last executing test programs: 4m27.712492448s ago: executing program 0 (id=6): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x49, 0x1}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r4, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r5 = dup(r4) write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r5, &(0x7f0000000440)=ANY=[@ANYBLOB="b0"], 0xb0) mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESOCT=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5]) 4m27.610715717s ago: executing program 0 (id=7): prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x14, 0x4, 0x4, 0x20002, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50) 4m27.372784273s ago: executing program 0 (id=8): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r0) sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x34, r1, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0x20, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8678}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}]}, 0x34}}, 0x0) 4m27.249009605s ago: executing program 0 (id=9): prlimit64(0x0, 0xe, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001b00)=@newqdisc={0x78, 0x24, 0xd0f, 0x0, 0x25dfdbff, {0x60, 0x0, 0x0, r4, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x4, 0x1}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x7fffffff, 0x14, 0xfce, 0x400, 0x9}, 0x81, 0x0, 0xc8c3, 0x40, 0x4, 0x1c, 0x11, 0x9, 0x8, 0xffffffff, {0xfffffff5, 0x4, 0xad8, 0x7, 0x4, 0x4}}}}]}, 0x78}}, 0x0) 4m27.040303885s ago: executing program 0 (id=10): epoll_create1(0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x50) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x40000, 0x0) readv(r1, &(0x7f0000000000)=[{&(0x7f0000000780)=""/248, 0xf8}], 0x1) 4m26.574144608s ago: executing program 0 (id=11): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = inotify_init1(0x800) inotify_add_watch(r1, 0x0, 0xa4000960) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, 0x0, 0x804) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='tlb_flush\x00'}, 0x10) r6 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r6, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) quotactl_fd$Q_QUOTAON(r5, 0xffffffff80000200, 0xee01, &(0x7f0000000280)='./control\x00') syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') 4m24.383395661s ago: executing program 3 (id=4): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0) pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305829, &(0x7f00000000c0)={0x17c04, 0xffffffffffffffff, 0x7fff, 0x3, 0xc, 0x9}) 4m23.904959294s ago: executing program 3 (id=14): r0 = epoll_create1(0x0) r1 = creat(&(0x7f00000001c0)='./bus\x00', 0x4e) close(r1) r2 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000100)={0x20000014}) mount$9p_fd(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000180), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfd', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) 4m23.640747388s ago: executing program 3 (id=15): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b7030000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) close(0x3) r5 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r5, &(0x7f00000005c0), 0x10) recvmmsg(r5, &(0x7f00000099c0)=[{{0x0, 0x0, 0x0}, 0x7f}], 0x1, 0x10002, 0x0) sendmsg$can_bcm(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x0, @ANYRES16], 0x48}, 0x1, 0x0, 0x0, 0x8000010}, 0x20004801) setsockopt$SO_TIMESTAMP(r5, 0x1, 0x23, &(0x7f0000000580)=0xd, 0x4) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='freezer.state\x00', 0x275a, 0x0) ftruncate(r6, 0x2000009) 4m22.198199958s ago: executing program 3 (id=18): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) socket$vsock_stream(0x28, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$sock_timeval(r1, 0x1, 0x42, 0x0, 0x0) recvfrom(r1, 0x0, 0x0, 0x10000, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200)) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[], 0x18}}, 0x0) 4m11.24774226s ago: executing program 32 (id=11): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = inotify_init1(0x800) inotify_add_watch(r1, 0x0, 0xa4000960) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, 0x0, 0x804) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='tlb_flush\x00'}, 0x10) r6 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r6, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) quotactl_fd$Q_QUOTAON(r5, 0xffffffff80000200, 0xee01, &(0x7f0000000280)='./control\x00') syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') 4m6.912368961s ago: executing program 33 (id=18): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) socket$vsock_stream(0x28, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$sock_timeval(r1, 0x1, 0x42, 0x0, 0x0) recvfrom(r1, 0x0, 0x0, 0x10000, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200)) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[], 0x18}}, 0x0) 36.06864255s ago: executing program 6 (id=499): r0 = socket(0x10, 0x3, 0xa) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendfile(r0, r1, 0x0, 0x7fffffffffffffff) mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2, @thr={0x0, 0x0}}) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) io_submit(0x0, 0x0, 0x0) timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 34.861006765s ago: executing program 6 (id=505): open(&(0x7f0000000180)='.\x00', 0x0, 0x0) r0 = open(&(0x7f0000000300)='.\x00', 0x100000, 0x0) flock(r0, 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = dup(r2) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000080)=0x348e, 0x4) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f0000000100)={"b46474f815e8d5535f0887c44335cc824dc6121bc72a77f532ff5dad4d643a9cab29d2310e04be14eb26c0af4985fe45e3b3b0680b3ec92725d74b9716e0f7c3119a2c9a0ae65ff4772e2e12733cb013c4308fe40863480747c0a7ddb9361b1578015ca1bb2c1677ebae096f08345476f567443842946ed946434c75916d1db83fe305920de65bfaf9bd940672216846cb16b8ae67cd3affc61375381f91b3b9f1cc5e38cafe5239aee71dcd481fbe1ecd2547ffbaad4469a74697c28fb9beefa6a5d736712a55eb9110c2cf7964062ba8cbc1c038e84f0f5db7fc7053118bf5221e3efa6fc3edb5d0ca3cde7054dd0751a332520aa8478b1775d552c5cc24d3c2df9eb333e5ca3aa06c1c2cf8526714f5caff2f55b41976fc20b64f1fc61d5b44f50953582a1825d32130a31abfeafd1987317879e29ac51b93c9659e023fff3ddb5e39dd19cc3ef1d883c78b9e073d08a9197fb3717df238b9831831214b186693be9dd2568bb77272e80df5dfed03e8c467627bedfbd93359a9f79a3aa37e873dc1357b37b43d813ea85267b0dc8b1c4cc51bd985328833beb2679b7fb762555bbea2da936b36f8f1673fd5f606b2b6eb23b72bf947206e8dbfeb40ca6f265a3485c8446e0f0da652860b88328073d2282c14b48a7774e62754a968b60e92205e8fafcdd70a55c3c4d1a4821ff44e6e3681f15ae091262e3a3290a24d8ceae30ebbf9d24287bb8a5d73c608d47d287f9e716cf02b4796a83fb0c05e45b89de9ef8bce834e6d7a0be6e30d2c66cb6e640cb01898454ad361bc0701d8fe56113335ae6adec59300db04691cc4a689034272a8e086a32ce7061b4f79fa8afbb48a6ce4b62bdc44af013d78980457e1fa61eb9204818606f4c3b03c0f33cd2a841ac9bc2b73151a96e31ab99e6ec969b5f2c3edd5f9abc69845e487af992758ba445368da93dae1d44360d52a534a88276b8aaf349841d8a4788c60408618437c442308dbf70efeda2e54e9b9e4fe5f76997c9dcb945a26bd75748c85d19ca8b99264dce50580e8d4dbda401dad7df31e9a7a6a3a83bfbdfb5394abd581ac0824fbcd75d2f5205c0b7c9188e6f26bfd97734d9a20433f6cdba9d14a5f32a4d97a57f4603b21146fd1aebf082e863d463c224ad623c17d8043d3bf083f0322408dd6ead6915ac6a4222ab51480eb6e11a8913348219515170d9df90d72d7363bbda3e327d19f98c0a856f98076380e788e602e8a2ae0a1930786874dc21a2e99abda15f35457cf1dcb440c4b41350d0eda352aad7f57a0adc8a6914da06460635ed21c4c11cd1a8ec778064c9f62efba2927828b23f94b16619a5520731c2c40ab8583c9f2e73233d74b84f4877ce6b35bb1180300"}) 32.39302734s ago: executing program 6 (id=513): r0 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x100000, 0x0) flock(r1, 0x1) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) dup(r3) flock(r0, 0x5) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='fdinfo/3\x00') read$FUSE(r4, &(0x7f0000004100)={0x2020}, 0x2020) 30.233927217s ago: executing program 6 (id=514): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000080)=0xcd, 0x4) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e21, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$inet_int(r0, 0x0, 0xd, &(0x7f0000000040)=0xfffffffc, 0x4) recvmmsg(r0, &(0x7f0000003140)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=""/9, 0x9}, 0x3}], 0x1, 0x45833af92e4b39ff, 0x0) 26.601117742s ago: executing program 6 (id=527): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_TX_POWER(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYRES16=r1, @ANYBLOB="010008000000fddbdf250c000000080001"], 0x24}, 0x1, 0x0, 0x0, 0x20040000}, 0x804) 26.50723505s ago: executing program 6 (id=528): bpf$ENABLE_STATS(0x20, 0x0, 0x0) chroot(&(0x7f0000000300)='.\x00') bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) symlink(&(0x7f0000000100)='./file0\x00', 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000640)={{{@in, @in6=@remote}}, {{@in6=@empty}, 0x0, @in=@empty}}, &(0x7f0000000340)=0xe8) close(0xffffffffffffffff) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newsa={0x160, 0x10, 0x713, 0x70bd26, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in=@dev={0xac, 0x14, 0x14, 0x13}, 0x4e22, 0x1, 0x0, 0x3, 0x2, 0x0, 0x0, 0x3a, 0x0, 0xffffffffffffffff}, {@in6=@remote, 0x0, 0x32}, @in6=@local, {0x0, 0x0, 0x8, 0xa, 0x6, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x2, 0xfffffffffffffff8}, {0xc, 0x0, 0x2}, 0x70bd29, 0x0, 0x2, 0x1, 0x0, 0x28}, [@algo_aead={0x68, 0x12, {{'rfc4543(gcm(aes))\x00'}, 0xe0, 0x80, "316f74eeac053deb73fc018493cc121927a9bca207141b9a451c00aa"}}, @tfcpad={0x8, 0x16, 0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 11.213556673s ago: executing program 34 (id=528): bpf$ENABLE_STATS(0x20, 0x0, 0x0) chroot(&(0x7f0000000300)='.\x00') bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) symlink(&(0x7f0000000100)='./file0\x00', 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000640)={{{@in, @in6=@remote}}, {{@in6=@empty}, 0x0, @in=@empty}}, &(0x7f0000000340)=0xe8) close(0xffffffffffffffff) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newsa={0x160, 0x10, 0x713, 0x70bd26, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in=@dev={0xac, 0x14, 0x14, 0x13}, 0x4e22, 0x1, 0x0, 0x3, 0x2, 0x0, 0x0, 0x3a, 0x0, 0xffffffffffffffff}, {@in6=@remote, 0x0, 0x32}, @in6=@local, {0x0, 0x0, 0x8, 0xa, 0x6, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x2, 0xfffffffffffffff8}, {0xc, 0x0, 0x2}, 0x70bd29, 0x0, 0x2, 0x1, 0x0, 0x28}, [@algo_aead={0x68, 0x12, {{'rfc4543(gcm(aes))\x00'}, 0xe0, 0x80, "316f74eeac053deb73fc018493cc121927a9bca207141b9a451c00aa"}}, @tfcpad={0x8, 0x16, 0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 5.922583499s ago: executing program 4 (id=581): socket(0x10, 0x3, 0xa) openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2, @thr={0x0, 0x0}}) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)) 4.599491096s ago: executing program 4 (id=584): r0 = syz_clone(0x800000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={0x0}) 4.496245784s ago: executing program 1 (id=586): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) lseek(0xffffffffffffffff, 0x29, 0x4) 4.358025169s ago: executing program 4 (id=589): prlimit64(0x0, 0xe, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0xb, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000080000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/169}, 0x94) io_uring_setup(0x71c7, &(0x7f0000000080)={0x0, 0x9b95, 0x2, 0x9, 0x154}) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0) socket$inet6(0xa, 0x1, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r3, 0x0, 0x28b}, 0x18) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x149a01, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x80489439, &(0x7f0000000540)) writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000040)='[', 0x1}], 0x1) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r6, 0xffffffffffffffff, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000340), 0x28000, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802d1f7c3dc000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r7}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 4.272291087s ago: executing program 1 (id=590): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000640)={0x0, 0x107000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 3.0341773s ago: executing program 1 (id=594): r0 = socket(0x10, 0x3, 0xa) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7fffffffffffffff) mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2, @thr={0x0, 0x0}}) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)) 2.798270474s ago: executing program 1 (id=596): bpf$TOKEN_CREATE(0x24, &(0x7f0000000280), 0x8) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) unshare(0x22020400) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x4, 0x4, 0x8, 0x220, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffc}, 0x50) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) sendfile(r0, r1, 0x0, 0x20000023896) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000dd0a00000000000073012300000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0xb5, 0x10, &(0x7f0000000000), 0x7}, 0x48) 2.633641078s ago: executing program 5 (id=598): r0 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0) flock(0xffffffffffffffff, 0x1) flock(r0, 0x5) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='fdinfo/3\x00') read$FUSE(r1, &(0x7f0000004100)={0x2020}, 0x2020) 2.182450134s ago: executing program 5 (id=599): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x5}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x2400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$KVM_CREATE_VM(r2, 0x400454d1, 0x110c230082) 1.984704816s ago: executing program 4 (id=600): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]}) socket$inet6_sctp(0xa, 0x5, 0x84) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000003c0)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000100)) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r1 = io_uring_setup(0xbaf, &(0x7f0000000040)={0x0, 0xb45d, 0xc000, 0x20000a, 0x20002f5}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x800, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0xffff}, {0xe, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x2000a000}, 0x5) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000500)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) 1.668685463s ago: executing program 5 (id=601): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000}) 1.667805662s ago: executing program 5 (id=602): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000240)='./file0\x00', 0x40) close(r1) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x35, 0x1, 0x8, 0xac, 0x0) r2 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x3000)=nil, 0x930, 0x6000002, 0x4018831, r1, 0x0) r3 = userfaultfd(0x80801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6c9ecbc1a303434a36bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffdc0fb243c3111dda42112650cc00", 0x0, 0x48) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c) connect$inet6(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0xfffffff9) syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x37, 0x28, 0x67, 0x0, 0xb, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x6071, 0x0, 0xe7}}}}}}, 0x0) close(0x3) syz_emit_ethernet(0x36, &(0x7f0000000100)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x3, 0x28, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x4, 0x6071, 0x0, 0xe7}}}}}}, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000380)={@broadcast, @multicast, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x2, @broadcast, @remote, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}, @broadcast}}}}, 0x0) syz_memcpy_off$KVM_EXIT_MMIO(r2, 0x20, 0x0, 0x0, 0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xe4776000) openat$procfs(0xffffffffffffff9c, &(0x7f00000034c0)='/proc/consoles\x00', 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68) sendmsg$NFT_BATCH(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x8054) 1.585206816s ago: executing program 2 (id=603): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r0 = open$dir(&(0x7f0000000300)='./file0\x00', 0x8000, 0x20) r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x800, 0x100) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f00000001c0)=@v1={0x0, @adiantum, 0x4, @desc3}) add_key$fscrypt_v1(&(0x7f0000000340), &(0x7f0000000100)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "5e44e4b3b5d2c132ce1595c85ab82fbe15703a2653b2b7d783bc965fac88b3a91f3f10317d1c67420063311f04765f02b4e1ccf07323402fc495c817dc2b8aca", 0x2d}, 0x48, 0xfffffffffffffffd) getdents(r1, 0x0, 0xfffffffffffffcd6) rmdir(&(0x7f0000000180)='./file0\x00') mkdirat(r0, &(0x7f0000000180)='./file0/file0\x00', 0x90) 1.584654868s ago: executing program 1 (id=604): syz_io_uring_setup(0x78ae, &(0x7f0000000100)={0x0, 0x0, 0x400, 0x1, 0x308}, &(0x7f0000000080), 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x1, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x2002, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@loopback, 0x8000000, 0x0, 0x2, 0x1, 0x0, 0x8}, 0x20) mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000180)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8000000, 0x0, 0x2, 0x5, 0x0, 0x5}, 0x20) 1.545700839s ago: executing program 2 (id=605): socket$alg(0x26, 0x5, 0x0) pipe(0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0xc, &(0x7f0000000040)={0x0, 0xc8a1, 0xdb00, 0x8, 0x29}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x11000) 1.191058869s ago: executing program 2 (id=606): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb4") ptrace$getregset(0x4205, r0, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78}) ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000740)={0x0}) 1.020052516s ago: executing program 4 (id=607): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000080)=0xcd, 0x4) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e21, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) recvmmsg(r0, &(0x7f0000003140)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=""/9, 0x9}, 0x3}], 0x1, 0x45833af92e4b39ff, 0x0) 770.805171ms ago: executing program 2 (id=608): r0 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0) flock(0xffffffffffffffff, 0x1) flock(r0, 0x5) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='fdinfo/3\x00') read$FUSE(r1, &(0x7f0000004100)={0x2020}, 0x2020) 769.035131ms ago: executing program 1 (id=609): prlimit64(0x0, 0xe, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0xb, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000080000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/169}, 0x94) io_uring_setup(0x71c7, &(0x7f0000000080)={0x0, 0x9b95, 0x2, 0x9, 0x154}) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0) socket$inet6(0xa, 0x1, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r4, 0x0, 0x28b}, 0x18) r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x149a01, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x80489439, &(0x7f0000000540)) writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000040)='[', 0x1}], 0x1) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r7, 0xffffffffffffffff, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000340), 0x28000, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802d1f7c3dc000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r8}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 605.454255ms ago: executing program 5 (id=610): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) ftruncate(r0, 0x5) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r3, 0x4080aebf, &(0x7f0000000ec0)) 520.078061ms ago: executing program 2 (id=611): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000}) 280.833102ms ago: executing program 2 (id=612): bpf$TOKEN_CREATE(0x24, 0x0, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) unshare(0x22020400) r5 = openat(0xffffffffffffff9c, 0x0, 0x103042, 0x2) getsockopt$sock_cred(r5, 0x1, 0x11, 0x0, 0x0) connect$unix(r3, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000040000000800"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10) sendfile(r0, r1, 0x0, 0x20000023896) 241.366186ms ago: executing program 5 (id=613): io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0xc8df, 0xc000, 0xa, 0x20002f7}) r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e0000001ac1414aa0000000003"], 0x1c) setsockopt$inet_mreqn(r0, 0x0, 0x25, &(0x7f0000000080)={@multicast1, @local}, 0xc) 0s ago: executing program 4 (id=614): bpf$TOKEN_CREATE(0x24, &(0x7f0000000280), 0x8) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) unshare(0x22020400) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x4, 0x4, 0x8, 0x220, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffc}, 0x50) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) sendfile(r0, r1, 0x0, 0x20000023896) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000dd0a00000000000073012300000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0xb5, 0x10, &(0x7f0000000000), 0x7}, 0x48) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.183' (ED25519) to the list of known hosts. [ 75.034391][ T5786] cgroup: Unknown subsys name 'net' [ 75.285214][ T5786] cgroup: Unknown subsys name 'cpuset' [ 75.331566][ T5786] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 76.974141][ T5786] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 79.799735][ T5117] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.804202][ T5117] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.804956][ T5117] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.806044][ T5117] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.806829][ T5117] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 79.884644][ T5117] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 79.887133][ T5117] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 79.888373][ T5117] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 79.925187][ T5800] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 79.932525][ T5800] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 79.933352][ T5800] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 79.963583][ T61] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 79.964928][ T61] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 79.966730][ T61] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 79.968905][ T61] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 79.994184][ T5117] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.001890][ T5117] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.018542][ T5117] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.024360][ T5117] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.026262][ T5117] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.068844][ T61] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 80.073529][ T61] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 80.074345][ T61] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 80.075647][ T61] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 80.079167][ T61] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 80.775222][ T5796] chnl_net:caif_netlink_parms(): no params data found [ 80.916353][ T5801] chnl_net:caif_netlink_parms(): no params data found [ 81.211504][ T5804] chnl_net:caif_netlink_parms(): no params data found [ 81.216306][ T5808] chnl_net:caif_netlink_parms(): no params data found [ 81.358345][ T5812] chnl_net:caif_netlink_parms(): no params data found [ 81.567899][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.569022][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.569375][ T5796] bridge_slave_0: entered allmulticast mode [ 81.573747][ T5796] bridge_slave_0: entered promiscuous mode [ 81.695555][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.695692][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.695873][ T5796] bridge_slave_1: entered allmulticast mode [ 81.698879][ T5796] bridge_slave_1: entered promiscuous mode [ 81.842504][ T5117] Bluetooth: hci0: command tx timeout [ 81.941328][ T5801] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.941454][ T5801] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.941573][ T5801] bridge_slave_0: entered allmulticast mode [ 81.943265][ T5801] bridge_slave_0: entered promiscuous mode [ 82.001323][ T5117] Bluetooth: hci1: command tx timeout [ 82.062533][ T5801] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.062660][ T5801] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.062840][ T5801] bridge_slave_1: entered allmulticast mode [ 82.064693][ T5801] bridge_slave_1: entered promiscuous mode [ 82.080594][ T5117] Bluetooth: hci3: command tx timeout [ 82.171006][ T61] Bluetooth: hci4: command tx timeout [ 82.171138][ T5117] Bluetooth: hci2: command tx timeout [ 82.221282][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.439783][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.511317][ T5804] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.511513][ T5804] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.511693][ T5804] bridge_slave_0: entered allmulticast mode [ 82.513373][ T5804] bridge_slave_0: entered promiscuous mode [ 82.514803][ T5808] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.514924][ T5808] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.515419][ T5808] bridge_slave_0: entered allmulticast mode [ 82.517042][ T5808] bridge_slave_0: entered promiscuous mode [ 82.684038][ T5801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.684293][ T5804] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.684435][ T5804] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.684594][ T5804] bridge_slave_1: entered allmulticast mode [ 82.686303][ T5804] bridge_slave_1: entered promiscuous mode [ 82.687359][ T5808] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.687438][ T5808] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.687535][ T5808] bridge_slave_1: entered allmulticast mode [ 82.688974][ T5808] bridge_slave_1: entered promiscuous mode [ 82.853722][ T5801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.131476][ T5812] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.131596][ T5812] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.131853][ T5812] bridge_slave_0: entered allmulticast mode [ 83.133340][ T5812] bridge_slave_0: entered promiscuous mode [ 83.138506][ T5796] team0: Port device team_slave_0 added [ 83.381559][ T5812] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.381763][ T5812] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.381945][ T5812] bridge_slave_1: entered allmulticast mode [ 83.383602][ T5812] bridge_slave_1: entered promiscuous mode [ 83.386587][ T5796] team0: Port device team_slave_1 added [ 83.446913][ T5804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.449872][ T5808] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.613966][ T5801] team0: Port device team_slave_0 added [ 83.616491][ T5804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.618598][ T5808] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.793571][ T5801] team0: Port device team_slave_1 added [ 83.920549][ T5117] Bluetooth: hci0: command tx timeout [ 83.936674][ T5812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.937983][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.937994][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.938007][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.080637][ T5117] Bluetooth: hci1: command tx timeout [ 84.160624][ T5117] Bluetooth: hci3: command tx timeout [ 84.193622][ T5812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.194262][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.194272][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.194285][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.240700][ T61] Bluetooth: hci4: command tx timeout [ 84.240795][ T5117] Bluetooth: hci2: command tx timeout [ 84.473662][ T5804] team0: Port device team_slave_0 added [ 84.475620][ T5808] team0: Port device team_slave_0 added [ 84.549369][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.549381][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.549394][ T5801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.552979][ T5804] team0: Port device team_slave_1 added [ 84.555589][ T5808] team0: Port device team_slave_1 added [ 84.682981][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.682994][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.683007][ T5801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.762835][ T5812] team0: Port device team_slave_0 added [ 84.933285][ T5812] team0: Port device team_slave_1 added [ 85.011962][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.011974][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.011987][ T5804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.014528][ T5808] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.014543][ T5808] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.014566][ T5808] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.233166][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.233177][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.233190][ T5804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.234247][ T5808] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.234263][ T5808] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.234276][ T5808] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.367292][ T5796] hsr_slave_0: entered promiscuous mode [ 85.368285][ T5796] hsr_slave_1: entered promiscuous mode [ 85.523477][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.523492][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.523513][ T5812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.622825][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.622838][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.622852][ T5812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.631133][ T5801] hsr_slave_0: entered promiscuous mode [ 85.632457][ T5801] hsr_slave_1: entered promiscuous mode [ 85.633573][ T5801] debugfs: 'hsr0' already exists in 'hsr' [ 85.633684][ T5801] Cannot create hsr debugfs directory [ 86.000570][ T5117] Bluetooth: hci0: command tx timeout [ 86.160535][ T5117] Bluetooth: hci1: command tx timeout [ 86.207158][ T5804] hsr_slave_0: entered promiscuous mode [ 86.207947][ T5804] hsr_slave_1: entered promiscuous mode [ 86.208557][ T5804] debugfs: 'hsr0' already exists in 'hsr' [ 86.208576][ T5804] Cannot create hsr debugfs directory [ 86.241481][ T5117] Bluetooth: hci3: command tx timeout [ 86.247290][ T5808] hsr_slave_0: entered promiscuous mode [ 86.248065][ T5808] hsr_slave_1: entered promiscuous mode [ 86.248645][ T5808] debugfs: 'hsr0' already exists in 'hsr' [ 86.248666][ T5808] Cannot create hsr debugfs directory [ 86.320846][ T5117] Bluetooth: hci2: command tx timeout [ 86.320853][ T61] Bluetooth: hci4: command tx timeout [ 86.371111][ T5812] hsr_slave_0: entered promiscuous mode [ 86.371936][ T5812] hsr_slave_1: entered promiscuous mode [ 86.372482][ T5812] debugfs: 'hsr0' already exists in 'hsr' [ 86.372502][ T5812] Cannot create hsr debugfs directory [ 86.724059][ T9] cfg80211: failed to load regulatory.db [ 87.774539][ T5796] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 87.819788][ T5796] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 87.835484][ T5796] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 87.887619][ T5796] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 87.988218][ T5801] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 88.025779][ T5801] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 88.067820][ T5801] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 88.080569][ T61] Bluetooth: hci0: command tx timeout [ 88.117201][ T5801] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 88.221090][ T5808] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.240586][ T61] Bluetooth: hci1: command tx timeout [ 88.249466][ T5808] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.286247][ T5808] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.319969][ T5808] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.320967][ T61] Bluetooth: hci3: command tx timeout [ 88.401221][ T61] Bluetooth: hci4: command tx timeout [ 88.401251][ T61] Bluetooth: hci2: command tx timeout [ 88.466895][ T5804] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.527851][ T5804] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.557854][ T5804] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.595391][ T5804] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.662508][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.743252][ T5812] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.776906][ T5812] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.816330][ T5812] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.864842][ T5796] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.865092][ T5812] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.938289][ T1346] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.939025][ T1346] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.987587][ T1346] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.987708][ T1346] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.015406][ T5801] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.095225][ T5801] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.120243][ T5808] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.139274][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.148354][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.179286][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.180294][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.225969][ T5808] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.259588][ T5804] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.276229][ T158] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.276317][ T158] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.322995][ T158] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.330769][ T158] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.383380][ T5804] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.424419][ T5812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.429638][ T3477] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.429805][ T3477] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.481592][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.481731][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.579476][ T5812] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.628786][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.628993][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.674065][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.674306][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.758260][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.904737][ T5801] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.079302][ T5796] veth0_vlan: entered promiscuous mode [ 90.096281][ T5796] veth1_vlan: entered promiscuous mode [ 90.271412][ T5804] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.280115][ T5808] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.284216][ T5796] veth0_macvtap: entered promiscuous mode [ 90.316314][ T5796] veth1_macvtap: entered promiscuous mode [ 90.414689][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.455337][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.512453][ T3477] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.515447][ T5804] veth0_vlan: entered promiscuous mode [ 90.518870][ T3477] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.531064][ T3477] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.556201][ T3477] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.568409][ T5808] veth0_vlan: entered promiscuous mode [ 90.626785][ T5804] veth1_vlan: entered promiscuous mode [ 90.630179][ T5812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.704415][ T5808] veth1_vlan: entered promiscuous mode [ 90.877776][ T5801] veth0_vlan: entered promiscuous mode [ 90.891323][ T3006] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.891346][ T3006] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.926023][ T5804] veth0_macvtap: entered promiscuous mode [ 90.975948][ T5804] veth1_macvtap: entered promiscuous mode [ 90.977336][ T5808] veth0_macvtap: entered promiscuous mode [ 90.978923][ T5801] veth1_vlan: entered promiscuous mode [ 91.009081][ T1160] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.009099][ T1160] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.036574][ T5808] veth1_macvtap: entered promiscuous mode [ 91.047878][ T5812] veth0_vlan: entered promiscuous mode [ 91.096233][ T5812] veth1_vlan: entered promiscuous mode [ 91.102305][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.125889][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.141574][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.165144][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.174972][ T1160] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.182126][ T1160] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.189837][ T1160] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.215798][ T1160] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.222630][ T1160] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.224121][ T5801] veth0_macvtap: entered promiscuous mode [ 91.228304][ T1160] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.228362][ T1160] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.228396][ T1160] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.329440][ T5801] veth1_macvtap: entered promiscuous mode [ 91.476397][ T5812] veth0_macvtap: entered promiscuous mode [ 91.577661][ T5812] veth1_macvtap: entered promiscuous mode [ 91.653774][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.779579][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.845814][ T1160] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.845836][ T1160] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.919392][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.932891][ T1299] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.948691][ T1299] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.952336][ T1299] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.953927][ T1299] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.971351][ T1299] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.971369][ T1299] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.975412][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.110678][ T1160] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.134891][ T1299] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.134911][ T1299] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.135231][ T1160] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.208267][ T1446] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.221003][ T1446] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.300635][ T3477] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.300654][ T3477] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.478378][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.478397][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.700951][ T3529] Bluetooth: hci5: received HCILL_GO_TO_SLEEP_ACK in state 0 [ 93.746624][ T3006] Bluetooth: hci5: Frame reassembly failed (-84) [ 93.859329][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.859348][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.122127][ T3006] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.122147][ T3006] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.400064][ T44] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.400084][ T44] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.349657][ T5954] 9pnet_fd: Insufficient options for proto=fd [ 95.682533][ T5117] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 98.368224][ T5973] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 99.101106][ T5980] overlayfs: failed to resolve './file0': -2 [ 103.262684][ T6041] 9pnet_fd: Insufficient options for proto=fd [ 103.881517][ T6045] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 108.168672][ T6067] netlink: 4 bytes leftover after parsing attributes in process `syz.1.31'. [ 110.294211][ T6077] 9pnet_fd: Insufficient options for proto=fd [ 112.016549][ T61] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 112.032995][ T61] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 112.034050][ T61] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 112.035332][ T61] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 112.036180][ T61] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 112.243577][ T6091] Zero length message leads to an empty skb [ 114.319259][ T61] Bluetooth: hci5: command tx timeout [ 115.325017][ T6111] 9pnet_fd: Insufficient options for proto=fd [ 116.485944][ T61] Bluetooth: hci5: command tx timeout [ 119.182401][ T5117] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 119.192285][ T5117] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 119.202712][ T5117] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 119.204543][ T5117] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 119.205381][ T5117] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 119.974987][ T5117] Bluetooth: hci5: command tx timeout [ 120.492814][ T6085] chnl_net:caif_netlink_parms(): no params data found [ 121.621511][ T6150] 9pnet_fd: Insufficient options for proto=fd [ 121.672377][ T61] Bluetooth: hci6: command tx timeout [ 122.128350][ T61] Bluetooth: hci5: command tx timeout [ 123.362804][ T6165] ======================================================= [ 123.362804][ T6165] WARNING: The mand mount option has been deprecated and [ 123.362804][ T6165] and is ignored by this kernel. Remove the mand [ 123.362804][ T6165] option from the mount to silence this warning. [ 123.362804][ T6165] ======================================================= [ 123.368183][ T6165] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 124.391059][ T61] Bluetooth: hci6: command tx timeout [ 124.457603][ T6146] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.458919][ T6146] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.800086][ T6146] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 124.809594][ T6146] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 126.480587][ T61] Bluetooth: hci6: command tx timeout [ 126.786979][ T6085] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.787115][ T6085] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.787371][ T6085] bridge_slave_0: entered allmulticast mode [ 126.790138][ T6085] bridge_slave_0: entered promiscuous mode [ 127.093724][ T6185] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 128.267179][ T6195] syz.1.64 (6195) used greatest stack depth: 18120 bytes left [ 128.564498][ T61] Bluetooth: hci6: command tx timeout [ 128.745184][ T6027] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.771044][ T6085] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.771207][ T6085] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.771453][ T6085] bridge_slave_1: entered allmulticast mode [ 128.774175][ T6085] bridge_slave_1: entered promiscuous mode [ 130.369483][ T37] audit: type=1326 audit(1764854069.987:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6208 comm="syz.2.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f810eeef749 code=0x7ffc0000 [ 130.369607][ T37] audit: type=1326 audit(1764854069.987:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6208 comm="syz.2.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f810eeef749 code=0x7ffc0000 [ 130.370339][ T37] audit: type=1326 audit(1764854069.987:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6208 comm="syz.2.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f810eeef749 code=0x7ffc0000 [ 130.396663][ T37] audit: type=1326 audit(1764854070.017:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6208 comm="syz.2.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f810eeef749 code=0x7ffc0000 [ 130.396713][ T37] audit: type=1326 audit(1764854070.017:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6208 comm="syz.2.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f810eeef749 code=0x7ffc0000 [ 130.396753][ T37] audit: type=1326 audit(1764854070.017:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6208 comm="syz.2.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7f810eeef749 code=0x7ffc0000 [ 130.454885][ T37] audit: type=1326 audit(1764854070.077:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6208 comm="syz.2.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f810ef22005 code=0x7ffc0000 [ 130.454936][ T37] audit: type=1326 audit(1764854070.077:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6208 comm="syz.2.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f810eeef749 code=0x7ffc0000 [ 130.455242][ T37] audit: type=1326 audit(1764854070.077:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6208 comm="syz.2.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f810eeef749 code=0x7ffc0000 [ 130.456209][ T37] audit: type=1326 audit(1764854070.077:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6208 comm="syz.2.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f810eeef749 code=0x7ffc0000 [ 130.704005][ T6027] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.886123][ T6027] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.297432][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.298986][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.510065][ T158] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.700934][ T6027] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.800859][ T6085] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 133.807930][ T6085] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 135.247519][ T6073] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 135.551508][ T6073] usb 5-1: Using ep0 maxpacket: 8 [ 135.743767][ T6073] usb 5-1: config 135 has an invalid interface number: 249 but max is 0 [ 135.744310][ T6073] usb 5-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 135.744356][ T6073] usb 5-1: config 135 has no interface number 0 [ 135.750012][ T6073] usb 5-1: config 135 interface 249 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 135.985828][ T6073] usb 5-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 135.985858][ T6073] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.985878][ T6073] usb 5-1: Product: syz [ 135.985891][ T6073] usb 5-1: Manufacturer: syz [ 135.985905][ T6073] usb 5-1: SerialNumber: syz [ 136.070092][ T158] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.287875][ T6073] uvcvideo 5-1:135.249: Found Unit with invalid ID 0 [ 136.288003][ T6073] uvcvideo 5-1:135.249: Found UVC 0.00 device syz (18ec:3288) [ 136.288036][ T6073] uvcvideo 5-1:135.249: No valid video chain found. [ 136.432722][ T6085] team0: Port device team_slave_0 added [ 136.639286][ T158] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.727386][ T6085] team0: Port device team_slave_1 added [ 137.156200][ T158] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.573700][ T5946] usb 5-1: USB disconnect, device number 2 [ 137.723404][ T6085] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 137.723421][ T6085] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 137.723446][ T6085] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 137.836410][ T6085] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 137.836427][ T6085] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 137.836452][ T6085] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 138.111463][ T6246] syz.2.77 (6246) used greatest stack depth: 13848 bytes left [ 139.300168][ T6135] chnl_net:caif_netlink_parms(): no params data found [ 139.348419][ T6085] hsr_slave_0: entered promiscuous mode [ 139.360897][ T6085] hsr_slave_1: entered promiscuous mode [ 139.362010][ T6085] debugfs: 'hsr0' already exists in 'hsr' [ 139.362033][ T6085] Cannot create hsr debugfs directory [ 144.834677][ T6135] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.834871][ T6135] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.835080][ T6135] bridge_slave_0: entered allmulticast mode [ 144.837849][ T6135] bridge_slave_0: entered promiscuous mode [ 144.963122][ T6135] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.963249][ T6135] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.963495][ T6135] bridge_slave_1: entered allmulticast mode [ 144.966040][ T6135] bridge_slave_1: entered promiscuous mode [ 144.973877][ T158] bridge_slave_1: left allmulticast mode [ 144.973983][ T158] bridge_slave_1: left promiscuous mode [ 144.976214][ T158] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.315252][ T158] bridge_slave_0: left allmulticast mode [ 145.315281][ T158] bridge_slave_0: left promiscuous mode [ 145.315530][ T158] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.907190][ T6321] input: syz1 as /devices/virtual/input/input5 [ 150.421552][ T158] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 150.464295][ T158] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 150.505056][ T158] bond0 (unregistering): Released all slaves [ 154.673385][ T6135] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 156.201054][ T6135] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 157.756252][ T6377] input: syz1 as /devices/virtual/input/input6 [ 160.981863][ T6135] team0: Port device team_slave_0 added [ 161.083850][ T6135] team0: Port device team_slave_1 added [ 161.140368][ T6407] serio: Serial port ptm0 [ 161.617589][ T158] hsr_slave_0: left promiscuous mode [ 161.650587][ T158] hsr_slave_1: left promiscuous mode [ 161.651480][ T158] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 161.651567][ T158] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 162.532671][ T158] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 162.532699][ T158] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 163.929232][ T6426] input: syz1 as /devices/virtual/input/input7 [ 164.608254][ T158] veth1_macvtap: left promiscuous mode [ 164.608404][ T158] veth0_macvtap: left promiscuous mode [ 164.608569][ T158] veth1_vlan: left promiscuous mode [ 164.608755][ T158] veth0_vlan: left promiscuous mode [ 169.711713][ T6453] serio: Serial port ptm0 [ 169.784754][ T5117] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 169.787089][ T5117] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 169.788303][ T5117] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 169.789448][ T5117] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 169.790179][ T5117] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 170.742512][ T6462] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 171.481430][ T158] team0 (unregistering): Port device team_slave_1 removed [ 171.732884][ T158] team0 (unregistering): Port device team_slave_0 removed [ 171.850922][ T5117] Bluetooth: hci0: command tx timeout [ 172.811599][ T61] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 172.819927][ T61] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 172.838965][ T61] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 172.845115][ T61] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 172.846777][ T61] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 173.920844][ T5117] Bluetooth: hci0: command tx timeout [ 174.292036][ T6135] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 174.292053][ T6135] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 174.292068][ T6135] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 174.960573][ T5117] Bluetooth: hci4: command tx timeout [ 175.102788][ T6484] serio: Serial port ptm0 [ 176.001049][ T5117] Bluetooth: hci0: command tx timeout [ 176.132780][ T6507] random: crng reseeded on system resumption [ 177.040475][ T5117] Bluetooth: hci4: command tx timeout [ 177.523155][ T6519] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 178.088124][ T6522] input: syz1 as /devices/virtual/input/input8 [ 178.435793][ T5117] Bluetooth: hci0: command tx timeout [ 179.120517][ T5117] Bluetooth: hci4: command tx timeout [ 180.214072][ T6542] serio: Serial port ptm0 [ 182.285363][ T5117] Bluetooth: hci4: command tx timeout [ 183.348611][ T6569] fuse: Bad value for 'group_id' [ 183.348630][ T6569] fuse: Bad value for 'group_id' [ 183.404141][ T6566] random: crng reseeded on system resumption [ 184.560982][ T6471] chnl_net:caif_netlink_parms(): no params data found [ 184.643570][ T6455] chnl_net:caif_netlink_parms(): no params data found [ 186.223051][ T6604] input: syz1 as /devices/virtual/input/input9 [ 187.221815][ T6455] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.223213][ T6455] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.223432][ T6455] bridge_slave_0: entered allmulticast mode [ 187.226355][ T6455] bridge_slave_0: entered promiscuous mode [ 188.010758][ T6455] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.010885][ T6455] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.011116][ T6455] bridge_slave_1: entered allmulticast mode [ 188.013832][ T6455] bridge_slave_1: entered promiscuous mode [ 188.021506][ T6471] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.030587][ T6471] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.030816][ T6471] bridge_slave_0: entered allmulticast mode [ 188.033581][ T6471] bridge_slave_0: entered promiscuous mode [ 188.202365][ T6471] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.202503][ T6471] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.202706][ T6471] bridge_slave_1: entered allmulticast mode [ 188.205456][ T6471] bridge_slave_1: entered promiscuous mode [ 188.241794][ T6621] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 188.317221][ T6628] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 189.516687][ T6455] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 189.658189][ T6455] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 189.743203][ T6471] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 189.903312][ T6471] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 190.639577][ T6638] fuse: Bad value for 'group_id' [ 190.639764][ T6638] fuse: Bad value for 'group_id' [ 191.158913][ T6642] random: crng reseeded on system resumption [ 191.865163][ T6455] team0: Port device team_slave_0 added [ 192.201513][ T6455] team0: Port device team_slave_1 added [ 192.229769][ T6471] team0: Port device team_slave_0 added [ 192.412528][ T6471] team0: Port device team_slave_1 added [ 194.048564][ T158] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.096518][ T6455] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 194.096533][ T6455] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 194.096553][ T6455] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 195.003711][ T6455] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 195.003727][ T6455] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 195.003752][ T6455] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 195.005866][ T6471] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 195.005884][ T6471] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 195.005911][ T6471] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 195.247835][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.250026][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.796285][ T158] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.864404][ T6471] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 195.864421][ T6471] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 195.864445][ T6471] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 196.472126][ T158] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.033765][ T6455] hsr_slave_0: entered promiscuous mode [ 197.051261][ T6455] hsr_slave_1: entered promiscuous mode [ 197.333021][ T6471] hsr_slave_0: entered promiscuous mode [ 197.338172][ T6471] hsr_slave_1: entered promiscuous mode [ 197.356905][ T6471] debugfs: 'hsr0' already exists in 'hsr' [ 197.356931][ T6471] Cannot create hsr debugfs directory [ 197.534183][ T158] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.220020][ T158] bridge_slave_1: left allmulticast mode [ 201.220046][ T158] bridge_slave_1: left promiscuous mode [ 201.220287][ T158] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.296687][ T158] bridge_slave_0: left allmulticast mode [ 201.296714][ T158] bridge_slave_0: left promiscuous mode [ 201.298574][ T158] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.363860][ T158] bridge_slave_1: left allmulticast mode [ 201.363879][ T158] bridge_slave_1: left promiscuous mode [ 201.364049][ T158] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.433810][ T158] bridge_slave_0: left allmulticast mode [ 201.433835][ T158] bridge_slave_0: left promiscuous mode [ 201.434067][ T158] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.503846][ T158] bridge_slave_1: left allmulticast mode [ 201.503865][ T158] bridge_slave_1: left promiscuous mode [ 201.504010][ T158] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.713587][ T158] bridge_slave_0: left allmulticast mode [ 201.713615][ T158] bridge_slave_0: left promiscuous mode [ 201.713880][ T158] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.542684][ T158] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 202.813865][ T158] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 202.875826][ T158] bond0 (unregistering): Released all slaves [ 203.101645][ T158] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 203.171088][ T158] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 203.237138][ T158] bond0 (unregistering): Released all slaves [ 207.778397][ T5117] Bluetooth: hci2: command 0x0406 tx timeout [ 207.921474][ T61] Bluetooth: hci3: command 0x0406 tx timeout [ 207.922819][ T5117] Bluetooth: hci1: command 0x0406 tx timeout [ 214.071152][ T158] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 214.121011][ T158] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 214.145295][ T158] bond0 (unregistering): Released all slaves [ 214.307473][ T6728] warning: `syz.2.187' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 221.258547][ T158] hsr_slave_0: left promiscuous mode [ 221.310719][ T158] hsr_slave_1: left promiscuous mode [ 221.311754][ T158] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 221.579263][ T158] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 221.618754][ T158] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 221.996987][ T158] hsr_slave_0: left promiscuous mode [ 222.010786][ T158] hsr_slave_1: left promiscuous mode [ 222.011414][ T158] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 222.011430][ T158] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 223.705639][ T158] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 223.705667][ T158] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 224.007457][ T158] veth1_macvtap: left promiscuous mode [ 224.007550][ T158] veth0_macvtap: left promiscuous mode [ 224.007769][ T158] veth1_vlan: left promiscuous mode [ 224.009158][ T158] veth0_vlan: left promiscuous mode [ 224.301049][ T5952] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 224.470577][ T5952] usb 2-1: Using ep0 maxpacket: 8 [ 224.473495][ T5952] usb 2-1: config 135 has an invalid interface number: 249 but max is 0 [ 224.473522][ T5952] usb 2-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 224.473541][ T5952] usb 2-1: config 135 has no interface number 0 [ 224.473590][ T5952] usb 2-1: config 135 interface 249 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 224.476812][ T5952] usb 2-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 224.476838][ T5952] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.476861][ T5952] usb 2-1: Product: syz [ 224.476874][ T5952] usb 2-1: Manufacturer: syz [ 224.476887][ T5952] usb 2-1: SerialNumber: syz [ 224.530262][ T5952] uvcvideo 2-1:135.249: Found Unit with invalid ID 0 [ 224.530326][ T5952] uvcvideo 2-1:135.249: Found UVC 0.00 device syz (18ec:3288) [ 224.530352][ T5952] uvcvideo 2-1:135.249: No valid video chain found. [ 225.111274][ T158] team0 (unregistering): Port device team_slave_1 removed [ 225.331362][ T158] team0 (unregistering): Port device team_slave_0 removed [ 225.981196][ T158] team0 (unregistering): Port device team_slave_1 removed [ 226.101333][ T158] team0 (unregistering): Port device team_slave_0 removed [ 226.912003][ T6423] usb 2-1: USB disconnect, device number 2 [ 230.381804][ T5807] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 230.401234][ T5807] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 230.402434][ T5807] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 230.406792][ T5807] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 230.409710][ T5807] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 230.449391][ T158] team0 (unregistering): Port device team_slave_1 removed [ 230.737832][ T158] team0 (unregistering): Port device team_slave_0 removed [ 230.863947][ T6979] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=4068521576 (4068521576 ns) > initial count (2794446801 ns). Using initial count to start timer. [ 231.190213][ T6984] fuse: Unknown parameter 'grou' [ 233.051901][ T5805] Bluetooth: hci5: command tx timeout [ 233.445003][ T5807] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 233.471246][ T5807] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 233.476827][ T5807] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 233.507318][ T5807] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 233.508171][ T5807] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 233.822580][ T7000] process 'syz.2.258' launched '/dev/fd/3' with NULL argv: empty string added [ 235.121795][ T5807] Bluetooth: hci5: command tx timeout [ 235.610983][ T5807] Bluetooth: hci6: command tx timeout [ 236.386526][ T7044] fuse: Unknown parameter 'grou' [ 236.843281][ T6997] chnl_net:caif_netlink_parms(): no params data found [ 237.109442][ T6970] chnl_net:caif_netlink_parms(): no params data found [ 237.203157][ T5807] Bluetooth: hci5: command tx timeout [ 237.690480][ T5807] Bluetooth: hci6: command tx timeout [ 237.836372][ T7064] random: crng reseeded on system resumption [ 238.792761][ T6997] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.792960][ T6997] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.793202][ T6997] bridge_slave_0: entered allmulticast mode [ 238.857746][ T6997] bridge_slave_0: entered promiscuous mode [ 239.023370][ T6997] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.023558][ T6997] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.023772][ T6997] bridge_slave_1: entered allmulticast mode [ 239.072831][ T6997] bridge_slave_1: entered promiscuous mode [ 239.283096][ T5807] Bluetooth: hci5: command tx timeout [ 239.756684][ T6997] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 239.756916][ T6970] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.757120][ T6970] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.757310][ T6970] bridge_slave_0: entered allmulticast mode [ 239.759587][ T6970] bridge_slave_0: entered promiscuous mode [ 239.770546][ T5807] Bluetooth: hci6: command tx timeout [ 239.827725][ T6997] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 239.827948][ T6970] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.828085][ T6970] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.828211][ T6970] bridge_slave_1: entered allmulticast mode [ 239.830147][ T6970] bridge_slave_1: entered promiscuous mode [ 240.624877][ T6997] team0: Port device team_slave_0 added [ 240.794780][ T7106] random: crng reseeded on system resumption [ 241.618865][ T6970] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 241.645845][ T6997] team0: Port device team_slave_1 added [ 241.836981][ T6970] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 241.842847][ T5807] Bluetooth: hci6: command tx timeout [ 241.974077][ T7118] fuse: Unknown parameter 'grou' [ 242.786370][ T6997] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 242.786386][ T6997] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 242.786411][ T6997] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 242.789183][ T6997] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 242.789196][ T6997] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 242.789221][ T6997] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 242.936159][ T6970] team0: Port device team_slave_0 added [ 242.943016][ T6970] team0: Port device team_slave_1 added [ 243.827075][ T7158] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 243.884224][ T6997] hsr_slave_0: entered promiscuous mode [ 243.886166][ T6997] hsr_slave_1: entered promiscuous mode [ 243.886780][ T6997] debugfs: 'hsr0' already exists in 'hsr' [ 243.886795][ T6997] Cannot create hsr debugfs directory [ 243.887915][ T6970] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 243.887928][ T6970] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 243.887952][ T6970] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 244.011631][ T158] bridge_slave_1: left allmulticast mode [ 244.011660][ T158] bridge_slave_1: left promiscuous mode [ 244.011965][ T158] bridge0: port 2(bridge_slave_1) entered disabled state [ 244.314628][ T158] bridge_slave_0: left allmulticast mode [ 244.314655][ T158] bridge_slave_0: left promiscuous mode [ 244.314920][ T158] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.346384][ T7162] random: crng reseeded on system resumption [ 244.846855][ T158] bridge_slave_1: left allmulticast mode [ 244.846875][ T158] bridge_slave_1: left promiscuous mode [ 244.847026][ T158] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.011869][ T158] bridge_slave_0: left allmulticast mode [ 245.011902][ T158] bridge_slave_0: left promiscuous mode [ 245.012668][ T158] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.330858][ T158] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 245.402737][ T158] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 245.484434][ T158] bond0 (unregistering): Released all slaves [ 245.783873][ T158] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 245.878161][ T158] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 245.912695][ T158] bond0 (unregistering): Released all slaves [ 246.054611][ T6970] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 246.054628][ T6970] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 246.054654][ T6970] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 246.519489][ T6970] hsr_slave_0: entered promiscuous mode [ 246.523764][ T6970] hsr_slave_1: entered promiscuous mode [ 246.525987][ T6970] debugfs: 'hsr0' already exists in 'hsr' [ 246.526011][ T6970] Cannot create hsr debugfs directory [ 246.591873][ T7197] fuse: Unknown parameter 'group_i' [ 246.801117][ T158] hsr_slave_0: left promiscuous mode [ 246.840587][ T158] hsr_slave_1: left promiscuous mode [ 246.841918][ T158] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 246.891493][ T158] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 247.031544][ T158] hsr_slave_0: left promiscuous mode [ 247.050623][ T158] hsr_slave_1: left promiscuous mode [ 247.051586][ T158] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 247.076290][ T158] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 247.733247][ T7205] random: crng reseeded on system resumption [ 248.872253][ T158] team0 (unregistering): Port device team_slave_1 removed [ 249.031256][ T158] team0 (unregistering): Port device team_slave_0 removed [ 250.491299][ T158] team0 (unregistering): Port device team_slave_1 removed [ 250.636649][ T158] team0 (unregistering): Port device team_slave_0 removed [ 251.526884][ T7199] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.535831][ T7199] bridge0: port 1(bridge_slave_0) entered disabled state [ 251.986748][ T7199] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 252.002329][ T7199] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 252.084971][ T7244] fuse: Unknown parameter 'group_i' [ 253.032351][ T7247] random: crng reseeded on system resumption [ 253.657832][ T3477] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.014980][ T3477] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.299670][ T3477] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.328328][ T3477] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.435416][ T6997] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 255.499987][ T6997] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 255.599634][ T6997] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 255.696620][ T6997] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 255.701332][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.701397][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.952699][ T7306] random: crng reseeded on system resumption [ 258.008864][ T7307] fuse: Unknown parameter 'group_i' [ 258.130523][ T6970] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 259.640090][ T6970] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 259.702833][ T6970] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 259.772907][ T6970] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 260.572262][ T6997] 8021q: adding VLAN 0 to HW filter on device bond0 [ 260.639301][ T6997] 8021q: adding VLAN 0 to HW filter on device team0 [ 260.724015][ T6970] 8021q: adding VLAN 0 to HW filter on device bond0 [ 260.754518][ T158] bridge0: port 1(bridge_slave_0) entered blocking state [ 260.769718][ T158] bridge0: port 1(bridge_slave_0) entered forwarding state [ 260.785748][ T158] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.785886][ T158] bridge0: port 2(bridge_slave_1) entered forwarding state [ 261.452831][ T7360] netlink: 4 bytes leftover after parsing attributes in process `syz.2.334'. [ 261.659131][ T7360] bridge_slave_1: left allmulticast mode [ 261.659160][ T7360] bridge_slave_1: left promiscuous mode [ 261.659415][ T7360] bridge0: port 2(bridge_slave_1) entered disabled state [ 262.607146][ T7365] random: crng reseeded on system resumption [ 263.138367][ T7360] bridge_slave_0: left allmulticast mode [ 263.138396][ T7360] bridge_slave_0: left promiscuous mode [ 263.138951][ T7360] bridge0: port 1(bridge_slave_0) entered disabled state [ 264.908720][ T6970] 8021q: adding VLAN 0 to HW filter on device team0 [ 265.321934][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.322541][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 265.433030][ T7401] fuse: Bad value for 'group_id' [ 265.433049][ T7401] fuse: Bad value for 'group_id' [ 265.691587][ T7403] serio: Serial port ptm0 [ 265.693493][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.693638][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 265.969892][ T6997] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 266.970587][ T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 267.130586][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 267.132758][ T9] usb 3-1: config 135 has an invalid interface number: 249 but max is 0 [ 267.132782][ T9] usb 3-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 267.132799][ T9] usb 3-1: config 135 has no interface number 0 [ 267.132846][ T9] usb 3-1: config 135 interface 249 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 267.135544][ T9] usb 3-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 267.135569][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 267.135589][ T9] usb 3-1: Product: syz [ 267.135603][ T9] usb 3-1: Manufacturer: syz [ 267.135616][ T9] usb 3-1: SerialNumber: syz [ 267.267052][ T9] uvcvideo 3-1:135.249: Found Unit with invalid ID 0 [ 267.267140][ T9] uvcvideo 3-1:135.249: Found UVC 0.00 device syz (18ec:3288) [ 267.267168][ T9] uvcvideo 3-1:135.249: No valid video chain found. [ 267.393285][ T6970] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 267.851093][ T6997] veth0_vlan: entered promiscuous mode [ 267.864971][ T6997] veth1_vlan: entered promiscuous mode [ 268.220956][ T6997] veth0_macvtap: entered promiscuous mode [ 268.488737][ T7444] 9pnet_fd: Insufficient options for proto=fd [ 269.964458][ T6997] veth1_macvtap: entered promiscuous mode [ 270.019662][ T6997] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 270.022176][ T6970] veth0_vlan: entered promiscuous mode [ 270.033240][ T6997] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 270.036770][ T6970] veth1_vlan: entered promiscuous mode [ 270.048614][ T6139] usb 3-1: USB disconnect, device number 2 [ 270.111119][ T58] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.112793][ T58] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.113019][ T58] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.113225][ T58] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.572421][ T7473] serio: Serial port ptm0 [ 272.318637][ T7468] netlink: 4 bytes leftover after parsing attributes in process `syz.1.351'. [ 272.319906][ T7468] bridge_slave_1: left allmulticast mode [ 272.319931][ T7468] bridge_slave_1: left promiscuous mode [ 272.320184][ T7468] bridge0: port 2(bridge_slave_1) entered disabled state [ 272.565168][ T7468] bridge_slave_0: left allmulticast mode [ 272.566854][ T7468] bridge_slave_0: left promiscuous mode [ 272.567186][ T7468] bridge0: port 1(bridge_slave_0) entered disabled state [ 273.001657][ T7484] 9pnet_fd: Insufficient options for proto=fd [ 273.743046][ T6970] veth0_macvtap: entered promiscuous mode [ 273.768932][ T6970] veth1_macvtap: entered promiscuous mode [ 274.253788][ T7492] fuse: Bad value for 'group_id' [ 274.253816][ T7492] fuse: Bad value for 'group_id' [ 275.321583][ T5989] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 275.321602][ T5989] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 275.384887][ T6970] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 276.557093][ T6970] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 276.803865][ T5989] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.803913][ T5989] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.803948][ T5989] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.803981][ T5989] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.805298][ T5989] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 276.805313][ T5989] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 276.981650][ T7516] serio: Serial port ptm0 [ 277.034714][ T7513] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 277.892425][ T3477] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.892445][ T3477] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 277.894825][ T1346] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.894841][ T1346] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 278.032671][ T7538] 9pnet_fd: Insufficient options for proto=fd [ 280.227537][ T7558] blkio.reset_stats is deprecated [ 282.644589][ T7604] fuse: Bad value for 'group_id' [ 282.644608][ T7604] fuse: Bad value for 'group_id' [ 286.610653][ T6139] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 286.770462][ T6139] usb 7-1: Using ep0 maxpacket: 8 [ 286.774193][ T6139] usb 7-1: config 135 has an invalid interface number: 249 but max is 0 [ 286.774217][ T6139] usb 7-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 286.774236][ T6139] usb 7-1: config 135 has no interface number 0 [ 286.777327][ T6139] usb 7-1: config 135 interface 249 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 286.780650][ T6139] usb 7-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 286.780676][ T6139] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.780694][ T6139] usb 7-1: Product: syz [ 286.780707][ T6139] usb 7-1: Manufacturer: syz [ 286.780721][ T6139] usb 7-1: SerialNumber: syz [ 286.835192][ T6139] uvcvideo 7-1:135.249: Found Unit with invalid ID 0 [ 286.835252][ T6139] uvcvideo 7-1:135.249: Found UVC 0.00 device syz (18ec:3288) [ 286.835277][ T6139] uvcvideo 7-1:135.249: No valid video chain found. [ 287.019717][ T9] usb 7-1: USB disconnect, device number 2 [ 287.185398][ T7659] capability: warning: `syz.5.391' uses 32-bit capabilities (legacy support in use) [ 291.290083][ T7699] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.312161][ T7699] bridge0: port 1(bridge_slave_0) entered disabled state [ 292.020556][ T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 292.146590][ T7734] fuse: Bad value for 'user_id' [ 292.146609][ T7734] fuse: Bad value for 'user_id' [ 292.180658][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 292.435101][ T9] usb 5-1: config 135 has an invalid interface number: 249 but max is 0 [ 292.435129][ T9] usb 5-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 292.435148][ T9] usb 5-1: config 135 has no interface number 0 [ 292.435203][ T9] usb 5-1: config 135 interface 249 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 292.488293][ T9] usb 5-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 292.488320][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 292.488337][ T9] usb 5-1: Product: syz [ 292.488349][ T9] usb 5-1: Manufacturer: syz [ 292.488361][ T9] usb 5-1: SerialNumber: syz [ 292.541965][ T9] uvcvideo 5-1:135.249: Found Unit with invalid ID 0 [ 292.542025][ T9] uvcvideo 5-1:135.249: Found UVC 0.00 device syz (18ec:3288) [ 292.542050][ T9] uvcvideo 5-1:135.249: No valid video chain found. [ 292.738340][ T9] usb 5-1: USB disconnect, device number 3 [ 292.831296][ T7699] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 292.865970][ T7699] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 294.024582][ T7753] overlayfs: failed to resolve './file1': -2 [ 295.273136][ T58] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.274080][ T6030] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.274216][ T6030] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.274253][ T6030] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.023625][ T7791] fuse: Bad value for 'user_id' [ 297.023644][ T7791] fuse: Bad value for 'user_id' [ 302.891514][ T7899] fuse: Bad value for 'user_id' [ 302.891534][ T7899] fuse: Bad value for 'user_id' [ 306.352344][ T7955] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 315.304187][ T8080] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 317.521931][ T8101] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 318.174587][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.174658][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 320.586345][ T8131] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 320.586878][ T8131] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 322.100845][ T8152] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 324.544263][ T8179] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 324.982060][ T8185] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 324.984719][ T8185] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 326.014670][ T8195] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 329.797976][ T37] kauditd_printk_skb: 1 callbacks suppressed [ 329.797995][ T37] audit: type=1326 audit(1764854269.407:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8215 comm="syz.5.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b9e77f749 code=0x7ffc0000 [ 329.798041][ T37] audit: type=1326 audit(1764854269.417:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8215 comm="syz.5.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b9e77f749 code=0x7ffc0000 [ 329.798083][ T37] audit: type=1326 audit(1764854269.417:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8215 comm="syz.5.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b9e77f749 code=0x7ffc0000 [ 329.798126][ T37] audit: type=1326 audit(1764854269.417:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8215 comm="syz.5.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=440 compat=0 ip=0x7f1b9e77f749 code=0x7ffc0000 [ 329.798187][ T37] audit: type=1326 audit(1764854269.417:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8215 comm="syz.5.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b9e77f749 code=0x7ffc0000 [ 329.798228][ T37] audit: type=1326 audit(1764854269.417:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8215 comm="syz.5.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b9e77f749 code=0x7ffc0000 [ 329.877605][ T37] audit: type=1326 audit(1764854269.497:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8215 comm="syz.5.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b9e77f749 code=0x7ffc0000 [ 329.878192][ T37] audit: type=1326 audit(1764854269.497:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8215 comm="syz.5.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f1b9e77f749 code=0x7ffc0000 [ 329.878236][ T37] audit: type=1326 audit(1764854269.497:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8215 comm="syz.5.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f1b9e77f749 code=0x7ffc0000 [ 330.128254][ T8210] mmap: syz.4.515 (8210) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 331.594069][ T8236] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 331.597730][ T8236] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 335.539520][ T8271] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 336.735617][ T8280] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 336.735856][ T8280] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 341.356404][ T8310] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 341.775853][ T8316] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 342.794976][ T8324] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 342.796902][ T8324] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 348.441882][ T8367] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 349.069126][ T5805] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 349.085450][ T5805] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 349.086581][ T5805] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 349.900793][ T5805] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 349.945099][ T8392] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3089888063 (3089888063 ns) > initial count (2126324423 ns). Using initial count to start timer. [ 349.948679][ T5805] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 350.387943][ T8379] chnl_net:caif_netlink_parms(): no params data found [ 352.080689][ T5807] Bluetooth: hci0: command tx timeout [ 352.714121][ T8379] bridge0: port 1(bridge_slave_0) entered blocking state [ 352.714668][ T8379] bridge0: port 1(bridge_slave_0) entered disabled state [ 352.714911][ T8379] bridge_slave_0: entered allmulticast mode [ 352.720100][ T8379] bridge_slave_0: entered promiscuous mode [ 352.764930][ T8379] bridge0: port 2(bridge_slave_1) entered blocking state [ 352.765141][ T8379] bridge0: port 2(bridge_slave_1) entered disabled state [ 352.765348][ T8379] bridge_slave_1: entered allmulticast mode [ 352.768059][ T8379] bridge_slave_1: entered promiscuous mode [ 353.148801][ T8379] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 353.217735][ T8436] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3089888063 (3089888063 ns) > initial count (2126324423 ns). Using initial count to start timer. [ 354.230497][ T5805] Bluetooth: hci0: command tx timeout [ 354.463499][ T8379] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 355.043169][ T5805] Bluetooth: hci5: command 0x0406 tx timeout [ 355.276213][ T8475] random: crng reseeded on system resumption [ 355.955344][ T8379] team0: Port device team_slave_0 added [ 355.958863][ T8379] team0: Port device team_slave_1 added [ 356.174176][ T8484] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3089888063 (3089888063 ns) > initial count (2126324423 ns). Using initial count to start timer. [ 356.240637][ T5807] Bluetooth: hci0: command tx timeout [ 356.292477][ T8379] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 356.292493][ T8379] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 356.292518][ T8379] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 356.305952][ T8379] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 356.305967][ T8379] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 356.305991][ T8379] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 357.210060][ T8379] hsr_slave_0: entered promiscuous mode [ 357.217816][ T8379] hsr_slave_1: entered promiscuous mode [ 358.320563][ T5807] Bluetooth: hci0: command tx timeout [ 358.460697][ T6022] bridge_slave_1: left allmulticast mode [ 358.460846][ T6022] bridge_slave_1: left promiscuous mode [ 358.461101][ T6022] bridge0: port 2(bridge_slave_1) entered disabled state [ 358.567620][ T6022] bridge_slave_0: left allmulticast mode [ 358.567647][ T6022] bridge_slave_0: left promiscuous mode [ 358.567951][ T6022] bridge0: port 1(bridge_slave_0) entered disabled state [ 464.230423][ C0] rcu: INFO: rcu_preempt self-detected stall on CPU [ 464.230451][ C0] rcu: 0-...!: (10500 ticks this GP) idle=73ac/1/0x4000000000000000 softirq=0/0 fqs=0 rcuc=10500 jiffies(starved) [ 464.230476][ C0] rcu: (t=10500 jiffies g=22553 q=346 ncpus=2) [ 464.230487][ C0] rcu: rcu_preempt kthread timer wakeup didn't happen for 10499 jiffies! g22553 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 [ 464.230503][ C0] rcu: Possible timer handling issue on cpu=0 timer-softirq=18551 [ 464.230512][ C0] rcu: rcu_preempt kthread starved for 10500 jiffies! g22553 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0 [ 464.230528][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 464.230535][ C0] rcu: RCU grace-period kthread stack dump: [ 464.230541][ C0] task:rcu_preempt state:I stack:21688 pid:18 tgid:18 ppid:2 task_flags:0x208040 flags:0x00080000 [ 464.230600][ C0] Call Trace: [ 464.230607][ C0] [ 464.230622][ C0] __schedule+0x1480/0x50a0 [ 464.230670][ C0] ? lockdep_hardirqs_on+0x98/0x140 [ 464.230693][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 464.230715][ C0] ? __pfx___schedule+0x10/0x10 [ 464.230749][ C0] ? schedule+0x91/0x360 [ 464.230771][ C0] schedule+0x165/0x360 [ 464.230793][ C0] schedule_timeout+0x12b/0x270 [ 464.230813][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 464.230834][ C0] ? __pfx_process_timeout+0x10/0x10 [ 464.230855][ C0] ? prepare_to_swait_event+0x341/0x380 [ 464.230877][ C0] rcu_gp_fqs_loop+0x301/0x1540 [ 464.230906][ C0] ? __pfx_rcu_gp_init+0x10/0x10 [ 464.230925][ C0] ? lockdep_hardirqs_on+0x98/0x140 [ 464.230946][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 464.230964][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 464.230994][ C0] rcu_gp_kthread+0x99/0x390 [ 464.231016][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 464.231036][ C0] ? __kthread_parkme+0x7b/0x200 [ 464.231053][ C0] ? __kthread_parkme+0x1a1/0x200 [ 464.231075][ C0] kthread+0x711/0x8a0 [ 464.231096][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 464.231115][ C0] ? __pfx_kthread+0x10/0x10 [ 464.231131][ C0] ? rt_spin_unlock+0x150/0x200 [ 464.231152][ C0] ? rt_spin_unlock+0x161/0x200 [ 464.231168][ C0] ? __pfx_kthread+0x10/0x10 [ 464.231187][ C0] ret_from_fork+0x599/0xb30 [ 464.231205][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 464.231228][ C0] ? __switch_to_asm+0x39/0x70 [ 464.231247][ C0] ? __switch_to_asm+0x33/0x70 [ 464.231264][ C0] ? __pfx_kthread+0x10/0x10 [ 464.231284][ C0] ret_from_fork_asm+0x1a/0x30 [ 464.231316][ C0] [ 464.231360][ C0] CPU: 0 UID: 0 PID: 5801 Comm: syz-executor Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 464.231377][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 464.231389][ C0] RIP: 0010:smp_call_function_many_cond+0xec1/0x12b0 [ 464.231412][ C0] Code: 45 8b 2c 24 44 89 ee 83 e6 01 31 ff e8 f8 97 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 33 93 0b 00 eb 38 f3 90 <42> 0f b6 04 2b 84 c0 75 11 41 f7 04 24 01 00 00 00 74 1e e8 17 93 [ 464.231425][ C0] RSP: 0018:ffffc900045c7580 EFLAGS: 00000293 [ 464.231438][ C0] RAX: ffffffff81b46959 RBX: 1ffff11017128525 RCX: ffff888033f5dac0 [ 464.231450][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 464.231459][ C0] RBP: ffffc900045c7700 R08: 0000000000000000 R09: 0000000000000000 [ 464.231468][ C0] R10: dffffc0000000000 R11: fffffbfff1db3a4f R12: ffff8880b8942928 [ 464.231480][ C0] R13: dffffc0000000000 R14: ffff8880b883c780 R15: 0000000000000001 [ 464.231491][ C0] FS: 000055557ea51500(0000) GS:ffff888126d69000(0000) knlGS:0000000000000000 [ 464.231504][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 464.231514][ C0] CR2: 00007f9601365d58 CR3: 000000004bd48000 CR4: 00000000003526f0 [ 464.231527][ C0] Call Trace: [ 464.231533][ C0] [ 464.231543][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 464.231571][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 464.231591][ C0] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 464.231613][ C0] ? lockdep_hardirqs_on+0x98/0x140 [ 464.231635][ C0] ? rcu_is_watching+0x15/0xb0 [ 464.231651][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 464.231670][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 464.231688][ C0] flush_tlb_mm_range+0x6b1/0x1280 [ 464.231715][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 464.231746][ C0] ? __pfx_flush_tlb_mm_range+0x10/0x10 [ 464.231766][ C0] ? dup_mmap+0x15a2/0x1ae0 [ 464.231791][ C0] dup_mmap+0x15bb/0x1ae0 [ 464.231824][ C0] ? __pfx_dup_mmap+0x10/0x10 [ 464.231859][ C0] copy_mm+0x13c/0x4b0 [ 464.231879][ C0] copy_process+0x1665/0x3960 [ 464.231905][ C0] ? copy_process+0x915/0x3960 [ 464.231928][ C0] ? __pfx_copy_process+0x10/0x10 [ 464.231955][ C0] kernel_clone+0x21d/0x7a0 [ 464.231974][ C0] ? __pfx_kernel_clone+0x10/0x10 [ 464.231999][ C0] ? lock_vma_under_rcu+0xec/0x4a0 [ 464.232024][ C0] __x64_sys_clone+0x18b/0x1e0 [ 464.232045][ C0] ? __pfx___x64_sys_clone+0x10/0x10 [ 464.232081][ C0] ? do_syscall_64+0xbe/0xf80 [ 464.232097][ C0] do_syscall_64+0xfa/0xf80 [ 464.232111][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.232126][ C0] ? clear_bhb_loop+0x60/0xb0 [ 464.232144][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.232158][ C0] RIP: 0033:0x7fe043345e93 [ 464.232180][ C0] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00 [ 464.232192][ C0] RSP: 002b:00007fff6d5461e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 464.232206][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe043345e93 [ 464.232216][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 464.232225][ C0] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 [ 464.232234][ C0] R10: 000055557ea517d0 R11: 0000000000000246 R12: 0000000000000000 [ 464.232243][ C0] R13: 00000000000927c0 R14: 00000000000579e0 R15: 00007fff6d546380 [ 464.232267][ C0] [ 464.232278][ C0] Sending NMI from CPU 0 to CPUs 1: [ 464.232306][ C1] NMI backtrace for cpu 1 [ 464.232319][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 464.232337][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 464.232348][ C1] RIP: 0010:mm_get_cid+0xab/0x130 [ 464.232368][ C1] Code: 41 5c 41 5d 41 5e 41 5f 5d e9 91 68 35 09 cc 49 c7 c5 c8 24 00 8d 49 c1 ed 03 bd 00 00 00 80 eb 07 44 89 f0 f7 d8 71 d4 f3 90 <43> 0f b6 44 25 00 84 c0 75 41 44 8b 3d 0c 07 6e 0b 48 89 df 4c 89 [ 464.232383][ C1] RSP: 0018:ffffc900001d7b88 EFLAGS: 00000887 [ 464.232397][ C1] RAX: 0000000080000000 RBX: ffff8880360c5890 RCX: 1ffff11004d97e0c [ 464.232410][ C1] RDX: 0000000000000002 RSI: 0000000000000002 RDI: ffff8880360c5890 [ 464.232421][ C1] RBP: 0000000080000000 R08: 0000000000000000 R09: 0000000000000000 [ 464.232431][ C1] R10: dffffc0000000000 R11: ffffed1006c18ae3 R12: dffffc0000000000 [ 464.232445][ C1] R13: 1ffffffff1a00499 R14: 0000000080000000 R15: 0000000000000002 [ 464.232457][ C1] FS: 0000000000000000(0000) GS:ffff888126e69000(0000) knlGS:0000000000000000 [ 464.232477][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 464.232489][ C1] CR2: 00007f1b9c9bcf98 CR3: 0000000052208000 CR4: 00000000003526f0 [ 464.232504][ C1] Call Trace: [ 464.232511][ C1] [ 464.232521][ C1] __schedule+0x2153/0x50a0 [ 464.232583][ C1] ? do_raw_spin_unlock+0x122/0x240 [ 464.232626][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 464.232681][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 464.232733][ C1] ? __pfx___schedule+0x10/0x10 [ 464.232757][ C1] ? flush_smp_call_function_queue+0x118/0x250 [ 464.232777][ C1] ? __pfx_flush_smp_call_function_queue+0x10/0x10 [ 464.232796][ C1] ? tick_nohz_idle_exit+0x362/0x470 [ 464.232817][ C1] ? __pfx_tick_nohz_idle_exit+0x10/0x10 [ 464.232841][ C1] schedule_idle+0x52/0x90 [ 464.232864][ C1] do_idle+0x4b3/0x520 [ 464.232880][ C1] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 464.232898][ C1] ? lockdep_hardirqs_on+0x98/0x140 [ 464.232923][ C1] ? __pfx_do_idle+0x10/0x10 [ 464.232944][ C1] ? do_idle+0xc/0x520 [ 464.232960][ C1] cpu_startup_entry+0x44/0x60 [ 464.232976][ C1] start_secondary+0x101/0x110 [ 464.232992][ C1] common_startup_64+0x13e/0x147 [ 464.233022][ C1] [ 596.317156][ C0] watchdog: BUG: soft lockup - CPU#0 stuck for 226s! [syz-executor:5801] [ 596.317193][ C0] Modules linked in: [ 596.317207][ C0] irq event stamp: 2055318 [ 596.317213][ C0] hardirqs last enabled at (2055317): [] irqentry_exit+0x5dd/0x660 [ 596.317237][ C0] hardirqs last disabled at (2055318): [] sysvec_apic_timer_interrupt+0xe/0xc0 [ 596.317262][ C0] softirqs last enabled at (2003834): [] __local_bh_enable_ip+0x1b3/0x2e0 [ 596.317282][ C0] softirqs last disabled at (2003828): [] release_sock+0x2f/0x210 [ 596.317308][ C0] CPU: 0 UID: 0 PID: 5801 Comm: syz-executor Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 596.317326][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 596.317337][ C0] RIP: 0010:smp_call_function_many_cond+0xec1/0x12b0 [ 596.317355][ C0] Code: 45 8b 2c 24 44 89 ee 83 e6 01 31 ff e8 f8 97 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 33 93 0b 00 eb 38 f3 90 <42> 0f b6 04 2b 84 c0 75 11 41 f7 04 24 01 00 00 00 74 1e e8 17 93 [ 596.317368][ C0] RSP: 0018:ffffc900045c7580 EFLAGS: 00000293 [ 596.317381][ C0] RAX: ffffffff81b46959 RBX: 1ffff11017128525 RCX: ffff888033f5dac0 [ 596.317392][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 596.317401][ C0] RBP: ffffc900045c7700 R08: 0000000000000000 R09: 0000000000000000 [ 596.317410][ C0] R10: dffffc0000000000 R11: fffffbfff1db3a4f R12: ffff8880b8942928 [ 596.317422][ C0] R13: dffffc0000000000 R14: ffff8880b883c780 R15: 0000000000000001 [ 596.317432][ C0] FS: 000055557ea51500(0000) GS:ffff888126d69000(0000) knlGS:0000000000000000 [ 596.317445][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 596.317455][ C0] CR2: 00007f9601365d58 CR3: 000000004bd48000 CR4: 00000000003526f0 [ 596.317468][ C0] Call Trace: [ 596.317478][ C0] [ 596.317492][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 596.317520][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 596.317540][ C0] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 596.317561][ C0] ? lockdep_hardirqs_on+0x98/0x140 [ 596.317583][ C0] ? rcu_is_watching+0x15/0xb0 [ 596.317599][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 596.317618][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 596.317636][ C0] flush_tlb_mm_range+0x6b1/0x1280 [ 596.317663][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 596.317686][ C0] ? __pfx_flush_tlb_mm_range+0x10/0x10 [ 596.317706][ C0] ? dup_mmap+0x15a2/0x1ae0 [ 596.317735][ C0] dup_mmap+0x15bb/0x1ae0 [ 596.317767][ C0] ? __pfx_dup_mmap+0x10/0x10 [ 596.317801][ C0] copy_mm+0x13c/0x4b0 [ 596.317820][ C0] copy_process+0x1665/0x3960 [ 596.317846][ C0] ? copy_process+0x915/0x3960 [ 596.317869][ C0] ? __pfx_copy_process+0x10/0x10 [ 596.317894][ C0] kernel_clone+0x21d/0x7a0 [ 596.317914][ C0] ? __pfx_kernel_clone+0x10/0x10 [ 596.317938][ C0] ? lock_vma_under_rcu+0xec/0x4a0 [ 596.317966][ C0] __x64_sys_clone+0x18b/0x1e0 [ 596.317986][ C0] ? __pfx___x64_sys_clone+0x10/0x10 [ 596.318021][ C0] ? do_syscall_64+0xbe/0xf80 [ 596.318037][ C0] do_syscall_64+0xfa/0xf80 [ 596.318052][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.318067][ C0] ? clear_bhb_loop+0x60/0xb0 [ 596.318084][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.318098][ C0] RIP: 0033:0x7fe043345e93 [ 596.318114][ C0] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00 [ 596.318125][ C0] RSP: 002b:00007fff6d5461e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 596.318140][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe043345e93 [ 596.318150][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 596.318158][ C0] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 [ 596.318167][ C0] R10: 000055557ea517d0 R11: 0000000000000246 R12: 0000000000000000 [ 596.318176][ C0] R13: 00000000000927c0 R14: 00000000000579e0 R15: 00007fff6d546380 [ 596.318200][ C0] [ 596.318206][ C0] Sending NMI from CPU 0 to CPUs 1: [ 596.318234][ C1] NMI backtrace for cpu 1 [ 596.318246][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 596.318265][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 596.318275][ C1] RIP: 0010:mm_get_cid+0xb1/0x130 [ 596.318296][ C1] Code: 41 5f 5d e9 91 68 35 09 cc 49 c7 c5 c8 24 00 8d 49 c1 ed 03 bd 00 00 00 80 eb 07 44 89 f0 f7 d8 71 d4 f3 90 43 0f b6 44 25 00 <84> c0 75 41 44 8b 3d 0c 07 6e 0b 48 89 df 4c 89 fe e8 49 d5 e7 02 [ 596.318310][ C1] RSP: 0018:ffffc900001d7b88 EFLAGS: 00000887 [ 596.318324][ C1] RAX: 0000000000000000 RBX: ffff8880360c5890 RCX: 1ffff11004d97e0c [ 596.318336][ C1] RDX: 0000000000000002 RSI: 0000000000000002 RDI: ffff8880360c5890 [ 596.318348][ C1] RBP: 0000000080000000 R08: 0000000000000000 R09: 0000000000000000 [ 596.318359][ C1] R10: dffffc0000000000 R11: ffffed1006c18ae3 R12: dffffc0000000000 [ 596.318372][ C1] R13: 1ffffffff1a00499 R14: 0000000080000000 R15: 0000000000000002 [ 596.318385][ C1] FS: 0000000000000000(0000) GS:ffff888126e69000(0000) knlGS:0000000000000000 [ 596.318399][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 596.318423][ C1] CR2: 00007f1b9c9bcf98 CR3: 0000000052208000 CR4: 00000000003526f0 [ 596.318438][ C1] Call Trace: [ 596.318445][ C1] [ 596.318454][ C1] __schedule+0x2153/0x50a0 [ 596.318515][ C1] ? do_raw_spin_unlock+0x122/0x240 [ 596.318559][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 596.318614][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 596.318677][ C1] ? __pfx___schedule+0x10/0x10 [ 596.318731][ C1] ? flush_smp_call_function_queue+0x118/0x250 [ 596.318773][ C1] ? __pfx_flush_smp_call_function_queue+0x10/0x10 [ 596.318814][ C1] ? tick_nohz_idle_exit+0x362/0x470 [ 596.318858][ C1] ? __pfx_tick_nohz_idle_exit+0x10/0x10 [ 596.318911][ C1] schedule_idle+0x52/0x90 [ 596.318960][ C1] do_idle+0x4b3/0x520 [ 596.318978][ C1] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 596.318995][ C1] ? lockdep_hardirqs_on+0x98/0x140 [ 596.319021][ C1] ? __pfx_do_idle+0x10/0x10 [ 596.319041][ C1] ? do_idle+0xc/0x520 [ 596.319058][ C1] cpu_startup_entry+0x44/0x60 [ 596.319074][ C1] start_secondary+0x101/0x110 [ 596.319090][ C1] common_startup_64+0x13e/0x147 [ 596.319120][ C1] [ 596.319234][ C0] Kernel panic - not syncing: softlockup: hung tasks [ 596.319247][ C0] CPU: 0 UID: 0 PID: 5801 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 596.319267][ C0] Tainted: [L]=SOFTLOCKUP [ 596.319273][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 596.319282][ C0] Call Trace: [ 596.319288][ C0] [ 596.319294][ C0] dump_stack_lvl+0x99/0x250 [ 596.319312][ C0] ? __asan_memcpy+0x40/0x70 [ 596.319327][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 596.319345][ C0] ? __pfx__printk+0x10/0x10 [ 596.319376][ C0] vpanic+0x237/0x6d0 [ 596.319394][ C0] ? __pfx_vpanic+0x10/0x10 [ 596.319410][ C0] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 596.319433][ C0] panic+0xb9/0xc0 [ 596.319450][ C0] ? __pfx_panic+0x10/0x10 [ 596.319466][ C0] ? printk_trigger_flush+0x111/0x170 [ 596.319496][ C0] watchdog_timer_fn+0x832/0x840 [ 596.319516][ C0] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 596.319533][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 596.319554][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 596.319574][ C0] ? debug_object_deactivate+0x6d/0x360 [ 596.319597][ C0] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 596.319612][ C0] __hrtimer_run_queues+0x4f6/0xd00 [ 596.319641][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 596.319655][ C0] ? read_tsc+0x9/0x20 [ 596.319676][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 596.319702][ C0] hrtimer_interrupt+0x45d/0xa90 [ 596.319738][ C0] __sysvec_apic_timer_interrupt+0x102/0x3e0 [ 596.319758][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 596.319778][ C0] [ 596.319783][ C0] [ 596.319790][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 596.319805][ C0] RIP: 0010:smp_call_function_many_cond+0xec1/0x12b0 [ 596.319822][ C0] Code: 45 8b 2c 24 44 89 ee 83 e6 01 31 ff e8 f8 97 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 33 93 0b 00 eb 38 f3 90 <42> 0f b6 04 2b 84 c0 75 11 41 f7 04 24 01 00 00 00 74 1e e8 17 93 [ 596.319834][ C0] RSP: 0018:ffffc900045c7580 EFLAGS: 00000293 [ 596.319846][ C0] RAX: ffffffff81b46959 RBX: 1ffff11017128525 RCX: ffff888033f5dac0 [ 596.319857][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 596.319866][ C0] RBP: ffffc900045c7700 R08: 0000000000000000 R09: 0000000000000000 [ 596.319876][ C0] R10: dffffc0000000000 R11: fffffbfff1db3a4f R12: ffff8880b8942928 [ 596.319887][ C0] R13: dffffc0000000000 R14: ffff8880b883c780 R15: 0000000000000001 [ 596.319904][ C0] ? smp_call_function_many_cond+0xed9/0x12b0 [ 596.319931][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 596.319957][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 596.319983][ C0] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 596.320005][ C0] ? lockdep_hardirqs_on+0x98/0x140 [ 596.320027][ C0] ? rcu_is_watching+0x15/0xb0 [ 596.320043][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 596.320062][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 596.320080][ C0] flush_tlb_mm_range+0x6b1/0x1280 [ 596.320106][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 596.320129][ C0] ? __pfx_flush_tlb_mm_range+0x10/0x10 [ 596.320150][ C0] ? dup_mmap+0x15a2/0x1ae0 [ 596.320174][ C0] dup_mmap+0x15bb/0x1ae0 [ 596.320206][ C0] ? __pfx_dup_mmap+0x10/0x10 [ 596.320241][ C0] copy_mm+0x13c/0x4b0 [ 596.320260][ C0] copy_process+0x1665/0x3960 [ 596.320286][ C0] ? copy_process+0x915/0x3960 [ 596.320309][ C0] ? __pfx_copy_process+0x10/0x10 [ 596.320335][ C0] kernel_clone+0x21d/0x7a0 [ 596.320354][ C0] ? __pfx_kernel_clone+0x10/0x10 [ 596.320378][ C0] ? lock_vma_under_rcu+0xec/0x4a0 [ 596.320403][ C0] __x64_sys_clone+0x18b/0x1e0 [ 596.320423][ C0] ? __pfx___x64_sys_clone+0x10/0x10 [ 596.320458][ C0] ? do_syscall_64+0xbe/0xf80 [ 596.320474][ C0] do_syscall_64+0xfa/0xf80 [ 596.320488][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.320502][ C0] ? clear_bhb_loop+0x60/0xb0 [ 596.320520][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.320534][ C0] RIP: 0033:0x7fe043345e93 [ 596.320546][ C0] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00 [ 596.320558][ C0] RSP: 002b:00007fff6d5461e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 596.320572][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe043345e93 [ 596.320582][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 596.320591][ C0] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 [ 596.320600][ C0] R10: 000055557ea517d0 R11: 0000000000000246 R12: 0000000000000000 [ 596.320609][ C0] R13: 00000000000927c0 R14: 00000000000579e0 R15: 00007fff6d546380 [ 596.320633][ C0] [ 597.431337][ C0] Shutting down cpus with NMI [ 597.431690][ C0] Kernel Offset: disabled