last executing test programs: 10m51.931980537s ago: executing program 0 (id=18): r0 = gettid() fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x2}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) read$msr(r1, &(0x7f0000048040)=""/102392, 0x18ff8) r2 = gettid() rt_sigqueueinfo(r2, 0x12, &(0x7f0000001ac0)={0x35, 0x5, 0x1}) tkill(r2, 0x1d) process_vm_writev(r0, &(0x7f0000000100), 0x0, &(0x7f00000001c0)=[{&(0x7f0000000480)=""/222, 0xde}, {&(0x7f00000002c0)=""/111, 0x6f}, {&(0x7f0000000580)=""/248, 0xf8}, {&(0x7f0000000680)=""/176, 0xb0}], 0x4, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(0xffffffffffffffff, 0x8) syz_usb_connect$uac1(0x2, 0xb8, 0x0, 0x0) 10m50.254533999s ago: executing program 0 (id=21): mkdir(&(0x7f0000000440)='./file1\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') r3 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x351142, 0x1cd) quotactl_fd$Q_GETQUOTA(r3, 0xffffffff80000700, 0xee00, 0x0) 10m48.810433067s ago: executing program 0 (id=22): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r4 = accept4(r3, 0x0, 0x0, 0x80000) recvmsg(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001680)=""/4084, 0xff4}], 0x1}, 0x12041) 10m46.232552642s ago: executing program 0 (id=25): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) prlimit64(0x0, 0xe, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x80801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000002040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000001c0)=0x28) 10m43.34109369s ago: executing program 0 (id=29): socket$nl_route(0x10, 0x3, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x8ab43, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, 0x0}], 0x1, 0x2c, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r2 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r2, &(0x7f000001b700)=""/102392, 0x18ff8) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) semget(0x3, 0x0, 0x10) 10m40.812238677s ago: executing program 0 (id=34): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0) syz_open_dev$vcsa(0x0, 0x1, 0x1a1300) unshare(0x22020600) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) acct(0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r2 = syz_open_procfs(0x0, 0x0) pread64(r2, 0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) openat$sndseq(0xffffffffffffff9c, &(0x7f0000002080), 0x0) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f00000001c0)=[{0x30, 0xf5, 0x53, 0xfffff018}]}, 0x10) 10m24.765463673s ago: executing program 32 (id=34): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0) syz_open_dev$vcsa(0x0, 0x1, 0x1a1300) unshare(0x22020600) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) acct(0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r2 = syz_open_procfs(0x0, 0x0) pread64(r2, 0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) openat$sndseq(0xffffffffffffff9c, &(0x7f0000002080), 0x0) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f00000001c0)=[{0x30, 0xf5, 0x53, 0xfffff018}]}, 0x10) 9m1.841925549s ago: executing program 1 (id=168): mkdir(&(0x7f0000000440)='./file1\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x351142, 0x1cd) 9m0.217969311s ago: executing program 1 (id=171): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8) recvmmsg(r0, &(0x7f0000000b00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=""/3, 0x3}, 0x4}], 0x60d, 0x10002, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 8m58.498673417s ago: executing program 1 (id=174): bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, &(0x7f0000000e00)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) io_setup(0x8, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() getpeername$inet6(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_dev$vim2m(&(0x7f0000000480), 0x3, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f00000000c0)={0x2, @pix={0x7, 0xffffffff, 0x52424752, 0x8, 0x81, 0x20000006, 0x7, 0xa, 0x0, 0x7, 0x0, 0x7}}) 8m52.501277555s ago: executing program 1 (id=178): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x81c0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x81c0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x1, 0x0) r1 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000180)={0x4000, r0}, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) landlock_restrict_self(r1, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1, 0x0) ftruncate(r2, 0x1) 8m52.169163372s ago: executing program 1 (id=181): mkdir(&(0x7f0000000440)='./file1\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') r3 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x351142, 0x1cd) quotactl_fd$Q_GETQUOTA(r3, 0xffffffff80000700, 0xee00, 0x0) 8m50.673771357s ago: executing program 1 (id=184): openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x101801, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='mm_lru_insertion\x00', r1}, 0x18) creat(&(0x7f00000001c0)='./file0\x00', 0x28) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r2 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r3], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)=[0x7fffffff]}) 8m35.419267525s ago: executing program 33 (id=184): openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x101801, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='mm_lru_insertion\x00', r1}, 0x18) creat(&(0x7f00000001c0)='./file0\x00', 0x28) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r2 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r3], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)=[0x7fffffff]}) 6m8.538023183s ago: executing program 6 (id=367): ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) fcntl$getflags(0xffffffffffffffff, 0x1) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000080)={0x0, 0x1, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4000}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x20000000, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x70, 0x0, 0xf2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x36, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f1, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6d1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe02e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x9, 0xcf, 0x0, 0x5, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x6, 0x7, 0x800, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x413f, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x4000000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0xd, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x22, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa32, 0x2, 0x0, 0xfffffffc, 0x789], 0x1, 0x400}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x5, 0x7, 0xe51, 0x1, 0x5479, 0x103d, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x5, 0x6a], 0x2000, 0x808d6}) write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x3, 0x2, 0x0, 0x0, 0x1}, 0x8) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000013c0)={0xffffffffffffffff, 0xa, {0x0, 0x0, 0x0, 0x5, 0x8000, 0x0, 0x4, 0x1f, 0x10, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "143939c787a16c1ca43f80026d1a8554fe581b59dee430e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d200", "24431a1e77a68e17000000040008000000000000000000e5e900", [0x83]}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1000f4) r4 = open(&(0x7f0000000080)='./bus\x00', 0x147842, 0x49) preadv2(r4, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x0, 0x0, 0x0) 6m2.04959484s ago: executing program 6 (id=375): r0 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0x0, 0x0, 0x0, 0x7995}, 0xfff7, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8000000000, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x7fffffff, 0xfffffffffffffffc}, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c0000001a00010100000000000000000a00808000040009000900009baf6f78facc968ed7a291b274dd66f1fae45d316a470035b9fb742b3433434f80e8916799ad27fca18d7cb1ee4202ce7841aacf55ca85a1bdb77695"], 0x1c}}, 0x0) r3 = socket(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) recvmmsg(r5, &(0x7f0000001740)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x2000, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b59500000000000000", @ANYRES32=r4, @ANYBLOB="140001000040000000000000000000000000000014000200fe8000000000000000000000000000aa140006"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80) sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$USBDEVFS_REAPURBNDELAY(r1, 0x4004550d, &(0x7f0000000500)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x16, 0x4, &(0x7f0000000000)=@framed={{}, [@generic={0x71, 0x0, 0x1, 0x51}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) 5m59.125598059s ago: executing program 6 (id=380): sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x3, 'sh\x00', 0x1, 0x4, 0x72}, 0x2c) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e1f, 0x3, 'lc\x00', 0x4, 0x81, 0x5}, {@rand_addr=0x64010102, 0x4e26, 0x0, 0xcb, 0x12d60, 0x9}}, 0x44) setsockopt$IP_VS_SO_SET_EDITDEST(r3, 0x0, 0x489, &(0x7f0000000380)={{0x84, @multicast1, 0x4e20, 0x3, 'sh\x00', 0x0, 0x60000000, 0xc}, {@rand_addr=0x64010102, 0x4e26, 0x12002, 0x3, 0x8001, 0x1}}, 0x44) ioctl$BTRFS_IOC_SEND(0xffffffffffffffff, 0xd0009411, 0x0) fcntl$setsig(0xffffffffffffffff, 0xa, 0x33) 5m57.325098543s ago: executing program 6 (id=382): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7}, [@printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r3, 0x400, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x0) fcntl$setlease(r3, 0x400, 0x2) 5m54.688804366s ago: executing program 6 (id=387): r0 = socket(0x2, 0x80805, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, 0x0, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x8) syz_open_procfs(0x0, &(0x7f0000000180)='task\x00') mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x8528c000) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x2) ioctl$TIOCVHANGUP(r1, 0x5437, 0x2) 5m51.605366787s ago: executing program 6 (id=388): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x2, 0x7fffffff}]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() read$eventfd(0xffffffffffffffff, &(0x7f0000000180), 0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$nci(0xffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x4, r0}) r6 = syz_open_dev$dri(&(0x7f0000000040), 0x1ff, 0x80100) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r5}) 5m34.560809532s ago: executing program 34 (id=388): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x2, 0x7fffffff}]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() read$eventfd(0xffffffffffffffff, &(0x7f0000000180), 0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$nci(0xffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x4, r0}) r6 = syz_open_dev$dri(&(0x7f0000000040), 0x1ff, 0x80100) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r5}) 4m33.438756972s ago: executing program 5 (id=506): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) listen(0xffffffffffffffff, 0x8) r3 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendto(r3, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = syz_pidfd_open(0x0, 0x0) setns(r4, 0x24020000) syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) 4m27.703442526s ago: executing program 5 (id=516): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18) mount$cgroup(0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x6b, 0x11, 0x3a}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x76}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x70) 4m26.210397617s ago: executing program 5 (id=518): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030097850000007b00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@local, @in=@multicast1}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x33}, @in=@broadcast, {0x0, 0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x1}, 0x0, 0x0, 0xa}}}, 0xf8}}, 0x0) ioctl$sock_TIOCOUTQ(r1, 0x5411, 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) 4m20.742697643s ago: executing program 5 (id=525): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) listen(0xffffffffffffffff, 0x8) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = getpid() r4 = syz_pidfd_open(r3, 0x0) setns(r4, 0x24020000) syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) 4m16.276414033s ago: executing program 5 (id=529): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, 0xffffffffffffffff, 0x4000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) close(0xffffffffffffffff) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r0, 0x0, 0x0, 0x80800) setsockopt$sock_int(r4, 0x1, 0x20, &(0x7f0000000940)=0x1000008, 0x4) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) 4m11.560296411s ago: executing program 5 (id=532): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) read$FUSE(r0, &(0x7f0000000440)={0x2020}, 0x2020) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000100)=0x1b11, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000000)=0xfffffffe, 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000480)=0x17fe, 0x4) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_link_settings={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x4c, 0xf3, 0x8, [0x0, 0x0, 0x0, 0xc, 0x5, 0x0, 0x0, 0x40000002]}}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000ec0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r4, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000000000)={0x2c, r3, 0x1, 0x70bd2d, 0x25dfcbfd, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xc2}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x980}]]}, 0x2c}, 0x1, 0x0, 0x0, 0x8040}, 0x4000) 3m55.349055133s ago: executing program 35 (id=532): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) read$FUSE(r0, &(0x7f0000000440)={0x2020}, 0x2020) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000100)=0x1b11, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000000)=0xfffffffe, 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000480)=0x17fe, 0x4) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_link_settings={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x4c, 0xf3, 0x8, [0x0, 0x0, 0x0, 0xc, 0x5, 0x0, 0x0, 0x40000002]}}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000ec0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r4, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000000000)={0x2c, r3, 0x1, 0x70bd2d, 0x25dfcbfd, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xc2}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x980}]]}, 0x2c}, 0x1, 0x0, 0x0, 0x8040}, 0x4000) 17.462409805s ago: executing program 4 (id=794): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000000)={0x2, 0x0, 0x6, 0xffffffff}, 0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x2}]}, 0x10) sendmmsg(r1, &(0x7f0000001c00), 0x400000000000159, 0x40840) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x9}, 0x94) r4 = socket$vsock_stream(0x28, 0x1, 0x0) fsopen(&(0x7f0000000340)='zonefs\x00', 0x0) close_range(r4, 0xffffffffffffffff, 0x0) r5 = syz_open_dev$vim2m(&(0x7f0000000240), 0x41d3, 0x2) ioctl$vim2m_VIDIOC_DQBUF(r5, 0xc044560f, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r3, 0x0, 0xffff}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={r3, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe23, 0x46, 0x8, 0xfffffed4, 0x0}}, 0x10) 14.868128802s ago: executing program 4 (id=798): socket$packet(0x11, 0x3, 0x300) socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) syz_emit_ethernet(0xc2, 0x0, 0x0) ioctl$CEC_S_MODE(0xffffffffffffffff, 0x40046109, &(0x7f0000000140)=0x12) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_open_dev$sg(0x0, 0x5dc, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2) ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(0xffffffffffffffff, 0xc0505350, &(0x7f0000000700)={{0x0, 0x1}, {0xf, 0x2f}, 0x40}) r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 11.717445671s ago: executing program 3 (id=801): r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="07000000040000000001", @ANYRES32=0x0], 0x50) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffe72) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r1, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)=ANY=[@ANYBLOB="440000000b06030000000000000000000200000605"], 0x44}, 0x1, 0x0, 0x0, 0x44080}, 0x4000002) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) shutdown(r1, 0x1) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000007580)={0x0, 0x0, &(0x7f0000007540)={&(0x7f0000000000)={0x18, r0, 0x1, 0x70bd25, 0x25dfdc00, {}, [@IPVS_CMD_ATTR_DAEMON={0x4}]}, 0x18}}, 0x48040) 10.266754921s ago: executing program 3 (id=802): socket$can_bcm(0x1d, 0x2, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_genetlink_get_family_id$wireguard(&(0x7f0000000000), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x22) r3 = fsopen(&(0x7f0000000240)='ext2\x00', 0x1) fsconfig$FSCONFIG_SET_BINARY(r3, 0x6, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_LE_SET_ADV_PARAM={{0x79}, 0xce}}}, 0x7) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) 9.069191596s ago: executing program 4 (id=803): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0xf, 0x8, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}, @generic={0xa7}, @initr0, @exit]}, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1f}, 0x94) sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f0000010240)={0x0, 0x0, &(0x7f0000010200)={0x0}}, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000019100)={[0x0]}) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b46, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) 8.093228792s ago: executing program 4 (id=805): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0x8000}, 0x1c) sendmmsg(r4, &(0x7f00000092c0), 0x4ff, 0xfdff) 7.3233679s ago: executing program 3 (id=806): ioctl$BLKBSZSET(0xffffffffffffffff, 0x40081271, &(0x7f0000000040)=0x6) socket$inet_sctp(0x2, 0x5, 0x84) r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xa, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x20, 0x4, 0x44, 0x0, 0x0, 0x1}, [@FRA_SRC={0x8, 0x2, @private=0xa010101}]}, 0x24}, 0x1, 0x0, 0x0, 0x40001}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, 0x0) 5.971062958s ago: executing program 2 (id=808): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x60a80, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040302"], 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d}, 0x94) ioctl$EVIOCGPROP(0xffffffffffffffff, 0x40047438, &(0x7f0000000180)=""/246) writev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000000280)="c021", 0x1700}], 0x1) 5.074312495s ago: executing program 2 (id=809): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0xf, 0x8, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}, @generic={0xa7}, @initr0, @exit]}, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1f}, 0x94) sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f0000010240)={0x0, 0x0, &(0x7f0000010200)={0x0}}, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000019100)={[0x0]}) syz_open_dev$loop(&(0x7f0000000040), 0x7, 0x80000) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b46, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) 5.071271534s ago: executing program 4 (id=810): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = fsopen(&(0x7f0000000500)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x0) fchdir(r4) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f00000001c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000140), 0x200800, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@volatile}]}) 3.879221545s ago: executing program 2 (id=811): r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000080)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000640)={0x18, &(0x7f0000000540)={0x20, 0x16, 0x1, 'i'}, 0x0, 0x0, 0x0, 0x0}) 3.005696682s ago: executing program 4 (id=812): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r2}, 0x10) socket$packet(0x11, 0x3, 0x300) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0x8000}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0xfdff) 2.349966049s ago: executing program 3 (id=813): prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_io_uring_setup(0x88f, 0x0, &(0x7f0000000000)=0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x2) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0/file0\x00', 0x240, 0x20) syz_io_uring_submit(r0, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x3, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xffb0}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xd, 0x9, 0x0, 0x0, 0xffffff13}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x9}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x4, 0x0, 0x7}, {0x18, 0x2, 0x2, 0x0, r2}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x5, 0x1, 0x7, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair(0x1, 0x20000000000001, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x4) mount(0x0, &(0x7f0000000240)='./cgroup\x00', &(0x7f0000000000)='rpc_pipefs\x00', 0x3000008, 0x0) 2.272828517s ago: executing program 2 (id=815): syz_open_procfs(0x0, &(0x7f0000000080)='map_files\x00') socket$inet(0x2, 0x1, 0x0) syz_open_procfs$pagemap(0x0, &(0x7f0000000000)) socket(0xa, 0x1, 0x0) socket(0xa, 0x1, 0x0) epoll_create1(0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet_sctp(0x2, 0x5, 0x84) socket$inet6_sctp(0xa, 0x5, 0x84) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet_sctp(0x2, 0x1, 0x84) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r0], 0x20) 2.141158893s ago: executing program 2 (id=816): r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001500add427323b470c45b4560a067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03a09000000ffffffffffffffffffffffe7ee0000000000000000020000", 0x58}], 0x1) 959.805072ms ago: executing program 3 (id=817): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3, 0x0, 0xaa5}, 0x18) syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00') socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file4\x00', 0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x4) 929.815537ms ago: executing program 2 (id=818): syz_emit_vhci(&(0x7f0000000540)=@HCI_EVENT_PKT={0x4, @extended_inquiry_info={{0x2f, 0xff}, {0x1, [{@any, 0xeb, 0x1, "7c2fc8", 0xb2, 0xff, "1f9a8655457aabdb3ecb0ebdc940bbe61a5647dbd23fe7be2d04bf8d22ddbb4edea02f2d6853fbb661c9b9d4a62a9d219ecfdb89a38343add0a66e1b3f1845d4750a6d2939972ea2a1033e42daa1813e8b8ff5240d34ee82415745222f94c26c6058779b485410c6f7e7d550e85fc82db310431288efce0646024c381172a32ac2a9c4c4c907865ab00120362beed710fe1e5965035e0e8cb32988ea57fdd0ff1d1fcfc2df785bb178031bb333de13a1aba7a06473ca73b6a38c1968fa8edf4ed584b0c2b6924d43e2432d36004716a61b0cd530db56d0c8052afcd289cda1d100"}]}}}, 0x102) io_uring_setup(0x2c49, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e20}, 0x38) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$ttynull(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002580)={0x2020}, 0xfffffffffffffdde) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x200) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) 0s ago: executing program 3 (id=819): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) mount$cgroup(0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x6b, 0x11, 0x3a}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x76}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x70) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.85' (ED25519) to the list of known hosts. [ 87.102373][ T10] cfg80211: failed to load regulatory.db [ 89.981714][ T5787] cgroup: Unknown subsys name 'net' [ 90.203778][ T5787] cgroup: Unknown subsys name 'cpuset' [ 90.248263][ T5787] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 92.227182][ T5787] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 96.920101][ T5808] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 96.952998][ T5821] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 96.957407][ T5821] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 96.969468][ T5821] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 96.970579][ T5821] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 96.987768][ T5821] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 96.990863][ T5821] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 96.994070][ T5821] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 97.007837][ T5823] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 97.015324][ T5820] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 97.016542][ T5822] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 97.019633][ T5820] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 97.020756][ T5820] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 97.023680][ T5820] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 97.025859][ T5820] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 97.026652][ T5820] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 97.028116][ T5820] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 97.028408][ T5820] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 97.032164][ T5820] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 97.033718][ T5820] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 97.034055][ T5820] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 97.036957][ T5823] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 97.037984][ T5823] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 97.040054][ T5823] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 97.044107][ T5117] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 98.083328][ T5806] chnl_net:caif_netlink_parms(): no params data found [ 98.204620][ T5811] chnl_net:caif_netlink_parms(): no params data found [ 98.346394][ T5809] chnl_net:caif_netlink_parms(): no params data found [ 98.354816][ T5807] chnl_net:caif_netlink_parms(): no params data found [ 98.468733][ T5805] chnl_net:caif_netlink_parms(): no params data found [ 98.899429][ T5806] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.899799][ T5806] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.900981][ T5806] bridge_slave_0: entered allmulticast mode [ 98.902856][ T5806] bridge_slave_0: entered promiscuous mode [ 98.997810][ T5806] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.997972][ T5806] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.998252][ T5806] bridge_slave_1: entered allmulticast mode [ 99.000021][ T5806] bridge_slave_1: entered promiscuous mode [ 99.109089][ T5117] Bluetooth: hci2: command tx timeout [ 99.109314][ T5823] Bluetooth: hci1: command tx timeout [ 99.179030][ T5117] Bluetooth: hci0: command tx timeout [ 99.179181][ T5117] Bluetooth: hci4: command tx timeout [ 99.179707][ T5823] Bluetooth: hci3: command tx timeout [ 99.339603][ T5811] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.339719][ T5811] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.339841][ T5811] bridge_slave_0: entered allmulticast mode [ 99.341639][ T5811] bridge_slave_0: entered promiscuous mode [ 99.578595][ T5811] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.578767][ T5811] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.578952][ T5811] bridge_slave_1: entered allmulticast mode [ 99.581040][ T5811] bridge_slave_1: entered promiscuous mode [ 99.672516][ T5806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.672807][ T5809] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.672963][ T5809] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.673207][ T5809] bridge_slave_0: entered allmulticast mode [ 99.675350][ T5809] bridge_slave_0: entered promiscuous mode [ 99.677050][ T5807] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.677203][ T5807] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.677382][ T5807] bridge_slave_0: entered allmulticast mode [ 99.683068][ T5807] bridge_slave_0: entered promiscuous mode [ 99.841440][ T5806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.841722][ T5809] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.841894][ T5809] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.842009][ T5809] bridge_slave_1: entered allmulticast mode [ 99.843739][ T5809] bridge_slave_1: entered promiscuous mode [ 99.844640][ T5807] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.844741][ T5807] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.845057][ T5807] bridge_slave_1: entered allmulticast mode [ 99.846709][ T5807] bridge_slave_1: entered promiscuous mode [ 99.978745][ T5805] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.978894][ T5805] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.979077][ T5805] bridge_slave_0: entered allmulticast mode [ 99.981179][ T5805] bridge_slave_0: entered promiscuous mode [ 100.203262][ T5811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.203568][ T5805] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.203794][ T5805] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.204358][ T5805] bridge_slave_1: entered allmulticast mode [ 100.206112][ T5805] bridge_slave_1: entered promiscuous mode [ 100.574906][ T5811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.650282][ T5806] team0: Port device team_slave_0 added [ 100.654662][ T5809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.660200][ T5807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.781369][ T5806] team0: Port device team_slave_1 added [ 100.784129][ T5809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.786476][ T5807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.862193][ T5805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.060387][ T5811] team0: Port device team_slave_0 added [ 101.063782][ T5805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.178474][ T5808] Bluetooth: hci1: command tx timeout [ 101.178511][ T5808] Bluetooth: hci2: command tx timeout [ 101.257882][ T5823] Bluetooth: hci3: command tx timeout [ 101.257915][ T5117] Bluetooth: hci0: command tx timeout [ 101.258001][ T5808] Bluetooth: hci4: command tx timeout [ 101.283250][ T5811] team0: Port device team_slave_1 added [ 101.359331][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.359345][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 101.359360][ T5806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.363283][ T5809] team0: Port device team_slave_0 added [ 101.366050][ T5807] team0: Port device team_slave_0 added [ 101.789388][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.789407][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 101.789433][ T5806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.791877][ T5809] team0: Port device team_slave_1 added [ 101.794635][ T5807] team0: Port device team_slave_1 added [ 101.880782][ T5805] team0: Port device team_slave_0 added [ 102.019387][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.019400][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 102.019414][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.022376][ T5805] team0: Port device team_slave_1 added [ 102.169700][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.169718][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 102.169744][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.249901][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.249921][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 102.249939][ T5809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.251313][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.251327][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 102.251352][ T5807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.429328][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.429341][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 102.429355][ T5809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.430367][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.430376][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 102.430389][ T5807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.432850][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.432864][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 102.432879][ T5805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.557804][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.557821][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 102.557843][ T5805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.580361][ T5806] hsr_slave_0: entered promiscuous mode [ 102.581985][ T5806] hsr_slave_1: entered promiscuous mode [ 102.934128][ T5811] hsr_slave_0: entered promiscuous mode [ 102.935128][ T5811] hsr_slave_1: entered promiscuous mode [ 102.935852][ T5811] debugfs: 'hsr0' already exists in 'hsr' [ 102.935931][ T5811] Cannot create hsr debugfs directory [ 103.203167][ T5809] hsr_slave_0: entered promiscuous mode [ 103.204091][ T5809] hsr_slave_1: entered promiscuous mode [ 103.204765][ T5809] debugfs: 'hsr0' already exists in 'hsr' [ 103.204785][ T5809] Cannot create hsr debugfs directory [ 103.215852][ T5807] hsr_slave_0: entered promiscuous mode [ 103.217139][ T5807] hsr_slave_1: entered promiscuous mode [ 103.218773][ T5807] debugfs: 'hsr0' already exists in 'hsr' [ 103.218798][ T5807] Cannot create hsr debugfs directory [ 103.258165][ T5117] Bluetooth: hci1: command tx timeout [ 103.258273][ T5808] Bluetooth: hci2: command tx timeout [ 103.337755][ T5117] Bluetooth: hci0: command tx timeout [ 103.337795][ T5117] Bluetooth: hci3: command tx timeout [ 103.337961][ T5808] Bluetooth: hci4: command tx timeout [ 103.464942][ T5805] hsr_slave_0: entered promiscuous mode [ 103.465843][ T5805] hsr_slave_1: entered promiscuous mode [ 103.466532][ T5805] debugfs: 'hsr0' already exists in 'hsr' [ 103.466549][ T5805] Cannot create hsr debugfs directory [ 105.125834][ T5806] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 105.156353][ T5806] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 105.192551][ T5806] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 105.250198][ T5806] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 105.338320][ T5808] Bluetooth: hci2: command tx timeout [ 105.338360][ T5808] Bluetooth: hci1: command tx timeout [ 105.385856][ T5811] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 105.417789][ T5808] Bluetooth: hci4: command tx timeout [ 105.417914][ T5808] Bluetooth: hci0: command tx timeout [ 105.417937][ T5808] Bluetooth: hci3: command tx timeout [ 105.425277][ T5811] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 105.482961][ T5811] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 105.529390][ T5811] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 105.672713][ T5809] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 105.716260][ T5809] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 105.759914][ T5809] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 105.813926][ T5809] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 105.942748][ T5807] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 105.969879][ T5807] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 106.008508][ T5807] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 106.060001][ T5807] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 106.158835][ T5806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.230280][ T5805] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 106.272787][ T5805] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 106.314192][ T5805] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 106.353764][ T5805] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 106.412200][ T5806] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.455835][ T1172] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.456319][ T1172] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.501745][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.509705][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.510417][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.634446][ T5811] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.684439][ T71] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.684622][ T71] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.700708][ T5809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.746193][ T1172] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.746311][ T1172] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.832702][ T5809] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.894912][ T5807] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.909620][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.909820][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.975156][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.975346][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.073499][ T5807] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.085478][ T5805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.133735][ T3590] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.133850][ T3590] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.186311][ T3590] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.187353][ T3590] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.242938][ T5805] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.301432][ T71] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.302297][ T71] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.346842][ T1172] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.350285][ T1172] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.361687][ T5806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.703154][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.784561][ T5806] veth0_vlan: entered promiscuous mode [ 107.860566][ T5806] veth1_vlan: entered promiscuous mode [ 107.901202][ T5809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.035245][ T5811] veth0_vlan: entered promiscuous mode [ 108.092587][ T5806] veth0_macvtap: entered promiscuous mode [ 108.104825][ T5811] veth1_vlan: entered promiscuous mode [ 108.119325][ T5806] veth1_macvtap: entered promiscuous mode [ 108.143392][ T5807] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.182727][ T5809] veth0_vlan: entered promiscuous mode [ 108.209330][ T5805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.213272][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.246727][ T5809] veth1_vlan: entered promiscuous mode [ 108.275335][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.341840][ T5811] veth0_macvtap: entered promiscuous mode [ 108.351293][ T71] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.361116][ T71] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.368439][ T71] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.376137][ T5811] veth1_macvtap: entered promiscuous mode [ 108.400401][ T71] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.589272][ T5807] veth0_vlan: entered promiscuous mode [ 108.672993][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.696820][ T5809] veth0_macvtap: entered promiscuous mode [ 108.715931][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.734731][ T5807] veth1_vlan: entered promiscuous mode [ 108.739807][ T5809] veth1_macvtap: entered promiscuous mode [ 108.781381][ T41] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.807311][ T41] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.824674][ T41] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.840357][ T41] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.856810][ T190] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.856833][ T190] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.938809][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.032018][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.133288][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.133310][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.161279][ T41] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.196282][ T41] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.196982][ T5807] veth0_macvtap: entered promiscuous mode [ 109.220835][ T5805] veth0_vlan: entered promiscuous mode [ 109.237590][ T41] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.246994][ T41] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.258365][ T1172] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.258384][ T1172] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.260953][ T5807] veth1_macvtap: entered promiscuous mode [ 109.351025][ T5805] veth1_vlan: entered promiscuous mode [ 109.497106][ T190] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.497129][ T190] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.526953][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.660754][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.710689][ T3590] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.713614][ T3590] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.715910][ T3590] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.721001][ T3590] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.848213][ T5805] veth0_macvtap: entered promiscuous mode [ 109.969004][ T5805] veth1_macvtap: entered promiscuous mode [ 110.259612][ T5921] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 111.417853][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.417876][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.904149][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 113.177905][ T4861] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.177930][ T4861] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.965271][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 114.024655][ T190] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.024679][ T190] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.083329][ T190] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.116440][ T190] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.118956][ T190] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.120043][ T190] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.252270][ T4861] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.252293][ T4861] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.307506][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 115.163713][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 115.164241][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 115.167513][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 115.176571][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 115.177483][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 118.902638][ T5959] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 119.207493][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 119.207546][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 119.207585][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 119.207633][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 121.157668][ T5971] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.157691][ T5971] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.443344][ T5966] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 124.668390][ T5971] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.668561][ T5971] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.137267][ T6046] syz.3.28 uses obsolete (PF_INET,SOCK_PACKET) [ 133.192790][ T6046] dummy0: entered promiscuous mode [ 133.195720][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.195825][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.195921][ T6046] vlan2: entered promiscuous mode [ 140.345112][ C1] vkms_vblank_simulate: vblank timer overrun [ 140.500488][ T6090] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 140.501376][ T6090] batadv_slave_0: entered promiscuous mode [ 140.844796][ C1] vkms_vblank_simulate: vblank timer overrun [ 141.626357][ C1] vkms_vblank_simulate: vblank timer overrun [ 143.037527][ C1] vkms_vblank_simulate: vblank timer overrun [ 143.384618][ C1] vkms_vblank_simulate: vblank timer overrun [ 144.542786][ C1] vkms_vblank_simulate: vblank timer overrun [ 149.820915][ T6000] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 152.018826][ C1] vkms_vblank_simulate: vblank timer overrun [ 152.759073][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.673853][ T5823] Bluetooth: hci3: unexpected event 0x03 length: 1 < 11 [ 153.745466][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.860705][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.927683][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.970621][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.092848][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.649992][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.866308][ T5808] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 154.879085][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.919934][ T5808] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 154.925823][ T5808] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 154.942071][ T5808] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 154.956433][ T5808] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 155.245529][ C1] vkms_vblank_simulate: vblank timer overrun [ 156.230564][ C1] vkms_vblank_simulate: vblank timer overrun [ 156.536402][ C1] vkms_vblank_simulate: vblank timer overrun [ 158.130394][ T5823] Bluetooth: hci5: command tx timeout [ 158.524459][ T6192] netlink: 'syz.2.67': attribute type 32 has an invalid length. [ 159.529447][ T6197] netlink: 4 bytes leftover after parsing attributes in process `syz.4.65'. [ 160.137601][ T5823] Bluetooth: hci5: command tx timeout [ 162.217720][ T5823] Bluetooth: hci5: command tx timeout [ 162.974859][ T6197] syz.4.65 (6197) used greatest stack depth: 18720 bytes left [ 163.783873][ T6158] chnl_net:caif_netlink_parms(): no params data found [ 164.297587][ T5823] Bluetooth: hci5: command tx timeout [ 165.343632][ C1] vkms_vblank_simulate: vblank timer overrun [ 165.783264][ C1] vkms_vblank_simulate: vblank timer overrun [ 165.863745][ C1] vkms_vblank_simulate: vblank timer overrun [ 166.782786][ C1] vkms_vblank_simulate: vblank timer overrun [ 167.656660][ C1] vkms_vblank_simulate: vblank timer overrun [ 167.865083][ T71] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.270227][ C1] vkms_vblank_simulate: vblank timer overrun [ 168.508903][ C1] vkms_vblank_simulate: vblank timer overrun [ 168.533583][ C1] vkms_vblank_simulate: vblank timer overrun [ 168.592794][ C1] vkms_vblank_simulate: vblank timer overrun [ 168.697000][ C1] vkms_vblank_simulate: vblank timer overrun [ 169.340500][ C1] vkms_vblank_simulate: vblank timer overrun [ 169.804742][ C1] vkms_vblank_simulate: vblank timer overrun [ 170.276643][ C1] vkms_vblank_simulate: vblank timer overrun [ 170.890889][ C1] vkms_vblank_simulate: vblank timer overrun [ 171.351993][ C1] vkms_vblank_simulate: vblank timer overrun [ 173.847306][ T71] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.986446][ T6158] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.986533][ T6158] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.986707][ T6158] bridge_slave_0: entered allmulticast mode [ 174.019087][ T6158] bridge_slave_0: entered promiscuous mode [ 174.050171][ T6158] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.055099][ T6158] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.055279][ T6158] bridge_slave_1: entered allmulticast mode [ 174.080439][ T6158] bridge_slave_1: entered promiscuous mode [ 175.077652][ T71] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.182827][ T6158] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 175.292686][ T6158] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 179.193315][ T6277] kvm: kvm [6275]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000 [ 179.813197][ T6297] netlink: 40 bytes leftover after parsing attributes in process `syz.1.91'. [ 180.459455][ T71] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.880482][ T6278] tipc: Started in network mode [ 180.880506][ T6278] tipc: Node identity 4, cluster identity 4711 [ 180.880520][ T6278] tipc: Node number set to 4 [ 180.900356][ T6158] team0: Port device team_slave_0 added [ 180.904384][ T6158] team0: Port device team_slave_1 added [ 184.012174][ T6158] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 184.012193][ T6158] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 184.012220][ T6158] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 184.014995][ T6158] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 184.015010][ T6158] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 184.015037][ T6158] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 184.886916][ T6326] Zero length message leads to an empty skb [ 185.051292][ T6329] befs: (nbd2): No write support. Marking filesystem read-only [ 185.088517][ T6329] befs: (nbd2): unable to read superblock [ 185.107647][ T5790] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 187.155546][ T6158] hsr_slave_0: entered promiscuous mode [ 187.157093][ T6158] hsr_slave_1: entered promiscuous mode [ 187.213638][ T6158] debugfs: 'hsr0' already exists in 'hsr' [ 187.213669][ T6158] Cannot create hsr debugfs directory [ 188.628384][ T6342] kernel profiling enabled (shift: 34) [ 188.628406][ T6342] profiling shift: 34 too large [ 192.900921][ T71] bridge_slave_1: left allmulticast mode [ 192.901135][ T71] bridge_slave_1: left promiscuous mode [ 192.904003][ T71] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.679045][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.679126][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.819858][ T71] bridge_slave_0: left allmulticast mode [ 194.819893][ T71] bridge_slave_0: left promiscuous mode [ 194.820238][ T71] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.557940][ T6416] sctp: [Deprecated]: syz.1.119 (pid 6416) Use of struct sctp_assoc_value in delayed_ack socket option. [ 203.557940][ T6416] Use struct sctp_sack_info instead [ 208.347185][ T6447] netlink: 'syz.4.128': attribute type 3 has an invalid length. [ 208.347569][ T6447] netlink: 'syz.4.128': attribute type 4 has an invalid length. [ 208.347695][ T6447] netlink: 8 bytes leftover after parsing attributes in process `syz.4.128'. [ 210.817909][ T6455] syz.4.131 (6455): drop_caches: 2 [ 215.443070][ T6483] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 217.297342][ T5808] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 217.306262][ T5808] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 217.314050][ T5808] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 217.323169][ T5808] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 217.325041][ T5808] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 219.557606][ T5823] Bluetooth: hci1: command tx timeout [ 221.577699][ T5820] Bluetooth: hci1: command tx timeout [ 222.303970][ T5820] Bluetooth: hci4: command 0x0406 tx timeout [ 222.304018][ T5820] Bluetooth: hci3: command 0x0406 tx timeout [ 222.910507][ T5812] Bluetooth: hci0: command 0x0406 tx timeout [ 222.910551][ T5812] Bluetooth: hci2: command 0x0406 tx timeout [ 223.660758][ T5808] Bluetooth: hci1: command tx timeout [ 224.800863][ T71] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 224.907561][ T71] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 224.986582][ T71] bond0 (unregistering): Released all slaves [ 225.969929][ T61] Bluetooth: hci1: command tx timeout [ 227.747568][ T61] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11 [ 229.880577][ T6580] netlink: 68 bytes leftover after parsing attributes in process `syz.1.162'. [ 233.062360][ T6493] chnl_net:caif_netlink_parms(): no params data found [ 236.298596][ T6611] netlink: 'syz.2.170': attribute type 1 has an invalid length. [ 237.851530][ T61] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11 [ 237.923761][ T6611] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 238.403362][ T37] audit: type=1326 audit(1760127185.993:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6641 comm="syz.4.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5fd5deec9 code=0x7ffc0000 [ 238.403427][ T37] audit: type=1326 audit(1760127186.003:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6641 comm="syz.4.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7fd5fd5deec9 code=0x7ffc0000 [ 238.403475][ T37] audit: type=1326 audit(1760127186.003:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6641 comm="syz.4.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5fd5deec9 code=0x7ffc0000 [ 238.403524][ T37] audit: type=1326 audit(1760127186.003:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6641 comm="syz.4.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fd5fd5deec9 code=0x7ffc0000 [ 238.403565][ T37] audit: type=1326 audit(1760127186.003:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6641 comm="syz.4.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5fd5deec9 code=0x7ffc0000 [ 238.403608][ T37] audit: type=1326 audit(1760127186.003:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6641 comm="syz.4.177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5fd5deec9 code=0x7ffc0000 [ 244.057292][ T6621] vlan2: entered allmulticast mode [ 244.057315][ T6621] veth1: entered allmulticast mode [ 246.931505][ T6671] syz.4.182 (6671): drop_caches: 2 [ 249.744186][ C0] vkms_vblank_simulate: vblank timer overrun [ 249.992967][ C0] vkms_vblank_simulate: vblank timer overrun [ 250.381644][ T10] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 250.445889][ T71] hsr_slave_0: left promiscuous mode [ 250.506420][ T71] hsr_slave_1: left promiscuous mode [ 250.507904][ T71] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 250.508039][ T71] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 250.547536][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 250.556849][ T71] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 250.556882][ T71] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 250.557283][ T10] usb 3-1: config 0 has an invalid interface number: 5 but max is 0 [ 250.557309][ T10] usb 3-1: config 0 has no interface number 0 [ 250.592701][ T10] usb 3-1: config 0 interface 5 altsetting 9 endpoint 0x7 has an invalid bInterval 151, changing to 11 [ 250.592737][ T10] usb 3-1: config 0 interface 5 has no altsetting 0 [ 250.691586][ T10] usb 3-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=71.44 [ 250.692308][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.692365][ T10] usb 3-1: Product: syz [ 250.695437][ T10] usb 3-1: Manufacturer: syz [ 250.697722][ T10] usb 3-1: SerialNumber: syz [ 251.295972][ T10] usb 3-1: config 0 descriptor?? [ 251.500497][ T71] veth1_macvtap: left promiscuous mode [ 251.500821][ T71] veth0_macvtap: left promiscuous mode [ 251.501158][ T71] veth1_vlan: left promiscuous mode [ 251.502416][ T71] veth0_vlan: left promiscuous mode [ 251.569979][ T6700] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 251.919572][ T10] radio-si470x 3-1:0.5: could not find interrupt in endpoint [ 251.919738][ T10] radio-si470x 3-1:0.5: probe with driver radio-si470x failed with error -5 [ 251.957322][ T10] radio-raremono 3-1:0.5: this is not Thanko's Raremono. [ 251.959742][ T10] usbhid 3-1:0.5: couldn't find an input interrupt endpoint [ 252.071532][ T10] usb 3-1: USB disconnect, device number 2 [ 256.123475][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.123549][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 262.971662][ T5823] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 262.992669][ T5823] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 262.994905][ T5823] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 263.012017][ T5823] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 263.013085][ T5823] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 265.897748][ T5823] Bluetooth: hci5: command tx timeout [ 268.414198][ T5823] Bluetooth: hci5: command tx timeout [ 268.513707][ T6775] slcan: can't register candev [ 268.514390][ T6775] Falling back ldisc for ptm0. [ 268.875251][ T6783] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 270.465429][ T5823] Bluetooth: hci5: command tx timeout [ 271.160528][ T5823] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11 [ 272.537541][ T5823] Bluetooth: hci5: command tx timeout [ 273.965736][ T61] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 273.985349][ T61] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 274.004013][ T61] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 274.005227][ T61] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 274.005995][ T61] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 274.268414][ T71] team0 (unregistering): Port device team_slave_1 removed [ 274.548161][ T71] team0 (unregistering): Port device team_slave_0 removed [ 276.059184][ T5823] Bluetooth: hci6: command tx timeout [ 276.924953][ T6493] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg2": -EINTR [ 278.137558][ T5823] Bluetooth: hci6: command tx timeout [ 278.614548][ T6813] chnl_net:caif_netlink_parms(): no params data found [ 278.794448][ T6754] chnl_net:caif_netlink_parms(): no params data found [ 279.489427][ T6813] bridge0: port 1(bridge_slave_0) entered blocking state [ 279.489579][ T6813] bridge0: port 1(bridge_slave_0) entered disabled state [ 279.489754][ T6813] bridge_slave_0: entered allmulticast mode [ 279.491536][ T6813] bridge_slave_0: entered promiscuous mode [ 279.584757][ T6813] bridge0: port 2(bridge_slave_1) entered blocking state [ 279.584879][ T6813] bridge0: port 2(bridge_slave_1) entered disabled state [ 279.585061][ T6813] bridge_slave_1: entered allmulticast mode [ 279.586821][ T6813] bridge_slave_1: entered promiscuous mode [ 279.914497][ T71] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.124919][ T6813] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 280.129687][ T6754] bridge0: port 1(bridge_slave_0) entered blocking state [ 280.129870][ T6754] bridge0: port 1(bridge_slave_0) entered disabled state [ 280.130107][ T6754] bridge_slave_0: entered allmulticast mode [ 280.133900][ T6754] bridge_slave_0: entered promiscuous mode [ 280.217754][ T5823] Bluetooth: hci6: command tx timeout [ 280.302562][ T71] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.342280][ T6813] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 280.342571][ T6754] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.342697][ T6754] bridge0: port 2(bridge_slave_1) entered disabled state [ 280.342833][ T6754] bridge_slave_1: entered allmulticast mode [ 280.344570][ T6754] bridge_slave_1: entered promiscuous mode [ 280.846509][ T71] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.880978][ T6813] team0: Port device team_slave_0 added [ 280.966675][ T6754] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 280.975284][ T6813] team0: Port device team_slave_1 added [ 280.980251][ T6754] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 281.113979][ T71] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.451916][ T6813] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 281.451934][ T6813] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 281.451957][ T6813] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 281.456232][ T6754] team0: Port device team_slave_0 added [ 281.462230][ T6813] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 281.462247][ T6813] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 281.462272][ T6813] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 281.465502][ T6754] team0: Port device team_slave_1 added [ 281.674658][ T6754] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 281.674677][ T6754] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 281.674703][ T6754] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 281.804612][ T6754] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 281.804631][ T6754] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 281.804656][ T6754] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 282.028892][ T6813] hsr_slave_0: entered promiscuous mode [ 282.029855][ T6813] hsr_slave_1: entered promiscuous mode [ 282.030487][ T6813] debugfs: 'hsr0' already exists in 'hsr' [ 282.030506][ T6813] Cannot create hsr debugfs directory [ 282.307639][ T5823] Bluetooth: hci6: command tx timeout [ 282.324646][ T6754] hsr_slave_0: entered promiscuous mode [ 282.325599][ T6754] hsr_slave_1: entered promiscuous mode [ 282.326238][ T6754] debugfs: 'hsr0' already exists in 'hsr' [ 282.326254][ T6754] Cannot create hsr debugfs directory [ 282.405003][ T71] bridge_slave_1: left allmulticast mode [ 282.405033][ T71] bridge_slave_1: left promiscuous mode [ 282.405220][ T71] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.459345][ T71] bridge_slave_0: left allmulticast mode [ 282.459368][ T71] bridge_slave_0: left promiscuous mode [ 282.459554][ T71] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.521416][ T71] bridge_slave_1: left allmulticast mode [ 282.521440][ T71] bridge_slave_1: left promiscuous mode [ 282.521606][ T71] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.598820][ T71] bridge_slave_0: left allmulticast mode [ 282.598844][ T71] bridge_slave_0: left promiscuous mode [ 282.599157][ T71] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.022520][ T71] bond0 (unregistering): Released all slaves [ 284.488213][ T71] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 284.548348][ T71] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 284.569974][ T71] bond0 (unregistering): Released all slaves [ 284.779533][ T71] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 284.888217][ T71] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 284.951477][ T71] bond0 (unregistering): Released all slaves [ 286.528213][ T71] hsr_slave_0: left promiscuous mode [ 286.567831][ T71] hsr_slave_1: left promiscuous mode [ 286.570880][ T71] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 286.570901][ T71] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 286.599555][ T71] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 286.599585][ T71] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 286.717779][ T71] hsr_slave_0: left promiscuous mode [ 286.779523][ T71] hsr_slave_1: left promiscuous mode [ 286.780354][ T71] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 286.829146][ T71] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 286.896621][ T71] veth1_macvtap: left promiscuous mode [ 286.896698][ T71] veth0_macvtap: left promiscuous mode [ 286.900200][ T71] veth1_vlan: left promiscuous mode [ 286.900392][ T71] veth0_vlan: left promiscuous mode [ 289.158148][ T71] team0 (unregistering): Port device team_slave_1 removed [ 289.368648][ T71] team0 (unregistering): Port device team_slave_0 removed [ 291.979210][ T71] team0 (unregistering): Port device team_slave_1 removed [ 292.098386][ T71] team0 (unregistering): Port device team_slave_0 removed [ 292.676854][ T6813] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 292.767291][ T6813] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 292.820467][ T6813] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 292.930497][ T6813] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 293.166044][ T6754] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 293.221948][ T6754] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 293.275620][ T6754] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 293.310242][ T6754] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 293.579224][ T6813] 8021q: adding VLAN 0 to HW filter on device bond0 [ 293.685649][ T6813] 8021q: adding VLAN 0 to HW filter on device team0 [ 293.734963][ T6204] bridge0: port 1(bridge_slave_0) entered blocking state [ 293.735250][ T6204] bridge0: port 1(bridge_slave_0) entered forwarding state [ 293.795517][ T6754] 8021q: adding VLAN 0 to HW filter on device bond0 [ 293.811593][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 293.811752][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 293.961607][ T6754] 8021q: adding VLAN 0 to HW filter on device team0 [ 294.076924][ T6204] bridge0: port 1(bridge_slave_0) entered blocking state [ 294.077091][ T6204] bridge0: port 1(bridge_slave_0) entered forwarding state [ 294.102842][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 294.103064][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 294.684198][ T6813] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 295.144813][ T6754] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 295.492704][ T6813] veth0_vlan: entered promiscuous mode [ 295.523243][ T6813] veth1_vlan: entered promiscuous mode [ 295.615117][ T6813] veth0_macvtap: entered promiscuous mode [ 295.628452][ T6813] veth1_macvtap: entered promiscuous mode [ 295.701925][ T6813] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 295.721391][ T6813] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 295.755100][ T5970] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.760209][ T5970] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.761746][ T5970] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.763287][ T5970] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.110457][ T71] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 296.110479][ T71] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 296.157064][ T6754] veth0_vlan: entered promiscuous mode [ 296.201071][ T5970] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 296.201093][ T5970] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 296.202711][ T6754] veth1_vlan: entered promiscuous mode [ 296.315073][ T6754] veth0_macvtap: entered promiscuous mode [ 296.327848][ T6754] veth1_macvtap: entered promiscuous mode [ 296.392572][ T6754] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 296.432113][ T6754] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 296.458101][ T71] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.458373][ T71] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.458646][ T71] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.465781][ T71] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.962395][ T6986] xt_socket: unknown flags 0x50 [ 302.989749][ T5973] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 302.989774][ T5973] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 303.448656][ T3590] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 303.448678][ T3590] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 303.735999][ T6999] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 304.883640][ T7007] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 312.793054][ T7023] input: syz1 as /devices/virtual/input/input5 [ 317.710398][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.710473][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.844189][ T7054] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 324.505368][ T5890] Process accounting resumed [ 326.127878][ T5823] Bluetooth: hci3: unexpected event 0x03 length: 1 < 11 [ 326.825372][ T7124] batman_adv: batadv0: Adding interface: dummy0 [ 326.825393][ T7124] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 326.825425][ T7124] batman_adv: batadv0: Interface activated: dummy0 [ 329.946773][ T7128] batadv0: mtu less than device minimum [ 330.008261][ T7128] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 330.013697][ T7128] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 330.042698][ T7128] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 330.068982][ T7128] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 330.075107][ T7128] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 330.102565][ T7128] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 330.120498][ T7128] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 330.142025][ T7128] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 330.163148][ T7128] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 335.326644][ C1] vkms_vblank_simulate: vblank timer overrun [ 335.382662][ C1] vkms_vblank_simulate: vblank timer overrun [ 335.413410][ C1] vkms_vblank_simulate: vblank timer overrun [ 335.924562][ C1] vkms_vblank_simulate: vblank timer overrun [ 338.889259][ C1] vkms_vblank_simulate: vblank timer overrun [ 339.407953][ C1] vkms_vblank_simulate: vblank timer overrun [ 339.729732][ C1] vkms_vblank_simulate: vblank timer overrun [ 340.885346][ T7187] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 344.384499][ T7211] ntfs3(nullb0): Primary boot signature is not NTFS. [ 344.414455][ T7211] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 346.947607][ T5823] Bluetooth: hci3: command 0x0406 tx timeout [ 347.027996][ T7205] Bluetooth: hci3: Opcode 0x0401 failed: -110 [ 350.776864][ T7272] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 358.870212][ T7268] syz.4.286 (7268): drop_caches: 2 [ 363.092714][ T7333] binder: BINDER_SET_CONTEXT_MGR already set [ 363.092731][ T7333] binder: 7332:7333 ioctl 4018620d 2000000002c0 returned -16 [ 369.848889][ T7371] netlink: 'syz.2.308': attribute type 21 has an invalid length. [ 369.848911][ T7371] IPv6: NLM_F_CREATE should be specified when creating new route [ 372.571580][ T7396] random: crng reseeded on system resumption [ 374.691685][ T7409] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 375.950530][ T7421] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 379.316621][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.316707][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 382.880547][ T7466] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 384.472201][ T61] Bluetooth: hci5: unexpected event 0x03 length: 1 < 11 [ 384.933922][ T61] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11 [ 386.556808][ T61] Bluetooth: hci5: command 0x0406 tx timeout [ 396.465606][ T5823] Bluetooth: hci6: command 0x0406 tx timeout [ 401.853106][ T7593] ceph: No mds server is up or the cluster is laggy [ 402.436559][ T9] libceph: connect (1)[c::]:6789 error -101 [ 402.454513][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 402.741802][ T9] libceph: connect (1)[c::]:6789 error -101 [ 402.742042][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 403.258478][ T10] libceph: connect (1)[c::]:6789 error -101 [ 403.260333][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 404.076025][ C0] vkms_vblank_simulate: vblank timer overrun [ 404.198993][ C0] vkms_vblank_simulate: vblank timer overrun [ 404.367004][ C0] vkms_vblank_simulate: vblank timer overrun [ 404.673060][ C0] vkms_vblank_simulate: vblank timer overrun [ 413.940600][ T7675] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 418.637593][ T31] IPVS: starting estimator thread 0... [ 418.770407][ T7705] IPVS: using max 6 ests per chain, 14400 per kthread [ 426.598712][ C0] vkms_vblank_simulate: vblank timer overrun [ 426.781466][ T6027] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 427.465278][ T6027] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 427.465338][ T6027] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 427.465358][ T6027] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.552370][ C0] vkms_vblank_simulate: vblank timer overrun [ 427.570294][ T6027] usb 6-1: config 0 descriptor?? [ 427.679900][ T6027] pwc: Askey VC010 type 2 USB webcam detected. [ 429.192891][ T6027] pwc: recv_control_msg error -32 req 02 val 2b00 [ 429.276209][ T6027] pwc: recv_control_msg error -32 req 02 val 2700 [ 429.287738][ T6027] pwc: recv_control_msg error -32 req 02 val 2c00 [ 429.293995][ T6027] pwc: recv_control_msg error -32 req 04 val 1000 [ 429.296450][ T6027] pwc: recv_control_msg error -32 req 04 val 1300 [ 429.321726][ T6027] pwc: recv_control_msg error -32 req 04 val 1400 [ 429.325370][ T6027] pwc: recv_control_msg error -32 req 02 val 2000 [ 429.341558][ T6027] pwc: recv_control_msg error -32 req 02 val 2100 [ 429.484531][ T6027] pwc: recv_control_msg error -32 req 04 val 1500 [ 429.514118][ T6027] pwc: recv_control_msg error -32 req 02 val 2500 [ 429.524846][ T6027] pwc: recv_control_msg error -32 req 02 val 2400 [ 429.526571][ T6027] pwc: recv_control_msg error -32 req 02 val 2600 [ 429.558174][ T6027] pwc: recv_control_msg error -32 req 02 val 2900 [ 429.579808][ T6027] pwc: recv_control_msg error -32 req 02 val 2800 [ 429.582808][ T6027] pwc: recv_control_msg error -32 req 04 val 1100 [ 429.625251][ T6027] pwc: Registered as video103. [ 429.641769][ T6027] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input6 [ 429.857592][ T10] usb 6-1: USB disconnect, device number 2 [ 430.123717][ T7767] netlink: 4 bytes leftover after parsing attributes in process `syz.2.394'. [ 437.758394][ C0] vkms_vblank_simulate: vblank timer overrun [ 437.913179][ C0] vkms_vblank_simulate: vblank timer overrun [ 438.389733][ C0] vkms_vblank_simulate: vblank timer overrun [ 440.269934][ T7801] netlink: 104 bytes leftover after parsing attributes in process `syz.2.402'. [ 440.971011][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.971092][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.176852][ C0] vkms_vblank_simulate: vblank timer overrun [ 442.258178][ T7810] netlink: 8 bytes leftover after parsing attributes in process `syz.2.408'. [ 442.518507][ C0] vkms_vblank_simulate: vblank timer overrun [ 443.498049][ T7815] syz.3.409 (7815) used greatest stack depth: 18552 bytes left [ 445.194258][ T7811] team0: Port device vlan2 added [ 445.517670][ T7821] netlink: 4 bytes leftover after parsing attributes in process `syz.4.411'. [ 445.550646][ T5823] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 445.554408][ T5823] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 445.558038][ T5823] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 445.561966][ T5823] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 445.562794][ T5823] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 447.926084][ T5823] Bluetooth: hci1: command tx timeout [ 448.527691][ T7851] netlink: 8 bytes leftover after parsing attributes in process `syz.2.420'. [ 448.817860][ T7853] process 'syz.4.419' launched '/dev/fd/6' with NULL argv: empty string added [ 450.925865][ T5823] Bluetooth: hci1: command tx timeout [ 452.654954][ T13] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.940490][ T5823] Bluetooth: hci1: command tx timeout [ 454.488576][ T13] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.017878][ T5823] Bluetooth: hci1: command tx timeout [ 457.180186][ T13] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 459.833266][ T13] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.292191][ T7927] warning: `syz.3.441' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 464.414184][ T7824] chnl_net:caif_netlink_parms(): no params data found [ 464.702007][ T5823] Bluetooth: hci6: unexpected event 0x03 length: 1 < 11 [ 472.151766][ T7824] bridge0: port 1(bridge_slave_0) entered blocking state [ 472.151926][ T7824] bridge0: port 1(bridge_slave_0) entered disabled state [ 472.152197][ T7824] bridge_slave_0: entered allmulticast mode [ 472.155430][ T7824] bridge_slave_0: entered promiscuous mode [ 472.393644][ T7824] bridge0: port 2(bridge_slave_1) entered blocking state [ 472.393809][ T7824] bridge0: port 2(bridge_slave_1) entered disabled state [ 472.394071][ T7824] bridge_slave_1: entered allmulticast mode [ 472.397252][ T7824] bridge_slave_1: entered promiscuous mode [ 472.439100][ T13] bridge_slave_1: left allmulticast mode [ 472.439122][ T13] bridge_slave_1: left promiscuous mode [ 472.439823][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 472.580079][ T13] bridge_slave_0: left allmulticast mode [ 472.580113][ T13] bridge_slave_0: left promiscuous mode [ 472.580406][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 478.553986][ T8037] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 484.939552][ T6027] libceph: connect (1)[c::]:6789 error -101 [ 484.939768][ T6027] libceph: mon0 (1)[c::]:6789 connect error [ 484.950996][ T6027] libceph: connect (1)[c::]:6789 error -101 [ 484.951213][ T6027] libceph: mon0 (1)[c::]:6789 connect error [ 484.986632][ T8072] ceph: No mds server is up or the cluster is laggy [ 486.379846][ T5823] Bluetooth: hci3: command 0x0406 tx timeout [ 488.135100][ T8094] netlink: 148 bytes leftover after parsing attributes in process `syz.3.484'. [ 488.136205][ T8094] netlink: 116 bytes leftover after parsing attributes in process `syz.3.484'. [ 488.136303][ T8094] netlink: 16 bytes leftover after parsing attributes in process `syz.3.484'. [ 489.304837][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 489.615492][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 490.172374][ T13] bond0 (unregistering): Released all slaves [ 490.436827][ T8058] bridge1: entered promiscuous mode [ 490.436856][ T8058] bridge1: entered allmulticast mode [ 497.848339][ T7824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 497.870473][ T7824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 502.359321][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.359414][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.989146][ T8201] netlink: 'syz.4.508': attribute type 1 has an invalid length. [ 506.818796][ T61] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 506.845851][ T61] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 506.862807][ T61] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 507.179932][ T61] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 507.187215][ T61] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 510.006018][ T5823] Bluetooth: hci2: command tx timeout [ 511.853394][ T8246] netlink: 104 bytes leftover after parsing attributes in process `syz.4.513'. [ 512.374175][ T5823] Bluetooth: hci2: command tx timeout [ 514.457995][ T5823] Bluetooth: hci2: command tx timeout [ 516.538056][ T5823] Bluetooth: hci2: command tx timeout [ 516.898663][ C1] vkms_vblank_simulate: vblank timer overrun [ 517.152354][ C1] vkms_vblank_simulate: vblank timer overrun [ 517.413386][ C1] vkms_vblank_simulate: vblank timer overrun [ 517.463143][ C1] vkms_vblank_simulate: vblank timer overrun [ 520.008168][ T13] hsr_slave_0: left promiscuous mode [ 523.875506][ T13] hsr_slave_1: left promiscuous mode [ 523.876665][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 523.876693][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 524.815541][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 524.815570][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 526.110871][ T13] veth1_macvtap: left promiscuous mode [ 526.111004][ T13] veth0_macvtap: left promiscuous mode [ 526.111352][ T13] veth1_vlan: left promiscuous mode [ 526.111558][ T13] veth0_vlan: left promiscuous mode [ 535.591623][ T8331] net_ratelimit: 10 callbacks suppressed [ 535.591640][ T8331] Set syz1 is full, maxelem 65536 reached [ 540.399850][ T8375] syz.4.550 (8375): drop_caches: 2 [ 542.798131][ T61] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11 [ 544.136725][ T5823] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 544.154994][ T5823] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 544.156710][ T5823] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 544.205739][ T5823] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 544.206941][ T5823] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 546.297646][ T61] Bluetooth: hci1: command tx timeout [ 549.597785][ T61] Bluetooth: hci1: command tx timeout [ 549.757384][ T6027] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 549.775255][ T61] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11 [ 551.561783][ T6027] usb 5-1: unable to get BOS descriptor or descriptor too short [ 551.564028][ T6027] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 551.564053][ T6027] usb 5-1: can't read configurations, error -71 [ 551.657797][ T61] Bluetooth: hci1: command tx timeout [ 553.228678][ T13] team0 (unregistering): Port device team_slave_1 removed [ 553.780422][ T61] Bluetooth: hci1: command tx timeout [ 556.318304][ T13] team0 (unregistering): Port device team_slave_0 removed [ 556.580072][ T61] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11 [ 560.381026][ T8480] netlink: 32 bytes leftover after parsing attributes in process `syz.2.576'. [ 563.266669][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.266746][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.524006][ T5823] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 563.558338][ T5823] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 563.560741][ T5823] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 563.589503][ T5823] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 563.646702][ T5823] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 565.749530][ T5823] Bluetooth: hci5: command tx timeout [ 567.220762][ T5823] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11 [ 568.547679][ T5823] Bluetooth: hci5: command tx timeout [ 570.617410][ T5823] Bluetooth: hci5: command tx timeout [ 576.512795][ T5823] Bluetooth: hci5: command tx timeout [ 577.317756][ T8543] capability: warning: `syz.3.590' uses deprecated v2 capabilities in a way that may be insecure [ 577.411412][ T37] audit: type=1400 audit(2000000055.210:8): lsm=SMACK fn=smack_task_movememory action=denied subject="y" object="_" requested=w pid=8536 comm="syz.3.590" opid=8536 ocomm="syz.3.590" [ 579.424985][ T5823] Bluetooth: hci3: unexpected event 0x03 length: 1 < 11 [ 580.099806][ C1] vkms_vblank_simulate: vblank timer overrun [ 580.810580][ C1] vkms_vblank_simulate: vblank timer overrun [ 580.896498][ C1] vkms_vblank_simulate: vblank timer overrun [ 581.104540][ C1] vkms_vblank_simulate: vblank timer overrun [ 581.706273][ C1] vkms_vblank_simulate: vblank timer overrun [ 581.786892][ C1] vkms_vblank_simulate: vblank timer overrun [ 581.888841][ C1] vkms_vblank_simulate: vblank timer overrun [ 582.065534][ C1] vkms_vblank_simulate: vblank timer overrun [ 583.015666][ C1] vkms_vblank_simulate: vblank timer overrun [ 583.472999][ C1] vkms_vblank_simulate: vblank timer overrun [ 584.009090][ C1] vkms_vblank_simulate: vblank timer overrun [ 584.982369][ T13] IPVS: stop unused estimator thread 0... [ 585.051242][ C1] vkms_vblank_simulate: vblank timer overrun [ 585.069185][ T8392] chnl_net:caif_netlink_parms(): no params data found [ 585.871411][ T8490] chnl_net:caif_netlink_parms(): no params data found [ 588.569675][ T13] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 589.732655][ T8392] bridge0: port 1(bridge_slave_0) entered blocking state [ 589.732810][ T8392] bridge0: port 1(bridge_slave_0) entered disabled state [ 589.733063][ T8392] bridge_slave_0: entered allmulticast mode [ 589.740576][ T8392] bridge_slave_0: entered promiscuous mode [ 589.938346][ T8392] bridge0: port 2(bridge_slave_1) entered blocking state [ 589.938569][ T8392] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.938847][ T8392] bridge_slave_1: entered allmulticast mode [ 589.942040][ T8392] bridge_slave_1: entered promiscuous mode [ 591.980807][ T8644] No control pipe specified [ 594.919794][ T8657] kvm: kvm [8656]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x1c0000000000 [ 594.919873][ T8657] kvm: kvm [8656]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 594.924810][ T8657] kvm: kvm [8656]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x925400000000 [ 595.049226][ T13] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 595.243755][ T8490] bridge0: port 1(bridge_slave_0) entered blocking state [ 595.243929][ T8490] bridge0: port 1(bridge_slave_0) entered disabled state [ 595.244192][ T8490] bridge_slave_0: entered allmulticast mode [ 595.268596][ T8490] bridge_slave_0: entered promiscuous mode [ 595.291963][ T8392] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 595.300317][ T8490] bridge0: port 2(bridge_slave_1) entered blocking state [ 595.300488][ T8490] bridge0: port 2(bridge_slave_1) entered disabled state [ 595.300718][ T8490] bridge_slave_1: entered allmulticast mode [ 595.317595][ T8490] bridge_slave_1: entered promiscuous mode [ 595.347148][ T8392] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 597.205815][ T8677] netlink: 32 bytes leftover after parsing attributes in process `syz.3.618'. [ 597.822194][ T13] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.890106][ T8490] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 597.899625][ T8392] team0: Port device team_slave_0 added [ 597.975570][ T8490] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 598.859794][ T8392] team0: Port device team_slave_1 added [ 605.792270][ T8724] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 605.792332][ T8724] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 605.808416][ T8724] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 605.808479][ T8724] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 606.731325][ T13] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 607.020836][ T8490] team0: Port device team_slave_0 added [ 607.024997][ T8490] team0: Port device team_slave_1 added [ 608.379101][ T8728] netlink: 20 bytes leftover after parsing attributes in process `syz.2.628'. [ 610.268522][ T61] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 610.294225][ T61] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 610.297049][ T61] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 610.300900][ T61] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 610.302072][ T61] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 611.220029][ T61] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11 [ 611.997145][ T8490] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 611.997163][ T8490] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 611.997190][ T8490] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 612.001670][ T8490] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 612.001688][ T8490] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 612.001715][ T8490] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 612.879928][ T61] Bluetooth: hci2: command tx timeout [ 614.963021][ T61] Bluetooth: hci2: command tx timeout [ 620.326881][ T61] Bluetooth: hci2: command tx timeout [ 620.558177][ T994] kworker/1:2 (994) used greatest stack depth: 18320 bytes left [ 621.797500][ T44] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 621.947452][ T44] usb 4-1: Using ep0 maxpacket: 32 [ 621.957036][ T44] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 621.957077][ T44] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 621.957097][ T44] usb 4-1: Product: syz [ 621.957111][ T44] usb 4-1: Manufacturer: syz [ 621.957124][ T44] usb 4-1: SerialNumber: syz [ 622.129691][ T44] usb 4-1: config 0 descriptor?? [ 622.152234][ T44] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 622.731478][ T61] Bluetooth: hci2: command tx timeout [ 623.193894][ T44] gspca_stk1135: reg_w 0x2 err -110 [ 623.194946][ T44] gspca_stk1135: serial bus timeout: status=0x00 [ 623.194958][ T44] gspca_stk1135: Sensor write failed [ 623.194990][ T44] gspca_stk1135: serial bus timeout: status=0x00 [ 623.194999][ T44] gspca_stk1135: Sensor write failed [ 623.195030][ T44] gspca_stk1135: serial bus timeout: status=0x00 [ 623.195040][ T44] gspca_stk1135: Sensor read failed [ 623.195071][ T44] gspca_stk1135: serial bus timeout: status=0x00 [ 623.195081][ T44] gspca_stk1135: Sensor read failed [ 623.195087][ T44] gspca_stk1135: Detected sensor type unknown (0x0) [ 623.195121][ T44] gspca_stk1135: serial bus timeout: status=0x00 [ 623.195131][ T44] gspca_stk1135: Sensor read failed [ 623.195162][ T44] gspca_stk1135: serial bus timeout: status=0x00 [ 623.195171][ T44] gspca_stk1135: Sensor read failed [ 623.195202][ T44] gspca_stk1135: serial bus timeout: status=0x00 [ 623.195211][ T44] gspca_stk1135: Sensor write failed [ 623.195243][ T44] gspca_stk1135: serial bus timeout: status=0x00 [ 623.195252][ T44] gspca_stk1135: Sensor write failed [ 623.195353][ T44] stk1135 4-1:0.0: probe with driver stk1135 failed with error -110 [ 623.926468][ T13] bridge_slave_1: left allmulticast mode [ 623.926499][ T13] bridge_slave_1: left promiscuous mode [ 623.926746][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 623.999390][ T5823] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 624.007136][ T5823] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 624.023940][ T5823] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 624.025251][ T5823] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 624.026307][ T13] bridge_slave_0: left allmulticast mode [ 624.026338][ T13] bridge_slave_0: left promiscuous mode [ 624.026824][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 624.054713][ T5823] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 624.136945][ T13] bridge_slave_1: left allmulticast mode [ 624.136975][ T13] bridge_slave_1: left promiscuous mode [ 624.154975][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 624.417997][ T9] usb 4-1: USB disconnect, device number 3 [ 624.585743][ T13] bridge_slave_0: left allmulticast mode [ 624.586564][ T13] bridge_slave_0: left promiscuous mode [ 624.629136][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 625.399844][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 625.399936][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.199342][ T8798] Bluetooth: hci1: command tx timeout [ 628.218276][ T8798] Bluetooth: hci1: command tx timeout [ 628.830961][ T8825] vivid-003: kernel_thread() failed [ 630.297427][ T8798] Bluetooth: hci1: command tx timeout [ 632.758519][ T8798] Bluetooth: hci1: command tx timeout [ 637.731517][ T8875] syz.4.661 (8875): drop_caches: 2 [ 645.318528][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 645.460864][ T8907] netlink: 32 bytes leftover after parsing attributes in process `syz.4.667'. [ 645.608351][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 646.544579][ T13] bond0 (unregistering): Released all slaves [ 647.790402][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 647.887988][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 648.013384][ T13] bond0 (unregistering): Released all slaves [ 651.857133][ T8955] overlayfs: failed to clone upperpath [ 655.384711][ T8973] syz.4.685 (8973) used greatest stack depth: 17752 bytes left [ 656.768327][ T8974] syz.3.686 (8974) used greatest stack depth: 16248 bytes left [ 661.235898][ T8742] chnl_net:caif_netlink_parms(): no params data found [ 661.427799][ T13] hsr_slave_0: left promiscuous mode [ 661.696136][ T13] hsr_slave_1: left promiscuous mode [ 661.697042][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 661.697058][ T13] batadv0: mtu less than device minimum [ 661.712318][ T13] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 661.725937][ T13] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 662.487042][ T13] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 662.497555][ T13] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 662.507852][ T13] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 662.520345][ T13] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 662.530578][ T13] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 662.640425][ T13] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 662.688291][ T13] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 662.809822][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 662.853510][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 666.057448][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 666.448434][ T13] batman_adv: batadv0: Interface deactivated: dummy0 [ 666.448464][ T13] batman_adv: batadv0: Removing interface: dummy0 [ 667.784210][ T13] veth1_macvtap: left promiscuous mode [ 667.784342][ T13] veth0_macvtap: left promiscuous mode [ 667.784669][ T13] veth1_vlan: left promiscuous mode [ 667.784876][ T13] veth0_vlan: left promiscuous mode [ 669.122427][ T61] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 669.136499][ T61] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 669.139150][ T61] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 669.141666][ T61] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 669.143753][ T61] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 670.516694][ T9063] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 671.178262][ T61] Bluetooth: hci5: command tx timeout [ 672.456607][ C0] vkms_vblank_simulate: vblank timer overrun [ 673.139980][ C0] vkms_vblank_simulate: vblank timer overrun [ 673.622822][ T61] Bluetooth: hci5: command tx timeout [ 673.622883][ C0] vkms_vblank_simulate: vblank timer overrun [ 674.083258][ C0] vkms_vblank_simulate: vblank timer overrun [ 676.107443][ T61] Bluetooth: hci5: command tx timeout [ 680.625665][ T61] Bluetooth: hci5: command tx timeout [ 686.141925][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.141974][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 696.859928][ T8798] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 696.881370][ T8798] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 696.882919][ T8798] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 696.884748][ T8798] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 696.885845][ T8798] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 699.079642][ T61] Bluetooth: hci6: command tx timeout [ 699.622142][ T13] team0 (unregistering): Port device team_slave_1 removed [ 699.895008][ T13] team0 (unregistering): Port device team_slave_0 removed [ 701.101090][ T61] Bluetooth: hci6: command tx timeout [ 703.657746][ T61] Bluetooth: hci6: command tx timeout [ 705.747827][ T61] Bluetooth: hci6: command tx timeout [ 708.163530][ T9188] overlayfs: failed to resolve './file0': -2 [ 712.626892][ T9226] trusted_key: encrypted_key: keyword 'new¼°±‹U£_5' not recognized [ 713.314477][ T9136] chnl_net:caif_netlink_parms(): no params data found [ 713.512284][ T9050] chnl_net:caif_netlink_parms(): no params data found [ 724.693758][ T5790] IPVS: starting estimator thread 0... [ 724.726031][ T9136] bridge0: port 1(bridge_slave_0) entered blocking state [ 724.726188][ T9136] bridge0: port 1(bridge_slave_0) entered disabled state [ 724.726405][ T9136] bridge_slave_0: entered allmulticast mode [ 724.757002][ T9136] bridge_slave_0: entered promiscuous mode [ 724.813481][ T9269] IPVS: using max 12 ests per chain, 28800 per kthread [ 725.539967][ T9136] bridge0: port 2(bridge_slave_1) entered blocking state [ 725.540197][ T9136] bridge0: port 2(bridge_slave_1) entered disabled state [ 725.540459][ T9136] bridge_slave_1: entered allmulticast mode [ 725.575113][ T9136] bridge_slave_1: entered promiscuous mode [ 725.847818][ T9050] bridge0: port 1(bridge_slave_0) entered blocking state [ 725.847995][ T9050] bridge0: port 1(bridge_slave_0) entered disabled state [ 725.848265][ T9050] bridge_slave_0: entered allmulticast mode [ 726.482643][ T9050] bridge_slave_0: entered promiscuous mode [ 727.056822][ T9050] bridge0: port 2(bridge_slave_1) entered blocking state [ 727.804826][ T9050] bridge0: port 2(bridge_slave_1) entered disabled state [ 727.861352][ T9050] bridge_slave_1: entered allmulticast mode [ 728.367100][ T9050] bridge_slave_1: entered promiscuous mode [ 729.059523][ T9136] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 729.076754][ T9136] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 730.283599][ T8798] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 730.355063][ T8798] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 730.389041][ T8798] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 730.420136][ T8798] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 730.421066][ T8798] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 730.939003][ T9136] team0: Port device team_slave_0 added [ 731.897580][ T9136] team0: Port device team_slave_1 added [ 732.617531][ T61] Bluetooth: hci1: command tx timeout [ 736.047101][ T61] Bluetooth: hci1: command tx timeout [ 736.661718][ T9136] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 736.661737][ T9136] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 736.661764][ T9136] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 736.814604][ T9136] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 736.814641][ T9136] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 736.814669][ T9136] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 736.900026][ T13] bridge_slave_1: left allmulticast mode [ 736.900060][ T13] bridge_slave_1: left promiscuous mode [ 736.906761][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 737.012029][ T13] bridge_slave_0: left allmulticast mode [ 737.012064][ T13] bridge_slave_0: left promiscuous mode [ 737.012400][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 737.092052][ T13] bridge_slave_1: left allmulticast mode [ 737.092088][ T13] bridge_slave_1: left promiscuous mode [ 737.093113][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 737.150545][ T13] bridge_slave_0: left allmulticast mode [ 737.150581][ T13] bridge_slave_0: left promiscuous mode [ 737.150878][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 737.926308][ T13] bond0 (unregistering): Released all slaves [ 738.060827][ T61] Bluetooth: hci1: command tx timeout [ 740.975535][ T61] Bluetooth: hci1: command tx timeout [ 741.676098][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 741.842634][ C1] vkms_vblank_simulate: vblank timer overrun [ 742.262482][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 745.340422][ C1] vkms_vblank_simulate: vblank timer overrun [ 745.427664][ T13] bond0 (unregistering): Released all slaves [ 745.988385][ C1] vkms_vblank_simulate: vblank timer overrun [ 746.209037][ C1] vkms_vblank_simulate: vblank timer overrun [ 748.151350][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 748.151428][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.173138][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 748.623032][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 752.305477][ T13] bond0 (unregistering): Released all slaves [ 752.638759][ T8798] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 752.660512][ T8798] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 752.662481][ T8798] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 752.664095][ T8798] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 752.665148][ T8798] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 754.998011][ T8798] Bluetooth: hci2: command tx timeout [ 756.011977][ T9295] chnl_net:caif_netlink_parms(): no params data found [ 757.496091][ T8798] Bluetooth: hci2: command tx timeout [ 759.291669][ T8798] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11 [ 759.497301][ T8798] Bluetooth: hci2: command tx timeout [ 761.577314][ T8798] Bluetooth: hci2: command tx timeout [ 762.094524][ T9459] syz.4.798 (9459): drop_caches: 2 [ 762.343895][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 762.358080][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 763.334743][ T9465] overlayfs: failed to resolve './file1': -2 [ 766.058102][ T13] team0 (unregistering): Port device team_slave_1 removed [ 766.585999][ T8798] Bluetooth: hci3: unexpected event for opcode 0x2006 [ 767.127939][ T13] team0 (unregistering): Port device team_slave_0 removed [ 768.437895][ T8798] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11 [ 769.040488][ T13] team0 (unregistering): Port device team_slave_1 removed [ 771.061135][ T8798] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11 [ 772.821520][ T9508] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 772.821712][ T9508] overlayfs: failed to set xattr on upper [ 772.821746][ T9508] overlayfs: ...falling back to redirect_dir=nofollow. [ 772.821779][ T9508] overlayfs: ...falling back to index=off. [ 772.821812][ T9508] overlayfs: ...falling back to uuid=null. [ 773.162533][ T13] team0 (unregistering): Port device team_slave_0 removed [ 776.224664][ T9295] bridge0: port 1(bridge_slave_0) entered blocking state [ 776.224823][ T9295] bridge0: port 1(bridge_slave_0) entered disabled state [ 776.225081][ T9295] bridge_slave_0: entered allmulticast mode [ 776.253007][ T9295] bridge_slave_0: entered promiscuous mode [ 776.347495][ T9407] chnl_net:caif_netlink_parms(): no params data found [ 776.373369][ T9295] bridge0: port 2(bridge_slave_1) entered blocking state [ 776.373624][ T9295] bridge0: port 2(bridge_slave_1) entered disabled state [ 776.373874][ T9295] bridge_slave_1: entered allmulticast mode [ 776.431998][ T9295] bridge_slave_1: entered promiscuous mode [ 778.532679][ C0] ------------[ cut here ]------------ [ 778.532695][ C0] refcount_t: addition on 0; use-after-free. [ 778.533200][ C0] WARNING: CPU: 0 PID: 16 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 [ 778.533245][ C0] Modules linked in: [ 778.533266][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 778.533289][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 778.533301][ C0] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 778.533327][ C0] Code: 00 00 e8 49 72 3e fd 5b 41 5e c3 cc cc cc cc cc e8 3b 72 3e fd c6 05 8f cb 61 0a 01 90 48 c7 c7 60 9e 3e 8b e8 a7 ba 02 fd 90 <0f> 0b 90 90 eb d7 e8 1b 72 3e fd c6 05 70 cb 61 0a 01 90 48 c7 c7 [ 778.533344][ C0] RSP: 0018:ffffc90000157830 EFLAGS: 00010246 [ 778.533363][ C0] RAX: 1246556dba7b3d00 RBX: 0000000000000002 RCX: ffff88801bea5a00 [ 778.533379][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 778.533392][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100 [ 778.533404][ C0] R10: dffffc0000000000 R11: ffffed101710487b R12: 1ffff9200002af18 [ 778.533420][ C0] R13: ffff888053a6a258 R14: ffff888053a69e80 R15: dffffc0000000000 [ 778.533436][ C0] FS: 0000000000000000(0000) GS:ffff888126bcb000(0000) knlGS:0000000000000000 [ 778.533453][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 778.533468][ C0] CR2: 00005555733a75c8 CR3: 0000000029c2c000 CR4: 00000000003526f0 [ 778.533497][ C0] Call Trace: [ 778.533506][ C0] [ 778.533517][ C0] mptcp_schedule_work+0x164/0x1a0 [ 778.533552][ C0] mptcp_tout_timer+0x21/0xa0 [ 778.533587][ C0] call_timer_fn+0x17e/0x5f0 [ 778.533615][ C0] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 778.533638][ C0] ? call_timer_fn+0xbe/0x5f0 [ 778.533665][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 778.533704][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 778.533729][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 778.533750][ C0] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 778.533775][ C0] __run_timer_base+0x648/0x970 [ 778.533820][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 778.533868][ C0] run_timer_softirq+0xb7/0x180 [ 778.533897][ C0] handle_softirqs+0x22f/0x710 [ 778.533937][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 778.533977][ C0] run_ktimerd+0xcf/0x190 [ 778.534006][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 778.534031][ C0] ? schedule+0x91/0x360 [ 778.534063][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 778.534089][ C0] smpboot_thread_fn+0x53f/0xa60 [ 778.534118][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 778.534156][ C0] kthread+0x711/0x8a0 [ 778.534192][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 778.534219][ C0] ? __pfx_kthread+0x10/0x10 [ 778.534246][ C0] ? rt_spin_unlock+0x150/0x200 [ 778.534292][ C0] ? rt_spin_unlock+0x161/0x200 [ 778.534319][ C0] ? __pfx_kthread+0x10/0x10 [ 778.534349][ C0] ret_from_fork+0x4b9/0x870 [ 778.534377][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 778.534411][ C0] ? __switch_to_asm+0x39/0x70 [ 778.534436][ C0] ? __switch_to_asm+0x33/0x70 [ 778.534460][ C0] ? __pfx_kthread+0x10/0x10 [ 778.534490][ C0] ret_from_fork_asm+0x1a/0x30 [ 778.534545][ C0] [ 778.534555][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 778.534576][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 778.534598][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 778.534608][ C0] Call Trace: [ 778.534616][ C0] [ 778.534624][ C0] dump_stack_lvl+0x99/0x250 [ 778.534649][ C0] ? __asan_memcpy+0x40/0x70 [ 778.534673][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 778.534697][ C0] ? __pfx__printk+0x10/0x10 [ 778.534736][ C0] vpanic+0x237/0x6d0 [ 778.534758][ C0] ? __pfx_vpanic+0x10/0x10 [ 778.534792][ C0] panic+0xb9/0xc0 [ 778.534812][ C0] ? __pfx_panic+0x10/0x10 [ 778.534853][ C0] __warn+0x31b/0x4b0 [ 778.534870][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 778.534899][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 778.534924][ C0] report_bug+0x2be/0x4f0 [ 778.534947][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 778.534975][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 778.535001][ C0] ? refcount_warn_saturate+0xfc/0x1d0 [ 778.535029][ C0] handle_bug+0x84/0x160 [ 778.535067][ C0] exc_invalid_op+0x1a/0x50 [ 778.535095][ C0] asm_exc_invalid_op+0x1a/0x20 [ 778.535115][ C0] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 778.535142][ C0] Code: 00 00 e8 49 72 3e fd 5b 41 5e c3 cc cc cc cc cc e8 3b 72 3e fd c6 05 8f cb 61 0a 01 90 48 c7 c7 60 9e 3e 8b e8 a7 ba 02 fd 90 <0f> 0b 90 90 eb d7 e8 1b 72 3e fd c6 05 70 cb 61 0a 01 90 48 c7 c7 [ 778.535159][ C0] RSP: 0018:ffffc90000157830 EFLAGS: 00010246 [ 778.535178][ C0] RAX: 1246556dba7b3d00 RBX: 0000000000000002 RCX: ffff88801bea5a00 [ 778.535193][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 778.535207][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100 [ 778.535219][ C0] R10: dffffc0000000000 R11: ffffed101710487b R12: 1ffff9200002af18 [ 778.535235][ C0] R13: ffff888053a6a258 R14: ffff888053a69e80 R15: dffffc0000000000 [ 778.535274][ C0] mptcp_schedule_work+0x164/0x1a0 [ 778.535307][ C0] mptcp_tout_timer+0x21/0xa0 [ 778.535331][ C0] call_timer_fn+0x17e/0x5f0 [ 778.535357][ C0] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 778.535378][ C0] ? call_timer_fn+0xbe/0x5f0 [ 778.535405][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 778.535444][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 778.535475][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 778.535495][ C0] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 778.535520][ C0] __run_timer_base+0x648/0x970 [ 778.535573][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 778.535620][ C0] run_timer_softirq+0xb7/0x180 [ 778.535647][ C0] handle_softirqs+0x22f/0x710 [ 778.535684][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 778.535722][ C0] run_ktimerd+0xcf/0x190 [ 778.535769][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 778.535795][ C0] ? schedule+0x91/0x360 [ 778.535827][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 778.535851][ C0] smpboot_thread_fn+0x53f/0xa60 [ 778.535879][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 778.535916][ C0] kthread+0x711/0x8a0 [ 778.535949][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 778.535974][ C0] ? __pfx_kthread+0x10/0x10 [ 778.536002][ C0] ? rt_spin_unlock+0x150/0x200 [ 778.536039][ C0] ? rt_spin_unlock+0x161/0x200 [ 778.536067][ C0] ? __pfx_kthread+0x10/0x10 [ 778.536100][ C0] ret_from_fork+0x4b9/0x870 [ 778.536129][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 778.536164][ C0] ? __switch_to_asm+0x39/0x70 [ 778.536190][ C0] ? __switch_to_asm+0x33/0x70 [ 778.536214][ C0] ? __pfx_kthread+0x10/0x10 [ 778.536247][ C0] ret_from_fork_asm+0x1a/0x30 [ 778.536298][ C0] [ 778.536666][ C0] Kernel Offset: disabled