last executing test programs: 2m43.982140391s ago: executing program 4 (id=33): epoll_create1(0x0) syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f00000003c0)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) write$vhost_msg(r3, &(0x7f0000000600)={0x1, {&(0x7f0000000480)=""/224, 0xe0, &(0x7f0000000580)=""/127, 0x1}}, 0x48) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x800) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000000) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$kcm(0x29, 0x5, 0x0) getsockopt$kcm_KCM_RECV_DISABLE(r5, 0x119, 0x1, 0xffffffffffffffff, 0xfffffffffffffe84) 2m35.10908199s ago: executing program 4 (id=49): epoll_create1(0x0) syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f00000003c0)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) write$vhost_msg(r3, &(0x7f0000000600)={0x1, {&(0x7f0000000480)=""/224, 0xe0, &(0x7f0000000580)=""/127, 0x1}}, 0x48) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x800) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000000) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x29, 0x5, 0x0) getsockopt$kcm_KCM_RECV_DISABLE(r5, 0x119, 0x1, 0xffffffffffffffff, 0xfffffffffffffe84) socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_udp_encap(r6, 0x11, 0x64, &(0x7f0000000040)=0x3, 0x4) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r7, 0xffffffffffffffff, 0x0) 2m33.377958645s ago: executing program 4 (id=53): timer_create(0x9, 0x0, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$int_in(r0, 0x5452, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='setgroups\x00') r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write(r2, &(0x7f0000000080)="520003000100b8", 0x7) r3 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)}, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) r4 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2a, &(0x7f0000000080)={0x20, {{0xa, 0x3, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x10001, @local}}}, 0x108) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000240)={r5, 0x0, 0x30, 0x0, @val=@uprobe_multi={0x0, 0x0}}, 0x40) 2m31.799413299s ago: executing program 4 (id=57): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) userfaultfd(0x80801) mknod(0x0, 0x8001420, 0x0) r3 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4000, 0x0, @remote, 0x5}, 0x1c) writev(r3, &(0x7f00000000c0), 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') ioctl$TCFLSH(r4, 0x540b, 0x1) syz_open_dev$tty1(0xc, 0x4, 0x1) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000, 0x1}) r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_ENC_INDEX(r5, 0x8818564c, &(0x7f0000000340)) 2m29.692288935s ago: executing program 4 (id=62): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x141, 0xf2, 0xc5, 0x96, 0x20, 0x16d0, 0x10b8, 0xde8e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x0, 0x83, 0xec, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0x2, 0x0, 0xa}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000a00)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="400f280000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2m25.901750956s ago: executing program 4 (id=67): socket(0x1a, 0x2, 0x7) syz_open_procfs(0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40000) process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) r1 = socket$inet6(0xa, 0x2, 0x0) unshare(0x8000000) shmget$private(0x0, 0xfffffffffeffffff, 0x4800, &(0x7f0000ffc000/0x3000)=nil) bind$inet6(r1, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$kcm(0x29, 0x5, 0x0) r3 = syz_io_uring_setup(0x90c, &(0x7f0000000200)={0x0, 0x5885, 0x0, 0x0, 0xfd}, &(0x7f0000000740)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x40, 0x0, r2, 0x0, 0x0, 0x5c, 0x10}) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x1) 2m9.207877377s ago: executing program 32 (id=67): socket(0x1a, 0x2, 0x7) syz_open_procfs(0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40000) process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) r1 = socket$inet6(0xa, 0x2, 0x0) unshare(0x8000000) shmget$private(0x0, 0xfffffffffeffffff, 0x4800, &(0x7f0000ffc000/0x3000)=nil) bind$inet6(r1, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$kcm(0x29, 0x5, 0x0) r3 = syz_io_uring_setup(0x90c, &(0x7f0000000200)={0x0, 0x5885, 0x0, 0x0, 0xfd}, &(0x7f0000000740)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x40, 0x0, r2, 0x0, 0x0, 0x5c, 0x10}) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x1) 25.502207038s ago: executing program 0 (id=275): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x9d, 0xea, 0x78, 0x40, 0x18b4, 0xfffb, 0xdc7b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1, 0x0, 0x0, 0xa0, 0x1f, 0x71}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000000)={0x0, 0x0, 0x1, "01"}, 0x0, 0x0}) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) pread64(r1, &(0x7f0000000040)=""/115, 0x73, 0xeb04) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, 0x0, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) r4 = accept4(r3, 0x0, 0x0, 0x80800) sendmsg$alg(r4, 0x0, 0x14000012) sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x4041080) recvmsg$can_raw(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000000)=""/29, 0x1d}], 0x1}, 0xf0) r5 = syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x211a, 0x80, 0x4, 0x306}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000040)=0xffefffdc, 0x0, 0x4) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='>'], 0x38}}, 0x80) mount(0x0, 0x0, &(0x7f00000001c0)='adfs\x00', 0x0, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$UHID_CREATE2(r8, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r8, 0x0) syz_io_uring_submit(r6, r7, 0x0) io_uring_enter(r5, 0x3516, 0xc2de, 0x8, 0x0, 0x0) 23.696050561s ago: executing program 1 (id=279): openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000200)={0x48}) r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22902, 0x0) ioctl$FBIOBLANK(r3, 0x4611, 0x3) ioctl$FBIO_WAITFORVSYNC(r3, 0x40044620, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) r5 = dup(r4) socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x11, 0x3, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r9 = openat$cgroup_ro(r8, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x0, 0x0) setsockopt$inet_MCAST_MSFILTER(r5, 0x0, 0x30, &(0x7f00000000c0)={0x7, {{0x2, 0x4e24, @multicast2}}}, 0x90) read$FUSE(r9, &(0x7f00000083c0)={0x2020}, 0x2020) ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) bind$packet(r6, &(0x7f00000001c0)={0x11, 0x0, r10, 0x1, 0x2, 0x6, @broadcast}, 0x14) r11 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r11, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0x1, 0x0, 0x0) 20.273514889s ago: executing program 0 (id=283): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$I2C(0x0, 0x1, 0x402) pread64(r0, &(0x7f0000000040)=""/115, 0x73, 0xeb04) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000540)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) sendmsg$alg(0xffffffffffffffff, 0x0, 0x14000012) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x4041080) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000000)=""/29, 0x1d}], 0x1}, 0xf0) syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x211a, 0x80, 0x4, 0x306}, &(0x7f0000000340)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, 0x0, 0x0, 0x4) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x80) mount(0x0, 0x0, 0x0, 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$UHID_CREATE2(r6, &(0x7f0000000180)=ANY=[], 0x118) syz_io_uring_submit(r5, 0x0, &(0x7f0000000000)=@IORING_OP_ACCEPT={0xd, 0x8, 0x2, 0xffffffffffffffff, 0x0}) 18.441547484s ago: executing program 0 (id=285): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000340), 0x2) r3 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x1) ftruncate(r3, 0xffff) fcntl$addseals(r3, 0x409, 0x7) r4 = ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000000)={r3, 0x2000000, 0x0, 0x10000}) ioctl$DMA_BUF_IOCTL_SYNC(r4, 0x40086200, 0x0) ioctl$SOUND_MIXER_READ_RECSRC(0xffffffffffffffff, 0x80044dff, 0x0) r5 = gettid() r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x40e02, 0x0) write$rfkill(r6, &(0x7f0000000300)={0x0, 0x2, 0x3, 0x1, 0x1}, 0x8) timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb80393884d01a507, 0x4008032, 0xffffffffffffffff, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000380)={0x0, 0xfffffffffffffffb, 0x4a, 0x0, @buffer={0x0, 0x7b, &(0x7f0000000040)=""/123}, &(0x7f00000000c0)="5e8c857c28fdaae6633e77e352ed6d09d01661348c6f954610e97de0984f4413a1d50ec3d6da3b0f1a5efa5d9b3e5f57dea91111e218e02fe636dfd690aceb0307992c8dc2207aa9cd02", &(0x7f0000000480)=""/237, 0xc5d0, 0x1, 0xffffffffffffffff, &(0x7f0000000140)}) 16.71375073s ago: executing program 1 (id=288): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) fcntl$addseals(0xffffffffffffffff, 0x409, 0x7) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 15.458043918s ago: executing program 1 (id=290): socket(0x10, 0x3, 0x0) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) read$FUSE(0xffffffffffffffff, 0x0, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) bind$tipc(0xffffffffffffffff, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000000)=ANY=[@ANYBLOB], 0x1c, 0x0) creat(&(0x7f0000000100)='./file1/file0\x00', 0x0) 15.029417762s ago: executing program 0 (id=291): socket$inet_sctp(0x2, 0x1, 0x84) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = epoll_create(0x7) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x13) ioctl$TCXONC(r0, 0x540a, 0x2) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bind$llc(r3, &(0x7f0000000080), 0x10) 14.144141618s ago: executing program 2 (id=292): r0 = openat$dsp1(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$SNDCTL_DSP_GETFMTS(r0, 0x8004500b, &(0x7f0000000040)=0x401) 14.139831991s ago: executing program 1 (id=293): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x48442, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000180)={0x7, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042"}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce) r4 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r5, 0x0, 0x0, 0x201, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) r6 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r2, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r4, @ANYRES32, @ANYRESDEC=r3], 0x18}, 0x0, 0x20040000}) io_uring_enter(0xffffffffffffffff, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 13.088123431s ago: executing program 2 (id=294): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$I2C(0x0, 0x1, 0x402) pread64(r0, &(0x7f0000000040)=""/115, 0x73, 0xeb04) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000540)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) sendmsg$alg(0xffffffffffffffff, 0x0, 0x14000012) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x4041080) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000000)=""/29, 0x1d}], 0x1}, 0xf0) syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x211a, 0x80, 0x4, 0x306}, &(0x7f0000000340)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, 0x0, 0x0, 0x4) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x80) mount(0x0, 0x0, 0x0, 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$UHID_CREATE2(r6, 0x0, 0x118) syz_io_uring_submit(r5, 0x0, &(0x7f0000000000)=@IORING_OP_ACCEPT={0xd, 0x8, 0x2, 0xffffffffffffffff, 0x0}) 12.977787625s ago: executing program 1 (id=296): socket$nl_route(0x10, 0x3, 0x0) socket(0x2000000015, 0x80005, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{0x0}], 0x1) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x1fffffffffe, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x9}, 0x0, &(0x7f00000002c0)={0x3fb, 0x8000, 0x400000000001, 0x9, 0x40000000000000, 0xf, 0x80000002, 0x2}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 12.902004254s ago: executing program 0 (id=297): openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000200)={0x48}) r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22902, 0x0) ioctl$FBIOBLANK(r3, 0x4611, 0x3) ioctl$FBIO_WAITFORVSYNC(r3, 0x40044620, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) r5 = dup(r4) socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x11, 0x3, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r9 = openat$cgroup_ro(r8, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x0, 0x0) setsockopt$inet_MCAST_MSFILTER(r5, 0x0, 0x30, &(0x7f00000000c0)={0x7, {{0x2, 0x4e24, @multicast2}}}, 0x90) read$FUSE(r9, &(0x7f00000083c0)={0x2020}, 0x2020) ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) bind$packet(r6, &(0x7f00000001c0)={0x11, 0x0, r10, 0x1, 0x2, 0x6, @broadcast}, 0x14) r11 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r11, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0x1, 0x0, 0x0) 11.529845546s ago: executing program 2 (id=299): syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000940)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[], 0x0}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r3, 0x8008f513, &(0x7f00000000c0)) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0x5, 0x4, 0x4, 0x7, 0x800, 0xffffffffffffffff, 0x0, '\x00', 0x0, r4, 0x2, 0x1, 0x80000}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0), 0x0, 0xfff, r5}, 0x38) r6 = socket(0x2, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000280)={'team_slave_1\x00', &(0x7f0000000040)=@ethtool_cmd={0x2, 0x6, 0x10, 0x3, 0xe8, 0x3, 0x0, 0x6, 0x1, 0x2, 0xfffffffd, 0x0, 0x200, 0xb, 0x47, 0x3, [0x100, 0xfffffff9]}}) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r5, &(0x7f0000000140), &(0x7f0000000000)=""/85}, 0x20) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r7, 0x80000300, 0x0, 0x0) 11.430984911s ago: executing program 1 (id=300): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000340), 0x2) r3 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x1) ftruncate(r3, 0xffff) fcntl$addseals(r3, 0x409, 0x7) r4 = ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000000)={r3, 0x2000000, 0x0, 0x10000}) ioctl$DMA_BUF_IOCTL_SYNC(r4, 0x40086200, 0x0) ioctl$SOUND_MIXER_READ_RECSRC(0xffffffffffffffff, 0x80044dff, 0x0) r5 = gettid() r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x40e02, 0x0) write$rfkill(r6, &(0x7f0000000300)={0x0, 0x2, 0x3, 0x1, 0x1}, 0x8) timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb80393884d01a507, 0x4008032, 0xffffffffffffffff, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000380)={0x0, 0xfffffffffffffffb, 0x4a, 0x0, @buffer={0x0, 0x7b, &(0x7f0000000040)=""/123}, &(0x7f00000000c0)="5e8c857c28fdaae6633e77e352ed6d09d01661348c6f954610e97de0984f4413a1d50ec3d6da3b0f1a5efa5d9b3e5f57dea91111e218e02fe636dfd690aceb0307992c8dc2207aa9cd02", &(0x7f0000000480)=""/237, 0xc5d0, 0x1, 0xffffffffffffffff, &(0x7f0000000140)}) 9.356118526s ago: executing program 3 (id=301): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfff}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) landlock_add_rule$LANDLOCK_RULE_NET_PORT(0xffffffffffffffff, 0x2, 0x0, 0x0) r3 = syz_open_dev$video(&(0x7f0000000040), 0x8, 0x80000) ioctl$VIDIOC_G_SELECTION(r3, 0xc040565e, &(0x7f00000003c0)={0xa, 0x2, 0x0, {0x80000000, 0x1, 0x2, 0x7}}) timer_create(0x0, &(0x7f0000000180)={0x0, 0x1e, 0x1, @thr={&(0x7f0000000100)="6af4574a4308cf970adcb851426873cc60da8892", &(0x7f0000000280)="ebcb5d5ad0733aebcecb22603a59eb6cbd5bc69091a46b515225e726f11c4275ee7dd64d6b350f8eca5be4221317897be3c7a54df5f91e04aae2d398aeb28fc8baac18b9c36205e5bb72564a9f"}}, &(0x7f00000001c0)) mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080)='ecryptfs\x00', 0x10005, 0x0) 8.870035677s ago: executing program 2 (id=302): socket(0x10, 0x3, 0x0) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) read$FUSE(0xffffffffffffffff, 0x0, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) bind$tipc(0xffffffffffffffff, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000000)=ANY=[@ANYBLOB], 0x1c, 0x0) creat(&(0x7f0000000100)='./file1/file0\x00', 0x0) 8.329189525s ago: executing program 3 (id=303): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) landlock_add_rule$LANDLOCK_RULE_NET_PORT(0xffffffffffffffff, 0x2, 0x0, 0x0) r4 = syz_open_dev$video(&(0x7f0000000040), 0x8, 0x80000) ioctl$VIDIOC_G_SELECTION(r4, 0xc040565e, &(0x7f00000003c0)={0xa, 0x2, 0x0, {0x80000000, 0x1, 0x2, 0x7}}) 6.71592741s ago: executing program 2 (id=304): syz_usb_disconnect(0xffffffffffffffff) syz_usb_connect(0x3, 0x2d, &(0x7f00000002c0)=ANY=[@ANYBLOB="12011003faff82083910012181250102030109021b00028c4400600904"], &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0}) r0 = socket(0x23, 0x3, 0x1) socket(0x3, 0x3, 0x0) sendto$rose(r0, 0x0, 0x0, 0x4000000, &(0x7f0000000040)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, 0x1, @default}, 0x1c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$TIOCL_SETVESABLANK(0xffffffffffffffff, 0x541c, &(0x7f0000000200)) r2 = syz_io_uring_setup(0x5c2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x8003}, &(0x7f0000000240)=0x0, &(0x7f00000000c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffff0, 0x0, 0x4) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000180)={0x48}) socket$phonet_pipe(0x23, 0x5, 0x2) io_uring_enter(r2, 0x68be, 0x5002, 0x4, 0x0, 0x0) 6.715501609s ago: executing program 3 (id=305): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x48442, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000180)={0x7, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042"}) r2 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0xbd15, 0x0, 0x1, 0x103a6}, &(0x7f0000000000)=0x0, &(0x7f0000000200)=0x0) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce) r5 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r6, 0x0, 0x0, 0x201, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) r7 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r5, @ANYRES32, @ANYRESDEC], 0x18}, 0x0, 0x20040000}) io_uring_enter(r2, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 5.909197951s ago: executing program 3 (id=306): socket$inet_sctp(0x2, 0x1, 0x84) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = epoll_create(0x7) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x13) ioctl$TCXONC(r0, 0x540a, 0x2) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bind$llc(r3, &(0x7f0000000080), 0x10) 4.525533129s ago: executing program 3 (id=307): pipe2$9p(0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) ftruncate(r0, 0x8800000) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r6, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0) sendfile(r5, r0, 0x0, 0x578410eb) 518.150028ms ago: executing program 2 (id=308): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$I2C(0x0, 0x1, 0x402) pread64(r0, &(0x7f0000000040)=""/115, 0x73, 0xeb04) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000540)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) sendmsg$alg(0xffffffffffffffff, 0x0, 0x14000012) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x4041080) recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000000)=""/29, 0x1d}], 0x1}, 0xf0) syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x211a, 0x80, 0x4, 0x306}, &(0x7f0000000340)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, 0x0, 0x0, 0x4) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x80) mount(0x0, 0x0, 0x0, 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$UHID_CREATE2(r6, 0x0, 0x118) syz_io_uring_submit(r5, 0x0, 0x0) 72.807883ms ago: executing program 0 (id=309): socket$nl_route(0x10, 0x3, 0x0) socket(0x2000000015, 0x80005, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x1fffffffffe, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x9}, 0x0, &(0x7f00000002c0)={0x3fb, 0x8000, 0x400000000001, 0x9, 0x40000000000000, 0xf, 0x80000002, 0x2}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 0s ago: executing program 3 (id=310): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x8, 0x3, 0x4c0, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f0, 0xffffffff, 0xffffffff, 0x3f0, 0xffffffff, 0xb, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x1c8, 0x230, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@set2={{0x28}, {{0x0, 0x40}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000400)={0x48, 0x2, r4}) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r4, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000}) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) r6 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000000), 0x1) writev(r6, &(0x7f0000000780)=[{&(0x7f0000000040)='\a', 0x1}, {0x0}], 0x2) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r5, 0x0, &(0x7f0000f6c000/0x4000)=nil, 0x4000, 0x4000000}) close_range(r0, 0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x23, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.204' (ED25519) to the list of known hosts. [ 79.598386][ T5790] cgroup: Unknown subsys name 'net' [ 79.838787][ T5790] cgroup: Unknown subsys name 'cpuset' [ 79.934524][ T5790] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 81.577130][ T5790] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.601747][ T5815] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.628327][ T5817] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.632420][ T5814] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.637604][ T5821] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 85.640143][ T5821] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.643644][ T5821] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.650070][ T5821] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.652118][ T5817] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.654033][ T5821] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.664352][ T5817] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.666447][ T61] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.670439][ T5821] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.671294][ T5821] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.675342][ T5821] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.710499][ T61] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.714678][ T61] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.715875][ T61] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.717674][ T61] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 85.721581][ T61] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 85.735286][ T61] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 85.736721][ T61] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 85.801492][ T5816] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.811335][ T5816] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.821175][ T5816] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.828200][ T5816] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.703273][ T5805] chnl_net:caif_netlink_parms(): no params data found [ 86.759898][ T5804] chnl_net:caif_netlink_parms(): no params data found [ 86.823037][ T5801] chnl_net:caif_netlink_parms(): no params data found [ 86.980118][ T31] cfg80211: failed to load regulatory.db [ 87.044938][ T5806] chnl_net:caif_netlink_parms(): no params data found [ 87.194906][ T5802] chnl_net:caif_netlink_parms(): no params data found [ 87.655303][ T5805] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.656591][ T5805] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.657014][ T5805] bridge_slave_0: entered allmulticast mode [ 87.658788][ T5805] bridge_slave_0: entered promiscuous mode [ 87.695460][ T5816] Bluetooth: hci2: command tx timeout [ 87.785917][ T5121] Bluetooth: hci3: command tx timeout [ 87.786385][ T5816] Bluetooth: hci1: command tx timeout [ 87.854032][ T5816] Bluetooth: hci4: command tx timeout [ 87.862440][ T5805] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.862683][ T5805] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.862812][ T5805] bridge_slave_1: entered allmulticast mode [ 87.866177][ T5805] bridge_slave_1: entered promiscuous mode [ 87.870012][ T5804] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.870180][ T5804] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.870458][ T5804] bridge_slave_0: entered allmulticast mode [ 87.871984][ T5804] bridge_slave_0: entered promiscuous mode [ 87.935217][ T5816] Bluetooth: hci0: command tx timeout [ 88.054701][ T5804] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.054817][ T5804] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.054942][ T5804] bridge_slave_1: entered allmulticast mode [ 88.056489][ T5804] bridge_slave_1: entered promiscuous mode [ 88.125595][ T5801] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.125712][ T5801] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.125893][ T5801] bridge_slave_0: entered allmulticast mode [ 88.127387][ T5801] bridge_slave_0: entered promiscuous mode [ 88.335750][ T5801] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.335951][ T5801] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.336149][ T5801] bridge_slave_1: entered allmulticast mode [ 88.337942][ T5801] bridge_slave_1: entered promiscuous mode [ 88.418951][ T5805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.485756][ T5806] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.485856][ T5806] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.485977][ T5806] bridge_slave_0: entered allmulticast mode [ 88.487507][ T5806] bridge_slave_0: entered promiscuous mode [ 88.647098][ T5805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.651030][ T5804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.651306][ T5806] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.651444][ T5806] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.651603][ T5806] bridge_slave_1: entered allmulticast mode [ 88.653383][ T5806] bridge_slave_1: entered promiscuous mode [ 88.784603][ T5802] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.784741][ T5802] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.784916][ T5802] bridge_slave_0: entered allmulticast mode [ 88.786736][ T5802] bridge_slave_0: entered promiscuous mode [ 88.857277][ T5804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.038255][ T5801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.038477][ T5802] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.038579][ T5802] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.038682][ T5802] bridge_slave_1: entered allmulticast mode [ 89.040191][ T5802] bridge_slave_1: entered promiscuous mode [ 89.288673][ T5801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.386565][ T5805] team0: Port device team_slave_0 added [ 89.447608][ T5806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.610291][ T5805] team0: Port device team_slave_1 added [ 89.612184][ T5804] team0: Port device team_slave_0 added [ 89.617948][ T5806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.677993][ T5802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.746444][ T5804] team0: Port device team_slave_1 added [ 89.774038][ T5816] Bluetooth: hci2: command tx timeout [ 89.826423][ T5801] team0: Port device team_slave_0 added [ 89.829031][ T5802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.853956][ T5816] Bluetooth: hci1: command tx timeout [ 89.853979][ T5121] Bluetooth: hci3: command tx timeout [ 89.933916][ T5816] Bluetooth: hci4: command tx timeout [ 90.014084][ T5816] Bluetooth: hci0: command tx timeout [ 90.032159][ T5801] team0: Port device team_slave_1 added [ 90.105823][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.105836][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.105849][ T5805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.467611][ T5806] team0: Port device team_slave_0 added [ 90.615391][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.615409][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.615432][ T5805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.616513][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.616524][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.616537][ T5804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.620256][ T5806] team0: Port device team_slave_1 added [ 90.746668][ T5802] team0: Port device team_slave_0 added [ 90.761672][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.761690][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.761704][ T5804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.865667][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.865679][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.865693][ T5801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.868136][ T5802] team0: Port device team_slave_1 added [ 90.945702][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.945718][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.945742][ T5801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.037203][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.037216][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.037228][ T5806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.227092][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.227110][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.227134][ T5806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.231735][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.231748][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.231761][ T5802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.381745][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.381760][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.381773][ T5802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.440206][ T5805] hsr_slave_0: entered promiscuous mode [ 91.441208][ T5805] hsr_slave_1: entered promiscuous mode [ 91.627393][ T5804] hsr_slave_0: entered promiscuous mode [ 91.628423][ T5804] hsr_slave_1: entered promiscuous mode [ 91.629113][ T5804] debugfs: 'hsr0' already exists in 'hsr' [ 91.629198][ T5804] Cannot create hsr debugfs directory [ 91.786992][ T5801] hsr_slave_0: entered promiscuous mode [ 91.788067][ T5801] hsr_slave_1: entered promiscuous mode [ 91.788759][ T5801] debugfs: 'hsr0' already exists in 'hsr' [ 91.788778][ T5801] Cannot create hsr debugfs directory [ 91.855299][ T5816] Bluetooth: hci2: command tx timeout [ 91.934046][ T5816] Bluetooth: hci3: command tx timeout [ 91.934079][ T5816] Bluetooth: hci1: command tx timeout [ 92.013868][ T5121] Bluetooth: hci4: command tx timeout [ 92.087524][ T5806] hsr_slave_0: entered promiscuous mode [ 92.088373][ T5806] hsr_slave_1: entered promiscuous mode [ 92.088918][ T5806] debugfs: 'hsr0' already exists in 'hsr' [ 92.088940][ T5806] Cannot create hsr debugfs directory [ 92.093806][ T5121] Bluetooth: hci0: command tx timeout [ 92.274917][ T5802] hsr_slave_0: entered promiscuous mode [ 92.275807][ T5802] hsr_slave_1: entered promiscuous mode [ 92.276326][ T5802] debugfs: 'hsr0' already exists in 'hsr' [ 92.276348][ T5802] Cannot create hsr debugfs directory [ 93.604639][ T5805] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.635610][ T5805] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 93.670178][ T5805] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 93.720972][ T5805] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 93.824404][ T5806] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.854540][ T5806] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 93.889415][ T5806] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 93.934462][ T5121] Bluetooth: hci2: command tx timeout [ 93.950920][ T5806] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.015224][ T5816] Bluetooth: hci3: command tx timeout [ 94.015267][ T5121] Bluetooth: hci1: command tx timeout [ 94.075758][ T5801] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 94.094243][ T5121] Bluetooth: hci4: command tx timeout [ 94.117878][ T5801] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 94.151034][ T5801] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 94.184897][ T5121] Bluetooth: hci0: command tx timeout [ 94.188909][ T5801] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 94.317791][ T5804] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.351053][ T5804] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.392996][ T5804] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.452306][ T5804] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.571419][ T5805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.616508][ T5802] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.651323][ T5802] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.674340][ T5802] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.713367][ T5802] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.771625][ T5805] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.812222][ T87] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.813040][ T87] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.861496][ T1009] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.861805][ T1009] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.882064][ T5806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.963120][ T5806] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.970456][ T5801] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.010862][ T1531] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.011009][ T1531] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.038222][ T1531] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.039007][ T1531] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.070041][ T5801] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.107829][ T5804] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.122814][ T1009] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.123271][ T1009] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.179710][ T1445] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.179852][ T1445] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.265797][ T5804] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.321091][ T5802] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.326465][ T1009] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.327341][ T1009] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.400204][ T1009] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.401153][ T1009] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.471441][ T5802] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.529825][ T1272] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.530033][ T1272] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.575813][ T3528] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.575919][ T3528] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.609036][ T5805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.899680][ T5806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.976074][ T5805] veth0_vlan: entered promiscuous mode [ 96.048889][ T5801] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.053302][ T5805] veth1_vlan: entered promiscuous mode [ 96.221464][ T5806] veth0_vlan: entered promiscuous mode [ 96.228834][ T5804] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.232235][ T5805] veth0_macvtap: entered promiscuous mode [ 96.255879][ T5805] veth1_macvtap: entered promiscuous mode [ 96.263518][ T5806] veth1_vlan: entered promiscuous mode [ 96.377841][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.414901][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.426913][ T5802] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.504671][ T1272] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.525667][ T1272] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.529596][ T5806] veth0_macvtap: entered promiscuous mode [ 96.538017][ T1272] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.553078][ T1434] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.575948][ T5806] veth1_macvtap: entered promiscuous mode [ 96.577530][ T5804] veth0_vlan: entered promiscuous mode [ 96.758433][ T5804] veth1_vlan: entered promiscuous mode [ 96.799160][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.863276][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.911424][ T1467] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.911453][ T1467] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.942508][ T1467] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.948977][ T5801] veth0_vlan: entered promiscuous mode [ 96.953441][ T1467] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.953610][ T5802] veth0_vlan: entered promiscuous mode [ 96.994502][ T1467] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.000199][ T3528] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.038303][ T3528] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.038324][ T3528] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.093514][ T5802] veth1_vlan: entered promiscuous mode [ 97.097747][ T5801] veth1_vlan: entered promiscuous mode [ 97.119364][ T5804] veth0_macvtap: entered promiscuous mode [ 97.198693][ T5804] veth1_macvtap: entered promiscuous mode [ 97.279250][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.354321][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.077132][ T1434] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.146779][ T1434] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.163963][ T1009] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.163983][ T1009] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.169444][ T1434] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.230644][ T5801] veth0_macvtap: entered promiscuous mode [ 98.237838][ T5802] veth0_macvtap: entered promiscuous mode [ 98.244024][ T1434] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.249564][ T5802] veth1_macvtap: entered promiscuous mode [ 98.316639][ T5801] veth1_macvtap: entered promiscuous mode [ 98.938355][ T1009] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.938375][ T1009] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.979217][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.098453][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.103533][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.177333][ T157] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.180162][ T157] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.190283][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.191524][ T157] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.216559][ T1434] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.216581][ T1434] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.220694][ T157] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.252671][ T1434] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.273013][ T1434] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.329373][ T1434] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.379808][ T1434] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.527598][ T157] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.527618][ T157] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.791400][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.791515][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 101.329530][ T1009] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.329552][ T1009] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.543419][ T87] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.543442][ T87] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.235307][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.235329][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.497965][ T5954] Device name cannot be null; rc = [-22] [ 102.938436][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.938460][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.973740][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 105.983739][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 105.993721][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 106.003746][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 106.013728][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 106.023722][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 106.033727][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 106.043721][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 110.923736][ T6012] Device name cannot be null; rc = [-22] [ 111.892118][ T6010] Zero length message leads to an empty skb [ 113.159996][ T6029] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 115.083612][ T6044] overlayfs: missing 'lowerdir' [ 116.828857][ T6054] Device name cannot be null; rc = [-22] [ 119.647241][ T6079] fuse: Bad value for 'group_id' [ 119.647262][ T6079] fuse: Bad value for 'group_id' [ 119.876021][ T6087] tmpfs: Bad value for 'usrquota_inode_hardlimit' [ 121.160464][ T6041] IPVS: starting estimator thread 0... [ 121.268205][ T6097] IPVS: using max 8 ests per chain, 19200 per kthread [ 126.557219][ T6130] fuse: Bad value for 'group_id' [ 126.557241][ T6130] fuse: Bad value for 'group_id' [ 127.232790][ T6138] tmpfs: Bad value for 'usrquota_inode_hardlimit' [ 131.894882][ T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 133.147628][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.147789][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.168198][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 133.181307][ T10] usb 5-1: device descriptor read/all, error -71 [ 133.191993][ T6175] Bluetooth: MGMT ver 1.23 [ 134.790214][ T37] audit: type=1326 audit(1765147256.635:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6186 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f9facf749 code=0x7ffc0000 [ 134.790265][ T37] audit: type=1326 audit(1765147256.645:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6186 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=229 compat=0 ip=0x7f5f9facf749 code=0x7ffc0000 [ 134.790358][ T37] audit: type=1326 audit(1765147256.645:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6186 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f9facf749 code=0x7ffc0000 [ 134.790486][ T37] audit: type=1326 audit(1765147256.645:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6186 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5f9facdf90 code=0x7ffc0000 [ 134.790567][ T37] audit: type=1326 audit(1765147256.655:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6186 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f5f9fad0f77 code=0x7ffc0000 [ 134.790714][ T37] audit: type=1326 audit(1765147256.655:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6186 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5f9facf749 code=0x7ffc0000 [ 134.790755][ T37] audit: type=1326 audit(1765147256.665:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6186 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f5f9fad0f77 code=0x7ffc0000 [ 134.792259][ T37] audit: type=1326 audit(1765147256.665:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6186 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f5f9face3aa code=0x7ffc0000 [ 134.870957][ T37] audit: type=1326 audit(1765147256.675:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6186 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f9facf749 code=0x7ffc0000 [ 134.871144][ T37] audit: type=1326 audit(1765147256.675:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6186 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5f9facdf90 code=0x7ffc0000 [ 137.431998][ T6195] fuse: Bad value for 'group_id' [ 137.432596][ T6195] fuse: Bad value for 'group_id' [ 138.410312][ T6200] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 138.412345][ T6200] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 140.226912][ T5121] Bluetooth: hci0: command 0x0c1a tx timeout [ 140.385625][ T6200] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 140.385641][ T6200] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 142.416623][ T5121] Bluetooth: hci1: command tx timeout [ 142.878492][ T5922] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 142.887857][ T6200] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 142.887880][ T6200] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 142.985984][ T6200] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 142.986001][ T6200] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 143.163764][ T5922] usb 2-1: Using ep0 maxpacket: 32 [ 143.183508][ T5922] usb 2-1: config 0 interface 0 has no altsetting 0 [ 143.206516][ T5922] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 143.206549][ T5922] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.206568][ T5922] usb 2-1: Product: syz [ 143.206582][ T5922] usb 2-1: Manufacturer: syz [ 143.206596][ T5922] usb 2-1: SerialNumber: syz [ 143.220247][ T5922] usb 2-1: config 0 descriptor?? [ 145.016159][ T6200] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 145.016176][ T6200] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 145.293337][ T5922] gs_usb 2-1:0.0: Couldn't send data format (err=-71) [ 145.293373][ T5922] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -71 [ 145.308106][ T5922] usb 2-1: USB disconnect, device number 2 [ 150.374212][ T6041] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 151.433832][ T6041] usb 2-1: Using ep0 maxpacket: 8 [ 151.445975][ T6041] usb 2-1: unable to get BOS descriptor or descriptor too short [ 151.461867][ T6041] usb 2-1: config 140 has an invalid descriptor of length 0, skipping remainder of the config [ 151.461886][ T6041] usb 2-1: config 140 has 1 interface, different from the descriptor's value: 2 [ 151.467403][ T6041] usb 2-1: New USB device found, idVendor=1039, idProduct=2101, bcdDevice=25.81 [ 151.467432][ T6041] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.467452][ T6041] usb 2-1: Product: syz [ 151.467464][ T6041] usb 2-1: Manufacturer: syz [ 151.467479][ T6041] usb 2-1: SerialNumber: syz [ 153.309486][ T6275] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 153.568585][ T6275] usb 1-1: Using ep0 maxpacket: 32 [ 153.881998][ T6275] usb 1-1: config 0 interface 0 has no altsetting 0 [ 154.033752][ T6275] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 154.033782][ T6275] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.033800][ T6275] usb 1-1: Product: syz [ 154.033813][ T6275] usb 1-1: Manufacturer: syz [ 154.033826][ T6275] usb 1-1: SerialNumber: syz [ 154.983882][ T6275] usb 1-1: config 0 descriptor?? [ 155.492424][ T6275] gs_usb 1-1:0.0: Couldn't get device config: (err=-32) [ 155.492457][ T6275] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -32 [ 155.668917][ T5816] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 155.700616][ T5816] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 155.720546][ T5816] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 156.021423][ T5816] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 156.023633][ T5816] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 156.089544][ T5121] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 156.102933][ T5121] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 156.106822][ T5121] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 156.129652][ T5121] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 156.146809][ T5121] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 156.277996][ T6307] Device name cannot be null; rc = [-22] [ 156.544221][ T6041] usb 2-1: [ueagle-atm] ADSL device founded vid (0X1039) pid (0X2101) Rev (0X2581): Eagle I [ 156.633779][ T6191] usb 1-1: USB disconnect, device number 2 [ 157.874206][ T6041] usb 2-1: [ueagle-atm] pre-firmware device, uploading firmware [ 157.876672][ T6041] usb 2-1: [ueagle-atm] loading firmware ueagle-atm/eagleI.fw [ 157.940579][ T6041] usb 2-1: USB disconnect, device number 3 [ 157.955525][ T6191] usb 2-1: Direct firmware load for ueagle-atm/eagleI.fw failed with error -2 [ 157.955550][ T6191] usb 2-1: Falling back to sysfs fallback for: ueagle-atm/eagleI.fw [ 158.388237][ T5121] Bluetooth: hci5: command tx timeout [ 160.202975][ T6336] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 160.203002][ T6336] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 161.723846][ T6275] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 161.726832][ C1] raw-gadget.0 gadget.3: ignoring, device is not running [ 161.863765][ T6275] usb 4-1: device descriptor read/64, error -32 [ 161.894550][ T6147] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 162.053821][ T6147] usb 2-1: Using ep0 maxpacket: 32 [ 162.056960][ T6147] usb 2-1: config 0 interface 0 has no altsetting 0 [ 162.060291][ T6147] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 162.060320][ T6147] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.060339][ T6147] usb 2-1: Product: syz [ 162.060353][ T6147] usb 2-1: Manufacturer: syz [ 162.060366][ T6147] usb 2-1: SerialNumber: syz [ 162.108455][ T6275] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 162.277579][ T6147] usb 2-1: config 0 descriptor?? [ 162.284740][ T6275] usb 4-1: Using ep0 maxpacket: 8 [ 163.009035][ T6275] usb 4-1: unable to get BOS descriptor or descriptor too short [ 163.011877][ T6275] usb 4-1: config 4 has an invalid interface number: 147 but max is 0 [ 163.011903][ T6275] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 163.011922][ T6275] usb 4-1: config 4 has no interface number 0 [ 163.046527][ T6275] usb 4-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e [ 163.046558][ T6275] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.046578][ T6275] usb 4-1: Product: syz [ 163.046592][ T6275] usb 4-1: Manufacturer: syz [ 163.046606][ T6275] usb 4-1: SerialNumber: syz [ 163.262599][ T43] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.370636][ T6147] gs_usb 2-1:0.0: Couldn't get device config: (err=-32) [ 163.370681][ T6147] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -32 [ 163.692934][ T6302] chnl_net:caif_netlink_parms(): no params data found [ 164.566249][ T43] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.764465][ T193] usb 2-1: USB disconnect, device number 4 [ 165.177997][ T6275] uvcvideo 4-1:4.147: probe with driver uvcvideo failed with error -22 [ 165.183572][ T6275] usb 4-1: USB disconnect, device number 3 [ 165.209127][ T43] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.680232][ T6396] binder: 6395:6396 ioctl 80089418 2000000000c0 returned -22 [ 169.680569][ T6396] binder: 6395:6396 ioctl 81f8943c 2000000003c0 returned -22 [ 169.681010][ T6396] binder: 6395:6396 ioctl c0c89425 2000000005c0 returned -22 [ 169.773455][ T37] kauditd_printk_skb: 14 callbacks suppressed [ 169.773573][ T37] audit: type=1326 audit(1765147291.645:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6395 comm="syz.3.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f7ed7f749 code=0x7ffc0000 [ 169.774296][ T37] audit: type=1326 audit(1765147291.655:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6395 comm="syz.3.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f7ed7f749 code=0x7ffc0000 [ 169.775220][ T37] audit: type=1326 audit(1765147291.655:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6395 comm="syz.3.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=229 compat=0 ip=0x7f8f7ed7f749 code=0x7ffc0000 [ 169.775265][ T37] audit: type=1326 audit(1765147291.655:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6395 comm="syz.3.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f7ed7f749 code=0x7ffc0000 [ 169.775530][ T37] audit: type=1326 audit(1765147291.655:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6395 comm="syz.3.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f7ed7f749 code=0x7ffc0000 [ 169.826104][ T37] audit: type=1326 audit(1765147291.705:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6395 comm="syz.3.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8f7ed7df90 code=0x7ffc0000 [ 169.827645][ T37] audit: type=1326 audit(1765147291.705:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6395 comm="syz.3.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f8f7ed80f77 code=0x7ffc0000 [ 169.828232][ T37] audit: type=1326 audit(1765147291.705:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6395 comm="syz.3.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8f7ed7f749 code=0x7ffc0000 [ 169.839669][ T6398] netlink: 8 bytes leftover after parsing attributes in process `syz.3.122'. [ 170.014690][ T37] audit: type=1326 audit(1765147291.895:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6395 comm="syz.3.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f8f7ed80f77 code=0x7ffc0000 [ 170.016590][ T37] audit: type=1326 audit(1765147291.895:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6395 comm="syz.3.122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f8f7ed7e3aa code=0x7ffc0000 [ 172.027509][ T43] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.193845][ T6393] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 172.232410][ T6302] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.235671][ T6302] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.235910][ T6302] bridge_slave_0: entered allmulticast mode [ 172.253835][ T6302] bridge_slave_0: entered promiscuous mode [ 172.334865][ T6302] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.335002][ T6302] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.335338][ T6302] bridge_slave_1: entered allmulticast mode [ 172.338169][ T6302] bridge_slave_1: entered promiscuous mode [ 172.343815][ T6393] usb 2-1: Using ep0 maxpacket: 32 [ 172.346828][ T6393] usb 2-1: config 0 interface 0 has no altsetting 0 [ 172.385802][ T6393] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 172.385826][ T6393] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.385841][ T6393] usb 2-1: Product: syz [ 172.385853][ T6393] usb 2-1: Manufacturer: syz [ 172.385864][ T6393] usb 2-1: SerialNumber: syz [ 172.846244][ T6393] usb 2-1: config 0 descriptor?? [ 173.714446][ T6393] gs_usb 2-1:0.0: Couldn't send data format (err=-71) [ 173.714491][ T6393] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -71 [ 173.757359][ T6393] usb 2-1: USB disconnect, device number 5 [ 173.813823][ T193] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 174.863776][ T193] usb 1-1: Using ep0 maxpacket: 8 [ 174.966224][ T193] usb 1-1: unable to get BOS descriptor or descriptor too short [ 174.967762][ T193] usb 1-1: config 4 has an invalid interface number: 147 but max is 0 [ 174.967787][ T193] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 174.967805][ T193] usb 1-1: config 4 has no interface number 0 [ 174.971348][ T193] usb 1-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e [ 174.971376][ T193] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.971396][ T193] usb 1-1: Product: syz [ 174.971409][ T193] usb 1-1: Manufacturer: syz [ 174.971422][ T193] usb 1-1: SerialNumber: syz [ 177.160046][ T193] uvcvideo 1-1:4.147: probe with driver uvcvideo failed with error -22 [ 177.197561][ T193] usb 1-1: USB disconnect, device number 3 [ 177.202681][ T5868] udevd[5868]: setting owner of /dev/bus/usb/001/003 to uid=0, gid=0 failed: No such file or directory [ 177.286086][ T6302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 177.312817][ T6302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 177.331096][ T6447] binder: 6446:6447 ioctl 80089418 2000000000c0 returned -22 [ 177.331486][ T6447] binder: 6446:6447 ioctl 81f8943c 2000000003c0 returned -22 [ 177.334298][ T6447] binder: 6446:6447 ioctl c0c89425 2000000005c0 returned -22 [ 177.425153][ T37] kauditd_printk_skb: 2 callbacks suppressed [ 177.425199][ T37] audit: type=1326 audit(1765147299.295:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6446 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f7ed7f749 code=0x7ffc0000 [ 177.429379][ T37] audit: type=1326 audit(1765147299.305:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6446 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=229 compat=0 ip=0x7f8f7ed7f749 code=0x7ffc0000 [ 177.434507][ T37] audit: type=1326 audit(1765147299.305:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6446 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f7ed7f749 code=0x7ffc0000 [ 177.439708][ T37] audit: type=1326 audit(1765147299.315:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6446 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8f7ed7df90 code=0x7ffc0000 [ 177.449529][ T37] audit: type=1326 audit(1765147299.325:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6446 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f8f7ed80f77 code=0x7ffc0000 [ 177.451284][ T37] audit: type=1326 audit(1765147299.325:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6446 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8f7ed7f749 code=0x7ffc0000 [ 177.456504][ T37] audit: type=1326 audit(1765147299.325:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6446 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f8f7ed80f77 code=0x7ffc0000 [ 177.456637][ T37] audit: type=1326 audit(1765147299.335:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6446 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f8f7ed7e3aa code=0x7ffc0000 [ 177.457471][ T37] audit: type=1326 audit(1765147299.335:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6446 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f7ed7f749 code=0x7ffc0000 [ 177.461470][ T37] audit: type=1326 audit(1765147299.335:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6446 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8f7ed7df90 code=0x7ffc0000 [ 177.492644][ T6448] netlink: 8 bytes leftover after parsing attributes in process `syz.3.138'. [ 178.627343][ T6451] fuse: Bad value for 'fd' [ 184.570860][ T6302] team0: Port device team_slave_0 added [ 184.599029][ T6302] team0: Port device team_slave_1 added [ 186.339015][ T6501] fuse: Unknown parameter 'grou00000000000000000000' [ 186.594855][ T6302] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.594872][ T6302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 186.594896][ T6302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.684428][ T6302] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.684446][ T6302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 186.684470][ T6302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 188.848599][ T43] bridge_slave_1: left allmulticast mode [ 188.848715][ T43] bridge_slave_1: left promiscuous mode [ 188.849495][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.064999][ T43] bridge_slave_0: left allmulticast mode [ 191.065030][ T43] bridge_slave_0: left promiscuous mode [ 191.102215][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.588991][ T6556] fuse: Unknown parameter 'grou00000000000000000000' [ 194.810118][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.810195][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.933777][ T193] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 195.086474][ T193] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 195.086503][ T193] usb 4-1: config 0 has no interface number 0 [ 195.089610][ T193] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 195.089638][ T193] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.089659][ T193] usb 4-1: Product: syz [ 195.089672][ T193] usb 4-1: Manufacturer: syz [ 195.089686][ T193] usb 4-1: SerialNumber: syz [ 195.141469][ T193] usb 4-1: config 0 descriptor?? [ 196.070970][ T193] usb 4-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 196.158439][ T193] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 196.159346][ T193] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 196.159445][ T193] usb 4-1: media controller created [ 196.855428][ T193] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 197.118749][ T6602] netlink: 4436 bytes leftover after parsing attributes in process `syz.2.173'. [ 197.119009][ T6602] x_tables: ip_tables: osf.0 match: invalid size 48 (kernel) != (user) 4096 [ 197.569813][ T193] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 197.672547][ T193] usb 4-1: USB disconnect, device number 4 [ 204.730943][ T5916] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 205.647317][ T5916] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 205.647345][ T5916] usb 2-1: config 0 has no interface number 0 [ 205.650812][ T5916] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 205.650841][ T5916] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 205.650860][ T5916] usb 2-1: Product: syz [ 205.650874][ T5916] usb 2-1: Manufacturer: syz [ 205.650888][ T5916] usb 2-1: SerialNumber: syz [ 205.675408][ T5916] usb 2-1: config 0 descriptor?? [ 205.893824][ T5916] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 206.057795][ T5916] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 206.058249][ T5916] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 206.058305][ T5916] usb 2-1: media controller created [ 206.103292][ T5916] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 207.299717][ T5916] i2c i2c-1: ec100: i2c rd failed=-110 reg=33 [ 207.364772][ T6632] syz.0.182 (6632) used greatest stack depth: 16824 bytes left [ 207.497263][ T5916] usb 2-1: USB disconnect, device number 6 [ 208.343956][ T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 208.473315][ T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 208.677247][ T43] bond0 (unregistering): Released all slaves [ 210.997153][ T5816] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 211.000846][ T5816] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 211.001816][ T5816] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 211.002886][ T5816] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 211.181218][ T5816] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 211.200997][ T5121] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 211.202533][ T5121] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 211.202984][ T5121] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 211.225308][ T6698] netlink: 4436 bytes leftover after parsing attributes in process `syz.2.200'. [ 211.225359][ T6698] x_tables: ip_tables: osf.0 match: invalid size 48 (kernel) != (user) 4096 [ 211.268554][ T5121] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 212.004604][ T5121] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 214.025699][ T5816] Bluetooth: hci1: command tx timeout [ 214.783852][ T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 215.200859][ T9] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 215.200877][ T9] usb 1-1: config 0 has no interface number 0 [ 215.206755][ T9] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 215.206784][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.206803][ T9] usb 1-1: Product: syz [ 215.206815][ T9] usb 1-1: Manufacturer: syz [ 215.206828][ T9] usb 1-1: SerialNumber: syz [ 215.601662][ T9] usb 1-1: config 0 descriptor?? [ 216.103972][ T5816] Bluetooth: hci1: command tx timeout [ 216.166168][ T9] usb 1-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 216.952813][ T9] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 216.953124][ T9] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 216.953168][ T9] usb 1-1: media controller created [ 216.972355][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 217.804838][ T9] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 218.184315][ T5816] Bluetooth: hci1: command tx timeout [ 219.369556][ T9] usb 1-1: USB disconnect, device number 4 [ 219.960708][ T6768] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 220.254431][ T5816] Bluetooth: hci1: command tx timeout [ 220.473493][ T6191] usb 2-1: [UEAGLE-ATM] firmware is not available [ 221.253372][ C0] [drm:vkms_crtc_handle_vblank_timeout] *ERROR* vkms failure on handling vblank [ 221.493455][ T6788] overlayfs: failed to resolve './file1': -2 [ 221.615080][ T6787] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns [ 221.653379][ T6787] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 221.848884][ T6781] netlink: 'syz.1.215': attribute type 10 has an invalid length. [ 222.043497][ T6781] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.121966][ T6781] bond0: (slave team0): Enslaving as an active interface with an up link [ 222.384411][ T50] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 222.587237][ T50] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 222.587520][ T50] usb 1-1: config 0 has no interface number 0 [ 222.919602][ T50] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 222.919634][ T50] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.919652][ T50] usb 1-1: Product: syz [ 222.919664][ T50] usb 1-1: Manufacturer: syz [ 222.919677][ T50] usb 1-1: SerialNumber: syz [ 222.967636][ T50] usb 1-1: config 0 descriptor?? [ 223.784477][ T50] usb 1-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 223.788723][ T50] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 223.789103][ T50] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 223.789157][ T50] usb 1-1: media controller created [ 223.887126][ T50] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 224.191146][ T43] hsr_slave_0: left promiscuous mode [ 225.172311][ T50] i2c i2c-1: ec100: i2c rd failed=-110 reg=33 [ 225.266734][ T43] hsr_slave_1: left promiscuous mode [ 225.268085][ T43] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 225.268211][ T43] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 225.422619][ T43] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 225.422663][ T43] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 225.459249][ T50] usb 1-1: USB disconnect, device number 5 [ 225.485851][ T6812] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 226.268570][ T43] veth1_macvtap: left promiscuous mode [ 226.268832][ T43] veth0_macvtap: left promiscuous mode [ 226.269124][ T43] veth1_vlan: left promiscuous mode [ 226.269880][ T43] veth0_vlan: left promiscuous mode [ 232.588318][ T6858] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 232.692924][ T6865] netlink: 4436 bytes leftover after parsing attributes in process `syz.1.237'. [ 232.700568][ T6865] x_tables: ip_tables: osf.0 match: invalid size 48 (kernel) != (user) 4096 [ 233.309368][ T6873] netlink: 'syz.2.238': attribute type 10 has an invalid length. [ 236.145880][ T6891] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 238.662567][ T6909] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 239.314012][ T6147] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 239.443868][ T6147] usb 1-1: device descriptor read/64, error -71 [ 239.574276][ T43] team0 (unregistering): Port device team_slave_1 removed [ 239.693856][ T6147] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 239.804543][ T43] team0 (unregistering): Port device team_slave_0 removed [ 239.945733][ T6147] usb 1-1: device descriptor read/64, error -71 [ 240.056019][ T6147] usb usb1-port1: attempt power cycle [ 240.193966][ T6024] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 240.379369][ T6024] usb 4-1: Using ep0 maxpacket: 32 [ 240.381612][ T6024] usb 4-1: config 0 interface 0 has no altsetting 0 [ 240.417645][ T6147] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 240.419195][ T6024] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 240.419222][ T6024] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.419237][ T6024] usb 4-1: Product: syz [ 240.419244][ T6024] usb 4-1: Manufacturer: syz [ 240.419252][ T6024] usb 4-1: SerialNumber: syz [ 240.423507][ T6024] usb 4-1: config 0 descriptor?? [ 240.434368][ T6147] usb 1-1: device descriptor read/8, error -71 [ 240.728035][ T6147] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 240.771949][ T6147] usb 1-1: device descriptor read/8, error -71 [ 240.888714][ T6024] gs_usb 4-1:0.0: Couldn't get device config: (err=-121) [ 240.888760][ T6024] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -121 [ 240.900125][ T6147] usb usb1-port1: unable to enumerate USB device [ 242.025961][ T6873] 8021q: adding VLAN 0 to HW filter on device team0 [ 242.035142][ T6873] bond0: (slave team0): Enslaving as an active interface with an up link [ 242.324409][ T1246] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 242.492634][ T1246] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 242.492663][ T1246] usb 2-1: config 0 has no interface number 0 [ 242.546479][ T1246] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 242.546510][ T1246] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 242.546530][ T1246] usb 2-1: Product: syz [ 242.546543][ T1246] usb 2-1: Manufacturer: syz [ 242.546557][ T1246] usb 2-1: SerialNumber: syz [ 242.664699][ T1246] usb 2-1: config 0 descriptor?? [ 243.363779][ T1246] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 243.427920][ T193] usb 4-1: USB disconnect, device number 5 [ 243.431437][ T1246] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 243.431894][ T1246] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 243.431946][ T1246] usb 2-1: media controller created [ 243.510150][ T1246] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 243.792059][ T6694] chnl_net:caif_netlink_parms(): no params data found [ 244.616406][ T1246] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 244.749781][ T1246] usb 2-1: USB disconnect, device number 7 [ 246.243438][ T6694] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.243675][ T6694] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.243898][ T6694] bridge_slave_0: entered allmulticast mode [ 246.251068][ T6694] bridge_slave_0: entered promiscuous mode [ 246.489774][ T6694] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.508788][ T6694] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.509044][ T6694] bridge_slave_1: entered allmulticast mode [ 246.511793][ T6694] bridge_slave_1: entered promiscuous mode [ 247.296674][ T6694] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 247.349852][ T6694] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 247.433865][ T1246] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 247.512653][ T6987] netlink: 'syz.3.265': attribute type 10 has an invalid length. [ 247.700962][ T1246] usb 1-1: device descriptor read/64, error -71 [ 248.664661][ T1246] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 248.793741][ T1246] usb 1-1: device descriptor read/64, error -71 [ 248.905026][ T1246] usb usb1-port1: attempt power cycle [ 249.259201][ T6987] 8021q: adding VLAN 0 to HW filter on device team0 [ 249.261957][ T6987] bond0: (slave team0): Enslaving as an active interface with an up link [ 249.283814][ T1246] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 249.304634][ T1246] usb 1-1: device descriptor read/8, error -71 [ 249.335343][ T43] bridge_slave_1: left allmulticast mode [ 249.335373][ T43] bridge_slave_1: left promiscuous mode [ 249.335609][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.543814][ T1246] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 249.566206][ T1246] usb 1-1: device descriptor read/8, error -71 [ 249.585076][ T43] bridge_slave_0: left allmulticast mode [ 249.585106][ T43] bridge_slave_0: left promiscuous mode [ 249.585385][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 249.674539][ T1246] usb usb1-port1: unable to enumerate USB device [ 249.749396][ T7001] Device name cannot be null; rc = [-22] [ 249.769482][ T7003] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 249.769506][ T7003] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 250.489259][ T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 250.617175][ T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 250.739931][ T43] bond0 (unregistering): Released all slaves [ 250.858232][ T6694] team0: Port device team_slave_0 added [ 250.907959][ T6694] team0: Port device team_slave_1 added [ 252.583199][ T43] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 253.454236][ T43] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 254.203731][ T6275] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 254.647290][ T6275] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 254.647323][ T6275] usb 1-1: config 0 has no interface number 0 [ 254.652577][ T6275] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 254.652607][ T6275] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 254.652636][ T6275] usb 1-1: Product: syz [ 254.652650][ T6275] usb 1-1: Manufacturer: syz [ 254.652663][ T6275] usb 1-1: SerialNumber: syz [ 254.658890][ T6275] usb 1-1: config 0 descriptor?? [ 255.357995][ T6275] usb 1-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 255.376891][ T6275] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 255.377319][ T6275] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 255.377371][ T6275] usb 1-1: media controller created [ 255.415319][ T6275] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 255.942310][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.944461][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.408419][ T7065] netlink: 'syz.1.279': attribute type 10 has an invalid length. [ 257.491265][ T6275] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 258.055119][ T6275] usb 1-1: USB disconnect, device number 14 [ 258.784551][ T43] team0 (unregistering): Port device team_slave_1 removed [ 260.031493][ T43] team0 (unregistering): Port device team_slave_0 removed [ 261.925951][ T7095] Device name cannot be null; rc = [-22] [ 262.154865][ T6694] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 262.154883][ T6694] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 262.154908][ T6694] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 262.229500][ T6694] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 262.229517][ T6694] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 262.229541][ T6694] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 262.846401][ T5811] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 263.140419][ T5811] usb 4-1: Using ep0 maxpacket: 32 [ 263.662172][ T5811] usb 4-1: config 0 interface 0 has no altsetting 0 [ 263.690620][ T5811] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 263.690651][ T5811] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 263.690670][ T5811] usb 4-1: Product: syz [ 263.690684][ T5811] usb 4-1: Manufacturer: syz [ 263.690697][ T5811] usb 4-1: SerialNumber: syz [ 263.732369][ T6694] hsr_slave_0: entered promiscuous mode [ 263.737908][ T6694] hsr_slave_1: entered promiscuous mode [ 263.746503][ T5811] usb 4-1: config 0 descriptor?? [ 263.761009][ T6694] debugfs: 'hsr0' already exists in 'hsr' [ 263.761037][ T6694] Cannot create hsr debugfs directory [ 264.953517][ T5811] gs_usb 4-1:0.0: Configuring for 1 interfaces [ 265.155059][ T5811] gs_usb 4-1:0.0: Couldn't get bit timing const for channel 0 (-EPIPE) [ 265.155547][ T5811] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -32 [ 265.966130][ T5811] usb 4-1: USB disconnect, device number 6 [ 267.964357][ T7144] netlink: 'syz.0.297': attribute type 10 has an invalid length. [ 269.450348][ T7144] 8021q: adding VLAN 0 to HW filter on device team0 [ 269.453217][ T7144] bond0: (slave team0): Enslaving as an active interface with an up link [ 270.761482][ T6694] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 270.864637][ T6694] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 273.403859][ T6002] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 273.643765][ T6002] usb 3-1: Using ep0 maxpacket: 8 [ 274.114522][ T6002] usb 3-1: unable to get BOS descriptor or descriptor too short [ 274.233912][ T6002] usb 3-1: config 140 has an invalid descriptor of length 0, skipping remainder of the config [ 274.233931][ T6002] usb 3-1: config 140 has 1 interface, different from the descriptor's value: 2 [ 274.245263][ T6002] usb 3-1: New USB device found, idVendor=1039, idProduct=2101, bcdDevice=25.81 [ 274.245295][ T6002] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 274.245314][ T6002] usb 3-1: Product: syz [ 274.245327][ T6002] usb 3-1: Manufacturer: syz [ 274.245341][ T6002] usb 3-1: SerialNumber: syz [ 274.366381][ T5121] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 274.371302][ T5121] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 274.392901][ T5121] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 274.409738][ T5121] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 274.411824][ T5121] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 274.537877][ T5816] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 274.556429][ T5816] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 274.560339][ T5816] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 274.570422][ T5816] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 274.686735][ T5816] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 278.445850][ T6002] usb 3-1: [ueagle-atm] ADSL device founded vid (0X1039) pid (0X2101) Rev (0X2581): Eagle I [ 280.038901][ T6002] usb 3-1: [ueagle-atm] pre-firmware device, uploading firmware [ 280.038996][ T6002] usb 3-1: [ueagle-atm] loading firmware ueagle-atm/eagleI.fw [ 280.074204][ T6002] usb 3-1: USB disconnect, device number 2 [ 280.121198][ T6041] usb 3-1: Direct firmware load for ueagle-atm/eagleI.fw failed with error -2 [ 280.121224][ T6041] usb 3-1: Falling back to sysfs fallback for: ueagle-atm/eagleI.fw [ 280.166352][ T6041] ------------[ cut here ]------------ [ 280.166370][ T6041] WARNING: fs/kernfs/dir.c:537 at kernfs_get+0x72/0x90, CPU#0: kworker/0:9/6041 [ 280.166405][ T6041] Modules linked in: [ 280.166440][ T6041] CPU: 0 UID: 0 PID: 6041 Comm: kworker/0:9 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 280.166464][ T6041] Tainted: [L]=SOFTLOCKUP [ 280.166468][ T6041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 280.166477][ T6041] Workqueue: events request_firmware_work_func [ 280.166501][ T6041] RIP: 0010:kernfs_get+0x72/0x90 [ 280.166522][ T6041] Code: e8 83 83 66 ff 48 89 df be 04 00 00 00 e8 c6 ec c8 ff f0 ff 03 eb 05 e8 6c 83 66 ff 5b 5d e9 45 88 7c 08 cc e8 5f 83 66 ff 90 <0f> 0b 90 eb d6 89 d9 80 e1 07 80 c1 03 38 c1 7c b6 48 89 df e8 c5 [ 280.166534][ T6041] RSP: 0018:ffffc9000557f5c0 EFLAGS: 00010293 [ 280.166547][ T6041] RAX: ffffffff8259ef21 RBX: ffff888058ded690 RCX: ffff888029469e40 [ 280.166559][ T6041] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 280.166569][ T6041] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 280.166579][ T6041] R10: dffffc0000000000 R11: ffffed100b1bdad3 R12: ffff888034175da8 [ 280.166592][ T6041] R13: 1ffff1100682ebb6 R14: ffff888034175db0 R15: dffffc0000000000 [ 280.166605][ T6041] FS: 0000000000000000(0000) GS:ffff888126d12000(0000) knlGS:0000000000000000 [ 280.166617][ T6041] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 280.166627][ T6041] CR2: 00007f8f7eda74e0 CR3: 0000000034e90000 CR4: 00000000003526f0 [ 280.166641][ T6041] Call Trace: [ 280.166654][ T6041] [ 280.166663][ T6041] kobject_add_internal+0x731/0xcd0 [ 280.166694][ T6041] kobject_add+0x155/0x220 [ 280.166721][ T6041] ? __pfx_kobject_add+0x10/0x10 [ 280.166748][ T6041] ? kobject_init+0x83/0x1e0 [ 280.166772][ T6041] get_device_parent+0x31d/0x3a0 [ 280.166798][ T6041] device_add+0x2e1/0xb80 [ 280.166825][ T6041] firmware_fallback_sysfs+0x2e4/0xa40 [ 280.166855][ T6041] _request_firmware+0xfa4/0x1680 [ 280.166893][ T6041] ? __pfx__request_firmware+0x10/0x10 [ 280.166917][ T6041] ? process_scheduled_works+0x9ef/0x1770 [ 280.166941][ T6041] request_firmware_work_func+0xaf/0x1c0 [ 280.166964][ T6041] ? process_scheduled_works+0x9ef/0x1770 [ 280.166982][ T6041] process_scheduled_works+0xad1/0x1770 [ 280.167037][ T6041] ? __pfx_process_scheduled_works+0x10/0x10 [ 280.167075][ T6041] worker_thread+0x8a0/0xda0 [ 280.167098][ T6041] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 280.167129][ T6041] ? __kthread_parkme+0x7b/0x200 [ 280.167160][ T6041] kthread+0x711/0x8a0 [ 280.167186][ T6041] ? __pfx_worker_thread+0x10/0x10 [ 280.167205][ T6041] ? __pfx_kthread+0x10/0x10 [ 280.167224][ T6041] ? rt_spin_unlock+0x150/0x200 [ 280.167245][ T6041] ? rt_spin_unlock+0x161/0x200 [ 280.167260][ T6041] ? __pfx_kthread+0x10/0x10 [ 280.167283][ T6041] ret_from_fork+0x599/0xb30 [ 280.167304][ T6041] ? __pfx_ret_from_fork+0x10/0x10 [ 280.167335][ T6041] ? __switch_to_asm+0x39/0x70 [ 280.167356][ T6041] ? __switch_to_asm+0x33/0x70 [ 280.167376][ T6041] ? __pfx_kthread+0x10/0x10 [ 280.167400][ T6041] ret_from_fork_asm+0x1a/0x30 [ 280.167441][ T6041] [ 280.167456][ T6041] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 280.167471][ T6041] CPU: 0 UID: 0 PID: 6041 Comm: kworker/0:9 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 280.167496][ T6041] Tainted: [L]=SOFTLOCKUP [ 280.167502][ T6041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 280.167513][ T6041] Workqueue: events request_firmware_work_func [ 280.167532][ T6041] Call Trace: [ 280.167539][ T6041] [ 280.167546][ T6041] dump_stack_lvl+0x99/0x250 [ 280.167569][ T6041] ? __asan_memcpy+0x40/0x70 [ 280.167591][ T6041] ? __pfx_dump_stack_lvl+0x10/0x10 [ 280.167613][ T6041] ? __pfx__printk+0x10/0x10 [ 280.167643][ T6041] vpanic+0x237/0x6d0 [ 280.167666][ T6041] ? __pfx_vpanic+0x10/0x10 [ 280.167684][ T6041] ? is_bpf_text_address+0x292/0x2b0 [ 280.167705][ T6041] ? is_bpf_text_address+0x26/0x2b0 [ 280.167735][ T6041] panic+0xb9/0xc0 [ 280.167756][ T6041] ? __pfx_panic+0x10/0x10 [ 280.167788][ T6041] ? ret_from_fork_asm+0x1a/0x30 [ 280.167817][ T6041] __warn+0x317/0x4b0 [ 280.167838][ T6041] ? kernfs_get+0x72/0x90 [ 280.167863][ T6041] ? kernfs_get+0x72/0x90 [ 280.167885][ T6041] __report_bug+0x288/0x500 [ 280.167905][ T6041] ? kernfs_get+0x72/0x90 [ 280.167933][ T6041] ? __pfx___report_bug+0x10/0x10 [ 280.167950][ T6041] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 280.167968][ T6041] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 280.168002][ T6041] ? kernfs_get+0x72/0x90 [ 280.168023][ T6041] report_bug+0x16a/0x220 [ 280.168053][ T6041] ? kernfs_get+0x72/0x90 [ 280.168073][ T6041] ? kernfs_get+0x74/0x90 [ 280.168093][ T6041] handle_bug+0x98/0x200 [ 280.168117][ T6041] exc_invalid_op+0x1a/0x50 [ 280.168139][ T6041] asm_exc_invalid_op+0x1a/0x20 [ 280.168157][ T6041] RIP: 0010:kernfs_get+0x72/0x90 [ 280.168178][ T6041] Code: e8 83 83 66 ff 48 89 df be 04 00 00 00 e8 c6 ec c8 ff f0 ff 03 eb 05 e8 6c 83 66 ff 5b 5d e9 45 88 7c 08 cc e8 5f 83 66 ff 90 <0f> 0b 90 eb d6 89 d9 80 e1 07 80 c1 03 38 c1 7c b6 48 89 df e8 c5 [ 280.168192][ T6041] RSP: 0018:ffffc9000557f5c0 EFLAGS: 00010293 [ 280.168208][ T6041] RAX: ffffffff8259ef21 RBX: ffff888058ded690 RCX: ffff888029469e40 [ 280.168221][ T6041] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 280.168232][ T6041] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 280.168243][ T6041] R10: dffffc0000000000 R11: ffffed100b1bdad3 R12: ffff888034175da8 [ 280.168256][ T6041] R13: 1ffff1100682ebb6 R14: ffff888034175db0 R15: dffffc0000000000 [ 280.168278][ T6041] ? kernfs_get+0x71/0x90 [ 280.168308][ T6041] kobject_add_internal+0x731/0xcd0 [ 280.168341][ T6041] kobject_add+0x155/0x220 [ 280.168369][ T6041] ? __pfx_kobject_add+0x10/0x10 [ 280.168398][ T6041] ? kobject_init+0x83/0x1e0 [ 280.168423][ T6041] get_device_parent+0x31d/0x3a0 [ 280.168450][ T6041] device_add+0x2e1/0xb80 [ 280.168476][ T6041] firmware_fallback_sysfs+0x2e4/0xa40 [ 280.168511][ T6041] _request_firmware+0xfa4/0x1680 [ 280.168551][ T6041] ? __pfx__request_firmware+0x10/0x10 [ 280.168577][ T6041] ? process_scheduled_works+0x9ef/0x1770 [ 280.168602][ T6041] request_firmware_work_func+0xaf/0x1c0 [ 280.168625][ T6041] ? process_scheduled_works+0x9ef/0x1770 [ 280.168647][ T6041] process_scheduled_works+0xad1/0x1770 [ 280.168698][ T6041] ? __pfx_process_scheduled_works+0x10/0x10 [ 280.168736][ T6041] worker_thread+0x8a0/0xda0 [ 280.168759][ T6041] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 280.168789][ T6041] ? __kthread_parkme+0x7b/0x200 [ 280.168818][ T6041] kthread+0x711/0x8a0 [ 280.168843][ T6041] ? __pfx_worker_thread+0x10/0x10 [ 280.168862][ T6041] ? __pfx_kthread+0x10/0x10 [ 280.168882][ T6041] ? rt_spin_unlock+0x150/0x200 [ 280.168905][ T6041] ? rt_spin_unlock+0x161/0x200 [ 280.168920][ T6041] ? __pfx_kthread+0x10/0x10 [ 280.168943][ T6041] ret_from_fork+0x599/0xb30 [ 280.168966][ T6041] ? __pfx_ret_from_fork+0x10/0x10 [ 280.168996][ T6041] ? __switch_to_asm+0x39/0x70 [ 280.169016][ T6041] ? __switch_to_asm+0x33/0x70 [ 280.169044][ T6041] ? __pfx_kthread+0x10/0x10 [ 280.169068][ T6041] ret_from_fork_asm+0x1a/0x30 [ 280.169109][ T6041] [ 280.169475][ T6041] Kernel Offset: disabled