last executing test programs: 3m31.276058908s ago: executing program 4 (id=248): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) fsopen(&(0x7f0000000540)='ocfs2\x00', 0x1) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x2}}, 0x2e) r2 = getpid() ioctl$sock_FIOSETOWN(r1, 0x8901, &(0x7f0000000300)=r2) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x48, r3, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'macsec0\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x20008000}, 0x30) 3m30.14200871s ago: executing program 4 (id=249): openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000380), 0x121682, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x1, 0x803, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r0 = socket$packet(0x11, 0x2, 0x300) socketpair(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) bind$packet(r0, &(0x7f00000000c0)={0x11, 0x18, r2, 0x1, 0x81}, 0x14) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x0, 0x0, 0xffffffff}, 0x1c) 3m27.121011167s ago: executing program 4 (id=257): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x10, 0x6, 0x6fc6f3cd, 0x401, 0x1, 0xfffffffffffffffa, 0x251, 0x1, 0x4517ece3, 0x1, 0x900000000000, 0x6, 0x2, 0x100000000, 0x4], 0x6000, 0x12}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x5, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x1c, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3m23.908907613s ago: executing program 4 (id=265): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_io_uring_setup(0x275c, &(0x7f0000001280)={0x0, 0x5bce, 0x80, 0xffffffff, 0x40001c8}, &(0x7f0000001300), &(0x7f0000001180)) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f0000002300)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x3100) 3m21.587817586s ago: executing program 4 (id=267): socket$inet6(0xa, 0x2, 0x3a) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$packet(0x11, 0x3, 0x300) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000040)=0x56c, 0x4) ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'bridge0\x00', 0x0}) sendto$packet(r2, &(0x7f0000000100)="09000000e700140000007e7bfbf788a83baa9900d6f18f8e950088a800008100", 0x20, 0x24000801, &(0x7f0000000300)={0x11, 0x8100, r6, 0x1, 0x8, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}}, 0x14) 3m19.73177299s ago: executing program 4 (id=269): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x7bff, &(0x7f0000000180)={&(0x7f0000000140)=@delqdisc={0xfffffffffffffc9b}, 0x49d32d254ae22f79}}, 0x0) 3m4.587558065s ago: executing program 32 (id=269): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x7bff, &(0x7f0000000180)={&(0x7f0000000140)=@delqdisc={0xfffffffffffffc9b}, 0x49d32d254ae22f79}}, 0x0) 1m55.269466411s ago: executing program 2 (id=410): r0 = gettid() timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x80801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f00000002c0)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f00000003c0)="1eb3bf65654102f4af4d221c8bd458d1e7cbdaf3657d0f34e790c85bdba7931791f6d15c3e681411f7a496c0dace6a3c242f5b016fef8a9cedaf6bec340dee49474360d34cb800", 0x0, 0x48) r4 = dup(r3) r5 = syz_io_uring_setup(0x10e, &(0x7f00000000c0)={0x0, 0x8d2dc, 0x0, 0xffffffff}, &(0x7f00000003c0)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r4, 0x0, 0x0, 0x0, 0x80000}) io_uring_enter(r5, 0x47f5, 0x0, 0x0, 0x0, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) r9 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000240)={r9, 0x58, &(0x7f0000000700)}, 0x6) 1m53.646559068s ago: executing program 2 (id=414): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) r3 = syz_io_uring_setup(0x10c, &(0x7f00000000c0)={0x0, 0x8006d89, 0x400, 0x2, 0x66}, &(0x7f0000000400)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r4, r5, &(0x7f00000004c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x100}) io_uring_enter(r3, 0x8aa, 0x0, 0x0, 0x0, 0x0) 1m51.331884037s ago: executing program 2 (id=418): r0 = syz_init_net_socket$ax25(0x3, 0x3, 0xff) getpeername$ax25(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)='ub\xce\x00\x00\x00') mount(&(0x7f0000000180), &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='ubifs\x00', 0x8000, 0x0) 1m48.286938006s ago: executing program 2 (id=420): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x820040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28) ioctl$KVM_RUN(r2, 0xae80, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 1m42.076764261s ago: executing program 2 (id=430): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SET_MM(0x23, 0x5, &(0x7f0000351000/0x2000)=nil) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') preadv(r3, &(0x7f00000000c0)=[{&(0x7f0000000640)=""/4112, 0x1010}], 0x1, 0x4000, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x48) fcntl$lock(0xffffffffffffffff, 0x26, 0x0) r4 = openat$rtc(0xffffffffffffff9c, 0x0, 0x182800, 0x0) ioctl$RTC_AIE_OFF(r4, 0x7002) 1m39.093756054s ago: executing program 2 (id=432): socket$inet6(0xa, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000500)=@newtaction={0x64, 0x30, 0x1, 0x0, 0xfffffefd, {}, [{0x50, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x4, 0x8, 0x20000000, 0x1ff, 0x8}, 0x41}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x85}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) sendmsg$inet6(r0, 0x0, 0x4004000) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r1, &(0x7f0000000140)="96", 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000180)=0x2, 0x4) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x7fffffff}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0) sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="340000001100010027bd70000500000000000000", @ANYRES32=0x0, @ANYBLOB="20100000000004001400030076657468315f766c616e00"], 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x4000000) 1m23.441120309s ago: executing program 33 (id=432): socket$inet6(0xa, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000500)=@newtaction={0x64, 0x30, 0x1, 0x0, 0xfffffefd, {}, [{0x50, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x4, 0x8, 0x20000000, 0x1ff, 0x8}, 0x41}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x85}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) sendmsg$inet6(r0, 0x0, 0x4004000) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r1, &(0x7f0000000140)="96", 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000180)=0x2, 0x4) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x7fffffff}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0) sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="340000001100010027bd70000500000000000000", @ANYRES32=0x0, @ANYBLOB="20100000000004001400030076657468315f766c616e00"], 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x4000000) 14.583794836s ago: executing program 3 (id=535): io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1ff, 0xffffffffffffffff, 0x0, 0x0, 0x7}]) r0 = socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00'}, 0x10) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f00005b8000/0x3000)=nil, 0x3000, &(0x7f0000000300)='GPL\x00') recvmsg(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x4000190, 0x0) syz_emit_ethernet(0xc2, &(0x7f0000000200)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x1, 0xb4, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@end, @end]}}, {0x4e24, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x1, "65a252e7cb7a5918c004a9971a46afced2c32642b1ec9fe34818d8ccd82041b7", "c930713c550e74ee13c2638ac75b2a9666efd31a34fce4498df8105d8bd8ed283a220c3a9becd8a70d3607ea8270d351", "ae12e16b560f2f8ac4ca3e745ce285f12f6e8719e7f1e7f286a68f76", {"900aa8158f80d69f1fb587086447e93e", "55e824bb69e833bd36300b088233545a"}}}}}}}, 0x0) syz_emit_ethernet(0x2e, &(0x7f00000005c0)={@local, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x100, @void}}}}}}}, 0x0) 14.580277856s ago: executing program 0 (id=536): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) pwritev(r0, &(0x7f0000000600)=[{&(0x7f00000000c0)="a8", 0x1}, {&(0x7f0000000180)="e7ab00", 0x3}], 0x2, 0x2, 0xc78) socket$tipc(0x1e, 0x5, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)) r1 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000300)={'pcl711\x00', [0x2f00, 0x6, 0xd09a, 0x2, 0x3, 0xfffffffe, 0x20000004, 0x6, 0xffe, 0x9, 0x10, 0x3, 0x4, 0x0, 0xffff, 0x100006, 0x5, 0xa, 0x1000, 0x30000, 0x10000, 0x2, 0x1, 0xe2df, 0x2, 0x80008001, 0x7, 0xb, 0x7, 0x5, 0x470f]}) ioctl$COMEDI_INSN(r1, 0x8028640c, &(0x7f0000000000)={0x4000000, 0xf, &(0x7f0000000080)=[0x3, 0xfff, 0xc, 0xb, 0x660, 0xfffffff9, 0xe0, 0xfffffff7, 0x9, 0xf5, 0xffffffff, 0x2, 0x0, 0x4, 0x6], 0x0, 0x4}) prlimit64(0x0, 0xe, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x44080) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x35c, 0x0) r2 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102) writev(r2, 0x0, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f00000002c0)={"8022e64e74e6f67b82f0d8a62127912e8e0facb291d8f00126635901181631134a20c7ef49c18bc0bbece53852b95bb8302f6c2286d6b0fb5b13bbdd128c382cebf211c3853f6fb48ab335f3ac853cf7c64d4f27ece7c262cdabfa5660cde1d28dc3eab72b8cfa5b08d6129c86ca79bd9dc43c37e75246dcf04b3816fd90365c877a2c10e8ef4c444ecb4784a0afbf5e962e390bb1ad3bbce049ae51325e79f5ab8bfa80b35fff1da6833ec7fa9ebfc93da9e4b190e5e3a752eca97dc669a937e6ab654169108a38d414fb90e1b894494f314298428ef482b0ff9084c95e735b6b09ca2de115d77f6a657fb7da142c896f9dce212aa58af72879da88687ce4620501a4ba17e906a02662f902745e8ddfb50874ce099ac0fc00ed05470d176364b1f30495b4a088bdde663172734fa8107e5fc0cd4fa60869c83a6669a4ea3040dbaa38f2571543d8521e37ab5aa5be850e3ade4b9eb09e6de146aa0c8fc98fea7bb50efa589af6978ec8d970f908dc4676ea3d15b3b6ebe8ae56a6292704900e611367b278b6716b4d04279792aeb649688ac6bcb7a5e58cbab0c07c8916a7cef3bb0d6303523bad9c0ad5f3024dfbdf364792b75f0ba19d56c5b3bf645fc40061edf7e042de07fc652ec4958373d9f3af542adc030334cc63caa85c8a2628bb1d257c746b2cc57798c23e30f2799f5f392f6af7a3d0cc47299928634afd54ce987c1951989ef81b39f5c7ba4cb2a74250f15261fedf3a25396b83199151ea4b406c2e1aa3135f2a77a8d75b75ef0b25efcdb3b031d8eaed29862173e93994f8d6e6e70df79978551804744eefa635c71d4b38da513f3ea8f48853322cfe5ef1b1ee632e0fcd3eae1993d883fc91f0f2437dce252b6ce5175e7d119afcb9c3c92baf3df6716ce61b54d0dd7dda2360a4c93e26f3eaa4a1637d108966074638697f5b374cf9ae6b32dce29da73fece352c94a1bdb45d6e0fe98533562ee5e55d2f2d3ce5c301ca9c5706a1d0605414f103878eb88169e6681297616b4e1c8c1a43a33f5d99b619962066e7c5698470772696f58dbed61d8507119769e30101f229e012a08b76c0d752cdb290d46f2504177164282fbd084a4817b5ed7448586bc3de1d30af5472e6b67d2ad120e1401ebdcc5358c8eff7e68f4a48aed32f55970a5a6a7c7dcba4887bc4bb1c7fde1610ed25f4f64f25a9f79fad21b5e558fcc97c120c0977a92f5471cc391edf228ff4bf7f9fc7b92737e32b3af48780cb96f5623b5f01dcd3cea45d72ccdb7a36682fd3094542726b24790534728f2c0b2757edc7599ccb170b2db42c9460c42082081ab86d9d5fc971b4d7987ee2c70ced65e08d74474763c6d6ec671c42f6acaa4ccbd2fe981121c04571c1794450b9650b0249f2a633e880ab386510ea86298112a2f01f0ac7f81ee00"}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f0000000000)=@x86={0xde, 0x1, 0x5, 0x0, 0x2, 0x4, 0x1, 0xc, 0x6, 0x3, 0x6, 0x3, 0x0, 0x7, 0x1, 0xbd, 0x0, 0x47, 0x5, '\x00', 0x4, 0x2}) 13.195394663s ago: executing program 3 (id=537): getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_GET(0xffffffffffffffff, 0x0, 0x4010) socket$inet6_udplite(0xa, 0x2, 0x88) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() syz_open_dev$usbfs(0x0, 0x8, 0x80) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsopen(0x0, 0x0) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000380)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r4, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r3, 0x3b89, &(0x7f00000002c0)={0x18, 0x3, r5, 0x0, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)}) 12.323115773s ago: executing program 1 (id=538): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$btrfs_control(0xffffffffffffff9c, 0x0, 0x60000, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000100)={0x47}, 0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0xc, &(0x7f0000000040)=@framed={{0x18, 0x7}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff, 0x6, 0x0, @val=@tracing}, 0x40) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) close_range(r4, 0xffffffffffffffff, 0x0) syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0) 11.719707015s ago: executing program 3 (id=539): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000004}, 0x94) poll(&(0x7f0000002a40), 0x0, 0x9) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x1e8629867d7bdaee, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r4 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r4, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000640)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff010000000000000000000000000001"], 0x110) 10.182049145s ago: executing program 0 (id=540): syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402609333340000000000109022400010000000009040000010301000009"], 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x100) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000180), 0x4) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000040), &(0x7f0000000540)={'enc=', 'oaep', ' hash=', {'crct10dif\x00'}}, 0x0, 0x0) keyctl$chown(0x4, 0x0, 0xee00, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x65, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x44}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80) 9.689042749s ago: executing program 1 (id=541): r0 = socket(0x2, 0x80805, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @mcast2, 0xb}, 0x1c) close(0x3) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000080)=@assoc_value={0x0, 0x6}, 0x8) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet(0x2, 0x2, 0x1) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x4010) sendmsg$inet(r5, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="2d0000008058", 0x6}], 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027f00000100000000001c000000000000000000000008"], 0x40}, 0x4004814) 9.654476078s ago: executing program 3 (id=542): fsopen(0x0, 0x1) socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000300)={0x52, 0x0, 0x8, {0x0, 0x1}, {0x74, 0x2}, @const={0x0, {0x0, 0x3400}}}) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x47bc, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000020601080000000000000000000000080c00078008000640200000000500010006000000050005000a00000005000400000000000900020073797a31000000000c000300686173683a6970"], 0x50}}, 0x20040000) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c0007801800018014000240"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) 7.320265104s ago: executing program 1 (id=543): socket$inet_udp(0x2, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffecf) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x10}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) read$FUSE(r4, &(0x7f0000000180)={0x2020}, 0x143b) madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x15) madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3) 5.271011726s ago: executing program 0 (id=544): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000240)=0x3) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) fstat(0xffffffffffffffff, 0x0) ioprio_get$uid(0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) r2 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000200)=@usbdevfs_driver={0x0, 0x80805513, &(0x7f0000000580)}) read$FUSE(0xffffffffffffffff, &(0x7f0000001900)={0x2020}, 0x2020) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r3, 0x29, 0x1a, &(0x7f0000000000)=0x9, 0xe7) keyctl$set_reqkey_keyring(0xe, 0x1) listen(r3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x4) writev(r4, &(0x7f0000000140)=[{&(0x7f0000000200)="580000001400add4275a1bf00c45b45602067fffffff81005e22000d00ff0028925aa8002000eaa57b00090080000efffeffe809000000ff0000f03a0200f0ffffffffffffffffffffffffe7ee0000000000000000020000", 0x58}], 0x1) 4.835446328s ago: executing program 0 (id=545): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="280000001400010029bd7008fddbdf2510"], 0x28}, 0x1, 0x0, 0x0, 0x801}, 0x8000) sendmsg$NL80211_CMD_TDLS_MGMT(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x0, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) socket(0x40000000015, 0x5, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000008c0)=@migrate={0xd8, 0x21, 0x1, 0x0, 0x1, {{@in, @in6=@remote}, 0x1000000}, [@migrate={0x50, 0x11, [{@in6=@private1, @in=@empty, @in=@multicast2, @in6=@empty, 0x6c, 0x1, 0x0, 0x3506, 0x2, 0x2}]}, @policy_type={0xa}, @user_kmaddress={0x2c, 0x13, {@in6=@empty, @in=@private=0xa010101, 0x0, 0x2}}]}, 0xd8}}, 0x0) 4.79540041s ago: executing program 1 (id=546): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=@framed, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) close(0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeeb, 0x8031, 0xffffffffffffffff, 0x4000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r5, 0x80046402, 0x0) write(r1, &(0x7f00000002c0)="23000000010006", 0x7) 3.573825311s ago: executing program 3 (id=547): sched_setscheduler(0x0, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}}) close(r4) 2.688724697s ago: executing program 1 (id=548): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) bpf$MAP_CREATE(0x0, 0x0, 0x50) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, 0x0, &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={[], [], 0x2f}) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000002000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f00000000c0)=r6, 0x4) sendmsg$inet(r4, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x48c0) mount$overlay(0x0, 0x0, 0x0, 0xc0080, 0x0) 2.154416915s ago: executing program 0 (id=549): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000005700)={{r3, 0xffffffffffffffff}, &(0x7f0000005680), 0x0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1b, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000004}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x1e8629867d7bdaee, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) r7 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_MSFILTER(r7, 0x29, 0x30, &(0x7f0000000640)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff010000000000000000000000000001"], 0x110) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYRES16], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 946.769099ms ago: executing program 3 (id=550): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000180), 0x2, 0x141101) r1 = dup(r0) ioctl$BTRFS_IOC_LOGICAL_INO(r0, 0xc0389424, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x1, 0x0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f00000002c0)={0x0, 0x100f2cf, 0x10100, 0x0, 0x163}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {0x90c0}, 0x1}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) r6 = openat$cgroup_type(r5, &(0x7f0000000300), 0x2, 0x0) write$cgroup_type(r6, &(0x7f0000000280), 0x9) r7 = openat$cgroup_procs(r5, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r7, &(0x7f0000000c40), 0x12) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r9 = openat$cgroup_ro(r8, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r9, &(0x7f0000000200)=0x1, 0x12) 141.98976ms ago: executing program 1 (id=551): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r3, 0xc0a85320, &(0x7f0000000340)={{0xb, 0xfc}, 'port1\x00', 0x0, 0x60004, 0x0, 0xffffffff, 0x6, 0x0, 0x0, 0x0, 0x1}) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r3, 0xc0a85352, &(0x7f0000000200)={{0x80, 0x9}, 'port1\x00', 0x89, 0x14, 0x4, 0xfffffeff, 0x0, 0x0, 0x200000, 0x0, 0x4875c99660ff2b2d}) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000280)='./file1\x00', &(0x7f0000000240)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r4, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x9, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xfffffff7}) 0s ago: executing program 0 (id=552): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mount$fuse(0x0, 0x0, 0x0, 0x2018081, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0) r3 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0) landlock_restrict_self(r3, 0x0) r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x2402, 0xf, 0x47425247, 0x3, 0x9, 0x9, 0x3, 0x3, 0x1, 0x8, 0x0, 0x2}}) landlock_restrict_self(r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.151' (ED25519) to the list of known hosts. [ 81.110832][ T5798] cgroup: Unknown subsys name 'net' [ 81.351527][ T5798] cgroup: Unknown subsys name 'cpuset' [ 81.407271][ T5798] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.149878][ T5798] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.899538][ T45] cfg80211: failed to load regulatory.db [ 87.171473][ T5828] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.172986][ T5828] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.177893][ T5828] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.178484][ T5828] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.179448][ T5828] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.180677][ T5828] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.183236][ T5828] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.188664][ T5828] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.197904][ T5828] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.207600][ T5828] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.261402][ T5829] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.290508][ T5829] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.298581][ T5829] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.302061][ T5829] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.302860][ T5829] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.323278][ T5830] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.329949][ T5830] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.333580][ T5831] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.338496][ T5830] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.339979][ T5830] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.340693][ T5830] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 87.349537][ T5827] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.350556][ T5827] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.365928][ T5827] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.368576][ T5827] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.098884][ T5821] chnl_net:caif_netlink_parms(): no params data found [ 88.183283][ T5815] chnl_net:caif_netlink_parms(): no params data found [ 88.328736][ T5814] chnl_net:caif_netlink_parms(): no params data found [ 88.473493][ T5822] chnl_net:caif_netlink_parms(): no params data found [ 88.684728][ T5816] chnl_net:caif_netlink_parms(): no params data found [ 88.938467][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.940053][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.940732][ T5821] bridge_slave_0: entered allmulticast mode [ 88.943594][ T5821] bridge_slave_0: entered promiscuous mode [ 89.069180][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.069329][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.069518][ T5821] bridge_slave_1: entered allmulticast mode [ 89.072269][ T5821] bridge_slave_1: entered promiscuous mode [ 89.208378][ T5819] Bluetooth: hci3: command tx timeout [ 89.218368][ T5815] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.218487][ T5815] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.218669][ T5815] bridge_slave_0: entered allmulticast mode [ 89.221331][ T5815] bridge_slave_0: entered promiscuous mode [ 89.287924][ T5819] Bluetooth: hci1: command tx timeout [ 89.366906][ T5819] Bluetooth: hci4: command tx timeout [ 89.367108][ T5819] Bluetooth: hci0: command tx timeout [ 89.400530][ T5815] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.400721][ T5815] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.401207][ T5815] bridge_slave_1: entered allmulticast mode [ 89.404559][ T5815] bridge_slave_1: entered promiscuous mode [ 89.446877][ T5827] Bluetooth: hci2: command tx timeout [ 89.512317][ T5814] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.512437][ T5814] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.512603][ T5814] bridge_slave_0: entered allmulticast mode [ 89.514365][ T5814] bridge_slave_0: entered promiscuous mode [ 89.710863][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.711093][ T5814] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.711232][ T5814] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.711407][ T5814] bridge_slave_1: entered allmulticast mode [ 89.713197][ T5814] bridge_slave_1: entered promiscuous mode [ 89.880708][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.022020][ T5815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.023806][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.023932][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.024105][ T5822] bridge_slave_0: entered allmulticast mode [ 90.026018][ T5822] bridge_slave_0: entered promiscuous mode [ 90.249912][ T5815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.250224][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.250372][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.250549][ T5822] bridge_slave_1: entered allmulticast mode [ 90.252282][ T5822] bridge_slave_1: entered promiscuous mode [ 90.481321][ T5814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.481615][ T5816] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.481736][ T5816] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.481891][ T5816] bridge_slave_0: entered allmulticast mode [ 90.485590][ T5816] bridge_slave_0: entered promiscuous mode [ 90.671693][ T5821] team0: Port device team_slave_0 added [ 90.676426][ T5814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.678390][ T5816] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.678577][ T5816] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.678749][ T5816] bridge_slave_1: entered allmulticast mode [ 90.681168][ T5816] bridge_slave_1: entered promiscuous mode [ 90.819095][ T5821] team0: Port device team_slave_1 added [ 90.970077][ T5815] team0: Port device team_slave_0 added [ 90.974785][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.211898][ T5815] team0: Port device team_slave_1 added [ 91.215356][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.286881][ T5827] Bluetooth: hci3: command tx timeout [ 91.302468][ T5816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.304797][ T5814] team0: Port device team_slave_0 added [ 91.366811][ T5827] Bluetooth: hci1: command tx timeout [ 91.446936][ T5819] Bluetooth: hci4: command tx timeout [ 91.447036][ T5827] Bluetooth: hci0: command tx timeout [ 91.458158][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.458171][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.458193][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.462703][ T5816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.470777][ T5814] team0: Port device team_slave_1 added [ 91.526886][ T5827] Bluetooth: hci2: command tx timeout [ 91.738475][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.738490][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.738513][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.978902][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.978916][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.978929][ T5815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.189066][ T5822] team0: Port device team_slave_0 added [ 92.190068][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.190080][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.190102][ T5815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.194683][ T5816] team0: Port device team_slave_0 added [ 92.196045][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.196053][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.196065][ T5814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.208108][ T5822] team0: Port device team_slave_1 added [ 92.230454][ T5816] team0: Port device team_slave_1 added [ 92.231883][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.231894][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.231917][ T5814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.791315][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.791338][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.791361][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.874640][ T5821] hsr_slave_0: entered promiscuous mode [ 92.875779][ T5821] hsr_slave_1: entered promiscuous mode [ 92.883458][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.883471][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.883493][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.892960][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.892973][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.892995][ T5816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.059008][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.059025][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.059048][ T5816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.069248][ T5815] hsr_slave_0: entered promiscuous mode [ 93.070433][ T5815] hsr_slave_1: entered promiscuous mode [ 93.071387][ T5815] debugfs: 'hsr0' already exists in 'hsr' [ 93.071513][ T5815] Cannot create hsr debugfs directory [ 93.244101][ T5814] hsr_slave_0: entered promiscuous mode [ 93.244848][ T5814] hsr_slave_1: entered promiscuous mode [ 93.245363][ T5814] debugfs: 'hsr0' already exists in 'hsr' [ 93.245382][ T5814] Cannot create hsr debugfs directory [ 93.366795][ T5827] Bluetooth: hci3: command tx timeout [ 93.446999][ T5827] Bluetooth: hci1: command tx timeout [ 93.536772][ T5827] Bluetooth: hci0: command tx timeout [ 93.536803][ T5827] Bluetooth: hci4: command tx timeout [ 93.607735][ T5819] Bluetooth: hci2: command tx timeout [ 93.681465][ T5822] hsr_slave_0: entered promiscuous mode [ 93.682777][ T5822] hsr_slave_1: entered promiscuous mode [ 93.683634][ T5822] debugfs: 'hsr0' already exists in 'hsr' [ 93.683656][ T5822] Cannot create hsr debugfs directory [ 94.082366][ T5816] hsr_slave_0: entered promiscuous mode [ 94.083080][ T5816] hsr_slave_1: entered promiscuous mode [ 94.083584][ T5816] debugfs: 'hsr0' already exists in 'hsr' [ 94.083601][ T5816] Cannot create hsr debugfs directory [ 95.229272][ T5821] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 95.252958][ T5821] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 95.283845][ T5821] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 95.321683][ T5821] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 95.447443][ T5819] Bluetooth: hci3: command tx timeout [ 95.464543][ T5814] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 95.483993][ T5814] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 95.521724][ T5814] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 95.527168][ T5819] Bluetooth: hci1: command tx timeout [ 95.574657][ T5814] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.606844][ T5819] Bluetooth: hci4: command tx timeout [ 95.606875][ T5819] Bluetooth: hci0: command tx timeout [ 95.687237][ T5827] Bluetooth: hci2: command tx timeout [ 95.720109][ T5822] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 95.754049][ T5822] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 95.798573][ T5822] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 95.843005][ T5822] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 95.981167][ T5815] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 96.035797][ T5815] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 96.072479][ T5815] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 96.112759][ T5815] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 96.274056][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.274996][ T5816] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 96.326571][ T5816] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 96.370537][ T5816] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 96.412230][ T5816] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 96.499624][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.538107][ T5814] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.549424][ T1117] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.550046][ T1117] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.592495][ T1400] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.593250][ T1400] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.658489][ T5814] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.685338][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.713119][ T1117] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.713341][ T1117] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.763275][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.763375][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.806093][ T5822] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.837241][ T5815] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.844956][ T169] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.845151][ T169] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.891218][ T1400] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.891650][ T1400] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.997581][ T5815] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.046167][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.078149][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.086322][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.151206][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.151323][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.215912][ T5816] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.301220][ T1117] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.301388][ T1117] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.353972][ T169] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.354219][ T169] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.427584][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.707759][ T5814] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.784509][ T5821] veth0_vlan: entered promiscuous mode [ 97.864243][ T5821] veth1_vlan: entered promiscuous mode [ 97.982847][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.033842][ T5814] veth0_vlan: entered promiscuous mode [ 98.076389][ T5815] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.120735][ T5821] veth0_macvtap: entered promiscuous mode [ 98.124087][ T5814] veth1_vlan: entered promiscuous mode [ 98.164934][ T5821] veth1_macvtap: entered promiscuous mode [ 98.271819][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.288804][ T5816] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.343659][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.344524][ T5822] veth0_vlan: entered promiscuous mode [ 98.404759][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.421964][ T5814] veth0_macvtap: entered promiscuous mode [ 98.425514][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.439770][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.440640][ T5822] veth1_vlan: entered promiscuous mode [ 98.449928][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.452191][ T5814] veth1_macvtap: entered promiscuous mode [ 98.630279][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.730375][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.804377][ T5816] veth0_vlan: entered promiscuous mode [ 98.804830][ T67] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.857910][ T67] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.861182][ T5822] veth0_macvtap: entered promiscuous mode [ 98.875824][ T67] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.894686][ T67] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.913780][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.913810][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.922701][ T5822] veth1_macvtap: entered promiscuous mode [ 98.963303][ T5816] veth1_vlan: entered promiscuous mode [ 99.093964][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.093983][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.169239][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.172456][ T5815] veth0_vlan: entered promiscuous mode [ 99.250771][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.286377][ T5815] veth1_vlan: entered promiscuous mode [ 99.300499][ T1400] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.300517][ T1400] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.305160][ T43] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.333725][ T43] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.347514][ T43] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.355472][ T43] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.395088][ T5816] veth0_macvtap: entered promiscuous mode [ 99.485605][ T5816] veth1_macvtap: entered promiscuous mode [ 99.496336][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.496353][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.624698][ T5931] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 99.746424][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.793618][ T5815] veth0_macvtap: entered promiscuous mode [ 99.805175][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.911723][ T5815] veth1_macvtap: entered promiscuous mode [ 99.926336][ T1117] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.943659][ T1117] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.948968][ T1117] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.949592][ T1117] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.961005][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.961022][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.226693][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.313225][ T5938] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.6'. [ 100.496599][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.516661][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.516955][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.516995][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.517063][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.517100][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.517137][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.517174][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.517212][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.517343][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.640012][ T1117] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.640030][ T1117] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.781857][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.869138][ T67] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.883140][ T67] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.950050][ T67] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.979724][ T67] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.062969][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.062989][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.520285][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.520304][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.893659][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.893678][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.091964][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.091983][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.306972][ T5900] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 103.772142][ T5900] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 103.772174][ T5900] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 103.772212][ T5900] usb 2-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 103.772231][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.886857][ T5900] usb 2-1: config 0 descriptor?? [ 104.327715][ T5900] usbhid 2-1:0.0: can't add hid device: -71 [ 104.327834][ T5900] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 104.359877][ T5900] usb 2-1: USB disconnect, device number 2 [ 105.376228][ T5984] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 106.858245][ T6003] genirq: Flags mismatch irq 4. 00202000 (pcl816) vs. 00202080 (ttyS0) [ 107.769801][ T6008] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 108.346752][ T6013] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 108.355811][ T6016] syz.4.26 (6016) used greatest stack depth: 17624 bytes left [ 111.832997][ T6056] netlink: 8 bytes leftover after parsing attributes in process `syz.2.36'. [ 115.146998][ T6087] binder: BINDER_SET_CONTEXT_MGR already set [ 115.147013][ T6087] binder: 6085:6087 ioctl 4018620d 200000000100 returned -16 [ 115.675527][ T6092] 9pnet_virtio: no channels available for device syz [ 116.844778][ T6101] input: syz1 as /devices/virtual/input/input5 [ 121.777909][ T6154] 9pnet_virtio: no channels available for device syz [ 122.251221][ T37] audit: type=1326 audit(1759299203.368:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6157 comm="syz.1.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38d8e8eec9 code=0x7ffc0000 [ 122.251267][ T37] audit: type=1326 audit(1759299203.378:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6157 comm="syz.1.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f38d8e8eec9 code=0x7ffc0000 [ 122.251312][ T37] audit: type=1326 audit(1759299203.378:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6157 comm="syz.1.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38d8e8eec9 code=0x7ffc0000 [ 122.251349][ T37] audit: type=1326 audit(1759299203.378:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6157 comm="syz.1.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38d8e8eec9 code=0x7ffc0000 [ 122.332840][ T37] audit: type=1326 audit(1759299203.378:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6157 comm="syz.1.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f38d8e8eec9 code=0x7ffc0000 [ 122.344870][ T37] audit: type=1326 audit(1759299203.468:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6157 comm="syz.1.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38d8e8eec9 code=0x7ffc0000 [ 122.344919][ T37] audit: type=1326 audit(1759299203.468:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6157 comm="syz.1.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f38d8e8eec9 code=0x7ffc0000 [ 122.344956][ T37] audit: type=1326 audit(1759299203.468:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6157 comm="syz.1.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38d8e8eec9 code=0x7ffc0000 [ 122.350992][ T37] audit: type=1326 audit(1759299203.468:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6157 comm="syz.1.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38d8e8eec9 code=0x7ffc0000 [ 122.351131][ T37] audit: type=1326 audit(1759299203.468:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6157 comm="syz.1.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f38d8e8eec9 code=0x7ffc0000 [ 122.754929][ T6160] 9pnet_virtio: no channels available for device syz [ 123.706336][ T6166] netlink: 'syz.0.68': attribute type 1 has an invalid length. [ 123.706492][ T6166] netlink: 3 bytes leftover after parsing attributes in process `syz.0.68'. [ 124.103824][ T6158] tty tty1: ldisc open failed (-12), clearing slot 0 [ 124.444067][ T6172] evm: overlay not supported [ 124.777190][ T10] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 125.675164][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 125.675195][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 125.675231][ T10] usb 2-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 125.675253][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.728807][ T10] usb 2-1: config 0 descriptor?? [ 126.136762][ T10] usbhid 2-1:0.0: can't add hid device: -71 [ 126.136882][ T10] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 126.163652][ T10] usb 2-1: USB disconnect, device number 3 [ 128.063924][ T6189] 9pnet_virtio: no channels available for device syz [ 130.805377][ C0] vkms_vblank_simulate: vblank timer overrun [ 131.029545][ T6228] binder: 6227:6228 ioctl c0306201 200000000980 returned -14 [ 133.045309][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.045421][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.462418][ T6243] cgroup: fork rejected by pids controller in /syz1 [ 135.699222][ T6325] syz.3.93 uses obsolete (PF_INET,SOCK_PACKET) [ 136.566987][ T6439] netlink: 4 bytes leftover after parsing attributes in process `syz.3.94'. [ 136.567711][ T6439] netlink: 4 bytes leftover after parsing attributes in process `syz.3.94'. [ 138.334737][ T6451] binder_alloc: 6449: binder_alloc_buf, no vma [ 141.393126][ T6462] 9pnet_virtio: no channels available for device syz [ 141.766725][ T5901] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 141.938215][ T5901] usb 4-1: Using ep0 maxpacket: 32 [ 141.941418][ T5901] usb 4-1: config 0 has an invalid interface number: 132 but max is 0 [ 141.941443][ T5901] usb 4-1: config 0 has no interface number 0 [ 141.941489][ T5901] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 141.944534][ T5901] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 141.944560][ T5901] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.944579][ T5901] usb 4-1: Product: syz [ 141.944593][ T5901] usb 4-1: Manufacturer: syz [ 141.944607][ T5901] usb 4-1: SerialNumber: syz [ 142.632746][ T6486] overlayfs: failed to get inode (-116) [ 142.633067][ T6486] overlayfs: failed to get inode (-116) [ 142.988164][ T5901] usb 4-1: config 0 descriptor?? [ 143.016337][ T5901] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 143.016371][ T5901] em28xx 4-1:0.132: Video interface 132 found: [ 143.477568][ T5901] em28xx 4-1:0.132: unknown em28xx chip ID (0) [ 143.522667][ T5900] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 143.760267][ T5900] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 143.760353][ T5900] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 143.760376][ T5900] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 143.760418][ T5900] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 143.760440][ T5900] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.942247][ T5900] usb 1-1: config 0 descriptor?? [ 144.654074][ T5901] em28xx 4-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 144.654136][ T5901] em28xx 4-1:0.132: board has no eeprom [ 144.716725][ T5901] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 144.716762][ T5901] em28xx 4-1:0.132: analog set to bulk mode. [ 144.717618][ T45] em28xx 4-1:0.132: Registering V4L2 extension [ 144.844165][ T6473] em28xx 4-1:0.132: failed to trigger read from i2c address 0x0 (error=-5) [ 145.138172][ T45] em28xx 4-1:0.132: failed to trigger read from i2c address 0x4a (error=-5) [ 145.138979][ C1] raw-gadget.0 gadget.3: ignoring, device is not running [ 145.163492][ T45] em28xx 4-1:0.132: failed to trigger read from i2c address 0x48 (error=-5) [ 145.163797][ C1] raw-gadget.0 gadget.3: ignoring, device is not running [ 145.163934][ T45] em28xx 4-1:0.132: failed to trigger read from i2c address 0x42 (error=-5) [ 145.164208][ C1] raw-gadget.0 gadget.3: ignoring, device is not running [ 145.164329][ T45] em28xx 4-1:0.132: failed to trigger read from i2c address 0x40 (error=-5) [ 145.252505][ T988] usb 4-1: USB disconnect, device number 2 [ 145.364887][ T45] em28xx 4-1:0.132: failed to trigger read from i2c address 0x84 (error=-19) [ 145.365012][ T45] em28xx 4-1:0.132: failed to trigger read from i2c address 0x86 (error=-19) [ 145.365119][ T45] em28xx 4-1:0.132: failed to trigger read from i2c address 0x94 (error=-19) [ 145.365225][ T45] em28xx 4-1:0.132: failed to trigger read from i2c address 0x96 (error=-19) [ 145.408532][ T988] em28xx 4-1:0.132: Disconnecting em28xx [ 145.478087][ T5900] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 145.500391][ T5900] usb 1-1: USB disconnect, device number 2 [ 145.576720][ T990] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 145.627412][ T45] em28xx 4-1:0.132: Config register raw data: 0xffffffed [ 145.627438][ T45] em28xx 4-1:0.132: AC97 chip type couldn't be determined [ 145.627450][ T45] em28xx 4-1:0.132: No AC97 audio processor [ 145.658897][ T45] usb 4-1: Decoder not found [ 145.658915][ T45] em28xx 4-1:0.132: failed to create media graph [ 145.658971][ T45] em28xx 4-1:0.132: V4L2 device video103 deregistered [ 145.686375][ T45] em28xx 4-1:0.132: Remote control support is not available for this card. [ 145.688000][ T988] em28xx 4-1:0.132: Closing input extension [ 145.809840][ T990] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 145.809863][ T990] usb 2-1: config 0 has no interfaces? [ 145.831270][ T990] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 145.831297][ T990] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.831315][ T990] usb 2-1: Product: syz [ 145.831328][ T990] usb 2-1: Manufacturer: syz [ 145.831341][ T990] usb 2-1: SerialNumber: syz [ 145.902677][ T990] usb 2-1: config 0 descriptor?? [ 145.943696][ T6514] fido_id[6514]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 145.992373][ T988] em28xx 4-1:0.132: Freeing device [ 146.426198][ T6526] 9pnet_virtio: no channels available for device syz [ 147.275381][ T6508] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2943653504 (376787648512 ns) > initial count (160967428992 ns). Using initial count to start timer. [ 149.141498][ T5901] usb 2-1: USB disconnect, device number 4 [ 152.931149][ T6581] netlink: 12 bytes leftover after parsing attributes in process `syz.0.136'. [ 152.935237][ T6578] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22) [ 153.077271][ T6581] 8021q: adding VLAN 0 to HW filter on device bond1 [ 153.212678][ T6583] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 153.741713][ T6594] netlink: 'syz.3.140': attribute type 1 has an invalid length. [ 154.847221][ T6597] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 155.499447][ C1] vkms_vblank_simulate: vblank timer overrun [ 155.518248][ C1] vkms_vblank_simulate: vblank timer overrun [ 155.770019][ C1] vkms_vblank_simulate: vblank timer overrun [ 156.165046][ T6599] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface [ 156.436838][ T6599] bond1 (unregistering): Released all slaves [ 156.768253][ C1] vkms_vblank_simulate: vblank timer overrun [ 156.867333][ C1] vkms_vblank_simulate: vblank timer overrun [ 156.909340][ C1] vkms_vblank_simulate: vblank timer overrun [ 157.432376][ C1] vkms_vblank_simulate: vblank timer overrun [ 157.918439][ T5901] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 158.068481][ T5901] usb 3-1: Using ep0 maxpacket: 8 [ 158.069999][ T5901] usb 3-1: config 0 has an invalid interface number: 52 but max is 0 [ 158.070012][ T5901] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 158.070022][ T5901] usb 3-1: config 0 has no interface number 0 [ 158.070049][ T5901] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 158.070062][ T5901] usb 3-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 158.070075][ T5901] usb 3-1: config 0 interface 52 has no altsetting 0 [ 158.071122][ T5901] usb 3-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 158.071136][ T5901] usb 3-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 158.071146][ T5901] usb 3-1: Manufacturer: syz [ 158.074869][ T5901] usb 3-1: config 0 descriptor?? [ 158.413586][ T5901] input: syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.52/input/input6 [ 159.855334][ T6638] block device autoloading is deprecated and will be removed. [ 160.185673][ T988] usb 3-1: USB disconnect, device number 2 [ 160.766358][ T6645] Driver unsupported XDP return value 0 on prog (id 38) dev N/A, expect packet loss! [ 160.906756][ T988] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 161.124399][ T988] usb 3-1: Using ep0 maxpacket: 8 [ 161.134145][ T988] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 161.134171][ T988] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.168155][ T988] usb 3-1: config 0 descriptor?? [ 164.901719][ T6675] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 165.699099][ T988] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 165.699514][ T988] asix 3-1:0.0: probe with driver asix failed with error -71 [ 165.737458][ T988] usb 3-1: USB disconnect, device number 3 [ 172.277163][ T6728] mmap: syz.3.176 (6728) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 173.156819][ T6733] 9pnet_virtio: no channels available for device syz [ 173.560453][ T6736] overlayfs: failed to resolve './file1': -2 [ 175.417530][ T5901] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 175.624194][ T5901] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 175.624230][ T5901] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.cf [ 175.624242][ T5901] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.650641][ T5901] usb 2-1: config 0 descriptor?? [ 175.923405][ T5901] pwc: Askey VC010 type 2 USB webcam detected. [ 176.874721][ T5901] pwc: recv_control_msg error -32 req 02 val 2b00 [ 176.875482][ T5901] pwc: recv_control_msg error -32 req 02 val 2700 [ 176.877658][ T5901] pwc: recv_control_msg error -32 req 02 val 2c00 [ 176.878485][ T5901] pwc: recv_control_msg error -32 req 04 val 1000 [ 176.879135][ T5901] pwc: recv_control_msg error -32 req 04 val 1300 [ 176.879936][ T5901] pwc: recv_control_msg error -32 req 04 val 1400 [ 176.880847][ T5901] pwc: recv_control_msg error -32 req 02 val 2000 [ 176.881690][ T5901] pwc: recv_control_msg error -32 req 02 val 2100 [ 176.882498][ T5901] pwc: recv_control_msg error -32 req 04 val 1500 [ 176.883128][ T5901] pwc: recv_control_msg error -32 req 02 val 2500 [ 177.106513][ T5901] pwc: recv_control_msg error -71 req 02 val 2600 [ 177.107410][ T5901] pwc: recv_control_msg error -71 req 02 val 2900 [ 177.108101][ T5901] pwc: recv_control_msg error -71 req 02 val 2800 [ 177.108772][ T5901] pwc: recv_control_msg error -71 req 04 val 1100 [ 177.109230][ T5901] pwc: recv_control_msg error -71 req 04 val 1200 [ 177.137672][ T5901] pwc: Registered as video103. [ 177.143860][ T5901] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input7 [ 177.173481][ T5901] usb 2-1: USB disconnect, device number 5 [ 185.916457][ T6816] binder: BINDER_SET_CONTEXT_MGR already set [ 185.916471][ T6816] binder: 6811:6816 ioctl 4018620d 200000000040 returned -16 [ 185.927532][ T6816] binder: 6811:6816 ioctl c0306201 200000000240 returned -11 [ 187.268848][ T6836] netlink: 'syz.4.205': attribute type 4 has an invalid length. [ 188.978440][ T6853] 9pnet_virtio: no channels available for device syz [ 190.365075][ T6870] bridge0: entered promiscuous mode [ 190.365411][ T6870] vlan2: entered promiscuous mode [ 194.478652][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.479844][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.951516][ T6898] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 196.140997][ C0] vkms_vblank_simulate: vblank timer overrun [ 196.525426][ C0] vkms_vblank_simulate: vblank timer overrun [ 197.291389][ C0] vkms_vblank_simulate: vblank timer overrun [ 197.590188][ C0] vkms_vblank_simulate: vblank timer overrun [ 198.285240][ C0] vkms_vblank_simulate: vblank timer overrun [ 198.413909][ C0] vkms_vblank_simulate: vblank timer overrun [ 198.610696][ T6941] netlink: 'syz.1.233': attribute type 9 has an invalid length. [ 200.001065][ C0] vkms_vblank_simulate: vblank timer overrun [ 203.277298][ T6978] binder_alloc: 6974: binder_alloc_buf, no vma [ 206.146064][ T7005] [U] [ 206.146313][ T7005] [U] [ 206.146591][ T7005] [U] [ 206.146826][ T7005] [U] [ 206.152249][ T7005] [U] [ 206.152491][ T7005] [U] [ 206.152707][ T7005] [U] [ 206.152952][ T7005] [U] [ 206.153844][ T7005] [U] [ 206.154037][ T7005] [U] [ 206.154259][ T7005] [U] [ 206.709839][ T7000] [U] [ 210.589093][ T7014] netlink: 4 bytes leftover after parsing attributes in process `syz.0.255'. [ 211.051957][ T5828] Bluetooth: hci4: command 0x0405 tx timeout [ 212.693544][ T5828] Bluetooth: hci3: command 0x0406 tx timeout [ 212.693769][ T5828] Bluetooth: hci1: command 0x0406 tx timeout [ 212.693786][ T5828] Bluetooth: hci0: command 0x0406 tx timeout [ 212.693801][ T5828] Bluetooth: hci2: command 0x0406 tx timeout [ 213.207812][ T5830] Bluetooth: hci4: command 0x0405 tx timeout [ 214.036149][ T7049] binder: 7043:7049 ioctl c0306201 2000000003c0 returned -14 [ 214.072160][ T7048] 9pnet_virtio: no channels available for device syz [ 215.820292][ T7049] syz.3.263 (7049): drop_caches: 2 [ 222.751815][ T7110] Option ' ' to dns_resolver key: bad/missing value [ 223.223223][ T7116] netlink: 16 bytes leftover after parsing attributes in process `syz.3.283'. [ 226.883858][ T7146] netlink: 16 bytes leftover after parsing attributes in process `syz.1.289'. [ 227.716652][ T5902] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 229.000431][ T5902] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 229.000460][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.000478][ T5902] usb 3-1: Product: syz [ 229.000492][ T5902] usb 3-1: Manufacturer: syz [ 229.000505][ T5902] usb 3-1: SerialNumber: syz [ 229.045392][ T5902] usb 3-1: config 0 descriptor?? [ 229.189360][ T5827] Bluetooth: hci3: unexpected event for opcode 0x040d [ 229.456231][ T5902] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 230.643208][ T7165] netlink: 20 bytes leftover after parsing attributes in process `syz.3.296'. [ 231.864816][ T5902] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 231.879095][ T5902] usb 3-1: USB disconnect, device number 4 [ 238.909862][ T5829] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 238.913359][ T5829] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 238.916506][ T5829] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 238.925709][ T5829] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 238.932946][ T5829] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 239.021028][ T7217] 9pnet_virtio: no channels available for device syz [ 239.393963][ C1] vkms_vblank_simulate: vblank timer overrun [ 239.715953][ C1] vkms_vblank_simulate: vblank timer overrun [ 239.813515][ C1] vkms_vblank_simulate: vblank timer overrun [ 239.914695][ C1] vkms_vblank_simulate: vblank timer overrun [ 240.346945][ C1] vkms_vblank_simulate: vblank timer overrun [ 240.433136][ C1] vkms_vblank_simulate: vblank timer overrun [ 240.966724][ T5827] Bluetooth: hci1: command tx timeout [ 241.140195][ C1] vkms_vblank_simulate: vblank timer overrun [ 242.311491][ C1] vkms_vblank_simulate: vblank timer overrun [ 243.077936][ T5827] Bluetooth: hci1: command tx timeout [ 243.885437][ T7243] 9pnet_virtio: no channels available for device syz [ 243.925847][ T4454] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.445422][ T5827] Bluetooth: hci1: command tx timeout [ 245.987901][ T4454] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.569440][ T5827] Bluetooth: hci1: command tx timeout [ 248.480334][ T4454] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.411425][ T37] kauditd_printk_skb: 12 callbacks suppressed [ 249.411441][ T37] audit: type=1326 audit(1759299586.542:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7285 comm="syz.2.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcf338eec9 code=0x7ffc0000 [ 249.411745][ T37] audit: type=1326 audit(1759299586.542:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7285 comm="syz.2.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcf338eec9 code=0x7ffc0000 [ 249.412428][ T37] audit: type=1326 audit(1759299586.542:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7285 comm="syz.2.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7efcf338eec9 code=0x7ffc0000 [ 249.412717][ T37] audit: type=1326 audit(1759299586.542:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7285 comm="syz.2.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcf338eec9 code=0x7ffc0000 [ 249.412959][ T37] audit: type=1326 audit(1759299586.542:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7285 comm="syz.2.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcf338eec9 code=0x7ffc0000 [ 249.413412][ T37] audit: type=1326 audit(1759299586.542:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7285 comm="syz.2.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7efcf338eec9 code=0x7ffc0000 [ 249.414080][ T37] audit: type=1326 audit(1759299586.542:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7285 comm="syz.2.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcf338eec9 code=0x7ffc0000 [ 249.414375][ T37] audit: type=1326 audit(1759299586.542:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7285 comm="syz.2.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcf338eec9 code=0x7ffc0000 [ 249.415377][ T37] audit: type=1326 audit(1759299586.542:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7285 comm="syz.2.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=18 compat=0 ip=0x7efcf338eec9 code=0x7ffc0000 [ 249.415675][ T37] audit: type=1326 audit(1759299586.542:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7285 comm="syz.2.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcf338eec9 code=0x7ffc0000 [ 249.719157][ T4454] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.827378][ T7327] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 255.629664][ T7315] 8021q: adding VLAN 0 to HW filter on device bond1 [ 255.693178][ T7321] bond_slave_0: entered promiscuous mode [ 255.693648][ T7321] bond_slave_1: entered promiscuous mode [ 255.694764][ T7321] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 255.698993][ T7321] bond1: (slave macvlan2): Enslaving as a backup interface with an up link [ 256.327480][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.327549][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 262.767580][ T7370] Zero length message leads to an empty skb [ 264.833209][ T7214] chnl_net:caif_netlink_parms(): no params data found [ 266.745831][ T5900] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 267.464547][ T5900] usb 4-1: Using ep0 maxpacket: 16 [ 267.478798][ T5900] usb 4-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4 [ 267.478826][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 267.478845][ T5900] usb 4-1: Product: syz [ 267.478859][ T5900] usb 4-1: Manufacturer: syz [ 267.478872][ T5900] usb 4-1: SerialNumber: syz [ 267.507878][ T4454] bridge_slave_1: left allmulticast mode [ 267.508055][ T4454] bridge_slave_1: left promiscuous mode [ 267.509887][ T4454] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.756758][ T5900] usb 4-1: config 0 descriptor?? [ 267.764882][ T5900] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state. [ 268.699817][ T4454] bridge_slave_0: left allmulticast mode [ 268.699901][ T4454] bridge_slave_0: left promiscuous mode [ 268.700961][ T4454] bridge0: port 1(bridge_slave_0) entered disabled state [ 270.201894][ T5900] gp8psk: usb in 128 operation failed. [ 270.204747][ T5900] gp8psk: usb in 137 operation failed. [ 270.204772][ T5900] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 270.209518][ T5900] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver) [ 270.209569][ T5900] usb 4-1: media controller created [ 270.332486][ T5900] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 270.509481][ T7418] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 270.908901][ T5900] gp8psk_fe: Frontend revision 1 attached [ 270.909305][ T5900] usb 4-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)... [ 270.910043][ T5900] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered. [ 271.680653][ T5900] gp8psk: usb in 138 operation failed. [ 271.680671][ T5900] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected. [ 271.680683][ T5900] gp8psk: found Genpix USB device pID = 201 (hex) [ 271.808313][ T5900] usb 4-1: USB disconnect, device number 3 [ 273.660790][ T5900] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected. [ 277.893499][ T5900] libceph: connect (1)[c::]:6789 error -101 [ 277.894248][ T5900] libceph: mon0 (1)[c::]:6789 connect error [ 277.908331][ T5900] libceph: connect (1)[c::]:6789 error -101 [ 277.908521][ T5900] libceph: mon0 (1)[c::]:6789 connect error [ 277.914519][ T7462] ceph: No mds server is up or the cluster is laggy [ 285.306360][ C1] vkms_vblank_simulate: vblank timer overrun [ 285.926969][ C1] vkms_vblank_simulate: vblank timer overrun [ 286.207348][ C1] vkms_vblank_simulate: vblank timer overrun [ 286.238154][ C1] vkms_vblank_simulate: vblank timer overrun [ 286.637880][ C1] vkms_vblank_simulate: vblank timer overrun [ 286.725211][ C1] vkms_vblank_simulate: vblank timer overrun [ 287.074117][ C1] vkms_vblank_simulate: vblank timer overrun [ 289.266806][ C1] vkms_vblank_simulate: vblank timer overrun [ 289.946431][ C1] vkms_vblank_simulate: vblank timer overrun [ 290.111592][ C1] vkms_vblank_simulate: vblank timer overrun [ 290.246727][ T5902] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 290.399534][ T5902] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 290.399559][ T5902] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 290.493529][ T5902] usb 4-1: New USB device found, idVendor=1286, idProduct=1fa4, bcdDevice=fb.16 [ 290.493547][ T5902] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.493558][ T5902] usb 4-1: Product: syz [ 290.493565][ T5902] usb 4-1: Manufacturer: syz [ 290.493572][ T5902] usb 4-1: SerialNumber: syz [ 291.171888][ T5902] usb 4-1: config 0 descriptor?? [ 291.818783][ C1] vkms_vblank_simulate: vblank timer overrun [ 291.994900][ C1] vkms_vblank_simulate: vblank timer overrun [ 292.025924][ C1] vkms_vblank_simulate: vblank timer overrun [ 292.055487][ C1] vkms_vblank_simulate: vblank timer overrun [ 292.546396][ C1] vkms_vblank_simulate: vblank timer overrun [ 292.657230][ T4454] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 292.687810][ T988] usb 4-1: USB disconnect, device number 4 [ 292.876795][ C1] vkms_vblank_simulate: vblank timer overrun [ 292.997624][ T7562] netlink: 'syz.3.399': attribute type 1 has an invalid length. [ 294.197222][ T4454] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 294.308986][ T4454] bond0 (unregistering): Released all slaves [ 294.516657][ T5979] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 294.523622][ T7214] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg0": -EINTR [ 294.669456][ T5979] usb 1-1: Using ep0 maxpacket: 32 [ 294.674029][ T5979] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 294.674058][ T5979] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 294.674095][ T5979] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 294.674116][ T5979] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.702087][ T5979] usb 1-1: config 0 descriptor?? [ 295.021399][ T5829] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 295.026394][ T5829] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 295.048416][ T5829] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 295.054158][ T5829] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 295.072796][ T5829] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 295.242606][ T5979] savu 0003:1E7D:2D5A.0002: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0 [ 295.594693][ T5923] usb 1-1: USB disconnect, device number 3 [ 295.620963][ T7581] fido_id[7581]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:1E7D:2D5A.0002/report_descriptor': No such file or directory [ 296.079942][ C1] vkms_vblank_simulate: vblank timer overrun [ 296.247652][ C1] vkms_vblank_simulate: vblank timer overrun [ 296.348755][ C1] vkms_vblank_simulate: vblank timer overrun [ 296.493620][ C1] vkms_vblank_simulate: vblank timer overrun [ 297.127867][ C1] vkms_vblank_simulate: vblank timer overrun [ 297.130820][ T5827] Bluetooth: hci5: command tx timeout [ 297.699783][ C1] vkms_vblank_simulate: vblank timer overrun [ 297.727585][ T988] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 297.977029][ T988] usb 4-1: Using ep0 maxpacket: 8 [ 298.044682][ T988] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 298.044759][ T988] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.349056][ T988] usb 4-1: config 0 descriptor?? [ 298.484522][ C1] vkms_vblank_simulate: vblank timer overrun [ 298.873759][ C1] vkms_vblank_simulate: vblank timer overrun [ 299.018991][ T988] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 299.019282][ T988] asix 4-1:0.0: probe with driver asix failed with error -32 [ 299.180162][ T7612] netlink: 8 bytes leftover after parsing attributes in process `syz.2.408'. [ 300.279393][ T5827] Bluetooth: hci5: command tx timeout [ 300.455401][ T7621] loop3: detected capacity change from 0 to 7 [ 300.540611][ T7621] Dev loop3: unable to read RDB block 7 [ 300.540664][ T7621] loop3: unable to read partition table [ 300.540889][ T7621] loop3: partition table beyond EOD, truncated [ 300.540918][ T7621] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5) [ 301.488810][ T5979] usb 4-1: USB disconnect, device number 5 [ 302.614818][ C1] vkms_vblank_simulate: vblank timer overrun [ 303.123172][ T5829] Bluetooth: hci5: command tx timeout [ 303.910543][ C1] vkms_vblank_simulate: vblank timer overrun [ 304.239551][ T5901] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 305.587738][ T7653] Invalid source name [ 307.274583][ T5829] Bluetooth: hci5: command tx timeout [ 307.451002][ T5901] usb 1-1: device descriptor read/all, error -71 [ 311.194735][ T7684] netlink: 'syz.1.424': attribute type 32 has an invalid length. [ 311.483371][ T7680] tty tty23: ldisc open failed (-12), clearing slot 22 [ 316.678082][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20003. Sending cookies. [ 316.879213][ T4454] hsr_slave_0: left promiscuous mode [ 317.056753][ T4454] hsr_slave_1: left promiscuous mode [ 317.057950][ T4454] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 317.058063][ T4454] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 317.185358][ T7726] ======================================================= [ 317.185358][ T7726] WARNING: The mand mount option has been deprecated and [ 317.185358][ T7726] and is ignored by this kernel. Remove the mand [ 317.185358][ T7726] option from the mount to silence this warning. [ 317.185358][ T7726] ======================================================= [ 317.368704][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.368770][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.431897][ T4454] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 317.431953][ T4454] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 319.800548][ T4454] veth1_macvtap: left promiscuous mode [ 319.800843][ T4454] veth0_macvtap: left promiscuous mode [ 319.805007][ T4454] veth1_vlan: left promiscuous mode [ 319.811065][ T4454] veth0_vlan: left promiscuous mode [ 324.614942][ C1] vkms_vblank_simulate: vblank timer overrun [ 324.768745][ C1] vkms_vblank_simulate: vblank timer overrun [ 325.338836][ C1] vkms_vblank_simulate: vblank timer overrun [ 325.855202][ C1] vkms_vblank_simulate: vblank timer overrun [ 326.165086][ C1] vkms_vblank_simulate: vblank timer overrun [ 326.197409][ C1] vkms_vblank_simulate: vblank timer overrun [ 326.224155][ C1] vkms_vblank_simulate: vblank timer overrun [ 326.280148][ C1] vkms_vblank_simulate: vblank timer overrun [ 326.375327][ C1] vkms_vblank_simulate: vblank timer overrun [ 326.865762][ C1] vkms_vblank_simulate: vblank timer overrun [ 326.927386][ C1] vkms_vblank_simulate: vblank timer overrun [ 326.983813][ C1] vkms_vblank_simulate: vblank timer overrun [ 327.273373][ T5979] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 327.448869][ T5979] usb 2-1: Using ep0 maxpacket: 16 [ 327.464260][ T5979] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 327.464284][ T5979] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 327.488497][ T5979] usb 2-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28 [ 327.488525][ T5979] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 327.488543][ T5979] usb 2-1: Product: syz [ 327.488557][ T5979] usb 2-1: Manufacturer: syz [ 327.488571][ T5979] usb 2-1: SerialNumber: syz [ 327.531621][ T5979] usb 2-1: config 0 descriptor?? [ 327.600195][ C1] vkms_vblank_simulate: vblank timer overrun [ 328.468186][ C1] vkms_vblank_simulate: vblank timer overrun [ 328.556927][ C1] vkms_vblank_simulate: vblank timer overrun [ 329.320041][ C1] vkms_vblank_simulate: vblank timer overrun [ 329.653013][ C1] vkms_vblank_simulate: vblank timer overrun [ 330.057193][ T7810] Bluetooth: MGMT ver 1.23 [ 331.254934][ T5902] usb 2-1: USB disconnect, device number 6 [ 332.115516][ C1] vkms_vblank_simulate: vblank timer overrun [ 332.229856][ C1] vkms_vblank_simulate: vblank timer overrun [ 332.623392][ C1] vkms_vblank_simulate: vblank timer overrun [ 332.676903][ C1] vkms_vblank_simulate: vblank timer overrun [ 334.991611][ C1] vkms_vblank_simulate: vblank timer overrun [ 337.999490][ T5829] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 338.009844][ T5829] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 338.011053][ T5829] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 338.012564][ T5829] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 338.013300][ T5829] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 338.061575][ C1] vkms_vblank_simulate: vblank timer overrun [ 338.194138][ C1] vkms_vblank_simulate: vblank timer overrun [ 338.467232][ C1] vkms_vblank_simulate: vblank timer overrun [ 338.723650][ T7834] netlink: 28 bytes leftover after parsing attributes in process `syz.1.459'. [ 338.723684][ T7834] netlink: 28 bytes leftover after parsing attributes in process `syz.1.459'. [ 338.792575][ T7837] netlink: 8 bytes leftover after parsing attributes in process `syz.0.460'. [ 338.935030][ C1] vkms_vblank_simulate: vblank timer overrun [ 339.051125][ C1] vkms_vblank_simulate: vblank timer overrun [ 339.858920][ C1] vkms_vblank_simulate: vblank timer overrun [ 339.958210][ C1] vkms_vblank_simulate: vblank timer overrun [ 340.014980][ C1] vkms_vblank_simulate: vblank timer overrun [ 340.409886][ T5827] Bluetooth: hci1: command tx timeout [ 340.771707][ C1] vkms_vblank_simulate: vblank timer overrun [ 340.907618][ C1] vkms_vblank_simulate: vblank timer overrun [ 341.182686][ C1] vkms_vblank_simulate: vblank timer overrun [ 341.300078][ C1] vkms_vblank_simulate: vblank timer overrun [ 341.601645][ C1] vkms_vblank_simulate: vblank timer overrun [ 341.896439][ C1] vkms_vblank_simulate: vblank timer overrun [ 342.118006][ C1] vkms_vblank_simulate: vblank timer overrun [ 342.319326][ C1] vkms_vblank_simulate: vblank timer overrun [ 342.492026][ C1] vkms_vblank_simulate: vblank timer overrun [ 342.544993][ C1] vkms_vblank_simulate: vblank timer overrun [ 343.128104][ T5827] Bluetooth: hci1: command tx timeout [ 343.156151][ C1] vkms_vblank_simulate: vblank timer overrun [ 344.438662][ C1] vkms_vblank_simulate: vblank timer overrun [ 344.598031][ C1] vkms_vblank_simulate: vblank timer overrun [ 344.666457][ T4454] team0 (unregistering): Port device team_slave_1 removed [ 344.810758][ C1] vkms_vblank_simulate: vblank timer overrun [ 345.206641][ T5827] Bluetooth: hci1: command tx timeout [ 345.369897][ T4454] team0 (unregistering): Port device team_slave_0 removed [ 345.672728][ C1] vkms_vblank_simulate: vblank timer overrun [ 346.539199][ C1] vkms_vblank_simulate: vblank timer overrun [ 346.580608][ T7872] program syz.3.467 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 347.286685][ T5827] Bluetooth: hci1: command tx timeout [ 347.338201][ T37] kauditd_printk_skb: 17 callbacks suppressed [ 347.338217][ T37] audit: type=1326 audit(1759299684.472:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7874 comm="syz.3.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6dff7ceec9 code=0x7ffc0000 [ 347.338341][ T37] audit: type=1326 audit(1759299684.472:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7874 comm="syz.3.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6dff7ceec9 code=0x7ffc0000 [ 347.338525][ T37] audit: type=1326 audit(1759299684.472:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7874 comm="syz.3.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f6dff7ceec9 code=0x7ffc0000 [ 347.338741][ T37] audit: type=1326 audit(1759299684.472:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7874 comm="syz.3.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6dff7ceec9 code=0x7ffc0000 [ 347.338885][ T37] audit: type=1326 audit(1759299684.472:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7874 comm="syz.3.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6dff7ceec9 code=0x7ffc0000 [ 347.339094][ T37] audit: type=1326 audit(1759299684.472:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7874 comm="syz.3.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f6dff7ceec9 code=0x7ffc0000 [ 347.339566][ T37] audit: type=1326 audit(1759299684.472:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7874 comm="syz.3.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6dff7ceec9 code=0x7ffc0000 [ 347.339747][ T37] audit: type=1326 audit(1759299684.472:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7874 comm="syz.3.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=198 compat=0 ip=0x7f6dff7ceec9 code=0x7ffc0000 [ 347.340007][ T37] audit: type=1326 audit(1759299684.472:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7874 comm="syz.3.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6dff7ceec9 code=0x7ffc0000 [ 347.340295][ T37] audit: type=1326 audit(1759299684.472:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7874 comm="syz.3.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f6dff7d0d5c code=0x7ffc0000 [ 348.136770][ T10] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 348.286699][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 348.289075][ T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 348.289118][ T10] usb 4-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 348.289140][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 348.294633][ T10] usb 4-1: config 0 descriptor?? [ 348.514558][ T7879] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 348.517067][ T7879] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 348.644222][ T10] usbhid 4-1:0.0: can't add hid device: -71 [ 348.644360][ T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 348.666230][ T10] usb 4-1: USB disconnect, device number 6 [ 349.449517][ C1] vkms_vblank_simulate: vblank timer overrun [ 349.660229][ C1] vkms_vblank_simulate: vblank timer overrun [ 350.272908][ C1] vkms_vblank_simulate: vblank timer overrun [ 350.872245][ T7834] batadv0: entered promiscuous mode [ 350.873999][ T7834] team0: entered promiscuous mode [ 350.874015][ T7834] team_slave_0: entered promiscuous mode [ 350.874279][ T7834] team_slave_1: entered promiscuous mode [ 350.922490][ T7834] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 351.458104][ T7575] chnl_net:caif_netlink_parms(): no params data found [ 352.543707][ C1] vkms_vblank_simulate: vblank timer overrun [ 353.585634][ C1] vkms_vblank_simulate: vblank timer overrun [ 353.701306][ C1] vkms_vblank_simulate: vblank timer overrun [ 354.159256][ C1] vkms_vblank_simulate: vblank timer overrun [ 354.491839][ C1] vkms_vblank_simulate: vblank timer overrun [ 355.748404][ C1] vkms_vblank_simulate: vblank timer overrun [ 356.106386][ C1] vkms_vblank_simulate: vblank timer overrun [ 356.359443][ T5831] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 357.127473][ C1] vkms_vblank_simulate: vblank timer overrun [ 357.145565][ T5831] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 357.155424][ T5831] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 357.185920][ T5831] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 357.204363][ T5831] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 357.281722][ C1] vkms_vblank_simulate: vblank timer overrun [ 357.557333][ C1] vkms_vblank_simulate: vblank timer overrun [ 358.059879][ T7951] process 'syz.0.484' launched '/dev/fd/6' with NULL argv: empty string added [ 358.163824][ C1] vkms_vblank_simulate: vblank timer overrun [ 359.077990][ C1] vkms_vblank_simulate: vblank timer overrun [ 359.174493][ C1] vkms_vblank_simulate: vblank timer overrun [ 360.017723][ C1] vkms_vblank_simulate: vblank timer overrun [ 360.045767][ T5827] Bluetooth: hci2: command tx timeout [ 360.630164][ C1] vkms_vblank_simulate: vblank timer overrun [ 361.064139][ C1] vkms_vblank_simulate: vblank timer overrun [ 361.155391][ C1] vkms_vblank_simulate: vblank timer overrun [ 361.389201][ C1] vkms_vblank_simulate: vblank timer overrun [ 361.882502][ C1] vkms_vblank_simulate: vblank timer overrun [ 361.917360][ C1] vkms_vblank_simulate: vblank timer overrun [ 363.166381][ C1] vkms_vblank_simulate: vblank timer overrun [ 363.205772][ C1] vkms_vblank_simulate: vblank timer overrun [ 363.210792][ T5827] Bluetooth: hci2: command tx timeout [ 363.842543][ C1] vkms_vblank_simulate: vblank timer overrun [ 363.998063][ C1] vkms_vblank_simulate: vblank timer overrun [ 364.091879][ C1] vkms_vblank_simulate: vblank timer overrun [ 364.222962][ C1] vkms_vblank_simulate: vblank timer overrun [ 365.126940][ C1] vkms_vblank_simulate: vblank timer overrun [ 365.315471][ C1] vkms_vblank_simulate: vblank timer overrun [ 365.315632][ T5827] Bluetooth: hci2: command tx timeout [ 365.469108][ C1] vkms_vblank_simulate: vblank timer overrun [ 365.814731][ C1] vkms_vblank_simulate: vblank timer overrun [ 365.981552][ C1] vkms_vblank_simulate: vblank timer overrun [ 367.017986][ C1] vkms_vblank_simulate: vblank timer overrun [ 367.368206][ T5827] Bluetooth: hci2: command tx timeout [ 367.842843][ C1] vkms_vblank_simulate: vblank timer overrun [ 369.797968][ C1] vkms_vblank_simulate: vblank timer overrun [ 369.813451][ T7575] syz-executor (7575) used greatest stack depth: 17448 bytes left [ 370.328696][ C1] vkms_vblank_simulate: vblank timer overrun [ 370.369495][ C1] vkms_vblank_simulate: vblank timer overrun [ 371.406722][ C1] vkms_vblank_simulate: vblank timer overrun [ 371.601319][ C1] vkms_vblank_simulate: vblank timer overrun [ 372.048572][ C1] vkms_vblank_simulate: vblank timer overrun [ 372.305034][ C1] vkms_vblank_simulate: vblank timer overrun [ 373.066932][ C1] vkms_vblank_simulate: vblank timer overrun [ 373.533787][ C1] vkms_vblank_simulate: vblank timer overrun [ 373.829511][ C1] vkms_vblank_simulate: vblank timer overrun [ 373.876414][ C1] vkms_vblank_simulate: vblank timer overrun [ 374.087060][ C1] vkms_vblank_simulate: vblank timer overrun [ 374.704109][ C1] vkms_vblank_simulate: vblank timer overrun [ 375.133469][ C1] vkms_vblank_simulate: vblank timer overrun [ 375.701009][ T7828] chnl_net:caif_netlink_parms(): no params data found [ 375.896782][ C1] vkms_vblank_simulate: vblank timer overrun [ 376.922637][ C1] vkms_vblank_simulate: vblank timer overrun [ 377.025529][ C1] vkms_vblank_simulate: vblank timer overrun [ 377.236639][ T5923] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 377.408967][ T5923] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 377.409002][ T5923] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 377.409045][ T5923] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 377.409068][ T5923] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.501099][ C1] vkms_vblank_simulate: vblank timer overrun [ 377.502298][ T8056] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 377.531211][ T5923] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 377.538877][ C1] vkms_vblank_simulate: vblank timer overrun [ 377.861521][ C1] vkms_vblank_simulate: vblank timer overrun [ 378.330648][ T5923] usb 4-1: USB disconnect, device number 7 [ 378.363463][ C1] vkms_vblank_simulate: vblank timer overrun [ 378.969919][ C1] vkms_vblank_simulate: vblank timer overrun [ 379.025429][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.025499][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.251777][ C1] vkms_vblank_simulate: vblank timer overrun [ 379.527163][ C1] vkms_vblank_simulate: vblank timer overrun [ 379.611872][ C1] vkms_vblank_simulate: vblank timer overrun [ 379.702422][ C1] vkms_vblank_simulate: vblank timer overrun [ 379.805561][ C1] vkms_vblank_simulate: vblank timer overrun [ 379.905962][ C1] vkms_vblank_simulate: vblank timer overrun [ 380.575168][ C1] vkms_vblank_simulate: vblank timer overrun [ 382.111787][ C1] vkms_vblank_simulate: vblank timer overrun [ 382.574933][ C1] vkms_vblank_simulate: vblank timer overrun [ 382.906732][ C1] vkms_vblank_simulate: vblank timer overrun [ 384.690791][ C1] vkms_vblank_simulate: vblank timer overrun [ 385.084315][ C1] vkms_vblank_simulate: vblank timer overrun [ 385.397717][ C1] vkms_vblank_simulate: vblank timer overrun [ 385.568014][ T8109] 9pnet_fd: Insufficient options for proto=fd [ 386.251252][ C1] vkms_vblank_simulate: vblank timer overrun [ 386.304217][ T7930] chnl_net:caif_netlink_parms(): no params data found [ 387.118073][ C1] vkms_vblank_simulate: vblank timer overrun [ 387.310874][ C1] vkms_vblank_simulate: vblank timer overrun [ 388.100460][ C1] vkms_vblank_simulate: vblank timer overrun [ 388.711478][ C1] vkms_vblank_simulate: vblank timer overrun [ 389.716829][ T37] kauditd_printk_skb: 6 callbacks suppressed [ 389.716848][ T37] audit: type=1107 audit(1759299725.952:67): pid=8126 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='' [ 390.015338][ C1] vkms_vblank_simulate: vblank timer overrun [ 390.045826][ C1] vkms_vblank_simulate: vblank timer overrun [ 390.151530][ C1] vkms_vblank_simulate: vblank timer overrun [ 390.234202][ C1] vkms_vblank_simulate: vblank timer overrun [ 390.703942][ T4454] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 391.596085][ T8150] netlink: 132 bytes leftover after parsing attributes in process `syz.0.523'. [ 392.643311][ C1] vkms_vblank_simulate: vblank timer overrun [ 393.082392][ C1] vkms_vblank_simulate: vblank timer overrun [ 393.152792][ C1] vkms_vblank_simulate: vblank timer overrun [ 393.334904][ C1] vkms_vblank_simulate: vblank timer overrun [ 394.067284][ C1] vkms_vblank_simulate: vblank timer overrun [ 394.131970][ C1] vkms_vblank_simulate: vblank timer overrun [ 394.636354][ C1] vkms_vblank_simulate: vblank timer overrun [ 394.733380][ C1] vkms_vblank_simulate: vblank timer overrun [ 396.437493][ C1] vkms_vblank_simulate: vblank timer overrun [ 396.690748][ C1] vkms_vblank_simulate: vblank timer overrun [ 396.714553][ C1] vkms_vblank_simulate: vblank timer overrun [ 397.286689][ C1] vkms_vblank_simulate: vblank timer overrun [ 397.458812][ C1] vkms_vblank_simulate: vblank timer overrun [ 397.803236][ C1] vkms_vblank_simulate: vblank timer overrun [ 398.378644][ C1] vkms_vblank_simulate: vblank timer overrun [ 398.683998][ C1] vkms_vblank_simulate: vblank timer overrun [ 399.346702][ C1] vkms_vblank_simulate: vblank timer overrun [ 399.700093][ C1] vkms_vblank_simulate: vblank timer overrun [ 399.779290][ T8183] netlink: 4 bytes leftover after parsing attributes in process `syz.0.533'. [ 399.851880][ C1] vkms_vblank_simulate: vblank timer overrun [ 400.119627][ C1] vkms_vblank_simulate: vblank timer overrun [ 400.877507][ C1] vkms_vblank_simulate: vblank timer overrun [ 400.908534][ T5831] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 400.925549][ T5831] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 400.928622][ T5831] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 400.954740][ T5831] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 400.973531][ T5831] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 401.084967][ T4454] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.299379][ C1] vkms_vblank_simulate: vblank timer overrun [ 401.483173][ C1] vkms_vblank_simulate: vblank timer overrun [ 401.669206][ C1] vkms_vblank_simulate: vblank timer overrun [ 402.249138][ C1] vkms_vblank_simulate: vblank timer overrun [ 402.338443][ C1] vkms_vblank_simulate: vblank timer overrun [ 402.725933][ C1] vkms_vblank_simulate: vblank timer overrun [ 403.280565][ C1] vkms_vblank_simulate: vblank timer overrun [ 403.342722][ T5827] Bluetooth: hci5: command tx timeout [ 403.380183][ T8211] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 403.768888][ C1] vkms_vblank_simulate: vblank timer overrun [ 404.020225][ C1] vkms_vblank_simulate: vblank timer overrun [ 404.383312][ C1] vkms_vblank_simulate: vblank timer overrun [ 404.653127][ C1] vkms_vblank_simulate: vblank timer overrun [ 405.344221][ C1] vkms_vblank_simulate: vblank timer overrun [ 405.397046][ C1] vkms_vblank_simulate: vblank timer overrun [ 405.403587][ T5827] Bluetooth: hci5: command tx timeout [ 405.568791][ C1] vkms_vblank_simulate: vblank timer overrun [ 405.850102][ C1] vkms_vblank_simulate: vblank timer overrun [ 406.095617][ C1] vkms_vblank_simulate: vblank timer overrun [ 406.311552][ C1] vkms_vblank_simulate: vblank timer overrun [ 406.795582][ C1] vkms_vblank_simulate: vblank timer overrun [ 407.115166][ C1] vkms_vblank_simulate: vblank timer overrun [ 407.136214][ T4454] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.004322][ C1] vkms_vblank_simulate: vblank timer overrun [ 408.007504][ T5827] Bluetooth: hci5: command tx timeout [ 408.548841][ C1] vkms_vblank_simulate: vblank timer overrun [ 410.251950][ C1] vkms_vblank_simulate: vblank timer overrun [ 410.254210][ T5827] Bluetooth: hci5: command tx timeout [ 410.355858][ C1] vkms_vblank_simulate: vblank timer overrun [ 410.546657][ C1] vkms_vblank_simulate: vblank timer overrun [ 411.116149][ C1] vkms_vblank_simulate: vblank timer overrun [ 412.783856][ C1] vkms_vblank_simulate: vblank timer overrun [ 413.177627][ C1] vkms_vblank_simulate: vblank timer overrun [ 413.321709][ C1] vkms_vblank_simulate: vblank timer overrun [ 413.460176][ C1] vkms_vblank_simulate: vblank timer overrun [ 413.897712][ C1] vkms_vblank_simulate: vblank timer overrun [ 414.034233][ C1] vkms_vblank_simulate: vblank timer overrun [ 414.528516][ C1] vkms_vblank_simulate: vblank timer overrun [ 414.851373][ C1] vkms_vblank_simulate: vblank timer overrun [ 415.307020][ C1] vkms_vblank_simulate: vblank timer overrun [ 415.552655][ T8267] ------------[ cut here ]------------ [ 415.552670][ T8267] WARNING: CPU: 0 PID: 8267 at ./include/linux/seqlock.h:221 cgroup_freeze+0x80a/0xf90 [ 415.552700][ T8267] Modules linked in: [ 415.552723][ T8267] CPU: 0 UID: 0 PID: 8267 Comm: syz.3.550 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 415.552735][ T8267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 415.552744][ T8267] RIP: 0010:cgroup_freeze+0x80a/0xf90 [ 415.552758][ T8267] Code: 90 e9 9e fb ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c e7 f9 ff ff 4c 89 f7 e8 e1 43 67 00 e9 da f9 ff ff e8 17 68 06 00 90 <0f> 0b 90 e9 10 fc ff ff 44 89 f9 80 e1 07 38 c1 48 8b 0c 24 0f 8c [ 415.552767][ T8267] RSP: 0018:ffffc9000400f8e0 EFLAGS: 00010287 [ 415.552776][ T8267] RAX: ffffffff81b6c6a9 RBX: 0000000000000000 RCX: 0000000000080000 [ 415.552784][ T8267] RDX: ffffc9000e4c4000 RSI: 00000000000000bc RDI: 00000000000000bd [ 415.552791][ T8267] RBP: ffffc9000400fa70 R08: 0000000000000000 R09: 0000000000000000 [ 415.552798][ T8267] R10: dffffc0000000000 R11: fffffbfff1d6d2a7 R12: dffffc0000000000 [ 415.552806][ T8267] R13: 0000000000000000 R14: 0000000000000001 R15: ffff88802423c791 [ 415.552812][ T8267] FS: 00007f6dfda366c0(0000) GS:ffff888127017000(0000) knlGS:0000000000000000 [ 415.552821][ T8267] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 415.552828][ T8267] CR2: 0000001b30512ff8 CR3: 0000000031556000 CR4: 00000000003526f0 [ 415.552837][ T8267] Call Trace: [ 415.552843][ T8267] [ 415.552852][ T8267] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 415.552870][ T8267] ? __pfx_cgroup_freeze+0x10/0x10 [ 415.552882][ T8267] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 415.552897][ T8267] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 415.552911][ T8267] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 415.552930][ T8267] ? mutex_lock_nested+0x154/0x1d0 [ 415.552942][ T8267] ? cgroup_kn_lock_live+0x13c/0x230 [ 415.552962][ T8267] cgroup_freeze_write+0x156/0x1c0 [ 415.552974][ T8267] ? __pfx_cgroup_freeze_write+0x10/0x10 [ 415.552984][ T8267] ? kernfs_root+0x1c/0x230 [ 415.552993][ T8267] ? kernfs_root+0x1c/0x230 [ 415.553003][ T8267] ? kernfs_root+0x1ea/0x230 [ 415.553012][ T8267] ? __pfx_cgroup_freeze_write+0x10/0x10 [ 415.553023][ T8267] cgroup_file_write+0x39b/0x740 [ 415.553041][ T8267] ? __pfx_cgroup_file_write+0x10/0x10 [ 415.553062][ T8267] ? __pfx_cgroup_file_write+0x10/0x10 [ 415.553075][ T8267] kernfs_fop_write_iter+0x3b0/0x540 [ 415.553092][ T8267] vfs_write+0x5d5/0xb40 [ 415.553113][ T8267] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 415.553126][ T8267] ? __pfx_vfs_write+0x10/0x10 [ 415.553136][ T8267] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 415.553155][ T8267] ? mutex_lock_nested+0x154/0x1d0 [ 415.553166][ T8267] ? fdget_pos+0x253/0x320 [ 415.553203][ T8267] ksys_write+0x14b/0x260 [ 415.553217][ T8267] ? __pfx_ksys_write+0x10/0x10 [ 415.553228][ T8267] ? rcu_is_watching+0x15/0xb0 [ 415.553243][ T8267] ? do_syscall_64+0xbe/0x3b0 [ 415.553256][ T8267] do_syscall_64+0xfa/0x3b0 [ 415.553265][ T8267] ? lockdep_hardirqs_on+0x9c/0x150 [ 415.553280][ T8267] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.553290][ T8267] ? clear_bhb_loop+0x60/0xb0 [ 415.553302][ T8267] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.553312][ T8267] RIP: 0033:0x7f6dff7ceec9 [ 415.553324][ T8267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 415.553332][ T8267] RSP: 002b:00007f6dfda36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 415.553342][ T8267] RAX: ffffffffffffffda RBX: 00007f6dffa25fa0 RCX: 00007f6dff7ceec9 [ 415.553349][ T8267] RDX: 0000000000000012 RSI: 0000200000000200 RDI: 0000000000000009 [ 415.553356][ T8267] RBP: 00007f6dff851f91 R08: 0000000000000000 R09: 0000000000000000 [ 415.553362][ T8267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 415.553368][ T8267] R13: 00007f6dffa26038 R14: 00007f6dffa25fa0 R15: 00007ffc4a64c238 [ 415.553386][ T8267] [ 415.553395][ T8267] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 415.553402][ T8267] CPU: 0 UID: 0 PID: 8267 Comm: syz.3.550 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 415.553414][ T8267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 415.553419][ T8267] Call Trace: [ 415.553423][ T8267] [ 415.553427][ T8267] dump_stack_lvl+0x99/0x250 [ 415.553438][ T8267] ? __asan_memcpy+0x40/0x70 [ 415.553450][ T8267] ? __pfx_dump_stack_lvl+0x10/0x10 [ 415.553460][ T8267] ? __pfx__printk+0x10/0x10 [ 415.553481][ T8267] vpanic+0x281/0x750 [ 415.553491][ T8267] ? __pfx__printk+0x10/0x10 [ 415.553503][ T8267] ? __pfx_vpanic+0x10/0x10 [ 415.553513][ T8267] ? is_bpf_text_address+0x26/0x2b0 [ 415.553531][ T8267] panic+0xb9/0xc0 [ 415.553541][ T8267] ? __pfx_panic+0x10/0x10 [ 415.553559][ T8267] __warn+0x31b/0x4b0 [ 415.553569][ T8267] ? cgroup_freeze+0x80a/0xf90 [ 415.553583][ T8267] ? cgroup_freeze+0x80a/0xf90 [ 415.553596][ T8267] report_bug+0x2be/0x4f0 [ 415.553610][ T8267] ? cgroup_freeze+0x80a/0xf90 [ 415.553622][ T8267] ? cgroup_freeze+0x80a/0xf90 [ 415.553635][ T8267] ? cgroup_freeze+0x80c/0xf90 [ 415.553647][ T8267] handle_bug+0x84/0x160 [ 415.553658][ T8267] exc_invalid_op+0x1a/0x50 [ 415.553669][ T8267] asm_exc_invalid_op+0x1a/0x20 [ 415.553678][ T8267] RIP: 0010:cgroup_freeze+0x80a/0xf90 [ 415.553690][ T8267] Code: 90 e9 9e fb ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c e7 f9 ff ff 4c 89 f7 e8 e1 43 67 00 e9 da f9 ff ff e8 17 68 06 00 90 <0f> 0b 90 e9 10 fc ff ff 44 89 f9 80 e1 07 38 c1 48 8b 0c 24 0f 8c [ 415.553698][ T8267] RSP: 0018:ffffc9000400f8e0 EFLAGS: 00010287 [ 415.553706][ T8267] RAX: ffffffff81b6c6a9 RBX: 0000000000000000 RCX: 0000000000080000 [ 415.553713][ T8267] RDX: ffffc9000e4c4000 RSI: 00000000000000bc RDI: 00000000000000bd [ 415.553719][ T8267] RBP: ffffc9000400fa70 R08: 0000000000000000 R09: 0000000000000000 [ 415.553726][ T8267] R10: dffffc0000000000 R11: fffffbfff1d6d2a7 R12: dffffc0000000000 [ 415.553733][ T8267] R13: 0000000000000000 R14: 0000000000000001 R15: ffff88802423c791 [ 415.553744][ T8267] ? cgroup_freeze+0x809/0xf90 [ 415.553764][ T8267] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 415.553780][ T8267] ? __pfx_cgroup_freeze+0x10/0x10 [ 415.553792][ T8267] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 415.553806][ T8267] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 415.553820][ T8267] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 415.553837][ T8267] ? mutex_lock_nested+0x154/0x1d0 [ 415.553848][ T8267] ? cgroup_kn_lock_live+0x13c/0x230 [ 415.553868][ T8267] cgroup_freeze_write+0x156/0x1c0 [ 415.553879][ T8267] ? __pfx_cgroup_freeze_write+0x10/0x10 [ 415.553889][ T8267] ? kernfs_root+0x1c/0x230 [ 415.553897][ T8267] ? kernfs_root+0x1c/0x230 [ 415.553907][ T8267] ? kernfs_root+0x1ea/0x230 [ 415.553916][ T8267] ? __pfx_cgroup_freeze_write+0x10/0x10 [ 415.553927][ T8267] cgroup_file_write+0x39b/0x740 [ 415.553945][ T8267] ? __pfx_cgroup_file_write+0x10/0x10 [ 415.553966][ T8267] ? __pfx_cgroup_file_write+0x10/0x10 [ 415.553978][ T8267] kernfs_fop_write_iter+0x3b0/0x540 [ 415.553995][ T8267] vfs_write+0x5d5/0xb40 [ 415.554009][ T8267] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 415.554023][ T8267] ? __pfx_vfs_write+0x10/0x10 [ 415.554032][ T8267] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 415.554050][ T8267] ? mutex_lock_nested+0x154/0x1d0 [ 415.554061][ T8267] ? fdget_pos+0x253/0x320 [ 415.554079][ T8267] ksys_write+0x14b/0x260 [ 415.554092][ T8267] ? __pfx_ksys_write+0x10/0x10 [ 415.554102][ T8267] ? rcu_is_watching+0x15/0xb0 [ 415.554121][ T8267] ? do_syscall_64+0xbe/0x3b0 [ 415.554134][ T8267] do_syscall_64+0xfa/0x3b0 [ 415.554143][ T8267] ? lockdep_hardirqs_on+0x9c/0x150 [ 415.554157][ T8267] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.554167][ T8267] ? clear_bhb_loop+0x60/0xb0 [ 415.554180][ T8267] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.554190][ T8267] RIP: 0033:0x7f6dff7ceec9 [ 415.554198][ T8267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 415.554206][ T8267] RSP: 002b:00007f6dfda36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 415.554215][ T8267] RAX: ffffffffffffffda RBX: 00007f6dffa25fa0 RCX: 00007f6dff7ceec9 [ 415.554223][ T8267] RDX: 0000000000000012 RSI: 0000200000000200 RDI: 0000000000000009 [ 415.554229][ T8267] RBP: 00007f6dff851f91 R08: 0000000000000000 R09: 0000000000000000 [ 415.554235][ T8267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 415.554241][ T8267] R13: 00007f6dffa26038 R14: 00007f6dffa25fa0 R15: 00007ffc4a64c238 [ 415.554258][ T8267] [ 415.554540][ T8267] Kernel Offset: disabled