: 16 [ 191.146084][ C1] vkms_vblank_simulate: vblank timer overrun [ 191.186109][ T5794] usb 2-1: config 0 has an invalid descriptor of length 198, skipping remainder of the config [ 191.186154][ T5794] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 40, using maximum allowed: 30 [ 191.186197][ T5794] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 40 [ 191.186243][ T5794] usb 2-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 191.186266][ T5794] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.253084][ C1] vkms_vblank_simulate: vblank timer overrun [ 192.531951][ T5794] usb 2-1: config 0 descriptor?? [ 192.800076][ C1] vkms_vblank_simulate: vblank timer overrun [ 193.102192][ C1] vkms_vblank_simulate: vblank timer overrun [ 193.775219][ C1] vkms_vblank_simulate: vblank timer overrun [ 194.082101][ C1] vkms_vblank_simulate: vblank timer overrun [ 194.655714][ C1] vkms_vblank_simulate: vblank timer overrun [ 195.838153][ T5794] usb 2-1: string descriptor 0 read error: -71 [ 195.901638][ T5794] usb 2-1: USB disconnect, device number 3 [ 196.076729][ T6307] netlink: 'syz.0.73': attribute type 12 has an invalid length. [ 198.360387][ C1] vkms_vblank_simulate: vblank timer overrun [ 198.817986][ C1] vkms_vblank_simulate: vblank timer overrun [ 199.104918][ C1] vkms_vblank_simulate: vblank timer overrun [ 199.829842][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.829923][ T1325] ieee802154 phy1 wpan1: encryption failed: -22 [ 205.048612][ T44] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 205.218638][ T44] usb 5-1: Using ep0 maxpacket: 16 [ 205.221922][ T44] usb 5-1: config 0 has an invalid descriptor of length 198, skipping remainder of the config [ 205.221967][ T44] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 40, using maximum allowed: 30 [ 205.222009][ T44] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 40 [ 205.222053][ T44] usb 5-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 205.222077][ T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.225922][ T44] usb 5-1: config 0 descriptor?? [ 205.772498][ C1] vkms_vblank_simulate: vblank timer overrun [ 205.934528][ C1] vkms_vblank_simulate: vblank timer overrun [ 206.098279][ C1] vkms_vblank_simulate: vblank timer overrun [ 206.264954][ C1] vkms_vblank_simulate: vblank timer overrun [ 206.431856][ C1] vkms_vblank_simulate: vblank timer overrun [ 206.852317][ C1] vkms_vblank_simulate: vblank timer overrun [ 208.398646][ T44] usb 5-1: string descriptor 0 read error: -71 [ 208.434944][ T44] usb 5-1: USB disconnect, device number 2 [ 208.737178][ C1] vkms_vblank_simulate: vblank timer overrun [ 209.799494][ C1] vkms_vblank_simulate: vblank timer overrun [ 209.875879][ C1] vkms_vblank_simulate: vblank timer overrun [ 209.911113][ C1] vkms_vblank_simulate: vblank timer overrun [ 209.994755][ C1] vkms_vblank_simulate: vblank timer overrun [ 210.238557][ C1] vkms_vblank_simulate: vblank timer overrun [ 216.194946][ T6408] new mount options do not match the existing superblock, will be ignored [ 216.221917][ T6408] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 216.827894][ T38] kauditd_printk_skb: 19 callbacks suppressed [ 216.827918][ T38] audit: type=1326 audit(1757869961.276:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6401 comm="syz.1.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc27ad1eba9 code=0x7ffc0000 [ 216.827964][ T38] audit: type=1326 audit(1757869961.276:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6401 comm="syz.1.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc27ad1eba9 code=0x7ffc0000 [ 216.828005][ T38] audit: type=1326 audit(1757869961.296:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6401 comm="syz.1.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fc27ad1eba9 code=0x7ffc0000 [ 217.935102][ C1] vkms_vblank_simulate: vblank timer overrun [ 218.001821][ C1] vkms_vblank_simulate: vblank timer overrun [ 218.106595][ C1] vkms_vblank_simulate: vblank timer overrun [ 218.563058][ C1] vkms_vblank_simulate: vblank timer overrun [ 218.575166][ T6408] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 218.586916][ C1] vkms_vblank_simulate: vblank timer overrun [ 218.679584][ T6420] new mount options do not match the existing superblock, will be ignored [ 218.868461][ T6407] workqueue: Failed to create a rescuer kthread for wq "xfs-blockgc/nullb0": -EINTR [ 219.232797][ C1] vkms_vblank_simulate: vblank timer overrun [ 219.373992][ T38] audit: type=1326 audit(1757869963.836:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6403 comm="syz.3.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d5179eba9 code=0x7ffc0000 [ 219.375492][ T38] audit: type=1326 audit(1757869963.836:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6403 comm="syz.3.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d5179eba9 code=0x7ffc0000 [ 219.376459][ T38] audit: type=1326 audit(1757869963.846:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6403 comm="syz.3.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f4d5179eba9 code=0x7ffc0000 [ 219.952354][ C1] vkms_vblank_simulate: vblank timer overrun [ 219.989524][ T6419] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR [ 220.168475][ C1] vkms_vblank_simulate: vblank timer overrun [ 220.822223][ C1] vkms_vblank_simulate: vblank timer overrun [ 221.728276][ T6008] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 221.908452][ T6008] usb 5-1: Using ep0 maxpacket: 16 [ 221.911051][ T6008] usb 5-1: config 0 has an invalid descriptor of length 198, skipping remainder of the config [ 221.911095][ T6008] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 40, using maximum allowed: 30 [ 221.911137][ T6008] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 40 [ 221.911245][ T6008] usb 5-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 221.911271][ T6008] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.330211][ T6008] usb 5-1: config 0 descriptor?? [ 224.639716][ C0] vkms_vblank_simulate: vblank timer overrun [ 225.671259][ C0] vkms_vblank_simulate: vblank timer overrun [ 225.748674][ C0] vkms_vblank_simulate: vblank timer overrun [ 226.349607][ C0] vkms_vblank_simulate: vblank timer overrun [ 226.491037][ C0] vkms_vblank_simulate: vblank timer overrun [ 226.853181][ C0] vkms_vblank_simulate: vblank timer overrun [ 227.066566][ C0] vkms_vblank_simulate: vblank timer overrun [ 227.239526][ T6008] usb 5-1: string descriptor 0 read error: -71 [ 227.334960][ T6008] usb 5-1: USB disconnect, device number 3 [ 228.811024][ T6473] /dev/nullb0: Can't open blockdev [ 228.850778][ T6473] new mount options do not match the existing superblock, will be ignored [ 228.906114][ T38] audit: type=1326 audit(1757869974.066:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6468 comm="syz.1.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc27ad1eba9 code=0x7ffc0000 [ 228.906658][ T38] audit: type=1326 audit(1757869974.066:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6468 comm="syz.1.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc27ad1eba9 code=0x7ffc0000 [ 228.906920][ T38] audit: type=1326 audit(1757869974.076:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6468 comm="syz.1.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fc27ad1eba9 code=0x7ffc0000 [ 228.907381][ T38] audit: type=1326 audit(1757869974.096:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6468 comm="syz.1.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc27ad1eba9 code=0x7ffc0000 [ 228.907695][ T38] audit: type=1326 audit(1757869974.096:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6468 comm="syz.1.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc27ad1eba9 code=0x7ffc0000 [ 228.908015][ T38] audit: type=1326 audit(1757869974.106:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6468 comm="syz.1.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=315 compat=0 ip=0x7fc27ad1eba9 code=0x7ffc0000 [ 228.908670][ T38] audit: type=1326 audit(1757869974.106:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6468 comm="syz.1.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc27ad1eba9 code=0x7ffc0000 [ 228.908974][ T38] audit: type=1326 audit(1757869974.106:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6468 comm="syz.1.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc27ad1eba9 code=0x7ffc0000 [ 228.909299][ T38] audit: type=1326 audit(1757869974.116:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6468 comm="syz.1.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fc27ad1eba9 code=0x7ffc0000 [ 228.909731][ T38] audit: type=1326 audit(1757869974.126:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6468 comm="syz.1.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc27ad1eba9 code=0x7ffc0000 [ 229.324387][ C0] vkms_vblank_simulate: vblank timer overrun [ 229.703998][ C0] vkms_vblank_simulate: vblank timer overrun [ 229.994219][ T5849] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 230.018005][ T5849] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 230.027218][ T5849] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 230.035971][ T5849] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 230.053800][ T5849] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 230.629220][ C0] vkms_vblank_simulate: vblank timer overrun [ 230.852703][ T6480] /dev/nullb0: Can't open blockdev [ 230.925374][ T6480] new mount options do not match the existing superblock, will be ignored [ 230.959669][ T6480] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 231.692581][ C0] vkms_vblank_simulate: vblank timer overrun [ 231.857184][ T6480] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 232.170126][ T6479] Bluetooth: hci5: command tx timeout [ 232.653677][ T6479] Bluetooth: hci3: command 0x0406 tx timeout [ 232.653735][ T6479] Bluetooth: hci2: command 0x0406 tx timeout [ 232.653762][ T6479] Bluetooth: hci1: command 0x0406 tx timeout [ 232.653859][ T6479] Bluetooth: hci4: command 0x0406 tx timeout [ 234.258555][ T5849] Bluetooth: hci5: command tx timeout [ 235.793816][ T6474] chnl_net:caif_netlink_parms(): no params data found [ 236.271349][ T6502] /dev/nullb0: Can't open blockdev [ 236.274751][ T6502] new mount options do not match the existing superblock, will be ignored [ 236.276255][ T6502] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 236.288605][ T38] kauditd_printk_skb: 33 callbacks suppressed [ 236.288626][ T38] audit: type=1326 audit(1757869981.546:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6501 comm="syz.4.114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1eadfeba9 code=0x7ffc0000 [ 236.288682][ T38] audit: type=1326 audit(1757869981.546:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6501 comm="syz.4.114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1eadfeba9 code=0x7ffc0000 [ 236.288734][ T38] audit: type=1326 audit(1757869981.556:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6501 comm="syz.4.114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fc1eadfeba9 code=0x7ffc0000 [ 236.288787][ T38] audit: type=1326 audit(1757869981.556:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6501 comm="syz.4.114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1eadfeba9 code=0x7ffc0000 [ 236.288839][ T38] audit: type=1326 audit(1757869981.556:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6501 comm="syz.4.114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1eadfeba9 code=0x7ffc0000 [ 236.288889][ T38] audit: type=1326 audit(1757869981.556:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6501 comm="syz.4.114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=315 compat=0 ip=0x7fc1eadfeba9 code=0x7ffc0000 [ 236.288943][ T38] audit: type=1326 audit(1757869981.556:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6501 comm="syz.4.114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1eadfeba9 code=0x7ffc0000 [ 236.288993][ T38] audit: type=1326 audit(1757869981.556:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6501 comm="syz.4.114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1eadfeba9 code=0x7ffc0000 [ 236.289045][ T38] audit: type=1326 audit(1757869981.556:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6501 comm="syz.4.114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fc1eadfeba9 code=0x7ffc0000 [ 236.289097][ T38] audit: type=1326 audit(1757869981.556:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6501 comm="syz.4.114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1eadfeba9 code=0x7ffc0000 [ 236.328752][ T5849] Bluetooth: hci5: command tx timeout [ 236.678494][ T5926] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 236.918615][ T5926] usb 4-1: Using ep0 maxpacket: 16 [ 236.939505][ T5926] usb 4-1: config 0 has an invalid descriptor of length 198, skipping remainder of the config [ 236.939552][ T5926] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 40, using maximum allowed: 30 [ 236.939598][ T5926] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 40 [ 236.939644][ T5926] usb 4-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 236.939668][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.023222][ T5926] usb 4-1: config 0 descriptor?? [ 238.581706][ T5849] Bluetooth: hci5: command tx timeout [ 240.045496][ T5926] usb 4-1: string descriptor 0 read error: -71 [ 240.099460][ T5926] usb 4-1: USB disconnect, device number 2 [ 240.726073][ T6530] overlayfs: failed to resolve './file1': -2 [ 240.868184][ T4567] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 243.777480][ T4567] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.018156][ T6474] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.018258][ T6474] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.038964][ T6474] bridge_slave_0: entered allmulticast mode [ 244.096160][ T6474] bridge_slave_0: entered promiscuous mode [ 244.123384][ T6474] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.124118][ T6474] bridge0: port 2(bridge_slave_1) entered disabled state [ 244.124321][ T6474] bridge_slave_1: entered allmulticast mode [ 244.161773][ T6474] bridge_slave_1: entered promiscuous mode [ 244.589235][ T4567] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.986631][ C1] vkms_vblank_simulate: vblank timer overrun [ 245.838855][ C1] vkms_vblank_simulate: vblank timer overrun [ 246.265868][ C1] vkms_vblank_simulate: vblank timer overrun [ 247.172426][ C1] vkms_vblank_simulate: vblank timer overrun [ 247.758680][ C1] vkms_vblank_simulate: vblank timer overrun [ 247.785453][ T4567] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.964314][ C1] vkms_vblank_simulate: vblank timer overrun [ 247.992786][ C1] vkms_vblank_simulate: vblank timer overrun [ 248.098919][ C1] vkms_vblank_simulate: vblank timer overrun [ 248.852122][ C1] vkms_vblank_simulate: vblank timer overrun [ 249.175230][ T6474] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 249.211855][ T6474] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 251.056862][ T6596] new mount options do not match the existing superblock, will be ignored [ 251.081870][ T6596] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 251.706070][ T38] kauditd_printk_skb: 16 callbacks suppressed [ 251.706088][ T38] audit: type=1326 audit(1757869996.126:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6586 comm="syz.2.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb42b8ceba9 code=0x7ffc0000 [ 251.706139][ T38] audit: type=1326 audit(1757869996.136:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6586 comm="syz.2.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb42b8ceba9 code=0x7ffc0000 [ 251.706186][ T38] audit: type=1326 audit(1757869996.146:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6586 comm="syz.2.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fb42b8ceba9 code=0x7ffc0000 [ 251.720202][ T6474] team0: Port device team_slave_0 added [ 251.724372][ T6474] team0: Port device team_slave_1 added [ 253.848530][ T6474] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 253.848551][ T6474] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 253.848580][ T6474] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 254.109384][ T6474] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 254.109402][ T6474] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 254.109430][ T6474] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 255.670809][ C0] vkms_vblank_simulate: vblank timer overrun [ 256.040470][ C0] vkms_vblank_simulate: vblank timer overrun [ 257.561051][ T6474] hsr_slave_0: entered promiscuous mode [ 257.574172][ T6474] hsr_slave_1: entered promiscuous mode [ 257.596219][ T6474] debugfs: 'hsr0' already exists in 'hsr' [ 257.596252][ T6474] Cannot create hsr debugfs directory [ 257.604807][ T6617] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 257.605186][ T6617] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 258.070149][ T6617] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 258.070246][ T6617] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 258.168999][ T4567] bridge_slave_1: left allmulticast mode [ 258.169179][ T4567] bridge_slave_1: left promiscuous mode [ 258.172567][ T4567] bridge0: port 2(bridge_slave_1) entered disabled state [ 258.326400][ T6617] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 258.326573][ T6617] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 258.399263][ T4567] bridge_slave_0: left allmulticast mode [ 258.399290][ T4567] bridge_slave_0: left promiscuous mode [ 258.399507][ T4567] bridge0: port 1(bridge_slave_0) entered disabled state [ 258.546902][ T6617] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 258.557103][ T6617] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 258.896032][ T6617] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 258.896123][ T6617] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 259.137738][ T6617] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 259.695200][ T5849] Bluetooth: hci1: command 0x0406 tx timeout [ 260.168623][ T5849] Bluetooth: hci2: command 0x0406 tx timeout [ 260.328572][ T5849] Bluetooth: hci3: command 0x0406 tx timeout [ 260.587104][ T5849] Bluetooth: hci4: command 0x0406 tx timeout [ 260.997290][ T5849] Bluetooth: hci5: command 0x0c1a tx timeout [ 261.218023][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.218107][ T1325] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.232858][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.789475][ T5849] Bluetooth: hci1: command 0x0406 tx timeout [ 262.257078][ T5849] Bluetooth: hci2: command 0x0406 tx timeout [ 262.410124][ T5849] Bluetooth: hci3: command 0x0406 tx timeout [ 262.653337][ T5849] Bluetooth: hci4: command 0x0406 tx timeout [ 263.268736][ T5849] Bluetooth: hci5: command 0x0c1a tx timeout [ 264.323604][ C1] vkms_vblank_simulate: vblank timer overrun [ 264.426824][ C1] vkms_vblank_simulate: vblank timer overrun [ 265.317479][ T59] Bluetooth: hci5: command 0x0c1a tx timeout [ 266.340856][ C1] vkms_vblank_simulate: vblank timer overrun [ 267.257286][ C1] vkms_vblank_simulate: vblank timer overrun [ 267.402235][ T4567] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 267.957229][ T4567] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 268.022450][ T4567] bond0 (unregistering): Released all slaves [ 268.460384][ C1] vkms_vblank_simulate: vblank timer overrun [ 268.742667][ C1] vkms_vblank_simulate: vblank timer overrun [ 271.844018][ T6707] new mount options do not match the existing superblock, will be ignored [ 272.646686][ T38] audit: type=1326 audit(1757870017.056:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6697 comm="syz.1.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc27ad1eba9 code=0x7ffc0000 [ 272.646733][ T38] audit: type=1326 audit(1757870017.056:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6697 comm="syz.1.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc27ad1eba9 code=0x7ffc0000 [ 272.646766][ T38] audit: type=1326 audit(1757870017.076:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6697 comm="syz.1.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fc27ad1eba9 code=0x7ffc0000 [ 272.646798][ T38] audit: type=1326 audit(1757870017.076:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6697 comm="syz.1.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc27ad1eba9 code=0x7ffc0000 [ 272.646829][ T38] audit: type=1326 audit(1757870017.076:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6697 comm="syz.1.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc27ad1eba9 code=0x7ffc0000 [ 272.646860][ T38] audit: type=1326 audit(1757870017.096:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6697 comm="syz.1.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=315 compat=0 ip=0x7fc27ad1eba9 code=0x7ffc0000 [ 272.646892][ T38] audit: type=1326 audit(1757870017.096:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6697 comm="syz.1.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc27ad1eba9 code=0x7ffc0000 [ 272.646923][ T38] audit: type=1326 audit(1757870017.096:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6697 comm="syz.1.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc27ad1eba9 code=0x7ffc0000 [ 272.646955][ T38] audit: type=1326 audit(1757870017.096:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6697 comm="syz.1.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fc27ad1eba9 code=0x7ffc0000 [ 272.646987][ T38] audit: type=1326 audit(1757870017.106:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6697 comm="syz.1.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc27ad1eba9 code=0x7ffc0000 [ 277.439544][ T6729] new mount options do not match the existing superblock, will be ignored [ 277.470520][ T6729] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 278.184708][ T38] kauditd_printk_skb: 27 callbacks suppressed [ 278.184729][ T38] audit: type=1326 audit(1757870023.466:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6724 comm="syz.4.167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1eadfeba9 code=0x7ffc0000 [ 278.184900][ T38] audit: type=1326 audit(1757870023.466:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6724 comm="syz.4.167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1eadfeba9 code=0x7ffc0000 [ 279.152459][ T6742] netlink: 36 bytes leftover after parsing attributes in process `syz.2.169'. [ 279.152482][ T6742] netlink: 16 bytes leftover after parsing attributes in process `syz.2.169'. [ 279.152517][ T6742] netlink: 36 bytes leftover after parsing attributes in process `syz.2.169'. [ 280.122787][ T6742] netlink: 36 bytes leftover after parsing attributes in process `syz.2.169'. [ 283.795279][ T4567] hsr_slave_0: left promiscuous mode [ 283.953301][ T4567] hsr_slave_1: left promiscuous mode [ 283.967563][ T4567] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 283.967662][ T4567] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 284.049508][ T4567] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 284.049545][ T4567] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 284.379382][ T4567] veth1_macvtap: left promiscuous mode [ 284.379663][ T4567] veth0_macvtap: left promiscuous mode [ 284.380059][ T4567] veth1_vlan: left promiscuous mode [ 284.380435][ T4567] veth0_vlan: left promiscuous mode [ 289.787293][ T6782] process 'syz.4.181' launched '/dev/fd/4' with NULL argv: empty string added [ 290.350080][ T38] audit: type=1326 audit(1757870035.596:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6779 comm="syz.2.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb42b8ceba9 code=0x7ffc0000 [ 290.350552][ T38] audit: type=1326 audit(1757870035.596:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6779 comm="syz.2.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb42b8ceba9 code=0x7ffc0000 [ 290.350878][ T38] audit: type=1326 audit(1757870035.606:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6779 comm="syz.2.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fb42b8ceba9 code=0x7ffc0000 [ 290.514696][ T6790] new mount options do not match the existing superblock, will be ignored [ 290.541140][ T6790] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 291.280345][ T6788] workqueue: Failed to create a rescuer kthread for wq "xfs-inodegc/nullb0": -EINTR [ 298.393321][ T5849] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 298.421386][ T5849] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 298.424319][ T5849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 298.430656][ T5849] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 298.433371][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 300.649942][ T59] Bluetooth: hci0: command tx timeout [ 302.732690][ T59] Bluetooth: hci0: command tx timeout [ 304.828879][ T59] Bluetooth: hci0: command tx timeout [ 306.888715][ T59] Bluetooth: hci0: command tx timeout [ 307.292611][ C0] vkms_vblank_simulate: vblank timer overrun [ 307.410626][ C0] vkms_vblank_simulate: vblank timer overrun [ 308.350116][ C0] vkms_vblank_simulate: vblank timer overrun [ 310.373672][ T4567] team0 (unregistering): Port device team_slave_1 removed [ 311.304072][ T4567] team0 (unregistering): Port device team_slave_0 removed [ 319.573923][ T5849] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 319.577646][ T5849] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 319.598683][ T5849] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 319.601937][ T5849] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 319.603220][ T5849] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 321.688585][ T59] Bluetooth: hci6: command tx timeout [ 322.736620][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.736697][ T1325] ieee802154 phy1 wpan1: encryption failed: -22 [ 323.768675][ T59] Bluetooth: hci6: command tx timeout [ 325.849047][ T59] Bluetooth: hci6: command tx timeout [ 327.928499][ T59] Bluetooth: hci6: command tx timeout [ 328.299849][ C1] vkms_vblank_simulate: vblank timer overrun [ 329.212034][ C1] vkms_vblank_simulate: vblank timer overrun [ 330.241121][ T6813] chnl_net:caif_netlink_parms(): no params data found [ 330.382889][ T6959] chnl_net:caif_netlink_parms(): no params data found [ 334.371029][ T6813] bridge0: port 1(bridge_slave_0) entered blocking state [ 334.371214][ T6813] bridge0: port 1(bridge_slave_0) entered disabled state [ 334.371480][ T6813] bridge_slave_0: entered allmulticast mode [ 334.391318][ T6813] bridge_slave_0: entered promiscuous mode [ 335.047500][ T6813] bridge0: port 2(bridge_slave_1) entered blocking state [ 335.047613][ T6813] bridge0: port 2(bridge_slave_1) entered disabled state [ 335.047817][ T6813] bridge_slave_1: entered allmulticast mode [ 335.051886][ T6813] bridge_slave_1: entered promiscuous mode [ 335.213756][ T6959] bridge0: port 1(bridge_slave_0) entered blocking state [ 335.213930][ T6959] bridge0: port 1(bridge_slave_0) entered disabled state [ 335.214131][ T6959] bridge_slave_0: entered allmulticast mode [ 335.216087][ T6959] bridge_slave_0: entered promiscuous mode [ 335.747415][ T6959] bridge0: port 2(bridge_slave_1) entered blocking state [ 335.747566][ T6959] bridge0: port 2(bridge_slave_1) entered disabled state [ 335.747825][ T6959] bridge_slave_1: entered allmulticast mode [ 335.751460][ T6959] bridge_slave_1: entered promiscuous mode [ 337.029059][ T6813] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 337.460473][ T6813] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 338.020871][ T6959] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 338.422199][ T6959] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 339.021559][ T6813] team0: Port device team_slave_0 added [ 339.403850][ T6813] team0: Port device team_slave_1 added [ 339.405808][ T6959] team0: Port device team_slave_0 added [ 339.432983][ T6959] team0: Port device team_slave_1 added [ 339.607338][ T7095] netlink: 8 bytes leftover after parsing attributes in process `syz.1.226'. [ 340.710336][ T7095] syz_tun: entered promiscuous mode [ 341.278074][ T7106] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 341.519539][ T6813] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 341.519558][ T6813] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 341.519587][ T6813] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 341.521039][ T6959] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 341.521053][ T6959] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 341.521080][ T6959] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 341.523849][ T6959] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 341.523864][ T6959] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 341.523900][ T6959] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 342.988443][ T4567] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.158065][ T6813] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 343.158084][ T6813] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 343.158112][ T6813] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 343.941785][ T4567] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.742703][ T6959] hsr_slave_0: entered promiscuous mode [ 344.744180][ T6959] hsr_slave_1: entered promiscuous mode [ 344.745125][ T6959] debugfs: 'hsr0' already exists in 'hsr' [ 344.745150][ T6959] Cannot create hsr debugfs directory [ 344.911437][ T38] audit: type=1326 audit(1757870090.156:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7135 comm="syz.3.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d5179eba9 code=0x7ffc0000 [ 344.911876][ T38] audit: type=1326 audit(1757870090.156:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7135 comm="syz.3.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d5179eba9 code=0x7ffc0000 [ 344.912199][ T38] audit: type=1326 audit(1757870090.166:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7135 comm="syz.3.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f4d5179eba9 code=0x7ffc0000 [ 345.067024][ T7140] new mount options do not match the existing superblock, will be ignored [ 345.756593][ C0] vkms_vblank_simulate: vblank timer overrun [ 345.809211][ T7138] workqueue: Failed to create a rescuer kthread for wq "xfs-blockgc/nullb0": -EINTR [ 346.382253][ T4567] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 347.703798][ T4567] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.399258][ T5849] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 348.423029][ T5849] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 348.436038][ T5849] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 348.437446][ T5849] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 348.438060][ T5849] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 350.576418][ T5849] Bluetooth: hci2: command tx timeout [ 352.648397][ T5849] Bluetooth: hci2: command tx timeout [ 354.940856][ T5849] Bluetooth: hci2: command tx timeout [ 355.273053][ C0] vkms_vblank_simulate: vblank timer overrun [ 355.325680][ T4567] bridge_slave_1: left allmulticast mode [ 355.325708][ T4567] bridge_slave_1: left promiscuous mode [ 355.325928][ T4567] bridge0: port 2(bridge_slave_1) entered disabled state [ 355.559071][ T4567] bridge_slave_0: left allmulticast mode [ 355.559103][ T4567] bridge_slave_0: left promiscuous mode [ 355.559317][ T4567] bridge0: port 1(bridge_slave_0) entered disabled state [ 355.751297][ T4567] bridge_slave_1: left allmulticast mode [ 355.751334][ T4567] bridge_slave_1: left promiscuous mode [ 355.751608][ T4567] bridge0: port 2(bridge_slave_1) entered disabled state [ 355.859734][ T4567] bridge_slave_0: left allmulticast mode [ 355.859763][ T4567] bridge_slave_0: left promiscuous mode [ 355.860010][ T4567] bridge0: port 1(bridge_slave_0) entered disabled state [ 356.969924][ T5849] Bluetooth: hci2: command tx timeout [ 358.339952][ T4567] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 358.701220][ T4567] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 358.828590][ T4567] bond0 (unregistering): Released all slaves [ 359.484829][ C0] vkms_vblank_simulate: vblank timer overrun [ 360.548988][ C0] vkms_vblank_simulate: vblank timer overrun [ 360.668565][ C0] vkms_vblank_simulate: vblank timer overrun [ 361.024965][ C0] vkms_vblank_simulate: vblank timer overrun [ 361.350196][ C0] vkms_vblank_simulate: vblank timer overrun [ 365.370604][ C0] vkms_vblank_simulate: vblank timer overrun [ 366.464352][ T4567] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 366.597404][ T4567] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 366.633366][ T4567] bond0 (unregistering): Released all slaves [ 366.702679][ T7245] netlink: 'syz.3.248': attribute type 12 has an invalid length. [ 368.860051][ C0] vkms_vblank_simulate: vblank timer overrun [ 369.344242][ C0] vkms_vblank_simulate: vblank timer overrun [ 369.393722][ T6959] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 369.485763][ C0] vkms_vblank_simulate: vblank timer overrun [ 369.818835][ T7264] [ 369.818851][ T7264] ====================================================== [ 369.818860][ T7264] WARNING: possible circular locking dependency detected [ 369.818880][ T7264] syzkaller #0 Not tainted [ 369.818893][ T7264] ------------------------------------------------------ [ 369.818902][ T7264] syz.4.252/7264 is trying to acquire lock: [ 369.818915][ T7264] ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 369.818996][ T7264] [ 369.818996][ T7264] but task is already holding lock: [ 369.819003][ T7264] ffff8880243f43a0 (&dev->vblank_time_lock){+.+.}-{3:3}, at: drm_vblank_disable_and_save+0x7f/0x380 [ 369.819056][ T7264] [ 369.819056][ T7264] which lock already depends on the new lock. [ 369.819056][ T7264] [ 369.819063][ T7264] [ 369.819063][ T7264] the existing dependency chain (in reverse order) is: [ 369.819071][ T7264] [ 369.819071][ T7264] -> #4 (&dev->vblank_time_lock){+.+.}-{3:3}: [ 369.819100][ T7264] lock_acquire+0x120/0x360 [ 369.819126][ T7264] rt_spin_lock+0x88/0x2c0 [ 369.819149][ T7264] drm_crtc_vblank_on_config+0x2cd/0x860 [ 369.819175][ T7264] drm_crtc_vblank_on+0x88/0xc0 [ 369.819200][ T7264] drm_atomic_helper_commit_modeset_enables+0x602/0xe10 [ 369.819228][ T7264] vkms_atomic_commit_tail+0x69/0x210 [ 369.819253][ T7264] commit_tail+0x281/0x3a0 [ 369.819277][ T7264] drm_atomic_helper_commit+0xa6b/0xb10 [ 369.819303][ T7264] drm_atomic_commit+0x262/0x2c0 [ 369.819325][ T7264] drm_client_modeset_commit_atomic+0x620/0x760 [ 369.819351][ T7264] drm_client_modeset_commit_locked+0xce/0x4d0 [ 369.819372][ T7264] drm_client_modeset_commit+0x4a/0x70 [ 369.819391][ T7264] __drm_fb_helper_restore_fbdev_mode_unlocked+0x9d/0x1b0 [ 369.819418][ T7264] drm_fb_helper_set_par+0xaf/0x100 [ 369.819443][ T7264] fbcon_init+0x1255/0x2370 [ 369.819472][ T7264] visual_init+0x2ef/0x650 [ 369.819498][ T7264] do_bind_con_driver+0x890/0xf70 [ 369.819526][ T7264] do_take_over_console+0x899/0xa10 [ 369.819556][ T7264] do_fbcon_takeover+0x118/0x200 [ 369.819584][ T7264] fbcon_fb_registered+0x35e/0x610 [ 369.819611][ T7264] register_framebuffer+0x70f/0x890 [ 369.819629][ T7264] __drm_fb_helper_initial_config_and_unlock+0x130a/0x18a0 [ 369.819668][ T7264] drm_fbdev_client_hotplug+0x16f/0x230 [ 369.819697][ T7264] drm_client_register+0x16f/0x210 [ 369.819727][ T7264] drm_fbdev_client_setup+0x19f/0x3f0 [ 369.819754][ T7264] drm_client_setup+0x10a/0x230 [ 369.819780][ T7264] vkms_init+0x3e0/0x4b0 [ 369.819802][ T7264] do_one_initcall+0x233/0x820 [ 369.819819][ T7264] do_initcall_level+0x104/0x190 [ 369.819846][ T7264] do_initcalls+0x59/0xa0 [ 369.819871][ T7264] kernel_init_freeable+0x334/0x4b0 [ 369.819897][ T7264] kernel_init+0x1d/0x1d0 [ 369.819917][ T7264] ret_from_fork+0x439/0x7d0 [ 369.819942][ T7264] ret_from_fork_asm+0x1a/0x30 [ 369.819961][ T7264] [ 369.819961][ T7264] -> #3 (&dev->vbl_lock){+.+.}-{3:3}: [ 369.819989][ T7264] lock_acquire+0x120/0x360 [ 369.820014][ T7264] rt_spin_lock+0x88/0x2c0 [ 369.820036][ T7264] vblank_disable_fn+0x72/0x190 [ 369.820058][ T7264] call_timer_fn+0x17e/0x5f0 [ 369.820084][ T7264] __run_timer_base+0x648/0x970 [ 369.820107][ T7264] run_timer_softirq+0xb7/0x180 [ 369.820130][ T7264] handle_softirqs+0x22f/0x710 [ 369.820154][ T7264] run_ktimerd+0xcf/0x190 [ 369.820181][ T7264] smpboot_thread_fn+0x53f/0xa60 [ 369.820205][ T7264] kthread+0x70e/0x8a0 [ 369.820234][ T7264] ret_from_fork+0x439/0x7d0 [ 369.820258][ T7264] ret_from_fork_asm+0x1a/0x30 [ 369.820277][ T7264] [ 369.820277][ T7264] -> #2 ((&vblank->disable_timer)){+...}-{0:0}: [ 369.820305][ T7264] lock_acquire+0x120/0x360 [ 369.820330][ T7264] call_timer_fn+0xdb/0x5f0 [ 369.820355][ T7264] __run_timer_base+0x648/0x970 [ 369.820377][ T7264] run_timer_softirq+0xb7/0x180 [ 369.820400][ T7264] handle_softirqs+0x22f/0x710 [ 369.820423][ T7264] run_ktimerd+0xcf/0x190 [ 369.820450][ T7264] smpboot_thread_fn+0x53f/0xa60 [ 369.820473][ T7264] kthread+0x70e/0x8a0 [ 369.820501][ T7264] ret_from_fork+0x439/0x7d0 [ 369.820525][ T7264] ret_from_fork_asm+0x1a/0x30 [ 369.820544][ T7264] [ 369.820544][ T7264] -> #1 (&base->expiry_lock){+...}-{3:3}: [ 369.820572][ T7264] lock_acquire+0x120/0x360 [ 369.820596][ T7264] rt_spin_lock+0x88/0x2c0 [ 369.820618][ T7264] __run_timer_base+0x114/0x970 [ 369.820641][ T7264] run_timer_softirq+0x67/0x180 [ 369.820670][ T7264] handle_softirqs+0x22f/0x710 [ 369.820694][ T7264] run_ktimerd+0xcf/0x190 [ 369.820720][ T7264] smpboot_thread_fn+0x53f/0xa60 [ 369.820744][ T7264] kthread+0x70e/0x8a0 [ 369.820772][ T7264] ret_from_fork+0x439/0x7d0 [ 369.820796][ T7264] ret_from_fork_asm+0x1a/0x30 [ 369.820814][ T7264] [ 369.820814][ T7264] -> #0 ((softirq_ctrl.lock)){+.+.}-{3:3}: [ 369.820842][ T7264] validate_chain+0xb9b/0x2140 [ 369.820872][ T7264] __lock_acquire+0xab9/0xd20 [ 369.820896][ T7264] reacquire_held_locks+0x127/0x1d0 [ 369.820940][ T7264] lock_release+0x1b4/0x3e0 [ 369.820965][ T7264] __local_bh_enable_ip+0x10c/0x270 [ 369.820989][ T7264] hrtimer_cancel+0x39/0x60 [ 369.821017][ T7264] drm_vblank_disable_and_save+0x1bc/0x380 [ 369.821042][ T7264] drm_crtc_vblank_off+0x22e/0x820 [ 369.821067][ T7264] drm_atomic_helper_commit_modeset_disables+0xc89/0x2010 [ 369.821095][ T7264] vkms_atomic_commit_tail+0x51/0x210 [ 369.821120][ T7264] commit_tail+0x281/0x3a0 [ 369.821144][ T7264] drm_atomic_helper_commit+0xa6b/0xb10 [ 369.821169][ T7264] drm_atomic_commit+0x262/0x2c0 [ 369.821191][ T7264] drm_atomic_connector_commit_dpms+0x364/0x480 [ 369.821217][ T7264] drm_mode_obj_set_property_ioctl+0x617/0xdf0 [ 369.821242][ T7264] drm_connector_property_set_ioctl+0xe9/0x170 [ 369.821273][ T7264] drm_ioctl_kernel+0x2d2/0x3a0 [ 369.821302][ T7264] drm_ioctl+0x685/0xb20 [ 369.821329][ T7264] __se_sys_ioctl+0xff/0x170 [ 369.821350][ T7264] do_syscall_64+0xfa/0x3b0 [ 369.821367][ T7264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.821387][ T7264] [ 369.821387][ T7264] other info that might help us debug this: [ 369.821387][ T7264] [ 369.821394][ T7264] Chain exists of: [ 369.821394][ T7264] (softirq_ctrl.lock) --> &dev->vbl_lock --> &dev->vblank_time_lock [ 369.821394][ T7264] [ 369.821429][ T7264] Possible unsafe locking scenario: [ 369.821429][ T7264] [ 369.821435][ T7264] CPU0 CPU1 [ 369.821442][ T7264] ---- ---- [ 369.821449][ T7264] lock(&dev->vblank_time_lock); [ 369.821464][ T7264] lock(&dev->vbl_lock); [ 369.821479][ T7264] lock(&dev->vblank_time_lock); [ 369.821496][ T7264] lock((softirq_ctrl.lock)); [ 369.821510][ T7264] [ 369.821510][ T7264] *** DEADLOCK *** [ 369.821510][ T7264] [ 369.821516][ T7264] 8 locks held by syz.4.252/7264: [ 369.821528][ T7264] #0: ffffc90004037a60 (crtc_ww_class_acquire){+.+.}-{0:0}, at: drm_mode_obj_set_property_ioctl+0x512/0xdf0 [ 369.821585][ T7264] #1: ffffc90004037a88 (crtc_ww_class_mutex){+.+.}-{4:4}, at: drm_mode_obj_set_property_ioctl+0x512/0xdf0 [ 369.821641][ T7264] #2: ffff8880243f44b8 (&dev->event_lock){+.+.}-{3:3}, at: drm_crtc_vblank_off+0xe4/0x820 [ 369.821705][ T7264] #3: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 369.821758][ T7264] #4: ffff8880243f4420 (&dev->vbl_lock){+.+.}-{3:3}, at: drm_crtc_vblank_off+0xf5/0x820 [ 369.821813][ T7264] #5: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 369.821867][ T7264] #6: ffff8880243f43a0 (&dev->vblank_time_lock){+.+.}-{3:3}, at: drm_vblank_disable_and_save+0x7f/0x380 [ 369.821922][ T7264] #7: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 369.821974][ T7264] [ 369.821974][ T7264] stack backtrace: [ 369.822011][ T7264] CPU: 1 UID: 0 PID: 7264 Comm: syz.4.252 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 369.822036][ T7264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 369.822059][ T7264] Call Trace: [ 369.822069][ T7264] [ 369.822079][ T7264] dump_stack_lvl+0x189/0x250 [ 369.822118][ T7264] ? __pfx_dump_stack_lvl+0x10/0x10 [ 369.822151][ T7264] ? __pfx__printk+0x10/0x10 [ 369.822175][ T7264] ? print_lock_name+0xde/0x100 [ 369.822199][ T7264] print_circular_bug+0x2ee/0x310 [ 369.822222][ T7264] check_noncircular+0x134/0x160 [ 369.822278][ T7264] validate_chain+0xb9b/0x2140 [ 369.822312][ T7264] ? __lock_acquire+0xab9/0xd20 [ 369.822343][ T7264] ? do_raw_spin_lock+0x121/0x290 [ 369.822371][ T7264] __lock_acquire+0xab9/0xd20 [ 369.822403][ T7264] reacquire_held_locks+0x127/0x1d0 [ 369.822437][ T7264] ? __local_bh_disable_ip+0x264/0x400 [ 369.822466][ T7264] lock_release+0x1b4/0x3e0 [ 369.822495][ T7264] ? __local_bh_enable_ip+0x100/0x270 [ 369.822524][ T7264] __local_bh_enable_ip+0x10c/0x270 [ 369.822551][ T7264] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 369.822580][ T7264] ? rt_spin_unlock+0x65/0x80 [ 369.822606][ T7264] ? hrtimer_cancel_wait_running+0xe5/0x180 [ 369.822639][ T7264] ? hrtimer_cancel_wait_running+0x142/0x180 [ 369.822679][ T7264] ? __pfx_vkms_disable_vblank+0x10/0x10 [ 369.822710][ T7264] hrtimer_cancel+0x39/0x60 [ 369.822740][ T7264] drm_vblank_disable_and_save+0x1bc/0x380 [ 369.822770][ T7264] drm_crtc_vblank_off+0x22e/0x820 [ 369.822801][ T7264] ? drm_atomic_bridge_chain_disable+0x157/0x180 [ 369.822838][ T7264] ? __pfx_vkms_crtc_atomic_disable+0x10/0x10 [ 369.822870][ T7264] drm_atomic_helper_commit_modeset_disables+0xc89/0x2010 [ 369.822906][ T7264] vkms_atomic_commit_tail+0x51/0x210 [ 369.822934][ T7264] ? read_tsc+0x9/0x20 [ 369.822958][ T7264] ? __pfx_vkms_atomic_commit_tail+0x10/0x10 [ 369.822986][ T7264] commit_tail+0x281/0x3a0 [ 369.823017][ T7264] drm_atomic_helper_commit+0xa6b/0xb10 [ 369.823048][ T7264] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 369.823077][ T7264] drm_atomic_commit+0x262/0x2c0 [ 369.823103][ T7264] ? __pfx_drm_atomic_commit+0x10/0x10 [ 369.823127][ T7264] ? drm_atomic_add_affected_connectors+0x397/0x410 [ 369.823152][ T7264] ? __pfx___drm_printfn_info+0x10/0x10 [ 369.823193][ T7264] drm_atomic_connector_commit_dpms+0x364/0x480 [ 369.823225][ T7264] drm_mode_obj_set_property_ioctl+0x617/0xdf0 [ 369.823259][ T7264] ? __pfx_drm_mode_obj_set_property_ioctl+0x10/0x10 [ 369.823287][ T7264] ? preempt_schedule+0xae/0xc0 [ 369.823318][ T7264] ? preempt_schedule_common+0x83/0xd0 [ 369.823350][ T7264] ? preempt_schedule+0xae/0xc0 [ 369.823379][ T7264] ? __pfx_preempt_schedule+0x10/0x10 [ 369.823413][ T7264] ? preempt_schedule_thunk+0x16/0x30 [ 369.823449][ T7264] ? rt_mutex_slowunlock+0x493/0x8a0 [ 369.823476][ T7264] ? rt_spin_lock+0x1bb/0x2c0 [ 369.823503][ T7264] drm_connector_property_set_ioctl+0xe9/0x170 [ 369.823537][ T7264] ? __pfx_drm_connector_property_set_ioctl+0x10/0x10 [ 369.823574][ T7264] ? drm_is_current_master+0x1a2/0x210 [ 369.823605][ T7264] drm_ioctl_kernel+0x2d2/0x3a0 [ 369.823637][ T7264] ? __pfx_drm_connector_property_set_ioctl+0x10/0x10 [ 369.823676][ T7264] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 369.823713][ T7264] drm_ioctl+0x685/0xb20 [ 369.823743][ T7264] ? smk_tskacc+0x2fc/0x370 [ 369.823778][ T7264] ? __pfx_drm_connector_property_set_ioctl+0x10/0x10 [ 369.823814][ T7264] ? __pfx_drm_ioctl+0x10/0x10 [ 369.823851][ T7264] ? __fget_files+0x2a/0x420 [ 369.823884][ T7264] ? bpf_lsm_file_ioctl+0x9/0x20 [ 369.823910][ T7264] ? __pfx_drm_ioctl+0x10/0x10 [ 369.823941][ T7264] __se_sys_ioctl+0xff/0x170 [ 369.823966][ T7264] do_syscall_64+0xfa/0x3b0 [ 369.823986][ T7264] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.824007][ T7264] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 369.824028][ T7264] ? clear_bhb_loop+0x60/0xb0 [ 369.824052][ T7264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.824083][ T7264] RIP: 0033:0x7fc1eadfeba9 [ 369.824108][ T7264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 369.824126][ T7264] RSP: 002b:00007fc1e9024038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 369.824149][ T7264] RAX: ffffffffffffffda RBX: 00007fc1eb046180 RCX: 00007fc1eadfeba9 [ 369.824166][ T7264] RDX: 0000200000000380 RSI: 00000000c01064ab RDI: 0000000000000006 [ 369.824180][ T7264] RBP: 00007fc1eae81e19 R08: 0000000000000000 R09: 0000000000000000 [ 369.824194][ T7264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 369.824207][ T7264] R13: 00007fc1eb046218 R14: 00007fc1eb046180 R15: 00007ffe2e1e4af8 [ 369.824232][ T7264] [ 370.146335][ C1] vkms_vblank_simulate: vblank timer overrun [ 371.556982][ T7160] workqueue: Failed to create a rescuer kthread for wq "bond0": -EINTR [ 371.557511][ T6959] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 373.509452][ T7248] syz_tun (unregistering): left promiscuous mode [ 374.539913][ T4567] hsr_slave_0: left promiscuous mode [ 374.558599][ T4567] hsr_slave_1: left promiscuous mode [ 374.559782][ T4567] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 374.629443][ T4567] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 374.798550][ T4567] hsr_slave_0: left promiscuous mode [ 374.818544][ T4567] hsr_slave_1: left promiscuous mode [ 374.819756][ T4567] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 374.819787][ T4567] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 374.858983][ T4567] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 374.859022][ T4567] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 374.920445][ T4567] veth1_macvtap: left promiscuous mode [ 374.920501][ T4567] veth0_macvtap: left promiscuous mode [ 374.920606][ T4567] veth1_vlan: left promiscuous mode [ 374.920681][ T4567] veth0_vlan: left promiscuous mode [ 375.574104][ T4567] team0 (unregistering): Port device team_slave_1 removed [ 375.668957][ T4567] team0 (unregistering): Port device team_slave_0 removed [ 377.400141][ T4567] team0 (unregistering): Port device team_slave_1 removed [ 377.559119][ T4567] team0 (unregistering): Port device team_slave_0 removed