last executing test programs: 39.51741247s ago: executing program 2 (id=29): socket$key(0xf, 0x3, 0x2) r0 = socket$kcm(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000580)="d8000000180081034e91f783db4cb9040a1d020006007409e8fc55a10a0015000400142603600e120800060000000401a8000800080002000000000004000461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001f", 0x6c}], 0x1}, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) keyctl$read(0x16, 0x0, &(0x7f0000000240)=""/112, 0x349b7f55) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x10, 0xe, &(0x7f0000000400)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000440)={0x0, 0x0, 0x2}, 0x10}, 0x94) sendmsg$inet(r0, &(0x7f00000009c0)={&(0x7f00000000c0)={0x2, 0x4001, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x20044818) 37.581916692s ago: executing program 2 (id=34): bind$alg(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) r1 = socket(0x23, 0x5, 0x0) listen(r1, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) accept4$inet6(r1, 0x0, 0x0, 0x0) 32.490480875s ago: executing program 2 (id=36): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000840) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000080)={0x0, "4fcb819bbe7bfabee2b094a3de6dbfd30a74457bcd1cfd5feffe5c019f45d57f"}) syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992ea5400c2", 0x10) sendmsg$TCPDIAG_GETSOCK(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x48084) sendmmsg$unix(r1, &(0x7f0000000680), 0x4924924924925c6, 0x0) r4 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r4, &(0x7f0000000100)="ab", 0x1, 0x40048c4, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x10) 27.297522581s ago: executing program 0 (id=43): r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/tcp\x00') r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x5e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000380)={0x2, 0x4e22, @empty}, 0x10) listen(r2, 0x0) read$FUSE(r0, &(0x7f0000003480)={0x2020}, 0x2020) 23.296102464s ago: executing program 0 (id=46): socket$inet6_udplite(0xa, 0x2, 0x88) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, r3, 0x3, 0x11, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r6, 0x4008ae90, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000000000000100000000000000000000000000000000000000ff"]) ioctl$KVM_GET_NESTED_STATE(r6, 0xc080aebe, &(0x7f00000024c0)={{0x1, 0x0, 0xfffffffffffffec0, {0xdddd1000, 0x1000, 0x2}}, "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4ff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700", "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000"}) 21.416988063s ago: executing program 0 (id=47): r0 = socket$inet(0x2, 0x2, 0x73) setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0) sendmsg$inet(r0, &(0x7f0000000500)={&(0x7f0000000100)={0x2, 0x4e21, @local}, 0x10, 0x0}, 0x44005) 21.308475601s ago: executing program 4 (id=48): socket$inet6(0xa, 0x2, 0x0) creat(&(0x7f00000002c0)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) memfd_create(&(0x7f0000019080)='@@\x00', 0x1) r2 = dup(r1) syz_usb_connect$hid(0x4, 0xffffffffffffff33, 0x0, 0x0) futex_waitv(0x0, 0x0, 0x0, 0x0, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) shutdown(0xffffffffffffffff, 0x0) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x80044940, &(0x7f0000001b00)) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r4, 0x5000943f, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_readahead}], [], 0x6b}}) truncate(&(0x7f0000000240)='./file0\x00', 0x206b12) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xa2f00, 0xa3) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000580)='/proc/bus/input/devices\x00', 0x0, 0x0) r6 = syz_io_uring_setup(0x7585, &(0x7f0000000140)={0x0, 0xafed, 0x2, 0x2, 0x261, 0x0, r5}, 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, 0x0) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x5, 0x0, 0x200000000000}, 0x0, &(0x7f0000000240)={0x1f}, 0x0, 0x0) io_uring_enter(r6, 0x47f6, 0x0, 0x0, 0x0, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) 21.024798845s ago: executing program 2 (id=51): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000076c000000160a01020000000000000000010000000900010073797a30000000000900020073797a3000000000400003802c00038004000100766c616e31000000000000000000000014000100776c616e3100000000000000000000000800014000000000080002"], 0xfc}}, 0x0) 20.803239302s ago: executing program 0 (id=52): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x208200, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x80010, 0xffffffffffffffff, 0x2000) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) ioctl$KVM_PRE_FAULT_MEMORY(r4, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000}) 16.993463818s ago: executing program 4 (id=54): r0 = syz_open_procfs(0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) dup2(r2, 0xffffffffffffffff) unshare(0x22020400) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = syz_io_uring_setup(0xcd8, &(0x7f0000000200)={0x0, 0x4661, 0x400, 0x3, 0x234}, &(0x7f0000000340)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000380)=@IORING_OP_RENAMEAT={0x23, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file0\x00'}) io_uring_enter(r3, 0x40f9, 0x217, 0xa5, 0x0, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000000c0)={0x0, 0x80, 0x400, 0x10000}, &(0x7f0000000100)=0x10) pread64(r0, &(0x7f000004b680)=""/102356, 0x18fd4, 0x6f40000000000000) 16.060439938s ago: executing program 0 (id=55): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001c000100000000000000000207000000", @ANYRES32=r2, @ANYBLOB="000002000a0002"], 0x28}, 0x1, 0x0, 0x0, 0x24008894}, 0x0) 15.745167159s ago: executing program 0 (id=57): r0 = syz_open_procfs(0x0, 0x0) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, 0x0) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x4010}, 0xc0) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x38, r6, 0x400, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7, 0x53}}}}, [@NL80211_ATTR_KEY_DEFAULT_TYPES={0x10, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x80) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x76, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 14.051725522s ago: executing program 1 (id=60): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000500)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCAN_SSIDS={0x28, 0x2d, 0x0, 0x1, [{0x4}, {0xa, 0x0, @default_ap_ssid}, {0x4}, {0x4}, {0xa, 0x0, @default_ap_ssid}]}]}, 0x44}}, 0x0) 12.624391025s ago: executing program 1 (id=62): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x2) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xf, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) getsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000340)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x33, 0xea5, '.\x00'}}) ioctl$TIOCVHANGUP(r0, 0x5437, 0x2) capset(&(0x7f00000000c0)={0x19980330}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0xfffffffe, 0x2}) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) write$FUSE_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000680)={0x0, 0xfffffffffffffffd, 0x0, 0x5, @scatter={0x2, 0x0, &(0x7f0000000100)=[{&(0x7f0000000280)=""/222, 0xde}, {&(0x7f0000000400)=""/153, 0x99}]}, 0x0, &(0x7f00000005c0)=""/176, 0x10, 0x10002, 0xffffffffffffffff, &(0x7f00000001c0)}) socket$pppl2tp(0x18, 0x1, 0x1) connect$inet6(0xffffffffffffffff, 0x0, 0x0) 12.213087042s ago: executing program 3 (id=64): setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000040)={0x1, 0x380000}, 0x8) shutdown(r0, 0x1) 12.052560981s ago: executing program 3 (id=65): socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) bpf$MAP_CREATE(0x0, 0x0, 0x0) mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x8, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_LOCK(r0, 0xb) shmat(r0, &(0x7f0000ffd000/0x1000)=nil, 0x7000) shmctl$SHM_UNLOCK(r0, 0xc) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e20, @private=0xa010101}]}, &(0x7f0000000080)=0x10) 11.781930002s ago: executing program 1 (id=66): syz_io_uring_setup(0x4f6, &(0x7f0000000380)={0x0, 0x80080fd, 0x10, 0x4, 0x94}, &(0x7f0000000300)=0x0, &(0x7f00000002c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) socket$inet6_udplite(0xa, 0x2, 0x88) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x677}, 0x94) openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_SIGNAL_MASK(r2, 0x4004ae8b, 0x0) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18) sched_setscheduler(0x0, 0x5, &(0x7f0000000240)=0x10000007) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r3, 0x4000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) tee(r5, 0xffffffffffffffff, 0x4, 0xa) socket$kcm(0x1e, 0x1, 0x0) r7 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) r8 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r7) pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r7, r9, 0x9e) r10 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f0000000280)={'fscrypt:', @auto=[0x66, 0x0, 0x0, 0x0, 0x61, 0x57, 0x0, 0x34, 0x0, 0x0, 0x64, 0x35, 0x0, 0x39, 0x65]}, &(0x7f0000000180)={0x0, "de8d0d27ca969fa15f8b3b7bae39c1b3327d4332f8c149d2d65a347d67f6db7eb90dfdad3cdebaaf421412f812305c9da91699b5a02c1295596f0fd9ec78f2fd", 0x18}, 0x48, r7) keyctl$KEYCTL_MOVE(0x1e, r10, r7, r8, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) socket$inet6_tcp(0xa, 0x1, 0x0) 10.44706934s ago: executing program 1 (id=67): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000004340)=""/102376, 0x18fe8) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCBRDELBR(r1, 0x89a2, &(0x7f0000000000)='bridge0\x00') r2 = socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00', 0x4}) ioctl(0xffffffffffffffff, 0x8b32, &(0x7f0000000040)) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = syz_io_uring_setup(0xec5, &(0x7f00000008c0), &(0x7f0000000080)=0x0, &(0x7f0000000340)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_enter(r4, 0x95d, 0xfa39, 0xc1, 0x0, 0x0) io_uring_enter(r4, 0xedd, 0x8acb, 0x41, 0x0, 0x0) io_uring_enter(r4, 0x47fa, 0x0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) sendmsg$alg(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) 10.160269536s ago: executing program 2 (id=68): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000440)={0x1, 0x0, [{0xd, 0x6, 0x6, 0x3, 0x10000}]}) 8.484464664s ago: executing program 3 (id=69): r0 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$PIO_UNIMAP(r0, 0x80045440, 0x0) 8.323530737s ago: executing program 4 (id=70): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x24, r4, 0x705, 0x70bd2b, 0x25dfdbff, {}, [@ETHTOOL_A_STRSET_STRINGSETS={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8}]}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x40090}, 0x0) 1.919416755s ago: executing program 4 (id=71): r0 = socket$inet(0x2, 0x2, 0x1) setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f0000000040)=0x7, 0x4) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x40, 0x0}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='veth1_vlan\x00', 0x10) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000300)="08001efba054158e9a", 0x9}], 0x1, 0x0, 0x0, 0x60000000}, 0x1c9477516a687e1a) 1.752514324s ago: executing program 2 (id=72): syz_open_procfs(0x0, &(0x7f0000000280)='net/ip_vs\x00') socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, 0x0, 0x0) dup2(r1, 0xffffffffffffffff) unshare(0x22020400) r2 = syz_io_uring_setup(0xcd8, &(0x7f0000000200)={0x0, 0x4661, 0x400, 0x3, 0x234}, &(0x7f0000000340)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000380)=@IORING_OP_RENAMEAT={0x23, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file0\x00'}) io_uring_enter(r2, 0x40f9, 0x217, 0xa5, 0x0, 0x0) 1.498576588s ago: executing program 3 (id=73): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x80042, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xe) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x8, 0x0, 0xffffffc1}, 0x94) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) socket$key(0xf, 0x3, 0x2) ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x3) 1.479851856s ago: executing program 1 (id=74): syz_open_dev$sndpcmc(&(0x7f0000000080), 0x0, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_UNLINK(r0, 0x40044160, 0x3) 1.013584958s ago: executing program 4 (id=75): r0 = socket(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x12, &(0x7f0000000340)=0x3ff, 0x4) 449.428541ms ago: executing program 32 (id=57): r0 = syz_open_procfs(0x0, 0x0) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, 0x0) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x4010}, 0xc0) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x38, r6, 0x400, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7, 0x53}}}}, [@NL80211_ATTR_KEY_DEFAULT_TYPES={0x10, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x80) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x76, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 424.405027ms ago: executing program 1 (id=77): write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000003c0)={'syz0\x00', {0xfffc, 0x0, 0x0, 0x400}, 0xfffffffc, [0x0, 0x10000000, 0x0, 0x2, 0x9, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x7, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x6, 0x4, 0xffffffc0, 0x6, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x58, 0x0, 0x1, 0x7fffffff, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x6, 0x1, 0x2, 0x3, 0x3, 0xffffffff, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x8, 0x8, 0x0, 0x0, 0x2000, 0x0, 0xe0a4, 0x6, 0x400, 0x20009], [0xb4e0, 0x0, 0x10, 0x8, 0x3, 0xc, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x3, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, 0x0, 0x40000005, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x7e0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, 0x0, 0x400], [0x0, 0x1, 0xd, 0x1, 0x2, 0x6e3a, 0x2, 0xfffffff9, 0x0, 0x10000, 0x0, 0x200, 0x0, 0x2, 0xfffffffc, 0x0, 0xfffffffc, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x77d, 0x0, 0x6, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, 0x8000000, 0x3, 0x100, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x2], [0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1225, 0x0, 0x0, 0x0, 0x200, 0x5, 0xfffffffe, 0x4, 0xffffffd, 0x200, 0x0, 0x9, 0x0, 0xd, 0x0, 0x0, 0x4, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0xfffffffe, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8a, 0x0, 0x5488, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x9, 0x0, 0x0, 0x8000]}, 0x45c) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="05002abd7010fedbdf254421a00008000300", @ANYRES32=r2, @ANYBLOB="0c00238006001b0004000000"], 0x28}, 0x1, 0x0, 0x0, 0x48851}, 0x8010) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r3) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) r6 = socket$nl_rdma(0x10, 0x3, 0x14) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x24, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_SSID={0x6, 0x34, @random="eff9"}]}, 0x24}}, 0x0) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f0000000280)=@default_ibss_ssid, 0x6, 0x0) 423.761539ms ago: executing program 3 (id=78): r0 = memfd_secret(0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r0, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) setsockopt$netrom_NETROM_T1(r1, 0x103, 0x1, &(0x7f0000000040), 0x4) 380.597191ms ago: executing program 4 (id=79): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x2) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xf, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) getsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000340)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x33, 0xea5, '.\x00'}}) ioctl$TIOCVHANGUP(r0, 0x5437, 0x2) capset(&(0x7f00000000c0)={0x19980330}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0xfffffffe, 0x2}) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) write$FUSE_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r2, 0x0, 0x0) 0s ago: executing program 3 (id=80): gettid() openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0x40, 0x0) r1 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x80000) r2 = socket(0x2, 0x1, 0x0) r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$FS_IOC_SETVERSION(r2, 0x40087602, &(0x7f00000011c0)=0x7) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000001180)={0xc}) ioctl$NBD_DO_IT(r3, 0xab03) mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000080)='udf\x00', 0x2008087, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.81' (ED25519) to the list of known hosts. [ 87.259846][ T5824] cgroup: Unknown subsys name 'net' [ 87.491168][ T5824] cgroup: Unknown subsys name 'cpuset' [ 87.545879][ T5824] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 89.562920][ T5824] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 92.128490][ T992] cfg80211: failed to load regulatory.db [ 92.473183][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 92.477799][ T5836] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 92.495496][ T5841] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 92.515982][ T5841] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 92.518569][ T5841] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 92.519437][ T5841] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 92.579212][ T5840] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 92.580862][ T5840] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 92.586981][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 92.587863][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 92.662403][ T5840] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 92.664356][ T5840] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 92.675842][ T5840] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 92.689893][ T5840] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 92.692433][ T5840] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 92.694934][ T59] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 92.698282][ T59] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 92.699160][ T59] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 92.700580][ T59] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 92.701510][ T59] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 92.777490][ T5841] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 92.779556][ T5841] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 92.782984][ T5841] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 92.787859][ T5841] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 92.788827][ T5841] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 93.583492][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 93.709079][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 94.206999][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 94.216481][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 94.230693][ T5850] chnl_net:caif_netlink_parms(): no params data found [ 94.363543][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.364721][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.380946][ T5837] bridge_slave_0: entered allmulticast mode [ 94.383472][ T5837] bridge_slave_0: entered promiscuous mode [ 94.508072][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.508244][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.508794][ T5837] bridge_slave_1: entered allmulticast mode [ 94.511891][ T5837] bridge_slave_1: entered promiscuous mode [ 94.596723][ T5155] Bluetooth: hci1: command tx timeout [ 94.675346][ T5155] Bluetooth: hci0: command tx timeout [ 94.755319][ T5841] Bluetooth: hci2: command tx timeout [ 94.755602][ T5155] Bluetooth: hci3: command tx timeout [ 94.916447][ T5155] Bluetooth: hci4: command tx timeout [ 94.956038][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.956160][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.956329][ T5835] bridge_slave_0: entered allmulticast mode [ 94.958269][ T5835] bridge_slave_0: entered promiscuous mode [ 95.079991][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.080288][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.080827][ T5835] bridge_slave_1: entered allmulticast mode [ 95.083776][ T5835] bridge_slave_1: entered promiscuous mode [ 95.108663][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.240531][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.844813][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.936967][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.937170][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.937396][ T5842] bridge_slave_0: entered allmulticast mode [ 95.940527][ T5842] bridge_slave_0: entered promiscuous mode [ 95.942620][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.942793][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.942986][ T5844] bridge_slave_0: entered allmulticast mode [ 95.953162][ T5844] bridge_slave_0: entered promiscuous mode [ 96.076771][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.076921][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.077170][ T5850] bridge_slave_0: entered allmulticast mode [ 96.080147][ T5850] bridge_slave_0: entered promiscuous mode [ 96.086995][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.089547][ T5837] team0: Port device team_slave_0 added [ 96.127055][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.127235][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.127472][ T5842] bridge_slave_1: entered allmulticast mode [ 96.130449][ T5842] bridge_slave_1: entered promiscuous mode [ 96.132027][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.132149][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.132298][ T5844] bridge_slave_1: entered allmulticast mode [ 96.134225][ T5844] bridge_slave_1: entered promiscuous mode [ 96.152969][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.153128][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.153400][ T5850] bridge_slave_1: entered allmulticast mode [ 96.163671][ T5850] bridge_slave_1: entered promiscuous mode [ 96.179513][ T5837] team0: Port device team_slave_1 added [ 96.676413][ T5155] Bluetooth: hci1: command tx timeout [ 96.755294][ T5155] Bluetooth: hci0: command tx timeout [ 96.835183][ T5155] Bluetooth: hci3: command tx timeout [ 96.835190][ T5841] Bluetooth: hci2: command tx timeout [ 96.958801][ T5835] team0: Port device team_slave_0 added [ 96.962597][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.968427][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.987957][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.990245][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.990263][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.990295][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.995321][ T5841] Bluetooth: hci4: command tx timeout [ 96.998776][ T5835] team0: Port device team_slave_1 added [ 97.008885][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.018754][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.023158][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.377807][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.377826][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.377859][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.011339][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.011353][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.011372][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.013925][ T5842] team0: Port device team_slave_0 added [ 98.021325][ T5844] team0: Port device team_slave_0 added [ 98.024978][ T5850] team0: Port device team_slave_0 added [ 98.046836][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.046858][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.046891][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.051107][ T5844] team0: Port device team_slave_1 added [ 98.209217][ T5850] team0: Port device team_slave_1 added [ 98.378805][ T5842] team0: Port device team_slave_1 added [ 98.755365][ T5841] Bluetooth: hci1: command tx timeout [ 98.812642][ T5837] hsr_slave_0: entered promiscuous mode [ 98.813756][ T5837] hsr_slave_1: entered promiscuous mode [ 98.818819][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.818838][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.818868][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.836112][ T5841] Bluetooth: hci0: command tx timeout [ 98.917474][ T5155] Bluetooth: hci3: command tx timeout [ 98.917656][ T5841] Bluetooth: hci2: command tx timeout [ 98.932015][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.932035][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.932068][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.075811][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.075832][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.075872][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.077544][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.077557][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.077585][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.079894][ T5841] Bluetooth: hci4: command tx timeout [ 99.080871][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.080887][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.080907][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.278997][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.279016][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.279044][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.407809][ T5835] hsr_slave_0: entered promiscuous mode [ 99.409407][ T5835] hsr_slave_1: entered promiscuous mode [ 99.411062][ T5835] debugfs: 'hsr0' already exists in 'hsr' [ 99.411180][ T5835] Cannot create hsr debugfs directory [ 100.106104][ T5844] hsr_slave_0: entered promiscuous mode [ 100.107061][ T5844] hsr_slave_1: entered promiscuous mode [ 100.107690][ T5844] debugfs: 'hsr0' already exists in 'hsr' [ 100.107713][ T5844] Cannot create hsr debugfs directory [ 100.148310][ T5850] hsr_slave_0: entered promiscuous mode [ 100.149790][ T5850] hsr_slave_1: entered promiscuous mode [ 100.150748][ T5850] debugfs: 'hsr0' already exists in 'hsr' [ 100.150773][ T5850] Cannot create hsr debugfs directory [ 100.247080][ T5842] hsr_slave_0: entered promiscuous mode [ 100.248608][ T5842] hsr_slave_1: entered promiscuous mode [ 100.249622][ T5842] debugfs: 'hsr0' already exists in 'hsr' [ 100.249652][ T5842] Cannot create hsr debugfs directory [ 100.836659][ T5841] Bluetooth: hci1: command tx timeout [ 100.915235][ T5841] Bluetooth: hci0: command tx timeout [ 100.995259][ T5841] Bluetooth: hci2: command tx timeout [ 100.995295][ T5841] Bluetooth: hci3: command tx timeout [ 101.155423][ T5155] Bluetooth: hci4: command tx timeout [ 101.858012][ T5837] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 101.905790][ T5837] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 101.950954][ T5837] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 101.999172][ T5837] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 102.133575][ T5835] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 102.184214][ T5835] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 102.229677][ T5835] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 102.286461][ T5835] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 102.476187][ T5844] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 102.529837][ T5844] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 102.572761][ T5844] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 102.627551][ T5844] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 102.808291][ T5850] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 102.850727][ T5850] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 102.902727][ T5850] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 102.951170][ T5850] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 103.156407][ T5842] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 103.209486][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.210764][ T5842] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 103.272401][ T5842] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 103.318167][ T5842] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 103.420799][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.443010][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.500202][ T3587] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.501703][ T3587] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.566000][ T3587] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.566166][ T3587] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.619818][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.693750][ T3587] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.693912][ T3587] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.713058][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.762390][ T3587] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.762542][ T3587] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.882327][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.913548][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.953508][ T3587] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.955331][ T3587] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.009784][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.009940][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.094054][ T5850] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.188002][ T3587] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.188162][ T3587] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.210923][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.302222][ T3587] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.302405][ T3587] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.428982][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.486266][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.486512][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.578554][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.578713][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.736179][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.840066][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.179768][ T5837] veth0_vlan: entered promiscuous mode [ 105.278080][ T5837] veth1_vlan: entered promiscuous mode [ 105.291891][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.377843][ T5835] veth0_vlan: entered promiscuous mode [ 105.442253][ T5835] veth1_vlan: entered promiscuous mode [ 105.465660][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.527025][ T5837] veth0_macvtap: entered promiscuous mode [ 105.559605][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.575333][ T5837] veth1_macvtap: entered promiscuous mode [ 105.690551][ T5844] veth0_vlan: entered promiscuous mode [ 105.771774][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.777044][ T5835] veth0_macvtap: entered promiscuous mode [ 105.797254][ T5844] veth1_vlan: entered promiscuous mode [ 105.843993][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.847783][ T5835] veth1_macvtap: entered promiscuous mode [ 105.921503][ T69] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.936565][ T69] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.971187][ T5850] veth0_vlan: entered promiscuous mode [ 105.971782][ T69] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.995807][ T69] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.106231][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.128570][ T5850] veth1_vlan: entered promiscuous mode [ 106.192798][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.312116][ T69] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.312874][ T5844] veth0_macvtap: entered promiscuous mode [ 106.348257][ T69] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.365219][ T69] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.391686][ T69] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.393487][ T5844] veth1_macvtap: entered promiscuous mode [ 106.539986][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.540014][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.752586][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.773843][ T5850] veth0_macvtap: entered promiscuous mode [ 106.801845][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.801869][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.803220][ T5842] veth0_vlan: entered promiscuous mode [ 106.861557][ T5850] veth1_macvtap: entered promiscuous mode [ 106.887570][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.947323][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.947345][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.976943][ T1181] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.980013][ T5842] veth1_vlan: entered promiscuous mode [ 107.004798][ T1181] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.027618][ T1181] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.046350][ T1181] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.118503][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.222849][ T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.222872][ T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.229307][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.359831][ T1367] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.364578][ T1367] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.368085][ T1367] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.380289][ T1367] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.656667][ T5842] veth0_macvtap: entered promiscuous mode [ 108.035075][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 108.065048][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 108.091672][ T1115] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.091699][ T1115] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.145065][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 108.155059][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 108.155101][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 108.230997][ T5842] veth1_macvtap: entered promiscuous mode [ 108.441784][ T5957] mmap: syz.0.6 (5957) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 108.732583][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.732600][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.856415][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.875675][ T5944] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 108.962806][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.036589][ T69] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.036690][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.036705][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.045204][ T5944] usb 2-1: Using ep0 maxpacket: 8 [ 109.095238][ T5944] usb 2-1: config 1 has an invalid descriptor of length 251, skipping remainder of the config [ 109.095302][ T5944] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 64256, setting to 64 [ 109.095330][ T5944] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 109.141951][ T69] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.158724][ T5944] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40 [ 109.158756][ T5944] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.158776][ T5944] usb 2-1: Product: syz [ 109.158790][ T5944] usb 2-1: Manufacturer: syz [ 109.158805][ T5944] usb 2-1: SerialNumber: syz [ 109.195670][ T69] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.301848][ T69] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.444714][ T5944] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22 [ 109.485326][ T5944] usbtest 2-1:1.0: couldn't get endpoints, -22 [ 109.485429][ T5944] usbtest 2-1:1.0: probe with driver usbtest failed with error -22 [ 109.685082][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 109.919770][ T1181] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.919788][ T1181] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.965062][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 109.965570][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 109.995083][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 110.100811][ T5968] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 110.271750][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 110.353046][ T5968] Zero length message leads to an empty skb [ 111.371260][ T1115] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.371282][ T1115] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.796425][ T1115] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.796449][ T1115] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.884776][ T5981] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 112.010443][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 112.196488][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 112.338105][ T9] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 112.338145][ T9] usb 1-1: config 0 has no interface number 0 [ 112.338185][ T9] usb 1-1: config 0 interface 184 has no altsetting 0 [ 112.343308][ T9] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 112.343339][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.343359][ T9] usb 1-1: Product: syz [ 112.343374][ T9] usb 1-1: Manufacturer: syz [ 112.343388][ T9] usb 1-1: SerialNumber: syz [ 112.354804][ T9] usb 1-1: config 0 descriptor?? [ 112.364786][ T9] smsc75xx v1.0.0 [ 112.364818][ T9] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 112.459617][ T9] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -22 [ 112.957851][ T5977] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 112.957880][ T5977] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 113.396723][ T5883] usb 2-1: USB disconnect, device number 2 [ 114.120055][ T5984] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 114.170147][ T5977] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 114.170177][ T5977] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 114.276192][ T5984] usb 5-1: too many configurations: 10, using maximum allowed: 8 [ 114.277743][ T5984] usb 5-1: config 0 has no interfaces? [ 114.280391][ T5984] usb 5-1: config 0 has no interfaces? [ 114.281684][ T5984] usb 5-1: config 0 has no interfaces? [ 114.282745][ T5984] usb 5-1: config 0 has no interfaces? [ 114.283791][ T5984] usb 5-1: config 0 has no interfaces? [ 114.284835][ T5984] usb 5-1: config 0 has no interfaces? [ 114.286363][ T5984] usb 5-1: config 0 has no interfaces? [ 114.337589][ T5984] usb 5-1: config 0 has no interfaces? [ 114.361642][ T5984] usb 5-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65 [ 114.361674][ T5984] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.361695][ T5984] usb 5-1: Product: syz [ 114.361709][ T5984] usb 5-1: Manufacturer: syz [ 114.361723][ T5984] usb 5-1: SerialNumber: syz [ 114.409730][ T5984] usb 5-1: config 0 descriptor?? [ 114.763574][ T5988] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5'. [ 114.855412][ T5988] gre0: entered promiscuous mode [ 114.855444][ T5988] gre0: entered allmulticast mode [ 114.942425][ T5977] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 114.942453][ T5977] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 115.088693][ T5846] usb 5-1: USB disconnect, device number 2 [ 115.388959][ T5996] vivid-000: ================= START STATUS ================= [ 115.393227][ T5996] vivid-000: Test Pattern: 75% Colorbar [ 115.395544][ T5996] vivid-000: Fill Percentage of Frame: 100 [ 115.395568][ T5996] vivid-000: Horizontal Movement: No Movement [ 115.397577][ T5996] vivid-000: Vertical Movement: No Movement [ 115.397604][ T5996] vivid-000: OSD Text Mode: All [ 115.397624][ T5996] vivid-000: Show Border: false [ 115.399645][ T5996] vivid-000: Show Square: false [ 115.399667][ T5996] vivid-000: Sensor Flipped Horizontally: false [ 115.399694][ T5996] vivid-000: Sensor Flipped Vertically: false [ 115.399714][ T5996] vivid-000: Insert SAV Code in Image: false [ 115.399820][ T5996] vivid-000: Insert EAV Code in Image: false [ 115.399981][ T5996] vivid-000: Insert Video Guard Band: false [ 115.400136][ T5996] vivid-000: Reduced Framerate: false [ 115.400291][ T5996] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator [ 115.400449][ T5996] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator [ 115.400604][ T5996] vivid-000: Enable Capture Cropping: true [ 115.400758][ T5996] vivid-000: Enable Capture Composing: true [ 115.400903][ T5996] vivid-000: Enable Capture Scaler: true [ 115.401078][ T5996] vivid-000: Timestamp Source: End of Frame [ 115.401231][ T5996] vivid-000: Colorspace: sRGB [ 115.401388][ T5996] vivid-000: Transfer Function: Default [ 115.402343][ T5996] vivid-000: Y'CbCr Encoding: Default [ 115.402397][ T5996] vivid-000: HSV Encoding: Hue 0-179 [ 115.402423][ T5996] vivid-000: Quantization: Default [ 115.402442][ T5996] vivid-000: Apply Alpha To Red Only: false [ 115.404764][ T5996] vivid-000: Standard Aspect Ratio: 4x3 [ 115.404787][ T5996] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 115.404944][ T5996] vivid-000: DV Timings: 640x480p59 inactive [ 115.406795][ T5996] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 115.406818][ T5996] vivid-000: Maximum EDID Blocks: 2 [ 115.406938][ T5996] vivid-000: Limited RGB Range (16-235): false [ 115.407032][ T5996] vivid-000: Rx RGB Quantization Range: Automatic [ 115.407054][ T5996] vivid-000: Power Present: 0x00000001 [ 115.407090][ T5996] tpg source WxH: 320x240 (Y'CbCr) [ 115.407104][ T5996] tpg field: 1 [ 115.407112][ T5996] tpg crop: (0,0)/320x240 [ 115.407127][ T5996] tpg compose: (0,0)/320x240 [ 115.407141][ T5996] tpg colorspace: 8 [ 115.407150][ T5996] tpg transfer function: 0/0 [ 115.407160][ T5996] tpg Y'CbCr encoding: 0/0 [ 115.407171][ T5996] tpg quantization: 0/0 [ 115.407181][ T5996] tpg RGB range: 0/2 [ 115.407191][ T5996] vivid-000: ================== END STATUS ================== [ 115.879414][ T5977] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 115.879441][ T5977] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 116.782753][ T5977] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 116.783005][ T5977] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 119.046378][ T5155] Bluetooth: hci4: command 0x0c1a tx timeout [ 119.294521][ T6011] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 119.294543][ T6011] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 119.296169][ T6011] vhci_hcd vhci_hcd.0: Device attached [ 119.385220][ T992] usb 4-1: new low-speed USB device number 2 using dummy_hcd [ 119.505350][ T31] vhci_hcd: vhci_device speed not set [ 119.569596][ T31] usb 39-1: new full-speed USB device number 2 using vhci_hcd [ 119.605156][ T992] usb 4-1: config 0 has no interfaces? [ 119.605200][ T992] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 119.609955][ T992] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 119.623280][ T992] usb 4-1: config 0 descriptor?? [ 119.931820][ T31] vhci_hcd: vhci_device speed not set [ 120.788793][ T31] usb 39-1: device descriptor read/64, error -71 [ 120.790202][ T38] audit: type=1800 audit(1756145247.486:2): pid=6017 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.11" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 120.809631][ T6014] 8021q: adding VLAN 0 to HW filter on device bond1 [ 120.975183][ T31] vhci_hcd: vhci_device speed not set [ 121.045175][ T31] usb 39-1: new full-speed USB device number 3 using vhci_hcd [ 121.300616][ T10] usb 1-1: USB disconnect, device number 2 [ 121.981496][ T6013] vhci_hcd: connection closed [ 122.843245][ T10] usb 4-1: USB disconnect, device number 2 [ 122.885071][ T1157] vhci_hcd: stop threads [ 122.886514][ T1157] vhci_hcd: release socket [ 122.888787][ T1157] vhci_hcd: disconnect device [ 125.658229][ T5883] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 125.975470][ T5883] usb 1-1: Using ep0 maxpacket: 8 [ 126.174223][ T5883] usb 1-1: config 1 has an invalid descriptor of length 251, skipping remainder of the config [ 126.174267][ T5883] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 64256, setting to 64 [ 126.174287][ T5883] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 126.210331][ T31] vhci_hcd: vhci_device speed not set [ 126.256648][ T5883] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40 [ 126.256672][ T5883] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.256686][ T5883] usb 1-1: Product: syz [ 126.256696][ T5883] usb 1-1: Manufacturer: syz [ 126.256706][ T5883] usb 1-1: SerialNumber: syz [ 126.337163][ T5883] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22 [ 126.355964][ T5883] usbtest 1-1:1.0: couldn't get endpoints, -22 [ 126.356026][ T5883] usbtest 1-1:1.0: probe with driver usbtest failed with error -22 [ 127.711948][ T6055] vivid-000: ================= START STATUS ================= [ 127.711966][ T6055] vivid-000: Test Pattern: 75% Colorbar [ 127.711987][ T6055] vivid-000: Fill Percentage of Frame: 100 [ 127.712006][ T6055] vivid-000: Horizontal Movement: No Movement [ 127.712023][ T6055] vivid-000: Vertical Movement: No Movement [ 127.712041][ T6055] vivid-000: OSD Text Mode: All [ 127.712058][ T6055] vivid-000: Show Border: false [ 127.712075][ T6055] vivid-000: Show Square: false [ 127.712091][ T6055] vivid-000: Sensor Flipped Horizontally: false [ 127.712109][ T6055] vivid-000: Sensor Flipped Vertically: false [ 127.712126][ T6055] vivid-000: Insert SAV Code in Image: false [ 127.712143][ T6055] vivid-000: Insert EAV Code in Image: false [ 127.712159][ T6055] vivid-000: Insert Video Guard Band: false [ 127.712176][ T6055] vivid-000: Reduced Framerate: false [ 127.712193][ T6055] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator [ 127.712212][ T6055] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator [ 127.712231][ T6055] vivid-000: Enable Capture Cropping: true [ 127.712248][ T6055] vivid-000: Enable Capture Composing: true [ 127.712267][ T6055] vivid-000: Enable Capture Scaler: true [ 127.712285][ T6055] vivid-000: Timestamp Source: End of Frame [ 127.712301][ T6055] vivid-000: Colorspace: sRGB [ 127.712315][ T6055] vivid-000: Transfer Function: Default [ 127.712331][ T6055] vivid-000: Y'CbCr Encoding: Default [ 127.712346][ T6055] vivid-000: HSV Encoding: Hue 0-179 [ 127.712364][ T6055] vivid-000: Quantization: Default [ 127.712382][ T6055] vivid-000: Apply Alpha To Red Only: false [ 127.712399][ T6055] vivid-000: Standard Aspect Ratio: 4x3 [ 127.712416][ T6055] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 127.712440][ T6055] vivid-000: DV Timings: 640x480p59 inactive [ 127.712464][ T6055] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 127.712483][ T6055] vivid-000: Maximum EDID Blocks: 2 [ 127.712500][ T6055] vivid-000: Limited RGB Range (16-235): false [ 127.712527][ T6055] vivid-000: Rx RGB Quantization Range: Automatic [ 127.712547][ T6055] vivid-000: Power Present: 0x00000001 [ 127.712570][ T6055] tpg source WxH: 320x240 (Y'CbCr) [ 127.712582][ T6055] tpg field: 1 [ 127.712591][ T6055] tpg crop: (0,0)/320x240 [ 127.712604][ T6055] tpg compose: (0,0)/320x240 [ 127.712618][ T6055] tpg colorspace: 8 [ 127.712625][ T6055] tpg transfer function: 0/0 [ 127.712635][ T6055] tpg Y'CbCr encoding: 0/0 [ 127.712644][ T6055] tpg quantization: 0/0 [ 127.712653][ T6055] tpg RGB range: 0/2 [ 127.712662][ T6055] vivid-000: ================== END STATUS ================== [ 127.756356][ T6055] netlink: 12 bytes leftover after parsing attributes in process `syz.4.19'. [ 128.633500][ C1] vkms_vblank_simulate: vblank timer overrun [ 128.761259][ T6061] netlink: 8 bytes leftover after parsing attributes in process `syz.2.20'. [ 128.797988][ C1] vkms_vblank_simulate: vblank timer overrun [ 128.986601][ C1] vkms_vblank_simulate: vblank timer overrun [ 131.503948][ T6043] usb 1-1: USB disconnect, device number 3 [ 138.286832][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.287635][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 141.315088][ T6119] syz.2.29 (6119) used greatest stack depth: 18232 bytes left [ 142.326598][ T6117] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 147.121022][ T6150] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 147.121052][ T6150] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 147.121150][ T6150] vhci_hcd vhci_hcd.0: Device attached [ 147.374720][ T5883] vhci_hcd: vhci_device speed not set [ 147.377354][ T31] usb 2-1: new low-speed USB device number 3 using dummy_hcd [ 147.496196][ T5883] usb 35-1: new full-speed USB device number 2 using vhci_hcd [ 147.594297][ T31] usb 2-1: config 0 has no interfaces? [ 147.594395][ T31] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 147.594419][ T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.768209][ T31] usb 2-1: config 0 descriptor?? [ 148.923924][ T5883] vhci_hcd: vhci_device speed not set [ 148.935160][ T38] audit: type=1800 audit(1756145275.586:3): pid=6160 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.37" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 148.986302][ T5883] usb 35-1: device descriptor read/64, error -71 [ 149.073590][ T6151] 8021q: adding VLAN 0 to HW filter on device bond1 [ 149.185596][ T5883] vhci_hcd: vhci_device speed not set [ 149.245209][ T5883] usb 35-1: new full-speed USB device number 3 using vhci_hcd [ 149.815435][ C0] vkms_vblank_simulate: vblank timer overrun [ 149.896529][ C0] vkms_vblank_simulate: vblank timer overrun [ 150.162079][ C0] vkms_vblank_simulate: vblank timer overrun [ 150.282355][ C0] vkms_vblank_simulate: vblank timer overrun [ 150.283668][ T6153] vhci_hcd: connection closed [ 150.337945][ T67] vhci_hcd: stop threads [ 150.337968][ T67] vhci_hcd: release socket [ 150.365642][ T67] vhci_hcd: disconnect device [ 150.885983][ C0] vkms_vblank_simulate: vblank timer overrun [ 151.528906][ C0] vkms_vblank_simulate: vblank timer overrun [ 151.595536][ T10] usb 2-1: USB disconnect, device number 3 [ 152.079321][ C0] vkms_vblank_simulate: vblank timer overrun [ 152.328068][ T10] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 152.742400][ C0] vkms_vblank_simulate: vblank timer overrun [ 152.940632][ C0] vkms_vblank_simulate: vblank timer overrun [ 153.022179][ C0] vkms_vblank_simulate: vblank timer overrun [ 153.107193][ T10] usb 2-1: config 0 has an invalid interface number: 29 but max is 0 [ 153.107220][ T10] usb 2-1: config 0 has no interface number 0 [ 153.107243][ T10] usb 2-1: config 0 interface 29 has no altsetting 0 [ 153.109333][ T10] usb 2-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac [ 153.109353][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.109366][ T10] usb 2-1: Product: syz [ 153.109376][ T10] usb 2-1: Manufacturer: syz [ 153.109387][ T10] usb 2-1: SerialNumber: syz [ 153.114532][ T10] usb 2-1: config 0 descriptor?? [ 153.578215][ C0] vkms_vblank_simulate: vblank timer overrun [ 153.720499][ C0] vkms_vblank_simulate: vblank timer overrun [ 154.745321][ T5883] vhci_hcd: vhci_device speed not set [ 155.722922][ T10] peak_usb 2-1:0.29: PEAK-System PCAN-USB X6 v126 fw v14.157.247 (2 channels) [ 157.838656][ T10] peak_usb 2-1:0.29 can0: unable to request usb[type=2 value=5] err=-71 [ 157.838692][ T10] peak_usb 2-1:0.29: unable to tell PCAN-USB X6 driver is loaded (err -71) [ 158.191086][ T10] peak_usb 2-1:0.29: probe with driver peak_usb failed with error -71 [ 158.226927][ T10] usb 2-1: USB disconnect, device number 4 [ 158.892850][ T6224] vivid-000: ================= START STATUS ================= [ 158.892872][ T6224] vivid-000: Test Pattern: 75% Colorbar [ 158.892899][ T6224] vivid-000: Fill Percentage of Frame: 100 [ 158.892922][ T6224] vivid-000: Horizontal Movement: No Movement [ 158.892950][ T6224] vivid-000: Vertical Movement: No Movement [ 158.892970][ T6224] vivid-000: OSD Text Mode: All [ 158.892990][ T6224] vivid-000: Show Border: false [ 158.893010][ T6224] vivid-000: Show Square: false [ 158.893029][ T6224] vivid-000: Sensor Flipped Horizontally: false [ 158.893049][ T6224] vivid-000: Sensor Flipped Vertically: false [ 158.893069][ T6224] vivid-000: Insert SAV Code in Image: false [ 158.893089][ T6224] vivid-000: Insert EAV Code in Image: false [ 158.893118][ T6224] vivid-000: Insert Video Guard Band: false [ 158.893138][ T6224] vivid-000: Reduced Framerate: false [ 158.893156][ T6224] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator [ 158.893178][ T6224] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator [ 158.893210][ T6224] vivid-000: Enable Capture Cropping: true [ 158.893230][ T6224] vivid-000: Enable Capture Composing: true [ 158.893250][ T6224] vivid-000: Enable Capture Scaler: true [ 158.893269][ T6224] vivid-000: Timestamp Source: End of Frame [ 158.893288][ T6224] vivid-000: Colorspace: sRGB [ 158.893306][ T6224] vivid-000: Transfer Function: Default [ 158.893324][ T6224] vivid-000: Y'CbCr Encoding: Default [ 158.893342][ T6224] vivid-000: HSV Encoding: Hue 0-179 [ 158.893361][ T6224] vivid-000: Quantization: Default [ 158.893380][ T6224] vivid-000: Apply Alpha To Red Only: false [ 158.893399][ T6224] vivid-000: Standard Aspect Ratio: 4x3 [ 158.893418][ T6224] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 158.893442][ T6224] vivid-000: DV Timings: 640x480p59 inactive [ 158.893465][ T6224] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 158.893485][ T6224] vivid-000: Maximum EDID Blocks: 2 [ 158.893504][ T6224] vivid-000: Limited RGB Range (16-235): false [ 158.893522][ T6224] vivid-000: Rx RGB Quantization Range: Automatic [ 158.893541][ T6224] vivid-000: Power Present: 0x00000001 [ 158.893563][ T6224] tpg source WxH: 320x240 (Y'CbCr) [ 158.893576][ T6224] tpg field: 1 [ 158.893584][ T6224] tpg crop: (0,0)/320x240 [ 158.893598][ T6224] tpg compose: (0,0)/320x240 [ 158.893617][ T6224] tpg colorspace: 8 [ 158.893625][ T6224] tpg transfer function: 0/0 [ 158.893636][ T6224] tpg Y'CbCr encoding: 0/0 [ 158.893645][ T6224] tpg quantization: 0/0 [ 158.893655][ T6224] tpg RGB range: 0/2 [ 158.893664][ T6224] vivid-000: ================== END STATUS ================== [ 158.902952][ T6224] netlink: 12 bytes leftover after parsing attributes in process `syz.1.49'. [ 163.244258][ T6244] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 166.617318][ T6268] capability: warning: `syz.1.62' uses 32-bit capabilities (legacy support in use) [ 168.494470][ C0] vkms_vblank_simulate: vblank timer overrun [ 177.121108][ T6290] tty tty2: ldisc open failed (-12), clearing slot 1 [ 179.430889][ T5155] block nbd3: Receive control failed (result -107) [ 179.544320][ T6321] ------------[ cut here ]------------ [ 179.544352][ T6321] WARNING: CPU: 0 PID: 6321 at fs/buffer.c:1125 bdev_getblk+0x580/0x660 [ 179.544396][ T6321] Modules linked in: [ 179.544439][ T6321] CPU: 0 UID: 0 PID: 6321 Comm: syz.3.80 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 179.544463][ T6321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 179.544480][ T6321] RIP: 0010:bdev_getblk+0x580/0x660 [ 179.544501][ T6321] Code: 26 fb ff ff e8 f1 80 82 ff 48 c7 c7 e0 74 19 8b 48 c7 c6 a2 84 08 8d 4c 89 fa 4c 89 e9 e8 28 75 eb fe eb bd e8 d1 80 82 ff 90 <0f> 0b 90 48 b8 00 00 00 00 00 fc ff df 41 80 3c 07 00 74 08 48 89 [ 179.544529][ T6321] RSP: 0018:ffffc9000d2f76b0 EFLAGS: 00010287 [ 179.544548][ T6321] RAX: ffffffff823bdb7f RBX: ffff888148de1998 RCX: 0000000000080000 [ 179.544565][ T6321] RDX: ffffc9000ef4f000 RSI: 0000000000002616 RDI: 0000000000002617 [ 179.544580][ T6321] RBP: 0000000000000200 R08: 0000000000000000 R09: 0000000000000000 [ 179.544593][ T6321] R10: 0000000000000100 R11: 0000000000000406 R12: ffff888148de2420 [ 179.544607][ T6321] R13: ffff888148de1980 R14: 0000000000000200 R15: 1ffff110291bc333 [ 179.544622][ T6321] FS: 00007f7342ebd6c0(0000) GS:ffff8881268c2000(0000) knlGS:0000000000000000 [ 179.544641][ T6321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 179.544656][ T6321] CR2: 000020000022a030 CR3: 0000000026bdc000 CR4: 00000000003526f0 [ 179.544674][ T6321] Call Trace: [ 179.544682][ T6321] [ 179.544695][ T6321] ? blk_cgroup_bio_start+0x59d/0x640 [ 179.544728][ T6321] __bread_gfp+0x89/0x3c0 [ 179.544752][ T6321] udf_read_tagged+0xad/0xe00 [ 179.544807][ T6321] udf_check_anchor_block+0x99/0x550 [ 179.544844][ T6321] ? udf_get_last_block+0x286/0x360 [ 179.544874][ T6321] ? __pfx_udf_check_anchor_block+0x10/0x10 [ 179.544913][ T6321] ? __bread_gfp+0x340/0x3c0 [ 179.544936][ T6321] udf_load_vrs+0x6e3/0xf20 [ 179.545073][ T6321] ? __pfx_udf_load_vrs+0x10/0x10 [ 179.545101][ T6321] ? udf_get_last_session+0x100/0x200 [ 179.545128][ T6321] ? __pfx_udf_get_last_session+0x10/0x10 [ 179.545164][ T6321] udf_fill_super+0x5ce/0x1830 [ 179.545201][ T6321] ? __pfx_udf_fill_super+0x10/0x10 [ 179.545228][ T6321] ? set_blocksize+0x219/0x450 [ 179.545265][ T6321] ? sb_set_blocksize+0x104/0x180 [ 179.545298][ T6321] ? setup_bdev_super+0x4c1/0x5b0 [ 179.545327][ T6321] get_tree_bdev_flags+0x40e/0x4d0 [ 179.545354][ T6321] ? __pfx_udf_fill_super+0x10/0x10 [ 179.545380][ T6321] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 179.545403][ T6321] ? cap_capable+0x11f/0x460 [ 179.545427][ T6321] ? safesetid_security_capable+0xa9/0x1a0 [ 179.545458][ T6321] vfs_get_tree+0x92/0x2b0 [ 179.545487][ T6321] do_new_mount+0x2a2/0x9e0 [ 179.545517][ T6321] ? ns_capable+0x8a/0xf0 [ 179.545553][ T6321] ? __pfx_do_new_mount+0x10/0x10 [ 179.545581][ T6321] ? path_mount+0x61c/0xfe0 [ 179.545621][ T6321] __se_sys_mount+0x317/0x410 [ 179.545658][ T6321] ? __pfx___se_sys_mount+0x10/0x10 [ 179.545687][ T6321] ? rcu_is_watching+0x15/0xb0 [ 179.545725][ T6321] ? do_syscall_64+0xbe/0x3b0 [ 179.545753][ T6321] ? __x64_sys_mount+0x20/0xc0 [ 179.545784][ T6321] do_syscall_64+0xfa/0x3b0 [ 179.545806][ T6321] ? lockdep_hardirqs_on+0x9c/0x150 [ 179.545830][ T6321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.545848][ T6321] ? clear_bhb_loop+0x60/0xb0 [ 179.545870][ T6321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.545889][ T6321] RIP: 0033:0x7f7344c7ebe9 [ 179.545915][ T6321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 179.545932][ T6321] RSP: 002b:00007f7342ebd038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 179.545953][ T6321] RAX: ffffffffffffffda RBX: 00007f7344ea6090 RCX: 00007f7344c7ebe9 [ 179.545968][ T6321] RDX: 0000200000000080 RSI: 0000200000004a00 RDI: 0000200000000000 [ 179.545983][ T6321] RBP: 00007f7344d01e19 R08: 0000000000000000 R09: 0000000000000000 [ 179.545997][ T6321] R10: 0000000002008087 R11: 0000000000000246 R12: 0000000000000000 [ 179.546010][ T6321] R13: 00007f7344ea6128 R14: 00007f7344ea6090 R15: 00007ffeffc9ff38 [ 179.546042][ T6321] [ 179.546053][ T6321] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 179.546068][ T6321] CPU: 0 UID: 0 PID: 6321 Comm: syz.3.80 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 179.546090][ T6321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 179.546101][ T6321] Call Trace: [ 179.546109][ T6321] [ 179.546117][ T6321] dump_stack_lvl+0x99/0x250 [ 179.546149][ T6321] ? __asan_memcpy+0x40/0x70 [ 179.546171][ T6321] ? __pfx_dump_stack_lvl+0x10/0x10 [ 179.546202][ T6321] ? __pfx__printk+0x10/0x10 [ 179.546238][ T6321] vpanic+0x281/0x750 [ 179.546268][ T6321] ? __pfx__printk+0x10/0x10 [ 179.546289][ T6321] ? __pfx_vpanic+0x10/0x10 [ 179.546321][ T6321] ? is_bpf_text_address+0x292/0x2b0 [ 179.546364][ T6321] panic+0xb9/0xc0 [ 179.546397][ T6321] ? __pfx_panic+0x10/0x10 [ 179.546441][ T6321] __warn+0x31b/0x4b0 [ 179.546465][ T6321] ? bdev_getblk+0x580/0x660 [ 179.546485][ T6321] ? bdev_getblk+0x580/0x660 [ 179.546624][ T6321] report_bug+0x2be/0x4f0 [ 179.546651][ T6321] ? bdev_getblk+0x580/0x660 [ 179.546670][ T6321] ? bdev_getblk+0x580/0x660 [ 179.546688][ T6321] ? bdev_getblk+0x582/0x660 [ 179.546704][ T6321] handle_bug+0x84/0x160 [ 179.546733][ T6321] exc_invalid_op+0x1a/0x50 [ 179.546764][ T6321] asm_exc_invalid_op+0x1a/0x20 [ 179.546785][ T6321] RIP: 0010:bdev_getblk+0x580/0x660 [ 179.546806][ T6321] Code: 26 fb ff ff e8 f1 80 82 ff 48 c7 c7 e0 74 19 8b 48 c7 c6 a2 84 08 8d 4c 89 fa 4c 89 e9 e8 28 75 eb fe eb bd e8 d1 80 82 ff 90 <0f> 0b 90 48 b8 00 00 00 00 00 fc ff df 41 80 3c 07 00 74 08 48 89 [ 179.546825][ T6321] RSP: 0018:ffffc9000d2f76b0 EFLAGS: 00010287 [ 179.546844][ T6321] RAX: ffffffff823bdb7f RBX: ffff888148de1998 RCX: 0000000000080000 [ 179.546860][ T6321] RDX: ffffc9000ef4f000 RSI: 0000000000002616 RDI: 0000000000002617 [ 179.546875][ T6321] RBP: 0000000000000200 R08: 0000000000000000 R09: 0000000000000000 [ 179.546889][ T6321] R10: 0000000000000100 R11: 0000000000000406 R12: ffff888148de2420 [ 179.546904][ T6321] R13: ffff888148de1980 R14: 0000000000000200 R15: 1ffff110291bc333 [ 179.546945][ T6321] ? bdev_getblk+0x57f/0x660 [ 179.546976][ T6321] ? blk_cgroup_bio_start+0x59d/0x640 [ 179.547006][ T6321] __bread_gfp+0x89/0x3c0 [ 179.547030][ T6321] udf_read_tagged+0xad/0xe00 [ 179.547081][ T6321] udf_check_anchor_block+0x99/0x550 [ 179.547116][ T6321] ? udf_get_last_block+0x286/0x360 [ 179.547145][ T6321] ? __pfx_udf_check_anchor_block+0x10/0x10 [ 179.547182][ T6321] ? __bread_gfp+0x340/0x3c0 [ 179.547204][ T6321] udf_load_vrs+0x6e3/0xf20 [ 179.547262][ T6321] ? __pfx_udf_load_vrs+0x10/0x10 [ 179.547292][ T6321] ? udf_get_last_session+0x100/0x200 [ 179.547317][ T6321] ? __pfx_udf_get_last_session+0x10/0x10 [ 179.547353][ T6321] udf_fill_super+0x5ce/0x1830 [ 179.547392][ T6321] ? __pfx_udf_fill_super+0x10/0x10 [ 179.547418][ T6321] ? set_blocksize+0x219/0x450 [ 179.547456][ T6321] ? sb_set_blocksize+0x104/0x180 [ 179.547492][ T6321] ? setup_bdev_super+0x4c1/0x5b0 [ 179.547533][ T6321] get_tree_bdev_flags+0x40e/0x4d0 [ 179.547561][ T6321] ? __pfx_udf_fill_super+0x10/0x10 [ 179.547591][ T6321] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 179.547619][ T6321] ? cap_capable+0x11f/0x460 [ 179.547644][ T6321] ? safesetid_security_capable+0xa9/0x1a0 [ 179.547675][ T6321] vfs_get_tree+0x92/0x2b0 [ 179.547706][ T6321] do_new_mount+0x2a2/0x9e0 [ 179.547740][ T6321] ? ns_capable+0x8a/0xf0 [ 179.547767][ T6321] ? __pfx_do_new_mount+0x10/0x10 [ 179.547798][ T6321] ? path_mount+0x61c/0xfe0 [ 179.547839][ T6321] __se_sys_mount+0x317/0x410 [ 179.547877][ T6321] ? __pfx___se_sys_mount+0x10/0x10 [ 179.547907][ T6321] ? rcu_is_watching+0x15/0xb0 [ 179.547946][ T6321] ? do_syscall_64+0xbe/0x3b0 [ 179.547974][ T6321] ? __x64_sys_mount+0x20/0xc0 [ 179.548007][ T6321] do_syscall_64+0xfa/0x3b0 [ 179.548034][ T6321] ? lockdep_hardirqs_on+0x9c/0x150 [ 179.548061][ T6321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.548082][ T6321] ? clear_bhb_loop+0x60/0xb0 [ 179.548110][ T6321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.548130][ T6321] RIP: 0033:0x7f7344c7ebe9 [ 179.548161][ T6321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 179.548179][ T6321] RSP: 002b:00007f7342ebd038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 179.548202][ T6321] RAX: ffffffffffffffda RBX: 00007f7344ea6090 RCX: 00007f7344c7ebe9 [ 179.548219][ T6321] RDX: 0000200000000080 RSI: 0000200000004a00 RDI: 0000200000000000 [ 179.548236][ T6321] RBP: 00007f7344d01e19 R08: 0000000000000000 R09: 0000000000000000 [ 179.548251][ T6321] R10: 0000000002008087 R11: 0000000000000246 R12: 0000000000000000 [ 179.548264][ T6321] R13: 00007f7344ea6128 R14: 00007f7344ea6090 R15: 00007ffeffc9ff38 [ 179.548298][ T6321] [ 179.548650][ T6321] Kernel Offset: disabled