last executing test programs: 2m22.187461928s ago: executing program 4 (id=5): r0 = io_uring_setup(0x7534, &(0x7f00000003c0)={0x0, 0x48c7, 0x80, 0x0, 0xffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f0000002480)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) write$FUSE_INIT(r1, &(0x7f0000002300)={0x50, 0x0, r2, {0x7, 0x9, 0x1, 0x61821022, 0x0, 0xfffe, 0x6, 0x4, 0x0, 0x0, 0x4, 0x4}}, 0x50) read$FUSE(r1, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r1, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r3}, 0x10) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1cd042, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r5) close_range(r0, 0xffffffffffffffff, 0x0) 2m20.120335845s ago: executing program 4 (id=15): mmap(&(0x7f000000c000/0x2000)=nil, 0x2000, 0x0, 0x11, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, 0x0}, 0x94) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{}, &(0x7f0000000240), &(0x7f00000006c0)=r3}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20) 2m11.778255298s ago: executing program 4 (id=25): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$key(0xf, 0x3, 0x2) r3 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x413, &(0x7f0000000340)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x8000}}) 1m56.581202751s ago: executing program 32 (id=25): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$key(0xf, 0x3, 0x2) r3 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x413, &(0x7f0000000340)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x8000}}) 40.145193375s ago: executing program 0 (id=120): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) syz_usb_connect(0x2, 0x2d, &(0x7f0000000a00)=ANY=[@ANYBLOB="120100000c9768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x3}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1f, 0xc, &(0x7f0000000500)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x7e}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x101}}]}, &(0x7f00000000c0)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x18, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xebfb}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r5, 0xe0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001400), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x62, 0x8, 0x0, 0x0}}, 0x10) 35.435533006s ago: executing program 0 (id=123): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, 0x0, &(0x7f00000005c0)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x1, 0x4, 0x12}, 0x50) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) r5 = syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x202) ioctl$SCSI_IOCTL_PROBE_HOST(r5, 0x5385, &(0x7f0000000000)={0x8d, ""/141}) ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, 0x0) 32.770461138s ago: executing program 0 (id=127): ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000340)={&(0x7f0000000200), 0x0, 0x0, 0x0}) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0xfffffffffffffff9) add_key(&(0x7f0000000140)='encrypted\x00', 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffe) fsopen(&(0x7f0000000280)='nfs\x00', 0x1) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc058534f, &(0x7f0000002380)={{0x0, 0x1}, 0x0, 0x1000000, 0x2, {0x4, 0x1}, 0x3, 0x800}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]}) openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f0000000040), 0x3, r7}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000380)={0x200, 0x1, &(0x7f0000000440)=[r7], &(0x7f0000000200), &(0x7f0000000300)=[r8], &(0x7f0000000340)}) 31.35419244s ago: executing program 0 (id=129): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000002340)='mountstats\x00') read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020}, 0x2020) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) close(r4) r5 = socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000300)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000a40)={0x68, r7, 0xb7a006d1969b963b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_FRAME={0x4a, 0x33, @probe_request={{{}, {}, @device_b, @device_b, @from_mac}, @val={0x0, 0x6, @default_ibss_ssid}, @val, @void, @val={0x2d, 0x1a, {0x8000, 0x3, 0x6, 0x0, {0x6, 0xd, 0x0, 0xc0, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x400, 0x95ce, 0xe9}}, @val={0x72, 0x6}}}]}, 0x68}}, 0x14) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b06, 0x0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000040)='binder\x00', 0x2200892, 0x0) pread64(r3, &(0x7f0000002380)=""/253, 0xfd, 0x4eb) r9 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r9, &(0x7f0000000000)={0x24, @short={0x2, 0x1, 0xfffe}}, 0x14) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) fallocate(0xffffffffffffffff, 0x0, 0x7ff, 0x800b) 28.6306763s ago: executing program 0 (id=130): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_COPY(r4, 0x3b83, &(0x7f0000000380)={0x28, 0x2, 0x0, 0x0, 0x10001000, 0x5, 0x9}) 24.639638686s ago: executing program 0 (id=139): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000002340)='mountstats\x00') read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020}, 0x2020) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) close(r4) r5 = socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000300)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000a40)={0x68, r7, 0xb7a006d1969b963b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_FRAME={0x4a, 0x33, @probe_request={{{}, {}, @device_b, @device_b, @from_mac}, @val={0x0, 0x6, @default_ibss_ssid}, @val, @void, @val={0x2d, 0x1a, {0x8000, 0x3, 0x6, 0x0, {0x6, 0xd, 0x0, 0xc0, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x400, 0x95ce, 0xe9}}, @val={0x72, 0x6}}}]}, 0x68}}, 0x14) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b06, 0x0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000040)='binder\x00', 0x2200892, 0x0) pread64(r3, &(0x7f0000002380)=""/253, 0xfd, 0x4eb) r9 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r9, &(0x7f0000000000)={0x24, @short={0x2, 0x1, 0xfffe}}, 0x14) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) fallocate(r10, 0x0, 0x7ff, 0x800b) 14.506381033s ago: executing program 3 (id=149): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r0 = syz_io_uring_setup(0x12f, 0x0, &(0x7f0000000240)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x48, 0x4000, @fd_index=0x3, 0x5, 0x0, 0x0, 0x2}) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) 14.342894027s ago: executing program 3 (id=150): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) socket$nl_generic(0x10, 0x3, 0x10) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) unshare(0x2c020400) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x24, 0x0, 0x0) 13.025610185s ago: executing program 3 (id=152): socket$inet(0x2, 0x5, 0x207) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x20802, 0x0) ioctl$TCXONC(r0, 0x540a, 0x2) 12.283701154s ago: executing program 2 (id=153): r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x2) 10.597607682s ago: executing program 2 (id=155): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) r5 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r5, 0x42, 0x1ff) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x413, &(0x7f0000000340)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x8000}}) read$FUSE(r6, &(0x7f0000002100)={0x2020}, 0x2020) 9.748543013s ago: executing program 3 (id=156): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x12, {"f4", 0x1}}], 0x12}) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x1c, 0x0, 0x20) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000340)={@cgroup, r3, 0x2f, 0x8, 0x4}, 0x20) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r5 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x109900, 0x100) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SAVE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x10) getdents64(r5, &(0x7f0000000200)=""/88, 0x58) fsetxattr$security_capability(r5, &(0x7f0000000480), &(0x7f0000000280)=@v2={0x2000000, [{0x3, 0x7}, {0x7, 0x7}]}, 0x14, 0x3) setsockopt(0xffffffffffffffff, 0x84, 0x80, &(0x7f0000000000)="f89fcfb587a4792b", 0x8) ioctl$KVM_SET_MEMORY_ATTRIBUTES(r5, 0x4020aed2, &(0x7f0000000100)={0x0, 0x15000, 0x8}) setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f00000005c0)={0x7, {{0xa, 0x4e22, 0x8, @private1={0xfc, 0x1, '\x00', 0x1}, 0x80000001}}, 0x1, 0x3, [{{0xa, 0x4e23, 0x200, @remote, 0x7}}, {{0xa, 0x4e24, 0x8, @mcast2, 0x3}}, {{0xa, 0x4e21, 0xb, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x1000}}]}, 0x210) sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="180000002e0001ff070000000000000006"], 0x18}], 0x1, 0x0, 0x0, 0x84}, 0x300) r7 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r7, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x7, 0x0, 0x6, "750538d1ee602ec4802a04ea7cdcd151bb2cd9893bc31f80718336d9bd3517076db9ad1f6a120d8be6d7f81cd81ec275000386e7d95f0669b740a5418d69d0", 0x10000000000001}, 0x60) r8 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$nfc_llcp(r8, &(0x7f0000001040)={0x27, 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x0, "d92984bd1ca44c226af5160e961711a077609475b78411e88509de050000000000f2170e65e3f50327e422000000000000000000000200000000001900", 0x3c}, 0x60) 9.167165916s ago: executing program 33 (id=139): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000002340)='mountstats\x00') read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020}, 0x2020) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) close(r4) r5 = socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000300)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000a40)={0x68, r7, 0xb7a006d1969b963b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_FRAME={0x4a, 0x33, @probe_request={{{}, {}, @device_b, @device_b, @from_mac}, @val={0x0, 0x6, @default_ibss_ssid}, @val, @void, @val={0x2d, 0x1a, {0x8000, 0x3, 0x6, 0x0, {0x6, 0xd, 0x0, 0xc0, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x400, 0x95ce, 0xe9}}, @val={0x72, 0x6}}}]}, 0x68}}, 0x14) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b06, 0x0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000040)='binder\x00', 0x2200892, 0x0) pread64(r3, &(0x7f0000002380)=""/253, 0xfd, 0x4eb) r9 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r9, &(0x7f0000000000)={0x24, @short={0x2, 0x1, 0xfffe}}, 0x14) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) fallocate(r10, 0x0, 0x7ff, 0x800b) 8.978012812s ago: executing program 2 (id=158): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000a80)=[{&(0x7f0000003080)=@in={0x2, 0x4e23, @rand_addr=0x64010102}, 0x10, &(0x7f00000030c0)=[{&(0x7f0000005d00)="ec", 0x1}], 0x1, 0x0, 0x0, 0x90}], 0x1, 0x1) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, &(0x7f00000005c0)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x1, 0x4, 0x12}, 0x50) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) r3 = syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x202) ioctl$SCSI_IOCTL_PROBE_HOST(r3, 0x5385, &(0x7f0000000000)={0x8d, ""/141}) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, 0x0) 7.93101103s ago: executing program 1 (id=159): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r0 = syz_io_uring_setup(0x12f, &(0x7f0000000340)={0x0, 0xfad9, 0x400}, 0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x48, 0x4000, @fd_index=0x3, 0x5, 0x0, 0x0, 0x2}) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) 7.916958167s ago: executing program 3 (id=160): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) r5 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r5, 0x42, 0x1ff) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x413, &(0x7f0000000340)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x8000}}) read$FUSE(r6, &(0x7f0000002100)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r6, &(0x7f0000000200)={0x10, 0x0, r7}, 0x10) 5.007490049s ago: executing program 3 (id=161): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) r3 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x101400, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_RW$syz(r3, 0x3ba0, &(0x7f0000000200)={0x48, 0x8, r2, 0x0, 0x4, 0x21d251, 0x0, 0x0, 0x10005}) 5.004672442s ago: executing program 2 (id=162): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b037511bf746bec66ba", 0x994b6e03113064ae, 0x0, 0x0, 0x0) recvmsg(r0, &(0x7f0000000100)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f0000000780)=""/4108, 0x437aba2}], 0x1, 0x0, 0xfffffdee, 0x407006}, 0x104) 4.907935931s ago: executing program 1 (id=163): socket$inet(0x2, 0x5, 0x207) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x20802, 0x0) ioctl$TCXONC(r0, 0x540a, 0x2) 4.639588431s ago: executing program 1 (id=164): fcntl$setlease(0xffffffffffffffff, 0x400, 0x2) 3.414285158s ago: executing program 2 (id=165): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000002340)='mountstats\x00') read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020}, 0x2020) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) close(r4) r5 = socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000300)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000a40)={0x68, r7, 0xb7a006d1969b963b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_FRAME={0x4a, 0x33, @probe_request={{{}, {}, @device_b, @device_b, @from_mac}, @val={0x0, 0x6, @default_ibss_ssid}, @val, @void, @val={0x2d, 0x1a, {0x8000, 0x3, 0x6, 0x0, {0x6, 0xd, 0x0, 0xc0, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x400, 0x95ce, 0xe9}}, @val={0x72, 0x6}}}]}, 0x68}}, 0x14) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b06, 0x0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000040)='binder\x00', 0x2200892, 0x0) pread64(r3, &(0x7f0000002380)=""/253, 0xfd, 0x4eb) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) r10 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r10, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x28}, 0x8000) fallocate(r9, 0x0, 0x7ff, 0x800b) 3.329311348s ago: executing program 1 (id=166): syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x48e01) syz_io_uring_setup(0x70ca, &(0x7f0000000080)={0x0, 0x0, 0x4, 0x3, 0x17d}, &(0x7f0000000100), &(0x7f00000003c0)) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000) socket$inet_icmp_raw(0x2, 0x3, 0x1) 1.33577944s ago: executing program 1 (id=167): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b037511bf746bec66ba", 0x994b6e03113064ae, 0x0, 0x0, 0x0) 1.327623692s ago: executing program 2 (id=168): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x12, {"f4", 0x1}}], 0x12}) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x1c, 0x0, 0x20) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000340)={@cgroup, r3, 0x2f, 0x8, 0x4}, 0x20) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r5 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x109900, 0x100) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SAVE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x10) getdents64(r5, &(0x7f0000000200)=""/88, 0x58) fsetxattr$security_capability(r5, &(0x7f0000000480), &(0x7f0000000280)=@v2={0x2000000, [{0x3, 0x7}, {0x7, 0x7}]}, 0x14, 0x3) setsockopt(0xffffffffffffffff, 0x84, 0x80, &(0x7f0000000000)="f89fcfb587a4792b", 0x8) ioctl$KVM_SET_MEMORY_ATTRIBUTES(r5, 0x4020aed2, &(0x7f0000000100)={0x0, 0x15000, 0x8}) setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f00000005c0)={0x7, {{0xa, 0x4e22, 0x8, @private1={0xfc, 0x1, '\x00', 0x1}, 0x80000001}}, 0x1, 0x3, [{{0xa, 0x4e23, 0x200, @remote, 0x7}}, {{0xa, 0x4e24, 0x8, @mcast2, 0x3}}, {{0xa, 0x4e21, 0xb, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x1000}}]}, 0x210) sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="180000002e0001ff070000000000000006"], 0x18}], 0x1, 0x0, 0x0, 0x84}, 0x300) r7 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r7, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x7, 0x0, 0x6, "750538d1ee602ec4802a04ea7cdcd151bb2cd9893bc31f80718336d9bd3517076db9ad1f6a120d8be6d7f81cd81ec275000386e7d95f0669b740a5418d69d0", 0x10000000000001}, 0x60) r8 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$nfc_llcp(r8, &(0x7f0000001040)={0x27, 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x0, "d92984bd1ca44c226af5160e961711a077609475b78411e88509de050000000000f2170e65e3f50327e422000000000000000000000200000000001900", 0x3c}, 0x60) 0s ago: executing program 1 (id=169): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x9, 0x8b}, 0x0) write$dsp(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x15, 0x5, 0x0) getsockopt(r0, 0x200000000114, 0x271a, 0x0, &(0x7f0000000040)) ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x5001, 0xf2ffffff) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x3) sched_setaffinity(0x0, 0xfffffd10, &(0x7f0000000200)=0x2000000000006) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x3051c1, 0x0) read$msr(r1, &(0x7f0000004c00)=""/102392, 0x18ff8) syz_open_dev$vim2m(&(0x7f0000000100), 0x3, 0x2) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.62' (ED25519) to the list of known hosts. [ 74.007027][ T5784] cgroup: Unknown subsys name 'net' [ 74.267789][ T5784] cgroup: Unknown subsys name 'cpuset' [ 74.323593][ T5784] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 76.012694][ T5784] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 78.775598][ T5805] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 78.790596][ T5808] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 78.805745][ T5808] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 78.811642][ T5811] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 78.827072][ T5813] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 78.827127][ T5811] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 78.827245][ T5813] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 78.843293][ T5813] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 78.843381][ T5808] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 78.848842][ T5810] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 78.855231][ T5810] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 78.856303][ T5810] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 78.856553][ T5810] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 78.858412][ T5810] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 78.863332][ T5810] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 78.864585][ T5810] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 78.865478][ T5810] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 78.865934][ T5810] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 78.867313][ T5810] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 78.867941][ T5810] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 78.868716][ T5810] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 78.869325][ T5810] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 78.870301][ T5810] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.883131][ T5810] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 78.883696][ T5810] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 79.837600][ T5797] chnl_net:caif_netlink_parms(): no params data found [ 79.863218][ T5799] chnl_net:caif_netlink_parms(): no params data found [ 79.900145][ T5794] chnl_net:caif_netlink_parms(): no params data found [ 79.928277][ T5796] chnl_net:caif_netlink_parms(): no params data found [ 80.070062][ T5795] chnl_net:caif_netlink_parms(): no params data found [ 80.785348][ T5799] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.785440][ T5799] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.785772][ T5799] bridge_slave_0: entered allmulticast mode [ 80.787423][ T5799] bridge_slave_0: entered promiscuous mode [ 80.791312][ T5797] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.791432][ T5797] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.791596][ T5797] bridge_slave_0: entered allmulticast mode [ 80.795381][ T5797] bridge_slave_0: entered promiscuous mode [ 80.915359][ T5115] Bluetooth: hci4: command tx timeout [ 80.915369][ T61] Bluetooth: hci2: command tx timeout [ 80.926359][ T5799] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.926486][ T5799] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.926674][ T5799] bridge_slave_1: entered allmulticast mode [ 80.930450][ T5799] bridge_slave_1: entered promiscuous mode [ 80.935748][ T5797] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.935875][ T5797] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.936042][ T5797] bridge_slave_1: entered allmulticast mode [ 80.938698][ T5797] bridge_slave_1: entered promiscuous mode [ 80.993210][ T5115] Bluetooth: hci0: command tx timeout [ 80.993561][ T5115] Bluetooth: hci3: command tx timeout [ 80.993638][ T5115] Bluetooth: hci1: command tx timeout [ 81.124156][ T5794] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.124253][ T5794] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.124365][ T5794] bridge_slave_0: entered allmulticast mode [ 81.125903][ T5794] bridge_slave_0: entered promiscuous mode [ 81.264023][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.264127][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.264247][ T5796] bridge_slave_0: entered allmulticast mode [ 81.266047][ T5796] bridge_slave_0: entered promiscuous mode [ 81.323976][ T5794] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.324101][ T5794] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.324268][ T5794] bridge_slave_1: entered allmulticast mode [ 81.326132][ T5794] bridge_slave_1: entered promiscuous mode [ 81.443968][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.444090][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.444266][ T5796] bridge_slave_1: entered allmulticast mode [ 81.446067][ T5796] bridge_slave_1: entered promiscuous mode [ 81.446975][ T5795] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.447094][ T5795] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.447212][ T5795] bridge_slave_0: entered allmulticast mode [ 81.448935][ T5795] bridge_slave_0: entered promiscuous mode [ 81.527135][ T5799] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.530710][ T5797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.614289][ T5795] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.614367][ T5795] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.614482][ T5795] bridge_slave_1: entered allmulticast mode [ 81.615969][ T5795] bridge_slave_1: entered promiscuous mode [ 81.687188][ T5799] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.690620][ T5797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.857919][ T5794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.996616][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.276698][ T5794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.396695][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.400479][ T5795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.455386][ T5799] team0: Port device team_slave_0 added [ 82.457332][ T5797] team0: Port device team_slave_0 added [ 82.556289][ T5795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.646243][ T5799] team0: Port device team_slave_1 added [ 82.648492][ T5797] team0: Port device team_slave_1 added [ 82.795286][ T5794] team0: Port device team_slave_0 added [ 82.917016][ T5796] team0: Port device team_slave_0 added [ 82.993246][ T61] Bluetooth: hci4: command tx timeout [ 82.993283][ T61] Bluetooth: hci2: command tx timeout [ 82.996626][ T5794] team0: Port device team_slave_1 added [ 83.073230][ T5115] Bluetooth: hci3: command tx timeout [ 83.073252][ T5803] Bluetooth: hci1: command tx timeout [ 83.073336][ T61] Bluetooth: hci0: command tx timeout [ 83.165861][ T5796] team0: Port device team_slave_1 added [ 83.167680][ T5795] team0: Port device team_slave_0 added [ 83.495345][ T5799] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.495357][ T5799] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.495372][ T5799] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.497610][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.497623][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.497646][ T5797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.582619][ T5795] team0: Port device team_slave_1 added [ 83.654819][ T5799] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.654834][ T5799] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.654858][ T5799] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.656412][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.656423][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.656437][ T5797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.804472][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.804483][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.804497][ T5794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.822797][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.822813][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.822837][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.905033][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.905048][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.905072][ T5794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.908523][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.908537][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.908561][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.909872][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.909880][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.909893][ T5795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.937142][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.937157][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.937181][ T5795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.270482][ T5799] hsr_slave_0: entered promiscuous mode [ 84.271559][ T5799] hsr_slave_1: entered promiscuous mode [ 84.359310][ T5797] hsr_slave_0: entered promiscuous mode [ 84.360111][ T5797] hsr_slave_1: entered promiscuous mode [ 84.360787][ T5797] debugfs: 'hsr0' already exists in 'hsr' [ 84.360869][ T5797] Cannot create hsr debugfs directory [ 84.620136][ T5794] hsr_slave_0: entered promiscuous mode [ 84.620950][ T5794] hsr_slave_1: entered promiscuous mode [ 84.621482][ T5794] debugfs: 'hsr0' already exists in 'hsr' [ 84.621499][ T5794] Cannot create hsr debugfs directory [ 84.632026][ T5796] hsr_slave_0: entered promiscuous mode [ 84.634004][ T5796] hsr_slave_1: entered promiscuous mode [ 84.634938][ T5796] debugfs: 'hsr0' already exists in 'hsr' [ 84.634959][ T5796] Cannot create hsr debugfs directory [ 84.869022][ T5795] hsr_slave_0: entered promiscuous mode [ 84.869861][ T5795] hsr_slave_1: entered promiscuous mode [ 84.870395][ T5795] debugfs: 'hsr0' already exists in 'hsr' [ 84.870416][ T5795] Cannot create hsr debugfs directory [ 85.073245][ T5803] Bluetooth: hci4: command tx timeout [ 85.073344][ T61] Bluetooth: hci2: command tx timeout [ 85.153438][ T61] Bluetooth: hci0: command tx timeout [ 85.153459][ T5803] Bluetooth: hci1: command tx timeout [ 85.153482][ T5803] Bluetooth: hci3: command tx timeout [ 86.302128][ T5799] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 86.341462][ T5799] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 86.377748][ T5799] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 86.450689][ T5799] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 86.558443][ T5797] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 86.592289][ T5797] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 86.641790][ T5797] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 86.669824][ T5797] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 86.777864][ T993] cfg80211: failed to load regulatory.db [ 86.813531][ T5794] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 86.849186][ T5794] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 86.889536][ T5794] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 86.942236][ T5794] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 87.052185][ T5796] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 87.094743][ T5796] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 87.141225][ T5796] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 87.153399][ T5115] Bluetooth: hci4: command tx timeout [ 87.153446][ T61] Bluetooth: hci2: command tx timeout [ 87.196846][ T5796] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 87.233427][ T5115] Bluetooth: hci1: command tx timeout [ 87.233437][ T5803] Bluetooth: hci0: command tx timeout [ 87.233475][ T61] Bluetooth: hci3: command tx timeout [ 87.327875][ T5799] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.345529][ T5795] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 87.376699][ T5795] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 87.412573][ T5795] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 87.450631][ T5795] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 87.501190][ T5799] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.516755][ T5797] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.541550][ T1154] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.542200][ T1154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.591172][ T1154] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.591292][ T1154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.627583][ T5797] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.660652][ T1154] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.660782][ T1154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.707175][ T1154] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.707339][ T1154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.712399][ T5794] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.802672][ T5794] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.834287][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.834503][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.839202][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.887444][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.887608][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.965121][ T5796] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.985338][ T5795] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.008170][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.008371][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.065348][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.065493][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.157037][ T5795] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.199072][ T1154] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.199282][ T1154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.252962][ T1154] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.255394][ T1154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.306728][ T5799] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.496447][ T5797] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.547618][ T5799] veth0_vlan: entered promiscuous mode [ 88.576966][ T5799] veth1_vlan: entered promiscuous mode [ 88.736368][ T5799] veth0_macvtap: entered promiscuous mode [ 88.787277][ T5799] veth1_macvtap: entered promiscuous mode [ 88.882013][ T5794] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.898212][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.921005][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.973932][ T69] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.977441][ T69] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.980810][ T69] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.988732][ T69] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.234471][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.296444][ T5795] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.297495][ T5794] veth0_vlan: entered promiscuous mode [ 89.330700][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.330725][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.380943][ T5794] veth1_vlan: entered promiscuous mode [ 89.427629][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.427649][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.447468][ T5797] veth0_vlan: entered promiscuous mode [ 89.501000][ T5797] veth1_vlan: entered promiscuous mode [ 89.531493][ T5796] veth0_vlan: entered promiscuous mode [ 89.584938][ T5795] veth0_vlan: entered promiscuous mode [ 89.591020][ T5796] veth1_vlan: entered promiscuous mode [ 89.607260][ T5794] veth0_macvtap: entered promiscuous mode [ 89.642071][ T5794] veth1_macvtap: entered promiscuous mode [ 89.663806][ T5795] veth1_vlan: entered promiscuous mode [ 89.738101][ T5797] veth0_macvtap: entered promiscuous mode [ 89.756403][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.756901][ T5797] veth1_macvtap: entered promiscuous mode [ 89.773156][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 89.813181][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 89.823071][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 90.345142][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.507526][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 90.719664][ T5796] veth0_macvtap: entered promiscuous mode [ 90.731682][ T1154] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.743733][ T1154] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.754645][ T1154] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.789482][ T1154] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.810052][ T5921] syz.0.1 (5921) used greatest stack depth: 18744 bytes left [ 90.818007][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.819109][ T5795] veth0_macvtap: entered promiscuous mode [ 90.820986][ T5796] veth1_macvtap: entered promiscuous mode [ 90.963066][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 90.973066][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 90.983033][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 90.993041][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 91.003037][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 91.013036][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 91.046346][ T5795] veth1_macvtap: entered promiscuous mode [ 91.157606][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.217447][ T5928] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 91.217521][ T5928] CIFS mount error: No usable UNC path provided in device string! [ 91.217521][ T5928] [ 91.217749][ T5928] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 92.186477][ T1177] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.228211][ T1177] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.246175][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.265376][ T1177] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.270814][ T1177] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.289703][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.296230][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.231184][ T37] audit: type=1326 audit(1762929484.747:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5934 comm="syz.0.8" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f253fb5f6c9 code=0x0 [ 93.249722][ T1177] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.249742][ T1177] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.281485][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.568239][ T44] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.903567][ T59] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.135903][ T1477] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.170763][ T1477] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.228574][ T1477] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.257026][ T1477] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.276781][ T1477] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.276953][ T3662] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.276967][ T3662] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.303121][ T3662] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.511295][ T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.511316][ T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.367668][ C1] vkms_vblank_simulate: vblank timer overrun [ 96.602952][ C1] vkms_vblank_simulate: vblank timer overrun [ 96.741543][ C1] vkms_vblank_simulate: vblank timer overrun [ 97.362047][ C1] vkms_vblank_simulate: vblank timer overrun [ 97.586169][ T3662] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.586186][ T3662] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.723938][ T1177] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.723963][ T1177] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.893289][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.893307][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.943776][ T5889] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 98.017039][ T5940] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.017057][ T5940] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.098663][ C1] vkms_vblank_simulate: vblank timer overrun [ 98.144643][ T5889] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 98.144723][ T5889] usb 1-1: config 0 interface 0 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 98.144750][ T5889] usb 1-1: config 0 interface 0 has no altsetting 0 [ 98.144785][ T5889] usb 1-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 98.144808][ T5889] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.223563][ C1] vkms_vblank_simulate: vblank timer overrun [ 98.707898][ C1] vkms_vblank_simulate: vblank timer overrun [ 98.825903][ T5889] usb 1-1: config 0 descriptor?? [ 98.880269][ T5889] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 98.909943][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.909965][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.069976][ T5954] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 99.200997][ T37] audit: type=1326 audit(1762929490.717:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5953 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253fb5f6c9 code=0x7ffc0000 [ 99.201048][ T37] audit: type=1326 audit(1762929490.717:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5953 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253fb5f6c9 code=0x7ffc0000 [ 99.201085][ T37] audit: type=1326 audit(1762929490.717:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5953 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f253fb5f6c9 code=0x7ffc0000 [ 99.365726][ C1] vkms_vblank_simulate: vblank timer overrun [ 99.373067][ T37] audit: type=1326 audit(1762929490.717:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5953 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253fb5f6c9 code=0x7ffc0000 [ 99.373125][ T37] audit: type=1326 audit(1762929490.717:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5953 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f253fb5f6c9 code=0x7ffc0000 [ 99.373165][ T37] audit: type=1326 audit(1762929490.717:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5953 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253fb5f6c9 code=0x7ffc0000 [ 99.373204][ T37] audit: type=1326 audit(1762929490.717:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5953 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f253fb5f6c9 code=0x7ffc0000 [ 100.578279][ C1] vkms_vblank_simulate: vblank timer overrun [ 100.633846][ C1] vkms_vblank_simulate: vblank timer overrun [ 100.743303][ T37] audit: type=1326 audit(1762929492.227:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5953 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253fb5f6c9 code=0x7ffc0000 [ 100.743353][ T37] audit: type=1326 audit(1762929492.227:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5953 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f253fb5f6c9 code=0x7ffc0000 [ 100.966758][ C1] vkms_vblank_simulate: vblank timer overrun [ 101.032158][ T37] audit: type=1804 audit(1762929492.547:12): pid=5968 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.4.5" name="/newroot/0/file1" dev="fuse" ino=1 res=1 errno=0 [ 101.086111][ T5973] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 103.428548][ T5959] usb 1-1: USB disconnect, device number 2 [ 109.666609][ T37] kauditd_printk_skb: 1 callbacks suppressed [ 109.666626][ T37] audit: type=1804 audit(1762929501.187:14): pid=6014 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.24" name="/newroot/3/file1" dev="fuse" ino=1 res=1 errno=0 [ 109.728664][ T37] audit: type=1800 audit(1762929501.247:15): pid=6014 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.24" name="/" dev="fuse" ino=1 res=0 errno=0 [ 109.767943][ T5888] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 109.943399][ T5888] usb 3-1: Using ep0 maxpacket: 8 [ 109.946417][ T5888] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 109.946443][ T5888] usb 3-1: config 0 has no interfaces? [ 109.946474][ T5888] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 109.946499][ T5888] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.956582][ T5888] usb 3-1: config 0 descriptor?? [ 110.674988][ T6022] CIFS mount error: No usable UNC path provided in device string! [ 110.674988][ T6022] [ 110.675273][ T6022] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 113.780937][ T6030] Zero length message leads to an empty skb [ 114.026372][ T31] usb 3-1: USB disconnect, device number 2 [ 118.451459][ T6067] PKCS7: Unknown OID: [4] 2.19.13055.940354.15722 [ 118.451533][ T6067] PKCS7: Only support pkcs7_signedData type [ 125.094811][ C0] vkms_vblank_simulate: vblank timer overrun [ 125.255926][ C0] vkms_vblank_simulate: vblank timer overrun [ 127.191346][ C0] vkms_vblank_simulate: vblank timer overrun [ 128.677958][ T6100] fuse: Bad value for 'fd' [ 128.741283][ C0] vkms_vblank_simulate: vblank timer overrun [ 128.849383][ C0] vkms_vblank_simulate: vblank timer overrun [ 128.971815][ C0] vkms_vblank_simulate: vblank timer overrun [ 129.137434][ C0] vkms_vblank_simulate: vblank timer overrun [ 129.271653][ C0] vkms_vblank_simulate: vblank timer overrun [ 129.520939][ T37] audit: type=1326 audit(1762929521.037:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6110 comm="syz.0.50" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f253fb5f6c9 code=0x0 [ 129.670271][ C0] vkms_vblank_simulate: vblank timer overrun [ 129.703277][ C0] vkms_vblank_simulate: vblank timer overrun [ 130.013614][ C0] vkms_vblank_simulate: vblank timer overrun [ 131.364315][ T5803] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 131.393350][ T5803] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 131.395050][ T5803] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 131.415984][ T5803] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 131.435001][ T5803] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 134.364990][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 134.366321][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.367382][ T61] Bluetooth: hci5: command tx timeout [ 137.018367][ T61] Bluetooth: hci5: command tx timeout [ 138.390955][ T6145] fuse: Bad value for 'fd' [ 139.954521][ T61] Bluetooth: hci5: command tx timeout [ 141.487114][ T37] audit: type=1326 audit(1762929533.007:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6161 comm="syz.3.63" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7febd7caf6c9 code=0x0 [ 142.033136][ T61] Bluetooth: hci5: command tx timeout [ 142.707144][ T6115] chnl_net:caif_netlink_parms(): no params data found [ 143.124639][ T6176] PKCS7: Unknown OID: [4] 2.19.13055.940354.15722 [ 143.124756][ T6176] PKCS7: Only support pkcs7_signedData type [ 144.324697][ T37] audit: type=1326 audit(1762929535.847:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6178 comm="syz.3.68" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7febd7caf6c9 code=0x0 [ 145.589307][ T6115] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.592838][ T6115] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.592976][ T6115] bridge_slave_0: entered allmulticast mode [ 145.596643][ T6115] bridge_slave_0: entered promiscuous mode [ 145.627477][ T6115] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.627552][ T6115] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.627779][ T6115] bridge_slave_1: entered allmulticast mode [ 145.656062][ T6115] bridge_slave_1: entered promiscuous mode [ 145.713131][ T5868] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 145.925388][ T5868] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 145.925445][ T5868] usb 3-1: config 0 interface 0 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 145.925473][ T5868] usb 3-1: config 0 interface 0 has no altsetting 0 [ 145.925501][ T5868] usb 3-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 145.925513][ T5868] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.957293][ T5868] usb 3-1: config 0 descriptor?? [ 145.988864][ T5868] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 146.514647][ T6194] fuse: Bad value for 'fd' [ 155.526785][ T6205] Falling back ldisc for ptm0. [ 156.051070][ T6208] Falling back ldisc for ptm1. [ 157.610337][ T43] usb 3-1: USB disconnect, device number 3 [ 158.063047][ T6227] CIFS mount error: No usable UNC path provided in device string! [ 158.063047][ T6227] [ 158.063076][ T6227] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 158.672490][ C1] vkms_vblank_simulate: vblank timer overrun [ 158.839636][ C1] vkms_vblank_simulate: vblank timer overrun [ 159.689984][ C1] vkms_vblank_simulate: vblank timer overrun [ 160.044045][ C1] vkms_vblank_simulate: vblank timer overrun [ 160.222541][ C1] vkms_vblank_simulate: vblank timer overrun [ 160.323290][ C1] vkms_vblank_simulate: vblank timer overrun [ 160.395370][ C1] vkms_vblank_simulate: vblank timer overrun [ 160.584792][ T37] audit: type=1326 audit(1762929552.107:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6233 comm="syz.0.77" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f253fb5f6c9 code=0x0 [ 160.966738][ C1] vkms_vblank_simulate: vblank timer overrun [ 161.024803][ C1] vkms_vblank_simulate: vblank timer overrun [ 161.215157][ C1] vkms_vblank_simulate: vblank timer overrun [ 161.291059][ C1] vkms_vblank_simulate: vblank timer overrun [ 161.674940][ C1] vkms_vblank_simulate: vblank timer overrun [ 161.682262][ T6115] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 161.951449][ C1] vkms_vblank_simulate: vblank timer overrun [ 161.977096][ C1] vkms_vblank_simulate: vblank timer overrun [ 162.734317][ C1] vkms_vblank_simulate: vblank timer overrun [ 162.977213][ T69] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.192164][ T6248] infiniband syz2: set active [ 163.192177][ T6248] infiniband syz2: added veth1_to_team [ 163.194387][ T6248] syz2: rxe_create_cq: returned err = -12 [ 163.194496][ T6248] infiniband syz2: Couldn't create ib_mad CQ [ 163.194615][ T6248] infiniband syz2: Couldn't open port 1 [ 163.385851][ C1] vkms_vblank_simulate: vblank timer overrun [ 163.392065][ T6248] RDS/IB: syz2: added [ 163.392926][ T6248] smc: adding ib device syz2 with port count 1 [ 163.393227][ T6248] smc: ib device syz2 port 1 has no pnetid [ 163.649847][ T6115] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 165.703140][ T5868] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 165.940210][ T5868] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 165.940265][ T5868] usb 2-1: config 0 interface 0 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 165.940292][ T5868] usb 2-1: config 0 interface 0 has no altsetting 0 [ 165.940327][ T5868] usb 2-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 165.940351][ T5868] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.079381][ T5868] usb 2-1: config 0 descriptor?? [ 166.143958][ T5868] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 167.007821][ C0] vkms_vblank_simulate: vblank timer overrun [ 167.055798][ C0] vkms_vblank_simulate: vblank timer overrun [ 167.064137][ T69] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.111798][ T37] audit: type=1326 audit(1762929558.607:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6262 comm="syz.1.85" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34290af6c9 code=0x7ffc0000 [ 167.111848][ T37] audit: type=1326 audit(1762929558.627:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6262 comm="syz.1.85" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34290af6c9 code=0x7ffc0000 [ 167.111888][ T37] audit: type=1326 audit(1762929558.627:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6262 comm="syz.1.85" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f34290af6c9 code=0x7ffc0000 [ 167.111927][ T37] audit: type=1326 audit(1762929558.627:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6262 comm="syz.1.85" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34290af6c9 code=0x7ffc0000 [ 167.116503][ T37] audit: type=1326 audit(1762929558.637:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6262 comm="syz.1.85" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f34290af6c9 code=0x7ffc0000 [ 167.116551][ T37] audit: type=1326 audit(1762929558.637:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6262 comm="syz.1.85" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34290af6c9 code=0x7ffc0000 [ 167.116589][ T37] audit: type=1326 audit(1762929558.637:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6262 comm="syz.1.85" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f34290af6c9 code=0x7ffc0000 [ 167.140485][ T37] audit: type=1326 audit(1762929558.637:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6262 comm="syz.1.85" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34290af6c9 code=0x7ffc0000 [ 167.173165][ T37] audit: type=1326 audit(1762929558.687:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6262 comm="syz.1.85" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34290af6c9 code=0x7ffc0000 [ 168.810466][ C0] vkms_vblank_simulate: vblank timer overrun [ 168.886013][ C0] vkms_vblank_simulate: vblank timer overrun [ 168.891812][ T6115] team0: Port device team_slave_0 added [ 169.023498][ T6115] team0: Port device team_slave_1 added [ 169.073489][ T43] usb 2-1: USB disconnect, device number 2 [ 169.319099][ C0] vkms_vblank_simulate: vblank timer overrun [ 170.250793][ C0] vkms_vblank_simulate: vblank timer overrun [ 170.505007][ C0] vkms_vblank_simulate: vblank timer overrun [ 170.672904][ C0] vkms_vblank_simulate: vblank timer overrun [ 170.888086][ C0] vkms_vblank_simulate: vblank timer overrun [ 171.999470][ C0] vkms_vblank_simulate: vblank timer overrun [ 175.803122][ C1] vkms_vblank_simulate: vblank timer overrun [ 176.138175][ T69] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.222229][ C1] vkms_vblank_simulate: vblank timer overrun [ 176.475885][ C1] vkms_vblank_simulate: vblank timer overrun [ 176.968233][ C1] vkms_vblank_simulate: vblank timer overrun [ 177.320611][ C1] vkms_vblank_simulate: vblank timer overrun [ 177.350422][ T6316] warning: `syz.0.96' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 177.556057][ T6115] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 177.556074][ T6115] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 177.556100][ T6115] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 177.673249][ T6115] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 177.673265][ T6115] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 177.673292][ T6115] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 179.393554][ C1] vkms_vblank_simulate: vblank timer overrun [ 179.442182][ C1] vkms_vblank_simulate: vblank timer overrun [ 179.505460][ T69] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.154555][ T6115] hsr_slave_0: entered promiscuous mode [ 180.170416][ T6115] hsr_slave_1: entered promiscuous mode [ 180.179133][ T6115] debugfs: 'hsr0' already exists in 'hsr' [ 180.179159][ T6115] Cannot create hsr debugfs directory [ 180.379894][ C1] vkms_vblank_simulate: vblank timer overrun [ 180.418736][ C1] vkms_vblank_simulate: vblank timer overrun [ 180.721074][ C1] vkms_vblank_simulate: vblank timer overrun [ 181.266375][ T6329] Falling back ldisc for ptm0. [ 185.898052][ T69] bridge_slave_1: left allmulticast mode [ 185.898164][ T69] bridge_slave_1: left promiscuous mode [ 185.899794][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.943155][ T5959] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 186.103160][ T5959] usb 3-1: Using ep0 maxpacket: 32 [ 186.108041][ T5959] usb 3-1: config 1 interface 0 altsetting 6 bulk endpoint 0x82 has invalid maxpacket 64 [ 186.108071][ T5959] usb 3-1: config 1 interface 0 altsetting 6 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 186.108098][ T5959] usb 3-1: config 1 interface 0 has no altsetting 0 [ 186.179218][ T5959] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 186.179249][ T5959] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.179269][ T5959] usb 3-1: Product: syz [ 186.179284][ T5959] usb 3-1: Manufacturer: syz [ 186.179299][ T5959] usb 3-1: SerialNumber: syz [ 187.288408][ C1] vkms_vblank_simulate: vblank timer overrun [ 187.332036][ T6371] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 187.332135][ T6371] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 188.735014][ C1] vkms_vblank_simulate: vblank timer overrun [ 189.125609][ T69] bridge_slave_0: left allmulticast mode [ 189.125699][ T69] bridge_slave_0: left promiscuous mode [ 189.127749][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.244653][ T6372] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 189.883200][ T5987] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 189.934748][ C1] vkms_vblank_simulate: vblank timer overrun [ 190.106089][ C1] vkms_vblank_simulate: vblank timer overrun [ 190.340069][ C1] vkms_vblank_simulate: vblank timer overrun [ 190.753864][ T5987] usb 2-1: Using ep0 maxpacket: 8 [ 190.758277][ T5987] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 190.758296][ T5987] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 190.758352][ T5987] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 190.758364][ T5987] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.810427][ T5987] usb 2-1: config 0 descriptor?? [ 190.851380][ T5803] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 190.876917][ T5803] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 190.879758][ T5803] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 190.895911][ T5803] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 190.937024][ T5803] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 191.134395][ T5987] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 191.142321][ T5959] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 191.248697][ T5959] usb 3-1: USB disconnect, device number 4 [ 191.303440][ C1] vkms_vblank_simulate: vblank timer overrun [ 192.334583][ C1] vkms_vblank_simulate: vblank timer overrun [ 192.364381][ T6392] iowarrior 2-1:0.0: Error -90 while submitting URB [ 192.993460][ T5803] Bluetooth: hci2: command tx timeout [ 193.149697][ T31] usb 2-1: USB disconnect, device number 3 [ 194.375151][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.375223][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.073148][ T5803] Bluetooth: hci2: command tx timeout [ 197.746481][ T5803] Bluetooth: hci2: command tx timeout [ 199.548452][ C1] vkms_vblank_simulate: vblank timer overrun [ 199.594966][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 199.683722][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 199.795004][ T5810] Bluetooth: hci2: command tx timeout [ 199.978604][ T69] bond0 (unregistering): Released all slaves [ 201.132580][ C1] vkms_vblank_simulate: vblank timer overrun [ 201.633158][ T5801] Bluetooth: hci3: command 0x0406 tx timeout [ 201.638568][ T5810] Bluetooth: hci1: command 0x0406 tx timeout [ 201.792573][ C1] vkms_vblank_simulate: vblank timer overrun [ 201.831535][ T5810] Bluetooth: hci0: command 0x0406 tx timeout [ 201.853122][ T31] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 201.987020][ C1] vkms_vblank_simulate: vblank timer overrun [ 202.483907][ C1] vkms_vblank_simulate: vblank timer overrun [ 202.607306][ T31] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 202.607337][ T31] usb 1-1: config 0 interface 0 has no altsetting 0 [ 202.626449][ T31] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 202.626479][ T31] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 202.626500][ T31] usb 1-1: Product: syz [ 202.626515][ T31] usb 1-1: Manufacturer: syz [ 202.626529][ T31] usb 1-1: SerialNumber: syz [ 202.669395][ T31] usb 1-1: config 0 descriptor?? [ 202.689530][ T31] usb 1-1: selecting invalid altsetting 0 [ 203.103702][ C1] vkms_vblank_simulate: vblank timer overrun [ 203.489186][ C1] vkms_vblank_simulate: vblank timer overrun [ 204.339210][ C1] vkms_vblank_simulate: vblank timer overrun [ 205.918240][ T5908] usb 1-1: USB disconnect, device number 3 [ 207.767101][ T6472] program syz.0.123 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 209.860890][ C0] vkms_vblank_simulate: vblank timer overrun [ 209.992117][ C0] vkms_vblank_simulate: vblank timer overrun [ 210.013191][ T5987] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 210.163216][ T5987] usb 4-1: Using ep0 maxpacket: 32 [ 210.165663][ T5987] usb 4-1: config 1 interface 0 altsetting 6 bulk endpoint 0x82 has invalid maxpacket 64 [ 210.165690][ T5987] usb 4-1: config 1 interface 0 altsetting 6 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 210.165716][ T5987] usb 4-1: config 1 interface 0 has no altsetting 0 [ 210.169131][ T5987] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 210.169157][ T5987] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.169177][ T5987] usb 4-1: Product: syz [ 210.169191][ T5987] usb 4-1: Manufacturer: syz [ 210.169206][ T5987] usb 4-1: SerialNumber: syz [ 210.286515][ T6475] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 210.286592][ T6475] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 210.448895][ C0] vkms_vblank_simulate: vblank timer overrun [ 210.994807][ C0] vkms_vblank_simulate: vblank timer overrun [ 211.111391][ C0] vkms_vblank_simulate: vblank timer overrun [ 213.556079][ T5987] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22 [ 213.619152][ T5987] usb 4-1: USB disconnect, device number 2 [ 214.949708][ C0] vkms_vblank_simulate: vblank timer overrun [ 215.097625][ T6532] syz2: rxe_newlink: already configured on veth1_to_team [ 216.813211][ T5868] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 217.682799][ T6545] Can't find ip_set type hash: [ 217.775715][ T5868] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 217.775745][ T5868] usb 2-1: config 0 interface 0 has no altsetting 0 [ 217.801832][ T5868] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 217.801867][ T5868] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 217.801887][ T5868] usb 2-1: Product: syz [ 217.801902][ T5868] usb 2-1: Manufacturer: syz [ 217.801915][ T5868] usb 2-1: SerialNumber: syz [ 218.856932][ T5868] usb 2-1: config 0 descriptor?? [ 218.875846][ T5868] usb 2-1: selecting invalid altsetting 0 [ 219.012022][ T69] hsr_slave_0: left promiscuous mode [ 219.057956][ T69] hsr_slave_1: left promiscuous mode [ 219.058996][ T69] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 219.059087][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 219.106919][ T69] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 219.106945][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 220.357340][ T69] veth1_macvtap: left promiscuous mode [ 220.357663][ T69] veth0_macvtap: left promiscuous mode [ 220.359195][ T69] veth1_vlan: left promiscuous mode [ 220.359577][ T69] veth0_vlan: left promiscuous mode [ 221.381295][ T6570] CIFS mount error: No usable UNC path provided in device string! [ 221.381295][ T6570] [ 221.381351][ T6570] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 222.297415][ T993] usb 2-1: USB disconnect, device number 4 [ 226.664355][ C0] vkms_vblank_simulate: vblank timer overrun [ 226.728158][ T6584] syz.2.146 (6584) used greatest stack depth: 15928 bytes left [ 228.178536][ C0] vkms_vblank_simulate: vblank timer overrun [ 228.233396][ C0] vkms_vblank_simulate: vblank timer overrun [ 229.060552][ C0] vkms_vblank_simulate: vblank timer overrun [ 230.575715][ C0] vkms_vblank_simulate: vblank timer overrun [ 230.637773][ C0] vkms_vblank_simulate: vblank timer overrun [ 230.813910][ T69] team0 (unregistering): Port device team_slave_1 removed [ 231.096777][ T69] team0 (unregistering): Port device team_slave_0 removed [ 231.192680][ C0] vkms_vblank_simulate: vblank timer overrun [ 233.415830][ C0] vkms_vblank_simulate: vblank timer overrun [ 235.055141][ C0] vkms_vblank_simulate: vblank timer overrun [ 235.339871][ C0] vkms_vblank_simulate: vblank timer overrun [ 235.516711][ T6633] program syz.2.158 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 236.262710][ C0] vkms_vblank_simulate: vblank timer overrun [ 236.465550][ T61] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 236.471805][ T61] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 236.472805][ T61] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 236.502300][ T61] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 236.512773][ T61] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 236.903747][ C0] vkms_vblank_simulate: vblank timer overrun [ 237.681567][ C0] vkms_vblank_simulate: vblank timer overrun [ 238.231896][ C0] vkms_vblank_simulate: vblank timer overrun [ 239.029615][ T5803] Bluetooth: hci5: command tx timeout [ 241.122448][ T5803] Bluetooth: hci5: command tx timeout [ 242.150138][ T6389] ================================================================== [ 242.150154][ T6389] BUG: KASAN: use-after-free in _raw_spin_lock_irq+0xa2/0xf0 [ 242.150191][ T6389] Read of size 1 at addr ffff888026a6c068 by task khidpd_16bf5505/6389 [ 242.150207][ T6389] [ 242.150231][ T6389] CPU: 1 UID: 0 PID: 6389 Comm: khidpd_16bf5505 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 242.150252][ T6389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 242.150269][ T6389] Call Trace: [ 242.150280][ T6389] [ 242.150289][ T6389] dump_stack_lvl+0x189/0x250 [ 242.150315][ T6389] ? rcu_is_watching+0x15/0xb0 [ 242.150331][ T6389] ? __kasan_check_byte+0x12/0x40 [ 242.150355][ T6389] ? __pfx_dump_stack_lvl+0x10/0x10 [ 242.150377][ T6389] ? rcu_is_watching+0x15/0xb0 [ 242.150392][ T6389] ? lock_release+0x4b/0x3e0 [ 242.150417][ T6389] ? __virt_addr_valid+0x1c8/0x5c0 [ 242.150442][ T6389] ? __virt_addr_valid+0x4a5/0x5c0 [ 242.150468][ T6389] print_report+0xca/0x240 [ 242.150492][ T6389] ? _raw_spin_lock_irq+0xa2/0xf0 [ 242.150515][ T6389] kasan_report+0x118/0x150 [ 242.150539][ T6389] ? _raw_spin_lock_irq+0xa2/0xf0 [ 242.150564][ T6389] ? rt_mutex_slowlock_block+0x5c2/0x6d0 [ 242.150580][ T6389] __kasan_check_byte+0x2a/0x40 [ 242.150600][ T6389] lock_acquire+0x8d/0x360 [ 242.150621][ T6389] ? __pfx___schedule+0x10/0x10 [ 242.150647][ T6389] _raw_spin_lock_irq+0xa2/0xf0 [ 242.150670][ T6389] ? rt_mutex_slowlock_block+0x5c2/0x6d0 [ 242.150690][ T6389] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 242.150719][ T6389] rt_mutex_slowlock_block+0x5c2/0x6d0 [ 242.150745][ T6389] ? rt_mutex_slowlock_block+0x351/0x6d0 [ 242.150766][ T6389] rt_mutex_slowlock+0x2b1/0x6e0 [ 242.150787][ T6389] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 242.150807][ T6389] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 242.150834][ T6389] ? __lock_acquire+0xab9/0xd20 [ 242.150861][ T6389] ? l2cap_unregister_user+0x6a/0x1b0 [ 242.150883][ T6389] ? __timer_delete_sync+0x2e9/0x3f0 [ 242.150904][ T6389] ? rt_spin_unlock+0x150/0x200 [ 242.150925][ T6389] ? l2cap_unregister_user+0x6a/0x1b0 [ 242.150944][ T6389] mutex_lock_nested+0x16a/0x1d0 [ 242.150967][ T6389] l2cap_unregister_user+0x6a/0x1b0 [ 242.150989][ T6389] hidp_session_thread+0x3c9/0x410 [ 242.151013][ T6389] ? __pfx_hidp_session_thread+0x10/0x10 [ 242.151033][ T6389] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 242.151057][ T6389] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 242.151082][ T6389] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 242.151103][ T6389] ? __kthread_parkme+0x7b/0x200 [ 242.151126][ T6389] ? __kthread_parkme+0x1a1/0x200 [ 242.151155][ T6389] kthread+0x711/0x8a0 [ 242.151180][ T6389] ? __pfx_hidp_session_thread+0x10/0x10 [ 242.151201][ T6389] ? __pfx_kthread+0x10/0x10 [ 242.151224][ T6389] ? rt_spin_unlock+0x150/0x200 [ 242.151246][ T6389] ? rt_spin_unlock+0x161/0x200 [ 242.151265][ T6389] ? __pfx_kthread+0x10/0x10 [ 242.151288][ T6389] ret_from_fork+0x4bc/0x870 [ 242.151310][ T6389] ? __pfx_ret_from_fork+0x10/0x10 [ 242.151334][ T6389] ? __switch_to_asm+0x39/0x70 [ 242.151352][ T6389] ? __switch_to_asm+0x33/0x70 [ 242.151369][ T6389] ? __pfx_kthread+0x10/0x10 [ 242.151393][ T6389] ret_from_fork_asm+0x1a/0x30 [ 242.151420][ T6389] [ 242.151427][ T6389] [ 242.151432][ T6389] The buggy address belongs to the physical page: [ 242.151446][ T6389] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888026a6f400 pfn:0x26a6c [ 242.151466][ T6389] flags: 0x80000000000000(node=0|zone=1) [ 242.151501][ T6389] raw: 0080000000000000 ffffea000153e508 ffff8880b88423c0 0000000000000000 [ 242.151517][ T6389] raw: ffff888026a6f400 0000000000000000 00000000ffffffff 0000000000000000 [ 242.151527][ T6389] page dumped because: kasan: bad access detected [ 242.151540][ T6389] page_owner tracks the page as freed [ 242.151546][ T6389] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_ZERO|__GFP_COMP), pid 5799, tgid 5799 (syz-executor), ts 78699924919, free_ts 242132640177 [ 242.151577][ T6389] post_alloc_hook+0x240/0x2a0 [ 242.151599][ T6389] get_page_from_freelist+0x28c0/0x2960 [ 242.151623][ T6389] __alloc_frozen_pages_noprof+0x181/0x370 [ 242.151646][ T6389] alloc_pages_mpol+0xd1/0x380 [ 242.151667][ T6389] ___kmalloc_large_node+0x5f/0x1b0 [ 242.151688][ T6389] __kmalloc_large_node_noprof+0x18/0x90 [ 242.151709][ T6389] __kmalloc_noprof+0x4c0/0x7d0 [ 242.151729][ T6389] hci_alloc_dev_priv+0x28/0x20b0 [ 242.151747][ T6389] vhci_create_device+0x120/0x660 [ 242.151764][ T6389] vhci_write+0x3d0/0x4a0 [ 242.151780][ T6389] vfs_write+0x5d5/0xb40 [ 242.151798][ T6389] ksys_write+0x14b/0x260 [ 242.151823][ T6389] do_syscall_64+0xfa/0xfa0 [ 242.151845][ T6389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.151862][ T6389] page last free pid 6556 tgid 6549 stack trace: [ 242.151872][ T6389] __free_frozen_pages+0xfb6/0x1140 [ 242.151894][ T6389] free_large_kmalloc+0x13a/0x1f0 [ 242.151915][ T6389] bt_host_release+0x82/0x90 [ 242.151930][ T6389] device_release+0x9c/0x1c0 [ 242.151946][ T6389] kobject_put+0x22b/0x480 [ 242.151968][ T6389] vhci_release+0x15d/0x1b0 [ 242.151984][ T6389] __fput+0x45b/0xa80 [ 242.152000][ T6389] task_work_run+0x1d4/0x260 [ 242.152015][ T6389] do_exit+0x6b5/0x2300 [ 242.152037][ T6389] do_group_exit+0x21c/0x2d0 [ 242.152051][ T6389] get_signal+0x125d/0x1310 [ 242.152070][ T6389] arch_do_signal_or_restart+0xa0/0x790 [ 242.152087][ T6389] exit_to_user_mode_loop+0x72/0x130 [ 242.152108][ T6389] do_syscall_64+0x2bd/0xfa0 [ 242.152129][ T6389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.152146][ T6389] [ 242.152150][ T6389] Memory state around the buggy address: [ 242.152160][ T6389] ffff888026a6bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 242.152172][ T6389] ffff888026a6bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 242.152184][ T6389] >ffff888026a6c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 242.152198][ T6389] ^ [ 242.152208][ T6389] ffff888026a6c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 242.152220][ T6389] ffff888026a6c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 242.152229][ T6389] ================================================================== [ 242.152245][ T6389] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 242.152259][ T6389] CPU: 1 UID: 0 PID: 6389 Comm: khidpd_16bf5505 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 242.152282][ T6389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 242.152293][ T6389] Call Trace: [ 242.152300][ T6389] [ 242.152307][ T6389] dump_stack_lvl+0x99/0x250 [ 242.152333][ T6389] ? __asan_memcpy+0x40/0x70 [ 242.152353][ T6389] ? __pfx_dump_stack_lvl+0x10/0x10 [ 242.152378][ T6389] ? __pfx__printk+0x10/0x10 [ 242.152404][ T6389] vpanic+0x237/0x6d0 [ 242.152421][ T6389] ? __pfx_vpanic+0x10/0x10 [ 242.152443][ T6389] panic+0xb9/0xc0 [ 242.152460][ T6389] ? __pfx_panic+0x10/0x10 [ 242.152479][ T6389] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 242.152507][ T6389] ? _raw_spin_lock_irq+0xa2/0xf0 [ 242.152530][ T6389] check_panic_on_warn+0x89/0xb0 [ 242.152548][ T6389] ? _raw_spin_lock_irq+0xa2/0xf0 [ 242.152571][ T6389] end_report+0x78/0x160 [ 242.152594][ T6389] kasan_report+0x129/0x150 [ 242.152619][ T6389] ? _raw_spin_lock_irq+0xa2/0xf0 [ 242.152645][ T6389] ? rt_mutex_slowlock_block+0x5c2/0x6d0 [ 242.152665][ T6389] __kasan_check_byte+0x2a/0x40 [ 242.152688][ T6389] lock_acquire+0x8d/0x360 [ 242.152710][ T6389] ? __pfx___schedule+0x10/0x10 [ 242.152737][ T6389] _raw_spin_lock_irq+0xa2/0xf0 [ 242.152759][ T6389] ? rt_mutex_slowlock_block+0x5c2/0x6d0 [ 242.152779][ T6389] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 242.152814][ T6389] rt_mutex_slowlock_block+0x5c2/0x6d0 [ 242.152840][ T6389] ? rt_mutex_slowlock_block+0x351/0x6d0 [ 242.152862][ T6389] rt_mutex_slowlock+0x2b1/0x6e0 [ 242.152883][ T6389] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 242.152904][ T6389] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 242.152923][ T6389] ? __lock_acquire+0xab9/0xd20 [ 242.152950][ T6389] ? l2cap_unregister_user+0x6a/0x1b0 [ 242.152973][ T6389] ? __timer_delete_sync+0x2e9/0x3f0 [ 242.152993][ T6389] ? rt_spin_unlock+0x150/0x200 [ 242.153013][ T6389] ? l2cap_unregister_user+0x6a/0x1b0 [ 242.153030][ T6389] mutex_lock_nested+0x16a/0x1d0 [ 242.153051][ T6389] l2cap_unregister_user+0x6a/0x1b0 [ 242.153072][ T6389] hidp_session_thread+0x3c9/0x410 [ 242.153092][ T6389] ? __pfx_hidp_session_thread+0x10/0x10 [ 242.153105][ T6389] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 242.153119][ T6389] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 242.153132][ T6389] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 242.153144][ T6389] ? __kthread_parkme+0x7b/0x200 [ 242.153157][ T6389] ? __kthread_parkme+0x1a1/0x200 [ 242.153171][ T6389] kthread+0x711/0x8a0 [ 242.153186][ T6389] ? __pfx_hidp_session_thread+0x10/0x10 [ 242.153197][ T6389] ? __pfx_kthread+0x10/0x10 [ 242.153211][ T6389] ? rt_spin_unlock+0x150/0x200 [ 242.153223][ T6389] ? rt_spin_unlock+0x161/0x200 [ 242.153233][ T6389] ? __pfx_kthread+0x10/0x10 [ 242.153247][ T6389] ret_from_fork+0x4bc/0x870 [ 242.153259][ T6389] ? __pfx_ret_from_fork+0x10/0x10 [ 242.153272][ T6389] ? __switch_to_asm+0x39/0x70 [ 242.153282][ T6389] ? __switch_to_asm+0x33/0x70 [ 242.153291][ T6389] ? __pfx_kthread+0x10/0x10 [ 242.153305][ T6389] ret_from_fork_asm+0x1a/0x30 [ 242.153319][ T6389] [ 242.153594][ T6389] Kernel Offset: disabled