last executing test programs: 5.071665735s ago: executing program 2 (id=366): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x3, 'dh\x00', 0x1, 0x7, 0x49}, 0x2c) r2 = landlock_create_ruleset(&(0x7f0000000000)={0x0, 0x3}, 0x10, 0x0) readv(r2, &(0x7f00000009c0)=[{&(0x7f0000000740)=""/156, 0x9c}], 0x1) setsockopt$IP_VS_SO_SET_EDITDEST(r1, 0x0, 0x489, &(0x7f0000000300)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'fo\x00', 0x0, 0x0, 0x38}, {@multicast1, 0x4e21, 0x0, 0x6, 0x4, 0x7f}}, 0x44) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000900)=@newtaction={0x6c, 0x30, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [{0x58, 0x1, [@m_bpf={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x5}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x3, 0xef, 0x1, 0x8000, 0x2}}, @TCA_ACT_BPF_FD={0x8}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4081}, 0x2400c800) r4 = socket$pppl2tp(0x18, 0x1, 0x1) r5 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x31}}, 0x2, 0x0, 0x4}}, 0x2e) r6 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e21, @loopback}, 0x2, 0x4}}, 0x26) ioctl$PPPIOCGMRU(r6, 0x80047453, &(0x7f0000000140)) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000000)={0x270, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x2, 0x400000000000003, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast2}}, @sadb_sa={0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty}}, @sadb_x_nat_t_port={0x1, 0x15}, @sadb_x_nat_t_type={0x1}]}, 0x80}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x10, 0x11, 0x0, 0x1, @counter={{0xc}, @void}}]}, @NFT_MSG_NEWSETELEM={0x140, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x114, 0x3, 0x0, 0x1, [{0x110, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_USERDATA={0x103, 0x6, 0x1, 0x0, "2f11e7ef8e766bc851286d7b851917a8c4428e9e9e091293cae490c16826a3c85a205f678852b43a06c61d63ba42373a00bb7c1ad7f1758c6b2ce8b1f597542c5b20d1abf3d9cba06aa296695acaa0facffbd68f6cafc22503df4d5c27c256f0b4f6c49fa2d43becd9c27d04488658cebd38947517a7ab12195f2e5a26fccf5baa41dc0bb3b777019eabb057c0db7069c109a9f969da3d7fa87b35f7cad005636d9e278b22a111b90dda70832b9773e6c964339bb3c4185e0ceb9a1cf08e553c244fba9bf1f098ed541e3501b56b576e78f951702b8be38082aacc094274456d93eff9f781adecbc6401bb5575b1d0d0dbf948cc15c194fb002ddc28f42b06"}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x1d4}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r8 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000500), 0x141002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r8, 0xc0045005, &(0x7f0000000a00)=0x40000) r9 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000000)=0xd) readv(r9, &(0x7f0000000700)=[{&(0x7f0000000100)=""/197, 0xc5}], 0x1) ioctl$TIOCVHANGUP(r9, 0x5437, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r8, 0x800c5012, &(0x7f0000000140)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r11 = openat$cgroup_netprio_ifpriomap(r10, &(0x7f00000006c0), 0x2, 0x0) write$cgroup_netprio_ifpriomap(r11, &(0x7f0000000280)=ANY=[@ANYBLOB="05237ec3774059b1d9cba39e31ac33cebe011707686ae3"], 0x8) ioctl$SNDCTL_DSP_SETFMT(r8, 0xc0045005, &(0x7f0000000040)=0x1000) ioctl$BTRFS_IOC_RM_DEV_V2(r3, 0x5000943a, &(0x7f0000000d40)={{r3}, 0x0, 0xc, @inherit={0x78, &(0x7f0000000200)=ANY=[@ANYBLOB="00000000000000000e0000000000000007000000000000000700000000000000200000000000000004000000000000007f00000000000000020000000000000004000000000000000500000000000000040000000000000004000000000000000b0000000000000004000000000000000300000000000000"]}, @devid}) 4.823377854s ago: executing program 2 (id=367): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f00000003c0)={0xe, {"a2e3ad099b0d09f91b5f2f0987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f323063090810e0879b0f0a75e70a9b334d959b669a240d5b0af3988f7ef31952010afde8d178708c523c92281b5b07070d075b0936cd3878130daa61d8e81a3f00005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397273ce1766769f0c91c00305d3f46635eb016d5b1dda98e2d739be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b7638354a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc3609aa24b7d520c829d095083bba2987a67399eac430d145d546a40b9f6ff14ac488ec130bb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b2860d1b3cff57d8b6d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a4f0492d48604675fde2b34cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827955e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb9754fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94e7475cb74642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd72ea4998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5ff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c58b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b50517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864af090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d885b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1a85ae7e69fd1a47a284f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cef8473b53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b344340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cccf8a97406bb5a68a1f0c4549820a73c8859dde0712ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcb7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c2e14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ec00000000000000b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a52830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec685f068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000e00f96f06817fb903729a7fb6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 4.646590057s ago: executing program 2 (id=369): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4004, 0x0, 0x0, 0x0, 0x9}}, &(0x7f0000000180)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00@\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 4.586319474s ago: executing program 2 (id=370): syz_emit_ethernet(0x6e, &(0x7f00000001c0)={@random="cfb14e407d33", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2e}, @void, {@ipv6={0x86dd, @icmpv6={0x9, 0x6, 'z&-', 0x38, 0x3a, 0x1, @local, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x8001, {0x2, 0x6, '\x00', 0x9, 0xff, 0x0, @loopback, @loopback={0xf5ffffff}, [@fragment={0x3b, 0x0, 0xe, 0x0, 0x0, 0x3, 0x65}]}}}}}}}, 0x0) 4.515204764s ago: executing program 2 (id=373): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x51b382, 0x0) mount$tmpfs(0x0, &(0x7f0000000540)='./cgroup\x00', &(0x7f0000000580), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="6d706f6c3d696e74656aa2abcdd0295ac8656c61746976653a2c302c00"]) mmap(&(0x7f0000956000/0x4000)=nil, 0x4000, 0x0, 0x8010, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000080)={0x0, 0x0}) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r3, 0x800448f0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) fcntl$addseals(0xffffffffffffffff, 0x409, 0x8) ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0186405, &(0x7f0000000200)={0x9, 0x80, {}, {0xffffffffffffffff}, 0x2, 0xfffffffc}) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000100)={0x6392038, 0xc872, {r2}, {r4}, 0xffffffff, 0x34f}) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2, 0x12, r1, 0x604ab000) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000008c0)={0xc0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000300)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x5, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r7 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r7, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x80000007, 0x8001}, 0x1c) syz_io_uring_setup(0x61cc, 0x0, &(0x7f0000000040), &(0x7f0000000000)) r8 = socket$kcm(0x29, 0x2, 0x0) io_setup(0x7f, &(0x7f0000000100)=0x0) io_submit(r9, 0x0, 0x0) move_pages(0x0, 0x0, &(0x7f0000000200), &(0x7f0000000240)=[0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYRESDEC=r0], 0x9) write$cgroup_pressure(r8, &(0x7f0000000140)={'full'}, 0xfffffdef) 4.460250276s ago: executing program 0 (id=374): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) syz_open_dev$tty20(0xc, 0x4, 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0) r5 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000940)='cpuset\x00') mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3db5359abece7334634ac708f293399a4a50c2c94757bf6cf3f352051663983ac494ca5220e88513a38da4550da04eecaa1ab4f806a01ef649d100c75dd217ff33dac6fa2a", @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB=',\x00']) r7 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x4ec, 0x340, 0x25, 0x148, 0x0, 0x60, 0x458, 0x2a8, 0x2a8, 0x458, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x44, 0x0, 0x9, 0x0, 0x1e01, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_bond\x00', 'veth0\x00', {0xff}}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@unspec=@cgroup0={{0x28}, {0x4}}, @common=@unspec=@statistic={{0x38}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x8000, 'syz0\x00', {0x481c}}}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x548) setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x9, 0x3, 0x240, 0xdc, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x1ac, 0xffffffff, 0xffffffff, 0x1ac, 0xffffffff, 0x3, &(0x7f0000000000), {[{{@uncond, 0x0, 0x94, 0xdc, 0x0, {}, [@inet=@rpfilter={{0x24}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x5, 0x8, 0x6, 'snmp_trap\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x4, [0x2, 0x5, 0x1, 0x6, 0x3, 0x3], 0x1}, {0x3, [0x6, 0x6, 0x5, 0x1, 0x4, 0x2], 0x5, 0x2}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x29c) clock_settime(0x7, 0x0) acct(&(0x7f0000000180)='./file0/file0\x00') socket$netlink(0x10, 0x3, 0x15) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[], 0x3c}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYRES8=r6], &(0x7f0000000200)='GPL\x00', 0x0, 0xfffffffffffffec8, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x94) 3.126257213s ago: executing program 2 (id=381): r0 = getpid() r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000540), 0x181440, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0) ioctl$FIONREAD(r1, 0x541b, &(0x7f0000002300)) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000080)=0x25b6, 0x4) sendmmsg$inet(r2, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4000800) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=@newlink={0x48, 0x10, 0x403, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x1810, 0x55007}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_FWD_MASK={0x6}, @IFLA_BR_GROUP_ADDR={0xa, 0x14, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000c40)=ANY=[@ANYBLOB="5800000010000100090000000000002c0000ffff", @ANYRES32=0x0, @ANYBLOB="00000000da44000024001a8020000a8014000700fe8000000000000000020040000000000500080002000000140003007866726d30"], 0x58}}, 0x40408c4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x7}], 0x1c) openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) get_robust_list(r0, &(0x7f00000004c0)=&(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)}, &(0x7f0000000500)=0xc) cachestat(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x6}, &(0x7f0000000280), 0x0) 2.687736429s ago: executing program 1 (id=382): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) write$uinput_user_dev(r0, &(0x7f0000000ec0)={'syz0\x00', {0x0, 0x0, 0x0, 0x9}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x1, 0x7, 0xe2, 0x0, 0x0, 0x5, 0x1, 0x0, 0x0, 0x5, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x6, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x8, 0xb16, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0x20, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x1000, 0x0, 0xf, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x1, 0x0, 0x0, 0x0, 0xfffffffd, 0xfffffffd, 0x0, 0xfffffffa, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x3], [0x2, 0x0, 0x8004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0xfffffffc, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xe, 0x1, 0x0, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x7, 0x8], [0xfffffffc, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc005, 0x0, 0x0, 0x80000000, 0x1000, 0x0, 0x80, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xfffffffe, 0x0, 0x0, 0x2, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000180)={'syz0\x00', {0x8, 0xfc, 0x2, 0x3}, 0x21, [0x1, 0x0, 0x6, 0xb, 0x4, 0x6, 0x7, 0x8, 0x0, 0x8, 0x401, 0xffff36fe, 0x10001, 0x5, 0x9, 0xae, 0x48, 0xfffffffa, 0x1, 0x937, 0x2, 0xfffffe18, 0x10, 0x5, 0xfffffff7, 0x9, 0x8, 0xd, 0x1, 0x3, 0x1e67, 0xe2c000, 0x9, 0x5, 0xfff, 0x8, 0xa4, 0x4, 0x5, 0x0, 0x1f, 0x40, 0x4fdd6b21, 0x4, 0x3, 0xd8b, 0x8, 0x6, 0x0, 0x56de, 0x4, 0x9, 0x3, 0x80000000, 0x1, 0x71, 0x3, 0x0, 0x1, 0x1, 0x3, 0x5, 0x6, 0x2], [0x2, 0x6, 0x80000000, 0x7, 0xa000, 0x2, 0x9, 0x80, 0x1, 0x401, 0x25, 0x1, 0x401, 0x6, 0x7dd2, 0x5, 0xffffffff, 0xffff, 0x0, 0x0, 0x1000, 0x8, 0x7, 0x8, 0x4216, 0x9, 0x4, 0x8000, 0x0, 0x4, 0x3, 0x0, 0x100, 0x76a, 0xa4c, 0x3, 0x0, 0x3, 0xffff, 0x3, 0xffffffe4, 0x6, 0xec58, 0x100, 0x80000000, 0x2, 0x31, 0x5, 0x10, 0xfffffff9, 0x2, 0x2, 0x5, 0x2, 0x5, 0xfffffffe, 0x7ff, 0x9, 0x5, 0x6, 0x18, 0x1, 0x6, 0x6], [0x9, 0x2, 0x5, 0x0, 0x9, 0x8, 0x0, 0x123, 0x500, 0x9f, 0x3, 0x2533, 0x8, 0x2, 0x4, 0x6, 0xc, 0x9, 0x800, 0x5, 0x8, 0x478, 0x1, 0x981, 0x1, 0x0, 0xd, 0x10000, 0x8, 0xb9, 0x7, 0x8, 0x7f, 0x1, 0x3e5, 0x10, 0x5, 0x9, 0x14, 0x2, 0x7, 0xfffffff7, 0x608, 0x6, 0x6, 0x400, 0xc, 0x6, 0xdb2d, 0x3, 0x7, 0x194643b4, 0x80000000, 0x300000, 0xfffeffff, 0x1ff, 0xb, 0x3, 0x400, 0x0, 0x6, 0x3, 0xad, 0x9dcd], [0xaf, 0x40, 0x4, 0x7fffffff, 0x3, 0x6, 0xfffff801, 0x9, 0xe, 0x7, 0x3, 0x1080, 0xfffffffa, 0x7f, 0x5, 0x4, 0xe0, 0x2, 0x1, 0x7, 0x92, 0x7, 0x29, 0x8, 0x2, 0x3, 0x8, 0x400, 0x1, 0x3, 0x4, 0x400, 0x4, 0xffff, 0x1, 0x6, 0x100, 0x1, 0x1, 0x1, 0x6, 0x8, 0xfffffff9, 0x100, 0x8e08, 0xa, 0x9, 0x3, 0x7, 0xb, 0x0, 0x8, 0xa7, 0x6, 0x10000, 0x0, 0x7ff, 0x9, 0x888c, 0x9, 0x7fff, 0x1, 0x4, 0x2]}, 0x45c) 2.576551946s ago: executing program 1 (id=383): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setxattr$system_posix_acl(0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="020000000100050000000000040004000000000010"], 0x24, 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r2) r4 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r4, &(0x7f0000000100)={0x0, 0x3f, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029e3b470d649b72ab25399cd956c07dead6a93690", 0x1c}], 0x1}, 0x0) recvmsg(r4, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x40002002) ioctl$XFS_IOC_SET_RESBLKS(r4, 0xc0105872, &(0x7f0000000000)={0x0, 0x1}) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002dbd7000fcdbdf250a000c000e0001006e657464657673696d0000000f0002006e657464655673696d30000008f1030003000000"], 0x3c}, 0x1, 0x0, 0x0, 0x80d0}, 0x20000080) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="740000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b030040000000004c0012800b00010067656e65766500003c0002800800050001000000140007000000000000000005000000000000000108000f"], 0x74}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0xd07, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x20945, 0x6c101}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_INTERVAL={0x8, 0x7, 0x10}, @IFLA_BOND_ARP_IP_TARGET={0x8, 0x8, 0x0, 0x1, [@multicast1]}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x6}, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f00000000c0)={0x2, 0x0, [{0x7, 0x1, 0x1, 0x0, @adapter={0x4, 0x101, 0x376, 0x3, 0x7}}, {0x9, 0x5, 0x0, 0x0, @msi={0x2, 0x7f, 0x400000, 0x6}}]}) ioctl$KVM_RUN(r7, 0xae80, 0x0) 2.486545472s ago: executing program 0 (id=384): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='westwood', 0x8) sendmmsg$inet(r0, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000140)="91f8", 0x240}], 0x1}}, {{0x0, 0x7d0, &(0x7f00000005c0)=[{&(0x7f0000000b80)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001129dbacbfd4924d7545517fd18b5d299", 0x6e}], 0x1}}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000640)="42e013913edbeb683c44e18a52b5a2462064ddd92caaba941de80d06047dedb7eeeff3a27eacf4c416b6979d6c918608807c44d01535dbaab3b390086e4fd43c6b5931187023646d6beac2340fdc7a0d81214ac76a818f64d287311e8828dfd3e3dd67efdb129a6e52745d1540", 0x6d}], 0x1}}], 0x3, 0x2090) 2.415312542s ago: executing program 0 (id=385): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x141042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$vimc0(0xffffff9c, 0x0, 0x2, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x3) socketpair$nbd(0x1, 0x1, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000400)) r3 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r3, &(0x7f0000000140), 0x0, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000000)={0x0, 0xa6, 0xa9, 0x7, 0x9, 0x6, 0x99, 0x7, 0x0, 0x6, 0x7, 0x1, 0x0, 0x7}, 0xe) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0xf, 0x80000002}, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 2.235431092s ago: executing program 1 (id=386): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x141042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$vimc0(0xffffff9c, 0x0, 0x2, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x3) socketpair$nbd(0x1, 0x1, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000400)) r3 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r3, &(0x7f0000000140), 0x0, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) listen(r3, 0xda90) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000000)={0x0, 0xa6, 0xa9, 0x7, 0x9, 0x6, 0x99, 0x7, 0x0, 0x6, 0x7, 0x1, 0x0, 0x7}, 0xe) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0xf, 0x80000002}, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 1.436278189s ago: executing program 0 (id=387): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x3, 'dh\x00', 0x1, 0x7, 0x49}, 0x2c) r2 = landlock_create_ruleset(&(0x7f0000000000)={0x0, 0x3}, 0x10, 0x0) readv(r2, &(0x7f00000009c0)=[{&(0x7f0000000740)=""/156, 0x9c}], 0x1) setsockopt$IP_VS_SO_SET_EDITDEST(r1, 0x0, 0x489, &(0x7f0000000300)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'fo\x00', 0x0, 0x0, 0x38}, {@multicast1, 0x4e21, 0x0, 0x6, 0x4, 0x7f}}, 0x44) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000900)=@newtaction={0x6c, 0x30, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [{0x58, 0x1, [@m_bpf={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x5}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x3, 0xef, 0x1, 0x8000, 0x2}}, @TCA_ACT_BPF_FD={0x8}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4081}, 0x2400c800) r4 = socket$pppl2tp(0x18, 0x1, 0x1) r5 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x31}}, 0x2, 0x0, 0x4}}, 0x2e) r6 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e21, @loopback}, 0x2, 0x4}}, 0x26) ioctl$PPPIOCGMRU(r6, 0x80047453, &(0x7f0000000140)) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000000)={0x270, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x2, 0x400000000000003, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast2}}, @sadb_sa={0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty}}, @sadb_x_nat_t_port={0x1, 0x15}, @sadb_x_nat_t_type={0x1}]}, 0x80}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x10, 0x11, 0x0, 0x1, @counter={{0xc}, @void}}]}, @NFT_MSG_NEWSETELEM={0x140, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x114, 0x3, 0x0, 0x1, [{0x110, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_USERDATA={0x103, 0x6, 0x1, 0x0, "2f11e7ef8e766bc851286d7b851917a8c4428e9e9e091293cae490c16826a3c85a205f678852b43a06c61d63ba42373a00bb7c1ad7f1758c6b2ce8b1f597542c5b20d1abf3d9cba06aa296695acaa0facffbd68f6cafc22503df4d5c27c256f0b4f6c49fa2d43becd9c27d04488658cebd38947517a7ab12195f2e5a26fccf5baa41dc0bb3b777019eabb057c0db7069c109a9f969da3d7fa87b35f7cad005636d9e278b22a111b90dda70832b9773e6c964339bb3c4185e0ceb9a1cf08e553c244fba9bf1f098ed541e3501b56b576e78f951702b8be38082aacc094274456d93eff9f781adecbc6401bb5575b1d0d0dbf948cc15c194fb002ddc28f42b06"}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x1d4}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r8 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000500), 0x141002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r8, 0xc0045005, &(0x7f0000000a00)=0x40000) r9 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000000)=0xd) readv(r9, &(0x7f0000000700)=[{&(0x7f0000000100)=""/197, 0xc5}], 0x1) ioctl$TIOCVHANGUP(r9, 0x5437, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r8, 0x800c5012, &(0x7f0000000140)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r11 = openat$cgroup_netprio_ifpriomap(r10, &(0x7f00000006c0), 0x2, 0x0) write$cgroup_netprio_ifpriomap(r11, &(0x7f0000000280)=ANY=[@ANYBLOB="05237ec3774059b1d9cba39e31ac33cebe011707686ae3"], 0x8) ioctl$SNDCTL_DSP_SETFMT(r8, 0xc0045005, &(0x7f0000000040)=0x1000) ioctl$BTRFS_IOC_RM_DEV_V2(r3, 0x5000943a, &(0x7f0000000d40)={{r3}, 0x0, 0xc, @inherit={0x78, &(0x7f0000000200)=ANY=[@ANYBLOB="00000000000000000e0000000000000007000000000000000700000000000000200000000000000004000000000000007f00000000000000020000000000000004000000000000000500000000000000040000000000000004000000000000000b0000000000000004000000000000000300000000000000"]}, @devid}) 1.246710243s ago: executing program 3 (id=388): openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6(0xa, 0x1, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fsopen(&(0x7f0000000040)='cgroup2\x00', 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$netlink(0x10, 0x3, 0x9) mkdir(&(0x7f0000000080)='./file0\x00', 0xe8) socket$nl_xfrm(0x10, 0x3, 0x6) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet(0x2, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e26, @broadcast}, {0x2, 0x4e21, @local}, {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4a, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x4, 0x8}) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48885) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) 1.173031901s ago: executing program 3 (id=389): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) r1 = fspick(r0, &(0x7f00000000c0)='.\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x1804499, 0x0) chdir(&(0x7f0000000100)='./file0\x00') seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x2, &(0x7f0000000000)=[{0x9, 0xb9, 0x40, 0x1}, {0x5, 0x5d, 0xd1}]}) open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x1df2a23c5997fa7b) 1.146598705s ago: executing program 1 (id=390): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x141042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$vimc0(0xffffff9c, 0x0, 0x2, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x3) socketpair$nbd(0x1, 0x1, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000400)) r3 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r3, &(0x7f0000000140), 0x0, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) listen(r3, 0xda90) r4 = accept4(r3, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000000)={0x0, 0xa6, 0xa9, 0x7, 0x9, 0x6, 0x99, 0x7, 0x0, 0x6, 0x7, 0x1, 0x0, 0x7}, 0xe) shutdown(0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) pipe(0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x20000000, 0x3, 0xfffffffffffffffc, 0x0, 0x0, 0x2004cb, 0x3, 0x0, 0xfffffffffffffff8, 0x0, 0xfffffffffffff2a7, 0x2000000000003ff, 0x2]}) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0xf, 0x80000002}, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) ioctl$GIO_FONTX(r1, 0x4b6b, &(0x7f0000000080)={0xe6, 0x5, &(0x7f0000000880)}) write$P9_RSETATTR(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x1b, 0x1}, 0x7) 1.110327404s ago: executing program 0 (id=391): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000080), 0x45ffffb, 0x122c42) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001ac0)={r0, 0x0, {0x0, 0x0, 0x0, 0x1, 0x1ffffe, 0x0, 0x0, 0x0, 0x4, "339f020bbe82b38b000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef6a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200"}}) r2 = syz_open_dev$loop(&(0x7f0000000700), 0x47d, 0x0) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000005c0)={r1, 0x800, {0x2a00, 0x80010000, 0x1f, 0x5, 0x0, 0x0, 0x0, 0x1e, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}}) 990.953484ms ago: executing program 3 (id=392): r0 = socket$kcm(0x10, 0x6, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x200a4800) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000001280)=ANY=[@ANYBLOB="840100001800010000000000000000001d0109004d000f8025b57e35619bf282cfcd8fba0cb7f2934efacde0a223b473fe77f3e5ba760d3793b2f943b7528ea34883bc4a506cf756740574b89d396af9b59638700500000005006f88d6e1db9b2f"], 0x184}}, 0x0) recvmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4135, 0x1027}], 0x1}, 0x42) mknod$loop(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000080)={0x4, 0x10ffff, 0xfffffffd}) r3 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xc, &(0x7f0000000040)=@assoc_value, &(0x7f0000000000)=0xfffffffffffffff8) read$FUSE(r2, &(0x7f0000006380)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r2, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0x1, 0x38775951944642b9, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0xf}}, 0x50) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a1d010000000000000000020000000900010073797a3000000000080002400000000098"], 0xfc}}, 0x0) r5 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xffffffffffffffba, &(0x7f0000000080)=[{&(0x7f0000000500)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00b17d10cc40a8894fb96648e582006e9644fb02faf23884372d474d8235b094550aff7f", 0x33fe0}], 0x1}, 0x8000) 961.1867ms ago: executing program 3 (id=393): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000a479df"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r0, 0x2000000, 0xe, 0x0, &(0x7f0000000600)="c9f7b98600"/14, 0x0, 0x7ffd, 0xf0ffff, 0x0, 0x0, 0x0, 0x0}, 0x50) 806.46725ms ago: executing program 3 (id=394): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000000000000070000008500000017000000850000000e00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f00000003c0)="e0274292762f860100000000feff", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 736.533277ms ago: executing program 3 (id=395): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x141042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$vimc0(0xffffff9c, 0x0, 0x2, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x3) socketpair$nbd(0x1, 0x1, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000400)) socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000000)={0x0, 0xa6, 0xa9, 0x7, 0x9, 0x6, 0x99, 0x7, 0x0, 0x6, 0x7, 0x1, 0x0, 0x7}, 0xe) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0xf, 0x80000002}, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 102.821704ms ago: executing program 0 (id=396): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x8ad01, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'s526\x00', [0x7ff, 0xd7b, 0x1, 0x4, 0x5, 0x5, 0x9, 0x9, 0x401, 0xfd, 0x2, 0x80000001, 0x1, 0x3, 0x6, 0x6a, 0x3, 0xc7c, 0x3, 0x40000003, 0x89, 0xcaa3, 0x400, 0x20001e57, 0x3, 0x2000e67, 0x3, 0x1, 0x4, 0x0, 0x9]}) (fail_nth: 7) 7.932131ms ago: executing program 1 (id=397): openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6(0xa, 0x1, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fsopen(&(0x7f0000000040)='cgroup2\x00', 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$netlink(0x10, 0x3, 0x9) mkdir(&(0x7f0000000080)='./file0\x00', 0xe8) socket$nl_xfrm(0x10, 0x3, 0x6) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet(0x2, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e26, @broadcast}, {0x2, 0x4e21, @local}, {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4a, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x4, 0x8}) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48885) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) 0s ago: executing program 1 (id=398): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000280)=0x1, 0x4) sendmmsg$inet(r0, &(0x7f0000000040)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000240)="d2a7b3", 0x3}, {&(0x7f0000000400)="e06bd3f745", 0xfcfd}, {&(0x7f0000000500)="86e9a0d8", 0x4}, {&(0x7f00000005c0)="25062456", 0x4}], 0x4}, 0xf5}], 0x1, 0x4000800) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:35084' (ED25519) to the list of known hosts. syzkaller login: [ 108.655909][ T5889] cgroup: Unknown subsys name 'net' [ 108.812573][ T5889] cgroup: Unknown subsys name 'cpuset' [ 108.826360][ T5889] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 111.425967][ T5889] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 119.528113][ T29] cfg80211: failed to load regulatory.db [ 121.154558][ T5953] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 121.156775][ T5951] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 121.158162][ T5953] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 121.165336][ T5955] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 121.165419][ T5953] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 121.187505][ T5957] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 121.188666][ T5953] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 121.192110][ T5957] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 121.203484][ T5953] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 121.203566][ T5957] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 121.204626][ T5955] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 121.206424][ T5953] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 121.211114][ T5960] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 121.217462][ T5953] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 121.218276][ T5961] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 121.218748][ T5960] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 121.226876][ T5961] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 121.228656][ T5290] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 121.230628][ T63] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 121.237486][ T5947] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 121.601470][ T5944] chnl_net:caif_netlink_parms(): no params data found [ 121.665856][ T5949] chnl_net:caif_netlink_parms(): no params data found [ 121.685216][ T5946] chnl_net:caif_netlink_parms(): no params data found [ 121.748893][ T5945] chnl_net:caif_netlink_parms(): no params data found [ 121.773577][ T5944] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.776806][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.779237][ T5944] bridge_slave_0: entered allmulticast mode [ 121.781984][ T5944] bridge_slave_0: entered promiscuous mode [ 121.821441][ T5944] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.824357][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.827011][ T5944] bridge_slave_1: entered allmulticast mode [ 121.829918][ T5944] bridge_slave_1: entered promiscuous mode [ 121.903056][ T5949] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.906943][ T5949] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.910242][ T5949] bridge_slave_0: entered allmulticast mode [ 121.914775][ T5949] bridge_slave_0: entered promiscuous mode [ 121.927894][ T5944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 121.939378][ T5944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 121.950523][ T5949] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.953822][ T5949] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.956534][ T5949] bridge_slave_1: entered allmulticast mode [ 121.959338][ T5949] bridge_slave_1: entered promiscuous mode [ 122.011727][ T5946] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.015141][ T5946] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.018554][ T5946] bridge_slave_0: entered allmulticast mode [ 122.021911][ T5946] bridge_slave_0: entered promiscuous mode [ 122.038378][ T5945] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.041386][ T5945] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.044495][ T5945] bridge_slave_0: entered allmulticast mode [ 122.048016][ T5945] bridge_slave_0: entered promiscuous mode [ 122.052780][ T5944] team0: Port device team_slave_0 added [ 122.065016][ T5946] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.067719][ T5946] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.070360][ T5946] bridge_slave_1: entered allmulticast mode [ 122.075747][ T5946] bridge_slave_1: entered promiscuous mode [ 122.089638][ T5945] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.092591][ T5945] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.095697][ T5945] bridge_slave_1: entered allmulticast mode [ 122.100405][ T5945] bridge_slave_1: entered promiscuous mode [ 122.116630][ T5944] team0: Port device team_slave_1 added [ 122.131759][ T5949] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 122.164101][ T5945] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 122.169298][ T5949] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 122.173905][ T5946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 122.178205][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 122.181361][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 122.190443][ T5944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 122.198925][ T5945] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 122.222636][ T5946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 122.227258][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 122.229768][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 122.239483][ T5944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 122.302305][ T5949] team0: Port device team_slave_0 added [ 122.306599][ T5945] team0: Port device team_slave_0 added [ 122.321725][ T5946] team0: Port device team_slave_0 added [ 122.325660][ T5949] team0: Port device team_slave_1 added [ 122.329880][ T5945] team0: Port device team_slave_1 added [ 122.349008][ T5946] team0: Port device team_slave_1 added [ 122.376788][ T5944] hsr_slave_0: entered promiscuous mode [ 122.379502][ T5944] hsr_slave_1: entered promiscuous mode [ 122.410765][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 122.413330][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 122.421741][ T5949] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 122.426603][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 122.429107][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 122.438380][ T5949] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 122.446893][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 122.449505][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 122.459048][ T5946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 122.463730][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 122.466784][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 122.476664][ T5945] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 122.483814][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 122.486723][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 122.497569][ T5945] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 122.503430][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 122.506471][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 122.517971][ T5946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 122.591978][ T5949] hsr_slave_0: entered promiscuous mode [ 122.595261][ T5949] hsr_slave_1: entered promiscuous mode [ 122.597755][ T5949] debugfs: 'hsr0' already exists in 'hsr' [ 122.599764][ T5949] Cannot create hsr debugfs directory [ 122.646033][ T5945] hsr_slave_0: entered promiscuous mode [ 122.649374][ T5945] hsr_slave_1: entered promiscuous mode [ 122.652492][ T5945] debugfs: 'hsr0' already exists in 'hsr' [ 122.655868][ T5945] Cannot create hsr debugfs directory [ 122.682242][ T5946] hsr_slave_0: entered promiscuous mode [ 122.684763][ T5946] hsr_slave_1: entered promiscuous mode [ 122.686967][ T5946] debugfs: 'hsr0' already exists in 'hsr' [ 122.689242][ T5946] Cannot create hsr debugfs directory [ 123.011098][ T5944] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 123.021340][ T5944] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 123.030917][ T5944] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 123.048343][ T5944] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 123.100611][ T5949] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 123.110693][ T5949] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 123.128223][ T5949] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 123.138940][ T5949] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 123.193923][ T5945] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 123.199633][ T5945] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 123.206845][ T5945] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 123.223580][ T5945] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 123.256115][ T5946] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 123.268885][ T5946] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 123.274074][ T5946] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 123.281967][ T5946] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 123.288119][ T5951] Bluetooth: hci3: command tx timeout [ 123.288162][ T5947] Bluetooth: hci2: command tx timeout [ 123.288176][ T5961] Bluetooth: hci0: command tx timeout [ 123.289123][ T63] Bluetooth: hci1: command tx timeout [ 123.338362][ T5944] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.376884][ T5949] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.400278][ T5949] 8021q: adding VLAN 0 to HW filter on device team0 [ 123.404534][ T5944] 8021q: adding VLAN 0 to HW filter on device team0 [ 123.417467][ T530] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.419965][ T530] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.432597][ T5946] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.442830][ T530] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.445907][ T530] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.450781][ T530] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.453715][ T530] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.466647][ T5946] 8021q: adding VLAN 0 to HW filter on device team0 [ 123.472001][ T173] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.475142][ T173] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.486577][ T5945] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.509618][ T55] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.511930][ T55] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.541232][ T55] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.544392][ T55] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.557521][ T5945] 8021q: adding VLAN 0 to HW filter on device team0 [ 123.570961][ T55] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.574404][ T55] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.591004][ T55] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.593542][ T55] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.652698][ T5946] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 123.805460][ T5944] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 123.841259][ T5949] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 123.856089][ T5945] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 123.872844][ T5946] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 123.906998][ T5944] veth0_vlan: entered promiscuous mode [ 123.926838][ T5944] veth1_vlan: entered promiscuous mode [ 123.949684][ T5945] veth0_vlan: entered promiscuous mode [ 123.955214][ T5949] veth0_vlan: entered promiscuous mode [ 123.962592][ T5949] veth1_vlan: entered promiscuous mode [ 123.975558][ T5945] veth1_vlan: entered promiscuous mode [ 123.996761][ T5946] veth0_vlan: entered promiscuous mode [ 124.025065][ T5944] veth0_macvtap: entered promiscuous mode [ 124.034028][ T5945] veth0_macvtap: entered promiscuous mode [ 124.041040][ T5945] veth1_macvtap: entered promiscuous mode [ 124.058867][ T5946] veth1_vlan: entered promiscuous mode [ 124.063721][ T5944] veth1_macvtap: entered promiscuous mode [ 124.071961][ T5949] veth0_macvtap: entered promiscuous mode [ 124.090032][ T5949] veth1_macvtap: entered promiscuous mode [ 124.115773][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 124.129330][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 124.133723][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 124.138649][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 124.147215][ T5946] veth0_macvtap: entered promiscuous mode [ 124.152445][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 124.160332][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 124.166542][ T5946] veth1_macvtap: entered promiscuous mode [ 124.193810][ T530] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.197852][ T530] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.208952][ T530] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.212916][ T530] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.232199][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 124.235655][ T530] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.239732][ T530] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.249932][ T530] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.254831][ T530] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.265318][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 124.275249][ T530] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.290959][ T530] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.295248][ T530] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.322804][ T530] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.343277][ T530] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.347105][ T530] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.350849][ T530] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.365053][ T530] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.377072][ T173] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.384637][ T173] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.413371][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.416024][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.450876][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.454626][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.465495][ T285] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.468723][ T173] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.471659][ T285] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.474603][ T173] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.519044][ T173] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.521702][ T173] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.536616][ T5949] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 124.624139][ T173] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.648299][ T55] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.659379][ T173] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.663504][ T55] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.714686][ T6037] Zero length message leads to an empty skb [ 124.827075][ T6043] netlink: 'syz.2.3': attribute type 4 has an invalid length. [ 124.862290][ T6046] Bluetooth: MGMT ver 1.23 [ 124.924745][ T6045] process 'syz.1.2' launched './file1' with NULL argv: empty string added [ 125.364543][ T5947] Bluetooth: hci0: command tx timeout [ 125.364903][ T63] Bluetooth: hci3: command tx timeout [ 125.365074][ T5961] Bluetooth: hci2: command tx timeout [ 125.372415][ T5951] Bluetooth: hci1: command tx timeout [ 125.706114][ T6037] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'. [ 125.892932][ T6059] netlink: 6040 bytes leftover after parsing attributes in process `syz.3.7'. [ 125.953320][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 125.958821][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 125.962098][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 126.267731][ T6068] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9'. [ 126.515734][ T0] NOHZ tick-stop error: local softirq work is pending, handler #0a!!! [ 126.521186][ T0] NOHZ tick-stop error: local softirq work is pending, handler #0a!!! [ 126.530646][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 126.644676][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 126.714854][ T6071] netlink: 'syz.3.10': attribute type 27 has an invalid length. [ 126.900167][ T6071] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.904788][ T6071] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.044378][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 127.048201][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 127.143297][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 127.453725][ T63] Bluetooth: hci1: command tx timeout [ 127.457021][ T5947] Bluetooth: hci2: command tx timeout [ 127.459499][ T5947] Bluetooth: hci3: command tx timeout [ 127.462031][ T5951] Bluetooth: hci0: command tx timeout [ 127.646150][ T6071] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 127.652007][ T6071] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 128.124699][ T6086] syzkaller0: entered promiscuous mode [ 128.139446][ T6086] syzkaller0: entered allmulticast mode [ 128.147091][ T72] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.151795][ T72] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.422879][ T6111] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 129.524719][ T63] Bluetooth: hci1: command tx timeout [ 129.531277][ T5951] Bluetooth: hci0: command tx timeout [ 129.534272][ T5961] Bluetooth: hci2: command tx timeout [ 129.536669][ T5947] Bluetooth: hci3: command tx timeout [ 130.033340][ T72] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.038789][ T72] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.168178][ T6121] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 130.181956][ T6121] netlink: 'syz.1.21': attribute type 4 has an invalid length. [ 130.186354][ T6121] netlink: 'syz.1.21': attribute type 2 has an invalid length. [ 130.804964][ T6132] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 130.807381][ T6132] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 130.811428][ T6132] vhci_hcd vhci_hcd.0: Device attached [ 130.830980][ T6132] random: crng reseeded on system resumption [ 131.073277][ T6014] usb 42-1: SetAddress Request (2) to port 0 [ 131.075497][ T6014] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd [ 131.341694][ T6138] netlink: 8 bytes leftover after parsing attributes in process `syz.0.23'. [ 131.396295][ T6133] vhci_hcd: connection reset by peer [ 131.401187][ T42] vhci_hcd vhci_hcd.2: stop threads [ 131.404512][ T42] vhci_hcd vhci_hcd.2: release socket [ 131.407402][ T42] vhci_hcd vhci_hcd.2: disconnect device [ 132.100443][ T6152] netlink: 'syz.2.30': attribute type 4 has an invalid length. [ 132.329175][ T6156] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 132.334499][ T6156] netlink: 4 bytes leftover after parsing attributes in process `syz.3.32'. [ 132.535432][ T6172] netlink: 20 bytes leftover after parsing attributes in process `syz.0.35'. [ 132.539813][ T6172] netlink: 4 bytes leftover after parsing attributes in process `syz.0.35'. [ 133.022235][ T6179] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 133.024804][ T6179] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 133.032100][ T6179] vhci_hcd vhci_hcd.0: Device attached [ 133.048456][ T6179] random: crng reseeded on system resumption [ 133.323267][ T29] usb 44-1: SetAddress Request (2) to port 0 [ 133.326338][ T29] usb 44-1: new SuperSpeed USB device number 2 using vhci_hcd [ 133.666106][ T6180] vhci_hcd: connection reset by peer [ 133.670069][ T42] vhci_hcd vhci_hcd.3: stop threads [ 133.676308][ T42] vhci_hcd vhci_hcd.3: release socket [ 133.679249][ T42] vhci_hcd vhci_hcd.3: disconnect device [ 133.872137][ T6188] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 134.378704][ T6196] tmpfs: Cannot change global quota limit on remount [ 134.393132][ T6200] warning: `syz.1.44' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 134.435858][ T6203] netlink: 4 bytes leftover after parsing attributes in process `syz.2.47'. [ 135.063516][ T6231] 8021q: adding VLAN 0 to HW filter on device bond1 [ 135.132630][ T6231] bond1: (slave ip6gretap1): making interface the new active one [ 135.137221][ T6231] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 135.143633][ T6231] usb usb9: usbfs: process 6231 (syz.3.57) did not claim interface 0 before use [ 135.149860][ T6230] block nbd3: shutting down sockets [ 136.137077][ T6242] 9pnet_fd: p9_fd_create_tcp (6242): problem connecting socket to 127.0.0.1 [ 136.173816][ T6014] usb 42-1: device descriptor read/8, error -110 [ 136.343567][ T6254] netlink: 4 bytes leftover after parsing attributes in process `syz.0.64'. [ 136.403745][ T6255] netlink: 8 bytes leftover after parsing attributes in process `syz.2.62'. [ 136.574460][ T6014] usb usb42-port1: attempt power cycle [ 136.578523][ T6255] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 136.659785][ T6262] bond1: entered promiscuous mode [ 137.143204][ T6014] usb usb42-port1: unable to enumerate USB device [ 137.369109][ T6284] netlink: 24 bytes leftover after parsing attributes in process `syz.3.73'. [ 137.481457][ T6290] netlink: 4 bytes leftover after parsing attributes in process `syz.3.75'. [ 137.487058][ T6290] netlink: 104 bytes leftover after parsing attributes in process `syz.3.75'. [ 137.491169][ T6290] netlink: 104 bytes leftover after parsing attributes in process `syz.3.75'. [ 137.994476][ T6296] 8021q: adding VLAN 0 to HW filter on device bond2 [ 138.188978][ T6308] netlink: 24 bytes leftover after parsing attributes in process `syz.3.82'. [ 138.403477][ T29] usb 44-1: device descriptor read/8, error -110 [ 138.936127][ T29] usb usb44-port1: attempt power cycle [ 139.340506][ T6330] netlink: 20 bytes leftover after parsing attributes in process `syz.2.88'. [ 139.344177][ T6330] netlink: 4 bytes leftover after parsing attributes in process `syz.2.88'. [ 139.613653][ T29] usb usb44-port1: unable to enumerate USB device [ 139.662269][ T6334] FAULT_INJECTION: forcing a failure. [ 139.662269][ T6334] name failslab, interval 1, probability 0, space 0, times 1 [ 139.669292][ T6334] CPU: 1 UID: 0 PID: 6334 Comm: syz.1.90 Not tainted syzkaller #0 PREEMPT(full) [ 139.669320][ T6334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 139.669357][ T6334] Call Trace: [ 139.669365][ T6334] [ 139.669373][ T6334] dump_stack_lvl+0x100/0x190 [ 139.669410][ T6334] should_fail_ex.cold+0x5/0xa [ 139.669436][ T6334] should_failslab+0xc2/0x120 [ 139.669456][ T6334] __kmalloc_cache_noprof+0x7a/0x6f0 [ 139.669481][ T6334] ? __request_region+0x5c/0xf0 [ 139.669512][ T6334] __request_region+0x5c/0xf0 [ 139.669539][ T6334] comedi_request_region+0x6d/0x100 [ 139.669564][ T6334] s526_attach+0x54/0x800 [ 139.669589][ T6334] comedi_device_attach+0x3d2/0x660 [ 139.669614][ T6334] do_devconfig_ioctl+0x1b3/0x6d0 [ 139.669638][ T6334] ? comedi_unlocked_ioctl+0x180/0x3310 [ 139.669667][ T6334] ? __pfx_do_devconfig_ioctl+0x10/0x10 [ 139.669703][ T6334] ? tomoyo_path_number_perm+0x46d/0x580 [ 139.669730][ T6334] ? kasan_save_stack+0x3f/0x50 [ 139.669755][ T6334] ? kasan_save_stack+0x30/0x50 [ 139.669778][ T6334] ? kasan_save_track+0x14/0x30 [ 139.669802][ T6334] ? kasan_save_free_info+0x3b/0x70 [ 139.669828][ T6334] comedi_unlocked_ioctl+0x860/0x3310 [ 139.669864][ T6334] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 139.669908][ T6334] ? tomoyo_path_number_perm+0x46d/0x580 [ 139.669936][ T6334] ? kasan_quarantine_put+0x104/0x240 [ 139.669960][ T6334] ? lockdep_hardirqs_on+0x78/0x100 [ 139.669985][ T6334] ? find_held_lock+0x2b/0x80 [ 139.670002][ T6334] ? tomoyo_path_number_perm+0x28f/0x580 [ 139.670027][ T6334] ? tomoyo_path_number_perm+0x28f/0x580 [ 139.670058][ T6334] ? tomoyo_path_number_perm+0x188/0x580 [ 139.670089][ T6334] comedi_compat_ioctl+0x438/0xe20 [ 139.670118][ T6334] ? __pfx_comedi_compat_ioctl+0x10/0x10 [ 139.670164][ T6334] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 139.670195][ T6334] ? do_vfs_ioctl+0x226/0x13e0 [ 139.670219][ T6334] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 139.670251][ T6334] ? find_held_lock+0x2b/0x80 [ 139.670266][ T6334] ? hook_file_ioctl_common+0x146/0x410 [ 139.670300][ T6334] ? __fget_files+0x21f/0x3d0 [ 139.670332][ T6334] ? __pfx_comedi_compat_ioctl+0x10/0x10 [ 139.670364][ T6334] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 139.670392][ T6334] __do_fast_syscall_32+0xe3/0x8c0 [ 139.670417][ T6334] do_fast_syscall_32+0x32/0x70 [ 139.670438][ T6334] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 139.670459][ T6334] RIP: 0023:0xf704ef6c [ 139.670474][ T6334] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 139.670490][ T6334] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 139.670506][ T6334] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040946400 [ 139.670516][ T6334] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 139.670525][ T6334] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 139.670535][ T6334] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 139.670545][ T6334] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 139.670569][ T6334] [ 139.670681][ T6334] comedi comedi3: s526: I/O port conflict (0x7ff,64) [ 139.861237][ T6336] netlink: 6040 bytes leftover after parsing attributes in process `syz.0.89'. [ 140.079774][ T6344] loop5: detected capacity change from 0 to 4095 [ 140.091807][ T6346] openvswitch: netlink: Message has 8 unknown bytes. [ 140.107504][ T6344] loop9: detected capacity change from 0 to 4094 [ 140.210618][ T5954] Buffer I/O error on dev loop9, logical block 511, async page read [ 140.222950][ T40] audit: type=1326 audit(1772097986.741:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6349 comm="syz.1.95" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 140.230585][ T40] audit: type=1326 audit(1772097986.741:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6349 comm="syz.1.95" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 140.242600][ T40] audit: type=1326 audit(1772097986.741:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6349 comm="syz.1.95" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 140.251813][ T40] audit: type=1326 audit(1772097986.761:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6349 comm="syz.1.95" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 140.260736][ T40] audit: type=1326 audit(1772097986.761:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6349 comm="syz.1.95" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 140.268881][ T40] audit: type=1326 audit(1772097986.761:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6349 comm="syz.1.95" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 140.276131][ T40] audit: type=1326 audit(1772097986.761:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6349 comm="syz.1.95" exe="/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 140.289027][ T40] audit: type=1326 audit(1772097986.811:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6349 comm="syz.1.95" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 140.296378][ T40] audit: type=1326 audit(1772097986.811:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6349 comm="syz.1.95" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 140.303773][ T40] audit: type=1326 audit(1772097986.811:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6349 comm="syz.1.95" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf704ef6c code=0x7ffc0000 [ 140.632059][ T6375] syzkaller0: entered promiscuous mode [ 140.634735][ T6375] syzkaller0: entered allmulticast mode [ 140.898983][ T6391] tipc: Started in network mode [ 140.900772][ T6391] tipc: Node identity fe800000000000000000000000000016, cluster identity 4711 [ 140.909947][ T6391] tipc: Enabled bearer , priority 10 [ 141.089193][ T6410] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.092224][ T6410] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.747747][ T6427] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 142.034814][ T34] tipc: Node number set to 4269801494 [ 142.915427][ T6442] netlink: 'syz.3.125': attribute type 3 has an invalid length. [ 143.021260][ T6446] __nla_validate_parse: 6 callbacks suppressed [ 143.021279][ T6446] netlink: 20 bytes leftover after parsing attributes in process `syz.3.127'. [ 143.045757][ T6446] bridge1: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms) [ 143.053523][ T6446] bridge1: entered promiscuous mode [ 143.302825][ T6452] netlink: 8 bytes leftover after parsing attributes in process `syz.3.129'. [ 143.825772][ T6463] syz.0.140: vmalloc error: size 2147479872, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 143.831160][ T6463] CPU: 1 UID: 0 PID: 6463 Comm: syz.0.140 Not tainted syzkaller #0 PREEMPT(full) [ 143.831186][ T6463] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 143.831198][ T6463] Call Trace: [ 143.831205][ T6463] [ 143.831212][ T6463] dump_stack_lvl+0x100/0x190 [ 143.831246][ T6463] warn_alloc.cold+0x95/0x1c1 [ 143.831279][ T6463] ? __pfx_warn_alloc+0x10/0x10 [ 143.831309][ T6463] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 143.831336][ T6463] ? __lock_acquire+0x4a5/0x2630 [ 143.831361][ T6463] ? __lock_acquire+0x4a5/0x2630 [ 143.831387][ T6463] __vmalloc_node_range_noprof+0x1252/0x1530 [ 143.831410][ T6463] ? do_raw_spin_lock+0x128/0x260 [ 143.831439][ T6463] ? netlink_alloc_large_skb+0x9b/0x150 [ 143.831465][ T6463] ? alloc_pages_mpol+0x25a/0x550 [ 143.831487][ T6463] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 143.831514][ T6463] ? rcu_is_watching+0x12/0xc0 [ 143.831551][ T6463] __kvmalloc_node_noprof+0x3de/0xa00 [ 143.831585][ T6463] ? netlink_alloc_large_skb+0x9b/0x150 [ 143.831607][ T6463] ? netlink_alloc_large_skb+0x9b/0x150 [ 143.831637][ T6463] netlink_alloc_large_skb+0x9b/0x150 [ 143.831663][ T6463] netlink_sendmsg+0x680/0xda0 [ 143.831693][ T6463] ? __pfx_netlink_sendmsg+0x10/0x10 [ 143.831719][ T6463] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 143.831749][ T6463] sock_write_iter+0x566/0x610 [ 143.831777][ T6463] ? __pfx_sock_write_iter+0x10/0x10 [ 143.831808][ T6463] ? bpf_lsm_file_permission+0x9/0x10 [ 143.831833][ T6463] ? security_file_permission+0x76/0x210 [ 143.831864][ T6463] ? rw_verify_area+0xce/0x6d0 [ 143.831892][ T6463] vfs_write+0x6ac/0x1070 [ 143.831919][ T6463] ? __pfx_sock_write_iter+0x10/0x10 [ 143.831976][ T6463] ? __pfx_vfs_write+0x10/0x10 [ 143.832001][ T6463] ? find_held_lock+0x2b/0x80 [ 143.832035][ T6463] ksys_write+0x1f8/0x250 [ 143.832063][ T6463] ? __pfx_ksys_write+0x10/0x10 [ 143.832100][ T6463] __do_fast_syscall_32+0xe3/0x8c0 [ 143.832126][ T6463] do_fast_syscall_32+0x32/0x70 [ 143.832148][ T6463] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 143.832171][ T6463] RIP: 0023:0xf7fb6f6c [ 143.832186][ T6463] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 143.832202][ T6463] RSP: 002b:00000000f547650c EFLAGS: 00000292 ORIG_RAX: 0000000000000004 [ 143.832221][ T6463] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000280 [ 143.832233][ T6463] RDX: 00000000ffffff03 RSI: 0000000000000000 RDI: 0000000000000000 [ 143.832245][ T6463] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 143.832255][ T6463] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 143.832267][ T6463] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 143.832292][ T6463] [ 143.832300][ T6463] Mem-Info: [ 143.970679][ T6463] active_anon:22893 inactive_anon:13 isolated_anon:0 [ 143.970679][ T6463] active_file:13261 inactive_file:36667 isolated_file:0 [ 143.970679][ T6463] unevictable:1768 dirty:370 writeback:0 [ 143.970679][ T6463] slab_reclaimable:9112 slab_unreclaimable:50887 [ 143.970679][ T6463] mapped:33377 shmem:19933 pagetables:1116 [ 143.970679][ T6463] sec_pagetables:305 bounce:0 [ 143.970679][ T6463] kernel_misc_reclaimable:0 [ 143.970679][ T6463] free:30145 free_pcp:13782 free_cma:0 [ 144.023216][ T6463] Node 0 active_anon:4kB inactive_anon:52kB active_file:616kB inactive_file:192kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:572kB dirty:212kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8672kB pagetables:1608kB sec_pagetables:1132kB all_unreclaimable? yes Balloon:0kB [ 144.041055][ T6463] Node 1 active_anon:83040kB inactive_anon:0kB active_file:52428kB inactive_file:146476kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:133580kB dirty:1268kB writeback:0kB shmem:67920kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:4480kB pagetables:2792kB sec_pagetables:88kB all_unreclaimable? no Balloon:0kB [ 144.056551][ T6463] Node 0 DMA free:2036kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:480kB local_pcp:120kB free_cma:0kB [ 144.069347][ T6463] lowmem_reserve[]: 0 285 285 285 285 [ 144.071640][ T6463] Node 0 DMA32 free:15740kB boost:2048kB min:15120kB low:18388kB high:21656kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:52kB active_file:616kB inactive_file:192kB unevictable:3536kB writepending:212kB zspages:0kB present:1032196kB managed:292660kB mlocked:0kB bounce:0kB free_pcp:9448kB local_pcp:3292kB free_cma:0kB [ 144.085893][ T6463] lowmem_reserve[]: 0 0 0 0 0 [ 144.088048][ T6463] Node 1 DMA32 free:102604kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB free_highatomic:0KB active_anon:85840kB inactive_anon:0kB active_file:52428kB inactive_file:146476kB unevictable:3536kB writepending:1268kB zspages:2248kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:50696kB local_pcp:22080kB free_cma:0kB [ 144.102956][ T6463] lowmem_reserve[]: 0 0 0 0 0 [ 144.105637][ T6463] Node 0 DMA: 103*4kB (UE) 19*8kB (E) 8*16kB (UE) 4*32kB (UE) 11*64kB (UE) 2*128kB (E) 1*256kB (E) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2036kB [ 144.112331][ T6463] Node 0 DMA32: 557*4kB (UME) 315*8kB (UME) 83*16kB (UME) 70*32kB (UME) 44*64kB (UME) 24*128kB (UME) 4*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 15740kB [ 144.119726][ T6463] Node 1 DMA32: 332*4kB (UE) 45*8kB (UE) 152*16kB (U) 60*32kB (UE) 28*64kB (UME) 8*128kB (UE) 6*256kB (UME) 4*512kB (UE) 6*1024kB (UME) 3*2048kB (UME) 19*4096kB (UME) = 102552kB [ 144.128376][ T6463] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 144.132646][ T6463] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 144.136910][ T6463] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 144.141003][ T6463] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 144.145854][ T6463] 68166 total pagecache pages [ 144.147536][ T6463] 103 pages in swap cache [ 144.149285][ T6463] Free swap = 118812kB [ 144.151081][ T6463] Total swap = 124996kB [ 144.152923][ T6463] 524155 pages RAM [ 144.155288][ T6463] 0 pages HighMem/MovableOnly [ 144.157649][ T6463] 210097 pages reserved [ 144.159597][ T6463] 0 pages cma reserved [ 144.316991][ T6474] netlink: 'syz.3.135': attribute type 10 has an invalid length. [ 144.859305][ T6480] Invalid logical block size (-905969665) [ 146.738705][ T6500] netlink: 4 bytes leftover after parsing attributes in process `syz.2.144'. [ 146.749356][ T6500] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 146.751996][ T6500] IPv6: NLM_F_CREATE should be set when creating new route [ 148.449189][ T6523] netlink: 4 bytes leftover after parsing attributes in process `syz.2.149'. [ 148.484132][ T6523] netlink: 4 bytes leftover after parsing attributes in process `syz.2.149'. [ 148.520931][ T6523] netlink: 4 bytes leftover after parsing attributes in process `syz.2.149'. [ 148.557819][ T6523] netlink: 4 bytes leftover after parsing attributes in process `syz.2.149'. [ 149.201814][ T6533] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 149.487272][ T6538] netlink: 6040 bytes leftover after parsing attributes in process `syz.2.155'. [ 150.246535][ T1413] ieee802154 phy0 wpan0: encryption failed: -22 [ 150.248887][ T1413] ieee802154 phy1 wpan1: encryption failed: -22 [ 150.924945][ T6561] netlink: 32 bytes leftover after parsing attributes in process `syz.2.160'. [ 150.932364][ T5738] IPVS: starting estimator thread 0... [ 151.033520][ T6562] IPVS: using max 42 ests per chain, 100800 per kthread [ 151.184075][ T6567] netlink: 24 bytes leftover after parsing attributes in process `syz.3.163'. [ 151.387055][ T6574] netlink: 8 bytes leftover after parsing attributes in process `syz.3.166'. [ 151.574143][ T6584] mmap: syz.0.170 (6584) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 152.323972][ T6591] input: syz0 as /devices/virtual/input/input5 [ 152.600532][ T6610] veth0_macvtap: left promiscuous mode [ 152.602973][ T6610] veth0_macvtap: entered promiscuous mode [ 152.699706][ T6619] ip6gre1: entered promiscuous mode [ 152.701659][ T6619] ip6gre1: entered allmulticast mode [ 152.944357][ T10] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 153.118300][ T10] usb 8-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 153.122083][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.133862][ T10] usb 8-1: config 0 descriptor?? [ 153.492835][ T6630] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 153.552902][ T10] elan 0003:04F3:0755.0002: unknown main item tag 0x0 [ 153.556402][ T10] elan 0003:04F3:0755.0002: unknown main item tag 0x0 [ 153.558463][ T10] elan 0003:04F3:0755.0002: unknown main item tag 0x0 [ 153.560400][ T6633] syzkaller0: entered promiscuous mode [ 153.560497][ T10] elan 0003:04F3:0755.0002: unknown main item tag 0x0 [ 153.562245][ T6633] syzkaller0: entered allmulticast mode [ 153.565897][ T10] elan 0003:04F3:0755.0002: unknown main item tag 0x0 [ 153.584184][ T10] elan 0003:04F3:0755.0002: hidraw1: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.3-1/input0 [ 153.799565][ T6644] block nbd0: Unsupported socket: should be TCP or UNIX. [ 153.822240][ T5936] usb 8-1: USB disconnect, device number 2 [ 153.845814][ T6654] netlink: 'syz.2.192': attribute type 1 has an invalid length. [ 153.961440][ T6661] 9pnet_fd: p9_fd_create_unix (6661): problem connecting socket: ./file0/file0: -2 [ 153.965979][ T6661] fuse: Bad value for 'fd' [ 154.044199][ T6670] netlink: 'syz.2.195': attribute type 27 has an invalid length. [ 154.218893][ T6668] bond1: entered promiscuous mode [ 154.270285][ T6670] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.272911][ T6670] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.684354][ T6670] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 154.690654][ T6670] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 154.789515][ T285] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.793718][ T285] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.803342][ T285] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.807659][ T285] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.927012][ T6681] Driver unsupported XDP return value 0 on prog (id 13) dev N/A, expect packet loss! [ 155.012039][ T40] kauditd_printk_skb: 29 callbacks suppressed [ 155.012052][ T40] audit: type=1400 audit(1772098001.531:41): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=6675 comm="syz.3.197" [ 155.196689][ T6691] netlink: 8 bytes leftover after parsing attributes in process `syz.1.201'. [ 155.255392][ T6691] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 155.373793][ T5738] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 155.534248][ T5738] usb 7-1: Using ep0 maxpacket: 8 [ 155.542925][ T5738] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 155.548678][ T5738] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 155.553583][ T5738] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 155.558155][ T5738] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 155.563486][ T5738] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 155.567559][ T5738] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.153498][ T6703] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9) [ 156.156195][ T6703] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 156.159358][ T6703] vhci_hcd vhci_hcd.0: Device attached [ 156.503317][ T9] usb 44-1: SetAddress Request (6) to port 0 [ 156.505375][ T9] usb 44-1: new SuperSpeed USB device number 6 using vhci_hcd [ 156.655338][ T6720] veth1_macvtap: left promiscuous mode [ 156.657314][ T6720] macsec0: entered allmulticast mode [ 156.664489][ T6720] veth1_macvtap: entered promiscuous mode [ 156.666589][ T6720] veth1_macvtap: entered allmulticast mode [ 156.668964][ T6720] macsec0: left allmulticast mode [ 156.670827][ T6720] veth1_macvtap: left allmulticast mode [ 156.756275][ T6704] vhci_hcd: connection reset by peer [ 156.758513][ T285] vhci_hcd vhci_hcd.3: stop threads [ 156.760503][ T285] vhci_hcd vhci_hcd.3: release socket [ 156.762996][ T285] vhci_hcd vhci_hcd.3: disconnect device [ 158.077892][ T5738] usb 7-1: usb_control_msg returned -71 [ 158.084246][ T5738] usbtmc 7-1:16.0: can't read capabilities [ 158.110027][ T5738] usb 7-1: USB disconnect, device number 2 [ 158.155917][ T6787] netlink: 'syz.0.212': attribute type 1 has an invalid length. [ 159.365798][ T6805] openvswitch: netlink: Key 3 has unexpected len 2 expected 4 [ 159.454132][ T6814] netlink: 4 bytes leftover after parsing attributes in process `syz.1.219'. [ 159.467412][ T6817] syzkaller0: entered promiscuous mode [ 159.469817][ T6817] syzkaller0: entered allmulticast mode [ 159.475820][ T6817] tipc: Started in network mode [ 159.478576][ T6817] tipc: Node identity e630255c6561, cluster identity 4711 [ 159.482568][ T6817] tipc: Enabled bearer , priority 0 [ 159.494003][ T6812] tipc: Resetting bearer [ 159.507048][ T6812] tipc: Disabling bearer [ 159.598971][ T6818] input: syz1 as /devices/virtual/input/input6 [ 159.666950][ T3241] libceph: connect (1)[c::]:6789 error -101 [ 159.669248][ T3241] libceph: mon0 (1)[c::]:6789 connect error [ 159.925522][ T3241] libceph: connect (1)[c::]:6789 error -101 [ 159.928940][ T3241] libceph: mon0 (1)[c::]:6789 connect error [ 160.260241][ T6827] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined [ 160.264688][ T6827] netlink: 68 bytes leftover after parsing attributes in process `syz.2.224'. [ 160.291419][ T6820] ceph: No mds server is up or the cluster is laggy [ 161.518394][ T6855] vlan2: entered promiscuous mode [ 161.520903][ T6855] vlan2: entered allmulticast mode [ 161.523887][ T6855] hsr_slave_1: entered allmulticast mode [ 161.598431][ T6861] netlink: 4 bytes leftover after parsing attributes in process `syz.2.233'. [ 161.603358][ T9] usb 44-1: device descriptor read/8, error -110 [ 161.888200][ T6867] Bluetooth: hci0: invalid len left 7, exp >= 111 [ 162.004131][ T9] usb usb44-port1: attempt power cycle [ 162.573834][ T9] usb usb44-port1: unable to enumerate USB device [ 162.780997][ T6886] netlink: 20 bytes leftover after parsing attributes in process `syz.1.243'. [ 162.792029][ T6886] bridge1: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms) [ 162.797534][ T6886] bridge1: entered promiscuous mode [ 164.990425][ T6916] QAT: Invalid ioctl 21531 [ 165.024951][ T6921] netlink: 4 bytes leftover after parsing attributes in process `syz.0.249'. [ 165.674927][ T6930] bridge_slave_0: left allmulticast mode [ 165.703382][ T6930] bridge_slave_0: left promiscuous mode [ 165.707962][ T6930] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.736957][ T6930] bridge_slave_1: left allmulticast mode [ 165.739859][ T6930] bridge_slave_1: left promiscuous mode [ 165.742747][ T6930] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.756545][ T6930] bond0: (slave bond_slave_0): Releasing backup interface [ 165.770164][ T6930] bond0: (slave bond_slave_1): Releasing backup interface [ 165.780664][ T6934] syz.3.254 uses obsolete (PF_INET,SOCK_PACKET) [ 165.795860][ T6930] team0: Port device team_slave_0 removed [ 165.810353][ T6930] team0: Port device team_slave_1 removed [ 165.824542][ T6930] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 165.828013][ T6930] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 165.837948][ T6930] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 165.842131][ T6930] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 165.855927][ T6930] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 165.965306][ T6939] IPVS: set_ctl: invalid protocol: 50 172.30.0.3:20001 [ 166.072902][ T6947] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.259'. [ 166.076656][ T6947] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.259'. [ 167.708411][ T6984] netlink: 4 bytes leftover after parsing attributes in process `syz.2.270'. [ 167.753846][ T6986] xt_HMARK: proto mask must be zero with L3 mode [ 169.109835][ T6999] netlink: 8 bytes leftover after parsing attributes in process `syz.3.275'. [ 169.457862][ T6997] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 169.460077][ T6997] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 169.463318][ T6997] vhci_hcd vhci_hcd.0: Device attached [ 169.504828][ T6997] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 169.727034][ T7004] vhci_hcd: connection closed [ 169.727251][ T285] vhci_hcd vhci_hcd.0: stop threads [ 169.730623][ T285] vhci_hcd vhci_hcd.0: release socket [ 169.732349][ T285] vhci_hcd vhci_hcd.0: disconnect device [ 170.114833][ T7009] input: syz0 as /devices/virtual/input/input7 [ 171.240046][ T7021] loop8: detected capacity change from 0 to 7 [ 171.246692][ T7021] loop8: [POWERTEC] [ 171.325856][ T7029] netlink: 4 bytes leftover after parsing attributes in process `syz.3.284'. [ 171.689736][ T7040] netlink: 8 bytes leftover after parsing attributes in process `syz.2.286'. [ 171.772580][ T7040] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.777622][ T7040] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.818901][ T7040] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 172.458867][ T7047] loop5: detected capacity change from 0 to 4095 [ 172.478123][ T7047] loop9: detected capacity change from 0 to 4094 [ 172.547289][ T5954] Buffer I/O error on dev loop9, logical block 511, async page read [ 172.574557][ T6139] IPVS: starting estimator thread 0... [ 172.673280][ T7048] IPVS: using max 42 ests per chain, 100800 per kthread [ 172.726828][ T7052] netlink: 16 bytes leftover after parsing attributes in process `syz.2.290'. [ 173.205342][ T7084] openvswitch: netlink: Message has 8 unknown bytes. [ 173.265453][ T6139] IPVS: starting estimator thread 0... [ 173.381242][ T7086] IPVS: using max 28 ests per chain, 67200 per kthread [ 173.620831][ T7098] netlink: 8 bytes leftover after parsing attributes in process `syz.1.306'. [ 174.357200][ T7105] syzkaller0: entered promiscuous mode [ 174.359533][ T7105] syzkaller0: entered allmulticast mode [ 174.366586][ T7105] tipc: Started in network mode [ 174.368398][ T7105] tipc: Node identity da2b82eed7d5, cluster identity 4711 [ 174.371596][ T7105] tipc: Enabled bearer , priority 0 [ 174.423587][ T7104] tipc: Resetting bearer [ 174.505564][ T7104] tipc: Disabling bearer [ 174.683496][ T7117] netlink: 6040 bytes leftover after parsing attributes in process `syz.2.308'. [ 174.992377][ T7126] tmpfs: Cannot change global quota limit on remount [ 175.044386][ T7126] comedi comedi2: dt2814: I/O port conflict (0xfffffffffffffff9,2) [ 175.197180][ T7129] binder: BINDER_SET_CONTEXT_MGR already set [ 175.200267][ T7129] binder: 7127:7129 ioctl 4018620d 800000c0 returned -16 [ 175.528058][ T7137] A link change request failed with some changes committed already. Interface ipvlan0 may have been left with an inconsistent configuration, please check. [ 177.083986][ T7165] netlink: 20 bytes leftover after parsing attributes in process `syz.2.325'. [ 177.087976][ T7165] netlink: 20 bytes leftover after parsing attributes in process `syz.2.325'. [ 177.124567][ T7165] netlink: 20 bytes leftover after parsing attributes in process `syz.2.325'. [ 177.127770][ T7165] netlink: 20 bytes leftover after parsing attributes in process `syz.2.325'. [ 177.250451][ T7174] netlink: 'syz.2.326': attribute type 4 has an invalid length. [ 177.280769][ T7176] syzkaller0: entered promiscuous mode [ 177.282907][ T7176] syzkaller0: entered allmulticast mode [ 178.249934][ T7193] capability: warning: `syz.0.334' uses deprecated v2 capabilities in a way that may be insecure [ 178.869744][ T7210] ======================================================= [ 178.869744][ T7210] WARNING: The mand mount option has been deprecated and [ 178.869744][ T7210] and is ignored by this kernel. Remove the mand [ 178.869744][ T7210] option from the mount to silence this warning. [ 178.869744][ T7210] ======================================================= [ 179.336009][ T7214] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 179.338733][ T7214] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 179.345912][ T7215] vhci_hcd: connection closed [ 179.348655][ T7214] vhci_hcd vhci_hcd.0: Device attached [ 179.354283][ T285] vhci_hcd vhci_hcd.3: stop threads [ 179.356864][ T285] vhci_hcd vhci_hcd.3: release socket [ 179.359162][ T285] vhci_hcd vhci_hcd.3: disconnect device [ 179.651537][ T7220] netlink: 'syz.0.339': attribute type 10 has an invalid length. [ 179.656402][ T7220] syz_tun: entered allmulticast mode [ 179.668052][ T7220] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 179.907338][ T7222] netlink: 20 bytes leftover after parsing attributes in process `syz.0.340'. [ 180.054463][ T7225] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 180.056662][ T7225] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 180.059176][ T7225] vhci_hcd vhci_hcd.0: Device attached [ 180.323217][ T6014] usb 37-1: new high-speed USB device number 2 using vhci_hcd [ 180.709848][ T7242] netlink: 236 bytes leftover after parsing attributes in process `syz.1.346'. [ 180.829699][ T7228] vhci_hcd: connection reset by peer [ 180.841513][ T106] vhci_hcd vhci_hcd.0: stop threads [ 180.850488][ T106] vhci_hcd vhci_hcd.0: release socket [ 180.852547][ T106] vhci_hcd vhci_hcd.0: disconnect device [ 181.080683][ T7252] overlay: filesystem on ./bus not supported as upperdir [ 181.793228][ T7264] netlink: 20 bytes leftover after parsing attributes in process `syz.0.359'. [ 181.796711][ T7264] netlink: 4 bytes leftover after parsing attributes in process `syz.0.359'. [ 181.998516][ T7269] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 182.001304][ T7269] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 182.033206][ T7269] vhci_hcd vhci_hcd.0: Device attached [ 182.354035][ T9] usb 40-1: SetAddress Request (2) to port 0 [ 182.354155][ T9] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd [ 182.684837][ T7275] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 182.803236][ T6139] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 182.832882][ T7281] netlink: 'syz.3.356': attribute type 1 has an invalid length. [ 182.860447][ T7281] bond3: entered promiscuous mode [ 182.862824][ T7281] 8021q: adding VLAN 0 to HW filter on device bond3 [ 182.878384][ T7281] bond3: (slave bridge2): making interface the new active one [ 182.881606][ T7281] bridge2: entered promiscuous mode [ 182.884523][ C3] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 182.889646][ T7281] bond3: (slave bridge2): Enslaving as an active interface with an up link [ 182.963207][ T6139] usb 5-1: Using ep0 maxpacket: 8 [ 182.967103][ T6139] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 182.971196][ T6139] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 182.974799][ T6139] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.981773][ T6139] usb 5-1: config 0 descriptor?? [ 183.018794][ T7270] vhci_hcd: connection reset by peer [ 183.020912][ T285] vhci_hcd vhci_hcd.1: stop threads [ 183.022881][ T285] vhci_hcd vhci_hcd.1: release socket [ 183.025375][ T285] vhci_hcd vhci_hcd.1: disconnect device [ 183.047167][ T7289] netlink: 4 bytes leftover after parsing attributes in process `syz.2.358'. [ 183.064777][ T7289] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 183.067238][ T7289] IPv6: NLM_F_CREATE should be set when creating new route [ 183.308336][ T6139] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 183.333205][ T7303] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9) [ 183.335956][ T7303] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 183.339836][ T7303] vhci_hcd vhci_hcd.0: Device attached [ 183.623202][ T5936] usb 44-1: SetAddress Request (10) to port 0 [ 183.626848][ T5936] usb 44-1: new SuperSpeed USB device number 10 using vhci_hcd [ 183.846973][ T6139] usb 5-1: USB disconnect, device number 2 [ 183.953934][ T7304] vhci_hcd: connection reset by peer [ 183.956658][ T106] vhci_hcd vhci_hcd.3: stop threads [ 183.958899][ T106] vhci_hcd vhci_hcd.3: release socket [ 183.961198][ T106] vhci_hcd vhci_hcd.3: disconnect device [ 184.035281][ T7316] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold [ 184.540886][ T7330] netlink: 4 bytes leftover after parsing attributes in process `syz.0.371'. [ 184.578414][ T7333] tmpfs: Bad value for 'mpol' [ 184.582120][ T7334] netlink: 8 bytes leftover after parsing attributes in process `syz.3.372'. [ 184.917508][ T7349] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 184.920462][ T7349] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 184.925021][ T7349] vhci_hcd vhci_hcd.0: Device attached [ 184.972232][ T7349] 9p: Bad value for 'rfdno' [ 185.002259][ T7349] x_tables: duplicate underflow at hook 3 [ 185.624125][ T7350] vhci_hcd: connection closed [ 185.625483][ T42] vhci_hcd vhci_hcd.0: stop threads [ 185.630749][ T42] vhci_hcd vhci_hcd.0: release socket [ 185.633631][ T42] vhci_hcd vhci_hcd.0: disconnect device [ 185.811073][ T6014] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 186.059203][ T7361] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 186.414235][ T7365] input: syz0 as /devices/virtual/input/input8 [ 186.532885][ T7367] netlink: 8 bytes leftover after parsing attributes in process `syz.1.383'. [ 186.539073][ T7367] netlink: 8 bytes leftover after parsing attributes in process `syz.1.383'. [ 186.543003][ T7367] netlink: 'syz.1.383': attribute type 5 has an invalid length. [ 186.546682][ T7367] netlink: 20 bytes leftover after parsing attributes in process `syz.1.383'. [ 186.591335][ T7367] bond3: Removing last arp target with arp_interval on [ 186.595705][ T7367] bond3: entered promiscuous mode [ 186.598425][ T7367] 8021q: adding VLAN 0 to HW filter on device bond3 [ 187.113999][ T6263] usb usb38-port1: attempt power cycle [ 187.656472][ T7386] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold [ 187.697702][ T6263] usb usb38-port1: unable to enumerate USB device [ 187.890175][ T9] usb 40-1: device descriptor read/8, error -110 [ 187.952369][ T7395] loop5: detected capacity change from 0 to 4095 [ 187.967217][ T7395] loop9: detected capacity change from 0 to 4094 [ 187.999045][ T5954] Buffer I/O error on dev loop9, logical block 511, async page read [ 188.092256][ T7399] netlink: 288 bytes leftover after parsing attributes in process `syz.3.392'. [ 188.279029][ T9] usb usb40-port1: attempt power cycle [ 188.938109][ T9] usb usb40-port1: unable to enumerate USB device [ 188.975261][ T5936] usb 44-1: device descriptor read/8, error -110 [ 189.078771][ T7413] FAULT_INJECTION: forcing a failure. [ 189.078771][ T7413] name failslab, interval 1, probability 0, space 0, times 0 [ 189.086381][ T7413] CPU: 0 UID: 0 PID: 7413 Comm: syz.0.396 Not tainted syzkaller #0 PREEMPT(full) [ 189.086408][ T7413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 189.086418][ T7413] Call Trace: [ 189.086424][ T7413] [ 189.086431][ T7413] dump_stack_lvl+0x100/0x190 [ 189.086468][ T7413] should_fail_ex.cold+0x5/0xa [ 189.086490][ T7413] ? comedi_alloc_subdev_readback+0x8c/0x180 [ 189.086512][ T7413] should_failslab+0xc2/0x120 [ 189.086531][ T7413] __kmalloc_noprof+0xe0/0x850 [ 189.086556][ T7413] ? __raw_spin_lock_init+0x3a/0x110 [ 189.086586][ T7413] comedi_alloc_subdev_readback+0x8c/0x180 [ 189.086606][ T7413] s526_attach+0x500/0x800 [ 189.086629][ T7413] comedi_device_attach+0x3d2/0x660 [ 189.086656][ T7413] do_devconfig_ioctl+0x1b3/0x6d0 [ 189.086678][ T7413] ? comedi_unlocked_ioctl+0x180/0x3310 [ 189.086714][ T7413] ? __pfx_do_devconfig_ioctl+0x10/0x10 [ 189.086745][ T7413] ? tomoyo_path_number_perm+0x46d/0x580 [ 189.086773][ T7413] ? kasan_save_stack+0x3f/0x50 [ 189.086797][ T7413] ? kasan_save_stack+0x30/0x50 [ 189.086820][ T7413] ? kasan_save_track+0x14/0x30 [ 189.086843][ T7413] ? kasan_save_free_info+0x3b/0x70 [ 189.086869][ T7413] comedi_unlocked_ioctl+0x860/0x3310 [ 189.086900][ T7413] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 189.086939][ T7413] ? tomoyo_path_number_perm+0x46d/0x580 [ 189.086966][ T7413] ? kasan_quarantine_put+0x104/0x240 [ 189.086988][ T7413] ? lockdep_hardirqs_on+0x78/0x100 [ 189.087008][ T7413] ? find_held_lock+0x2b/0x80 [ 189.087022][ T7413] ? tomoyo_path_number_perm+0x28f/0x580 [ 189.087047][ T7413] ? tomoyo_path_number_perm+0x28f/0x580 [ 189.087078][ T7413] ? tomoyo_path_number_perm+0x188/0x580 [ 189.087109][ T7413] comedi_compat_ioctl+0x438/0xe20 [ 189.087137][ T7413] ? __pfx_comedi_compat_ioctl+0x10/0x10 [ 189.087165][ T7413] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 189.087196][ T7413] ? do_vfs_ioctl+0x226/0x13e0 [ 189.087221][ T7413] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 189.087251][ T7413] ? find_held_lock+0x2b/0x80 [ 189.087266][ T7413] ? hook_file_ioctl_common+0x146/0x410 [ 189.087300][ T7413] ? __fget_files+0x21f/0x3d0 [ 189.087333][ T7413] ? __pfx_comedi_compat_ioctl+0x10/0x10 [ 189.087361][ T7413] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 189.087389][ T7413] __do_fast_syscall_32+0xe3/0x8c0 [ 189.087413][ T7413] do_fast_syscall_32+0x32/0x70 [ 189.087433][ T7413] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 189.087455][ T7413] RIP: 0023:0xf7fb6f6c [ 189.087470][ T7413] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 189.087485][ T7413] RSP: 002b:00000000f547650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 189.087503][ T7413] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040946400 [ 189.087514][ T7413] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 189.087558][ T7413] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 189.087567][ T7413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 189.087577][ T7413] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 189.087596][ T7413] [ 189.193275][ T39] ------------[ cut here ]------------ [ 189.224386][ T39] [CRTC:35:crtc-0] vblank wait timed out [ 189.226290][ T39] WARNING: drivers/gpu/drm/drm_atomic_helper.c:1921 at drm_atomic_helper_wait_for_vblanks.part.0+0x738/0x8a0, CPU#1: kworker/1:1/39 [ 189.230631][ T39] Modules linked in: [ 189.232608][ T39] CPU: 1 UID: 0 PID: 39 Comm: kworker/1:1 Not tainted syzkaller #0 PREEMPT(full) [ 189.236677][ T39] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 189.241268][ T39] Workqueue: events drm_fb_helper_damage_work [ 189.243904][ T39] RIP: 0010:drm_atomic_helper_wait_for_vblanks.part.0+0x73e/0x8a0 [ 189.247208][ T39] Code: 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 0f b6 04 01 84 c0 74 08 3c 03 0f 8e 44 01 00 00 48 8d 3d 18 a0 44 0b 8b b3 d8 00 00 00 <67> 48 0f b9 3a e9 e1 fc ff ff e8 a3 de 67 fc e9 7c fe ff ff e8 29 [ 189.255931][ T39] RSP: 0000:ffffc900006276f0 EFLAGS: 00010246 [ 189.258586][ T39] RAX: 0000000000000000 RBX: ffff8880412c9320 RCX: 1ffff1100825927f [ 189.261889][ T39] RDX: ffff888025f579e0 RSI: 0000000000000023 RDI: ffffffff90e4bce0 [ 189.265422][ T39] RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000 [ 189.268938][ T39] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 189.272591][ T39] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88806dd0ea00 [ 189.276071][ T39] FS: 0000000000000000(0000) GS:ffff88809724f000(0000) knlGS:0000000000000000 [ 189.279790][ T39] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 189.282843][ T39] CR2: 0000000080c1e018 CR3: 000000004c56d000 CR4: 0000000000352ef0 [ 189.287496][ T39] Call Trace: [ 189.289153][ T39] [ 189.290461][ T39] ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10 [ 189.294147][ T39] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 189.296550][ T39] ? lockdep_hardirqs_on+0x78/0x100 [ 189.298537][ T39] ? __pfx_autoremove_wake_function+0x10/0x10 [ 189.300891][ T39] ? drm_atomic_helper_commit_hw_done+0x36d/0x490 [ 189.303716][ T39] drm_atomic_helper_commit_tail+0xff/0x130 [ 189.306283][ T39] commit_tail+0x338/0x430 [ 189.308355][ T39] drm_atomic_helper_commit+0x303/0x380 [ 189.310845][ T39] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 189.313278][ T39] drm_atomic_commit+0x230/0x300 [ 189.315225][ T39] ? __pfx_drm_atomic_commit+0x10/0x10 [ 189.317306][ T39] ? __pfx___drm_printfn_info+0x10/0x10 [ 189.319600][ T39] ? drm_mode_object_get+0x108/0x170 [ 189.321956][ T39] drm_atomic_helper_dirtyfb+0x603/0x790 [ 189.324713][ T39] ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10 [ 189.327796][ T39] ? do_raw_spin_lock+0x128/0x260 [ 189.330358][ T39] ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10 [ 189.333054][ T39] drm_fbdev_shmem_helper_fb_dirty+0x1cc/0x310 [ 189.335808][ T39] drm_fb_helper_damage_work+0x348/0x640 [ 189.338234][ T39] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 189.340968][ T39] ? rcu_is_watching+0x12/0xc0 [ 189.343159][ T39] process_one_work+0x9d7/0x1920 [ 189.345324][ T39] ? __pfx_process_one_work+0x10/0x10 [ 189.347612][ T39] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 189.350279][ T39] worker_thread+0x5da/0xe40 [ 189.352191][ T39] ? kthread+0x13a/0x450 [ 189.353928][ T39] ? __pfx_worker_thread+0x10/0x10 [ 189.356144][ T39] kthread+0x370/0x450 [ 189.358001][ T39] ? __pfx_kthread+0x10/0x10 [ 189.360283][ T39] ret_from_fork+0x754/0xd80 [ 189.362368][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 189.364545][ T39] ? __switch_to+0x7b4/0x1120 [ 189.366369][ T39] ? __pfx_kthread+0x10/0x10 [ 189.368181][ T39] ret_from_fork_asm+0x1a/0x30 [ 189.370034][ T39] [ 189.371246][ T39] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 189.374076][ T39] CPU: 1 UID: 0 PID: 39 Comm: kworker/1:1 Not tainted syzkaller #0 PREEMPT(full) [ 189.377104][ T39] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 189.380551][ T39] Workqueue: events drm_fb_helper_damage_work [ 189.382719][ T39] Call Trace: [ 189.383964][ T39] [ 189.385112][ T39] dump_stack_lvl+0x100/0x190 [ 189.386792][ T39] vpanic+0x552/0x970 [ 189.388094][ T39] ? __pfx_vpanic+0x10/0x10 [ 189.389536][ T39] panic+0xd1/0xe0 [ 189.390752][ T39] ? __pfx_panic+0x10/0x10 [ 189.392257][ T39] ? check_panic_on_warn+0x1f/0x90 [ 189.394055][ T39] check_panic_on_warn.cold+0x19/0x34 [ 189.395984][ T39] ? drm_atomic_helper_wait_for_vblanks.part.0+0x738/0x8a0 [ 189.398588][ T39] __warn.cold+0x191/0x348 [ 189.400311][ T39] __report_bug+0x296/0x3d0 [ 189.401811][ T39] ? drm_atomic_helper_wait_for_vblanks.part.0+0x738/0x8a0 [ 189.404216][ T39] ? __pfx___report_bug+0x10/0x10 [ 189.405885][ T39] ? lockdep_hardirqs_on+0x78/0x100 [ 189.407595][ T39] report_bug_entry+0xe1/0x290 [ 189.409193][ T39] ? drm_atomic_helper_wait_for_vblanks.part.0+0x73e/0x8a0 [ 189.411546][ T39] handle_bug+0x1c9/0x2a0 [ 189.412988][ T39] exc_invalid_op+0x17/0x50 [ 189.414476][ T39] asm_exc_invalid_op+0x1a/0x20 [ 189.416186][ T39] RIP: 0010:drm_atomic_helper_wait_for_vblanks.part.0+0x73e/0x8a0 [ 189.418974][ T39] Code: 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 0f b6 04 01 84 c0 74 08 3c 03 0f 8e 44 01 00 00 48 8d 3d 18 a0 44 0b 8b b3 d8 00 00 00 <67> 48 0f b9 3a e9 e1 fc ff ff e8 a3 de 67 fc e9 7c fe ff ff e8 29 [ 189.426135][ T39] RSP: 0000:ffffc900006276f0 EFLAGS: 00010246 [ 189.428139][ T39] RAX: 0000000000000000 RBX: ffff8880412c9320 RCX: 1ffff1100825927f [ 189.430697][ T39] RDX: ffff888025f579e0 RSI: 0000000000000023 RDI: ffffffff90e4bce0 [ 189.433400][ T39] RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000 [ 189.436085][ T39] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 189.438895][ T39] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88806dd0ea00 [ 189.441451][ T39] ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10 [ 189.444413][ T39] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 189.446744][ T39] ? lockdep_hardirqs_on+0x78/0x100 [ 189.448873][ T39] ? __pfx_autoremove_wake_function+0x10/0x10 [ 189.451398][ T39] ? drm_atomic_helper_commit_hw_done+0x36d/0x490 [ 189.454254][ T39] drm_atomic_helper_commit_tail+0xff/0x130 [ 189.456866][ T39] commit_tail+0x338/0x430 [ 189.458767][ T39] drm_atomic_helper_commit+0x303/0x380 [ 189.461106][ T39] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 189.463706][ T39] drm_atomic_commit+0x230/0x300 [ 189.465750][ T39] ? __pfx_drm_atomic_commit+0x10/0x10 [ 189.467941][ T39] ? __pfx___drm_printfn_info+0x10/0x10 [ 189.470164][ T39] ? drm_mode_object_get+0x108/0x170 [ 189.472653][ T39] drm_atomic_helper_dirtyfb+0x603/0x790 [ 189.475174][ T39] ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10 [ 189.477776][ T39] ? do_raw_spin_lock+0x128/0x260 [ 189.479850][ T39] ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10 [ 189.482400][ T39] drm_fbdev_shmem_helper_fb_dirty+0x1cc/0x310 [ 189.484972][ T39] drm_fb_helper_damage_work+0x348/0x640 [ 189.487256][ T39] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 189.489837][ T39] ? rcu_is_watching+0x12/0xc0 [ 189.491972][ T39] process_one_work+0x9d7/0x1920 [ 189.494239][ T39] ? __pfx_process_one_work+0x10/0x10 [ 189.496686][ T39] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 189.499281][ T39] worker_thread+0x5da/0xe40 [ 189.501204][ T39] ? kthread+0x13a/0x450 [ 189.502823][ T39] ? __pfx_worker_thread+0x10/0x10 [ 189.504542][ T39] kthread+0x370/0x450 [ 189.505898][ T39] ? __pfx_kthread+0x10/0x10 [ 189.507485][ T39] ret_from_fork+0x754/0xd80 [ 189.509084][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 189.510850][ T39] ? __switch_to+0x7b4/0x1120 [ 189.512609][ T39] ? __pfx_kthread+0x10/0x10 [ 189.514271][ T39] ret_from_fork_asm+0x1a/0x30 [ 189.516002][ T39] [ 189.517755][ T39] Kernel Offset: disabled [ 189.519187][ T39] Rebooting in 86400 seconds..