last executing test programs: 3m50.203791222s ago: executing program 0 (id=291): openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) shmget$private(0x0, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt(r3, 0xc, 0xb, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000080)={'vxcan1\x00'}) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0xffffffffffffff7d, &(0x7f0000000200)=0x400000bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setscheduler(0x0, 0x2, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r5 = creat(0x0, 0x0) ioctl$FICLONE(r5, 0x40049409, r5) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000f40)=@filter={'filter\x00', 0x4, 0x4, 0x470, 0xffffffff, 0x0, 0x0, 0x0, 0xfeffffff, 0xffffffff, 0x3a0, 0x3a0, 0x3a0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5}}}, {{@ipv6={@private2, @empty, [], [], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0xf0, 0x130, 0x0, {}, [@common=@dst={{0x48}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x57, {0x2000000}}}}, {{@ipv6={@empty, @mcast1, [], [0x0, 0xffffff00], 'ip6tnl0\x00', 'dvmrp0\x00'}, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @dev, @private1, [0x0, 0x0, 0xff], [], [], 0x843}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d0) 3m46.784995904s ago: executing program 0 (id=298): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@getchain={0x5c, 0x66, 0x100, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffec, 0x7}, {0xffff, 0xb}}, [{0x8, 0xb, 0xfffffff8}, {0x8, 0xb, 0x3}, {0x8, 0xb, 0x3}, {0x8, 0xb, 0xffff1eca}, {0x8, 0xb, 0x41}, {0x8, 0xb, 0xff}, {0x8, 0xb, 0xffff33f2}]}, 0x5c}}, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) clock_gettime(0xfffffffffffffff1, &(0x7f0000000000)) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x1b, &(0x7f0000000280)=0x1e51, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) clock_adjtime(0x0, &(0x7f0000000000)={0x2, 0x200000000, 0x3, 0x4, 0x7ff, 0x9f, 0x4000000, 0x0, 0x5, 0x4, 0xfffffffffffffffe, 0x248a, 0x1, 0x2, 0x0, 0x0, 0x7fff, 0x503, 0x800000000000004, 0x0, 0x3, 0x9, 0x9, 0x8}) 3m45.232712267s ago: executing program 0 (id=299): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r1, 0x0, 0x11) syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f00000000c0)="10") 3m39.219416767s ago: executing program 0 (id=311): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f00000000c0)={0x1}, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x0, 0x0, 0x0, 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r4, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002302230102090500000010000020d3"]) listen(0xffffffffffffffff, 0x10001) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_freezer_state(r5, &(0x7f00000002c0), 0x2, 0x0) write$cgroup_freezer_state(r6, &(0x7f0000000080)='THAWED\x00', 0x7) 3m36.816864674s ago: executing program 0 (id=314): socket$kcm(0x10, 0x2, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x24, 0x0, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000100)='dctcp\x00', 0x6) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10) sendto$inet(r3, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b037511bf746bec66ba", 0x994b6e03113064ae, 0x0, 0x0, 0x0) recvmsg(r3, &(0x7f0000001500)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x437aba2}], 0x1, 0x0, 0x46, 0x407006}, 0x104) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000140)='bic\x00', 0x4) 3m33.292501265s ago: executing program 0 (id=320): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000100)={"e58b0f5f9483b6623103130250df2c17", 0x0, 0x0, {0xfffffffffffffffa, 0xf}, {0x2, 0x9}, 0xf, [0x3ff, 0x5, 0x0, 0x7, 0xc15, 0x7, 0xdca, 0x7470, 0xc8df, 0x5, 0x2, 0x40, 0x8e, 0xff, 0x5, 0x4]}) ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x300048c1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f0000000100)=r2, 0x4) sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc) 3m16.346533095s ago: executing program 32 (id=320): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000100)={"e58b0f5f9483b6623103130250df2c17", 0x0, 0x0, {0xfffffffffffffffa, 0xf}, {0x2, 0x9}, 0xf, [0x3ff, 0x5, 0x0, 0x7, 0xc15, 0x7, 0xdca, 0x7470, 0xc8df, 0x5, 0x2, 0x40, 0x8e, 0xff, 0x5, 0x4]}) ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x300048c1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f0000000100)=r2, 0x4) sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc) 2m30.988024173s ago: executing program 5 (id=421): socket(0x10, 0x80002, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) socket$packet(0x11, 0x3, 0x300) sendmmsg$inet(r0, &(0x7f0000004600)=[{{&(0x7f0000000400)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4000004) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x17}, 0x9, 0x0, 0x0, 0x95}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) close(0xffffffffffffffff) mount$9p_fd(0x0, 0x0, 0x0, 0x200400, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = memfd_create(&(0x7f00000000c0)='v\xa6\xf5lj6,r\xaf\xe8\x10/\xecg\xed\xe3h\x80\xb8!y6w\xda\xdd\xb9\nR\xe8@\x99\xb9\x8a\x0fZ\t\x90\x8bp\x10\x84\x86t\x8a\xba\xc6\xfb\xd2\f\xef&\xad\xa8M\xe8\b\xb0#\xac)\x81\x1e\x8a\f\x11D\x90\xf5\xbb\x1c\xac\xc7\xad\xdc\\\x11\x95\xf8\xe6\xa7\xc3\xbc\x18+\x92\x92N\a\xa7\x7fN\x9bL\xf8\xebQs\x02\xf9\xadi\x8f\x0f\xff\x02n\x9d\x85\xea\x1a*\x1bC\xd8\x1c\xe8\x9bYS', 0x0) write(r4, 0x0, 0x0) ioctl$TIOCL_BLANKSCREEN(r3, 0x5609, &(0x7f0000000000)) 2m28.800281972s ago: executing program 5 (id=428): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) sched_setaffinity(0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4) sendmmsg$inet(r3, &(0x7f0000004bc0)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="316f825a3d29f96a392ea917017b4cd300000000bee700d6dd1fb41a20baf7f7343067fd40cdd4f16742e94b000000005d0200b7f3028100ae8180db94b9de7456ae62b0e61861f615947de10ae3c4fa199fb5fe7766a0842912179154a96fa88e161d861e77a486e10d1d1d0b90c8997e6917226fe4bb5d77e85706336ba6369a4c33ac53b45d46a92db9fda99af4429dc23db6a1706328df4e75eb173a81bd4af8b89d186ac9b2382a75ac68920ca3d542aece1ba7920a8f39b270458224e74a22fa1db2f647b55a4f113a476c5902ef0b35491d6cbe8a9ed5555060d3c3477891029d", 0xe4}, {&(0x7f0000000f00)="f5e022a4d2ed0cf5f8b2e9857cb9af98da7aa60f7a1582aadeaef336f9139f6768452f868624c7e6ce0948f33f1a63e0fcf0f2df28a3f1f4de26a8b575ccb465985e48f65b9a7fcc93c0a5be8b16774f7c7ca9848a182d6ee7c0f2b9c0e7030ed93ee34214c25cb51279b18c8e5bfbc52152be37f5e2b783", 0x78}, {&(0x7f0000000800)="6a8fa35a5ac69c3f3504610b7a65154b8a319d412cae86d445126356a7ea73e2cc685d4a2c125a1898bb727147075b79a19e162ca01c17cdb0398d7303a2955433e8f9de6d144dddc2ca170b10d505c3eb024dcacee0c139b5a9044f1f3a0fd4e958406a6ba551087ed89e2312e678f38707c8f37e5c8fe3cb977b7035046ea60fc263c1f72c13c1c7be3f14407e96c832dd5b10a03966185a38402e2cf26722ddeb0e262b9354a7db169109b0adec288e14e03b42147a29ba7f26c6886c05bea9ef56a3bb171e67a92b838a19c3a646fbd5bc79dadd977983eb0587e61bbc7a2d3f3fc63e5704464ed8e57027a8dc835d5f71cf96a13d0a6440492610145b7f71a28bbc1834493d9c63412a741186a0d3a3d18e00f622045954020e1d4bf3c51439ec5ea6c35004bb016ec740a9c2bbccd7daec478949021a69ce9a14bcff85d518579526d616f3ed024cf414e6673b800dc8e6d690b48d3c7430cdd4f51fa4707cad5d91f17a4bd1d72839f8cc3e155239b30c9fca6ac331621f45ae30b730736915456dd4e252c41449f33b07009c3d66163e23d1cabd19c80603", 0x19c}], 0x3}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) sendto$inet(r3, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) r4 = getpid() syz_pidfd_open(r4, 0x0) getcwd(0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) 2m25.497410016s ago: executing program 5 (id=430): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x70, 0x30, 0x0, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x0, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x0, 0x3, 0x0, 0x0, 0x80000}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x4}}}}]}]}, 0x70}}, 0x44010) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r1, @ANYBLOB='\b\x00', @ANYRES32=r2], 0x90}}, 0x0) 2m24.533031864s ago: executing program 5 (id=433): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200)={@flat=@weak_binder={0x77622a85, 0x0, 0x1}, @flat=@weak_binder={0x77622a85, 0x110a, 0x3}, @flat=@weak_binder={0x77622a85, 0x0, 0x2}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 2m22.907575425s ago: executing program 5 (id=436): socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x20000000ec071, 0xffffffffffffffff, 0x8000) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x40000000015, 0x5, 0x0) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000042e2423581ce1ddb0100000010000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="e5d8990c02", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x6, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r4}, 0x10) r5 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r5, &(0x7f0000000340)={0x28, 0x0, 0x0, @my=0x1}, 0x10) recvmmsg(r3, &(0x7f0000000b40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/11, 0xb}}], 0x5df, 0x2, 0x0) ppoll(&(0x7f0000000180)=[{r3}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a00308000000000", @ANYRES32=r4, @ANYRES32=0xee01, @ANYRES64], 0xb8}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="6501000014"], 0x188}, 0x1, 0x0, 0x0, 0x1}, 0x0) 2m21.417779091s ago: executing program 5 (id=441): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x5) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x4085}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) timer_create(0x0, &(0x7f0000000180)={0x0, 0x21, 0x4}, &(0x7f00000000c0)) clock_gettime(0x0, 0x0) timer_settime(0x0, 0x5, &(0x7f00000001c0)={{0x77359400}}, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) preadv2(r1, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1fee00}], 0x2, 0x0, 0x0, 0x0) 2m5.920090692s ago: executing program 33 (id=441): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x5) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x4085}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) timer_create(0x0, &(0x7f0000000180)={0x0, 0x21, 0x4}, &(0x7f00000000c0)) clock_gettime(0x0, 0x0) timer_settime(0x0, 0x5, &(0x7f00000001c0)={{0x77359400}}, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) preadv2(r1, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1fee00}], 0x2, 0x0, 0x0, 0x0) 1m48.229371037s ago: executing program 1 (id=496): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000002e80), 0x2, 0x0) close(0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x40000000000011a, 0x44000) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x4001, 0x3, 0x2b0, 0x160, 0x0, 0x148, 0x0, 0x148, 0x240, 0x240, 0x240, 0x240, 0x240, 0x7fffffe, 0x0, {[{{@uncond, 0x0, 0xf8, 0x160, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'lo\x00', {0x0, 0x0, 0x1ff, 0x0, 0x0, 0xed, 0x7}}}, @common=@unspec=@cluster={{0x30}, {0x3f00}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@ip={@local, @loopback, 0x0, 0x0, 'veth0_vlan\x00', 'macvtap0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x310) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x3, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac00800020007000c00040004c00364bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r6, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@newlink={0x40, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r7, 0x9801}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x2}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x8000) sendto$packet(r4, &(0x7f0000000000)='1', 0x26, 0x0, &(0x7f0000000200)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @local}, 0x14) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000180)={0x5, 0xa, 0x4}) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x20000008c}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7) getpid() 1m46.818966882s ago: executing program 1 (id=498): r0 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) socket$inet6(0xa, 0x2, 0x0) r2 = socket$kcm(0x29, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99dbf231167013a4b2eaf6338a0b100c98a331dffc09"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r4 = socket$kcm(0x2, 0xa, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000040)={r4, r3}) ioctl$USBDEVFS_FREE_STREAMS(0xffffffffffffffff, 0x802c550a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 1m46.104359744s ago: executing program 1 (id=500): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000100)={"e58b0f5f9483b6623103130250df2c17", 0x0, 0x0, {0xfffffffffffffffa, 0xf}, {0x2, 0x9}, 0xf, [0x3ff, 0x5, 0x0, 0x7, 0xc15, 0x7, 0xdca, 0x7470, 0xc8df, 0x5, 0x2, 0x40, 0x8e, 0xff, 0x5, 0x4]}) ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, 0x0) mknod(0x0, 0x8001420, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0xfffffffffffffffe}, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x300048c1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f0000000100)=r2, 0x4) sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc) 1m43.8171266s ago: executing program 1 (id=503): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000240)={'#! ', '', [], 0xa, "e6ea22ed19d98f2883e7ec6b9949275259dbad29894aef4a2ed98e69ac47d5dc9a65a5db4f98d28a74c0ef835b02c2dd31080ea5a396bc5fb1cb8b0a6ba3b4fda1ec04f6a45d9e45040655cd5ec2fde4c40a6eff21fe292bbf27d6e34126e9ba131f317d"}, 0x68) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000008, 0x50, r0, 0x4000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) creat(&(0x7f0000001a00)='./file0\x00', 0x0) mount(&(0x7f0000000100)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f0000001ac0)='gfs2\x00', 0x0, 0x0) 1m42.671199674s ago: executing program 1 (id=509): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$adsp1(0xffffffffffffff9c, 0x0, 0x8200, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000080)={0x19}) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000200)={0x15, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, 0x0) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r3, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r5, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r6, 0x0, 0x1, 0x0, 0x10000, 0x0, 0x32bf91}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ee222}) 1m40.61081896s ago: executing program 1 (id=511): socket(0x10, 0x80002, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) socket$packet(0x11, 0x3, 0x300) sendmmsg$inet(r0, &(0x7f0000004600)=[{{&(0x7f0000000400)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4000004) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x17}, 0x9, 0x0, 0x0, 0x95}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) close(0xffffffffffffffff) mount$9p_fd(0x0, 0x0, 0x0, 0x200400, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = memfd_create(&(0x7f00000000c0)='v\xa6\xf5lj6,r\xaf\xe8\x10/\xecg\xed\xe3h\x80\xb8!y6w\xda\xdd\xb9\nR\xe8@\x99\xb9\x8a\x0fZ\t\x90\x8bp\x10\x84\x86t\x8a\xba\xc6\xfb\xd2\f\xef&\xad\xa8M\xe8\b\xb0#\xac)\x81\x1e\x8a\f\x11D\x90\xf5\xbb\x1c\xac\xc7\xad\xdc\\\x11\x95\xf8\xe6\xa7\xc3\xbc\x18+\x92\x92N\a\xa7\x7fN\x9bL\xf8\xebQs\x02\xf9\xadi\x8f\x0f\xff\x02n\x9d\x85\xea\x1a*\x1bC\xd8\x1c\xe8\x9bYS', 0x0) write(r4, 0x0, 0x0) ioctl$TIOCL_BLANKSCREEN(r3, 0x5609, &(0x7f0000000000)) 1m25.515328463s ago: executing program 34 (id=511): socket(0x10, 0x80002, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) socket$packet(0x11, 0x3, 0x300) sendmmsg$inet(r0, &(0x7f0000004600)=[{{&(0x7f0000000400)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4000004) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x17}, 0x9, 0x0, 0x0, 0x95}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) close(0xffffffffffffffff) mount$9p_fd(0x0, 0x0, 0x0, 0x200400, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = memfd_create(&(0x7f00000000c0)='v\xa6\xf5lj6,r\xaf\xe8\x10/\xecg\xed\xe3h\x80\xb8!y6w\xda\xdd\xb9\nR\xe8@\x99\xb9\x8a\x0fZ\t\x90\x8bp\x10\x84\x86t\x8a\xba\xc6\xfb\xd2\f\xef&\xad\xa8M\xe8\b\xb0#\xac)\x81\x1e\x8a\f\x11D\x90\xf5\xbb\x1c\xac\xc7\xad\xdc\\\x11\x95\xf8\xe6\xa7\xc3\xbc\x18+\x92\x92N\a\xa7\x7fN\x9bL\xf8\xebQs\x02\xf9\xadi\x8f\x0f\xff\x02n\x9d\x85\xea\x1a*\x1bC\xd8\x1c\xe8\x9bYS', 0x0) write(r4, 0x0, 0x0) ioctl$TIOCL_BLANKSCREEN(r3, 0x5609, &(0x7f0000000000)) 27.161040664s ago: executing program 6 (id=623): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x1, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/net/ipv4/vs/backup_only\x00', 0x2, 0x0) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r6, &(0x7f0000000500)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x60, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sk_reuseport=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$nl_xfrm(0x10, 0x3, 0x6) r7 = syz_open_dev$loop(&(0x7f00000000c0), 0x5, 0x103b83) ioctl$LOOP_CHANGE_FD(r7, 0x4c00, 0xffffffffffffffff) ioctl$LOOP_SET_STATUS(r7, 0x4c02, 0x0) ioctl$LOOP_CHANGE_FD(r7, 0x4c06, 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0x1ac81b, 0x0, 0x0, 0x0, 0x1000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8, 0x0, 0x0, 0x1010000}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x0, 0x300}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) 23.367473338s ago: executing program 6 (id=629): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x5) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="e520000046000000760000000000000027000000000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffc62, 0x10, 0x0, 0xfffffffffffffed8, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x23) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180022000000000000000000000000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x4085}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f0000000280)) syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r2, 0x0, 0x2e, &(0x7f0000000340)={0x3, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @loopback}}}, 0x108) setsockopt$inet_group_source_req(r2, 0x0, 0x2e, &(0x7f0000000480)={0x3, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @multicast2}}}, 0x108) ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000140)={0x7fffffffffffffff, r0}) getsockopt$inet_buf(r2, 0x0, 0x30, &(0x7f0000000340)=""/225, &(0x7f0000000180)=0xe1) 17.654337715s ago: executing program 4 (id=636): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) fchmod(0xffffffffffffffff, 0x134) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000008, 0x50, 0xffffffffffffffff, 0x4000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) bind$802154_raw(r1, &(0x7f0000000080)={0x24, @short={0x2, 0x1, 0xaaa2}}, 0x4c) 15.081384222s ago: executing program 6 (id=638): socket(0x10, 0x80002, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) socket$packet(0x11, 0x3, 0x300) sendmmsg$inet(r0, &(0x7f0000004600)=[{{&(0x7f0000000400)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4000004) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000000400000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000210000280012800b00010067656e657665000018000280140007"], 0x17}, 0x9, 0x0, 0x0, 0x95}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) close(0xffffffffffffffff) mount$9p_fd(0x0, 0x0, 0x0, 0x200400, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) r3 = memfd_create(&(0x7f00000000c0)='v\xa6\xf5lj6,r\xaf\xe8\x10/\xecg\xed\xe3h\x80\xb8!y6w\xda\xdd\xb9\nR\xe8@\x99\xb9\x8a\x0fZ\t\x90\x8bp\x10\x84\x86t\x8a\xba\xc6\xfb\xd2\f\xef&\xad\xa8M\xe8\b\xb0#\xac)\x81\x1e\x8a\f\x11D\x90\xf5\xbb\x1c\xac\xc7\xad\xdc\\\x11\x95\xf8\xe6\xa7\xc3\xbc\x18+\x92\x92N\a\xa7\x7fN\x9bL\xf8\xebQs\x02\xf9\xadi\x8f\x0f\xff\x02n\x9d\x85\xea\x1a*\x1bC\xd8\x1c\xe8\x9bYS', 0x0) write(r3, 0x0, 0x0) ioctl$TIOCL_BLANKSCREEN(r2, 0x5609, &(0x7f0000000000)) 14.50512766s ago: executing program 2 (id=639): socket$kcm(0x10, 0x2, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x24, 0x0, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendto$inet(r3, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b037511bf746bec66ba", 0x994b6e03113064ae, 0x0, 0x0, 0x0) recvmsg(r3, &(0x7f0000001500)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x437aba2}], 0x1, 0x0, 0x46, 0x407006}, 0x104) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000140)='bic\x00', 0x4) recvmmsg(0xffffffffffffffff, &(0x7f0000003700)=[{{&(0x7f0000002680)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, &(0x7f0000000a00)}, 0x3}], 0x1, 0x100, &(0x7f00000037c0)={0x77359400}) 14.453827097s ago: executing program 6 (id=641): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x5) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x4085}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) timer_create(0x0, &(0x7f0000000180)={0x0, 0x21, 0x4}, &(0x7f00000000c0)) clock_gettime(0x0, 0x0) timer_settime(0x0, 0x5, &(0x7f00000001c0)={{0x77359400}}, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) preadv2(r1, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1fee00}], 0x2, 0x0, 0x0, 0x0) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f0000000280)) r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f0000000340)={0x3, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @loopback}}}, 0x108) ioctl$vim2m_VIDIOC_QBUF(r2, 0xc058560f, &(0x7f0000000180)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'y)\x00'}, 0x0, 0x1, {0x0}, 0xea}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0xfc, 0x0, 0x7fff0000}]}) 11.839188714s ago: executing program 2 (id=642): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7654}]}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) sendmsg$inet(r0, 0x0, 0x0) recvmsg(r0, &(0x7f0000000580)={0x0, 0x2, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1, 0x0, 0x2000000000000}, 0x700) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='hybla\x00', 0x6) 11.527465539s ago: executing program 3 (id=643): fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) bind$l2tp(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @empty, 0x1}, 0x10) r0 = syz_io_uring_setup(0x324b, 0x0, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_WRITE={0x17, 0x8, 0x0, @fd_index=0x4, 0x9, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x54, 0x96d7, 0x1, 0x0, 0x0) 11.149712551s ago: executing program 3 (id=644): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) sched_setaffinity(0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4) sendmmsg$inet(r3, &(0x7f0000004bc0)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)}, {&(0x7f0000000f00)="f5e022a4d2ed0cf5f8b2e9857cb9af98da7aa60f7a1582aadeaef336f9139f6768452f868624c7e6ce0948f33f1a63e0fcf0f2df28a3f1f4de26a8b575ccb465985e48f65b9a7fcc93c0a5be8b16774f7c7ca9848a182d6ee7c0f2b9c0e7030ed93ee34214c25cb51279b18c8e5bfbc52152be37f5e2b783e2", 0x79}, {&(0x7f0000000800)="6a8fa35a5ac69c3f3504610b7a65154b8a319d412cae86d445126356a7ea73e2cc685d4a2c125a1898bb727147075b79a19e162ca01c17cdb0398d7303a2955433e8f9de6d144dddc2ca170b10d505c3eb024dcacee0c139b5a9044f1f3a0fd4e958406a6ba551087ed89e2312e678f38707c8f37e5c8fe3cb977b7035046ea60fc263c1f72c13c1c7be3f14407e96c832dd5b10a03966185a38402e2cf26722ddeb0e262b9354a7db169109b0adec288e14e03b42147a29ba7f26c6886c05bea9ef56a3bb171e67a92b838a19c3a646fbd5bc79dadd977983eb0587e61bbc7a2d3f3fc63e5704464ed8e57027a8dc835d5f71cf96a13d0a6440492610145b7f71a28bbc1834493d9c63412a741186a0d3a3d18e00f622045954020e1d4bf3c51439ec5ea6c35004bb016ec740a9c2bbccd7daec478949021a69ce9a14bcff85d518579526d616f3ed024cf414e6673b800dc8e6d690b48d3c7430cdd4f51fa4707cad5d91f17a4bd1d72839f8cc3e155239b30c9fca6ac331621f45ae30b730736915456dd4e252c41449f33b07009c3d66163e23d1cabd19c80603", 0x19c}], 0x3}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) sendto$inet(r3, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b0", 0x27, 0x11, 0x0, 0x0) r4 = getpid() syz_pidfd_open(r4, 0x0) getcwd(0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) 9.750195817s ago: executing program 2 (id=645): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) fanotify_init(0x8, 0x0) epoll_create1(0x80000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0xed461000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0xa) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) socket$inet6(0xa, 0x3, 0x20) syz_open_dev$media(&(0x7f0000000040), 0x2, 0x102) r5 = socket$pppl2tp(0x18, 0x1, 0x1) r6 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r5, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r6, {0x2, 0x0, @multicast2}, 0x2}}, 0x2e) r7 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r7, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x2, 0xfffffffd, 0x0, 0xfffffffc}}, 0x2e) ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000000)) recvmmsg(r4, &(0x7f0000004e40)=[{{&(0x7f0000002940)=@nfc, 0x80, &(0x7f0000004d40)=[{&(0x7f00000029c0)=""/92, 0x5c}, {&(0x7f0000002a40)=""/76, 0x4c}, {&(0x7f0000002ac0)=""/167, 0xa7}, {&(0x7f0000002b80)=""/161, 0xa1}, {&(0x7f0000002c40)=""/38, 0x26}, {&(0x7f0000002c80)=""/4096, 0x1000}, {&(0x7f0000003c80)=""/120, 0x78}, {&(0x7f0000003d00)=""/4096, 0x1000}, {&(0x7f0000004d00)=""/4, 0x4}], 0x9, &(0x7f0000004e00)=""/36, 0x24}, 0x32e3}], 0x1, 0x53, &(0x7f0000004f00)={0x77359400}) 9.74728858s ago: executing program 3 (id=646): pipe(0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) chdir(&(0x7f0000000080)='./file1\x00') r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0x208e24b) 8.234675609s ago: executing program 2 (id=647): syz_usb_connect(0x0, 0x17e, &(0x7f0000000280)=ANY=[@ANYBLOB="120110012ec39540e2041414e5c90102030109026c0101000000000904ee000302e21300b822143be46108bab1032de08d422dfe679561dbc442f588f808a943923b52bc8600f97afc296d1887b54a2f7e66a55a3f85bd2ec636c0083ba34e5e1314782e693ae6250eb9634831d6c4937db2219e322238b5abe4eaec3516e13fd232149c9cc71a2becba4ef5036d1f9c89dc755bac4dd1bb512d53df2e8502407a6bab13173e20ea8d2e558b53162a409f7b0b32ed1b98f19905e62fbb0d744889dafee931e6ba21e16088055600fd1ce07ee42d99cedde251cec1320724060001529d05240000020d240f01020000003baf7b030206241a0000021524120100a317a88b045e4f01a607c0ffcb7e392a062407010a000624073a01000c241b0f00000300070000ff1524"], 0x0) 7.609134489s ago: executing program 4 (id=648): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000200)={0x0, 0x0, 0x5, {0x5, 0x0, "a8c6df"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x0, 0x3, 0x425}}, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0003"], 0x0, 0x0}, 0x0) 6.0369676s ago: executing program 2 (id=649): syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b00090000000009040002010035040009058dff86"], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r0, &(0x7f0000000200), 0x0) 5.497909754s ago: executing program 3 (id=650): r0 = socket$inet_sctp(0x2, 0x800000000000001, 0x84) sendto$inet(r0, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r0, &(0x7f0000000100)='\x00', 0x1, 0x0, &(0x7f00000000c0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r0, 0x1) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000004c0)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x34, 0xfffffffe}, 0x9c) setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6, 0x0, 0x0, 0x0, 0x0, 0x16}, 0x9c) 5.000546198s ago: executing program 4 (id=651): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000180)={{0x1, 0x1, 0x18, r1, {0x80000001}}, './file0\x00'}) ioctl$MEDIA_IOC_REQUEST_ALLOC(r5, 0x80047c05, &(0x7f0000000240)) sched_setscheduler(r4, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$key(r3, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0207a20802"], 0x10}}, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@loopback, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {0x0, 0x9}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast1, 0x4d5, 0x32}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0xb7}}, 0xe8) sendmmsg(r2, &(0x7f0000000180), 0x400000000000077, 0x0) 3.848055049s ago: executing program 3 (id=652): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), 0xffffffffffffffff) socket$packet(0x11, 0x2, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = syz_open_dev$evdev(&(0x7f0000000340), 0x6, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r3, &(0x7f0000000000)={0x26, 0x3, 0x0, {0x5, 0x5, 0x0, '#,)\x82%'}}, 0x26) ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000000180)=""/61) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r4, 0x4b72, 0x0) mremap(&(0x7f000024b000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f00007d5000/0x3000)=nil) socket$inet6_udp(0xa, 0x2, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r5, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x20801, 0x0) write$rfkill(r6, &(0x7f0000000100)={0x0, 0x2, 0x3, 0x5, 0x1}, 0x8) 3.619643796s ago: executing program 4 (id=653): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@getchain={0x5c, 0x66, 0x100, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffec, 0x7}, {0xffff, 0xb}}, [{0x8, 0xb, 0xfffffff8}, {0x8, 0xb, 0x3}, {0x8, 0xb, 0x3}, {0x8, 0xb, 0xffff1eca}, {0x8, 0xb, 0x41}, {0x8, 0xb, 0xff}, {0x8, 0xb, 0xffff33f2}]}, 0x5c}}, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) clock_adjtime(0x0, &(0x7f0000000000)={0x2, 0x200000000, 0x3, 0x4, 0x7ff, 0x9f, 0x4000000, 0x0, 0x5, 0x4, 0xfffffffffffffffe, 0x248a, 0x1, 0x2, 0x0, 0x0, 0x7fff, 0x503, 0x800000000000004, 0x0, 0x3, 0x9, 0x9, 0x8}) 3.603379729s ago: executing program 6 (id=654): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x5) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x4085}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) timer_create(0x0, &(0x7f0000000180)={0x0, 0x21, 0x4}, &(0x7f00000000c0)) clock_gettime(0x0, 0x0) timer_settime(0x0, 0x5, &(0x7f00000001c0)={{0x77359400}}, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) preadv2(r1, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1fee00}], 0x2, 0x0, 0x0, 0x0) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f0000000280)) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f0000000340)={0x3, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @loopback}}}, 0x108) ioctl$vim2m_VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000000180)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'y)\x00'}, 0x0, 0x1, {0x0}, 0xea}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0xfc, 0x0, 0x7fff0000}]}) 2.629100848s ago: executing program 4 (id=655): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7654}]}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x0) recvmsg(r0, &(0x7f0000000580)={0x0, 0x2, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1, 0x0, 0x2000000000000}, 0x700) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='hybla\x00', 0x6) 2.307534704s ago: executing program 2 (id=656): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), 0xffffffffffffffff) socket$packet(0x11, 0x2, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = syz_open_dev$evdev(&(0x7f0000000340), 0x6, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r3, &(0x7f0000000000)={0x26, 0x3, 0x0, {0x5, 0x5, 0x0, '#,)\x82%'}}, 0x26) ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000000180)=""/61) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r4, 0x4b72, 0x0) mremap(&(0x7f000024b000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f00007d5000/0x3000)=nil) socket$inet6_udp(0xa, 0x2, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r5, 0x400448ca, 0x0) r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x20801, 0x0) write$rfkill(r6, &(0x7f0000000100)={0x0, 0x2, 0x3, 0x5, 0x1}, 0x8) 1.303122926s ago: executing program 3 (id=657): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x5) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="e520000046000000760000000000000027000000000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffc62, 0x10, 0x0, 0xfffffffffffffed8, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x23) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180022000000000000000000000000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x4085}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f0000000280)) r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r3, 0x0, 0x2e, &(0x7f0000000340)={0x3, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @loopback}}}, 0x108) setsockopt$inet_group_source_req(r3, 0x0, 0x2e, &(0x7f0000000480)={0x3, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @multicast2}}}, 0x108) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000001240)=@filter={'filter\x00', 0xe, 0x4, 0x2e0, 0xffffffff, 0x168, 0x0, 0xd0, 0xffffffff, 0xffffffff, 0x248, 0x248, 0x248, 0xffffffff, 0x4, &(0x7f0000001200), {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x1, [0x7, 0x7, 0x8, 0x2, 0x4, 0x3], 0x1}, {0xffffffffffffffff, [0x6, 0x1, 0x4, 0x0, 0x1], 0x3, 0x1}}}}, {{@ip={@private=0xa010101, @private=0xa010100, 0xff000000, 0xffffff00, 'veth0_virt_wifi\x00', 'vlan1\x00', {0xff}, {}, 0x0, 0x0, 0x9}, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0xd}}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x22}, @dev={0xac, 0x14, 0x14, 0x34}, 0xffffff00, 0x0, 'tunl0\x00', 'ip6tnl0\x00', {0xff}, {}, 0x73, 0x2, 0x4c}, 0x0, 0x70, 0xe0}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x4, 0xfff9, 0x2, 0x0, 0x0, "081424c4d2754e868c7a90e30aff436d7b074e9db5ddf1a36dc25f5ca33524aba9293c99beaba52d5150d301c7d879e6ad2caddfb597b03521a69e105cc0fc66"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x340) getsockopt$inet_buf(r3, 0x0, 0x30, &(0x7f0000000340)=""/225, &(0x7f0000000180)=0xe1) ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0xfc, 0x0, 0x7fff0000}]}) close_range(r4, 0xffffffffffffffff, 0x0) 145.478304ms ago: executing program 6 (id=658): ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0) write$vhost_msg_v2(0xffffffffffffffff, 0x0, 0x0) write$vhost_msg_v2(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002a00)={0x2, 0x6, 0x8, 0x3, 0x3, 0x0, 0x70bd2c, 0x25dfdbfc, [@sadb_key={0x1, 0x6c1df3fe1a78f621}]}, 0x18}}, 0x20008084) r1 = io_uring_setup(0x6281, &(0x7f0000000080)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000140), 0x2, 0x141381) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x18) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$IPVS_CMD_FLUSH(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040000}, 0x20000050) r6 = socket$inet(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r6, 0x0, 0x43, 0x0, &(0x7f0000000100)) ioctl$TIOCGDEV(r4, 0x540e, 0x0) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) r8 = openat$nullb(0xffffff9c, &(0x7f0000000100), 0x200, 0x0) ioctl$BLKRRPART(r8, 0x125f, 0x0) r9 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r9, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 0s ago: executing program 4 (id=659): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x2, &(0x7f00000005c0)=[{0x34, 0x0, 0xfc, 0xe12b}, {0x16}]}) openat$audio1(0xffffffffffffff9c, 0x0, 0x129202, 0x0) fsopen(&(0x7f0000000700)='affs\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000100)='mode\x00', &(0x7f0000000140)='7', 0x0) pipe2$9p(&(0x7f0000000240), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(0xffffffffffffffff, 0x40505331, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = syz_open_dev$loop(&(0x7f0000000040), 0x3f, 0x82181) memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J]\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xcb\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n 1 [ 502.035687][ T5875] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 502.417426][ T5875] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 502.432413][ T5875] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 502.447725][ T5875] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 502.458418][ T5875] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 504.143175][ T7252] netlink: 277 bytes leftover after parsing attributes in process `syz.3.359'. [ 504.850690][ T54] Bluetooth: hci6: command tx timeout [ 505.154142][ T7222] chnl_net:caif_netlink_parms(): no params data found [ 506.090665][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.097024][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.160443][ T54] Bluetooth: hci6: command tx timeout [ 509.200162][ T54] Bluetooth: hci6: command tx timeout [ 511.296067][ T54] Bluetooth: hci6: command tx timeout [ 512.333907][ T7289] bond0: entered promiscuous mode [ 512.339156][ T7289] bond_slave_0: entered promiscuous mode [ 512.365412][ T7289] bond_slave_1: entered promiscuous mode [ 512.412574][ T7222] bridge0: port 1(bridge_slave_0) entered blocking state [ 512.670868][ T7222] bridge0: port 1(bridge_slave_0) entered disabled state [ 512.680790][ T7222] bridge_slave_0: entered allmulticast mode [ 512.687629][ T7222] bridge_slave_0: entered promiscuous mode [ 513.782015][ T7222] bridge0: port 2(bridge_slave_1) entered blocking state [ 513.862395][ T7222] bridge0: port 2(bridge_slave_1) entered disabled state [ 513.869616][ T7222] bridge_slave_1: entered allmulticast mode [ 514.107761][ T7222] bridge_slave_1: entered promiscuous mode [ 521.095658][ T7222] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 521.172816][ T7222] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 524.495367][ T7222] team0: Port device team_slave_0 added [ 524.535118][ T7222] team0: Port device team_slave_1 added [ 524.680336][ T7222] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 524.698046][ T7222] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 524.724134][ C0] vkms_vblank_simulate: vblank timer overrun [ 524.751165][ T7222] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 524.764162][ T7222] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 524.771458][ T7222] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 524.834588][ T7222] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 526.007877][ T7381] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 526.010579][ T7379] ceph: No mds server is up or the cluster is laggy [ 526.027604][ T5922] libceph: connect (1)[c::]:6789 error -101 [ 526.053606][ T5922] libceph: mon0 (1)[c::]:6789 connect error [ 526.837412][ T7222] hsr_slave_0: entered promiscuous mode [ 526.979304][ T7222] hsr_slave_1: entered promiscuous mode [ 527.187443][ T7222] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 527.237944][ T7222] Cannot create hsr debugfs directory [ 527.250320][ T5922] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 528.690104][ T5922] usb 3-1: Using ep0 maxpacket: 16 [ 528.698751][ T5922] usb 3-1: config 0 has an invalid interface number: 41 but max is 0 [ 528.706930][ T5922] usb 3-1: config 0 has no interface number 0 [ 528.713561][ T5922] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 528.723482][ T5922] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 528.733464][ T5922] usb 3-1: config 0 interface 41 has no altsetting 0 [ 529.678773][ T7406] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 529.680211][ T7408] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 529.970214][ T5922] usb 3-1: string descriptor 0 read error: -71 [ 529.985996][ T5922] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 529.995323][ T5922] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 530.091360][ T5922] usb 3-1: config 0 descriptor?? [ 530.120395][ T5922] usb 3-1: can't set config #0, error -71 [ 530.168806][ T5922] usb 3-1: USB disconnect, device number 9 [ 535.382612][ T7222] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 535.905422][ T7222] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 537.913134][ T7222] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 539.311792][ T7463] netlink: 28 bytes leftover after parsing attributes in process `syz.1.413'. [ 539.394139][ T7222] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 541.089519][ T7222] 8021q: adding VLAN 0 to HW filter on device bond0 [ 541.649396][ T7486] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 541.652454][ T7484] ceph: No mds server is up or the cluster is laggy [ 541.671158][ T5978] libceph: connect (1)[c::]:6789 error -101 [ 541.677235][ T5978] libceph: mon0 (1)[c::]:6789 connect error [ 541.848700][ T7222] 8021q: adding VLAN 0 to HW filter on device team0 [ 542.435007][ T7089] bridge0: port 1(bridge_slave_0) entered blocking state [ 542.435105][ T7089] bridge0: port 1(bridge_slave_0) entered forwarding state [ 542.586573][ T7498] syz.3.424: attempt to access beyond end of device [ 542.586573][ T7498] nbd3: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 542.586661][ T7498] gfs2: error -5 reading superblock [ 542.598472][ T5948] bridge0: port 2(bridge_slave_1) entered blocking state [ 542.598532][ T5948] bridge0: port 2(bridge_slave_1) entered forwarding state [ 542.728924][ T7222] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 542.728965][ T7222] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 543.053690][ T5920] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 543.250211][ T5920] usb 5-1: Using ep0 maxpacket: 16 [ 544.220079][ T5920] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 544.245183][ T5920] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0 [ 545.220033][ T5920] usb 5-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 545.240333][ T5920] usb 5-1: config 0 interface 0 has no altsetting 0 [ 545.247016][ T5920] usb 5-1: New USB device found, idVendor=045e, idProduct=05da, bcdDevice= 0.00 [ 545.658040][ T5920] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.443090][ T7222] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 546.474996][ T5920] usb 5-1: config 0 descriptor?? [ 546.530709][ T5978] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 546.582581][ T5920] usb 5-1: can't set config #0, error -71 [ 546.619166][ T5920] usb 5-1: USB disconnect, device number 13 [ 546.731146][ T7522] netlink: 28 bytes leftover after parsing attributes in process `syz.5.430'. [ 546.835266][ T5978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 546.882607][ T5978] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 546.950440][ T5978] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 547.380134][ T5978] usb 4-1: config 0 descriptor?? [ 547.691350][ T5978] usbhid 4-1:0.0: can't add hid device: -71 [ 547.698012][ T5978] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 547.709223][ T5978] usb 4-1: USB disconnect, device number 13 [ 548.135829][ T25] libceph: connect (1)[c::]:6789 error -101 [ 548.535411][ T7534] ceph: No mds server is up or the cluster is laggy [ 548.542229][ T7537] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 548.543051][ T25] libceph: mon0 (1)[c::]:6789 connect error [ 548.659844][ T7222] veth0_vlan: entered promiscuous mode [ 548.671396][ T7222] veth1_vlan: entered promiscuous mode [ 548.694846][ T7222] veth0_macvtap: entered promiscuous mode [ 548.704974][ T7222] veth1_macvtap: entered promiscuous mode [ 548.720949][ T7222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 548.731988][ T7222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.742113][ T7222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 548.752789][ T7222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.762735][ T7222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 548.773361][ T7222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.783239][ T7222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 548.794033][ T7222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.803944][ T7222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 548.814822][ T7222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.825299][ T7222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 548.836191][ T7222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.848691][ T7222] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 548.858917][ T7222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 548.869451][ T7222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.879717][ T7222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 548.890356][ T7222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.900256][ T7222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 548.911132][ T7222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.921430][ T7222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 548.931984][ T7222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.941894][ T7222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 548.952653][ T7222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.962587][ T7222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 548.973136][ T7222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.984271][ T7222] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 549.026682][ T7222] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.035667][ T7222] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.044631][ T7222] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.053439][ T7222] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.214472][ T54] Bluetooth: hci4: unexpected event for opcode 0x740a [ 549.353276][ T7104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 549.369588][ T7104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 549.424664][ T5935] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 549.430981][ T967] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 549.560014][ T5935] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 550.572987][ T967] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 550.584233][ T967] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 550.600863][ T967] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 550.624805][ T967] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 550.639343][ T7545] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 551.971928][ T967] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 553.052542][ T7565] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 553.053074][ T7566] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 554.172622][ T967] usb 2-1: USB disconnect, device number 6 [ 554.964995][ T7585] udevd[7585]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 561.710176][ T5978] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 561.821079][ T967] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 566.020187][ T5978] usb 7-1: device not accepting address 2, error -71 [ 566.654521][ T7660] loop9: detected capacity change from 0 to 7 [ 567.005044][ T7660] Dev loop9: unable to read RDB block 7 [ 567.010952][ T7660] loop9: unable to read partition table [ 567.016851][ T7660] loop9: partition table beyond EOD, truncated [ 567.023237][ T7660] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 568.122448][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.128763][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.990600][ T5875] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 569.116978][ T5875] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 569.125911][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 569.136409][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 569.144440][ T5858] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 569.151935][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 571.200331][ T25] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 571.335019][ T5858] Bluetooth: hci2: command tx timeout [ 571.579222][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 571.648242][ T25] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 571.808253][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 571.908658][ T25] usb 4-1: config 0 descriptor?? [ 573.054053][ T25] usbhid 4-1:0.0: can't add hid device: -71 [ 573.115817][ T25] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 573.415506][ T5928] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 573.430263][ T5858] Bluetooth: hci2: command tx timeout [ 573.438621][ T25] usb 4-1: USB disconnect, device number 14 [ 576.010053][ T5858] Bluetooth: hci2: command tx timeout [ 576.139437][ T7713] loop9: detected capacity change from 0 to 7 [ 576.281006][ T7713] Dev loop9: unable to read RDB block 7 [ 576.312221][ T7713] loop9: unable to read partition table [ 576.312879][ T7713] loop9: partition table beyond EOD, truncated [ 576.312908][ T7713] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 576.922924][ T5928] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 577.220500][ T7665] chnl_net:caif_netlink_parms(): no params data found [ 578.146847][ T5858] Bluetooth: hci2: command tx timeout [ 580.808352][ T5928] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 582.647670][ T7755] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 582.650369][ T7757] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 583.140302][ T46] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 583.379786][ T7768] netlink: 28 bytes leftover after parsing attributes in process `syz.1.495'. [ 583.389338][ T7768] netlink: 'syz.1.495': attribute type 6 has an invalid length. [ 583.842209][ T5928] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 583.903436][ T7665] bridge0: port 1(bridge_slave_0) entered blocking state [ 584.091715][ T7665] bridge0: port 1(bridge_slave_0) entered disabled state [ 584.121407][ T7665] bridge_slave_0: entered allmulticast mode [ 584.128638][ T7665] bridge_slave_0: entered promiscuous mode [ 584.137272][ T7665] bridge0: port 2(bridge_slave_1) entered blocking state [ 584.144499][ T7665] bridge0: port 2(bridge_slave_1) entered disabled state [ 584.151975][ T7665] bridge_slave_1: entered allmulticast mode [ 584.154605][ T46] usb 4-1: Using ep0 maxpacket: 16 [ 584.159086][ T7665] bridge_slave_1: entered promiscuous mode [ 584.889003][ T46] usb 4-1: config 0 has an invalid interface number: 41 but max is 0 [ 584.900655][ T46] usb 4-1: config 0 has no interface number 0 [ 584.906939][ T46] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 584.919366][ T46] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 585.031845][ T46] usb 4-1: config 0 interface 41 has no altsetting 0 [ 585.043534][ T7665] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 585.055435][ T7665] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 585.172177][ T46] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 585.181994][ T46] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 585.199612][ T46] usb 4-1: Product: syz [ 585.200937][ T5842] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 585.203919][ T46] usb 4-1: Manufacturer: syz [ 585.211811][ T5920] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 585.216192][ T46] usb 4-1: SerialNumber: syz [ 585.231163][ T46] usb 4-1: config 0 descriptor?? [ 585.236781][ T7763] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 585.269698][ T7763] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 585.282752][ T7665] team0: Port device team_slave_0 added [ 585.335535][ T7665] team0: Port device team_slave_1 added [ 585.347440][ T7778] loop9: detected capacity change from 0 to 7 [ 585.383618][ T5920] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 585.435394][ T5920] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 585.450073][ T5842] usb 3-1: config 0 has an invalid interface number: 238 but max is 0 [ 585.463987][ T5842] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 585.487417][ T5920] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 585.500137][ T5842] usb 3-1: config 0 has no interface number 0 [ 585.507552][ T5842] usb 3-1: config 0 interface 238 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 585.526921][ T5920] usb 5-1: config 0 descriptor?? [ 585.546744][ T7778] Dev loop9: unable to read RDB block 7 [ 585.556954][ T5842] usb 3-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c9.e5 [ 585.566691][ T5842] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 585.566823][ T7778] loop9: unable to read partition table [ 585.576071][ T5842] usb 3-1: Product: syz [ 585.576107][ T5842] usb 3-1: Manufacturer: syz [ 585.576171][ T5842] usb 3-1: SerialNumber: syz [ 585.600662][ T7763] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 585.608005][ T7763] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 585.617386][ T7778] loop9: partition table beyond EOD, truncated [ 585.650295][ T5842] usb 3-1: config 0 descriptor?? [ 585.656795][ T7778] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 585.672008][ T5842] xr_serial 3-1:0.238: skipping garbage [ 585.682032][ T7665] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 585.689032][ T7665] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 585.716491][ T7665] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 585.806592][ T7665] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 585.813849][ T7665] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 585.840212][ T7665] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 585.852974][ T5928] bridge_slave_1: left allmulticast mode [ 585.878505][ T5920] usbhid 5-1:0.0: can't add hid device: -71 [ 585.884741][ T5920] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 585.910583][ T5928] bridge_slave_1: left promiscuous mode [ 585.917879][ T5928] bridge0: port 2(bridge_slave_1) entered disabled state [ 585.952525][ T5920] usb 5-1: USB disconnect, device number 14 [ 585.981230][ T5842] usb 3-1: USB disconnect, device number 10 [ 586.020278][ T5928] bridge_slave_0: left allmulticast mode [ 586.034776][ T5928] bridge_slave_0: left promiscuous mode [ 586.058724][ T5928] bridge0: port 1(bridge_slave_0) entered disabled state [ 586.082697][ T46] Error reading MAC address [ 586.088248][ T7763] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 586.096826][ T7763] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 586.367819][ T5920] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 586.568411][ T46] sr9700 4-1:0.41 (unnamed net_device) (uninitialized): Error reading MAC address [ 586.634703][ T5920] usb 5-1: Using ep0 maxpacket: 32 [ 586.858695][ T5920] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 586.899865][ T5961] usb 4-1: USB disconnect, device number 15 [ 586.921454][ T5920] usb 5-1: New USB device found, idVendor=0f11, idProduct=3321, bcdDevice= 0.40 [ 586.955687][ T5920] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 587.230757][ T5920] usb 5-1: config 0 descriptor?? [ 588.191936][ T5920] usb 5-1: can't set config #0, error -71 [ 588.316627][ T5920] usb 5-1: USB disconnect, device number 15 [ 588.866793][ T7832] syz.1.503: attempt to access beyond end of device [ 588.866793][ T7832] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 588.894611][ T7832] gfs2: error -5 reading superblock [ 589.985752][ T7869] netlink: 28 bytes leftover after parsing attributes in process `syz.2.508'. [ 590.733169][ T7869] netlink: 'syz.2.508': attribute type 6 has an invalid length. [ 595.394928][ T5928] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 595.576519][ T5928] bond_slave_0: left promiscuous mode [ 596.824410][ T5928] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 596.870467][ T5961] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 597.160165][ T5961] usb 4-1: Using ep0 maxpacket: 16 [ 597.231360][ T5961] usb 4-1: config 0 has an invalid interface number: 41 but max is 0 [ 597.239534][ T5961] usb 4-1: config 0 has no interface number 0 [ 597.343310][ T5961] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 597.561344][ T5961] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 597.576306][ T5961] usb 4-1: config 0 interface 41 has no altsetting 0 [ 597.750567][ T5928] bond_slave_1: left promiscuous mode [ 597.970495][ T5928] bond0 (unregistering): Released all slaves [ 598.548403][ T5961] usb 4-1: string descriptor 0 read error: -71 [ 598.558983][ T5961] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 598.675863][ T5961] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 598.731370][ T5961] usb 4-1: config 0 descriptor?? [ 598.766890][ T5961] usb 4-1: can't set config #0, error -71 [ 598.798433][ T5961] usb 4-1: USB disconnect, device number 16 [ 599.178038][ T7665] hsr_slave_0: entered promiscuous mode [ 599.543933][ T7665] hsr_slave_1: entered promiscuous mode [ 599.950327][ T7665] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 599.958043][ T7665] Cannot create hsr debugfs directory [ 606.772091][ T7665] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 608.499715][ T8018] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 608.500272][ T8019] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 609.782908][ T967] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 609.855619][ T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 609.965052][ T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 609.986744][ T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 610.003866][ T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 610.016330][ T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 610.028576][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 610.290097][ T967] usb 4-1: Using ep0 maxpacket: 16 [ 610.291431][ T7665] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 610.383572][ T967] usb 4-1: device descriptor read/all, error -71 [ 610.480338][ T5928] hsr_slave_0: left promiscuous mode [ 610.490047][ T5928] hsr_slave_1: left promiscuous mode [ 610.557240][ T5928] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 610.576601][ T5928] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 610.602290][ T5928] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 610.689759][ T5928] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 610.823104][ T5928] veth1_macvtap: left promiscuous mode [ 610.828935][ T5928] veth0_macvtap: left promiscuous mode [ 610.834745][ T5928] veth1_vlan: left promiscuous mode [ 610.840339][ T5928] veth0_vlan: left promiscuous mode [ 611.389586][ T5928] team0 (unregistering): Port device team_slave_1 removed [ 611.425701][ T5928] team0 (unregistering): Port device team_slave_0 removed [ 611.735938][ T7665] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 612.138454][ T29] audit: type=1326 audit(1734313592.456:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8057 comm="syz.3.543" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc7d2185d19 code=0x0 [ 612.178182][ T7665] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 612.330159][ T54] Bluetooth: hci1: command tx timeout [ 612.568670][ T7665] 8021q: adding VLAN 0 to HW filter on device bond0 [ 612.587575][ T7665] 8021q: adding VLAN 0 to HW filter on device team0 [ 612.607092][ T6425] bridge0: port 1(bridge_slave_0) entered blocking state [ 612.614295][ T6425] bridge0: port 1(bridge_slave_0) entered forwarding state [ 612.623564][ T6425] bridge0: port 2(bridge_slave_1) entered blocking state [ 612.630714][ T6425] bridge0: port 2(bridge_slave_1) entered forwarding state [ 614.734357][ T54] Bluetooth: hci1: command tx timeout [ 615.138237][ T8086] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 615.139452][ T8087] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 615.720026][ T54] Bluetooth: hci5: command 0x0406 tx timeout [ 616.830375][ T54] Bluetooth: hci1: command tx timeout [ 618.070543][ T5921] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 618.244423][ T8015] chnl_net:caif_netlink_parms(): no params data found [ 618.394730][ T5921] usb 3-1: Using ep0 maxpacket: 16 [ 618.500798][ T5921] usb 3-1: config 0 has an invalid interface number: 41 but max is 0 [ 618.513005][ T5921] usb 3-1: config 0 has no interface number 0 [ 618.529868][ T5921] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 618.547869][ T5921] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 618.572992][ T5921] usb 3-1: config 0 interface 41 has no altsetting 0 [ 618.737219][ T5921] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 618.748819][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 618.759779][ T5921] usb 3-1: Product: syz [ 618.764147][ T5921] usb 3-1: Manufacturer: syz [ 618.769072][ T5921] usb 3-1: SerialNumber: syz [ 618.777205][ T5921] usb 3-1: config 0 descriptor?? [ 618.789041][ T8096] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 618.832787][ T8096] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 618.848625][ T8015] bridge0: port 1(bridge_slave_0) entered blocking state [ 618.856504][ T8015] bridge0: port 1(bridge_slave_0) entered disabled state [ 618.863796][ T8015] bridge_slave_0: entered allmulticast mode [ 618.871157][ T8015] bridge_slave_0: entered promiscuous mode [ 618.878897][ T8015] bridge0: port 2(bridge_slave_1) entered blocking state [ 618.886234][ T8015] bridge0: port 2(bridge_slave_1) entered disabled state [ 618.890857][ T5858] Bluetooth: hci1: command tx timeout [ 618.893887][ T8015] bridge_slave_1: entered allmulticast mode [ 618.906310][ T8015] bridge_slave_1: entered promiscuous mode [ 618.993816][ T8015] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 619.063224][ T8096] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 619.064981][ T7665] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 619.072324][ T8096] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 619.359677][ T8015] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 619.886828][ T5921] Error reading MAC address [ 619.939735][ T8096] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 620.067944][ T8096] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 621.126735][ T5928] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 621.554987][ T5928] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 621.597437][ T8015] team0: Port device team_slave_0 added [ 621.610307][ T5921] sr9700 3-1:0.41 (unnamed net_device) (uninitialized): Error reading MAC address [ 621.653101][ T5921] usb 3-1: USB disconnect, device number 11 [ 621.671950][ T8015] team0: Port device team_slave_1 added [ 624.065864][ T5928] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.413319][ T8171] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 626.460131][ T8171] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 626.613229][ T8171] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 626.652286][ T8171] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 626.762638][ T8171] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 626.768790][ T8171] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 627.090880][ T5928] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 627.103626][ T8171] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 627.109614][ T8171] Bluetooth: hci6: Error when powering off device on rfkill (-4) [ 627.312855][ T8171] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 627.318829][ T8171] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 627.336950][ T8015] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 627.359397][ T8015] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 627.443720][ T8015] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 627.466179][ T8171] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 627.483518][ T8171] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 627.607123][ T8015] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 627.696697][ T8015] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 627.722737][ C1] vkms_vblank_simulate: vblank timer overrun [ 627.781014][ T8015] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 628.038530][ T5858] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 628.050977][ T5858] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 628.065860][ T5858] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 628.404494][ T5858] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 628.416127][ T5858] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 628.424393][ T5858] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 630.022429][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 630.028795][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 630.206905][ T5920] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 630.274259][ T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 630.740068][ T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 630.816674][ T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 630.851367][ T5920] usb 5-1: Using ep0 maxpacket: 16 [ 630.890037][ T29] audit: type=1326 audit(1734313611.166:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8215 comm="syz.6.570" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efebc785d19 code=0x0 [ 630.925793][ T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 630.942750][ T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 631.076142][ T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 631.328180][ T8015] hsr_slave_0: entered promiscuous mode [ 631.381612][ T8212] syz.2.568: attempt to access beyond end of device [ 631.381612][ T8212] nbd2: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 631.386218][ T5920] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 631.421973][ T8015] hsr_slave_1: entered promiscuous mode [ 631.430207][ T8212] gfs2: error -5 reading superblock [ 631.546190][ T5920] usb 5-1: can't read configurations, error -71 [ 632.009890][ T8015] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 632.017901][ T8015] Cannot create hsr debugfs directory [ 633.190420][ T5858] Bluetooth: hci0: command tx timeout [ 633.817754][ T5928] bridge_slave_1: left allmulticast mode [ 633.823673][ T5928] bridge_slave_1: left promiscuous mode [ 633.829424][ T5928] bridge0: port 2(bridge_slave_1) entered disabled state [ 634.134019][ T5928] bridge_slave_0: left allmulticast mode [ 634.139882][ T5928] bridge_slave_0: left promiscuous mode [ 634.161204][ T46] usb 4-1: new full-speed USB device number 19 using dummy_hcd [ 634.182074][ T5928] bridge0: port 1(bridge_slave_0) entered disabled state [ 634.537367][ T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 634.549347][ T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 634.567774][ T46] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 634.661924][ T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.786509][ T46] usb 4-1: config 0 descriptor?? [ 634.803602][ T46] hub 4-1:0.0: USB hub found [ 635.040429][ T46] hub 4-1:0.0: 1 port detected [ 635.282898][ T5858] Bluetooth: hci0: command tx timeout [ 635.855226][ T46] hub 4-1:0.0: activate --> -90 [ 635.868346][ T5928] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 635.910422][ T5928] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 635.941935][ T5928] bond0 (unregistering): Released all slaves [ 636.058030][ T5924] usb 4-1: USB disconnect, device number 19 [ 636.286332][ T8274] syz.2.581: attempt to access beyond end of device [ 636.286332][ T8274] nbd2: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 636.300545][ T8274] gfs2: error -5 reading superblock [ 637.350516][ T5858] Bluetooth: hci0: command tx timeout [ 639.486239][ T8297] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 639.487838][ T8298] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 639.740305][ T5858] Bluetooth: hci0: command tx timeout [ 642.319465][ T5928] hsr_slave_0: left promiscuous mode [ 642.535142][ T8336] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 643.480068][ T5928] hsr_slave_1: left promiscuous mode [ 643.552336][ T5928] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 643.587207][ T5928] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 643.954614][ T5928] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 644.067178][ T5928] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 644.220496][ T5921] usb 3-1: new full-speed USB device number 12 using dummy_hcd [ 644.244181][ T8346] syz.4.593: attempt to access beyond end of device [ 644.244181][ T8346] nbd4: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 644.258059][ T8346] gfs2: error -5 reading superblock [ 644.432494][ T5921] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 644.488612][ T5928] veth1_macvtap: left promiscuous mode [ 644.518015][ T5928] veth0_macvtap: left promiscuous mode [ 644.540203][ T5928] veth1_vlan: left promiscuous mode [ 644.740634][ T5921] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 644.750918][ T5921] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 644.760994][ T5928] veth0_vlan: left promiscuous mode [ 644.761875][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 646.011724][ T5921] usb 3-1: config 0 descriptor?? [ 646.018991][ T5921] hub 3-1:0.0: USB hub found [ 646.287559][ T5921] hub 3-1:0.0: 1 port detected [ 646.484858][ T8355] binder: BINDER_SET_CONTEXT_MGR already set [ 646.491330][ T8355] binder: 8354:8355 ioctl 4018620d 20000040 returned -16 [ 647.775105][ T8363] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 647.777713][ T8361] ceph: No mds server is up or the cluster is laggy [ 647.796786][ T5978] libceph: connect (1)[c::]:6789 error -101 [ 647.802997][ T5978] libceph: mon0 (1)[c::]:6789 connect error [ 648.088679][ T5921] hub 3-1:0.0: activate --> -90 [ 648.127260][ T5921] libceph: connect (1)[c::]:6789 error -101 [ 648.150125][ T5921] libceph: mon0 (1)[c::]:6789 connect error [ 648.205925][ T5921] hub 3-1:0.0: hub_ext_port_status failed (err = -71) [ 648.230536][ T967] usb 3-1: USB disconnect, device number 12 [ 648.393891][ T5921] usb 3-1: Failed to suspend device, error -19 [ 651.448799][ T8435] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 651.449261][ T8437] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 654.824691][ T5928] team0 (unregistering): Port device team_slave_1 removed [ 654.908114][ T5928] team0 (unregistering): Port device team_slave_0 removed [ 655.100484][ T8457] 9pnet_fd: Insufficient options for proto=fd [ 658.719686][ T8200] chnl_net:caif_netlink_parms(): no params data found [ 660.748828][ T29] audit: type=1326 audit(1734313641.066:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8548 comm="syz.3.616" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc7d2185d19 code=0x0 [ 660.809177][ T8015] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 662.861044][ T8558] syz.6.617: attempt to access beyond end of device [ 662.861044][ T8558] nbd6: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 662.875213][ T8558] gfs2: error -5 reading superblock [ 662.918893][ T8015] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 663.172644][ T8200] bridge0: port 1(bridge_slave_0) entered blocking state [ 663.268011][ T8200] bridge0: port 1(bridge_slave_0) entered disabled state [ 663.378990][ T8200] bridge_slave_0: entered allmulticast mode [ 663.551561][ T8200] bridge_slave_0: entered promiscuous mode [ 663.682544][ T8200] bridge0: port 2(bridge_slave_1) entered blocking state [ 663.689704][ T8200] bridge0: port 2(bridge_slave_1) entered disabled state [ 664.791253][ T8200] bridge_slave_1: entered allmulticast mode [ 664.798432][ T8200] bridge_slave_1: entered promiscuous mode [ 664.843835][ T8015] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 664.894432][ T8015] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 665.178430][ T8200] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 665.282136][ T8200] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 665.565258][ T29] audit: type=1326 audit(1734313645.826:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8577 comm="syz.4.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc197b85d19 code=0x7ffc0000 [ 666.254734][ T29] audit: type=1326 audit(1734313645.826:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8577 comm="syz.4.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc197b85d19 code=0x7ffc0000 [ 666.581697][ T29] audit: type=1326 audit(1734313645.826:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8577 comm="syz.4.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc197b85d19 code=0x7ffc0000 [ 666.604331][ T29] audit: type=1326 audit(1734313645.826:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8577 comm="syz.4.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc197b85d19 code=0x7ffc0000 [ 667.032708][ T29] audit: type=1326 audit(1734313645.826:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8577 comm="syz.4.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc197b85d19 code=0x7ffc0000 [ 667.055046][ T29] audit: type=1326 audit(1734313645.826:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8577 comm="syz.4.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc197b87c37 code=0x7ffc0000 [ 667.077326][ T29] audit: type=1326 audit(1734313645.826:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8577 comm="syz.4.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fc197b87bac code=0x7ffc0000 [ 667.100533][ T29] audit: type=1326 audit(1734313645.826:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8577 comm="syz.4.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fc197b87ae4 code=0x7ffc0000 [ 667.122913][ T29] audit: type=1326 audit(1734313645.826:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8577 comm="syz.4.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fc197b87ae4 code=0x7ffc0000 [ 667.145255][ T29] audit: type=1326 audit(1734313645.826:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8577 comm="syz.4.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fc197b8497a code=0x7ffc0000 [ 667.167399][ T29] audit: type=1326 audit(1734313645.826:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8577 comm="syz.4.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc197b85d19 code=0x7ffc0000 [ 668.291223][ T8200] team0: Port device team_slave_0 added [ 668.552982][ T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 668.570442][ T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 668.616823][ T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 668.640786][ T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 668.642506][ T8200] team0: Port device team_slave_1 added [ 668.668201][ T54] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 668.681542][ T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 668.695394][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 668.942710][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 669.751835][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 669.761889][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 669.791679][ T5961] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 670.172293][ T5858] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 670.179693][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 671.237192][ T8623] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 671.242039][ T5961] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 671.243183][ T8623] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 671.254071][ T5961] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 671.788893][ T5961] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 671.802563][ T5961] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 671.891225][ T5961] usb 3-1: config 0 descriptor?? [ 672.236012][ T54] Bluetooth: hci2: command tx timeout [ 673.466015][ T5961] usbhid 3-1:0.0: can't add hid device: -71 [ 673.472315][ T5961] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 674.286349][ T5961] usb 3-1: USB disconnect, device number 13 [ 675.320227][ T29] kauditd_printk_skb: 17 callbacks suppressed [ 675.320254][ T29] audit: type=1326 audit(1734313655.126:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8633 comm="syz.2.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8f5985d19 code=0x7ffc0000 [ 675.410330][ T29] audit: type=1326 audit(1734313655.136:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8633 comm="syz.2.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8f5985d19 code=0x7ffc0000 [ 675.433158][ T29] audit: type=1326 audit(1734313655.136:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8633 comm="syz.2.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc8f5985d19 code=0x7ffc0000 [ 675.688239][ T29] audit: type=1326 audit(1734313655.136:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8633 comm="syz.2.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8f5985d19 code=0x7ffc0000 [ 675.751307][ T29] audit: type=1326 audit(1734313655.136:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8633 comm="syz.2.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8f5985d19 code=0x7ffc0000 [ 675.774248][ T29] audit: type=1326 audit(1734313655.146:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8633 comm="syz.2.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc8f5987c37 code=0x7ffc0000 [ 675.810074][ T29] audit: type=1326 audit(1734313655.146:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8633 comm="syz.2.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fc8f5987bac code=0x7ffc0000 [ 675.921077][ T29] audit: type=1326 audit(1734313655.146:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8633 comm="syz.2.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fc8f5987ae4 code=0x7ffc0000 [ 676.042548][ T29] audit: type=1326 audit(1734313655.156:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8633 comm="syz.2.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fc8f5987ae4 code=0x7ffc0000 [ 676.273258][ T8200] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 676.530207][ T8200] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 676.594749][ T29] audit: type=1326 audit(1734313655.156:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8633 comm="syz.2.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fc8f598497a code=0x7ffc0000 [ 676.960046][ T8200] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 677.049997][ T8200] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 677.057011][ T8200] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 677.225826][ T8200] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 680.660785][ T8200] hsr_slave_0: entered promiscuous mode [ 680.695943][ T8200] hsr_slave_1: entered promiscuous mode [ 680.717404][ T8200] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 680.740164][ T8200] Cannot create hsr debugfs directory [ 684.211050][ T5928] bridge_slave_1: left allmulticast mode [ 684.260022][ T5928] bridge_slave_1: left promiscuous mode [ 684.266957][ T5928] bridge0: port 2(bridge_slave_1) entered disabled state [ 684.337898][ T5928] bridge_slave_0: left allmulticast mode [ 684.348776][ T5928] bridge_slave_0: left promiscuous mode [ 684.391774][ T5928] bridge0: port 1(bridge_slave_0) entered disabled state [ 684.620137][ T5961] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 684.785184][ T5961] usb 3-1: config 0 has an invalid interface number: 238 but max is 0 [ 684.803727][ T5960] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 684.827090][ T5961] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 684.854439][ T5961] usb 3-1: config 0 has no interface number 0 [ 684.879169][ T5961] usb 3-1: config 0 interface 238 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 684.936941][ T5961] usb 3-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c9.e5 [ 684.954286][ T5961] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 684.972633][ T5961] usb 3-1: Product: syz [ 684.976855][ T5961] usb 3-1: Manufacturer: syz [ 684.993536][ T5960] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 685.026037][ T5960] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 685.040370][ T5961] usb 3-1: SerialNumber: syz [ 685.062059][ T5961] usb 3-1: config 0 descriptor?? [ 685.070087][ T5960] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 685.102820][ T5961] xr_serial 3-1:0.238: skipping garbage [ 685.132618][ T5960] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 685.162767][ T5960] usb 5-1: config 0 descriptor?? [ 685.319806][ T967] usb 3-1: USB disconnect, device number 14 [ 685.440954][ T5928] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 685.455157][ T5928] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 685.470088][ T5928] bond0 (unregistering): Released all slaves [ 685.591938][ T5960] hid (null): bogus close delimiter [ 685.768191][ T5928] hsr_slave_0: left promiscuous mode [ 685.791246][ T5928] hsr_slave_1: left promiscuous mode [ 685.800105][ T5960] usb 5-1: string descriptor 0 read error: -22 [ 685.814470][ T5928] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 685.874927][ T5928] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 686.249307][ T5960] uclogic 0003:256C:006D.0004: failed retrieving string descriptor #100: -71 [ 686.287134][ T5960] uclogic 0003:256C:006D.0004: failed retrieving pen parameters: -71 [ 686.319354][ T5960] uclogic 0003:256C:006D.0004: failed probing pen v1 parameters: -71 [ 686.330937][ T46] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 686.348447][ T5960] uclogic 0003:256C:006D.0004: failed probing parameters: -71 [ 686.378763][ T5960] uclogic 0003:256C:006D.0004: probe with driver uclogic failed with error -71 [ 686.412380][ T5960] usb 5-1: USB disconnect, device number 18 [ 686.500868][ T46] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 686.568439][ T46] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 686.579169][ T46] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 686.598846][ T5928] team0 (unregistering): Port device team_slave_1 removed [ 686.624862][ T46] usb 3-1: config 0 interface 0 has no altsetting 0 [ 686.649898][ T46] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 686.672106][ T46] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 686.687165][ T46] usb 3-1: config 0 interface 0 has no altsetting 0 [ 686.697479][ T46] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 686.707203][ T5928] team0 (unregistering): Port device team_slave_0 removed [ 686.731022][ T46] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 686.743759][ T46] usb 3-1: config 0 interface 0 has no altsetting 0 [ 686.760119][ T46] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 686.769129][ T46] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 686.788393][ T46] usb 3-1: config 0 interface 0 has no altsetting 0 [ 686.802681][ T46] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 686.823256][ T46] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 686.835492][ T46] usb 3-1: config 0 interface 0 has no altsetting 0 [ 686.850748][ T46] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 686.905474][ T46] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 686.933685][ T46] usb 3-1: config 0 interface 0 has no altsetting 0 [ 686.954793][ T46] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 687.010978][ T46] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 687.042387][ T46] usb 3-1: config 0 interface 0 has no altsetting 0 [ 687.068486][ T46] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 687.095911][ T46] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 687.107595][ T46] usb 3-1: config 0 interface 0 has no altsetting 0 [ 687.118093][ T46] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 687.127782][ T46] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 687.136586][ T46] usb 3-1: Product: syz [ 687.145875][ T46] usb 3-1: Manufacturer: syz [ 687.911078][ T46] usb 3-1: SerialNumber: syz [ 687.960978][ T46] usb 3-1: config 0 descriptor?? [ 688.123469][ T46] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0 [ 688.401399][ T46] usb 3-1: USB disconnect, device number 15 [ 689.156816][ T46] yurex 3-1:0.0: USB YUREX #0 now disconnected [ 689.544457][ T5858] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 689.578425][ T5858] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 689.587168][ T5858] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 689.607670][ T5858] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 689.616067][ T5858] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 689.690942][ T5858] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 690.195000][ T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 690.219828][ T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 690.623003][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 690.629378][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 690.636494][ T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 690.656849][ T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 690.667363][ T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 690.675484][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 692.447415][ T8834] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 692.453456][ T8834] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 692.710329][ C1] ------------[ cut here ]------------ [ 692.716205][ C1] WARNING: CPU: 1 PID: 0 at kernel/workqueue.c:2257 __queue_work+0xc3a/0x1080 [ 692.725140][ C1] Modules linked in: [ 692.729070][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.13.0-rc2-syzkaller-00362-g2d8308bf5b67 #0 [ 692.739711][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 692.749807][ C1] RIP: 0010:__queue_work+0xc3a/0x1080 [ 692.755245][ C1] Code: 07 83 c0 03 38 d0 7c 09 84 d2 74 05 e8 af bb 98 00 8b 5b 2c 31 ff 83 e3 20 89 de e8 20 e9 36 00 85 db 75 60 e8 d7 e6 36 00 90 <0f> 0b 90 e9 f9 f7 ff ff e8 c9 e6 36 00 90 0f 0b 90 e9 7e f6 ff ff [ 692.774996][ C1] RSP: 0018:ffffc90000a18be8 EFLAGS: 00010046 [ 692.781122][ C1] RAX: 0000000000000000 RBX: 0000000000000100 RCX: ffffffff81631bc1 [ 692.789318][ C1] RDX: ffff88801d6f0000 RSI: ffffffff81631c19 RDI: 0000000000000005 [ 692.797338][ C1] RBP: ffff88805e248930 R08: 0000000000000005 R09: 0000000000000000 [ 692.805355][ C1] R10: 0000000000000100 R11: 0000000000000000 R12: 1ffff9200014318f [ 692.813374][ C1] R13: 0000000000000001 R14: 0000000080000101 R15: ffff888022b25000 [ 692.821400][ C1] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 692.830385][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 692.837043][ C1] CR2: 0000001b31dfaff8 CR3: 0000000012f90000 CR4: 0000000000350ef0 [ 692.845145][ C1] Call Trace: [ 692.848542][ C1] [ 692.851421][ C1] ? __warn+0xea/0x3c0 [ 692.855800][ C1] ? __queue_work+0xc3a/0x1080 [ 692.860634][ C1] ? report_bug+0x3c0/0x580 [ 692.865302][ C1] ? handle_bug+0x54/0xa0 [ 692.869708][ C1] ? exc_invalid_op+0x17/0x50 [ 692.874466][ C1] ? asm_exc_invalid_op+0x1a/0x20 [ 692.879750][ C1] ? __queue_work+0xbe1/0x1080 [ 692.884575][ C1] ? __queue_work+0xc39/0x1080 [ 692.889403][ C1] ? __queue_work+0xc3a/0x1080 [ 692.894231][ C1] ? __queue_work+0xc39/0x1080 [ 692.899064][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 692.904783][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 692.910497][ C1] ? lock_acquire+0x2f/0xb0 [ 692.915061][ C1] ? call_timer_fn+0x11a/0x610 [ 692.919888][ C1] call_timer_fn+0x1a3/0x610 [ 692.924528][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 692.930427][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 692.935615][ C1] ? __pfx_lock_release+0x10/0x10 [ 692.940717][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 692.946167][ C1] ? lock_acquire+0x2f/0xb0 [ 692.950733][ C1] ? __run_timers+0x572/0x930 [ 692.955471][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 692.961359][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 692.967239][ C1] __run_timers+0x56a/0x930 [ 692.971820][ C1] ? __pfx___run_timers+0x10/0x10 [ 692.976932][ C1] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 692.982635][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 692.988349][ C1] ? rcu_is_watching+0x12/0xc0 [ 692.993196][ C1] ? lock_acquire+0x2f/0xb0 [ 692.997757][ C1] ? run_timer_base+0x10c/0x190 [ 693.002681][ C1] run_timer_base+0x114/0x190 [ 693.007418][ C1] ? __pfx_run_timer_base+0x10/0x10 [ 693.012682][ C1] run_timer_softirq+0x1a/0x40 [ 693.017507][ C1] handle_softirqs+0x216/0x8f0 [ 693.022345][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 693.027705][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 693.033615][ C1] __irq_exit_rcu+0x109/0x170 [ 693.038405][ C1] irq_exit_rcu+0x9/0x30 [ 693.042724][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 693.048616][ C1] [ 693.051599][ C1] [ 693.054573][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 693.060813][ C1] RIP: 0010:acpi_safe_halt+0x1a/0x20 [ 693.066266][ C1] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 65 48 8b 05 f8 a6 dc 74 48 8b 00 a8 08 75 0c eb 07 0f 00 2d 48 3e b6 00 fb f4 e9 ab 0d 29 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 693.085939][ C1] RSP: 0018:ffffc900001a7d58 EFLAGS: 00000246 [ 693.092067][ C1] RAX: 0000000000004000 RBX: 0000000000000001 RCX: ffffffff8b271679 [ 693.100089][ C1] RDX: 0000000000000001 RSI: ffff888143aff800 RDI: ffff888143aff864 [ 693.108112][ C1] RBP: ffff888143aff864 R08: 0000000000000001 R09: ffffed10170e6fed [ 693.116132][ C1] R10: ffff8880b8737f6b R11: 0000000000000000 R12: ffff88801fff9000 [ 693.124243][ C1] R13: ffffffff8ee18360 R14: 0000000000000001 R15: 0000000000000000 [ 693.132603][ C1] ? ct_kernel_exit+0x139/0x190 [ 693.137535][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 693.143251][ C1] acpi_idle_enter+0xc5/0x160 [ 693.148013][ C1] cpuidle_enter_state+0xad/0x4f0 [ 693.153118][ C1] ? __pfx_tsc_verify_tsc_adjust+0x10/0x10 [ 693.158988][ C1] cpuidle_enter+0x4e/0xa0 [ 693.163490][ C1] do_idle+0x310/0x3f0 [ 693.167617][ C1] ? __pfx_do_idle+0x10/0x10 [ 693.172278][ C1] cpu_startup_entry+0x4f/0x60 [ 693.177103][ C1] start_secondary+0x222/0x2b0 [ 693.181943][ C1] ? __pfx_start_secondary+0x10/0x10 [ 693.187315][ C1] common_startup_64+0x13e/0x148 [ 693.192342][ C1] [ 693.195410][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 693.202720][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.13.0-rc2-syzkaller-00362-g2d8308bf5b67 #0 [ 693.213098][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 693.223277][ C1] Call Trace: [ 693.226590][ C1] [ 693.229463][ C1] dump_stack_lvl+0x3d/0x1f0 [ 693.234127][ C1] panic+0x71d/0x800 [ 693.238096][ C1] ? __pfx_panic+0x10/0x10 [ 693.242590][ C1] ? show_trace_log_lvl+0x29d/0x3d0 [ 693.247938][ C1] ? check_panic_on_warn+0x1f/0xb0 [ 693.253130][ C1] ? __queue_work+0xc3a/0x1080 [ 693.257952][ C1] check_panic_on_warn+0xab/0xb0 [ 693.262969][ C1] __warn+0xf6/0x3c0 [ 693.267083][ C1] ? __queue_work+0xc3a/0x1080 [ 693.271906][ C1] report_bug+0x3c0/0x580 [ 693.276299][ C1] handle_bug+0x54/0xa0 [ 693.280528][ C1] exc_invalid_op+0x17/0x50 [ 693.285112][ C1] asm_exc_invalid_op+0x1a/0x20 [ 693.290027][ C1] RIP: 0010:__queue_work+0xc3a/0x1080 [ 693.295461][ C1] Code: 07 83 c0 03 38 d0 7c 09 84 d2 74 05 e8 af bb 98 00 8b 5b 2c 31 ff 83 e3 20 89 de e8 20 e9 36 00 85 db 75 60 e8 d7 e6 36 00 90 <0f> 0b 90 e9 f9 f7 ff ff e8 c9 e6 36 00 90 0f 0b 90 e9 7e f6 ff ff [ 693.315384][ C1] RSP: 0018:ffffc90000a18be8 EFLAGS: 00010046 [ 693.321588][ C1] RAX: 0000000000000000 RBX: 0000000000000100 RCX: ffffffff81631bc1 [ 693.329603][ C1] RDX: ffff88801d6f0000 RSI: ffffffff81631c19 RDI: 0000000000000005 [ 693.337619][ C1] RBP: ffff88805e248930 R08: 0000000000000005 R09: 0000000000000000 [ 693.345631][ C1] R10: 0000000000000100 R11: 0000000000000000 R12: 1ffff9200014318f [ 693.353641][ C1] R13: 0000000000000001 R14: 0000000080000101 R15: ffff888022b25000 [ 693.361664][ C1] ? __queue_work+0xbe1/0x1080 [ 693.366480][ C1] ? __queue_work+0xc39/0x1080 [ 693.371300][ C1] ? __queue_work+0xc39/0x1080 [ 693.376119][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 693.381836][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 693.387551][ C1] ? lock_acquire+0x2f/0xb0 [ 693.392106][ C1] ? call_timer_fn+0x11a/0x610 [ 693.396924][ C1] call_timer_fn+0x1a3/0x610 [ 693.401562][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 693.407424][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 693.412931][ C1] ? __pfx_lock_release+0x10/0x10 [ 693.418013][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 693.423443][ C1] ? lock_acquire+0x2f/0xb0 [ 693.427994][ C1] ? __run_timers+0x572/0x930 [ 693.432732][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 693.438596][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 693.444557][ C1] __run_timers+0x56a/0x930 [ 693.449197][ C1] ? __pfx___run_timers+0x10/0x10 [ 693.454247][ C1] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 693.459905][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 693.465594][ C1] ? rcu_is_watching+0x12/0xc0 [ 693.470399][ C1] ? lock_acquire+0x2f/0xb0 [ 693.474927][ C1] ? run_timer_base+0x10c/0x190 [ 693.479803][ C1] run_timer_base+0x114/0x190 [ 693.484513][ C1] ? __pfx_run_timer_base+0x10/0x10 [ 693.489774][ C1] run_timer_softirq+0x1a/0x40 [ 693.494596][ C1] handle_softirqs+0x216/0x8f0 [ 693.499431][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 693.504784][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 693.510497][ C1] __irq_exit_rcu+0x109/0x170 [ 693.515234][ C1] irq_exit_rcu+0x9/0x30 [ 693.519528][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 693.525210][ C1] [ 693.528156][ C1] [ 693.531108][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 693.537142][ C1] RIP: 0010:acpi_safe_halt+0x1a/0x20 [ 693.542484][ C1] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 65 48 8b 05 f8 a6 dc 74 48 8b 00 a8 08 75 0c eb 07 0f 00 2d 48 3e b6 00 fb f4 e9 ab 0d 29 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 693.562228][ C1] RSP: 0018:ffffc900001a7d58 EFLAGS: 00000246 [ 693.568626][ C1] RAX: 0000000000004000 RBX: 0000000000000001 RCX: ffffffff8b271679 [ 693.576721][ C1] RDX: 0000000000000001 RSI: ffff888143aff800 RDI: ffff888143aff864 [ 693.584727][ C1] RBP: ffff888143aff864 R08: 0000000000000001 R09: ffffed10170e6fed [ 693.592832][ C1] R10: ffff8880b8737f6b R11: 0000000000000000 R12: ffff88801fff9000 [ 693.600846][ C1] R13: ffffffff8ee18360 R14: 0000000000000001 R15: 0000000000000000 [ 693.608859][ C1] ? ct_kernel_exit+0x139/0x190 [ 693.613775][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 693.619469][ C1] acpi_idle_enter+0xc5/0x160 [ 693.624213][ C1] cpuidle_enter_state+0xad/0x4f0 [ 693.629293][ C1] ? __pfx_tsc_verify_tsc_adjust+0x10/0x10 [ 693.635148][ C1] cpuidle_enter+0x4e/0xa0 [ 693.639625][ C1] do_idle+0x310/0x3f0 [ 693.643821][ C1] ? __pfx_do_idle+0x10/0x10 [ 693.648459][ C1] cpu_startup_entry+0x4f/0x60 [ 693.653349][ C1] start_secondary+0x222/0x2b0 [ 693.658168][ C1] ? __pfx_start_secondary+0x10/0x10 [ 693.663519][ C1] common_startup_64+0x13e/0x148 [ 693.668523][ C1] [ 693.671793][ C1] Kernel Offset: disabled [ 693.676185][ C1] Rebooting in 86400 seconds..