last executing test programs: 12m37.065992779s ago: executing program 0 (id=10): signalfd4(0xffffffffffffffff, &(0x7f00000008c0), 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f00000008c0)={0xe, 0x18, 0xfa00, @ib_path={0x0}}, 0x20) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000800000003003c02ffffffef35"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000680)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[], [], 0x6b}}) openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000380), 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) sendmmsg(0xffffffffffffffff, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000540)="49138d2c", 0x1349}], 0x1}}], 0x1, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='k\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050427bd7000fddbdf2501000000080001", @ANYRES32=r3, @ANYBLOB="4800028044000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500030005000000110004006163746976656261636b757000000000"], 0x64}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084) signalfd(0xffffffffffffffff, &(0x7f00000000c0)={[0x6ba]}, 0x8) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040000}, 0x0) sendmsg$IPSET_CMD_TEST(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="640000000906010800000000000000000600000505000100070000003c0007801800148014000240fc0000000000000000000000000000011800018014000240ff01000000000000000000000000000105000300070000000900020073797a31"], 0x64}}, 0x4800) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1b, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xc}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r5}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r6}, 0x10) 12m31.820023734s ago: executing program 0 (id=15): socket(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$kcm(0x29, 0x2, 0x0) write$cgroup_pressure(r0, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x10000082}, 0x4000080) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @rt={{0x7}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "ef"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x8c}, 0x1, 0x0, 0x0, 0x20004001}, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendto$inet6(r1, 0x0, 0x0, 0x2400c444, &(0x7f0000000300)={0xa, 0x4e1e, 0x9, @loopback, 0x1}, 0x1c) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000580)={r3, &(0x7f0000000780)="a73e3e44d16e45439c1688f3fba86da57ec0c3c12dceec3c25fcb6c7b9dab17a0dab4097f2fc2784b6540f9e0a9bd0c9ef56aaa35c9a4a1b45d51f163eff65b084adb62d775567f12cc8114dc17e02b9480ecfd64a64e54d95f4a1d6ae7f221e324335c683e29f19af109693248051cf194e41aff8c5ea0b2bde0f24443fb79c106d61d66fca0c5874b5e055c54b60326655fdc7e204f1efcc6e9a49d7f2e4be6e801097dfb5f175e9c0d10c", &(0x7f0000000540)=""/12}, 0x20) r5 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000340), 0x8) ioctl$FS_IOC_FSGETXATTR(r5, 0x801c581f, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r7 = accept4(r6, 0x0, 0x0, 0x800) sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a", 0x27}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r8, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r9, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 12m31.31018173s ago: executing program 0 (id=16): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020}, 0x2020) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r3, &(0x7f0000000080)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) 12m29.734323532s ago: executing program 0 (id=18): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffff7f}]}) msgget(0x2, 0x340) r3 = socket$phonet(0x23, 0x2, 0x1) ioctl$SIOCPNDELRESOURCE(r3, 0x89ef, &(0x7f00000000c0)=0xfffffffd) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0) sched_getattr(0x0, 0x0, 0x0, 0x0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@subsystem='cpuacct'}, {@xattr}]}) mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x40078, &(0x7f0000000000)) r5 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040), &(0x7f0000000080)) ppoll(&(0x7f0000000140)=[{r5, 0x18}], 0x1, &(0x7f00000001c0)={0x0, 0x3938700}, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$HCIINQUIRY(r4, 0x400448ca, 0x0) ioctl$sock_bt_hci(r4, 0x400448c9, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) 12m21.315028687s ago: executing program 0 (id=25): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffff7f}]}) msgget(0x2, 0x340) r3 = socket$phonet(0x23, 0x2, 0x1) ioctl$SIOCPNDELRESOURCE(r3, 0x89ef, &(0x7f00000000c0)=0xfffffffd) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@subsystem='cpuacct'}, {@xattr}]}) mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x40078, &(0x7f0000000000)) r5 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040), &(0x7f0000000080)) ppoll(&(0x7f0000000140)=[{r5, 0x18}], 0x1, &(0x7f00000001c0)={0x0, 0x3938700}, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$HCIINQUIRY(r4, 0x400448ca, 0x0) ioctl$sock_bt_hci(r4, 0x400448c9, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) 12m18.814040284s ago: executing program 0 (id=27): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_WOWLAN(r2, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000880)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x4000884}, 0x6040) syz_genetlink_get_family_id$nl80211(0x0, r2) r3 = io_uring_setup(0x1148, &(0x7f0000000300)={0x0, 0xc95e, 0x80, 0x2, 0x30f}) io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) syz_open_procfs(0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) timerfd_create(0x7, 0x80000) r4 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r4, &(0x7f0000000040)={0x18, 0x0, {0x1, @empty, 'ip6gre0\x00'}}, 0x1e) sendmmsg(r4, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}}], 0x3e8, 0x0) 12m2.623956427s ago: executing program 32 (id=27): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_WOWLAN(r2, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000880)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x4000884}, 0x6040) syz_genetlink_get_family_id$nl80211(0x0, r2) r3 = io_uring_setup(0x1148, &(0x7f0000000300)={0x0, 0xc95e, 0x80, 0x2, 0x30f}) io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) syz_open_procfs(0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) timerfd_create(0x7, 0x80000) r4 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r4, &(0x7f0000000040)={0x18, 0x0, {0x1, @empty, 'ip6gre0\x00'}}, 0x1e) sendmmsg(r4, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}}], 0x3e8, 0x0) 11m4.19496977s ago: executing program 3 (id=100): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0, 0x1}) r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_GET_PCI(r2, 0x5393, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000300)={0x17, 0xa, 0x2, "ba2000fc0000000000ffff00", 0x3247504d}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r6, 0xc058534f, &(0x7f00000001c0)={{0xf, 0x1}, 0x1, 0x4, 0x2}) 11m1.364967341s ago: executing program 3 (id=104): socket$inet_udp(0x2, 0x2, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6(0x10, 0x2, 0x4) 10m58.620476659s ago: executing program 3 (id=107): r0 = socket(0x2a, 0x2, 0x3) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[], 0x48) ioctl$SIOCSIFMTU(r0, 0x541b, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x876, &(0x7f0000000140)={0x0, 0x114df, 0x0, 0x0, 0x89}, &(0x7f0000000240)=0x0, &(0x7f0000000200)=0x0) mkdir(0x0, 0xf5) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITE_FIXED={0x5, 0x0, 0x0, @fd=r6, 0x4, 0x0, 0x2, 0x0, 0x1, {0x0, r7}}) syz_io_uring_complete(r4) io_uring_enter(r3, 0x3516, 0xaddf, 0x2, 0x0, 0x1517f) 10m56.453585257s ago: executing program 3 (id=110): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffff7f}]}) msgget(0x2, 0x340) r3 = socket$phonet(0x23, 0x2, 0x1) ioctl$SIOCPNDELRESOURCE(r3, 0x89ef, &(0x7f00000000c0)=0xfffffffd) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0) sched_getattr(0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@subsystem='cpuacct'}, {@xattr}]}) mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x40078, &(0x7f0000000000)) r4 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040), &(0x7f0000000080)) ppoll(&(0x7f0000000140)=[{r4, 0x18}], 0x1, &(0x7f00000001c0)={0x0, 0x3938700}, 0x0, 0x0) ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448c9, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) 10m54.189579365s ago: executing program 3 (id=112): r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$PPPIOCSMRU(r0, 0x40047452, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3e, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() poll(0x0, 0x0, 0xa) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4007fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4, 0x0, 0x7}, 0x18) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x6) r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r5, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r6}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r5, 0xc01064ab, &(0x7f0000000380)={0x1, r7, r6}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r5, 0xc01064ab, &(0x7f0000000080)={0x0, r7, r6}) 10m51.788509096s ago: executing program 3 (id=115): socket(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$kcm(0x29, 0x2, 0x0) write$cgroup_pressure(r0, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x10000082}, 0x4000080) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @rt={{0x7}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "ef"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x8c}, 0x1, 0x0, 0x0, 0x20004001}, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendto$inet6(r1, 0x0, 0x0, 0x2400c444, &(0x7f0000000300)={0xa, 0x4e1e, 0x9, @loopback, 0x1}, 0x1c) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000580)={r4, &(0x7f0000000780)="a73e3e44d16e45439c1688f3fba86da57ec0c3c12dceec3c25fcb6c7b9dab17a0dab4097f2fc2784b6540f9e0a9bd0c9ef56aaa35c9a4a1b45d51f163eff65b084adb62d775567f12cc8114dc17e02b9480ecfd64a64e54d95f4a1d6ae7f221e324335c683e29f19af109693248051cf194e41aff8c5ea0b2bde0f24443fb79c106d61d66fca0c5874b5e055c54b60326655fdc7e204f1efcc6e9a49d7f2e4be6e801097dfb5f175e9c0d10c", &(0x7f0000000540)=""/12}, 0x20) bpf$TOKEN_CREATE(0x24, &(0x7f0000000340), 0x8) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r7 = accept4(r6, 0x0, 0x0, 0x800) sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r8, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r9, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 10m36.472320875s ago: executing program 33 (id=115): socket(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$kcm(0x29, 0x2, 0x0) write$cgroup_pressure(r0, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x10000082}, 0x4000080) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @rt={{0x7}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "ef"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x8c}, 0x1, 0x0, 0x0, 0x20004001}, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendto$inet6(r1, 0x0, 0x0, 0x2400c444, &(0x7f0000000300)={0xa, 0x4e1e, 0x9, @loopback, 0x1}, 0x1c) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000580)={r4, &(0x7f0000000780)="a73e3e44d16e45439c1688f3fba86da57ec0c3c12dceec3c25fcb6c7b9dab17a0dab4097f2fc2784b6540f9e0a9bd0c9ef56aaa35c9a4a1b45d51f163eff65b084adb62d775567f12cc8114dc17e02b9480ecfd64a64e54d95f4a1d6ae7f221e324335c683e29f19af109693248051cf194e41aff8c5ea0b2bde0f24443fb79c106d61d66fca0c5874b5e055c54b60326655fdc7e204f1efcc6e9a49d7f2e4be6e801097dfb5f175e9c0d10c", &(0x7f0000000540)=""/12}, 0x20) bpf$TOKEN_CREATE(0x24, &(0x7f0000000340), 0x8) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r7 = accept4(r6, 0x0, 0x0, 0x800) sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r8, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r9, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 30.096835588s ago: executing program 4 (id=813): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5}, 0x50) 29.611713783s ago: executing program 4 (id=814): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$KEYCTL_MOVE(0x1e, r1, 0xfffffffffffffffd, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) io_uring_setup(0x669, &(0x7f0000000140)={0x0, 0x0, 0x400}) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x1000, 0x802, 0xfa, 0x8, 0x402, 0x1c49}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) map_shadow_stack(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000300)={0x5, @capture={0x0, 0x1, {0x3, 0x10000000}, 0x0, 0x7ff}}) 23.076657097s ago: executing program 1 (id=821): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x61, 0x8e}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r3, 0xc01c64a3, &(0x7f0000000040)={0x3, r5, 0x10000000, 0x80000001, 0xb, 0x1fd, 0x1}) close_range(r3, 0xffffffffffffffff, 0x0) 23.073117553s ago: executing program 4 (id=822): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$inet6(0xa, 0x80002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x0) r4 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000780)={0x0, r4}, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x8911, &(0x7f0000000140)={0xa, 0xfffc, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x1}, 0x1c) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) shmget$private(0x0, 0x4000, 0x40, &(0x7f0000ffc000/0x4000)=nil) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, 0xffffffffffffffff, 0x2000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xffffffdb) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) migrate_pages(0x0, 0x3, &(0x7f0000000300)=0x3, &(0x7f0000000040)=0x13e) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="50000000ff070000000000000000000001000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000000000000000000b10d875a6af9d08a52e8e1b1bcca0d678c48b8c443535d76fff30aaeaea8edecfb9fe1df564ae7e7f31cbd0157690a5f23cc35590391d27081ea3b56d7f5a1190d52e8dad264f3396485ee59769a1b06ea35ed37d03abedf4e0923f51147126d5fa546ef18bc93baa6285f96c69378e6cbfd72c81e5f47f58c9b88d96b7df91ff20108cbc4944bc98c31246f09cbb6c09cc34660601b4cbb0d9c6105e8caba3f1b25d03ce8bfa55e568982a515e05222aef564dbdbe882b6f455d4c009114156870f963118d45950717f78d28dd3d35ad4df4b8dfcf3ced3", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x50}}, 0x0) 21.974958206s ago: executing program 1 (id=823): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5}, 0x50) 20.915533192s ago: executing program 1 (id=824): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setxattr$incfs_metadata(0x0, 0x0, &(0x7f0000000880)="22cff580", 0x4, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0}, 0x68) r2 = io_uring_setup(0x9, &(0x7f0000000040)={0x0, 0x20c8a1, 0x1c881, 0x8, 0xd1}) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f00000013c0)={0x0, 0x2, 0x2, {0x5, @vbi={0x0, 0x0, 0x4, 0x0, [], [0x8200], 0x1}}}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 18.353999092s ago: executing program 4 (id=828): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_procfs(0x0, 0x0) r3 = syz_clone(0x40010000, 0x0, 0x4f, 0x0, 0x0, 0x0) ptrace(0x10, r3) r4 = syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0x400017e) r5 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_FREE_STREAMS(r5, 0x8008551d, &(0x7f0000000140)=ANY=[@ANYBLOB="7851160007"]) r6 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x141842, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r4, 0xc05c6104, &(0x7f0000004180)={"2370491d", 0x0, 0x5, 0x2, 0x8, 0x5, "000064640000001503fe00", "037ec42b", '\x00', "64bdac32", ["e8668c391f77c50600", "3549ffffffffffffff010800", "2fc7977386a7a0236a9cc1f0", "cf6cce2296b3f853e224c4e0"]}) futimesat(r6, &(0x7f0000000240)='./file1/file0\x00', &(0x7f0000000300)) r7 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r7, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4) openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x42, 0x0) keyctl$join(0x1, 0x0) 16.757675095s ago: executing program 4 (id=829): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r2 = io_uring_setup(0x9, &(0x7f0000000040)={0x0, 0x20c8a1, 0x1c881, 0x8, 0xd1}) io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f7}) sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x2d, 0x0, 0x1f, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x4) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) inotify_add_watch(0xffffffffffffffff, 0x0, 0x400) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$VIDIOC_QBUF(r3, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, "8000"}, 0x0, 0x2, {}, 0x20800}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 16.698059011s ago: executing program 5 (id=830): r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$PPPIOCSMRU(r0, 0x40047452, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3e, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() poll(0x0, 0x0, 0xa) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4007fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4, 0x0, 0x7}, 0x18) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x6) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r6, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r7}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r6, 0xc01064ab, &(0x7f0000000380)={0x1, r8, r7}) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000800000000500000a40000000060a8bae00000000000000000a0000010900010073797a31000000001400048010000180090001006d617371000000000900020073797a320000000014000000110001"], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) 16.48740945s ago: executing program 2 (id=831): openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00') prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) setgroups(0x0, 0x0) lseek(r3, 0x10000000005, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0) r4 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r4, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x41, 0x0) write$nbd(r5, &(0x7f00000001c0)=ANY=[], 0x40) 14.096775236s ago: executing program 5 (id=832): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffff7f}]}) msgget(0x2, 0x340) r3 = socket$phonet(0x23, 0x2, 0x1) ioctl$SIOCPNDELRESOURCE(r3, 0x89ef, &(0x7f00000000c0)=0xfffffffd) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0) sched_getattr(0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@subsystem='cpuacct'}, {@xattr}]}) mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x40078, &(0x7f0000000000)) syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040), &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448ca, 0x0) ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448c9, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) 13.984720898s ago: executing program 2 (id=833): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5}, 0x50) 12.511473616s ago: executing program 2 (id=834): syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="040f0409010104c8eea31e1af65b3d308b088e858ed276c50d78f4164a7063bd1aa504efa3d56f6647797bb182e891afe21df84dff1d7f406ab97d1182edf704527c023e48988758de3017fde42f12c1ee72fdcd65dc6ca1d0f92908"], 0x7) openat$kvm(0xffffffffffffff9c, 0x0, 0x20040, 0x0) r0 = openat$binfmt_format(0xffffffffffffff9c, 0x0, 0x2, 0x0) writev(r0, &(0x7f0000000800)=[{&(0x7f0000000740)="66b783f0", 0x4}], 0x1) syz_usb_connect(0x2, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xbc, 0xe9, 0xd9, 0x20, 0x2040, 0x7510, 0x6ddd, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x3b, 0x0, 0x0, 0xd9, 0x50, 0xdb}}]}}]}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x33, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\xd8'}]}, @nested={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x72}]}]}, 0x28}, 0x1, 0x0, 0x0, 0xc000}, 0xc010) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2) ftruncate(0xffffffffffffffff, 0xffff) fcntl$addseals(0xffffffffffffffff, 0x409, 0x7) 12.509974871s ago: executing program 1 (id=835): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffff7f}]}) r2 = socket$phonet(0x23, 0x2, 0x1) ioctl$SIOCPNDELRESOURCE(r2, 0x89ef, &(0x7f00000000c0)=0xfffffffd) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0) sched_getattr(0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@subsystem='cpuacct'}, {@xattr}]}) mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x40078, &(0x7f0000000000)) r4 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040), &(0x7f0000000080)) ppoll(&(0x7f0000000140)=[{r4, 0x18}], 0x1, &(0x7f00000001c0)={0x0, 0x3938700}, 0x0, 0x0) ioctl$sock_bt_hci(r3, 0x400448c9, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) 12.275320927s ago: executing program 5 (id=836): socket$inet_udp(0x2, 0x2, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec85"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) sched_setscheduler(0x0, 0x2, 0x0) r5 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r5, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x40, 0x0, 0xfffffd8b) 10.315418496s ago: executing program 5 (id=837): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_procfs(0x0, 0x0) r3 = syz_clone(0x40010000, 0x0, 0x4f, 0x0, 0x0, 0x0) ptrace(0x10, r3) r4 = syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0x400017e) r5 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_FREE_STREAMS(r5, 0x8008551d, &(0x7f0000000140)=ANY=[@ANYBLOB="7851160007"]) ioctl$CEC_ADAP_S_LOG_ADDRS(r4, 0xc05c6104, &(0x7f0000004180)={"2370491d", 0x0, 0x5, 0x2, 0x8, 0x5, "000064640000001503fe00", "037ec42b", '\x00', "64bdac32", ["e8668c391f77c50600", "3549ffffffffffffff010800", "2fc7977386a7a0236a9cc1f0", "cf6cce2296b3f853e224c4e0"]}) futimesat(0xffffffffffffffff, &(0x7f0000000240)='./file1/file0\x00', &(0x7f0000000300)) socket$xdp(0x2c, 0x3, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x42, 0x0) keyctl$join(0x1, 0x0) 10.259169418s ago: executing program 2 (id=838): socket$inet_udp(0x2, 0x2, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) r5 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r5, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x40, 0x0, 0xfffffd8b) 6.442303888s ago: executing program 5 (id=839): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$inet6(0xa, 0x80002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x0) r4 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000780)={0x0, r4}, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x8911, &(0x7f0000000140)={0xa, 0xfffc, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x1}, 0x1c) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) shmget$private(0x0, 0x4000, 0x40, &(0x7f0000ffc000/0x4000)=nil) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, 0xffffffffffffffff, 0x2000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xffffffdb) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) migrate_pages(0x0, 0x3, &(0x7f0000000300)=0x3, &(0x7f0000000040)=0x13e) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="50000000ff070000000000000000000001000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000000000000000000b10d875a6af9d08a52e8e1b1bcca0d678c48b8c443535d76fff30aaeaea8edecfb9fe1df564ae7e7f31cbd0157690a5f23cc35590391d27081ea3b56d7f5a1190d52e8dad264f3396485ee59769a1b06ea35ed37d03abedf4e0923f51147126d5fa546ef18bc93baa6285f96c69378e6cbfd72c81e5f47f58c9b88d96b7df91ff20108cbc4944bc98c31246f09cbb6c09cc34660601b4cbb0d9c6105e8caba3f1b25d03ce8bfa55e568982a515e05222aef564dbdbe882b6f455d4c009114156870f963118d45950717f78d28dd3d35ad4df4b8dfcf3ced3", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x50}}, 0x0) 6.309654743s ago: executing program 2 (id=840): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, 0x0, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000400000/0x1000)=nil, 0x20400000}, 0x1}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f7}) sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x2d, 0x0, 0x1f, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x4) mount$pvfs2(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x2008041, &(0x7f0000000140)={[{'\x00'}, {'}$^[-[-\'\x00'}], [{@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@fsmagic={'fsmagic', 0x3d, 0x7e92}}, {@smackfshat={'smackfshat', 0x3d, '${'}}]}) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000008850000002900000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000200)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x94) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, "8000"}, 0x0, 0x2, {}, 0x20800}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 5.117744006s ago: executing program 4 (id=841): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0) getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, &(0x7f0000001040)=0x5d) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000200), 0x101143, 0x0) ioctl$IOCTL_GET_NUM_DEVICES(r4, 0x40046104, &(0x7f0000000240)) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000002c0)='cdg\x00', 0x4) r5 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000bc0)={0x4c, 0x12, 0x301, 0x0, 0x25dfdbfd, {0x0, 0x6, 0x0, 0x0, {0x4e23, 0x4e23, [0x0, 0x0, 0x81], [0x1, 0xfffffffd, 0x10000], 0x0, [0x0, 0x7fff]}, 0x7}}, 0x4c}, 0x1, 0x0, 0x0, 0x20044190}, 0x20040000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b) r6 = inotify_init1(0x0) inotify_add_watch(r6, &(0x7f0000000180)='./control\x00', 0xa4000960) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)=0xffff0018) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="480000000206050000000000000000d0e75af08e19cf74a040a4dd57a08f0000000005000300070095b7090100010000000000000000040007800c000300686173683ae970000500"], 0x48}, 0x1, 0x0, 0x0, 0x4004000}, 0x40080) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 2.765991841s ago: executing program 1 (id=842): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0) getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, &(0x7f0000001040)=0x5d) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000200), 0x101143, 0x0) ioctl$IOCTL_GET_NUM_DEVICES(r4, 0x40046104, &(0x7f0000000240)) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000002c0)='cdg\x00', 0x4) r5 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000bc0)={0x4c, 0x12, 0x301, 0x0, 0x25dfdbfd, {0x0, 0x6, 0x0, 0x0, {0x4e23, 0x4e23, [0x0, 0x0, 0x81], [0x1, 0xfffffffd, 0x10000], 0x0, [0x0, 0x7fff]}, 0x7}}, 0x4c}, 0x1, 0x0, 0x0, 0x20044190}, 0x20040000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b) r6 = inotify_init1(0x0) inotify_add_watch(r6, &(0x7f0000000180)='./control\x00', 0xa4000960) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)=0xffff0018) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="480000000206050000000000000000d0e75af08e19cf74a040a4dd57a08f0000000005000300070095b7090100010000000000000000040007800c000300686173683ae970000500"], 0x48}, 0x1, 0x0, 0x0, 0x4004000}, 0x40080) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 1.927527647s ago: executing program 2 (id=843): syz_open_dev$sndctrl(&(0x7f0000000040), 0xffffffffffffffff, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000104c05c4050000000000010902240001000000000904000028c4cbfb8cc639010300000009210000000122050009058103000000000015da9d93d8d84a13eca8fb4bbf74ef45546bbd9147b79ff43c7937522384fef8be640a444d2113ec9936b1d9a62f5bf18f95a7"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x3, "eb31b7d2"}]}}, 0x0}, 0x0) r1 = syz_io_uring_setup(0x6b25, 0x0, &(0x7f0000000140), 0x0) io_uring_register$IORING_REGISTER_FILES(r1, 0x2, 0x0, 0x0) getpid() getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280"], 0xdc}}, 0x0) sendmsg$NFT_MSG_GETRULE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000190a0102"], 0x14}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a300000000030000000060a010400000000000000000100000008000b40000000000900010073797a3000000000050007400800000014000000110001"], 0xa4}, 0x1, 0x0, 0x0, 0x2004c899}, 0x0) recvmmsg(r5, &(0x7f000000c2c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) socket$kcm(0xa, 0x2, 0x73) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) 101.434856ms ago: executing program 1 (id=844): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffff7f}]}) msgget(0x2, 0x340) r3 = socket$phonet(0x23, 0x2, 0x1) ioctl$SIOCPNDELRESOURCE(r3, 0x89ef, &(0x7f00000000c0)=0xfffffffd) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0) sched_getattr(0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@subsystem='cpuacct'}, {@xattr}]}) mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x40078, &(0x7f0000000000)) syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040), &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$HCIINQUIRY(r4, 0x400448ca, 0x0) ioctl$sock_bt_hci(r4, 0x400448c9, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) 0s ago: executing program 5 (id=845): r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$PPPIOCSMRU(r0, 0x40047452, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3e, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() poll(0x0, 0x0, 0xa) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4007fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4, 0x0, 0x7}, 0x18) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x6) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r6, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r7}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r6, 0xc01064ab, &(0x7f0000000380)={0x1, r8, r7}) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000800000000500000a40000000060a8bae00000000000000000a0000010900010073797a31000000001400048010000180090001006d617371000000000900020073797a320000000014000000110001"], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) kernel console output (not intermixed with test programs): type=1326 audit(1757869310.647:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7427 comm="syz.2.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e05f0eba9 code=0x7ffc0000 [ 378.871995][ T37] audit: type=1326 audit(1757869310.647:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7427 comm="syz.2.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e05f0eba9 code=0x7ffc0000 [ 378.892659][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.892758][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.936380][ T7436] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 379.105641][ C0] vkms_vblank_simulate: vblank timer overrun [ 379.385645][ C0] vkms_vblank_simulate: vblank timer overrun [ 379.452255][ T37] audit: type=1326 audit(1757869311.217:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7448 comm="syz.4.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 379.452314][ T37] audit: type=1326 audit(1757869311.217:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7448 comm="syz.4.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 379.452357][ T37] audit: type=1326 audit(1757869311.217:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7448 comm="syz.4.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 379.494869][ T7459] new mount options do not match the existing superblock, will be ignored [ 379.497342][ T7459] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 379.592086][ T37] audit: type=1326 audit(1757869311.367:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7448 comm="syz.4.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 379.592312][ T37] audit: type=1326 audit(1757869311.367:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7448 comm="syz.4.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 379.881819][ C0] vkms_vblank_simulate: vblank timer overrun [ 379.937376][ T7459] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 380.999513][ C1] vkms_vblank_simulate: vblank timer overrun [ 381.085692][ T7207] team0: Port device team_slave_0 added [ 381.272285][ T3492] hsr_slave_0: left promiscuous mode [ 381.627641][ C1] vkms_vblank_simulate: vblank timer overrun [ 381.672512][ T3492] hsr_slave_1: left promiscuous mode [ 381.673651][ T3492] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 381.897629][ C1] vkms_vblank_simulate: vblank timer overrun [ 382.039491][ T7474] new mount options do not match the existing superblock, will be ignored [ 382.061050][ T7474] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 382.160442][ C1] vkms_vblank_simulate: vblank timer overrun [ 382.314835][ C1] vkms_vblank_simulate: vblank timer overrun [ 382.767461][ T3492] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 382.818907][ C1] vkms_vblank_simulate: vblank timer overrun [ 382.885546][ T3492] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 382.913859][ T7474] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 382.921832][ T7472] workqueue: Failed to create a rescuer kthread for wq "xfs-blockgc/nullb0": -EINTR [ 383.021858][ C1] vkms_vblank_simulate: vblank timer overrun [ 383.042085][ T3492] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 384.445538][ C1] vkms_vblank_simulate: vblank timer overrun [ 384.535203][ C1] vkms_vblank_simulate: vblank timer overrun [ 385.722974][ T3492] team0 (unregistering): Port device team_slave_1 removed [ 386.950536][ C1] vkms_vblank_simulate: vblank timer overrun [ 387.017608][ C1] vkms_vblank_simulate: vblank timer overrun [ 387.253279][ C1] vkms_vblank_simulate: vblank timer overrun [ 387.572198][ C1] vkms_vblank_simulate: vblank timer overrun [ 388.317914][ C1] vkms_vblank_simulate: vblank timer overrun [ 388.504563][ C1] vkms_vblank_simulate: vblank timer overrun [ 388.753680][ T3492] team0 (unregistering): Port device team_slave_0 removed [ 388.848116][ C1] vkms_vblank_simulate: vblank timer overrun [ 389.286907][ C1] vkms_vblank_simulate: vblank timer overrun [ 389.426349][ T7520] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 390.127111][ C1] vkms_vblank_simulate: vblank timer overrun [ 392.529696][ C1] vkms_vblank_simulate: vblank timer overrun [ 393.822899][ T3492] team0 (unregistering): Port device team_slave_1 removed [ 394.143985][ T3492] team0 (unregistering): Port device team_slave_0 removed [ 396.863194][ C1] vkms_vblank_simulate: vblank timer overrun [ 397.469149][ C1] vkms_vblank_simulate: vblank timer overrun [ 398.052933][ C1] vkms_vblank_simulate: vblank timer overrun [ 398.079315][ T37] kauditd_printk_skb: 6 callbacks suppressed [ 398.079360][ T37] audit: type=1326 audit(1757869329.827:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7550 comm="syz.1.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 398.079743][ T37] audit: type=1326 audit(1757869329.827:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7550 comm="syz.1.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 398.080042][ T37] audit: type=1326 audit(1757869329.827:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7550 comm="syz.1.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 398.353212][ T7560] new mount options do not match the existing superblock, will be ignored [ 398.354643][ T7560] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 399.356197][ C1] vkms_vblank_simulate: vblank timer overrun [ 399.386457][ C1] vkms_vblank_simulate: vblank timer overrun [ 399.751007][ C1] vkms_vblank_simulate: vblank timer overrun [ 399.768562][ T5849] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 399.787426][ T5857] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 399.863884][ T5857] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 399.904842][ T5857] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 399.926322][ T5857] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 400.034120][ T5857] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 400.139933][ T5857] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 400.287973][ T37] audit: type=1326 audit(1757869332.067:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7550 comm="syz.1.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 400.288029][ T37] audit: type=1326 audit(1757869332.067:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7550 comm="syz.1.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 400.364484][ T7560] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 400.473132][ C1] vkms_vblank_simulate: vblank timer overrun [ 400.966563][ C1] vkms_vblank_simulate: vblank timer overrun [ 401.484603][ C1] vkms_vblank_simulate: vblank timer overrun [ 401.860569][ C1] vkms_vblank_simulate: vblank timer overrun [ 402.023872][ T7578] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 402.725099][ C1] vkms_vblank_simulate: vblank timer overrun [ 402.732308][ T5857] Bluetooth: hci4: command tx timeout [ 403.892802][ T7207] team0: Port device team_slave_1 added [ 404.803797][ T5857] Bluetooth: hci4: command tx timeout [ 405.454630][ T7341] chnl_net:caif_netlink_parms(): no params data found [ 406.405309][ C1] vkms_vblank_simulate: vblank timer overrun [ 406.615798][ C1] vkms_vblank_simulate: vblank timer overrun [ 406.883221][ T5857] Bluetooth: hci4: command tx timeout [ 408.437610][ C1] vkms_vblank_simulate: vblank timer overrun [ 408.923826][ C1] vkms_vblank_simulate: vblank timer overrun [ 410.259238][ T5857] Bluetooth: hci4: command tx timeout [ 411.045084][ T990] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 411.181996][ T7341] bridge0: port 1(bridge_slave_0) entered blocking state [ 411.183752][ T7341] bridge0: port 1(bridge_slave_0) entered disabled state [ 411.185213][ T7341] bridge_slave_0: entered allmulticast mode [ 411.208859][ T990] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 411.208911][ T990] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 411.208935][ T990] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 411.208956][ T990] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 411.211043][ T990] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 411.211075][ T990] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 411.211086][ T990] usb 5-1: Manufacturer: syz [ 411.227878][ T990] usb 5-1: config 0 descriptor?? [ 411.283225][ T7341] bridge_slave_0: entered promiscuous mode [ 411.793497][ C0] vkms_vblank_simulate: vblank timer overrun [ 411.807524][ T990] usbhid 5-1:0.0: can't add hid device: -71 [ 411.807654][ T990] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 411.825348][ T990] usb 5-1: USB disconnect, device number 5 [ 412.842973][ T7341] bridge0: port 2(bridge_slave_1) entered blocking state [ 412.843203][ T7341] bridge0: port 2(bridge_slave_1) entered disabled state [ 412.843461][ T7341] bridge_slave_1: entered allmulticast mode [ 412.892266][ T7341] bridge_slave_1: entered promiscuous mode [ 414.702703][ T7341] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 414.797299][ T7554] chnl_net:caif_netlink_parms(): no params data found [ 414.815529][ T7341] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 415.333435][ T7341] team0: Port device team_slave_0 added [ 415.478102][ T7341] team0: Port device team_slave_1 added [ 416.029540][ C0] vkms_vblank_simulate: vblank timer overrun [ 416.226227][ T37] audit: type=1326 audit(1757869347.967:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7671 comm="syz.2.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e05f0eba9 code=0x7ffc0000 [ 416.226543][ T37] audit: type=1326 audit(1757869347.977:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7671 comm="syz.2.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e05f0eba9 code=0x7ffc0000 [ 416.226779][ T37] audit: type=1326 audit(1757869347.987:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7671 comm="syz.2.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f3e05f0eba9 code=0x7ffc0000 [ 417.114162][ C0] vkms_vblank_simulate: vblank timer overrun [ 417.200148][ T7676] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 417.322660][ C0] vkms_vblank_simulate: vblank timer overrun [ 418.564040][ C0] vkms_vblank_simulate: vblank timer overrun [ 418.838945][ T7341] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 418.838965][ T7341] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 418.838992][ T7341] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 419.820667][ T5849] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 419.959389][ T5849] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 419.979081][ T5849] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 419.990171][ T7554] bridge0: port 1(bridge_slave_0) entered blocking state [ 419.990345][ T7554] bridge0: port 1(bridge_slave_0) entered disabled state [ 419.990594][ T7554] bridge_slave_0: entered allmulticast mode [ 419.991531][ T5849] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 420.008532][ T7554] bridge_slave_0: entered promiscuous mode [ 420.029360][ T5849] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 420.222628][ C0] vkms_vblank_simulate: vblank timer overrun [ 420.376379][ C0] vkms_vblank_simulate: vblank timer overrun [ 420.386160][ T7709] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 420.495930][ T7554] bridge0: port 2(bridge_slave_1) entered blocking state [ 420.498424][ T7554] bridge0: port 2(bridge_slave_1) entered disabled state [ 420.504374][ T7554] bridge_slave_1: entered allmulticast mode [ 420.566743][ C0] vkms_vblank_simulate: vblank timer overrun [ 420.924686][ C0] vkms_vblank_simulate: vblank timer overrun [ 421.144009][ T7554] bridge_slave_1: entered promiscuous mode [ 421.183759][ T3492] bridge_slave_1: left allmulticast mode [ 421.183795][ T3492] bridge_slave_1: left promiscuous mode [ 421.206944][ T3492] bridge0: port 2(bridge_slave_1) entered disabled state [ 421.447302][ T3492] bridge_slave_0: left allmulticast mode [ 421.447339][ T3492] bridge_slave_0: left promiscuous mode [ 421.447643][ T3492] bridge0: port 1(bridge_slave_0) entered disabled state [ 421.667800][ C0] vkms_vblank_simulate: vblank timer overrun [ 422.082768][ T5849] Bluetooth: hci5: command tx timeout [ 422.326873][ C0] vkms_vblank_simulate: vblank timer overrun [ 422.584194][ T3492] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 422.861600][ T37] audit: type=1326 audit(1757869354.637:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7721 comm="syz.4.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 422.861658][ T37] audit: type=1326 audit(1757869354.637:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7721 comm="syz.4.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 422.861703][ T37] audit: type=1326 audit(1757869354.637:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7721 comm="syz.4.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 422.913539][ T7725] new mount options do not match the existing superblock, will be ignored [ 422.970603][ T37] audit: type=1326 audit(1757869354.747:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7721 comm="syz.4.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 422.970639][ T37] audit: type=1326 audit(1757869354.747:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7721 comm="syz.4.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 423.155143][ C0] vkms_vblank_simulate: vblank timer overrun [ 423.168356][ T3492] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 423.322587][ T3492] bond0 (unregistering): Released all slaves [ 423.563938][ C0] vkms_vblank_simulate: vblank timer overrun [ 424.342373][ T5849] Bluetooth: hci5: command tx timeout [ 424.808247][ T7716] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 425.890661][ T7554] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 426.386006][ T3492] team0 (unregistering): Port device team_slave_1 removed [ 426.402373][ T5849] Bluetooth: hci5: command tx timeout [ 426.650012][ T3492] team0 (unregistering): Port device team_slave_0 removed [ 428.126494][ T7554] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 428.428974][ C1] vkms_vblank_simulate: vblank timer overrun [ 428.488639][ T5849] Bluetooth: hci5: command tx timeout [ 428.507739][ C1] vkms_vblank_simulate: vblank timer overrun [ 429.471008][ C1] vkms_vblank_simulate: vblank timer overrun [ 431.442762][ C0] vkms_vblank_simulate: vblank timer overrun [ 431.584110][ T7554] team0: Port device team_slave_0 added [ 431.742007][ T7554] team0: Port device team_slave_1 added [ 432.317977][ C0] vkms_vblank_simulate: vblank timer overrun [ 433.383121][ C0] vkms_vblank_simulate: vblank timer overrun [ 433.688528][ T7554] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 433.688541][ T7554] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 433.688555][ T7554] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 434.006172][ C0] vkms_vblank_simulate: vblank timer overrun [ 435.108991][ T7554] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 435.109010][ T7554] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 435.109039][ T7554] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 436.357687][ T7827] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 436.358414][ T7827] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 436.370663][ T7827] vhci_hcd vhci_hcd.0: Device attached [ 436.747572][ T7829] vhci_hcd: connection closed [ 437.317466][ T12] vhci_hcd: stop threads [ 437.319110][ T12] vhci_hcd: release socket [ 437.340208][ T12] vhci_hcd: disconnect device [ 437.355954][ T5982] usb 35-1: new high-speed USB device number 2 using vhci_hcd [ 437.362921][ T5982] usb 35-1: enqueue for inactive port 0 [ 437.432475][ T5982] vhci_hcd: vhci_device speed not set [ 438.090926][ T7554] hsr_slave_0: entered promiscuous mode [ 438.120431][ T7554] hsr_slave_1: entered promiscuous mode [ 438.121531][ T7554] debugfs: 'hsr0' already exists in 'hsr' [ 438.121557][ T7554] Cannot create hsr debugfs directory [ 440.331065][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.331152][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.254262][ T3492] bridge_slave_1: left allmulticast mode [ 441.254399][ T3492] bridge_slave_1: left promiscuous mode [ 441.254662][ T3492] bridge0: port 2(bridge_slave_1) entered disabled state [ 441.323944][ T3492] bridge_slave_0: left allmulticast mode [ 441.323979][ T3492] bridge_slave_0: left promiscuous mode [ 441.324289][ T3492] bridge0: port 1(bridge_slave_0) entered disabled state [ 441.495491][ C1] vkms_vblank_simulate: vblank timer overrun [ 441.767758][ C1] vkms_vblank_simulate: vblank timer overrun [ 442.965766][ C1] vkms_vblank_simulate: vblank timer overrun [ 443.048848][ C1] vkms_vblank_simulate: vblank timer overrun [ 444.308576][ C1] vkms_vblank_simulate: vblank timer overrun [ 444.657724][ C1] vkms_vblank_simulate: vblank timer overrun [ 445.142899][ C1] vkms_vblank_simulate: vblank timer overrun [ 445.669494][ C1] vkms_vblank_simulate: vblank timer overrun [ 446.182409][ C1] vkms_vblank_simulate: vblank timer overrun [ 447.138810][ C1] vkms_vblank_simulate: vblank timer overrun [ 447.414430][ C1] vkms_vblank_simulate: vblank timer overrun [ 447.554342][ T3492] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 447.887503][ T3492] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 447.969581][ T3492] bond0 (unregistering): Released all slaves [ 448.197422][ C1] vkms_vblank_simulate: vblank timer overrun [ 449.011335][ C1] vkms_vblank_simulate: vblank timer overrun [ 449.632755][ T7702] chnl_net:caif_netlink_parms(): no params data found [ 449.854322][ T7912] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 452.150173][ T3492] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 455.453287][ T3492] team0 (unregistering): Port device team_slave_1 removed [ 455.711083][ T3492] team0 (unregistering): Port device team_slave_0 removed [ 457.944842][ T5857] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 457.955819][ T5857] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 457.964429][ T5857] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 458.002434][ T5857] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 458.009099][ T5857] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 458.963229][ C0] vkms_vblank_simulate: vblank timer overrun [ 459.386145][ T7970] Bluetooth: MGMT ver 1.23 [ 459.395560][ C0] vkms_vblank_simulate: vblank timer overrun [ 460.182245][ T5857] Bluetooth: hci0: command tx timeout [ 460.497313][ C0] vkms_vblank_simulate: vblank timer overrun [ 460.653462][ C0] vkms_vblank_simulate: vblank timer overrun [ 461.152005][ C0] vkms_vblank_simulate: vblank timer overrun [ 461.574526][ C0] vkms_vblank_simulate: vblank timer overrun [ 461.739249][ T7985] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 462.024544][ C0] vkms_vblank_simulate: vblank timer overrun [ 462.205070][ C0] vkms_vblank_simulate: vblank timer overrun [ 462.242218][ T5857] Bluetooth: hci0: command tx timeout [ 462.859215][ T7702] bridge0: port 1(bridge_slave_0) entered blocking state [ 462.859534][ T7702] bridge0: port 1(bridge_slave_0) entered disabled state [ 462.859793][ T7702] bridge_slave_0: entered allmulticast mode [ 462.922684][ T7702] bridge_slave_0: entered promiscuous mode [ 462.965145][ T7702] bridge0: port 2(bridge_slave_1) entered blocking state [ 462.965291][ T7702] bridge0: port 2(bridge_slave_1) entered disabled state [ 462.966799][ T7702] bridge_slave_1: entered allmulticast mode [ 463.061369][ T7702] bridge_slave_1: entered promiscuous mode [ 464.999932][ T5857] Bluetooth: hci0: command tx timeout [ 465.184704][ T37] audit: type=1326 audit(1757869396.967:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8009 comm="syz.1.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 465.188104][ T37] audit: type=1326 audit(1757869396.967:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8009 comm="syz.1.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 465.188165][ T37] audit: type=1326 audit(1757869396.967:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8009 comm="syz.1.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 465.241272][ T8014] new mount options do not match the existing superblock, will be ignored [ 465.242838][ T8014] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 465.279582][ C0] vkms_vblank_simulate: vblank timer overrun [ 465.482940][ T37] audit: type=1326 audit(1757869397.267:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8009 comm="syz.1.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 465.482994][ T37] audit: type=1326 audit(1757869397.267:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8009 comm="syz.1.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 465.635078][ T7702] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 465.662799][ T7702] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 465.884467][ C0] vkms_vblank_simulate: vblank timer overrun [ 466.034137][ C0] vkms_vblank_simulate: vblank timer overrun [ 466.565353][ C0] vkms_vblank_simulate: vblank timer overrun [ 467.042268][ T5857] Bluetooth: hci0: command tx timeout [ 467.120284][ C0] vkms_vblank_simulate: vblank timer overrun [ 467.122041][ T8014] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 469.484399][ C0] vkms_vblank_simulate: vblank timer overrun [ 470.496074][ T7702] team0: Port device team_slave_0 added [ 470.505674][ T7702] team0: Port device team_slave_1 added [ 471.212388][ C0] vkms_vblank_simulate: vblank timer overrun [ 471.246992][ C0] vkms_vblank_simulate: vblank timer overrun [ 471.277552][ C0] vkms_vblank_simulate: vblank timer overrun [ 471.396956][ C0] vkms_vblank_simulate: vblank timer overrun [ 471.436070][ C0] vkms_vblank_simulate: vblank timer overrun [ 471.466314][ C0] vkms_vblank_simulate: vblank timer overrun [ 471.490269][ C0] vkms_vblank_simulate: vblank timer overrun [ 471.613919][ C0] vkms_vblank_simulate: vblank timer overrun [ 471.745147][ C0] vkms_vblank_simulate: vblank timer overrun [ 472.190809][ T3492] bridge_slave_1: left allmulticast mode [ 472.190847][ T3492] bridge_slave_1: left promiscuous mode [ 472.191131][ T3492] bridge0: port 2(bridge_slave_1) entered disabled state [ 472.301959][ T3492] bridge_slave_0: left allmulticast mode [ 472.302000][ T3492] bridge_slave_0: left promiscuous mode [ 472.316358][ T3492] bridge0: port 1(bridge_slave_0) entered disabled state [ 472.769015][ C0] vkms_vblank_simulate: vblank timer overrun [ 472.944280][ C0] vkms_vblank_simulate: vblank timer overrun [ 474.184311][ T6033] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 474.312249][ T6033] usb 3-1: device descriptor read/64, error -71 [ 474.737383][ C0] vkms_vblank_simulate: vblank timer overrun [ 474.738557][ T6033] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 474.823267][ T3492] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 474.872544][ T6033] usb 3-1: device descriptor read/64, error -71 [ 474.959937][ T3492] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 474.987301][ T6033] usb usb3-port1: attempt power cycle [ 475.101566][ T8072] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 475.108350][ T3492] bond0 (unregistering): Released all slaves [ 475.296232][ T7702] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 475.296254][ T7702] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 475.296283][ T7702] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 475.346926][ T6033] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 475.364939][ T7702] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 475.364959][ T7702] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 475.364988][ T7702] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 475.373240][ T6033] usb 3-1: device descriptor read/8, error -71 [ 475.642174][ C0] vkms_vblank_simulate: vblank timer overrun [ 477.892317][ T3492] hsr_slave_0: left promiscuous mode [ 477.962195][ T3492] hsr_slave_1: left promiscuous mode [ 477.962947][ T3492] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 478.004494][ T3492] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 479.742515][ T5849] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 479.744786][ T5849] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 479.745913][ T5849] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 479.771801][ T5849] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 479.775687][ T5849] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 481.336121][ C0] vkms_vblank_simulate: vblank timer overrun [ 481.848359][ T5857] Bluetooth: hci4: command tx timeout [ 481.953428][ C0] vkms_vblank_simulate: vblank timer overrun [ 482.413596][ C0] vkms_vblank_simulate: vblank timer overrun [ 482.796965][ C0] vkms_vblank_simulate: vblank timer overrun [ 482.844095][ C0] vkms_vblank_simulate: vblank timer overrun [ 482.915068][ C0] vkms_vblank_simulate: vblank timer overrun [ 483.002465][ C0] vkms_vblank_simulate: vblank timer overrun [ 483.172105][ C0] vkms_vblank_simulate: vblank timer overrun [ 483.762617][ T3492] team0 (unregistering): Port device team_slave_1 removed [ 484.552245][ T5857] Bluetooth: hci4: command tx timeout [ 485.156811][ T3492] team0 (unregistering): Port device team_slave_0 removed [ 485.889066][ C0] vkms_vblank_simulate: vblank timer overrun [ 486.562421][ T5857] Bluetooth: hci4: command tx timeout [ 488.556421][ T8132] netlink: 12 bytes leftover after parsing attributes in process `syz.1.402'. [ 489.453705][ T7702] hsr_slave_0: entered promiscuous mode [ 489.455268][ T7702] hsr_slave_1: entered promiscuous mode [ 489.456371][ T7702] debugfs: 'hsr0' already exists in 'hsr' [ 489.456399][ T7702] Cannot create hsr debugfs directory [ 489.547296][ C0] vkms_vblank_simulate: vblank timer overrun [ 489.614842][ T5857] Bluetooth: hci4: command tx timeout [ 490.090818][ C0] vkms_vblank_simulate: vblank timer overrun [ 490.548014][ C0] vkms_vblank_simulate: vblank timer overrun [ 491.168891][ T7961] chnl_net:caif_netlink_parms(): no params data found [ 496.072335][ T7961] bridge0: port 1(bridge_slave_0) entered blocking state [ 496.073658][ T7961] bridge0: port 1(bridge_slave_0) entered disabled state [ 496.073912][ T7961] bridge_slave_0: entered allmulticast mode [ 496.077209][ T7961] bridge_slave_0: entered promiscuous mode [ 496.495032][ T7961] bridge0: port 2(bridge_slave_1) entered blocking state [ 496.532459][ T7961] bridge0: port 2(bridge_slave_1) entered disabled state [ 496.532733][ T7961] bridge_slave_1: entered allmulticast mode [ 496.554630][ T7961] bridge_slave_1: entered promiscuous mode [ 497.142799][ C0] vkms_vblank_simulate: vblank timer overrun [ 497.403162][ C0] vkms_vblank_simulate: vblank timer overrun [ 497.804660][ C0] vkms_vblank_simulate: vblank timer overrun [ 497.951820][ C0] vkms_vblank_simulate: vblank timer overrun [ 498.682540][ C0] vkms_vblank_simulate: vblank timer overrun [ 498.981896][ C0] vkms_vblank_simulate: vblank timer overrun [ 499.827071][ T7961] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 499.852663][ T8091] chnl_net:caif_netlink_parms(): no params data found [ 499.928463][ T7961] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 500.254923][ C0] vkms_vblank_simulate: vblank timer overrun [ 500.707496][ C0] vkms_vblank_simulate: vblank timer overrun [ 500.969952][ C0] vkms_vblank_simulate: vblank timer overrun [ 501.620449][ C0] vkms_vblank_simulate: vblank timer overrun [ 502.483169][ C0] vkms_vblank_simulate: vblank timer overrun [ 502.514481][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.514559][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.753369][ C0] vkms_vblank_simulate: vblank timer overrun [ 503.584109][ T3492] bridge_slave_1: left allmulticast mode [ 503.584146][ T3492] bridge_slave_1: left promiscuous mode [ 503.584439][ T3492] bridge0: port 2(bridge_slave_1) entered disabled state [ 503.752150][ T3492] bridge_slave_0: left allmulticast mode [ 503.752187][ T3492] bridge_slave_0: left promiscuous mode [ 503.752513][ T3492] bridge0: port 1(bridge_slave_0) entered disabled state [ 504.388489][ T5849] Bluetooth: hci1: unexpected event for opcode 0x0c7b [ 504.794787][ T3492] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 504.913039][ T3492] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 505.007046][ T3492] bond0 (unregistering): Released all slaves [ 505.260834][ T7961] team0: Port device team_slave_0 added [ 505.535210][ C0] vkms_vblank_simulate: vblank timer overrun [ 505.560415][ T7961] team0: Port device team_slave_1 added [ 505.981403][ C0] vkms_vblank_simulate: vblank timer overrun [ 508.405109][ T5849] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 508.405239][ T5849] Bluetooth: hci1: Injecting HCI hardware error event [ 508.407183][ T5849] Bluetooth: hci1: hardware error 0x00 [ 508.740897][ T3492] hsr_slave_0: left promiscuous mode [ 508.773682][ T3492] hsr_slave_1: left promiscuous mode [ 508.783979][ T3492] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 508.882124][ T3492] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 511.097370][ T5849] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 511.148366][ T3492] team0 (unregistering): Port device team_slave_1 removed [ 511.424049][ C0] vkms_vblank_simulate: vblank timer overrun [ 511.546593][ C0] vkms_vblank_simulate: vblank timer overrun [ 512.547501][ C0] vkms_vblank_simulate: vblank timer overrun [ 512.578937][ C0] vkms_vblank_simulate: vblank timer overrun [ 512.895291][ T3492] team0 (unregistering): Port device team_slave_0 removed [ 513.906841][ T8265] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 513.909259][ T8265] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 513.923560][ T8265] vhci_hcd vhci_hcd.0: Device attached [ 514.896716][ T31] usb 37-1: new high-speed USB device number 2 using vhci_hcd [ 514.967682][ T8267] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 514.984932][ T8266] vhci_hcd: connection closed [ 514.999911][ T67] vhci_hcd: stop threads [ 514.999985][ T67] vhci_hcd: release socket [ 515.006208][ T67] vhci_hcd: disconnect device [ 516.546871][ C0] vkms_vblank_simulate: vblank timer overrun [ 517.334916][ T7961] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 517.334945][ T7961] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 517.334971][ T7961] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 517.546990][ C0] vkms_vblank_simulate: vblank timer overrun [ 518.229686][ C0] vkms_vblank_simulate: vblank timer overrun [ 518.366612][ T8091] bridge0: port 1(bridge_slave_0) entered blocking state [ 518.366779][ T8091] bridge0: port 1(bridge_slave_0) entered disabled state [ 518.366997][ T8091] bridge_slave_0: entered allmulticast mode [ 518.407067][ T8091] bridge_slave_0: entered promiscuous mode [ 518.586033][ C0] vkms_vblank_simulate: vblank timer overrun [ 518.624389][ T8091] bridge0: port 2(bridge_slave_1) entered blocking state [ 518.642299][ T8091] bridge0: port 2(bridge_slave_1) entered disabled state [ 518.642640][ T8091] bridge_slave_1: entered allmulticast mode [ 518.647861][ T8091] bridge_slave_1: entered promiscuous mode [ 518.754740][ C0] vkms_vblank_simulate: vblank timer overrun [ 518.903511][ T8286] new mount options do not match the existing superblock, will be ignored [ 518.911921][ C0] vkms_vblank_simulate: vblank timer overrun [ 518.947510][ T37] audit: type=1326 audit(1757869450.517:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8281 comm="syz.4.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 518.947924][ T37] audit: type=1326 audit(1757869450.517:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8281 comm="syz.4.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 518.948151][ T37] audit: type=1326 audit(1757869450.517:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8281 comm="syz.4.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 519.737521][ C0] vkms_vblank_simulate: vblank timer overrun [ 520.162402][ T31] vhci_hcd: vhci_device speed not set [ 520.219599][ T5857] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 520.249116][ T5857] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 520.262410][ T5857] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 520.286936][ T5857] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 520.294777][ T5857] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 520.926297][ C0] vkms_vblank_simulate: vblank timer overrun [ 521.775015][ T8091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 521.811129][ T8091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 522.407821][ T5849] Bluetooth: hci5: command tx timeout [ 523.091790][ T8091] team0: Port device team_slave_0 added [ 523.804646][ T8091] team0: Port device team_slave_1 added [ 524.502292][ T5849] Bluetooth: hci5: command tx timeout [ 524.569790][ T8091] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 524.569809][ T8091] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 524.569837][ T8091] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 524.890879][ T8091] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 524.890898][ T8091] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 524.890929][ T8091] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 525.467656][ T8314] netlink: 'syz.1.440': attribute type 1 has an invalid length. [ 525.467673][ T8314] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.440'. [ 525.825617][ T8091] hsr_slave_0: entered promiscuous mode [ 525.843959][ T8091] hsr_slave_1: entered promiscuous mode [ 525.848330][ T8091] debugfs: 'hsr0' already exists in 'hsr' [ 525.848352][ T8091] Cannot create hsr debugfs directory [ 526.187129][ T3492] bridge_slave_1: left allmulticast mode [ 526.187165][ T3492] bridge_slave_1: left promiscuous mode [ 526.187472][ T3492] bridge0: port 2(bridge_slave_1) entered disabled state [ 526.314217][ T3492] bridge_slave_0: left allmulticast mode [ 526.314255][ T3492] bridge_slave_0: left promiscuous mode [ 526.314624][ T3492] bridge0: port 1(bridge_slave_0) entered disabled state [ 526.562324][ T5849] Bluetooth: hci5: command tx timeout [ 528.213979][ T3492] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 528.751500][ T5849] Bluetooth: hci5: command tx timeout [ 528.764117][ T3492] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 529.033347][ T3492] bond0 (unregistering): Released all slaves [ 529.218639][ T37] audit: type=1326 audit(1757869460.947:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8331 comm="syz.1.445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 529.220522][ T37] audit: type=1326 audit(1757869460.947:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8331 comm="syz.1.445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 529.220853][ T37] audit: type=1326 audit(1757869460.957:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8331 comm="syz.1.445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 529.344461][ T8335] new mount options do not match the existing superblock, will be ignored [ 530.052908][ T8334] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR [ 530.397792][ T8340] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5) [ 530.397824][ T8340] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 530.397908][ T8340] vhci_hcd vhci_hcd.0: Device attached [ 531.444136][ T8341] vhci_hcd: connection closed [ 531.793456][ T1476] vhci_hcd: stop threads [ 531.793480][ T1476] vhci_hcd: release socket [ 531.796628][ T1476] vhci_hcd: disconnect device [ 534.533133][ T3492] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 535.826789][ T3492] team0 (unregistering): Port device team_slave_1 removed [ 536.334851][ T3492] team0 (unregistering): Port device team_slave_0 removed [ 537.064215][ C0] vkms_vblank_simulate: vblank timer overrun [ 537.547400][ C0] vkms_vblank_simulate: vblank timer overrun [ 538.183857][ C0] vkms_vblank_simulate: vblank timer overrun [ 538.654248][ C0] vkms_vblank_simulate: vblank timer overrun [ 539.831021][ C0] vkms_vblank_simulate: vblank timer overrun [ 540.139323][ T8297] chnl_net:caif_netlink_parms(): no params data found [ 544.847800][ T8297] bridge0: port 1(bridge_slave_0) entered blocking state [ 544.847962][ T8297] bridge0: port 1(bridge_slave_0) entered disabled state [ 544.848200][ T8297] bridge_slave_0: entered allmulticast mode [ 544.851511][ T8297] bridge_slave_0: entered promiscuous mode [ 544.885669][ T8297] bridge0: port 2(bridge_slave_1) entered blocking state [ 544.885914][ T8297] bridge0: port 2(bridge_slave_1) entered disabled state [ 544.886159][ T8297] bridge_slave_1: entered allmulticast mode [ 544.889907][ T8297] bridge_slave_1: entered promiscuous mode [ 545.059322][ T8399] netlink: 8 bytes leftover after parsing attributes in process `syz.2.458'. [ 545.375688][ T5857] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 545.473637][ C1] vkms_vblank_simulate: vblank timer overrun [ 545.476076][ T5857] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 545.479997][ T5857] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 545.491257][ T5857] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 545.494360][ T5857] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 545.778830][ T8410] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5) [ 545.779066][ T8410] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 545.781825][ T8410] vhci_hcd vhci_hcd.0: Device attached [ 546.784327][ T8411] vhci_hcd: connection closed [ 546.848349][ T67] vhci_hcd: stop threads [ 546.848372][ T67] vhci_hcd: release socket [ 546.856986][ T67] vhci_hcd: disconnect device [ 546.871356][ T5933] usb 41-1: new high-speed USB device number 2 using vhci_hcd [ 546.876752][ T5933] usb 41-1: enqueue for inactive port 0 [ 546.948153][ T5933] vhci_hcd: vhci_device speed not set [ 547.386102][ T8297] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 547.652404][ T5857] Bluetooth: hci0: command tx timeout [ 547.694048][ C1] vkms_vblank_simulate: vblank timer overrun [ 547.754081][ T8297] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 547.918345][ C1] vkms_vblank_simulate: vblank timer overrun [ 547.937981][ T37] audit: type=1326 audit(1757869479.667:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8415 comm="syz.4.462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 547.938361][ T37] audit: type=1326 audit(1757869479.667:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8415 comm="syz.4.462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 547.938637][ T37] audit: type=1326 audit(1757869479.687:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8415 comm="syz.4.462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 548.068051][ T8421] new mount options do not match the existing superblock, will be ignored [ 548.091563][ T8421] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 548.192336][ C1] vkms_vblank_simulate: vblank timer overrun [ 548.356435][ C1] vkms_vblank_simulate: vblank timer overrun [ 548.779899][ C1] vkms_vblank_simulate: vblank timer overrun [ 548.916452][ T8419] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/nullb0": -EINTR [ 549.088912][ C1] vkms_vblank_simulate: vblank timer overrun [ 549.394178][ T8297] team0: Port device team_slave_0 added [ 549.398357][ T8297] team0: Port device team_slave_1 added [ 549.682353][ T5857] Bluetooth: hci0: command tx timeout [ 550.186980][ C1] vkms_vblank_simulate: vblank timer overrun [ 550.472954][ T8297] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 550.472972][ T8297] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 550.473003][ T8297] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 550.535714][ T8297] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 550.535733][ T8297] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 550.535762][ T8297] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 551.193695][ T3492] bridge_slave_1: left allmulticast mode [ 551.193732][ T3492] bridge_slave_1: left promiscuous mode [ 551.194028][ T3492] bridge0: port 2(bridge_slave_1) entered disabled state [ 551.299591][ T3492] bridge_slave_0: left allmulticast mode [ 551.299632][ T3492] bridge_slave_0: left promiscuous mode [ 551.300021][ T3492] bridge0: port 1(bridge_slave_0) entered disabled state [ 551.766715][ T5857] Bluetooth: hci0: command tx timeout [ 552.049082][ T3492] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 552.195167][ T3492] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 552.389784][ T3492] bond0 (unregistering): Released all slaves [ 552.739467][ C0] vkms_vblank_simulate: vblank timer overrun [ 552.751801][ T8444] Bluetooth: MGMT ver 1.23 [ 553.048836][ T8297] hsr_slave_0: entered promiscuous mode [ 553.052601][ T8297] hsr_slave_1: entered promiscuous mode [ 553.053800][ T8297] debugfs: 'hsr0' already exists in 'hsr' [ 553.053936][ T8297] Cannot create hsr debugfs directory [ 553.316089][ C0] vkms_vblank_simulate: vblank timer overrun [ 554.409691][ C0] vkms_vblank_simulate: vblank timer overrun [ 554.410430][ T5857] Bluetooth: hci0: command tx timeout [ 555.342337][ T3492] hsr_slave_0: left promiscuous mode [ 555.374416][ T3492] hsr_slave_1: left promiscuous mode [ 555.375105][ T3492] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 555.466414][ T3492] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 560.131907][ T3492] team0 (unregistering): Port device team_slave_1 removed [ 560.479841][ T3492] team0 (unregistering): Port device team_slave_0 removed [ 562.403346][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.461488][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.495438][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.495490][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.524377][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.578469][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.645277][ C0] vkms_vblank_simulate: vblank timer overrun [ 566.336838][ T8405] chnl_net:caif_netlink_parms(): no params data found [ 566.453604][ T8498] netlink: 'syz.4.482': attribute type 1 has an invalid length. [ 566.453620][ T8498] netlink: 168864 bytes leftover after parsing attributes in process `syz.4.482'. [ 566.929448][ C0] vkms_vblank_simulate: vblank timer overrun [ 566.954612][ C0] vkms_vblank_simulate: vblank timer overrun [ 567.150877][ T8297] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 567.362318][ T8297] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 567.779316][ T37] audit: type=1326 audit(1757869499.517:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8508 comm="syz.2.484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e05f0eba9 code=0x7ffc0000 [ 567.779717][ T37] audit: type=1326 audit(1757869499.517:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8508 comm="syz.2.484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e05f0eba9 code=0x7ffc0000 [ 567.780058][ T37] audit: type=1326 audit(1757869499.537:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8508 comm="syz.2.484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f3e05f0eba9 code=0x7ffc0000 [ 567.919814][ T8514] new mount options do not match the existing superblock, will be ignored [ 567.955252][ T8514] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 569.154447][ T8297] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 570.611820][ T8297] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 570.719883][ T8405] bridge0: port 1(bridge_slave_0) entered blocking state [ 570.720065][ T8405] bridge0: port 1(bridge_slave_0) entered disabled state [ 570.720323][ T8405] bridge_slave_0: entered allmulticast mode [ 570.731423][ T8405] bridge_slave_0: entered promiscuous mode [ 570.788868][ T8405] bridge0: port 2(bridge_slave_1) entered blocking state [ 570.789042][ T8405] bridge0: port 2(bridge_slave_1) entered disabled state [ 570.789321][ T8405] bridge_slave_1: entered allmulticast mode [ 570.795374][ T8405] bridge_slave_1: entered promiscuous mode [ 572.606483][ C1] vkms_vblank_simulate: vblank timer overrun [ 572.737453][ C1] vkms_vblank_simulate: vblank timer overrun [ 573.166250][ C1] vkms_vblank_simulate: vblank timer overrun [ 573.199576][ C1] vkms_vblank_simulate: vblank timer overrun [ 573.395990][ C1] vkms_vblank_simulate: vblank timer overrun [ 573.441691][ C1] vkms_vblank_simulate: vblank timer overrun [ 574.180692][ C1] vkms_vblank_simulate: vblank timer overrun [ 574.366768][ T8405] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 574.387416][ T8405] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 574.720538][ C1] vkms_vblank_simulate: vblank timer overrun [ 575.728233][ C1] vkms_vblank_simulate: vblank timer overrun [ 575.837106][ C1] vkms_vblank_simulate: vblank timer overrun [ 577.939732][ C1] vkms_vblank_simulate: vblank timer overrun [ 579.955484][ T8405] team0: Port device team_slave_0 added [ 579.960192][ T8405] team0: Port device team_slave_1 added [ 581.623942][ T8405] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 581.623962][ T8405] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 581.623991][ T8405] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 581.627036][ T8405] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 581.627051][ T8405] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 581.627080][ T8405] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 582.089566][ T5849] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 582.108910][ T5849] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 582.110348][ T5849] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 582.111854][ T5849] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 582.117686][ T5849] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 582.202322][ T31] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 582.253527][ T8405] hsr_slave_0: entered promiscuous mode [ 582.255076][ T8405] hsr_slave_1: entered promiscuous mode [ 582.256083][ T8405] debugfs: 'hsr0' already exists in 'hsr' [ 582.256110][ T8405] Cannot create hsr debugfs directory [ 582.355543][ T31] usb 2-1: config 6 has an invalid interface number: 2 but max is 0 [ 582.355573][ T31] usb 2-1: config 6 has no interface number 0 [ 582.355630][ T31] usb 2-1: config 6 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 582.355653][ T31] usb 2-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 582.355681][ T31] usb 2-1: config 6 interface 2 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 582.355707][ T31] usb 2-1: config 6 interface 2 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 582.359129][ T31] usb 2-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 582.359158][ T31] usb 2-1: New USB device strings: Mfr=17, Product=2, SerialNumber=3 [ 582.359178][ T31] usb 2-1: Product: syz [ 582.359193][ T31] usb 2-1: Manufacturer: syz [ 582.359207][ T31] usb 2-1: SerialNumber: syz [ 582.504495][ T31] hso 2-1:6.2: Failed to find BULK IN ep [ 583.151644][ T8584] block nbd1: Attempted send on invalid socket [ 583.151698][ T8584] I/O error, dev nbd1, sector 128 op 0x0:(READ) flags 0x1800 phys_seg 1 prio class 1 [ 583.151748][ T8584] gfs2: error -5 reading superblock [ 583.297008][ T31] usb 2-1: USB disconnect, device number 4 [ 584.313873][ T5857] Bluetooth: hci4: command tx timeout [ 585.813557][ C1] vkms_vblank_simulate: vblank timer overrun [ 586.097483][ C1] vkms_vblank_simulate: vblank timer overrun [ 586.322320][ T5857] Bluetooth: hci4: command tx timeout [ 586.448532][ C1] vkms_vblank_simulate: vblank timer overrun [ 586.627315][ C1] vkms_vblank_simulate: vblank timer overrun [ 586.925728][ C1] vkms_vblank_simulate: vblank timer overrun [ 587.069209][ C1] vkms_vblank_simulate: vblank timer overrun [ 587.647210][ C1] vkms_vblank_simulate: vblank timer overrun [ 589.030781][ C1] vkms_vblank_simulate: vblank timer overrun [ 589.041597][ T5857] Bluetooth: hci4: command tx timeout [ 589.385417][ C1] vkms_vblank_simulate: vblank timer overrun [ 590.175570][ C1] vkms_vblank_simulate: vblank timer overrun [ 591.195576][ T5849] Bluetooth: hci4: command tx timeout [ 593.548676][ C0] vkms_vblank_simulate: vblank timer overrun [ 593.931550][ C0] vkms_vblank_simulate: vblank timer overrun [ 594.446678][ T8405] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 594.600759][ T8405] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 594.650300][ T8405] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 594.963159][ T8587] chnl_net:caif_netlink_parms(): no params data found [ 595.122303][ T8405] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 596.127557][ C0] vkms_vblank_simulate: vblank timer overrun [ 596.887845][ C0] vkms_vblank_simulate: vblank timer overrun [ 597.548456][ C0] vkms_vblank_simulate: vblank timer overrun [ 598.575783][ T13] bridge_slave_1: left allmulticast mode [ 598.575822][ T13] bridge_slave_1: left promiscuous mode [ 598.576157][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 598.900689][ T13] bridge_slave_0: left allmulticast mode [ 598.900728][ T13] bridge_slave_0: left promiscuous mode [ 598.901070][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 600.907607][ C0] vkms_vblank_simulate: vblank timer overrun [ 601.548458][ C0] vkms_vblank_simulate: vblank timer overrun [ 602.200571][ C0] vkms_vblank_simulate: vblank timer overrun [ 602.496256][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 602.569013][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 602.640676][ T13] bond0 (unregistering): Released all slaves [ 602.936997][ T8587] bridge0: port 1(bridge_slave_0) entered blocking state [ 602.937116][ T8587] bridge0: port 1(bridge_slave_0) entered disabled state [ 602.937290][ T8587] bridge_slave_0: entered allmulticast mode [ 602.939617][ T8587] bridge_slave_0: entered promiscuous mode [ 603.002605][ T8587] bridge0: port 2(bridge_slave_1) entered blocking state [ 603.002748][ T8587] bridge0: port 2(bridge_slave_1) entered disabled state [ 603.002961][ T8587] bridge_slave_1: entered allmulticast mode [ 603.005426][ T8587] bridge_slave_1: entered promiscuous mode [ 603.351954][ C0] vkms_vblank_simulate: vblank timer overrun [ 603.466828][ C0] vkms_vblank_simulate: vblank timer overrun [ 604.335064][ C0] vkms_vblank_simulate: vblank timer overrun [ 605.257389][ T13] hsr_slave_0: left promiscuous mode [ 605.307011][ T13] hsr_slave_1: left promiscuous mode [ 605.312550][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 605.548088][ C0] vkms_vblank_simulate: vblank timer overrun [ 606.139734][ C0] vkms_vblank_simulate: vblank timer overrun [ 606.587100][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 606.673751][ T5857] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 606.686592][ T5857] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 606.688704][ T5857] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 606.690144][ T5857] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 606.691087][ T5857] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 608.742439][ T5857] Bluetooth: hci5: command tx timeout [ 610.830839][ T5857] Bluetooth: hci5: command tx timeout [ 611.255174][ C0] vkms_vblank_simulate: vblank timer overrun [ 611.423214][ C0] vkms_vblank_simulate: vblank timer overrun [ 612.209121][ C0] vkms_vblank_simulate: vblank timer overrun [ 612.892128][ T5857] Bluetooth: hci5: command tx timeout [ 613.102833][ T13] team0 (unregistering): Port device team_slave_1 removed [ 613.323118][ T13] team0 (unregistering): Port device team_slave_0 removed [ 613.600773][ T8746] /dev/nullb0: Can't open blockdev [ 613.606719][ T8746] new mount options do not match the existing superblock, will be ignored [ 613.666484][ T37] audit: type=1326 audit(1757869545.377:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8738 comm="syz.1.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 613.666531][ T37] audit: type=1326 audit(1757869545.377:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8738 comm="syz.1.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 613.666559][ T37] audit: type=1326 audit(1757869545.377:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8738 comm="syz.1.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 613.666585][ T37] audit: type=1326 audit(1757869545.387:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8738 comm="syz.1.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=315 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 613.666610][ T37] audit: type=1326 audit(1757869545.387:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8738 comm="syz.1.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 613.666634][ T37] audit: type=1326 audit(1757869545.387:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8738 comm="syz.1.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 613.666658][ T37] audit: type=1326 audit(1757869545.387:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8738 comm="syz.1.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 613.666683][ T37] audit: type=1326 audit(1757869545.387:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8738 comm="syz.1.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 613.666715][ T37] audit: type=1326 audit(1757869545.387:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8738 comm="syz.1.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 613.666740][ T37] audit: type=1326 audit(1757869545.387:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8738 comm="syz.1.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 614.962247][ T5857] Bluetooth: hci5: command tx timeout [ 615.768635][ T8587] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 616.204401][ T8587] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 616.849534][ T8587] team0: Port device team_slave_0 added [ 616.972141][ T8587] team0: Port device team_slave_1 added [ 617.953616][ T8587] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 617.953635][ T8587] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 617.953665][ T8587] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 618.018803][ T8587] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 618.018824][ T8587] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 618.018855][ T8587] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 619.392409][ T8780] netlink: 72 bytes leftover after parsing attributes in process `syz.1.543'. [ 619.938972][ C0] vkms_vblank_simulate: vblank timer overrun [ 620.359491][ T8587] hsr_slave_0: entered promiscuous mode [ 620.364846][ T8587] hsr_slave_1: entered promiscuous mode [ 620.367494][ T8587] debugfs: 'hsr0' already exists in 'hsr' [ 620.367518][ T8587] Cannot create hsr debugfs directory [ 620.563770][ C0] vkms_vblank_simulate: vblank timer overrun [ 621.564330][ C0] vkms_vblank_simulate: vblank timer overrun [ 624.785591][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.785651][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 635.497909][ T8703] chnl_net:caif_netlink_parms(): no params data found [ 641.616632][ T8703] bridge0: port 1(bridge_slave_0) entered blocking state [ 641.616811][ T8703] bridge0: port 1(bridge_slave_0) entered disabled state [ 641.617084][ T8703] bridge_slave_0: entered allmulticast mode [ 641.620338][ T8703] bridge_slave_0: entered promiscuous mode [ 642.119823][ T8703] bridge0: port 2(bridge_slave_1) entered blocking state [ 642.119993][ T8703] bridge0: port 2(bridge_slave_1) entered disabled state [ 642.120257][ T8703] bridge_slave_1: entered allmulticast mode [ 642.163900][ T8703] bridge_slave_1: entered promiscuous mode [ 642.499850][ T8901] netlink: 8 bytes leftover after parsing attributes in process `syz.4.567'. [ 642.878385][ T5849] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 642.894170][ T5849] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 642.897589][ T5849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 642.899563][ T5849] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 642.900974][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 643.096907][ T8703] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 643.239385][ T8703] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 644.583298][ T13] bridge_slave_1: left allmulticast mode [ 644.583325][ T13] bridge_slave_1: left promiscuous mode [ 644.583520][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 644.724206][ T13] bridge_slave_0: left allmulticast mode [ 644.724244][ T13] bridge_slave_0: left promiscuous mode [ 644.724631][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 645.042718][ T5857] Bluetooth: hci0: command tx timeout [ 646.287605][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 646.659963][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 646.768479][ T13] bond0 (unregistering): Released all slaves [ 647.134467][ T5857] Bluetooth: hci0: command tx timeout [ 647.260690][ T8703] team0: Port device team_slave_0 added [ 648.318791][ T8703] team0: Port device team_slave_1 added [ 648.603486][ T13] hsr_slave_0: left promiscuous mode [ 648.659267][ T13] hsr_slave_1: left promiscuous mode [ 648.702235][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 648.797105][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 649.205356][ T5857] Bluetooth: hci0: command tx timeout [ 649.775901][ C1] vkms_vblank_simulate: vblank timer overrun [ 650.006076][ C1] vkms_vblank_simulate: vblank timer overrun [ 650.905386][ C1] vkms_vblank_simulate: vblank timer overrun [ 651.009726][ C1] vkms_vblank_simulate: vblank timer overrun [ 651.282267][ T5857] Bluetooth: hci0: command tx timeout [ 651.868891][ C1] vkms_vblank_simulate: vblank timer overrun [ 653.346060][ C1] vkms_vblank_simulate: vblank timer overrun [ 653.429317][ C1] vkms_vblank_simulate: vblank timer overrun [ 653.799291][ C1] vkms_vblank_simulate: vblank timer overrun [ 654.649654][ C1] vkms_vblank_simulate: vblank timer overrun [ 654.889963][ T13] team0 (unregistering): Port device team_slave_1 removed [ 654.935996][ C1] vkms_vblank_simulate: vblank timer overrun [ 655.188233][ T13] team0 (unregistering): Port device team_slave_0 removed [ 655.258957][ C1] vkms_vblank_simulate: vblank timer overrun [ 657.636057][ T8703] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 657.636073][ T8703] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 657.636096][ T8703] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 657.653075][ T8703] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 657.653093][ T8703] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 657.653130][ T8703] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 658.189332][ C0] vkms_vblank_simulate: vblank timer overrun [ 659.243265][ C0] vkms_vblank_simulate: vblank timer overrun [ 659.314004][ T8977] netlink: 96 bytes leftover after parsing attributes in process `syz.1.582'. [ 659.733351][ T8703] hsr_slave_0: entered promiscuous mode [ 659.734916][ T8703] hsr_slave_1: entered promiscuous mode [ 659.735958][ T8703] debugfs: 'hsr0' already exists in 'hsr' [ 659.735985][ T8703] Cannot create hsr debugfs directory [ 659.969655][ C0] vkms_vblank_simulate: vblank timer overrun [ 661.015717][ C0] vkms_vblank_simulate: vblank timer overrun [ 664.537581][ T13] bridge_slave_1: left allmulticast mode [ 664.537618][ T13] bridge_slave_1: left promiscuous mode [ 664.537856][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 664.687927][ T13] bridge_slave_0: left allmulticast mode [ 664.687963][ T13] bridge_slave_0: left promiscuous mode [ 664.688280][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 668.120631][ T9036] netlink: 8 bytes leftover after parsing attributes in process `syz.4.593'. [ 668.329097][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 668.597170][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 668.706550][ T5849] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 668.710909][ T5849] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 668.711925][ T5849] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 668.748225][ T5849] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 668.751228][ T5849] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 668.985227][ T13] bond0 (unregistering): Released all slaves [ 669.615294][ T8902] chnl_net:caif_netlink_parms(): no params data found [ 669.852363][ T13] hsr_slave_0: left promiscuous mode [ 669.892889][ T13] hsr_slave_1: left promiscuous mode [ 669.895040][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 669.917748][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 670.802312][ T5857] Bluetooth: hci4: command tx timeout [ 671.418660][ T5933] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 671.594238][ T5933] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 671.594279][ T5933] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 671.594292][ T5933] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 671.597800][ T5933] usb 3-1: config 0 descriptor?? [ 671.636821][ T5933] pwc: Askey VC010 type 2 USB webcam detected. [ 672.882134][ T5857] Bluetooth: hci4: command tx timeout [ 672.894774][ T5933] pwc: recv_control_msg error -32 req 02 val 2b00 [ 672.895868][ T5933] pwc: recv_control_msg error -32 req 02 val 2700 [ 672.896630][ T5933] pwc: recv_control_msg error -32 req 02 val 2c00 [ 672.897394][ T5933] pwc: recv_control_msg error -32 req 04 val 1000 [ 672.898143][ T5933] pwc: recv_control_msg error -32 req 04 val 1300 [ 673.100287][ T5933] pwc: recv_control_msg error -71 req 02 val 2000 [ 673.100917][ T5933] pwc: recv_control_msg error -71 req 02 val 2100 [ 673.101440][ T5933] pwc: recv_control_msg error -71 req 04 val 1500 [ 673.102304][ T5933] pwc: recv_control_msg error -71 req 02 val 2500 [ 673.102719][ T5933] pwc: recv_control_msg error -71 req 02 val 2400 [ 673.103153][ T5933] pwc: recv_control_msg error -71 req 02 val 2600 [ 673.103683][ T5933] pwc: recv_control_msg error -71 req 02 val 2900 [ 673.104076][ T5933] pwc: recv_control_msg error -71 req 02 val 2800 [ 673.104640][ T5933] pwc: recv_control_msg error -71 req 04 val 1100 [ 673.105014][ T5933] pwc: recv_control_msg error -71 req 04 val 1200 [ 673.174079][ T5933] pwc: Registered as video103. [ 673.178708][ T5933] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input5 [ 673.217839][ T5933] usb 3-1: USB disconnect, device number 8 [ 673.346198][ T13] team0 (unregistering): Port device team_slave_1 removed [ 673.614273][ T13] team0 (unregistering): Port device team_slave_0 removed [ 674.973895][ T5857] Bluetooth: hci4: command tx timeout [ 675.573199][ T5931] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 675.722178][ T5931] usb 2-1: Using ep0 maxpacket: 16 [ 675.723902][ T5931] usb 2-1: config 0 has an invalid descriptor of length 198, skipping remainder of the config [ 675.723928][ T5931] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 40, using maximum allowed: 30 [ 675.723952][ T5931] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 40 [ 675.723976][ T5931] usb 2-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 675.723989][ T5931] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 675.876526][ T5931] usb 2-1: config 0 descriptor?? [ 677.068945][ T5857] Bluetooth: hci4: command tx timeout [ 678.504158][ T8902] bridge0: port 1(bridge_slave_0) entered blocking state [ 678.504340][ T8902] bridge0: port 1(bridge_slave_0) entered disabled state [ 678.504615][ T8902] bridge_slave_0: entered allmulticast mode [ 678.538643][ T8902] bridge_slave_0: entered promiscuous mode [ 678.742682][ T5931] usb 2-1: string descriptor 0 read error: -71 [ 678.754644][ T5931] usb 2-1: USB disconnect, device number 5 [ 678.847751][ T8902] bridge0: port 2(bridge_slave_1) entered blocking state [ 678.847928][ T8902] bridge0: port 2(bridge_slave_1) entered disabled state [ 678.848180][ T8902] bridge_slave_1: entered allmulticast mode [ 678.881802][ T8902] bridge_slave_1: entered promiscuous mode [ 679.680976][ T9083] netlink: 8 bytes leftover after parsing attributes in process `syz.1.603'. [ 679.997276][ T8902] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 680.031686][ T8902] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 680.676943][ C1] vkms_vblank_simulate: vblank timer overrun [ 680.761384][ T13] bridge_slave_1: left allmulticast mode [ 680.761420][ T13] bridge_slave_1: left promiscuous mode [ 680.761694][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 680.896712][ T13] bridge_slave_0: left allmulticast mode [ 680.896738][ T13] bridge_slave_0: left promiscuous mode [ 680.896954][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 681.256439][ C1] vkms_vblank_simulate: vblank timer overrun [ 682.314345][ C1] vkms_vblank_simulate: vblank timer overrun [ 682.392712][ C1] vkms_vblank_simulate: vblank timer overrun [ 683.217740][ C1] vkms_vblank_simulate: vblank timer overrun [ 683.382948][ C1] vkms_vblank_simulate: vblank timer overrun [ 684.358082][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 684.442639][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 684.563321][ T13] bond0 (unregistering): Released all slaves [ 684.697078][ T8902] team0: Port device team_slave_0 added [ 684.811134][ T8902] team0: Port device team_slave_1 added [ 685.286672][ T13] hsr_slave_0: left promiscuous mode [ 685.302241][ T13] hsr_slave_1: left promiscuous mode [ 685.303349][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 685.343178][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 686.127753][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.127834][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.821507][ C0] vkms_vblank_simulate: vblank timer overrun [ 688.967797][ C0] vkms_vblank_simulate: vblank timer overrun [ 689.797666][ C0] vkms_vblank_simulate: vblank timer overrun [ 690.074522][ C0] vkms_vblank_simulate: vblank timer overrun [ 690.139186][ C0] vkms_vblank_simulate: vblank timer overrun [ 690.180403][ C0] vkms_vblank_simulate: vblank timer overrun [ 690.307775][ T13] team0 (unregistering): Port device team_slave_1 removed [ 690.532981][ T13] team0 (unregistering): Port device team_slave_0 removed [ 691.221066][ C0] vkms_vblank_simulate: vblank timer overrun [ 691.304013][ C0] vkms_vblank_simulate: vblank timer overrun [ 691.373269][ C0] vkms_vblank_simulate: vblank timer overrun [ 691.442880][ C0] vkms_vblank_simulate: vblank timer overrun [ 692.217217][ T37] audit: type=1326 audit(1757869623.987:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9136 comm="syz.1.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 692.217576][ T37] audit: type=1326 audit(1757869623.987:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9136 comm="syz.1.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 692.217828][ T37] audit: type=1326 audit(1757869623.987:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9136 comm="syz.1.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 692.275572][ C0] vkms_vblank_simulate: vblank timer overrun [ 692.334576][ T9142] new mount options do not match the existing superblock, will be ignored [ 692.775422][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.222216][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.250208][ T37] audit: type=1326 audit(1757869625.027:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9136 comm="syz.1.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 693.250271][ T37] audit: type=1326 audit(1757869625.027:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9136 comm="syz.1.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 693.587137][ T8902] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 693.587158][ T8902] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 693.587187][ T8902] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 693.674955][ T8902] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 693.674974][ T8902] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 693.675004][ T8902] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 693.947519][ T5932] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 694.722096][ T5932] usb 2-1: Using ep0 maxpacket: 16 [ 694.726883][ T5932] usb 2-1: config 0 has an invalid descriptor of length 198, skipping remainder of the config [ 694.729346][ T5932] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 40, using maximum allowed: 30 [ 694.729398][ T5932] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 40 [ 694.729444][ T5932] usb 2-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 694.729467][ T5932] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 694.844731][ T5932] usb 2-1: config 0 descriptor?? [ 695.398457][ T8902] hsr_slave_0: entered promiscuous mode [ 695.399970][ T8902] hsr_slave_1: entered promiscuous mode [ 695.406399][ T8902] debugfs: 'hsr0' already exists in 'hsr' [ 695.406429][ T8902] Cannot create hsr debugfs directory [ 695.407078][ T9038] chnl_net:caif_netlink_parms(): no params data found [ 697.832599][ T5932] usb 2-1: string descriptor 0 read error: -71 [ 697.892732][ T5932] usb 2-1: USB disconnect, device number 6 [ 699.672072][ C1] vkms_vblank_simulate: vblank timer overrun [ 699.704001][ T9038] bridge0: port 1(bridge_slave_0) entered blocking state [ 699.704187][ T9038] bridge0: port 1(bridge_slave_0) entered disabled state [ 699.704442][ T9038] bridge_slave_0: entered allmulticast mode [ 699.707748][ T9038] bridge_slave_0: entered promiscuous mode [ 699.797456][ T9186] new mount options do not match the existing superblock, will be ignored [ 699.800061][ T37] audit: type=1326 audit(1757869631.577:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9183 comm="syz.4.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 699.800788][ T37] audit: type=1326 audit(1757869631.577:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9183 comm="syz.4.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 699.801260][ T37] audit: type=1326 audit(1757869631.577:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9183 comm="syz.4.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 699.801825][ T37] audit: type=1326 audit(1757869631.577:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9183 comm="syz.4.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 699.803238][ T37] audit: type=1326 audit(1757869631.577:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9183 comm="syz.4.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 699.803425][ T37] audit: type=1326 audit(1757869631.577:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9183 comm="syz.4.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=315 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 699.803922][ T37] audit: type=1326 audit(1757869631.577:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9183 comm="syz.4.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 699.820307][ T37] audit: type=1326 audit(1757869631.577:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9183 comm="syz.4.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 699.820931][ T37] audit: type=1326 audit(1757869631.577:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9183 comm="syz.4.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 699.823621][ T37] audit: type=1326 audit(1757869631.577:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9183 comm="syz.4.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 700.315417][ C1] vkms_vblank_simulate: vblank timer overrun [ 700.794864][ T9038] bridge0: port 2(bridge_slave_1) entered blocking state [ 700.795036][ T9038] bridge0: port 2(bridge_slave_1) entered disabled state [ 700.795285][ T9038] bridge_slave_1: entered allmulticast mode [ 700.850443][ T9038] bridge_slave_1: entered promiscuous mode [ 700.987920][ C1] vkms_vblank_simulate: vblank timer overrun [ 701.801356][ T9038] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 701.807447][ T9038] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 702.550623][ T9038] team0: Port device team_slave_0 added [ 702.582427][ T9038] team0: Port device team_slave_1 added [ 711.575346][ T5849] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 711.577741][ T5849] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 711.579044][ T5849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 711.580087][ T5849] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 711.611116][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 711.732194][ T9073] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 711.863281][ T9038] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 711.863296][ T9038] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 711.863312][ T9038] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 711.870884][ T9038] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 711.870897][ T9038] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 711.870917][ T9038] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 711.982136][ T9073] usb 3-1: Using ep0 maxpacket: 16 [ 711.986932][ T9073] usb 3-1: config 0 has an invalid descriptor of length 198, skipping remainder of the config [ 711.986961][ T9073] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 40, using maximum allowed: 30 [ 711.986984][ T9073] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 40 [ 711.987009][ T9073] usb 3-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 711.987022][ T9073] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 711.995095][ T9073] usb 3-1: config 0 descriptor?? [ 712.306713][ C0] vkms_vblank_simulate: vblank timer overrun [ 713.454295][ C0] vkms_vblank_simulate: vblank timer overrun [ 713.682208][ T5857] Bluetooth: hci0: command tx timeout [ 713.952329][ T3482] bridge_slave_1: left allmulticast mode [ 713.952367][ T3482] bridge_slave_1: left promiscuous mode [ 713.952665][ T3482] bridge0: port 2(bridge_slave_1) entered disabled state [ 714.023704][ T3482] bridge_slave_0: left allmulticast mode [ 714.023732][ T3482] bridge_slave_0: left promiscuous mode [ 714.024045][ T3482] bridge0: port 1(bridge_slave_0) entered disabled state [ 714.568313][ C0] vkms_vblank_simulate: vblank timer overrun [ 715.023150][ T9073] usb 3-1: string descriptor 0 read error: -71 [ 715.078318][ C0] vkms_vblank_simulate: vblank timer overrun [ 715.146060][ T9073] usb 3-1: USB disconnect, device number 9 [ 715.810576][ C0] vkms_vblank_simulate: vblank timer overrun [ 715.815210][ T3482] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 715.909191][ C0] vkms_vblank_simulate: vblank timer overrun [ 715.932283][ T37] kauditd_printk_skb: 4 callbacks suppressed [ 715.932301][ T37] audit: type=1326 audit(1757869647.687:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9224 comm="syz.1.639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 715.932353][ T37] audit: type=1326 audit(1757869647.687:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9224 comm="syz.1.639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 715.932399][ T37] audit: type=1326 audit(1757869647.687:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9224 comm="syz.1.639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 716.369572][ T9233] new mount options do not match the existing superblock, will be ignored [ 716.508915][ T5857] Bluetooth: hci0: command tx timeout [ 718.802493][ T5857] Bluetooth: hci0: command tx timeout [ 718.942323][ T9230] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/nullb0": -EINTR [ 719.538205][ T3482] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 719.541539][ T9248] netlink: 8 bytes leftover after parsing attributes in process `syz.2.642'. [ 720.716101][ T3482] bond0 (unregistering): Released all slaves [ 720.853672][ T9038] hsr_slave_0: entered promiscuous mode [ 720.854523][ T9038] hsr_slave_1: entered promiscuous mode [ 720.855738][ T9038] debugfs: 'hsr0' already exists in 'hsr' [ 720.855754][ T9038] Cannot create hsr debugfs directory [ 720.882117][ T5857] Bluetooth: hci0: command tx timeout [ 721.802124][ T9073] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 721.832341][ T3482] hsr_slave_0: left promiscuous mode [ 721.924943][ T3482] hsr_slave_1: left promiscuous mode [ 721.926028][ T3482] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 721.963549][ T9073] usb 2-1: Using ep0 maxpacket: 16 [ 721.966065][ T9073] usb 2-1: config 0 has an invalid descriptor of length 198, skipping remainder of the config [ 721.966117][ T9073] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 40, using maximum allowed: 30 [ 721.966159][ T9073] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 40 [ 721.966201][ T9073] usb 2-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 721.966226][ T9073] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 722.035430][ T9073] usb 2-1: config 0 descriptor?? [ 722.042751][ T3482] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 725.386157][ T9073] usb 2-1: string descriptor 0 read error: -71 [ 725.462299][ T9073] usb 2-1: USB disconnect, device number 7 [ 728.817329][ T37] audit: type=1326 audit(1757869660.537:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9279 comm="syz.4.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 728.817398][ T37] audit: type=1326 audit(1757869660.547:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9279 comm="syz.4.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 728.840650][ T9284] new mount options do not match the existing superblock, will be ignored [ 729.841072][ T3482] team0 (unregistering): Port device team_slave_1 removed [ 729.882016][ T37] audit: type=1326 audit(1757869660.607:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9279 comm="syz.4.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 729.882081][ T37] audit: type=1326 audit(1757869660.617:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9279 comm="syz.4.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 729.882131][ T37] audit: type=1326 audit(1757869660.617:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9279 comm="syz.4.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 729.882179][ T37] audit: type=1326 audit(1757869660.617:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9279 comm="syz.4.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=315 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 729.882237][ T37] audit: type=1326 audit(1757869660.617:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9279 comm="syz.4.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 729.882286][ T37] audit: type=1326 audit(1757869660.617:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9279 comm="syz.4.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 729.882333][ T37] audit: type=1326 audit(1757869660.617:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9279 comm="syz.4.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 729.882382][ T37] audit: type=1326 audit(1757869660.617:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9279 comm="syz.4.652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f26aaeba9 code=0x7ffc0000 [ 731.925313][ T5849] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 731.943266][ T5849] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 732.050143][ T5849] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 732.147533][ T5849] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 732.182509][ T5849] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 732.857905][ T3482] team0 (unregistering): Port device team_slave_0 removed [ 734.336828][ C0] vkms_vblank_simulate: vblank timer overrun [ 734.338390][ T5849] Bluetooth: hci5: command tx timeout [ 735.329567][ C0] vkms_vblank_simulate: vblank timer overrun [ 735.486244][ C0] vkms_vblank_simulate: vblank timer overrun [ 735.813739][ C0] vkms_vblank_simulate: vblank timer overrun [ 736.082605][ C0] vkms_vblank_simulate: vblank timer overrun [ 736.218894][ C0] vkms_vblank_simulate: vblank timer overrun [ 736.410273][ T5849] Bluetooth: hci5: command tx timeout [ 736.773555][ C0] vkms_vblank_simulate: vblank timer overrun [ 736.967678][ T9073] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 737.132191][ T9073] usb 3-1: Using ep0 maxpacket: 16 [ 737.136735][ T9073] usb 3-1: config 0 has an invalid descriptor of length 198, skipping remainder of the config [ 737.136787][ T9073] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 40, using maximum allowed: 30 [ 737.136830][ T9073] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 40 [ 737.136883][ T9073] usb 3-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 737.136907][ T9073] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 737.148524][ T9073] usb 3-1: config 0 descriptor?? [ 737.838202][ C0] vkms_vblank_simulate: vblank timer overrun [ 738.831380][ T5849] Bluetooth: hci5: command tx timeout [ 740.078444][ T9073] usb 3-1: string descriptor 0 read error: -71 [ 740.086138][ T9073] usb 3-1: USB disconnect, device number 10 [ 740.882199][ T5849] Bluetooth: hci5: command tx timeout [ 741.421360][ T9335] new mount options do not match the existing superblock, will be ignored [ 742.088640][ T37] kauditd_printk_skb: 4 callbacks suppressed [ 742.088696][ T37] audit: type=1326 audit(1757869673.197:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9330 comm="syz.2.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e05f0eba9 code=0x7ffc0000 [ 742.088831][ T37] audit: type=1326 audit(1757869673.197:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9330 comm="syz.2.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e05f0eba9 code=0x7ffc0000 [ 742.088947][ T37] audit: type=1326 audit(1757869673.197:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9330 comm="syz.2.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f3e05f0eba9 code=0x7ffc0000 [ 742.089024][ T37] audit: type=1326 audit(1757869673.197:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9330 comm="syz.2.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e05f0eba9 code=0x7ffc0000 [ 742.089111][ T37] audit: type=1326 audit(1757869673.197:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9330 comm="syz.2.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e05f0eba9 code=0x7ffc0000 [ 742.089194][ T37] audit: type=1326 audit(1757869673.197:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9330 comm="syz.2.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=315 compat=0 ip=0x7f3e05f0eba9 code=0x7ffc0000 [ 742.089278][ T37] audit: type=1326 audit(1757869673.197:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9330 comm="syz.2.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e05f0eba9 code=0x7ffc0000 [ 742.089364][ T37] audit: type=1326 audit(1757869673.197:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9330 comm="syz.2.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e05f0eba9 code=0x7ffc0000 [ 742.089457][ T37] audit: type=1326 audit(1757869673.197:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9330 comm="syz.2.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f3e05f0eba9 code=0x7ffc0000 [ 742.089576][ T37] audit: type=1326 audit(1757869673.197:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9330 comm="syz.2.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e05f0eba9 code=0x7ffc0000 [ 745.099099][ T9207] chnl_net:caif_netlink_parms(): no params data found [ 747.531705][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.531794][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.793095][ T9289] chnl_net:caif_netlink_parms(): no params data found [ 748.069256][ T3482] bridge_slave_1: left allmulticast mode [ 748.069294][ T3482] bridge_slave_1: left promiscuous mode [ 748.069624][ T3482] bridge0: port 2(bridge_slave_1) entered disabled state [ 748.161640][ T9073] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 748.264087][ T3482] bridge_slave_0: left allmulticast mode [ 748.264125][ T3482] bridge_slave_0: left promiscuous mode [ 748.264462][ T3482] bridge0: port 1(bridge_slave_0) entered disabled state [ 748.362272][ T9073] usb 2-1: Using ep0 maxpacket: 16 [ 748.367144][ T9073] usb 2-1: config 0 has an invalid descriptor of length 198, skipping remainder of the config [ 748.367173][ T9073] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 40, using maximum allowed: 30 [ 748.367198][ T9073] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 40 [ 748.367224][ T9073] usb 2-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 748.367237][ T9073] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 748.387328][ T9073] usb 2-1: config 0 descriptor?? [ 752.597849][ T9073] usb 2-1: string descriptor 0 read error: -71 [ 752.601399][ T9073] usb 2-1: USB disconnect, device number 8 [ 752.772685][ T3482] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 752.983495][ T3482] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 753.312856][ T9073] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 754.024275][ T3482] bond0 (unregistering): Released all slaves [ 754.134070][ T9073] usb 2-1: config 6 has an invalid interface number: 2 but max is 0 [ 754.134097][ T9073] usb 2-1: config 6 has no interface number 0 [ 754.134164][ T9073] usb 2-1: config 6 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 754.134186][ T9073] usb 2-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 754.134209][ T9073] usb 2-1: config 6 interface 2 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 754.134245][ T9073] usb 2-1: config 6 interface 2 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 754.136377][ T9073] usb 2-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 754.136394][ T9073] usb 2-1: New USB device strings: Mfr=17, Product=2, SerialNumber=3 [ 754.136406][ T9073] usb 2-1: Product: syz [ 754.136413][ T9073] usb 2-1: Manufacturer: syz [ 754.136421][ T9073] usb 2-1: SerialNumber: syz [ 754.236787][ T9073] hso 2-1:6.2: Failed to find BULK IN ep [ 754.629099][ T9392] block nbd1: Attempted send on invalid socket [ 754.629185][ T9392] I/O error, dev nbd1, sector 128 op 0x0:(READ) flags 0x1800 phys_seg 1 prio class 2 [ 754.629285][ T9392] gfs2: error -5 reading superblock [ 755.042697][ T9207] bridge0: port 1(bridge_slave_0) entered blocking state [ 755.042874][ T9207] bridge0: port 1(bridge_slave_0) entered disabled state [ 755.043101][ T9207] bridge_slave_0: entered allmulticast mode [ 755.048202][ T9207] bridge_slave_0: entered promiscuous mode [ 755.183997][ T31] usb 2-1: USB disconnect, device number 9 [ 755.472927][ T9207] bridge0: port 2(bridge_slave_1) entered blocking state [ 755.473100][ T9207] bridge0: port 2(bridge_slave_1) entered disabled state [ 755.473358][ T9207] bridge_slave_1: entered allmulticast mode [ 755.477240][ T9207] bridge_slave_1: entered promiscuous mode [ 755.582631][ T3482] hsr_slave_0: left promiscuous mode [ 755.730658][ T3482] hsr_slave_1: left promiscuous mode [ 755.753533][ T3482] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 755.773287][ T3482] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 757.452534][ T3482] team0 (unregistering): Port device team_slave_1 removed [ 757.812303][ T3482] team0 (unregistering): Port device team_slave_0 removed [ 761.164611][ C1] vkms_vblank_simulate: vblank timer overrun [ 761.243882][ T9207] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 761.455498][ T9207] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 761.785324][ T9289] bridge0: port 1(bridge_slave_0) entered blocking state [ 761.785511][ T9289] bridge0: port 1(bridge_slave_0) entered disabled state [ 761.785753][ T9289] bridge_slave_0: entered allmulticast mode [ 761.852488][ T9289] bridge_slave_0: entered promiscuous mode [ 762.108799][ T9431] netlink: 'syz.2.687': attribute type 1 has an invalid length. [ 762.111287][ T9289] bridge0: port 2(bridge_slave_1) entered blocking state [ 762.111554][ T9289] bridge0: port 2(bridge_slave_1) entered disabled state [ 762.111810][ T9289] bridge_slave_1: entered allmulticast mode [ 762.144048][ T9289] bridge_slave_1: entered promiscuous mode [ 762.212444][ T9207] team0: Port device team_slave_0 added [ 762.320807][ T9207] team0: Port device team_slave_1 added [ 762.543840][ T9289] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 762.554623][ T9289] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 762.799147][ T9289] team0: Port device team_slave_0 added [ 762.814594][ T9289] team0: Port device team_slave_1 added [ 763.071690][ T9289] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 763.071709][ T9289] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 763.071737][ T9289] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 763.079877][ T9289] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 763.079891][ T9289] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 763.079915][ T9289] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 764.155990][ T9289] hsr_slave_0: entered promiscuous mode [ 764.157494][ T9289] hsr_slave_1: entered promiscuous mode [ 764.158184][ T9289] debugfs: 'hsr0' already exists in 'hsr' [ 764.158202][ T9289] Cannot create hsr debugfs directory [ 764.523697][ C1] vkms_vblank_simulate: vblank timer overrun [ 765.051162][ C1] vkms_vblank_simulate: vblank timer overrun [ 765.120085][ T3521] bridge_slave_1: left allmulticast mode [ 765.120123][ T3521] bridge_slave_1: left promiscuous mode [ 765.120410][ T3521] bridge0: port 2(bridge_slave_1) entered disabled state [ 765.323926][ T3521] bridge_slave_0: left allmulticast mode [ 765.323960][ T3521] bridge_slave_0: left promiscuous mode [ 765.324272][ T3521] bridge0: port 1(bridge_slave_0) entered disabled state [ 765.435936][ T5857] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 765.439569][ T5857] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 765.461221][ T5857] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 765.471815][ T5857] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 765.474441][ T5857] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 766.191051][ T3521] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 766.322314][ T3521] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 766.432653][ T3521] bond0 (unregistering): Released all slaves [ 767.528862][ T5849] Bluetooth: hci0: command tx timeout [ 768.525654][ T3521] team0 (unregistering): Port device team_slave_1 removed [ 768.777062][ T3521] team0 (unregistering): Port device team_slave_0 removed [ 769.602120][ T5849] Bluetooth: hci0: command tx timeout [ 770.335162][ C1] vkms_vblank_simulate: vblank timer overrun [ 770.671583][ T31] usb 2-1: new full-speed USB device number 10 using dummy_hcd [ 770.834692][ T31] usb 2-1: config 0 has an invalid interface number: 59 but max is 0 [ 770.834738][ T31] usb 2-1: config 0 has no interface number 0 [ 770.837324][ T31] usb 2-1: New USB device found, idVendor=2040, idProduct=7510, bcdDevice=6d.dd [ 770.837343][ T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 770.837353][ T31] usb 2-1: Product: syz [ 770.837361][ T31] usb 2-1: Manufacturer: syz [ 770.837369][ T31] usb 2-1: SerialNumber: syz [ 770.892415][ T31] usb 2-1: config 0 descriptor?? [ 770.931459][ T31] pvrusb2: Hardware description: WinTV HVR-1975 Model 160000 [ 771.247526][ T9478] netlink: 'syz.1.698': attribute type 1 has an invalid length. [ 771.682125][ T5849] Bluetooth: hci0: command tx timeout [ 771.916536][ T31] usb 2-1: USB disconnect, device number 10 [ 771.919604][ T2367] usb 2-1: Direct firmware load for v4l-pvrusb2-160xxx-01.fw failed with error -2 [ 771.919627][ T2367] usb 2-1: Falling back to sysfs fallback for: v4l-pvrusb2-160xxx-01.fw [ 773.763439][ T5849] Bluetooth: hci0: command tx timeout [ 774.139500][ T9453] chnl_net:caif_netlink_parms(): no params data found [ 774.500165][ C1] vkms_vblank_simulate: vblank timer overrun [ 774.664317][ C1] vkms_vblank_simulate: vblank timer overrun [ 774.811498][ C1] vkms_vblank_simulate: vblank timer overrun [ 774.961440][ C1] vkms_vblank_simulate: vblank timer overrun [ 776.177802][ T9453] bridge0: port 1(bridge_slave_0) entered blocking state [ 776.177959][ T9453] bridge0: port 1(bridge_slave_0) entered disabled state [ 776.178090][ T9453] bridge_slave_0: entered allmulticast mode [ 776.208068][ T9453] bridge_slave_0: entered promiscuous mode [ 776.262837][ T9453] bridge0: port 2(bridge_slave_1) entered blocking state [ 776.262998][ T9453] bridge0: port 2(bridge_slave_1) entered disabled state [ 776.263118][ T9453] bridge_slave_1: entered allmulticast mode [ 776.268462][ T9453] bridge_slave_1: entered promiscuous mode [ 776.534736][ T9453] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 776.575005][ T9453] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 776.576385][ T9289] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 776.849419][ T9289] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 777.195039][ T9289] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 777.243530][ T9453] team0: Port device team_slave_0 added [ 777.244599][ T9289] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 777.313515][ T9453] team0: Port device team_slave_1 added [ 778.165735][ T9453] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 778.165755][ T9453] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 778.165785][ T9453] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 778.177375][ T9453] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 778.177392][ T9453] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 778.177416][ T9453] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 778.687048][ T9453] hsr_slave_0: entered promiscuous mode [ 778.696733][ T9453] hsr_slave_1: entered promiscuous mode [ 778.697726][ T9453] debugfs: 'hsr0' already exists in 'hsr' [ 778.697749][ T9453] Cannot create hsr debugfs directory [ 779.494872][ T9532] netlink: 'syz.2.711': attribute type 1 has an invalid length. [ 780.667992][ T9453] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 780.800891][ T9289] 8021q: adding VLAN 0 to HW filter on device bond0 [ 780.801325][ T9453] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 780.893076][ T9453] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 780.946854][ T9453] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 781.218386][ T9289] 8021q: adding VLAN 0 to HW filter on device team0 [ 781.289200][ T1521] bridge0: port 1(bridge_slave_0) entered blocking state [ 781.292245][ T1521] bridge0: port 1(bridge_slave_0) entered forwarding state [ 781.393185][ T3618] bridge0: port 2(bridge_slave_1) entered blocking state [ 781.393379][ T3618] bridge0: port 2(bridge_slave_1) entered forwarding state [ 782.306596][ T9453] 8021q: adding VLAN 0 to HW filter on device bond0 [ 782.417936][ T9453] 8021q: adding VLAN 0 to HW filter on device team0 [ 782.461501][ T1521] bridge0: port 1(bridge_slave_0) entered blocking state [ 782.462854][ T1521] bridge0: port 1(bridge_slave_0) entered forwarding state [ 782.552825][ T1521] bridge0: port 2(bridge_slave_1) entered blocking state [ 782.553001][ T1521] bridge0: port 2(bridge_slave_1) entered forwarding state [ 783.724527][ T9289] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 784.164633][ T9453] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 785.279900][ T9289] veth0_vlan: entered promiscuous mode [ 785.433505][ T9289] veth1_vlan: entered promiscuous mode [ 785.601392][ T9453] veth0_vlan: entered promiscuous mode [ 785.655501][ T9289] veth0_macvtap: entered promiscuous mode [ 785.686228][ T9453] veth1_vlan: entered promiscuous mode [ 785.708819][ T9289] veth1_macvtap: entered promiscuous mode [ 786.302664][ T9289] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 786.391758][ T9289] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 786.406947][ T9453] veth0_macvtap: entered promiscuous mode [ 786.482585][ T9453] veth1_macvtap: entered promiscuous mode [ 786.780666][ T9453] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 786.816592][ T9453] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 786.851866][ T43] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.879362][ T43] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.879650][ T43] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.879692][ T43] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 787.402619][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 787.402636][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 787.630729][ C0] vkms_vblank_simulate: vblank timer overrun [ 787.783059][ T3618] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 787.783082][ T3618] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 787.952516][ T5857] Bluetooth: hci2: unexpected event for opcode 0x0401 [ 787.976022][ T9597] netlink: 'syz.2.723': attribute type 1 has an invalid length. [ 789.160032][ C0] vkms_vblank_simulate: vblank timer overrun [ 789.564020][ C0] vkms_vblank_simulate: vblank timer overrun [ 789.912965][ C0] vkms_vblank_simulate: vblank timer overrun [ 790.056909][ C0] vkms_vblank_simulate: vblank timer overrun [ 790.290659][ T5849] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 790.299383][ T5849] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 790.301436][ T5849] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 790.508166][ C0] vkms_vblank_simulate: vblank timer overrun [ 790.552557][ T5849] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 790.554886][ T5849] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 790.637742][ C0] vkms_vblank_simulate: vblank timer overrun [ 790.707492][ T9616] new mount options do not match the existing superblock, will be ignored [ 790.710583][ T9616] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 790.723063][ C0] vkms_vblank_simulate: vblank timer overrun [ 790.898448][ C0] vkms_vblank_simulate: vblank timer overrun [ 791.525987][ T37] kauditd_printk_skb: 19 callbacks suppressed [ 791.526012][ T37] audit: type=1326 audit(1757869722.407:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9611 comm="syz.5.726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb6970eba9 code=0x7ffc0000 [ 791.526075][ T37] audit: type=1326 audit(1757869722.407:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9611 comm="syz.5.726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb6970eba9 code=0x7ffc0000 [ 791.526120][ T37] audit: type=1326 audit(1757869722.407:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9611 comm="syz.5.726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fdb6970eba9 code=0x7ffc0000 [ 791.825616][ T9615] workqueue: Failed to create a rescuer kthread for wq "xfs-inodegc/nullb0": -EINTR [ 793.602197][ T5857] Bluetooth: hci4: command tx timeout [ 794.437334][ T9642] netlink: 8 bytes leftover after parsing attributes in process `syz.1.729'. [ 795.427939][ C1] vkms_vblank_simulate: vblank timer overrun [ 795.502475][ C1] vkms_vblank_simulate: vblank timer overrun [ 796.349436][ C1] vkms_vblank_simulate: vblank timer overrun [ 796.360846][ T5849] Bluetooth: hci4: command tx timeout [ 798.432260][ T5849] Bluetooth: hci4: command tx timeout [ 798.681587][ T9610] chnl_net:caif_netlink_parms(): no params data found [ 799.190589][ C1] vkms_vblank_simulate: vblank timer overrun [ 799.389207][ C1] vkms_vblank_simulate: vblank timer overrun [ 799.467052][ T9684] netlink: 'syz.1.739': attribute type 1 has an invalid length. [ 799.467070][ T9684] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.739'. [ 800.234700][ T9610] bridge0: port 1(bridge_slave_0) entered blocking state [ 800.238503][ T9610] bridge0: port 1(bridge_slave_0) entered disabled state [ 800.238772][ T9610] bridge_slave_0: entered allmulticast mode [ 800.269757][ T9610] bridge_slave_0: entered promiscuous mode [ 800.299060][ T9610] bridge0: port 2(bridge_slave_1) entered blocking state [ 800.299275][ T9610] bridge0: port 2(bridge_slave_1) entered disabled state [ 800.299485][ T9610] bridge_slave_1: entered allmulticast mode [ 800.333221][ T9610] bridge_slave_1: entered promiscuous mode [ 800.369030][ T9695] netlink: 36 bytes leftover after parsing attributes in process `syz.4.748'. [ 800.369047][ T9695] netlink: 16 bytes leftover after parsing attributes in process `syz.4.748'. [ 800.369058][ T9695] netlink: 36 bytes leftover after parsing attributes in process `syz.4.748'. [ 800.369110][ T9695] netlink: 36 bytes leftover after parsing attributes in process `syz.4.748'. [ 800.514013][ T5849] Bluetooth: hci4: command tx timeout [ 801.023536][ T3521] bridge_slave_1: left allmulticast mode [ 801.023573][ T3521] bridge_slave_1: left promiscuous mode [ 801.023881][ T3521] bridge0: port 2(bridge_slave_1) entered disabled state [ 801.130255][ T9697] netlink: 8 bytes leftover after parsing attributes in process `syz.4.749'. [ 801.196166][ T3521] bridge_slave_0: left allmulticast mode [ 801.196205][ T3521] bridge_slave_0: left promiscuous mode [ 801.231402][ T3521] bridge0: port 1(bridge_slave_0) entered disabled state [ 802.769158][ C1] vkms_vblank_simulate: vblank timer overrun [ 803.484144][ C1] vkms_vblank_simulate: vblank timer overrun [ 803.614457][ C1] vkms_vblank_simulate: vblank timer overrun [ 804.015034][ C1] vkms_vblank_simulate: vblank timer overrun [ 807.058728][ T9735] netlink: 'syz.2.760': attribute type 1 has an invalid length. [ 807.058754][ T9735] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.760'. [ 807.282216][ T9739] netlink: 8 bytes leftover after parsing attributes in process `syz.4.762'. [ 808.993678][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.993730][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.063788][ T3521] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 809.143396][ T3521] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 809.165086][ T3521] bond0 (unregistering): Released all slaves [ 809.366434][ T9610] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 809.440491][ T9610] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 810.522430][ T3521] hsr_slave_0: left promiscuous mode [ 810.564516][ T3521] hsr_slave_1: left promiscuous mode [ 810.565599][ T3521] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 810.565632][ T3521] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 810.896248][ T3521] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 810.896292][ T3521] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 811.543955][ C0] vkms_vblank_simulate: vblank timer overrun [ 811.704464][ T3521] veth1_macvtap: left promiscuous mode [ 811.704546][ T3521] veth0_macvtap: left promiscuous mode [ 811.705857][ T3521] veth1_vlan: left promiscuous mode [ 811.706008][ T3521] veth0_vlan: left promiscuous mode [ 812.550855][ C0] vkms_vblank_simulate: vblank timer overrun [ 813.100058][ C0] vkms_vblank_simulate: vblank timer overrun [ 813.573603][ C0] vkms_vblank_simulate: vblank timer overrun [ 813.841879][ C0] vkms_vblank_simulate: vblank timer overrun [ 813.891511][ T9778] netlink: 8 bytes leftover after parsing attributes in process `syz.5.772'. [ 814.023331][ C0] vkms_vblank_simulate: vblank timer overrun [ 814.590150][ C0] vkms_vblank_simulate: vblank timer overrun [ 815.956180][ C0] vkms_vblank_simulate: vblank timer overrun [ 816.505745][ C0] vkms_vblank_simulate: vblank timer overrun [ 816.506528][ T9787] netlink: 'syz.5.776': attribute type 1 has an invalid length. [ 816.506550][ T9787] netlink: 168864 bytes leftover after parsing attributes in process `syz.5.776'. [ 816.791618][ C0] vkms_vblank_simulate: vblank timer overrun [ 817.184374][ T5849] Bluetooth: hci3: unexpected event for opcode 0x0401 [ 817.527950][ C0] vkms_vblank_simulate: vblank timer overrun [ 821.173271][ T3521] team0 (unregistering): Port device team_slave_1 removed [ 821.814871][ T3521] team0 (unregistering): Port device team_slave_0 removed [ 824.359512][ C1] vkms_vblank_simulate: vblank timer overrun [ 824.408140][ C1] vkms_vblank_simulate: vblank timer overrun [ 824.505131][ C1] vkms_vblank_simulate: vblank timer overrun [ 825.061386][ C1] vkms_vblank_simulate: vblank timer overrun [ 826.384458][ C1] vkms_vblank_simulate: vblank timer overrun [ 826.528682][ C1] vkms_vblank_simulate: vblank timer overrun [ 826.876231][ T990] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 827.055699][ T990] usb 6-1: config 0 has an invalid interface number: 59 but max is 0 [ 827.055739][ T990] usb 6-1: config 0 has no interface number 0 [ 827.059017][ T990] usb 6-1: New USB device found, idVendor=2040, idProduct=7510, bcdDevice=6d.dd [ 827.059046][ T990] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 827.059066][ T990] usb 6-1: Product: syz [ 827.059081][ T990] usb 6-1: Manufacturer: syz [ 827.059095][ T990] usb 6-1: SerialNumber: syz [ 827.063372][ T990] usb 6-1: config 0 descriptor?? [ 827.108356][ T990] pvrusb2: Hardware description: WinTV HVR-1975 Model 160000 [ 827.141570][ C1] vkms_vblank_simulate: vblank timer overrun [ 827.311261][ C1] vkms_vblank_simulate: vblank timer overrun [ 827.564940][ T9837] netlink: 'syz.5.791': attribute type 1 has an invalid length. [ 827.944478][ T990] usb 6-1: USB disconnect, device number 2 [ 827.946010][ T990] pvrusb2: Device being rendered inoperable [ 828.169630][ T9610] team0: Port device team_slave_0 added [ 828.210005][ T9822] netlink: 'syz.2.787': attribute type 12 has an invalid length. [ 828.245864][ T9610] team0: Port device team_slave_1 added [ 828.681335][ C1] vkms_vblank_simulate: vblank timer overrun [ 828.787835][ T9610] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 828.787854][ T9610] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 828.787883][ T9610] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 828.812447][ T9610] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 828.812466][ T9610] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 828.812491][ T9610] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 829.133029][ C1] vkms_vblank_simulate: vblank timer overrun [ 829.557528][ C1] vkms_vblank_simulate: vblank timer overrun [ 830.109102][ C1] vkms_vblank_simulate: vblank timer overrun [ 830.627424][ C1] vkms_vblank_simulate: vblank timer overrun [ 830.781061][ C1] vkms_vblank_simulate: vblank timer overrun [ 831.316996][ C1] vkms_vblank_simulate: vblank timer overrun [ 832.131436][ T9610] hsr_slave_0: entered promiscuous mode [ 832.227439][ T9610] hsr_slave_1: entered promiscuous mode [ 832.293209][ T9610] debugfs: 'hsr0' already exists in 'hsr' [ 832.293246][ T9610] Cannot create hsr debugfs directory [ 834.673317][ T2367] pvrusb2: request_firmware fatal error with code=-110 [ 834.673336][ T2367] pvrusb2: Failure uploading firmware1 [ 834.673343][ T2367] pvrusb2: Device initialization was not successful. [ 834.673351][ T2367] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 834.673360][ T2367] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 834.682364][ T31] pvrusb2: Device being rendered inoperable [ 839.613873][ C1] vkms_vblank_simulate: vblank timer overrun [ 842.580382][ T9610] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 842.637762][ T9610] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 842.782262][ T9610] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 842.896240][ T9610] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 843.760527][ T9610] 8021q: adding VLAN 0 to HW filter on device bond0 [ 844.152982][ T9610] 8021q: adding VLAN 0 to HW filter on device team0 [ 844.198420][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 844.198595][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 844.211129][ T3521] bridge0: port 2(bridge_slave_1) entered blocking state [ 844.211287][ T3521] bridge0: port 2(bridge_slave_1) entered forwarding state [ 845.942292][ T37] audit: type=1326 audit(1757869777.137:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9945 comm="syz.5.817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb6970eba9 code=0x7ffc0000 [ 845.942365][ T37] audit: type=1326 audit(1757869777.147:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9945 comm="syz.5.817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb6970eba9 code=0x7ffc0000 [ 845.942413][ T37] audit: type=1326 audit(1757869777.197:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9945 comm="syz.5.817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fdb6970eba9 code=0x7ffc0000 [ 846.044323][ T9954] new mount options do not match the existing superblock, will be ignored [ 846.045718][ T9954] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 847.569749][ T9956] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 849.612242][ T10] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 850.349465][ T10] usb 6-1: config 0 has an invalid interface number: 59 but max is 0 [ 850.349496][ T10] usb 6-1: config 0 has no interface number 0 [ 850.372123][ T10] usb 6-1: New USB device found, idVendor=2040, idProduct=7510, bcdDevice=6d.dd [ 850.372143][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 850.372154][ T10] usb 6-1: Product: syz [ 850.372162][ T10] usb 6-1: Manufacturer: syz [ 850.372170][ T10] usb 6-1: SerialNumber: syz [ 850.378684][ T10] usb 6-1: config 0 descriptor?? [ 850.472994][ T10] pvrusb2: Hardware description: WinTV HVR-1975 Model 160000 [ 850.944115][ C1] vkms_vblank_simulate: vblank timer overrun [ 851.021147][ T9967] netlink: 'syz.5.820': attribute type 1 has an invalid length. [ 851.047680][ T2367] usb 6-1: Direct firmware load for v4l-pvrusb2-160xxx-01.fw failed with error -2 [ 851.047711][ T2367] usb 6-1: Falling back to sysfs fallback for: v4l-pvrusb2-160xxx-01.fw [ 851.087788][ T10] usb 6-1: USB disconnect, device number 3 [ 851.986152][ T5857] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 852.028402][ T5857] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 852.049293][ T5857] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 852.060307][ T5857] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 852.061746][ T5857] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 854.164593][ T5849] Bluetooth: hci5: command tx timeout [ 854.456654][ C1] vkms_vblank_simulate: vblank timer overrun [ 856.242035][ T5849] Bluetooth: hci5: command tx timeout [ 858.322965][ T5849] Bluetooth: hci5: command tx timeout [ 859.058880][T10018] new mount options do not match the existing superblock, will be ignored [ 859.085252][T10018] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 859.732573][ T37] audit: type=1326 audit(1757869790.657:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10012 comm="syz.5.832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb6970eba9 code=0x7ffc0000 [ 859.732634][ T37] audit: type=1326 audit(1757869790.657:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10012 comm="syz.5.832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb6970eba9 code=0x7ffc0000 [ 859.732681][ T37] audit: type=1326 audit(1757869790.677:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10012 comm="syz.5.832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fdb6970eba9 code=0x7ffc0000 [ 860.053875][ T5849] Bluetooth: hci2: unexpected event for opcode 0x0401 [ 860.268435][T10026] netlink: 'syz.2.834': attribute type 1 has an invalid length. [ 860.402081][ T5849] Bluetooth: hci5: command tx timeout [ 862.077312][ T37] audit: type=1326 audit(1757869793.857:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10023 comm="syz.1.835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 862.081973][ T37] audit: type=1326 audit(1757869793.857:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10023 comm="syz.1.835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 862.082043][ T37] audit: type=1326 audit(1757869793.857:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10023 comm="syz.1.835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 862.327406][T10037] new mount options do not match the existing superblock, will be ignored [ 862.337052][T10037] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 864.417934][T10034] workqueue: Failed to create a rescuer kthread for wq "xfs-blockgc/nullb0": -EINTR [ 868.022963][ T9983] chnl_net:caif_netlink_parms(): no params data found [ 869.221039][ T3563] bridge_slave_1: left allmulticast mode [ 869.221069][ T3563] bridge_slave_1: left promiscuous mode [ 869.221266][ T3563] bridge0: port 2(bridge_slave_1) entered disabled state [ 869.345265][ T3563] bridge_slave_0: left allmulticast mode [ 869.345307][ T3563] bridge_slave_0: left promiscuous mode [ 869.345625][ T3563] bridge0: port 1(bridge_slave_0) entered disabled state [ 870.411625][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.411678][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.849308][ C0] vkms_vblank_simulate: vblank timer overrun [ 872.307598][ C0] vkms_vblank_simulate: vblank timer overrun [ 872.520655][ C0] vkms_vblank_simulate: vblank timer overrun [ 872.777421][T10088] [ 872.777437][T10088] ====================================================== [ 872.777449][T10088] WARNING: possible circular locking dependency detected [ 872.777459][T10088] syzkaller #0 Not tainted [ 872.777471][T10088] ------------------------------------------------------ [ 872.777479][T10088] syz.5.845/10088 is trying to acquire lock: [ 872.777492][T10088] ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 872.777556][T10088] [ 872.777556][T10088] but task is already holding lock: [ 872.777564][T10088] ffff8880245ce3a0 (&dev->vblank_time_lock){+.+.}-{3:3}, at: drm_vblank_disable_and_save+0x7f/0x380 [ 872.777616][T10088] [ 872.777616][T10088] which lock already depends on the new lock. [ 872.777616][T10088] [ 872.777624][T10088] [ 872.777624][T10088] the existing dependency chain (in reverse order) is: [ 872.777631][T10088] [ 872.777631][T10088] -> #4 (&dev->vblank_time_lock){+.+.}-{3:3}: [ 872.777660][T10088] lock_acquire+0x120/0x360 [ 872.777687][T10088] rt_spin_lock+0x88/0x2c0 [ 872.777709][T10088] drm_crtc_vblank_on_config+0x2cd/0x860 [ 872.777734][T10088] drm_crtc_vblank_on+0x88/0xc0 [ 872.777758][T10088] drm_atomic_helper_commit_modeset_enables+0x602/0xe10 [ 872.777785][T10088] vkms_atomic_commit_tail+0x69/0x210 [ 872.777809][T10088] commit_tail+0x281/0x3a0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 872.777832][T10088] drm_atomic_helper_commit+0xa6b/0xb10 [ 872.777857][T10088] drm_atomic_commit+0x262/0x2c0 [ 872.777878][T10088] drm_client_modeset_commit_atomic+0x620/0x760 [ 872.777899][T10088] drm_client_modeset_commit_locked+0xce/0x4d0 [ 872.777919][T10088] drm_client_modeset_commit+0x4a/0x70 [ 872.777937][T10088] __drm_fb_helper_restore_fbdev_mode_unlocked+0x9d/0x1b0 [ 872.777963][T10088] drm_fb_helper_set_par+0xaf/0x100 [ 872.777987][T10088] fbcon_init+0x1255/0x2370 [ 872.778015][T10088] visual_init+0x2ef/0x650 [ 872.778040][T10088] do_bind_con_driver+0x890/0xf70 [ 872.778068][T10088] do_take_over_console+0x899/0xa10 [ 872.778096][T10088] do_fbcon_takeover+0x118/0x200 [ 872.778131][T10088] fbcon_fb_registered+0x35e/0x610 [ 872.778158][T10088] register_framebuffer+0x70f/0x890 [ 872.778175][T10088] __drm_fb_helper_initial_config_and_unlock+0x130a/0x18a0 [ 872.778203][T10088] drm_fbdev_client_hotplug+0x16f/0x230 [ 872.778230][T10088] drm_client_register+0x16f/0x210 [ 872.778258][T10088] drm_fbdev_client_setup+0x19f/0x3f0 [ 872.778284][T10088] drm_client_setup+0x10a/0x230 [ 872.778308][T10088] vkms_init+0x3e0/0x4b0 [ 872.778330][T10088] do_one_initcall+0x233/0x820 [ 872.778348][T10088] do_initcall_level+0x104/0x190 [ 872.778373][T10088] do_initcalls+0x59/0xa0 [ 872.778396][T10088] kernel_init_freeable+0x334/0x4b0 [ 872.778421][T10088] kernel_init+0x1d/0x1d0 [ 872.778441][T10088] ret_from_fork+0x439/0x7d0 [ 872.778466][T10088] ret_from_fork_asm+0x1a/0x30 [ 872.778484][T10088] [ 872.778484][T10088] -> #3 (&dev->vbl_lock){+.+.}-{3:3}: [ 872.778512][T10088] lock_acquire+0x120/0x360 [ 872.778536][T10088] rt_spin_lock+0x88/0x2c0 [ 872.778557][T10088] vblank_disable_fn+0x72/0x190 [ 872.778579][T10088] call_timer_fn+0x17e/0x5f0 [ 872.778604][T10088] __run_timer_base+0x648/0x970 [ 872.778625][T10088] run_timer_softirq+0xb7/0x180 [ 872.778648][T10088] handle_softirqs+0x22f/0x710 [ 872.778671][T10088] run_ktimerd+0xcf/0x190 [ 872.778696][T10088] smpboot_thread_fn+0x53f/0xa60 [ 872.778719][T10088] kthread+0x70e/0x8a0 [ 872.778746][T10088] ret_from_fork+0x439/0x7d0 [ 872.778770][T10088] ret_from_fork_asm+0x1a/0x30 [ 872.778788][T10088] [ 872.778788][T10088] -> #2 ((&vblank->disable_timer)){+...}-{0:0}: [ 872.778817][T10088] lock_acquire+0x120/0x360 [ 872.778840][T10088] call_timer_fn+0xdb/0x5f0 [ 872.778865][T10088] __run_timer_base+0x648/0x970 [ 872.778887][T10088] run_timer_softirq+0xb7/0x180 [ 872.778910][T10088] handle_softirqs+0x22f/0x710 [ 872.778933][T10088] run_ktimerd+0xcf/0x190 [ 872.778958][T10088] smpboot_thread_fn+0x53f/0xa60 [ 872.778981][T10088] kthread+0x70e/0x8a0 [ 872.779008][T10088] ret_from_fork+0x439/0x7d0 [ 872.779031][T10088] ret_from_fork_asm+0x1a/0x30 [ 872.779049][T10088] [ 872.779049][T10088] -> #1 (&base->expiry_lock){+...}-{3:3}: [ 872.779076][T10088] lock_acquire+0x120/0x360 [ 872.779100][T10088] rt_spin_lock+0x88/0x2c0 [ 872.779121][T10088] __run_timer_base+0x114/0x970 [ 872.779150][T10088] run_timer_softirq+0x67/0x180 [ 872.779173][T10088] handle_softirqs+0x22f/0x710 [ 872.779195][T10088] run_ktimerd+0xcf/0x190 [ 872.779221][T10088] smpboot_thread_fn+0x53f/0xa60 [ 872.779244][T10088] kthread+0x70e/0x8a0 [ 872.779271][T10088] ret_from_fork+0x439/0x7d0 [ 872.779294][T10088] ret_from_fork_asm+0x1a/0x30 [ 872.779312][T10088] [ 872.779312][T10088] -> #0 ((softirq_ctrl.lock)){+.+.}-{3:3}: [ 872.779340][T10088] validate_chain+0xb9b/0x2140 [ 872.779369][T10088] __lock_acquire+0xab9/0xd20 [ 872.779391][T10088] reacquire_held_locks+0x127/0x1d0 [ 872.779419][T10088] lock_release+0x1b4/0x3e0 [ 872.779443][T10088] __local_bh_enable_ip+0x10c/0x270 [ 872.779467][T10088] hrtimer_cancel+0x39/0x60 [ 872.779494][T10088] drm_vblank_disable_and_save+0x1bc/0x380 [ 872.779517][T10088] drm_crtc_vblank_off+0x22e/0x820 [ 872.779541][T10088] drm_atomic_helper_commit_modeset_disables+0xc89/0x2010 [ 872.779568][T10088] vkms_atomic_commit_tail+0x51/0x210 [ 872.779592][T10088] commit_tail+0x281/0x3a0 [ 872.779616][T10088] drm_atomic_helper_commit+0xa6b/0xb10 [ 872.779640][T10088] drm_atomic_commit+0x262/0x2c0 [ 872.779661][T10088] drm_atomic_connector_commit_dpms+0x364/0x480 [ 872.779687][T10088] drm_mode_obj_set_property_ioctl+0x617/0xdf0 [ 872.779712][T10088] drm_connector_property_set_ioctl+0xe9/0x170 [ 872.779741][T10088] drm_ioctl_kernel+0x2d2/0x3a0 [ 872.779769][T10088] drm_ioctl+0x685/0xb20 [ 872.779795][T10088] __se_sys_ioctl+0xff/0x170 [ 872.779817][T10088] do_syscall_64+0xfa/0x3b0 [ 872.779833][T10088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 872.779852][T10088] [ 872.779852][T10088] other info that might help us debug this: [ 872.779852][T10088] [ 872.779860][T10088] Chain exists of: [ 872.779860][T10088] (softirq_ctrl.lock) --> &dev->vbl_lock --> &dev->vblank_time_lock [ 872.779860][T10088] [ 872.779895][T10088] Possible unsafe locking scenario: [ 872.779895][T10088] [ 872.779901][T10088] CPU0 CPU1 [ 872.779908][T10088] ---- ---- [ 872.779915][T10088] lock(&dev->vblank_time_lock); [ 872.779930][T10088] lock(&dev->vbl_lock); [ 872.779946][T10088] lock(&dev->vblank_time_lock); [ 872.779962][T10088] lock((softirq_ctrl.lock)); [ 872.779976][T10088] [ 872.779976][T10088] *** DEADLOCK *** [ 872.779976][T10088] [ 872.779982][T10088] 8 locks held by syz.5.845/10088: [ 872.779994][T10088] #0: ffffc90006267a60 (crtc_ww_class_acquire){+.+.}-{0:0}, at: drm_mode_obj_set_property_ioctl+0x512/0xdf0 [ 872.780051][T10088] #1: ffffc90006267a88 (crtc_ww_class_mutex){+.+.}-{4:4}, at: drm_mode_obj_set_property_ioctl+0x512/0xdf0 [ 872.780106][T10088] #2: ffff8880245ce4b8 (&dev->event_lock){+.+.}-{3:3}, at: drm_crtc_vblank_off+0xe4/0x820 [ 872.780167][T10088] #3: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 872.780219][T10088] #4: ffff8880245ce420 (&dev->vbl_lock){+.+.}-{3:3}, at: drm_crtc_vblank_off+0xf5/0x820 [ 872.780272][T10088] #5: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 872.780324][T10088] #6: ffff8880245ce3a0 (&dev->vblank_time_lock){+.+.}-{3:3}, at: drm_vblank_disable_and_save+0x7f/0x380 [ 872.780375][T10088] #7: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 872.780425][T10088] [ 872.780425][T10088] stack backtrace: [ 872.780439][T10088] CPU: 0 UID: 0 PID: 10088 Comm: syz.5.845 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 872.780463][T10088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 872.780476][T10088] Call Trace: [ 872.780485][T10088] [ 872.780493][T10088] dump_stack_lvl+0x189/0x250 [ 872.780527][T10088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 872.780557][T10088] ? __pfx__printk+0x10/0x10 [ 872.780580][T10088] ? print_lock_name+0xde/0x100 [ 872.780603][T10088] print_circular_bug+0x2ee/0x310 [ 872.780625][T10088] check_noncircular+0x134/0x160 [ 872.780660][T10088] validate_chain+0xb9b/0x2140 [ 872.780694][T10088] ? preempt_schedule+0xae/0xc0 [ 872.780725][T10088] ? preempt_schedule_common+0x83/0xd0 [ 872.780754][T10088] ? preempt_schedule+0xae/0xc0 [ 872.780782][T10088] ? __pfx_preempt_schedule+0x10/0x10 [ 872.780814][T10088] __lock_acquire+0xab9/0xd20 [ 872.780844][T10088] reacquire_held_locks+0x127/0x1d0 [ 872.780875][T10088] ? __local_bh_disable_ip+0x264/0x400 [ 872.780904][T10088] lock_release+0x1b4/0x3e0 [ 872.780931][T10088] ? __local_bh_enable_ip+0x100/0x270 [ 872.780959][T10088] __local_bh_enable_ip+0x10c/0x270 [ 872.780984][T10088] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 872.781011][T10088] ? rt_spin_unlock+0x65/0x80 [ 872.781038][T10088] ? hrtimer_cancel_wait_running+0xe5/0x180 [ 872.781068][T10088] ? hrtimer_cancel_wait_running+0x142/0x180 [ 872.781099][T10088] ? __pfx_vkms_disable_vblank+0x10/0x10 [ 872.781136][T10088] hrtimer_cancel+0x39/0x60 [ 872.781165][T10088] drm_vblank_disable_and_save+0x1bc/0x380 [ 872.781193][T10088] drm_crtc_vblank_off+0x22e/0x820 [ 872.781222][T10088] ? drm_atomic_bridge_chain_disable+0x157/0x180 [ 872.781255][T10088] ? __pfx_vkms_crtc_atomic_disable+0x10/0x10 [ 872.781285][T10088] drm_atomic_helper_commit_modeset_disables+0xc89/0x2010 [ 872.781320][T10088] vkms_atomic_commit_tail+0x51/0x210 [ 872.781346][T10088] ? read_tsc+0x9/0x20 [ 872.781369][T10088] ? __pfx_vkms_atomic_commit_tail+0x10/0x10 [ 872.781394][T10088] commit_tail+0x281/0x3a0 [ 872.781423][T10088] drm_atomic_helper_commit+0xa6b/0xb10 [ 872.781453][T10088] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 872.781479][T10088] drm_atomic_commit+0x262/0x2c0 [ 872.781504][T10088] ? __pfx_drm_atomic_commit+0x10/0x10 [ 872.781526][T10088] ? drm_atomic_add_affected_connectors+0x397/0x410 [ 872.781551][T10088] ? __pfx___drm_printfn_info+0x10/0x10 [ 872.781589][T10088] drm_atomic_connector_commit_dpms+0x364/0x480 [ 872.781619][T10088] drm_mode_obj_set_property_ioctl+0x617/0xdf0 [ 872.781652][T10088] ? __pfx_drm_mode_obj_set_property_ioctl+0x10/0x10 [ 872.781679][T10088] ? preempt_schedule+0xae/0xc0 [ 872.781707][T10088] ? preempt_schedule_common+0x83/0xd0 [ 872.781736][T10088] ? preempt_schedule+0xae/0xc0 [ 872.781764][T10088] ? __pfx_preempt_schedule+0x10/0x10 [ 872.781795][T10088] ? preempt_schedule_thunk+0x16/0x30 [ 872.781828][T10088] ? rt_mutex_slowunlock+0x493/0x8a0 [ 872.781855][T10088] ? rt_spin_lock+0x1bb/0x2c0 [ 872.781881][T10088] drm_connector_property_set_ioctl+0xe9/0x170 [ 872.781908][T10088] ? __pfx_drm_connector_property_set_ioctl+0x10/0x10 [ 872.781936][T10088] ? drm_is_current_master+0x1a2/0x210 [ 872.781962][T10088] drm_ioctl_kernel+0x2d2/0x3a0 [ 872.781993][T10088] ? __pfx_drm_connector_property_set_ioctl+0x10/0x10 [ 872.782024][T10088] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 872.782059][T10088] drm_ioctl+0x685/0xb20 [ 872.782087][T10088] ? trace_irq_disable+0x37/0x110 [ 872.782115][T10088] ? __pfx_drm_connector_property_set_ioctl+0x10/0x10 [ 872.782157][T10088] ? __pfx_drm_ioctl+0x10/0x10 [ 872.782193][T10088] ? __pfx___sanitizer_cov_trace_const_cmp4+0x10/0x10 [ 872.782221][T10088] ? __pfx_drm_ioctl+0x10/0x10 [ 872.782250][T10088] __se_sys_ioctl+0xff/0x170 [ 872.782274][T10088] do_syscall_64+0xfa/0x3b0 [ 872.782295][T10088] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 872.782316][T10088] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 872.782337][T10088] ? clear_bhb_loop+0x60/0xb0 [ 872.782359][T10088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 872.782379][T10088] RIP: 0033:0x7fdb6970eba9 [ 872.782397][T10088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 872.782416][T10088] RSP: 002b:00007fdb67934038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 872.782438][T10088] RAX: ffffffffffffffda RBX: 00007fdb69956180 RCX: 00007fdb6970eba9 [ 872.782454][T10088] RDX: 0000200000000380 RSI: 00000000c01064ab RDI: 0000000000000007 [ 872.782469][T10088] RBP: 00007fdb69791e19 R08: 0000000000000000 R09: 0000000000000000 [ 872.782483][T10088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 872.782496][T10088] R13: 00007fdb69956218 R14: 00007fdb69956180 R15: 00007ffcd1cd1868 [ 872.782520][T10088] [ 873.495950][T10091] new mount options do not match the existing superblock, will be ignored [ 873.504360][T10091] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 874.090380][ T37] audit: type=1326 audit(1757869805.167:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10083 comm="syz.1.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 874.112058][ T37] audit: type=1326 audit(1757869805.167:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10083 comm="syz.1.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 874.112102][ T37] audit: type=1326 audit(1757869805.177:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10083 comm="syz.1.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f36c278eba9 code=0x7ffc0000 [ 874.500672][T10090] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR [ 874.501516][T10091] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 876.762629][ T3563] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 876.822644][ T3563] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 876.864204][ T3563] bond0 (unregistering): Released all slaves [ 876.892354][ T9983] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg2": -EINTR [ 878.162331][ T3563] hsr_slave_0: left promiscuous mode [ 878.192107][ T3563] hsr_slave_1: left promiscuous mode [ 878.192771][ T3563] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 878.244895][ T3563] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 878.932734][ T3563] team0 (unregistering): Port device team_slave_1 removed [ 879.136873][ T3563] team0 (unregistering): Port device team_slave_0 removed [ 882.494890][ T3563] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 882.683889][ T3563] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 882.886030][ T3563] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 883.095029][ T3563] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0