last executing test programs: 14m4.02472959s ago: executing program 4 (id=3608): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x0, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}, @flat=@binder={0x73622a85, 0x10b}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000880)={@fd={0x66642a85, 0x0, r2}, @flat=@handle={0x73682a85, 0x1000, 0x3}, @ptr={0x77682a85, 0x0, 0x0, 0x0, 0x2, 0x19}}, &(0x7f0000000380)={0x0, 0x18, 0x30}}, 0x400}], 0x0, 0x0, 0x0}) 14m3.835150782s ago: executing program 4 (id=3611): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'veth0_vlan\x00', &(0x7f0000000000)=@ethtool_coalesce={0x26, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x3, 0x4000, 0x0, 0x810, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x10000}}) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000013c0)={0x200, 0x2, 0x2, {0x5, @vbi={0xb5, 0x0, 0x3, 0x20363159, [0x0, 0x8000000], [0x8200, 0x1]}}, 0x4}) ioctl$VIDIOC_QBUF(r0, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "230700dd"}, 0xffffffff, 0x2, {}, 0x1c000}) 14m3.768089687s ago: executing program 4 (id=3612): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000000)={0x4fc0, 0x80, 0x6, 0x0, 0x8, 0x80, 0x7}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x16, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) syz_open_dev$sg(&(0x7f00000060c0), 0xffffffff, 0x8002) syz_init_net_socket$rose(0xb, 0x5, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4007fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1, 0x0, 0x7}, 0x18) openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x2002, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newtaction={0xd8, 0x30, 0x401, 0x0, 0x0, {}, [{0xc4, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x7c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x52, 0x6, "d8f195109eca43e24feb4a8813f9ac6d6d39c9ebe9a80bcd00b38ecc713449b747214140f06ce9a8c1cf27b01655777c76fbc86741641520d583a73c8aaf72e123f9741caf1e98eb581ba0afcaed"}, {0xc}, {0xc}}}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x4) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000300)={0x0, 0x3f00, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0) openat$audio(0xffffff9c, &(0x7f00000004c0), 0x800, 0x0) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r6, 0xffffffffffffffff, 0x0) 14m2.053256555s ago: executing program 4 (id=3616): landlock_create_ruleset(&(0x7f0000000340)={0x1266, 0x2, 0x2}, 0x18, 0x3) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe0}, {0xffff, 0xffff}, {0xd}}, [@TCA_EGRESS_BLOCK={0x8}]}, 0x2c}}, 0x60040004) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) bind$can_raw(0xffffffffffffffff, &(0x7f00000001c0), 0xffffffffffffffe2) sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xfffffe67, &(0x7f0000000200)={&(0x7f0000000240)=@can={{}, 0x0, 0x0, 0x0, 0x0, "f201001600000003"}, 0x10}, 0x1, 0x0, 0x0, 0x804}, 0x20000880) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) sendmsg$nl_route_sched(r0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$loop(0x0, 0x3, 0x10000) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x9}, 0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000000)={@local}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r3, 0x7af, &(0x7f0000000080)={@hyper, 0x2}) r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000240)={@hyper}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r4, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) close_range(r2, 0xffffffffffffffff, 0x0) 14m1.414716937s ago: executing program 4 (id=3617): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$unix(0x1, 0x5, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) 14m0.143064911s ago: executing program 4 (id=3622): r0 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)={0x44, 0x2, 0x6, 0x3, 0x0, 0x0, {0xd}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x44}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10040057}, 0x240008c4) 13m44.00363981s ago: executing program 32 (id=3622): r0 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)={0x44, 0x2, 0x6, 0x3, 0x0, 0x0, {0xd}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x44}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10040057}, 0x240008c4) 13m5.671425286s ago: executing program 2 (id=3780): bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet6(0xa, 0x2, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x4e, &(0x7f0000000300)={@local, @empty, @val={@void, {0x8100, 0x3, 0x0, 0x3}}, {@ipv6={0x86dd, @tcp={0x0, 0x6, "00a735", 0x14, 0x2f, 0x0, @loopback, @local, {[], {{0x0, 0x4e24, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) 13m4.519969279s ago: executing program 2 (id=3781): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_open_dev$tty1(0xc, 0x4, 0x4) syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x2100) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close(0xffffffffffffffff) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='erofs\x00', 0x0, 0x0) 13m3.082916837s ago: executing program 2 (id=3783): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000001c0)={0x0, 0x0}, 0x10) write(0xffffffffffffffff, &(0x7f0000000000)="09000000010000", 0x7) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'veth0_vlan\x00', &(0x7f0000000000)=@ethtool_coalesce={0x26, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x3, 0x4000, 0x0, 0x810, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x10000}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000280)={0x0, 0x80, "1adad9", 0x9, 0xb2}) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xe3d08660d3cd4684, 0x1}) waitid(0x1, r1, &(0x7f0000000480), 0x1, &(0x7f0000000500)) process_vm_writev(0x0, &(0x7f00000005c0)=[{&(0x7f00000006c0)=""/220, 0xdc}, {&(0x7f0000000080)=""/33, 0x21}, {&(0x7f00000007c0)=""/241, 0xf1}, {&(0x7f0000000340)=""/47, 0x2f}, {&(0x7f00000008c0)=""/231, 0xe7}], 0x5, &(0x7f0000000ec0)=[{&(0x7f00000009c0)=""/205, 0xcd}, {&(0x7f0000000ac0)=""/212, 0xd4}, {&(0x7f0000000bc0)=""/78, 0x4e}, {&(0x7f00000014c0)=""/4095, 0xfff}, {&(0x7f0000000c40)=""/183, 0xb7}, {&(0x7f0000000d00)=""/243, 0xf3}, {&(0x7f0000000e00)=""/131, 0x83}, {&(0x7f0000000380)}], 0x8, 0x0) add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000002c0)="f5", 0x30, 0xfffffffffffffffe) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, 0x0, &(0x7f00000000c0)=""/83, 0x53, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000013c0)={0x200, 0x2, 0x2, {0x5, @vbi={0xb5, 0x0, 0x3, 0x20363159, [0x0, 0x8000000], [0x8200, 0x1]}}, 0x4}) ioctl$VIDIOC_QBUF(r0, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "230700dd"}, 0xffffffff, 0x2, {}, 0x1c000}) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000008001b"], 0x34}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) 13m1.844711541s ago: executing program 2 (id=3785): landlock_create_ruleset(&(0x7f0000000340)={0x1266, 0x2, 0x2}, 0x18, 0x3) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe0}, {0xffff, 0xffff}, {0xd}}, [@TCA_EGRESS_BLOCK={0x8}]}, 0x2c}}, 0x60040004) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) bind$can_raw(0xffffffffffffffff, &(0x7f00000001c0), 0xffffffffffffffe2) sendmsg$can_raw(0xffffffffffffffff, 0x0, 0x20000880) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) sendmsg$nl_route_sched(r0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$loop(0x0, 0x3, 0x10000) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x9}, 0x20) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000000)={@local}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r3, 0x7af, &(0x7f0000000080)={@hyper, 0x2}) r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000240)={@hyper}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r4, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) close_range(r2, 0xffffffffffffffff, 0x0) 13m1.404128426s ago: executing program 2 (id=3786): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x305200, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0x1, 0xc5, 0xe23, 0x1, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x8080) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0x9}, {0xffe6, 0xb}, {0xffe0, 0x14}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x38, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xf, 0x2, 0xe, 0x7, 0x7fff, 0x38f7}, {0x9, 0x1, 0x0, 0xfffe, 0x8, 0x401}, 0xf, 0x80000001, 0x210e}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xee3ce641f2ef5769}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 12m59.15045364s ago: executing program 2 (id=3792): bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBENT(r0, 0x4b47, &(0x7f0000000200)={0x1, 0x75, 0x1}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_RTOINFO(r4, 0x84, 0x0, &(0x7f0000000100)={0x0, 0x4, 0x0, 0x1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) removexattr(0x0, 0x0) setsockopt(r2, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) r5 = openat$comedi(0xffffff9c, &(0x7f0000000080)='/dev/comedi1\x00', 0x2180, 0x0) ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f0000000300)={'aio_aio12_8\x00', [0x2f04, 0x5, 0xd09d, 0xfff7ffff, 0x2d6, 0xfffffffe, 0x20000044, 0x6, 0xffd, 0x9, 0xc, 0x1001, 0x9, 0x3, 0xfffc, 0x5, 0x8, 0x4000000b, 0x830, 0x30000, 0xf4, 0x2, 0x800, 0xe2db, 0x9, 0x4000d, 0x7, 0x3, 0x4, 0x5, 0x70f]}) ioctl$COMEDI_INSN(r5, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x92ff, 0x0, 0x0, 0x4}) sendto$inet6(r2, &(0x7f0000000400)="cd", 0x1, 0x8010, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback, 0xfffffffe}, 0x1c) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x1, &(0x7f00000002c0)=[{0x6, 0x1, 0xe, 0x7ffffffe}]}) shutdown(r2, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x6, 0x5, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x20000004, &(0x7f0000000040)={0xffffffffffffffff}, 0x2, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xf, @empty, 0x2}, {0xa, 0x4e23, 0x0, @remote, 0x3}, r6, 0x7}}, 0x48) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0), 0x2, 0x9}}, 0x20) 12m43.570086426s ago: executing program 33 (id=3792): bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBENT(r0, 0x4b47, &(0x7f0000000200)={0x1, 0x75, 0x1}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_RTOINFO(r4, 0x84, 0x0, &(0x7f0000000100)={0x0, 0x4, 0x0, 0x1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) removexattr(0x0, 0x0) setsockopt(r2, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) r5 = openat$comedi(0xffffff9c, &(0x7f0000000080)='/dev/comedi1\x00', 0x2180, 0x0) ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f0000000300)={'aio_aio12_8\x00', [0x2f04, 0x5, 0xd09d, 0xfff7ffff, 0x2d6, 0xfffffffe, 0x20000044, 0x6, 0xffd, 0x9, 0xc, 0x1001, 0x9, 0x3, 0xfffc, 0x5, 0x8, 0x4000000b, 0x830, 0x30000, 0xf4, 0x2, 0x800, 0xe2db, 0x9, 0x4000d, 0x7, 0x3, 0x4, 0x5, 0x70f]}) ioctl$COMEDI_INSN(r5, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x92ff, 0x0, 0x0, 0x4}) sendto$inet6(r2, &(0x7f0000000400)="cd", 0x1, 0x8010, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback, 0xfffffffe}, 0x1c) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x1, &(0x7f00000002c0)=[{0x6, 0x1, 0xe, 0x7ffffffe}]}) shutdown(r2, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x6, 0x5, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x20000004, &(0x7f0000000040)={0xffffffffffffffff}, 0x2, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xf, @empty, 0x2}, {0xa, 0x4e23, 0x0, @remote, 0x3}, r6, 0x7}}, 0x48) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0), 0x2, 0x9}}, 0x20) 6m35.604826232s ago: executing program 0 (id=4446): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) signalfd(r1, &(0x7f0000000040)={[0xd]}, 0x8) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xfffffecc) splice(0xffffffffffffffff, 0x0, r2, 0x0, 0x7fff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = socket$inet_udp(0x2, 0x2, 0x0) recvmsg(r4, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x40000100) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x4000, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e24, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa845942824251d7d17b5191584bcd4fbe40a23424d00", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"b3472eb9cd42d2030000002000", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'ip6tnl0\x00', &(0x7f0000000040)=@ethtool_ts_info}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000200000000"], 0x0, 0x3}, 0x94) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 6m34.397508609s ago: executing program 0 (id=4447): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000001c0)={0x0, 0x0}, 0x10) write(0xffffffffffffffff, &(0x7f0000000000)="09000000010000", 0x7) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'veth0_vlan\x00', &(0x7f0000000000)=@ethtool_coalesce={0x26, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x3, 0x4000, 0x0, 0x810, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x10000}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000280)={0x0, 0x80, "1adad9", 0x9, 0xb2}) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xe3d08660d3cd4684, 0x1}) waitid(0x1, r1, &(0x7f0000000480), 0x1, &(0x7f0000000500)) process_vm_writev(0x0, &(0x7f00000005c0)=[{&(0x7f00000006c0)=""/220, 0xdc}, {&(0x7f0000000080)=""/33, 0x21}, {&(0x7f00000007c0)=""/241, 0xf1}, {&(0x7f0000000340)=""/47, 0x2f}, {&(0x7f00000008c0)=""/231, 0xe7}], 0x5, &(0x7f0000000ec0)=[{&(0x7f00000009c0)=""/205, 0xcd}, {&(0x7f0000000ac0)=""/212, 0xd4}, {&(0x7f0000000bc0)=""/78, 0x4e}, {&(0x7f00000014c0)=""/4095, 0xfff}, {&(0x7f0000000c40)=""/183, 0xb7}, {&(0x7f0000000d00)=""/243, 0xf3}, {&(0x7f0000000e00)=""/131, 0x83}, {&(0x7f0000000380)}], 0x8, 0x0) add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000002c0)="f5", 0x30, 0xfffffffffffffffe) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, 0x0, &(0x7f00000000c0)=""/83, 0x53, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000013c0)={0x200, 0x2, 0x2, {0x5, @vbi={0xb5, 0x0, 0x3, 0x20363159, [0x0, 0x8000000], [0x8200, 0x1]}}, 0x4}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x5d, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYRES32], 0x20}, 0x1, 0x0, 0x0, 0x20000824}, 0x20004000) ioctl$VIDIOC_QBUF(r0, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "230700dd"}, 0xffffffff, 0x2, {}, 0x1c000}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000008001b"], 0x34}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) 6m31.242543348s ago: executing program 0 (id=4450): syz_usb_connect(0x2, 0x24, &(0x7f0000000500)=ANY=[@ANYBLOB="120100000914c21047050102be06010203010902120001000010000909bef900860dc4eacd79cc82e15033662ce4e5dc59dd857baf4bedb527bf160000000000010001441500000000f8de7260576f49867e23942ecde821f50acfa281dae1de6b37266f8beb69db3e3311fd692f975ad184d3ecec78fa4d1d223572ec317cebecd7af6c3f3d5b144033dd89eb7de9e44b65d0e7ce05e161162bf0dd2d9078bb340100ea343f66b5f8570173a718650000bf29f7"], 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x84}}, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000200), 0x4049a0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x101002, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae79b8cd3292ea44c7beef915d564c90c200", 0x18) r6 = socket$kcm(0x2, 0x1, 0x2) sendmsg$inet(r6, 0x0, 0x4008804) mount(&(0x7f0000000480)=@nullb, &(0x7f0000000500)='./cgroup\x00', &(0x7f0000000040)='efs\x00', 0x208000, 0x0) r7 = accept4(r5, 0x0, 0x0, 0x0) recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x20000253) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) ioctl$KVM_GET_NESTED_STATE(r4, 0xc080aebe, &(0x7f000000a100)={{0x6, 0x0, 0x80, {0xeeef0000, 0x100000, 0x2}}, "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000015587265000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900"}) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x911c00, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x7) ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, &(0x7f0000000140)={'dmm32at\x00', [0x3, 0x3, 0x525, 0x884e1, 0x2f, 0x2007, 0x7, 0x401, 0x80ffa, 0x7, 0x4, 0x8500, 0x1001, 0x1002004, 0x5, 0x8, 0xffffffa8, 0x7ffffffd, 0x1ff, 0xe08e, 0x10, 0x40000, 0x8, 0xe2df, 0x9, 0x9, 0x200, 0x3, 0x0, 0x9, 0x7fff]}) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x36) 6m26.865703941s ago: executing program 0 (id=4453): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = syz_io_uring_setup(0xbdc, 0x0, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000200)) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000040)=0x1) 6m26.615505566s ago: executing program 0 (id=4454): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) fanotify_init(0xf00, 0x1000) syz_pidfd_open(0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x10}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xac}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 6m25.392938748s ago: executing program 0 (id=4455): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$unix(0x1, 0x2, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) prlimit64(r4, 0x8, &(0x7f0000000080)={0x3}, &(0x7f0000000180)) r5 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000) ioctl$VIDIOC_S_TUNER(r5, 0x4054561e, &(0x7f00000000c0)={0xfffffffe, "aaac2fc62068cbe3d2b1683418428e30f72ee47b6a43b0c44495b586815e9ccb", 0x1, 0x1, 0x7, 0xffffffff, 0x8, 0x3, 0x7fffffff, 0x58da65dc}) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x44, r2, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x44}, 0x1, 0x0, 0x0, 0x91}, 0x24044884) 6m10.119599171s ago: executing program 34 (id=4455): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$unix(0x1, 0x2, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) prlimit64(r4, 0x8, &(0x7f0000000080)={0x3}, &(0x7f0000000180)) r5 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000) ioctl$VIDIOC_S_TUNER(r5, 0x4054561e, &(0x7f00000000c0)={0xfffffffe, "aaac2fc62068cbe3d2b1683418428e30f72ee47b6a43b0c44495b586815e9ccb", 0x1, 0x1, 0x7, 0xffffffff, 0x8, 0x3, 0x7fffffff, 0x58da65dc}) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x44, r2, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x44}, 0x1, 0x0, 0x0, 0x91}, 0x24044884) 10.701370714s ago: executing program 1 (id=4940): dup(0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x18, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x2}, {}, {}, [@printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5df6}}, @call={0x85, 0x0, 0x0, 0x75}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) r0 = getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b7030000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x7ddfdbdfafa51cdd, &(0x7f0000000100)={0xa, 0x4e23, 0x2, @loopback, 0xffffffff}, 0x1c) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000a00)=ANY=[@ANYRES32=r3, @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000850000005000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7020000040000008500000086000000bf91000000000000b7020000010000008500000085000000b70000000000008095"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r6}, 0x10) syz_kvm_setup_syzos_vm$x86(r4, &(0x7f0000bff000/0x400000)=nil) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@private2, 0x0, 0x2, 0x0, 0x2, 0x4101}, 0x0) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r8 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$SO_TIMESTAMPING(r8, 0x1, 0x25, &(0x7f0000000000)=0x6d93, 0x4) sendmsg$sock(r8, &(0x7f0000000780)={&(0x7f0000000300)=@in6={0xa, 0x4e25, 0x68, @ipv4={'\x00', '\xff\xff', @empty}, 0x2}, 0x80, 0x0, 0x0, &(0x7f0000000040)=[@mark={{0x14, 0x1, 0x51, 0xfffefffd}}], 0x18}, 0x4000000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="540000004800010928bd700018dcdf250a000100", @ANYBLOB="0000000014000100fe80000000000000000000000000001f14000100fe8000000000000000000000000000bb080002"], 0x54}}, 0x0) ioctl$FS_IOC_GETFSLABEL(r7, 0x400452c8, &(0x7f0000000100)) 9.301051885s ago: executing program 1 (id=4944): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000240)=0x1) 9.153327668s ago: executing program 1 (id=4945): prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prlimit64(0x0, 0xe, &(0x7f0000000780)={0x9, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x9031, 0xffffffffffffffff, 0xe75f0000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r3 = socket(0x10, 0x803, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r5, {0x0, 0x8}, {0xffff, 0xffff}, {0xffe0, 0xfff3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x4}}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=@newtfilter={0x30, 0x2c, 0xd2b, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, {0xf}, {}, {0x2, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x4}}]}, 0x30}}, 0x24040084) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0}) write(r6, &(0x7f0000000000)="fa", 0xfffffdef) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000004c0)={0x0, 0x0}) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f00000017c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff7a1ef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40dddb51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88370d9ed9467b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42553ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca000000000000000000000509619f5f0cbc72eebc653946d3552236f0dfe485cfa71bd69f4ded6e131128c3875b785875addfcbd5931c12adbef75535e694f3a19f28f9f99fa32e8ff66e7b1ff674434fb63ba0e28aadccf77d387525c98e81476058c958eaccfa7d251d0671222dc9d06485f7f690d3d4227bd21bd7ff8338617705b7faec47c86789a488b43d0fedf1b0ee05d65c677ced1e8214b2f6cb74d73886eb"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffffa3, 0x0, 0xffffffffffffffff, 0x24}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x18) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) r8 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200), 0x1, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r8, 0x80083313, &(0x7f0000000240)) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r9}, 0x10) 10.989616ms ago: executing program 1 (id=4946): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x0, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}, @flat=@binder={0x73622a85, 0x10b}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000880)={@fd={0x66642a85, 0x0, r2}, @flat=@handle={0x73682a85, 0x1000, 0x3}, @ptr={0x70742a85, 0x0, 0x0, 0x58, 0x2, 0x19}}, &(0x7f0000000380)={0x0, 0x18, 0x30}}, 0x400}], 0x0, 0x0, 0x0}) 10.043871ms ago: executing program 3 (id=4947): socket$kcm(0x2, 0x3, 0x84) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) fcntl$dupfd(r0, 0x406, r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socket$key(0xf, 0x3, 0x2) syz_open_dev$ttys(0xc, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6(0xa, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$dri(0x0, 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{}, 0x0, &(0x7f0000000200)=r3}, 0x1e) ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r2], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)}) 6.164672ms ago: executing program 1 (id=4948): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r5], &(0x7f0000000180), 0x0, 0x0, 0x0, 0x1}) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) open(&(0x7f0000000040)='./file1\x00', 0x1a58c2, 0x14c) r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r6, 0x400, 0x0) fsetxattr$trusted_overlay_redirect(r6, &(0x7f0000000040), 0x0, 0x0, 0x0) 4.468446ms ago: executing program 3 (id=4949): open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000010000', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) 2.540762ms ago: executing program 3 (id=4950): r0 = fsopen(&(0x7f0000000000)='cgroup\x00', 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000280)) ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x200000000) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000040)=0x1) r2 = dup2(r1, r1) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x5) ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000100)=0xb0000) fcntl$dupfd(0xffffffffffffffff, 0x406, r0) socketpair$unix(0x1, 0x3, 0x0, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r3, 0xffffffffffffffff, 0x0) 2.014478ms ago: executing program 3 (id=4951): dup(0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x18, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x2}, {}, {}, [@printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5df6}}, @call={0x85, 0x0, 0x0, 0x75}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) r0 = getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b7030000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x7ddfdbdfafa51cdd, &(0x7f0000000100)={0xa, 0x4e23, 0x2, @loopback, 0xffffffff}, 0x1c) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000a00)=ANY=[@ANYRES32=r3, @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000850000005000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7020000040000008500000086000000bf91000000000000b7020000010000008500000085000000b70000000000008095"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r6}, 0x10) syz_kvm_setup_syzos_vm$x86(r4, &(0x7f0000bff000/0x400000)=nil) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@private2, 0x0, 0x2, 0x0, 0x2, 0x4101}, 0x0) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r8 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$SO_TIMESTAMPING(r8, 0x1, 0x25, &(0x7f0000000000)=0x6d93, 0x4) sendmsg$sock(r8, &(0x7f0000000780)={&(0x7f0000000300)=@in6={0xa, 0x4e25, 0x68, @ipv4={'\x00', '\xff\xff', @empty}, 0x2}, 0x80, 0x0, 0x0, &(0x7f0000000040)=[@mark={{0x14, 0x1, 0x51, 0xfffefffd}}], 0x18}, 0x4000000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="540000004800010928bd700018dcdf250a000100", @ANYBLOB="0000000014000100fe80000000000000000000000000001f14000100fe8000000000000000000000000000bb080002"], 0x54}}, 0x0) ioctl$FS_IOC_GETFSLABEL(r7, 0x400452c8, &(0x7f0000000100)) 1.130694ms ago: executing program 3 (id=4952): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000480), 0x400080) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000980)={0x400, 0x4, 0x0, 'queue1\x00', 0x7}) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_init_net_socket$x25(0x9, 0x5, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1) syz_emit_ethernet(0x7a, &(0x7f0000000540)=ANY=[@ANYBLOB="aaaaaa93aaaaaaaaaaaaaa008100200086dd60e400ff00403a00fe880000000000000000000000000001fe8000000060f0f0fd83aedf4c3800000000000000000000aa02009078000000006000000000801100fc00000000000000000000000000000000000000000000000000ffffac14140017c11d58674e624c1a146558aab57fffa228aeb319ee64f0f3dfd8913a11e7526f4cb97a19d996700d6f34789ea8260800000079bda0e2d542241a4d128ce7bff448645ace5ba6452a6664e0cbad6e64d781edc00ac6bed01593"], 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x400c045) r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(0xffffffffffffffff, 0x7a9, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x7, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x100001}, 0x50) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r4, r5, 0x26}, 0x10) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) ioctl$PPPIOCSACTIVE(0xffffffffffffffff, 0x40107446, &(0x7f0000000180)={0x4, &(0x7f0000000080)=[{0x1f3e, 0x81, 0x8, 0x8}, {0x12d, 0x30, 0x3, 0x8ff7}, {0xfffc, 0x7f, 0xd, 0x3ff2}, {0xab5f, 0x5, 0x2, 0x9}]}) close_range(r6, 0xffffffffffffffff, 0x0) 224.356µs ago: executing program 1 (id=4953): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x808}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r4, &(0x7f0000000140)={0x1d, r5, 0x1, {0x2, 0x1, 0x2}, 0xfd}, 0x18) bpf$MAP_LOOKUP_BATCH(0x1b, 0x0, 0x0) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0xb, &(0x7f00000001c0)=0x7, 0x4) 0s ago: executing program 3 (id=4954): r0 = dup(0xffffffffffffffff) ioctl$VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0) listen(r2, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) getsockopt$IP_SET_OP_GET_BYNAME(r1, 0x1, 0x53, &(0x7f0000000040)={0x6, 0x7, 'syz1\x00'}, &(0x7f0000000080)=0x28) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r4, &(0x7f0000032680)=""/102400, 0x19000) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSETMODE(r5, 0x4b3a, 0x1) ioctl$TCXONC(r5, 0x4b3a, 0x0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000002380)={0x1f, 0x0, 0x0, 0x0, 0xfdfffffe, 0x0, 0x0, 0x40f00, 0xd, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000340)={0x2020}, 0x2020) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000380)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x20000091) ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r0, 0x80184132, 0x0) mkdirat(r0, &(0x7f0000000100)='./file0\x00', 0x0) kernel console output (not intermixed with test programs): 00.334916][T17254] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1000.334931][T17254] usb 2-1: Product: syz [ 1000.334942][T17254] usb 2-1: Manufacturer: syz [ 1000.334953][T17254] usb 2-1: SerialNumber: syz [ 1000.380861][T17254] usb 2-1: config 0 descriptor?? [ 1000.557133][T16214] usb 4-1: new full-speed USB device number 85 using dummy_hcd [ 1000.670744][T14974] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1000.713849][T18901] bridge0: port 1(bridge_slave_0) entered blocking state [ 1000.714185][T18901] bridge0: port 1(bridge_slave_0) entered disabled state [ 1000.714963][T18901] bridge_slave_0: entered allmulticast mode [ 1000.750941][T18901] bridge_slave_0: entered promiscuous mode [ 1000.822240][T16214] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1000.847486][T16214] usb 4-1: Dual-Role OTG device on HNP port [ 1000.850508][T16214] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice= 6.be [ 1000.850543][T16214] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1000.850565][T16214] usb 4-1: Product: syz [ 1000.850581][T16214] usb 4-1: Manufacturer: syz [ 1000.850598][T16214] usb 4-1: SerialNumber: syz [ 1001.730830][T18901] bridge0: port 2(bridge_slave_1) entered blocking state [ 1001.732709][T18901] bridge0: port 2(bridge_slave_1) entered disabled state [ 1001.756162][T18901] bridge_slave_1: entered allmulticast mode [ 1001.810126][T18901] bridge_slave_1: entered promiscuous mode [ 1003.260348][T16214] usb 4-1: config 0 descriptor?? [ 1003.332786][ T50] usb 4-1: USB disconnect, device number 85 [ 1003.399175][T17254] usb 2-1: USB disconnect, device number 97 [ 1003.480717][T14974] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1003.673422][T19152] binder_alloc: 19151: binder_alloc_buf, no vma [ 1003.674143][T19152] binder: 19151:19152 ioctl c0306201 200000000240 returned -11 [ 1003.808568][T18901] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1003.973199][T14974] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1004.368493][T18910] bridge0: port 1(bridge_slave_0) entered blocking state [ 1004.368738][T18910] bridge0: port 1(bridge_slave_0) entered disabled state [ 1004.368914][T18910] bridge_slave_0: entered allmulticast mode [ 1004.371024][T18910] bridge_slave_0: entered promiscuous mode [ 1005.001285][T18901] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1005.443019][ T5975] libceph: connect (1)[c::]:6789 error -101 [ 1005.443225][ T5975] libceph: mon0 (1)[c::]:6789 connect error [ 1005.443782][ T5975] libceph: connect (1)[c::]:6789 error -101 [ 1005.443964][ T5975] libceph: mon0 (1)[c::]:6789 connect error [ 1005.468573][T18910] bridge0: port 2(bridge_slave_1) entered blocking state [ 1005.468714][T18910] bridge0: port 2(bridge_slave_1) entered disabled state [ 1005.468951][T18910] bridge_slave_1: entered allmulticast mode [ 1005.495687][T18910] bridge_slave_1: entered promiscuous mode [ 1005.641787][T19165] ceph: No mds server is up or the cluster is laggy [ 1005.736062][ T5975] libceph: connect (1)[c::]:6789 error -101 [ 1005.807308][ T5975] libceph: mon0 (1)[c::]:6789 connect error [ 1006.536691][T19031] bridge0: port 1(bridge_slave_0) entered blocking state [ 1006.537128][T19031] bridge0: port 1(bridge_slave_0) entered disabled state [ 1006.537430][T19031] bridge_slave_0: entered allmulticast mode [ 1006.564643][T19031] bridge_slave_0: entered promiscuous mode [ 1006.652148][T18901] team0: Port device team_slave_0 added [ 1006.652402][T19031] bridge0: port 2(bridge_slave_1) entered blocking state [ 1006.653631][T19031] bridge0: port 2(bridge_slave_1) entered disabled state [ 1006.653830][T19031] bridge_slave_1: entered allmulticast mode [ 1006.655715][T19031] bridge_slave_1: entered promiscuous mode [ 1006.657231][T17254] usb 4-1: new full-speed USB device number 86 using dummy_hcd [ 1006.702010][T18910] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1006.725207][T18901] team0: Port device team_slave_1 added [ 1006.777160][T17170] usb 2-1: new full-speed USB device number 98 using dummy_hcd [ 1006.812177][T18910] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1006.833106][T17254] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1006.846432][T17254] usb 4-1: Dual-Role OTG device on HNP port [ 1006.846826][T17254] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice= 6.be [ 1006.846854][T17254] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1006.846875][T17254] usb 4-1: Product: syz [ 1006.846891][T17254] usb 4-1: Manufacturer: syz [ 1006.882523][T17254] usb 4-1: SerialNumber: syz [ 1006.886386][T17254] usb 4-1: config 0 descriptor?? [ 1006.969369][T17170] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1006.971918][T17170] usb 2-1: Dual-Role OTG device on HNP port [ 1006.972190][T17170] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice= 6.be [ 1006.972209][T17170] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1006.972225][T17170] usb 2-1: Product: syz [ 1006.972236][T17170] usb 2-1: Manufacturer: syz [ 1006.972247][T17170] usb 2-1: SerialNumber: syz [ 1006.976110][T17170] usb 2-1: config 0 descriptor?? [ 1009.963744][T19031] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1010.645072][ T50] usb 2-1: USB disconnect, device number 98 [ 1010.672527][T18901] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1010.672548][T18901] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1010.674637][T18901] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1010.730010][T19031] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1010.742033][T18910] team0: Port device team_slave_0 added [ 1010.761757][T18901] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1010.761772][T18901] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1010.761794][T18901] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1010.945047][T18910] team0: Port device team_slave_1 added [ 1010.974751][T17254] usb 4-1: USB disconnect, device number 86 [ 1011.190831][T19031] team0: Port device team_slave_0 added [ 1011.717255][T19031] team0: Port device team_slave_1 added [ 1013.210890][T18910] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1013.210911][T18910] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1013.210941][T18910] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1013.298442][T14778] libceph: connect (1)[c::]:6789 error -101 [ 1013.298646][T14778] libceph: mon0 (1)[c::]:6789 connect error [ 1013.299183][T14778] libceph: connect (1)[c::]:6789 error -101 [ 1013.299364][T14778] libceph: mon0 (1)[c::]:6789 connect error [ 1013.420390][T19215] ceph: No mds server is up or the cluster is laggy [ 1013.637556][T14778] libceph: connect (1)[c::]:6789 error -101 [ 1013.744831][T14778] libceph: mon0 (1)[c::]:6789 connect error [ 1014.374107][T18910] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1014.374128][T18910] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1014.374170][T18910] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1014.431378][T18901] hsr_slave_0: entered promiscuous mode [ 1014.441240][T18901] hsr_slave_1: entered promiscuous mode [ 1014.449369][T18901] debugfs: 'hsr0' already exists in 'hsr' [ 1014.449398][T18901] Cannot create hsr debugfs directory [ 1014.810096][T14974] bridge_slave_1: left allmulticast mode [ 1014.810138][T14974] bridge_slave_1: left promiscuous mode [ 1014.810436][T14974] bridge0: port 2(bridge_slave_1) entered disabled state [ 1014.891416][T14974] bridge_slave_0: left allmulticast mode [ 1014.891441][T14974] bridge_slave_0: left promiscuous mode [ 1014.891677][T14974] bridge0: port 1(bridge_slave_0) entered disabled state [ 1014.983480][T14974] bridge_slave_1: left allmulticast mode [ 1014.983514][T14974] bridge_slave_1: left promiscuous mode [ 1014.983786][T14974] bridge0: port 2(bridge_slave_1) entered disabled state [ 1015.028693][T14974] bridge_slave_0: left allmulticast mode [ 1015.028726][T14974] bridge_slave_0: left promiscuous mode [ 1015.028994][T14974] bridge0: port 1(bridge_slave_0) entered disabled state [ 1015.102730][T14974] bridge_slave_1: left allmulticast mode [ 1015.102761][T14974] bridge_slave_1: left promiscuous mode [ 1015.103021][T14974] bridge0: port 2(bridge_slave_1) entered disabled state [ 1015.138462][T14974] bridge_slave_0: left allmulticast mode [ 1015.138487][T14974] bridge_slave_0: left promiscuous mode [ 1015.138695][T14974] bridge0: port 1(bridge_slave_0) entered disabled state [ 1015.327079][T18567] usb 4-1: new full-speed USB device number 87 using dummy_hcd [ 1015.482494][T18567] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1015.485633][T18567] usb 4-1: Dual-Role OTG device on HNP port [ 1015.485966][T18567] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice= 6.be [ 1015.485994][T18567] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1015.486018][T18567] usb 4-1: Product: syz [ 1015.486034][T18567] usb 4-1: Manufacturer: syz [ 1015.486058][T18567] usb 4-1: SerialNumber: syz [ 1015.505571][T18567] usb 4-1: config 0 descriptor?? [ 1019.247922][T14974] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1019.460383][ T5117] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1019.466753][ T5117] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1019.485788][ T5117] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1019.523037][ T5117] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1019.523947][ T5117] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1019.625419][T14974] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1019.669351][T16214] usb 4-1: USB disconnect, device number 87 [ 1019.746785][T14974] bond0 (unregistering): Released all slaves [ 1019.840522][ T5117] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1019.901734][ T5117] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1019.919116][ T5117] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1019.924956][ T5117] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1019.937691][ T5117] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1019.987229][T17254] usb 2-1: new full-speed USB device number 99 using dummy_hcd [ 1020.107844][T14974] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface [ 1020.140438][T17254] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1020.142945][T17254] usb 2-1: Dual-Role OTG device on HNP port [ 1020.143294][T17254] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice= 6.be [ 1020.143313][T17254] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1020.143328][T17254] usb 2-1: Product: syz [ 1020.143339][T17254] usb 2-1: Manufacturer: syz [ 1020.143351][T17254] usb 2-1: SerialNumber: syz [ 1020.152000][T17254] usb 2-1: config 0 descriptor?? [ 1020.239731][T14974] ip6gretap1 (unregistering): left promiscuous mode [ 1021.607124][ T5813] Bluetooth: hci1: command tx timeout [ 1022.017113][ T5813] Bluetooth: hci3: command tx timeout [ 1022.818107][T17254] usb 2-1: USB disconnect, device number 99 [ 1023.073389][T14778] libceph: connect (1)[c::]:6789 error -101 [ 1023.073596][T14778] libceph: mon0 (1)[c::]:6789 connect error [ 1023.074207][T14778] libceph: connect (1)[c::]:6789 error -101 [ 1023.074400][T14778] libceph: mon0 (1)[c::]:6789 connect error [ 1023.297709][T19261] ceph: No mds server is up or the cluster is laggy [ 1023.342722][T14778] libceph: connect (1)[c::]:6789 error -101 [ 1023.350678][T14778] libceph: mon0 (1)[c::]:6789 connect error [ 1023.721418][ T5813] Bluetooth: hci1: command tx timeout [ 1024.194605][ T5813] Bluetooth: hci3: command tx timeout [ 1025.876769][ T5813] Bluetooth: hci1: command tx timeout [ 1026.852387][ T5813] Bluetooth: hci3: command tx timeout [ 1028.747085][ T5813] Bluetooth: hci1: command tx timeout [ 1028.904736][ T5813] Bluetooth: hci3: command tx timeout [ 1029.267246][ T6050] usb 2-1: new full-speed USB device number 100 using dummy_hcd [ 1029.445206][ T6050] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1029.458260][ T6050] usb 2-1: Dual-Role OTG device on HNP port [ 1029.458543][ T6050] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice= 6.be [ 1029.458562][ T6050] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1029.458577][ T6050] usb 2-1: Product: syz [ 1029.458589][ T6050] usb 2-1: Manufacturer: syz [ 1029.458603][ T6050] usb 2-1: SerialNumber: syz [ 1029.463230][ T6050] usb 2-1: config 0 descriptor?? [ 1029.738859][T14974] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1030.081847][T14974] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1030.165074][T14974] bond0 (unregistering): Released all slaves [ 1031.836091][T14974] bond1 (unregistering): left promiscuous mode [ 1032.129147][T14974] team0: Port device macvlan3 removed [ 1032.170038][T14974] bond1 (unregistering): Released all slaves [ 1032.362809][T17254] usb 2-1: USB disconnect, device number 100 [ 1032.407971][T14974] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1032.547825][T14974] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1032.629330][T14974] bond0 (unregistering): Released all slaves [ 1032.751678][T19031] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1032.751697][T19031] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1032.751730][T19031] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1032.855551][T19031] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1032.855566][T19031] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1032.855587][T19031] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1032.901316][T17254] usb 2-1: new full-speed USB device number 101 using dummy_hcd [ 1033.069197][T17254] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1033.074269][T17254] usb 2-1: Dual-Role OTG device on HNP port [ 1033.074607][T17254] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice= 6.be [ 1033.074634][T17254] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1033.074656][T17254] usb 2-1: Product: syz [ 1033.074672][T17254] usb 2-1: Manufacturer: syz [ 1033.074689][T17254] usb 2-1: SerialNumber: syz [ 1033.140178][ T5890] libceph: connect (1)[c::]:6789 error -101 [ 1033.140360][ T5890] libceph: mon0 (1)[c::]:6789 connect error [ 1033.140888][ T5890] libceph: connect (1)[c::]:6789 error -101 [ 1033.141602][ T5890] libceph: mon0 (1)[c::]:6789 connect error [ 1033.187936][T17254] usb 2-1: config 0 descriptor?? [ 1033.297570][T19296] ceph: No mds server is up or the cluster is laggy [ 1033.648078][ T50] libceph: connect (1)[c::]:6789 error -101 [ 1033.675802][ T50] libceph: mon0 (1)[c::]:6789 connect error [ 1034.197668][ T50] libceph: connect (1)[c::]:6789 error -101 [ 1034.197900][ T50] libceph: mon0 (1)[c::]:6789 connect error [ 1035.816824][ T6050] usb 2-1: USB disconnect, device number 101 [ 1036.037702][T14974] tipc: Left network mode [ 1037.874232][T19031] hsr_slave_0: entered promiscuous mode [ 1037.875314][T19031] hsr_slave_1: entered promiscuous mode [ 1037.876021][T19031] debugfs: 'hsr0' already exists in 'hsr' [ 1037.876040][T19031] Cannot create hsr debugfs directory [ 1038.050743][ T6050] usb 4-1: new full-speed USB device number 88 using dummy_hcd [ 1038.207185][ T6050] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1038.210156][ T6050] usb 4-1: Dual-Role OTG device on HNP port [ 1038.210480][ T6050] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice= 6.be [ 1038.210507][ T6050] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1038.210530][ T6050] usb 4-1: Product: syz [ 1038.210546][ T6050] usb 4-1: Manufacturer: syz [ 1038.210563][ T6050] usb 4-1: SerialNumber: syz [ 1038.215978][ T6050] usb 4-1: config 0 descriptor?? [ 1040.498911][ T6050] usb 4-1: USB disconnect, device number 88 [ 1040.987115][T14974] hsr_slave_0: left promiscuous mode [ 1041.030276][T14974] hsr_slave_1: left promiscuous mode [ 1041.031095][T14974] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1041.062243][T14974] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1041.227155][T14974] hsr_slave_0: left promiscuous mode [ 1041.267237][T14974] hsr_slave_1: left promiscuous mode [ 1041.268380][T14974] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1041.268409][T14974] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1041.311832][T14974] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1041.311863][T14974] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1041.498599][ T6050] usb 4-1: new high-speed USB device number 89 using dummy_hcd [ 1041.507135][T14974] hsr_slave_0: left promiscuous mode [ 1041.528787][T14974] hsr_slave_1: left promiscuous mode [ 1041.530493][T14974] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1041.578385][T14974] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1041.629702][ T6050] usb 4-1: device descriptor read/64, error -71 [ 1041.725482][T14974] veth0_to_bridge: left promiscuous mode [ 1041.725827][T14974] veth1_macvtap: left promiscuous mode [ 1041.725922][T14974] veth0_macvtap: left promiscuous mode [ 1041.726117][T14974] veth1_vlan: left promiscuous mode [ 1041.726238][T14974] veth0_vlan: left promiscuous mode [ 1041.867165][T17254] usb 2-1: new full-speed USB device number 102 using dummy_hcd [ 1041.877101][ T6050] usb 4-1: new high-speed USB device number 90 using dummy_hcd [ 1042.007181][ T6050] usb 4-1: device descriptor read/64, error -71 [ 1042.019592][T17254] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1042.023771][T17254] usb 2-1: Dual-Role OTG device on HNP port [ 1042.024109][T17254] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice= 6.be [ 1042.024136][T17254] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1042.024158][T17254] usb 2-1: Product: syz [ 1042.024174][T17254] usb 2-1: Manufacturer: syz [ 1042.024189][T17254] usb 2-1: SerialNumber: syz [ 1042.076507][T17254] usb 2-1: config 0 descriptor?? [ 1042.117717][ T6050] usb usb4-port1: attempt power cycle [ 1042.477113][ T6050] usb 4-1: new high-speed USB device number 91 using dummy_hcd [ 1042.506944][ T6050] usb 4-1: device descriptor read/8, error -71 [ 1042.767124][ T6050] usb 4-1: new high-speed USB device number 92 using dummy_hcd [ 1042.788059][ T6050] usb 4-1: device descriptor read/8, error -71 [ 1042.907822][ T6050] usb usb4-port1: unable to enumerate USB device [ 1043.098229][T17254] usb 2-1: USB disconnect, device number 102 [ 1043.292826][T14974] team0 (unregistering): Port device team_slave_1 removed [ 1043.467756][T14974] team0 (unregistering): Port device team_slave_0 removed [ 1043.756318][ T5890] libceph: connect (1)[c::]:6789 error -101 [ 1043.756527][ T5890] libceph: mon0 (1)[c::]:6789 connect error [ 1043.757754][ T5890] libceph: connect (1)[c::]:6789 error -101 [ 1043.758264][ T5890] libceph: mon0 (1)[c::]:6789 connect error [ 1044.000635][T19356] ceph: No mds server is up or the cluster is laggy [ 1044.035642][T14778] libceph: connect (1)[c::]:6789 error -101 [ 1044.039020][T14778] libceph: mon0 (1)[c::]:6789 connect error [ 1044.477673][ T6489] kworker/0:8 (6489) used greatest stack depth: 17880 bytes left [ 1045.854059][T19370] fuse: Bad value for 'fd' [ 1046.607794][ T5890] usb 2-1: new high-speed USB device number 103 using dummy_hcd [ 1046.757402][ T5890] usb 2-1: Using ep0 maxpacket: 32 [ 1046.810002][T14974] team0 (unregistering): Port device macvlan2 removed [ 1047.050010][ T5890] usb 2-1: config 0 has an invalid interface number: 89 but max is 0 [ 1047.050042][ T5890] usb 2-1: config 0 has no interface number 0 [ 1047.050095][ T5890] usb 2-1: config 0 interface 89 has no altsetting 0 [ 1047.055730][ T5890] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 1047.055763][ T5890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1047.055785][ T5890] usb 2-1: Product: syz [ 1047.055800][ T5890] usb 2-1: Manufacturer: syz [ 1047.055816][ T5890] usb 2-1: SerialNumber: syz [ 1047.173757][ T5890] usb 2-1: config 0 descriptor?? [ 1047.276273][ T5117] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1047.306230][ T5117] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1047.330831][ T5117] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1047.333124][ T5117] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1047.334212][ T5117] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1049.073573][T17254] usb 2-1: USB disconnect, device number 103 [ 1049.550000][ T5117] Bluetooth: hci5: command tx timeout [ 1050.217326][ T50] usb 2-1: new full-speed USB device number 104 using dummy_hcd [ 1050.389487][ T50] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1050.392186][ T50] usb 2-1: Dual-Role OTG device on HNP port [ 1050.392482][ T50] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice= 6.be [ 1050.392525][ T50] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1050.392547][ T50] usb 2-1: Product: syz [ 1050.392563][ T50] usb 2-1: Manufacturer: syz [ 1050.392579][ T50] usb 2-1: SerialNumber: syz [ 1050.396801][ T50] usb 2-1: config 0 descriptor?? [ 1051.157130][T16214] usb 4-1: new high-speed USB device number 93 using dummy_hcd [ 1051.287067][T16214] usb 4-1: device descriptor read/64, error -71 [ 1051.521659][T17170] usb 2-1: USB disconnect, device number 104 [ 1051.587522][T16214] usb 4-1: new high-speed USB device number 94 using dummy_hcd [ 1051.607219][ T5117] Bluetooth: hci5: command tx timeout [ 1051.717301][T16214] usb 4-1: device descriptor read/64, error -71 [ 1051.840121][T16214] usb usb4-port1: attempt power cycle [ 1051.888015][T14974] team0 (unregistering): Port device team_slave_1 removed [ 1052.273096][T16214] usb 4-1: new high-speed USB device number 95 using dummy_hcd [ 1052.345783][T16214] usb 4-1: device descriptor read/8, error -71 [ 1052.398406][T14974] team0 (unregistering): Port device team_slave_0 removed [ 1053.618974][T16214] usb 4-1: new high-speed USB device number 96 using dummy_hcd [ 1053.637903][T16214] usb 4-1: device descriptor read/8, error -71 [ 1054.316748][T16214] usb usb4-port1: unable to enumerate USB device [ 1054.636948][ T5117] Bluetooth: hci5: command tx timeout [ 1055.859806][T19415] fuse: Bad value for 'fd' [ 1056.557751][T14778] usb 4-1: new high-speed USB device number 97 using dummy_hcd [ 1056.647263][ T5117] Bluetooth: hci5: command tx timeout [ 1056.707822][T14778] usb 4-1: Using ep0 maxpacket: 32 [ 1056.742516][T14778] usb 4-1: config 0 has an invalid interface number: 89 but max is 0 [ 1056.742667][T14778] usb 4-1: config 0 has no interface number 0 [ 1056.743160][T14778] usb 4-1: config 0 interface 89 has no altsetting 0 [ 1057.052164][T14778] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 1057.052188][T14778] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1057.052204][T14778] usb 4-1: Product: syz [ 1057.052215][T14778] usb 4-1: Manufacturer: syz [ 1057.052226][T14778] usb 4-1: SerialNumber: syz [ 1057.088997][T14778] usb 4-1: config 0 descriptor?? [ 1058.987208][T17170] usb 4-1: USB disconnect, device number 97 [ 1059.627565][T14974] team0 (unregistering): Port device team_slave_1 removed [ 1059.735607][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 1059.735674][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 1060.014285][T14974] team0 (unregistering): Port device team_slave_0 removed [ 1061.177301][T16214] usb 4-1: new full-speed USB device number 98 using dummy_hcd [ 1062.252151][T19247] chnl_net:caif_netlink_parms(): no params data found [ 1062.336227][T16214] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1062.340724][T16214] usb 4-1: Dual-Role OTG device on HNP port [ 1062.341317][T16214] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice= 6.be [ 1062.341384][T16214] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1062.341438][T16214] usb 4-1: Product: syz [ 1062.341480][T16214] usb 4-1: Manufacturer: syz [ 1062.341523][T16214] usb 4-1: SerialNumber: syz [ 1062.399504][T16214] usb 4-1: config 0 descriptor?? [ 1062.809508][T16214] usb 2-1: new high-speed USB device number 105 using dummy_hcd [ 1062.995646][T16214] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1062.995883][T16214] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1062.995940][T16214] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1062.996001][T16214] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1063.096700][T16214] usb 2-1: config 0 descriptor?? [ 1064.080216][T16214] usb 4-1: USB disconnect, device number 98 [ 1064.161303][T19241] chnl_net:caif_netlink_parms(): no params data found [ 1065.443887][T16214] usb 2-1: USB disconnect, device number 105 [ 1067.485284][T19247] bridge0: port 1(bridge_slave_0) entered blocking state [ 1067.485586][T19247] bridge0: port 1(bridge_slave_0) entered disabled state [ 1067.485810][T19247] bridge_slave_0: entered allmulticast mode [ 1067.553059][T19247] bridge_slave_0: entered promiscuous mode [ 1067.584358][T19247] bridge0: port 2(bridge_slave_1) entered blocking state [ 1067.596612][T19247] bridge0: port 2(bridge_slave_1) entered disabled state [ 1067.596820][T19247] bridge_slave_1: entered allmulticast mode [ 1067.598873][T19247] bridge_slave_1: entered promiscuous mode [ 1070.710794][T19241] bridge0: port 1(bridge_slave_0) entered blocking state [ 1070.711010][T19241] bridge0: port 1(bridge_slave_0) entered disabled state [ 1070.711275][T19241] bridge_slave_0: entered allmulticast mode [ 1070.730554][T19241] bridge_slave_0: entered promiscuous mode [ 1070.795871][T19247] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1070.901896][T19247] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1070.946335][T19241] bridge0: port 2(bridge_slave_1) entered blocking state [ 1070.946426][T19241] bridge0: port 2(bridge_slave_1) entered disabled state [ 1070.946580][T19241] bridge_slave_1: entered allmulticast mode [ 1070.975742][T19241] bridge_slave_1: entered promiscuous mode [ 1071.039444][ T5890] libceph: connect (1)[c::]:6789 error -101 [ 1071.039802][ T5890] libceph: mon0 (1)[c::]:6789 connect error [ 1071.040385][ T5890] libceph: connect (1)[c::]:6789 error -101 [ 1071.040570][ T5890] libceph: mon0 (1)[c::]:6789 connect error [ 1071.203033][T19524] ceph: No mds server is up or the cluster is laggy [ 1071.306537][ T5890] libceph: connect (1)[c::]:6789 error -101 [ 1071.313681][ T5890] libceph: mon0 (1)[c::]:6789 connect error [ 1073.322410][T19247] team0: Port device team_slave_0 added [ 1073.477157][T17254] usb 4-1: new high-speed USB device number 99 using dummy_hcd [ 1073.502832][T19241] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1073.506625][T19247] team0: Port device team_slave_1 added [ 1073.564942][T19241] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1073.637173][T17254] usb 4-1: Using ep0 maxpacket: 8 [ 1073.642781][T17254] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1073.642815][T17254] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1073.642839][T17254] usb 4-1: Product: syz [ 1073.642855][T17254] usb 4-1: Manufacturer: syz [ 1073.642872][T17254] usb 4-1: SerialNumber: syz [ 1073.701580][T17254] usb 4-1: config 0 descriptor?? [ 1073.711575][T17254] gspca_main: sq930x-2.14.0 probing 2770:930c [ 1075.767166][T17254] gspca_sq930x: reg_w 0305 fd00 failed -110 [ 1076.125134][T19557] binder: 19556:19557 ioctl c0306201 200000000240 returned -11 [ 1078.533128][T19247] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1078.533149][T19247] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1078.533179][T19247] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1078.541505][T19241] team0: Port device team_slave_0 added [ 1078.780152][T19247] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1078.780172][T19247] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1078.780203][T19247] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1078.788088][T19241] team0: Port device team_slave_1 added [ 1078.788516][T19375] chnl_net:caif_netlink_parms(): no params data found [ 1078.983053][T19562] random: crng reseeded on system resumption [ 1080.237350][T17254] gspca_sq930x: Unknown sensor [ 1080.237458][T17254] sq930x 4-1:0.0: probe with driver sq930x failed with error -22 [ 1080.242654][T17254] usb 4-1: USB disconnect, device number 99 [ 1080.894664][T19247] hsr_slave_0: entered promiscuous mode [ 1080.896519][T19247] hsr_slave_1: entered promiscuous mode [ 1081.239391][ T5813] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1081.244025][ T5813] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1081.269077][ T5813] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1081.286707][ T5813] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1081.290541][ T5813] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1081.658747][T19375] bridge0: port 1(bridge_slave_0) entered blocking state [ 1081.658902][T19375] bridge0: port 1(bridge_slave_0) entered disabled state [ 1081.659083][T19375] bridge_slave_0: entered allmulticast mode [ 1081.660951][T19375] bridge_slave_0: entered promiscuous mode [ 1081.664454][T19375] bridge0: port 2(bridge_slave_1) entered blocking state [ 1081.664541][T19375] bridge0: port 2(bridge_slave_1) entered disabled state [ 1081.664685][T19375] bridge_slave_1: entered allmulticast mode [ 1081.666573][T19375] bridge_slave_1: entered promiscuous mode [ 1082.461375][ T5813] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1082.483778][ T5813] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1082.497489][ T5813] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1082.529609][ T5813] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1082.530576][ T5813] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1083.391730][ T5117] Bluetooth: hci1: command tx timeout [ 1083.544004][T19375] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1084.577487][ T5117] Bluetooth: hci3: command tx timeout [ 1084.620654][T19611] binder: 19610:19611 ioctl 4018620d 0 returned -22 [ 1084.625445][T19611] binder: 19610:19611 ioctl c0306201 200000000240 returned -11 [ 1084.783776][T19375] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1085.342881][T17170] usb 2-1: new high-speed USB device number 106 using dummy_hcd [ 1085.469927][ T5117] Bluetooth: hci1: command tx timeout [ 1085.857069][T17170] usb 2-1: Using ep0 maxpacket: 8 [ 1085.863621][T17170] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1085.863653][T17170] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1085.863675][T17170] usb 2-1: Product: syz [ 1085.863699][T17170] usb 2-1: Manufacturer: syz [ 1085.863715][T17170] usb 2-1: SerialNumber: syz [ 1085.920776][T17170] usb 2-1: config 0 descriptor?? [ 1085.951813][T17170] gspca_main: sq930x-2.14.0 probing 2770:930c [ 1086.028709][T14974] bridge_slave_1: left allmulticast mode [ 1086.028743][T14974] bridge_slave_1: left promiscuous mode [ 1086.029150][T14974] bridge0: port 2(bridge_slave_1) entered disabled state [ 1086.078591][T14974] bridge_slave_0: left allmulticast mode [ 1086.078623][T14974] bridge_slave_0: left promiscuous mode [ 1086.078904][T14974] bridge0: port 1(bridge_slave_0) entered disabled state [ 1086.274120][T14974] bridge_slave_1: left allmulticast mode [ 1086.274158][T14974] bridge_slave_1: left promiscuous mode [ 1086.274426][T14974] bridge0: port 2(bridge_slave_1) entered disabled state [ 1086.728020][ T5813] Bluetooth: hci3: command tx timeout [ 1086.867093][T17170] gspca_sq930x: reg_w 0305 fd00 failed -71 [ 1087.050240][T14974] bridge_slave_0: left allmulticast mode [ 1087.050274][T14974] bridge_slave_0: left promiscuous mode [ 1087.050600][T14974] bridge0: port 1(bridge_slave_0) entered disabled state [ 1087.371170][T14974] bridge_slave_1: left allmulticast mode [ 1087.371194][T14974] bridge_slave_1: left promiscuous mode [ 1087.371371][T14974] bridge0: port 2(bridge_slave_1) entered disabled state [ 1087.472777][T14974] bridge_slave_0: left allmulticast mode [ 1087.472801][T14974] bridge_slave_0: left promiscuous mode [ 1087.473000][T14974] bridge0: port 1(bridge_slave_0) entered disabled state [ 1087.537035][ T5813] Bluetooth: hci1: command tx timeout [ 1087.568300][T14974] bridge_slave_1: left allmulticast mode [ 1087.568330][T14974] bridge_slave_1: left promiscuous mode [ 1087.568588][T14974] bridge0: port 2(bridge_slave_1) entered disabled state [ 1087.757048][T17170] gspca_sq930x: Unknown sensor [ 1087.757165][T17170] sq930x 2-1:0.0: probe with driver sq930x failed with error -22 [ 1087.761245][T17170] usb 2-1: USB disconnect, device number 106 [ 1087.858619][T14974] bridge_slave_0: left allmulticast mode [ 1087.858643][T14974] bridge_slave_0: left promiscuous mode [ 1087.858832][T14974] bridge0: port 1(bridge_slave_0) entered disabled state [ 1088.500211][T14974] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1088.573422][T14974] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1088.644451][T14974] bond0 (unregistering): Released all slaves [ 1088.819894][ T5813] Bluetooth: hci3: command tx timeout [ 1089.338016][T14974] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1089.338805][T19646] syz.3.4585 (19646): drop_caches: 2 [ 1089.467982][T14974] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1089.531320][T14974] bond0 (unregistering): Released all slaves [ 1089.625944][ T5813] Bluetooth: hci1: command tx timeout [ 1089.768133][T14974] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1089.868348][T14974] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1089.929368][T14974] bond0 (unregistering): Released all slaves [ 1090.187785][T14974] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1090.267838][T14974] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1090.359249][T14974] bond0 (unregistering): Released all slaves [ 1090.828521][T19375] team0: Port device team_slave_0 added [ 1090.856930][T19653] binder: 19652:19653 ioctl 4018620d 0 returned -22 [ 1090.861517][T19653] binder: 19652:19653 ioctl c0306201 200000000240 returned -11 [ 1090.889370][ T5813] Bluetooth: hci3: command tx timeout [ 1090.890553][T19375] team0: Port device team_slave_1 added [ 1091.197040][T17170] usb 2-1: new full-speed USB device number 107 using dummy_hcd [ 1091.352809][T19375] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1091.352824][T19375] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1091.352845][T19375] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1091.362645][T17170] usb 2-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d [ 1091.362679][T17170] usb 2-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3 [ 1091.362702][T17170] usb 2-1: Product: syz [ 1091.362718][T17170] usb 2-1: Manufacturer: syz [ 1091.362734][T17170] usb 2-1: SerialNumber: syz [ 1091.444121][T19375] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1091.444148][T19375] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1091.444177][T19375] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1091.494618][T17170] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state. [ 1092.007394][T17170] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 1092.007446][T17170] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 1092.213918][T17170] usb 2-1: USB disconnect, device number 107 [ 1092.283638][T14974] hsr_slave_0: left promiscuous mode [ 1092.587274][T14974] hsr_slave_1: left promiscuous mode [ 1092.590242][T14974] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1092.712621][T14974] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1092.753244][T14974] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1092.789304][T14974] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1093.077775][T14974] hsr_slave_0: left promiscuous mode [ 1093.246438][T19665] loop4: detected capacity change from 0 to 7 [ 1093.526093][T19665] Dev loop4: unable to read RDB block 7 [ 1093.526354][T19665] loop4: AHDI p1 p2 [ 1093.526617][T19665] loop4: partition table partially beyond EOD, truncated [ 1093.541798][T19665] loop4: p1 size 4227858431 extends beyond EOD, truncated [ 1093.763798][T14974] hsr_slave_1: left promiscuous mode [ 1093.764595][T14974] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1093.837735][T14974] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1093.872249][T19437] udevd[19437]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 1094.197031][ T6046] usb 4-1: new high-speed USB device number 100 using dummy_hcd [ 1094.288063][T14974] team0 (unregistering): Port device team_slave_1 removed [ 1094.356983][ T6046] usb 4-1: Using ep0 maxpacket: 8 [ 1094.363812][ T6046] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1094.363843][ T6046] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1094.363858][ T6046] usb 4-1: Product: syz [ 1094.363875][ T6046] usb 4-1: Manufacturer: syz [ 1094.363886][ T6046] usb 4-1: SerialNumber: syz [ 1094.404318][ T6046] usb 4-1: config 0 descriptor?? [ 1094.419661][ T6046] gspca_main: sq930x-2.14.0 probing 2770:930c [ 1094.558078][T14974] team0 (unregistering): Port device team_slave_0 removed [ 1095.117245][ T6046] gspca_sq930x: reg_w 0305 fd00 failed -71 [ 1095.957195][T17170] usb 2-1: new high-speed USB device number 108 using dummy_hcd [ 1096.047002][ T6046] gspca_sq930x: Unknown sensor [ 1096.047185][ T6046] sq930x 4-1:0.0: probe with driver sq930x failed with error -22 [ 1096.071415][ T6046] usb 4-1: USB disconnect, device number 100 [ 1096.150793][T17170] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1096.150855][T17170] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 1096.150903][T17170] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1096.150928][T17170] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1096.155655][T17170] usb 2-1: config 0 descriptor?? [ 1096.221995][T14974] team0 (unregistering): Port device team_slave_1 removed [ 1096.292127][T17170] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 1096.407844][T14974] team0 (unregistering): Port device team_slave_0 removed [ 1097.247919][T14974] team0 (unregistering): Port device team_slave_1 removed [ 1097.381056][T14974] team0 (unregistering): Port device team_slave_0 removed [ 1098.337717][T14974] team0 (unregistering): Port device team_slave_1 removed [ 1098.457920][T14974] team0 (unregistering): Port device team_slave_0 removed [ 1098.681833][T16214] usb 2-1: USB disconnect, device number 108 [ 1099.502953][T19689] netlink: 352 bytes leftover after parsing attributes in process `syz.1.4598'. [ 1100.280952][T19375] hsr_slave_0: entered promiscuous mode [ 1100.282471][T19375] hsr_slave_1: entered promiscuous mode [ 1100.283544][T19375] debugfs: 'hsr0' already exists in 'hsr' [ 1100.283573][T19375] Cannot create hsr debugfs directory [ 1101.411602][T19587] chnl_net:caif_netlink_parms(): no params data found [ 1101.471954][T19570] chnl_net:caif_netlink_parms(): no params data found [ 1102.362945][ T5975] usb 2-1: new high-speed USB device number 109 using dummy_hcd [ 1102.527052][ T5975] usb 2-1: Using ep0 maxpacket: 8 [ 1102.564653][ T5975] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1102.564685][ T5975] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1102.564706][ T5975] usb 2-1: Product: syz [ 1102.564721][ T5975] usb 2-1: Manufacturer: syz [ 1102.564737][ T5975] usb 2-1: SerialNumber: syz [ 1102.585083][ T5975] usb 2-1: config 0 descriptor?? [ 1102.633681][ T5975] gspca_main: sq930x-2.14.0 probing 2770:930c [ 1103.247029][ T5975] gspca_sq930x: reg_w 0305 fd00 failed -71 [ 1103.358409][T19587] bridge0: port 1(bridge_slave_0) entered blocking state [ 1103.358823][T19587] bridge0: port 1(bridge_slave_0) entered disabled state [ 1103.359060][T19587] bridge_slave_0: entered allmulticast mode [ 1103.361997][T19587] bridge_slave_0: entered promiscuous mode [ 1103.394510][T19570] bridge0: port 1(bridge_slave_0) entered blocking state [ 1103.394640][T19570] bridge0: port 1(bridge_slave_0) entered disabled state [ 1103.394837][T19570] bridge_slave_0: entered allmulticast mode [ 1103.396846][T19570] bridge_slave_0: entered promiscuous mode [ 1103.445881][T19587] bridge0: port 2(bridge_slave_1) entered blocking state [ 1103.446029][T19587] bridge0: port 2(bridge_slave_1) entered disabled state [ 1103.446267][T19587] bridge_slave_1: entered allmulticast mode [ 1103.447458][T16214] usb 4-1: new high-speed USB device number 101 using dummy_hcd [ 1103.472339][T19587] bridge_slave_1: entered promiscuous mode [ 1103.486510][T19570] bridge0: port 2(bridge_slave_1) entered blocking state [ 1103.486649][T19570] bridge0: port 2(bridge_slave_1) entered disabled state [ 1103.501590][T19570] bridge_slave_1: entered allmulticast mode [ 1103.504055][T19570] bridge_slave_1: entered promiscuous mode [ 1103.619179][T16214] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 1103.619218][T16214] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1103.619235][T16214] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1103.687677][T16214] usb 4-1: config 0 descriptor?? [ 1103.696357][T16214] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 1106.754037][ T5975] gspca_sq930x: Unknown sensor [ 1106.754145][ T5975] sq930x 2-1:0.0: probe with driver sq930x failed with error -22 [ 1106.759860][ T5975] usb 2-1: USB disconnect, device number 109 [ 1106.860340][T16214] usb 4-1: USB disconnect, device number 101 [ 1107.561030][ T5117] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1107.566380][ T5117] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1107.569852][ T5117] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1107.572295][ T5117] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1107.573701][ T5117] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1107.861676][T19587] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1107.892296][T19570] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1107.975664][T19587] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1108.019030][T19570] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1108.340072][T19749] loop4: detected capacity change from 0 to 7 [ 1108.353661][T19749] Dev loop4: unable to read RDB block 7 [ 1108.353706][T19749] loop4: unable to read partition table [ 1108.353911][T19749] loop4: partition table beyond EOD, truncated [ 1108.355258][T19749] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1109.706971][ T5117] Bluetooth: hci4: command tx timeout [ 1109.750863][T19587] team0: Port device team_slave_0 added [ 1110.050981][T19759] input: syz1 as /devices/virtual/input/input68 [ 1110.318592][T19587] team0: Port device team_slave_1 added [ 1110.335076][T19570] team0: Port device team_slave_0 added [ 1110.446994][ T5975] usb 2-1: new high-speed USB device number 110 using dummy_hcd [ 1110.531032][T19752] random: crng reseeded on system resumption [ 1110.593389][T19570] team0: Port device team_slave_1 added [ 1110.607098][ T5975] usb 2-1: Using ep0 maxpacket: 8 [ 1110.640445][ T5975] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1110.640479][ T5975] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1110.640501][ T5975] usb 2-1: Product: syz [ 1110.640518][ T5975] usb 2-1: Manufacturer: syz [ 1110.640534][ T5975] usb 2-1: SerialNumber: syz [ 1110.865864][ T5975] usb 2-1: config 0 descriptor?? [ 1110.912263][ T5975] gspca_main: sq930x-2.14.0 probing 2770:930c [ 1111.084414][T19587] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1111.084435][T19587] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1111.084466][T19587] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1113.411828][ T5813] Bluetooth: hci4: command tx timeout [ 1113.451624][T19587] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1113.451644][T19587] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1113.451675][T19587] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1113.504721][ T5975] gspca_sq930x: reg_w 0305 fd00 failed -110 [ 1113.652575][T19570] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1113.652596][T19570] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1113.652628][T19570] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1113.732619][T19570] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1113.732639][T19570] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1113.732670][T19570] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1114.500972][ T5975] gspca_sq930x: Unknown sensor [ 1114.501082][ T5975] sq930x 2-1:0.0: probe with driver sq930x failed with error -22 [ 1114.527936][ T5975] usb 2-1: USB disconnect, device number 110 [ 1114.578031][T19780] syz.1.4616 (19780) used greatest stack depth: 17656 bytes left [ 1114.729683][T19587] hsr_slave_0: entered promiscuous mode [ 1114.730663][T19587] hsr_slave_1: entered promiscuous mode [ 1114.731307][T19587] debugfs: 'hsr0' already exists in 'hsr' [ 1114.731324][T19587] Cannot create hsr debugfs directory [ 1115.042482][T19570] hsr_slave_0: entered promiscuous mode [ 1115.045842][T19570] hsr_slave_1: entered promiscuous mode [ 1115.046664][T19570] debugfs: 'hsr0' already exists in 'hsr' [ 1115.046685][T19570] Cannot create hsr debugfs directory [ 1115.089733][T19792] loop4: detected capacity change from 0 to 7 [ 1115.102528][T19437] Dev loop4: unable to read RDB block 7 [ 1115.102668][T19437] loop4: unable to read partition table [ 1115.103375][T19437] loop4: partition table beyond EOD, truncated [ 1115.193603][T19792] Dev loop4: unable to read RDB block 7 [ 1115.193639][T19792] loop4: unable to read partition table [ 1115.193805][T19792] loop4: partition table beyond EOD, truncated [ 1115.193876][T19792] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1115.457035][ T5117] Bluetooth: hci4: command tx timeout [ 1117.926557][ T5117] Bluetooth: hci4: command tx timeout [ 1118.477217][T14778] usb 4-1: new high-speed USB device number 102 using dummy_hcd [ 1118.653253][T14778] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 1118.653308][T14778] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1118.653341][T14778] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1118.701972][T14778] usb 4-1: config 0 descriptor?? [ 1118.717970][T19738] chnl_net:caif_netlink_parms(): no params data found [ 1118.760784][T14778] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 1120.582679][T19738] bridge0: port 1(bridge_slave_0) entered blocking state [ 1120.582981][T19738] bridge0: port 1(bridge_slave_0) entered disabled state [ 1120.583350][T19738] bridge_slave_0: entered allmulticast mode [ 1120.586620][T19738] bridge_slave_0: entered promiscuous mode [ 1120.938046][T19738] bridge0: port 2(bridge_slave_1) entered blocking state [ 1120.938186][T19738] bridge0: port 2(bridge_slave_1) entered disabled state [ 1120.938447][T19738] bridge_slave_1: entered allmulticast mode [ 1120.941699][T19738] bridge_slave_1: entered promiscuous mode [ 1121.194111][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 1121.194229][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 1121.245910][T14778] usb 4-1: USB disconnect, device number 102 [ 1122.603499][T19738] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1122.626573][T19738] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1123.994792][T19738] team0: Port device team_slave_0 added [ 1124.036024][T19738] team0: Port device team_slave_1 added [ 1124.610349][T19738] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1124.610368][T19738] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1124.610397][T19738] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1124.612996][T19738] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1124.613015][T19738] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1124.613043][T19738] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1125.110470][T14974] bridge_slave_1: left allmulticast mode [ 1125.110494][T14974] bridge_slave_1: left promiscuous mode [ 1125.110678][T14974] bridge0: port 2(bridge_slave_1) entered disabled state [ 1125.612557][T14974] bridge_slave_0: left allmulticast mode [ 1125.612583][T14974] bridge_slave_0: left promiscuous mode [ 1125.612799][T14974] bridge0: port 1(bridge_slave_0) entered disabled state [ 1125.700582][T14974] bridge_slave_1: left allmulticast mode [ 1125.700606][T14974] bridge_slave_1: left promiscuous mode [ 1125.700792][T14974] bridge0: port 2(bridge_slave_1) entered disabled state [ 1125.778262][T14974] bridge_slave_0: left allmulticast mode [ 1125.778287][T14974] bridge_slave_0: left promiscuous mode [ 1125.778470][T14974] bridge0: port 1(bridge_slave_0) entered disabled state [ 1125.987234][ T9] usb 4-1: new high-speed USB device number 103 using dummy_hcd [ 1126.180049][ T9] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1126.180082][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1126.185547][ T9] usb 4-1: config 0 descriptor?? [ 1126.518176][T14974] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1126.617807][T14974] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1126.659757][T14974] bond0 (unregistering): Released all slaves [ 1126.889438][T14974] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1126.948873][T14974] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1127.010772][T14974] bond0 (unregistering): Released all slaves [ 1127.134859][ T9] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 1127.135525][ T9] [drm:udl_init] *ERROR* Selecting channel failed [ 1127.295417][ T9] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 1127.295438][ T9] [drm] Initialized udl on minor 2 [ 1127.368670][ T9] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1127.407219][ T9] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 1127.518807][ T9] usb 4-1: USB disconnect, device number 103 [ 1127.527989][T16214] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1127.531155][T16214] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 1127.791088][T19738] hsr_slave_0: entered promiscuous mode [ 1127.795166][T19738] hsr_slave_1: entered promiscuous mode [ 1127.796172][T19738] debugfs: 'hsr0' already exists in 'hsr' [ 1127.796196][T19738] Cannot create hsr debugfs directory [ 1128.497050][T14974] hsr_slave_0: left promiscuous mode [ 1128.539169][T14974] hsr_slave_1: left promiscuous mode [ 1128.540298][T14974] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1128.567129][T16025] usb 4-1: new high-speed USB device number 104 using dummy_hcd [ 1128.585933][T14974] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1128.639522][T14974] hsr_slave_0: left promiscuous mode [ 1128.805699][T14974] hsr_slave_1: left promiscuous mode [ 1128.806694][T14974] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1128.829212][T16025] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 1128.829268][T16025] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1128.829293][T16025] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1128.868124][T16025] usb 4-1: config 0 descriptor?? [ 1128.903765][T16025] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 1128.927067][T14974] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1129.820580][T19942] syz.1.4638 (19942): drop_caches: 2 [ 1131.265010][ T9] usb 4-1: USB disconnect, device number 104 [ 1131.508620][T14974] team0 (unregistering): Port device team_slave_1 removed [ 1131.658986][T14974] team0 (unregistering): Port device team_slave_0 removed [ 1132.827795][T14974] team0 (unregistering): Port device team_slave_1 removed [ 1133.007512][T14974] team0 (unregistering): Port device team_slave_0 removed [ 1135.618743][T19968] random: crng reseeded on system resumption [ 1137.299498][T19570] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1137.397116][T16025] usb 2-1: new full-speed USB device number 111 using dummy_hcd [ 1137.522316][T19570] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1137.591401][T19570] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1138.407024][T16025] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1138.412688][T16025] usb 2-1: Dual-Role OTG device on HNP port [ 1138.413054][T16025] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice= 6.be [ 1138.413083][T16025] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1138.413106][T16025] usb 2-1: Product: syz [ 1138.413122][T16025] usb 2-1: Manufacturer: syz [ 1138.413138][T16025] usb 2-1: SerialNumber: syz [ 1138.418761][T16025] usb 2-1: config 0 descriptor?? [ 1138.584253][T19570] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1138.699751][ T9] usb 4-1: new high-speed USB device number 105 using dummy_hcd [ 1138.868847][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1138.868880][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1138.868927][ T9] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1138.868952][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1138.876658][ T9] usb 4-1: config 0 descriptor?? [ 1138.958455][ T9] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 1139.132753][ T9] usb 2-1: USB disconnect, device number 111 [ 1139.257618][T19587] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1139.322783][T19587] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1139.536263][T19587] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1139.607553][T19587] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1139.916807][T20005] fuse: Bad value for 'fd' [ 1140.817094][T16025] usb 2-1: new high-speed USB device number 112 using dummy_hcd [ 1140.986987][T16025] usb 2-1: Using ep0 maxpacket: 32 [ 1140.995835][T16025] usb 2-1: config 0 has an invalid interface number: 89 but max is 0 [ 1140.995865][T16025] usb 2-1: config 0 has no interface number 0 [ 1140.995901][T16025] usb 2-1: config 0 interface 89 has no altsetting 0 [ 1141.024813][T16025] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 1141.024846][T16025] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1141.024868][T16025] usb 2-1: Product: syz [ 1141.024884][T16025] usb 2-1: Manufacturer: syz [ 1141.024900][T16025] usb 2-1: SerialNumber: syz [ 1141.035406][T16025] usb 2-1: config 0 descriptor?? [ 1141.332547][T19570] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1141.473877][T19587] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1141.489702][T19570] 8021q: adding VLAN 0 to HW filter on device team0 [ 1141.527458][T16025] usb 4-1: USB disconnect, device number 105 [ 1141.533020][ T3456] bridge0: port 1(bridge_slave_0) entered blocking state [ 1141.533243][ T3456] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1141.623242][T19587] 8021q: adding VLAN 0 to HW filter on device team0 [ 1141.661539][ T3502] bridge0: port 1(bridge_slave_0) entered blocking state [ 1141.661700][ T3502] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1141.731965][T14974] bridge0: port 2(bridge_slave_1) entered blocking state [ 1141.732146][T14974] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1142.643343][T19738] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1142.885657][ T5813] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1143.053840][ T5813] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1143.082054][T16025] usb 2-1: USB disconnect, device number 112 [ 1143.086602][ T5813] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1143.105179][ T5813] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1143.106129][ T5813] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1143.550871][T19738] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1143.969336][T19738] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1144.082624][ T5117] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1144.086728][ T5117] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1144.113232][ T5117] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1144.115595][ T5117] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1144.116384][ T5117] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1145.287329][ T5117] Bluetooth: hci1: command tx timeout [ 1145.310518][T20062] fuse: Bad value for 'fd' [ 1145.417242][T16214] usb 4-1: new full-speed USB device number 106 using dummy_hcd [ 1145.587810][T16214] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1145.590964][T16214] usb 4-1: Dual-Role OTG device on HNP port [ 1145.591303][T16214] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice= 6.be [ 1145.591332][T16214] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1145.591354][T16214] usb 4-1: Product: syz [ 1145.591371][T16214] usb 4-1: Manufacturer: syz [ 1145.591387][T16214] usb 4-1: SerialNumber: syz [ 1145.709609][T16214] usb 4-1: config 0 descriptor?? [ 1145.977173][T16214] usb 2-1: new high-speed USB device number 113 using dummy_hcd [ 1146.109123][T19738] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1146.127172][T16214] usb 2-1: Using ep0 maxpacket: 32 [ 1146.129289][T16214] usb 2-1: config 0 has an invalid interface number: 89 but max is 0 [ 1146.129317][T16214] usb 2-1: config 0 has no interface number 0 [ 1146.129356][T16214] usb 2-1: config 0 interface 89 has no altsetting 0 [ 1146.131756][T16214] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 1146.131785][T16214] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1146.131806][T16214] usb 2-1: Product: syz [ 1146.131820][T16214] usb 2-1: Manufacturer: syz [ 1146.131837][T16214] usb 2-1: SerialNumber: syz [ 1146.196174][T16214] usb 2-1: config 0 descriptor?? [ 1146.249245][ T5117] Bluetooth: hci3: command tx timeout [ 1146.419568][T14778] usb 4-1: USB disconnect, device number 106 [ 1147.461235][ T5117] Bluetooth: hci1: command tx timeout [ 1148.077136][T20091] binder: 20089:20091 ioctl c0306201 200000000c80 returned -14 [ 1148.337138][ T5117] Bluetooth: hci3: command tx timeout [ 1148.578627][T14778] usb 2-1: USB disconnect, device number 113 [ 1148.929911][T20047] chnl_net:caif_netlink_parms(): no params data found [ 1148.972366][T20036] chnl_net:caif_netlink_parms(): no params data found [ 1149.197342][T20103] loop4: detected capacity change from 0 to 7 [ 1149.264332][T20103] Dev loop4: unable to read RDB block 7 [ 1149.264371][T20103] loop4: AHDI p1 p2 [ 1149.264408][T20103] loop4: partition table partially beyond EOD, truncated [ 1149.264702][T20103] loop4: p1 size 4227858431 extends beyond EOD, truncated [ 1149.530354][ T5117] Bluetooth: hci1: command tx timeout [ 1149.923232][T19973] udevd[19973]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 1150.465303][ T5117] Bluetooth: hci3: command tx timeout [ 1151.110783][ T3472] bridge_slave_1: left allmulticast mode [ 1151.110817][ T3472] bridge_slave_1: left promiscuous mode [ 1151.111008][ T3472] bridge0: port 2(bridge_slave_1) entered disabled state [ 1151.323921][ T9] usb 2-1: new full-speed USB device number 114 using dummy_hcd [ 1151.348576][ T3472] bridge_slave_0: left allmulticast mode [ 1151.348610][ T3472] bridge_slave_0: left promiscuous mode [ 1151.348926][ T3472] bridge0: port 1(bridge_slave_0) entered disabled state [ 1151.509247][ T9] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1151.512150][ T9] usb 2-1: Dual-Role OTG device on HNP port [ 1151.512468][ T9] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice= 6.be [ 1151.512502][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1151.512518][ T9] usb 2-1: Product: syz [ 1151.512529][ T9] usb 2-1: Manufacturer: syz [ 1151.512540][ T9] usb 2-1: SerialNumber: syz [ 1151.545647][ T9] usb 2-1: config 0 descriptor?? [ 1151.607061][ T5117] Bluetooth: hci1: command tx timeout [ 1152.106718][T20122] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4668'. [ 1152.106756][T20122] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4668'. [ 1152.130061][ T6050] usb 2-1: USB disconnect, device number 114 [ 1152.548118][ T5117] Bluetooth: hci3: command tx timeout [ 1155.599442][T20137] loop4: detected capacity change from 0 to 7 [ 1156.103687][T20137] Dev loop4: unable to read RDB block 7 [ 1156.103892][T20137] loop4: AHDI p1 p2 [ 1156.104153][T20137] loop4: partition table partially beyond EOD, truncated [ 1156.112387][T20137] loop4: p1 size 4227858431 extends beyond EOD, truncated [ 1156.458851][ T3472] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1156.603473][T20138] udevd[20138]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 1156.688017][ T3472] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1156.771445][ T3472] bond0 (unregistering): Released all slaves [ 1158.447110][ T3472] hsr_slave_0: left promiscuous mode [ 1158.477041][ T3472] hsr_slave_1: left promiscuous mode [ 1158.485554][ T3472] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1158.487539][ T5890] usb 4-1: new high-speed USB device number 107 using dummy_hcd [ 1158.521787][ T3472] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1158.649294][ T5890] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1158.649332][ T5890] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1158.649356][ T5890] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1158.649401][ T5890] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1158.649426][ T5890] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1158.654741][ T5890] usb 4-1: config 0 descriptor?? [ 1159.074817][ T5890] usbhid 4-1:0.0: can't add hid device: -71 [ 1159.074950][ T5890] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1159.107878][ T5890] usb 4-1: USB disconnect, device number 107 [ 1160.337082][T17170] usb 4-1: new high-speed USB device number 108 using dummy_hcd [ 1160.621100][T17170] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1160.621137][T17170] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1160.621154][T17170] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1160.621187][T17170] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1160.621204][T17170] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1160.675776][ T3472] team0 (unregistering): Port device team_slave_1 removed [ 1160.691761][T17170] usb 4-1: config 0 descriptor?? [ 1160.928643][ T3472] team0 (unregistering): Port device team_slave_0 removed [ 1161.106408][T17170] usbhid 4-1:0.0: can't add hid device: -71 [ 1161.106800][T17170] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1161.141410][T17170] usb 4-1: USB disconnect, device number 108 [ 1164.636976][ T5876] usb 4-1: new high-speed USB device number 109 using dummy_hcd [ 1164.735167][T20185] syz.1.4684 (20185): drop_caches: 2 [ 1164.819699][ T5876] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1164.859147][ T5876] usb 4-1: New USB device found, idVendor=046d, idProduct=c082, bcdDevice= 0.40 [ 1164.859181][ T5876] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1164.859204][ T5876] usb 4-1: Product: Ñ… [ 1164.859219][ T5876] usb 4-1: Manufacturer: 篛譗 [ 1164.859236][ T5876] usb 4-1: SerialNumber: 㳂֒ﲦéŒè¢£ë¤ªëƒŽï¹¾ã¿¥æ‡³ä®êª±ï¯—ë™ï¹¿ì½Œä‚±íž¯å¦ï‹•ê½‹é­–㩀뿱晅࿯å—湿਎닀䮄ኌ苸턗멢鶱崄껾ꜩ膾㤋繾瘑꓅ßí±íš€ä™ å´–㼨诬멤﷡䊢劘뇗젂㖌籺픰淋俓㎹é‚<柈啲ᄡ༛煺 [ 1165.250721][ T5876] usbhid 4-1:1.0: can't add hid device: -71 [ 1165.250861][ T5876] usbhid 4-1:1.0: probe with driver usbhid failed with error -71 [ 1165.271806][ T5876] usb 4-1: USB disconnect, device number 109 [ 1166.909790][ T5813] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1167.678453][ T5813] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1167.735793][ T5813] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1167.794201][ T5813] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1167.827627][ T5813] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1169.637233][T20047] bridge0: port 1(bridge_slave_0) entered blocking state [ 1169.637489][T20047] bridge0: port 1(bridge_slave_0) entered disabled state [ 1169.637760][T20047] bridge_slave_0: entered allmulticast mode [ 1169.644467][T20047] bridge_slave_0: entered promiscuous mode [ 1169.847034][ T5117] Bluetooth: hci5: command tx timeout [ 1171.545065][T20222] syz.3.4692 (20222): drop_caches: 2 [ 1171.657175][T20047] bridge0: port 2(bridge_slave_1) entered blocking state [ 1171.657315][T20047] bridge0: port 2(bridge_slave_1) entered disabled state [ 1171.657570][T20047] bridge_slave_1: entered allmulticast mode [ 1171.660386][T20047] bridge_slave_1: entered promiscuous mode [ 1171.737138][T20036] bridge0: port 1(bridge_slave_0) entered blocking state [ 1171.737297][T20036] bridge0: port 1(bridge_slave_0) entered disabled state [ 1171.737551][T20036] bridge_slave_0: entered allmulticast mode [ 1171.763848][T20036] bridge_slave_0: entered promiscuous mode [ 1171.927012][ T5117] Bluetooth: hci5: command tx timeout [ 1172.527712][T20036] bridge0: port 2(bridge_slave_1) entered blocking state [ 1172.527875][T20036] bridge0: port 2(bridge_slave_1) entered disabled state [ 1172.528128][T20036] bridge_slave_1: entered allmulticast mode [ 1172.531325][T20036] bridge_slave_1: entered promiscuous mode [ 1173.070823][T20047] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1173.184381][T20047] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1173.233110][T20036] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1173.393955][T20036] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1173.591897][T20047] team0: Port device team_slave_0 added [ 1173.720572][T20047] team0: Port device team_slave_1 added [ 1173.750057][T20036] team0: Port device team_slave_0 added [ 1173.963562][T20036] team0: Port device team_slave_1 added [ 1174.007204][ T5117] Bluetooth: hci5: command tx timeout [ 1175.620710][T20252] GUP no longer grows the stack in syz.3.4700 (20252): 200000004000-200000008000 (200000002000) [ 1175.620750][T20252] CPU: 0 UID: 0 PID: 20252 Comm: syz.3.4700 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1175.620769][T20252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1175.620783][T20252] Call Trace: [ 1175.620792][T20252] [ 1175.620800][T20252] dump_stack_lvl+0xe8/0x150 [ 1175.620871][T20252] __get_user_pages+0x22c8/0x2830 [ 1175.620935][T20252] get_user_pages_remote+0x2f1/0xac0 [ 1175.620975][T20252] ? __pfx_mtree_load+0x10/0x10 [ 1175.621082][T20252] ? __pfx_get_user_pages_remote+0x10/0x10 [ 1175.621105][T20252] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1175.621133][T20252] ? __access_remote_vm+0x367/0x7d0 [ 1175.621162][T20252] __access_remote_vm+0x211/0x7d0 [ 1175.621194][T20252] ? __pfx___access_remote_vm+0x10/0x10 [ 1175.621217][T20252] ? set_page_refcounted+0xa0/0x1e0 [ 1175.621243][T20252] ? alloc_pages_noprof+0xe4/0x1e0 [ 1175.621262][T20252] proc_pid_cmdline_read+0x433/0x810 [ 1175.621298][T20252] ? __asan_memset+0x22/0x50 [ 1175.621325][T20252] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 1175.621350][T20252] ? rw_verify_area+0x2ac/0x4e0 [ 1175.621381][T20252] vfs_readv+0x5b3/0x850 [ 1175.621399][T20252] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 1175.621423][T20252] ? __pfx_vfs_readv+0x10/0x10 [ 1175.621451][T20252] ? __fget_files+0x2a/0x420 [ 1175.621472][T20252] ? __fget_files+0x3a6/0x420 [ 1175.621489][T20252] ? __fget_files+0x2a/0x420 [ 1175.621536][T20252] __x64_sys_preadv+0x19a/0x2a0 [ 1175.621574][T20252] ? __pfx___se_sys_futex+0x10/0x10 [ 1175.621641][T20252] ? __pfx___x64_sys_preadv+0x10/0x10 [ 1175.621675][T20252] do_syscall_64+0xec/0xf80 [ 1175.621725][T20252] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1175.621919][T20252] ? trace_irq_disable+0x37/0x100 [ 1175.621962][T20252] ? clear_bhb_loop+0x60/0xb0 [ 1175.621985][T20252] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1175.622003][T20252] RIP: 0033:0x7ff027e6f749 [ 1175.622022][T20252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1175.622043][T20252] RSP: 002b:00007ff0260ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 1175.622060][T20252] RAX: ffffffffffffffda RBX: 00007ff0280c5fa0 RCX: 00007ff027e6f749 [ 1175.622073][T20252] RDX: 0000000000000001 RSI: 0000200000000d00 RDI: 0000000000000007 [ 1175.622084][T20252] RBP: 00007ff027ef3f91 R08: 0000000000000200 R09: 0000000000000000 [ 1175.622094][T20252] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 1175.622157][T20252] R13: 00007ff0280c6038 R14: 00007ff0280c5fa0 R15: 00007ffd043a6438 [ 1175.622184][T20252] [ 1175.924980][T20047] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1175.925001][T20047] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1175.925031][T20047] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1176.139070][ T5117] Bluetooth: hci5: command tx timeout [ 1176.598042][T20254] syz.3.4701 (20254): drop_caches: 2 [ 1176.617345][T20047] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1176.617359][T20047] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1176.617379][T20047] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1176.618701][T20036] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1176.618713][T20036] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1176.618733][T20036] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1177.287486][ T6050] usb 2-1: new high-speed USB device number 115 using dummy_hcd [ 1177.330555][T20036] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1177.330574][T20036] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1177.330606][T20036] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1177.452508][ T6050] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1177.452546][ T6050] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1177.452571][ T6050] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1177.452617][ T6050] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1177.452642][ T6050] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1177.513726][ T6050] usb 2-1: config 0 descriptor?? [ 1178.021265][T20047] hsr_slave_0: entered promiscuous mode [ 1178.028484][T20047] hsr_slave_1: entered promiscuous mode [ 1178.126468][ T6050] usbhid 2-1:0.0: can't add hid device: -71 [ 1178.126596][ T6050] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1178.150427][ T6050] usb 2-1: USB disconnect, device number 115 [ 1178.519197][T20036] hsr_slave_0: entered promiscuous mode [ 1178.520619][T20036] hsr_slave_1: entered promiscuous mode [ 1178.521628][T20036] debugfs: 'hsr0' already exists in 'hsr' [ 1178.521656][T20036] Cannot create hsr debugfs directory [ 1180.647536][ T6046] usb 4-1: new full-speed USB device number 110 using dummy_hcd [ 1181.108854][ T6046] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1181.250308][T20307] syz.1.4710 (20307): drop_caches: 2 [ 1181.314836][ T6046] usb 4-1: Dual-Role OTG device on HNP port [ 1181.315124][ T6046] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice= 6.be [ 1181.315143][ T6046] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1181.315158][ T6046] usb 4-1: Product: syz [ 1181.315169][ T6046] usb 4-1: Manufacturer: syz [ 1181.315180][ T6046] usb 4-1: SerialNumber: syz [ 1181.354183][ T6046] usb 4-1: config 0 descriptor?? [ 1181.663507][T17170] libceph: connect (1)[c::]:6789 error -101 [ 1181.663728][T17170] libceph: mon0 (1)[c::]:6789 connect error [ 1181.664240][T17170] libceph: connect (1)[c::]:6789 error -101 [ 1181.664422][T17170] libceph: mon0 (1)[c::]:6789 connect error [ 1181.841802][T20314] ceph: No mds server is up or the cluster is laggy [ 1181.919430][T17170] libceph: connect (1)[c::]:6789 error -101 [ 1181.925227][T17170] libceph: mon0 (1)[c::]:6789 connect error [ 1182.433952][T17170] libceph: connect (1)[c::]:6789 error -101 [ 1182.434258][T17170] libceph: mon0 (1)[c::]:6789 connect error [ 1182.588322][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 1182.588403][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 1184.210762][ T5876] usb 4-1: USB disconnect, device number 110 [ 1184.400803][T20198] chnl_net:caif_netlink_parms(): no params data found [ 1185.201814][T20339] syz.1.4718 (20339): drop_caches: 2 [ 1185.599336][T20348] binder_alloc: 20347: binder_alloc_buf, no vma [ 1186.497004][ T6050] usb 2-1: new full-speed USB device number 116 using dummy_hcd [ 1186.873706][ T6050] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1186.876550][ T6050] usb 2-1: Dual-Role OTG device on HNP port [ 1186.878107][ T6050] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice= 6.be [ 1186.878136][ T6050] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1186.878158][ T6050] usb 2-1: Product: syz [ 1186.878173][ T6050] usb 2-1: Manufacturer: syz [ 1186.878189][ T6050] usb 2-1: SerialNumber: syz [ 1186.891974][ T6050] usb 2-1: config 0 descriptor?? [ 1187.120983][ T37] audit: type=1326 audit(1767616053.319:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20361 comm="syz.3.4726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff027e6f749 code=0x7fc00000 [ 1187.537020][ T37] audit: type=1326 audit(1767616053.739:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20361 comm="syz.3.4726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff027e6f749 code=0x7fc00000 [ 1187.941040][T20369] input: syz0 as /devices/virtual/input/input69 [ 1188.256768][T20198] bridge0: port 1(bridge_slave_0) entered blocking state [ 1188.283260][T20198] bridge0: port 1(bridge_slave_0) entered disabled state [ 1188.283496][T20198] bridge_slave_0: entered allmulticast mode [ 1188.286139][T20198] bridge_slave_0: entered promiscuous mode [ 1188.391956][T20198] bridge0: port 2(bridge_slave_1) entered blocking state [ 1188.392114][T20198] bridge0: port 2(bridge_slave_1) entered disabled state [ 1188.392337][T20198] bridge_slave_1: entered allmulticast mode [ 1188.395561][T20198] bridge_slave_1: entered promiscuous mode [ 1188.854066][T20198] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1189.057674][ T5876] usb 2-1: USB disconnect, device number 116 [ 1189.166070][T20198] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1189.606403][T20385] binder: BINDER_SET_CONTEXT_MGR already set [ 1189.606420][T20385] binder: 20384:20385 ioctl 4018620d 200000004a80 returned -16 [ 1190.298192][T20198] team0: Port device team_slave_0 added [ 1190.719855][T20198] team0: Port device team_slave_1 added [ 1190.863308][T20396] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4735'. [ 1191.633862][T20402] vivid-007: disconnect [ 1191.635292][T20402] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4735'. [ 1191.811856][T20395] vivid-007: reconnect [ 1191.970684][ T3472] bridge_slave_1: left allmulticast mode [ 1191.970711][ T3472] bridge_slave_1: left promiscuous mode [ 1191.970923][ T3472] bridge0: port 2(bridge_slave_1) entered disabled state [ 1192.058707][ T3472] bridge_slave_0: left allmulticast mode [ 1192.058741][ T3472] bridge_slave_0: left promiscuous mode [ 1192.059121][ T3472] bridge0: port 1(bridge_slave_0) entered disabled state [ 1192.132711][ T3472] bridge_slave_1: left allmulticast mode [ 1192.132746][ T3472] bridge_slave_1: left promiscuous mode [ 1192.133038][ T3472] bridge0: port 2(bridge_slave_1) entered disabled state [ 1192.378523][ T3472] bridge_slave_0: left allmulticast mode [ 1192.378555][ T3472] bridge_slave_0: left promiscuous mode [ 1192.378828][ T3472] bridge0: port 1(bridge_slave_0) entered disabled state [ 1192.384172][ T6046] libceph: connect (1)[c::]:6789 error -101 [ 1192.384501][ T6046] libceph: mon0 (1)[c::]:6789 connect error [ 1192.688757][T20409] ceph: No mds server is up or the cluster is laggy [ 1192.694249][ T6046] libceph: connect (1)[c::]:6789 error -101 [ 1192.713410][ T6046] libceph: mon0 (1)[c::]:6789 connect error [ 1193.247273][T20418] binder: BINDER_SET_CONTEXT_MGR already set [ 1193.247291][T20418] binder: 20417:20418 ioctl 4018620d 200000004a80 returned -16 [ 1193.566991][T16214] usb 4-1: new full-speed USB device number 111 using dummy_hcd [ 1194.239402][T16214] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1194.242644][T16214] usb 4-1: Dual-Role OTG device on HNP port [ 1194.242977][T16214] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice= 6.be [ 1194.243004][T16214] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1194.243027][T16214] usb 4-1: Product: syz [ 1194.243044][T16214] usb 4-1: Manufacturer: syz [ 1194.243061][T16214] usb 4-1: SerialNumber: syz [ 1194.270411][T16214] usb 4-1: config 0 descriptor?? [ 1195.724611][ T5890] usb 4-1: USB disconnect, device number 111 [ 1196.437699][ T3472] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1197.608224][ T3472] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1197.702396][ T3472] bond0 (unregistering): Released all slaves [ 1197.783671][T20447] binder: BINDER_SET_CONTEXT_MGR already set [ 1197.783683][T20447] binder: 20446:20447 ioctl 4018620d 200000004a80 returned -16 [ 1199.761522][ T6050] usb 2-1: new full-speed USB device number 117 using dummy_hcd [ 1200.911659][ T6050] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1200.930012][ T6050] usb 2-1: Dual-Role OTG device on HNP port [ 1200.930347][ T6050] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice= 6.be [ 1200.930375][ T6050] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1200.930397][ T6050] usb 2-1: Product: syz [ 1200.930413][ T6050] usb 2-1: Manufacturer: syz [ 1200.930429][ T6050] usb 2-1: SerialNumber: syz [ 1200.964624][ T6050] usb 2-1: config 0 descriptor?? [ 1202.352529][T20476] binder: BINDER_SET_CONTEXT_MGR already set [ 1202.352546][T20476] binder: 20474:20476 ioctl 4018620d 200000004a80 returned -16 [ 1202.751495][T14778] usb 2-1: USB disconnect, device number 117 [ 1203.398055][ T3472] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1203.457912][ T3472] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1203.500333][ T3472] bond0 (unregistering): Released all slaves [ 1203.548782][T20198] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1203.548796][T20198] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1203.548817][T20198] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1203.948872][ T5813] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1203.963607][ T5813] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1203.965317][ T5813] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1203.967106][ T5813] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1203.968846][ T5813] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1204.779925][T20198] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1204.779944][T20198] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1204.779974][T20198] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1205.394035][ T5117] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1205.416793][ T5117] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1205.422215][ T5117] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1205.423819][ T5117] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1205.424801][ T5117] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1205.431555][ T3472] hsr_slave_0: left promiscuous mode [ 1205.578234][ T3472] hsr_slave_1: left promiscuous mode [ 1205.579280][ T3472] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1205.632917][ T3472] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1206.007186][ T5813] Bluetooth: hci4: command tx timeout [ 1206.931119][ T3472] hsr_slave_0: left promiscuous mode [ 1206.962989][ T3472] hsr_slave_1: left promiscuous mode [ 1206.964051][ T3472] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1206.991022][ T3472] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1207.602650][ T5813] Bluetooth: hci6: command tx timeout [ 1207.603316][T16025] usb 4-1: new full-speed USB device number 112 using dummy_hcd [ 1207.750790][T16025] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1207.753938][T16025] usb 4-1: Dual-Role OTG device on HNP port [ 1207.754292][T16025] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice= 6.be [ 1207.754322][T16025] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1207.754345][T16025] usb 4-1: Product: syz [ 1207.754362][T16025] usb 4-1: Manufacturer: syz [ 1207.754387][T16025] usb 4-1: SerialNumber: syz [ 1207.762105][T16025] usb 4-1: config 0 descriptor?? [ 1208.090190][ T5813] Bluetooth: hci4: command tx timeout [ 1210.308142][ T5117] Bluetooth: hci4: command tx timeout [ 1210.311553][ T5813] Bluetooth: hci6: command tx timeout [ 1210.803629][ T5876] usb 4-1: USB disconnect, device number 112 [ 1211.578039][ T3472] team0 (unregistering): Port device team_slave_1 removed [ 1211.778355][ T3472] team0 (unregistering): Port device team_slave_0 removed [ 1212.328693][ T5117] Bluetooth: hci4: command tx timeout [ 1212.328733][ T5117] Bluetooth: hci6: command tx timeout [ 1214.407157][ T5813] Bluetooth: hci6: command tx timeout [ 1216.891105][T20570] loop4: detected capacity change from 0 to 7 [ 1216.892246][T20570] Dev loop4: unable to read RDB block 7 [ 1216.892276][T20570] loop4: AHDI p1 p2 [ 1216.892305][T20570] loop4: partition table partially beyond EOD, truncated [ 1216.892622][T20570] loop4: p1 size 4227858431 extends beyond EOD, truncated [ 1219.287709][ T3472] team0 (unregistering): Port device team_slave_1 removed [ 1219.486646][T16214] usb 2-1: new full-speed USB device number 118 using dummy_hcd [ 1219.607801][ T3472] team0 (unregistering): Port device team_slave_0 removed [ 1219.669389][T16214] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1219.672290][T16214] usb 2-1: Dual-Role OTG device on HNP port [ 1219.672663][T16214] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice= 6.be [ 1219.672685][T16214] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1219.672701][T16214] usb 2-1: Product: syz [ 1219.672712][T16214] usb 2-1: Manufacturer: syz [ 1219.672724][T16214] usb 2-1: SerialNumber: syz [ 1219.683432][T16214] usb 2-1: config 0 descriptor?? [ 1220.915296][T16025] usb 2-1: USB disconnect, device number 118 [ 1221.873441][ T5813] Bluetooth: hci2: unexpected event for opcode 0x2029 [ 1224.653196][T20597] random: crng reseeded on system resumption [ 1226.974579][ T5813] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 1226.975225][ T5813] Bluetooth: hci2: Injecting HCI hardware error event [ 1226.981133][ T5117] Bluetooth: hci2: hardware error 0x00 [ 1227.723558][T20038] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1227.776106][T20038] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1227.783001][T20038] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1227.786966][T20038] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1227.808989][T20038] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1229.855710][ T5117] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1229.927044][ T5117] Bluetooth: hci7: command tx timeout [ 1232.508991][ T5117] Bluetooth: hci7: command tx timeout [ 1233.555945][T14778] libceph: connect (1)[c::]:6789 error -101 [ 1233.556167][T14778] libceph: mon0 (1)[c::]:6789 connect error [ 1233.556730][T14778] libceph: connect (1)[c::]:6789 error -101 [ 1233.576222][T14778] libceph: mon0 (1)[c::]:6789 connect error [ 1233.833213][ T6050] libceph: connect (1)[c::]:6789 error -101 [ 1233.857757][ T6050] libceph: mon0 (1)[c::]:6789 connect error [ 1234.062417][T20638] ceph: No mds server is up or the cluster is laggy [ 1234.586132][ T5117] Bluetooth: hci7: command tx timeout [ 1236.698092][ T5117] Bluetooth: hci7: command tx timeout [ 1237.266990][T14778] usb 2-1: new high-speed USB device number 119 using dummy_hcd [ 1237.417015][T14778] usb 2-1: Using ep0 maxpacket: 32 [ 1237.428946][T14778] usb 2-1: config 4 has an invalid interface number: 128 but max is 0 [ 1237.428977][T14778] usb 2-1: config 4 has no interface number 0 [ 1237.429029][T14778] usb 2-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1237.429058][T14778] usb 2-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1237.429100][T14778] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1237.429125][T14778] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1237.494424][T14778] hub 2-1:4.128: USB hub found [ 1237.640658][T14778] hub 2-1:4.128: config failed, hub has too many ports! (err -19) [ 1237.968407][ T9] usb 2-1: USB disconnect, device number 119 [ 1238.093118][T20486] chnl_net:caif_netlink_parms(): no params data found [ 1239.087800][T14740] libceph: connect (1)[c::]:6789 error -101 [ 1239.088033][T14740] libceph: mon0 (1)[c::]:6789 connect error [ 1239.088594][T14740] libceph: connect (1)[c::]:6789 error -101 [ 1239.088781][T14740] libceph: mon0 (1)[c::]:6789 connect error [ 1239.232171][T20675] ceph: No mds server is up or the cluster is laggy [ 1239.322064][T20603] chnl_net:caif_netlink_parms(): no params data found [ 1239.347642][T14740] libceph: connect (1)[c::]:6789 error -101 [ 1239.347861][T14740] libceph: mon0 (1)[c::]:6789 connect error [ 1239.752244][T20499] chnl_net:caif_netlink_parms(): no params data found [ 1241.702254][T20720] loop4: detected capacity change from 0 to 7 [ 1241.703360][T20720] Dev loop4: unable to read RDB block 7 [ 1241.703391][T20720] loop4: AHDI p1 p2 [ 1241.703420][T20720] loop4: partition table partially beyond EOD, truncated [ 1241.703666][T20720] loop4: p1 size 4227858431 extends beyond EOD, truncated [ 1241.867558][T20486] bridge0: port 1(bridge_slave_0) entered blocking state [ 1241.867799][T20486] bridge0: port 1(bridge_slave_0) entered disabled state [ 1241.868044][T20486] bridge_slave_0: entered allmulticast mode [ 1241.871173][T20486] bridge_slave_0: entered promiscuous mode [ 1241.937826][ T3472] bridge_slave_1: left allmulticast mode [ 1241.937859][ T3472] bridge_slave_1: left promiscuous mode [ 1241.938157][ T3472] bridge0: port 2(bridge_slave_1) entered disabled state [ 1242.009400][ T3472] bridge_slave_0: left allmulticast mode [ 1242.009434][ T3472] bridge_slave_0: left promiscuous mode [ 1242.009744][ T3472] bridge0: port 1(bridge_slave_0) entered disabled state [ 1242.083217][ T3472] bridge_slave_1: left allmulticast mode [ 1242.083258][ T3472] bridge_slave_1: left promiscuous mode [ 1242.083520][ T3472] bridge0: port 2(bridge_slave_1) entered disabled state [ 1242.148576][ T3472] bridge_slave_0: left allmulticast mode [ 1242.148611][ T3472] bridge_slave_0: left promiscuous mode [ 1242.148885][ T3472] bridge0: port 1(bridge_slave_0) entered disabled state [ 1244.010370][ T3472] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1244.022561][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 1244.022770][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 1244.119880][ T3472] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1244.201706][ T3472] bond0 (unregistering): Released all slaves [ 1244.557873][ T3472] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1244.678776][ T3472] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1244.790508][ T3472] bond0 (unregistering): Released all slaves [ 1244.840979][T20486] bridge0: port 2(bridge_slave_1) entered blocking state [ 1244.841123][T20486] bridge0: port 2(bridge_slave_1) entered disabled state [ 1244.841395][T20486] bridge_slave_1: entered allmulticast mode [ 1244.844777][T20486] bridge_slave_1: entered promiscuous mode [ 1245.159040][T20750] overlayfs: failed to resolve './file1': -2 [ 1245.518110][T20761] loop4: detected capacity change from 0 to 7 [ 1245.554913][T20761] Dev loop4: unable to read RDB block 7 [ 1245.554946][T20761] loop4: AHDI p1 p2 [ 1245.554972][T20761] loop4: partition table partially beyond EOD, truncated [ 1245.555174][T20761] loop4: p1 size 4227858431 extends beyond EOD, truncated [ 1245.742118][T20759] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 1245.742148][T20759] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1245.742522][T20759] vhci_hcd vhci_hcd.0: Device attached [ 1246.087290][ T5975] usb 39-1: new high-speed USB device number 4 using vhci_hcd [ 1246.116071][T20603] bridge0: port 1(bridge_slave_0) entered blocking state [ 1246.116543][T20603] bridge0: port 1(bridge_slave_0) entered disabled state [ 1246.117281][T20603] bridge_slave_0: entered allmulticast mode [ 1246.141636][T20603] bridge_slave_0: entered promiscuous mode [ 1246.188679][T20486] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1246.272242][T20763] vhci_hcd: connection reset by peer [ 1246.305189][T14801] vhci_hcd vhci_hcd.3: stop threads [ 1246.305253][T14801] vhci_hcd vhci_hcd.3: release socket [ 1246.305489][T14801] vhci_hcd vhci_hcd.3: disconnect device [ 1246.921724][T20486] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1246.924022][T20603] bridge0: port 2(bridge_slave_1) entered blocking state [ 1246.924167][T20603] bridge0: port 2(bridge_slave_1) entered disabled state [ 1246.924326][T20603] bridge_slave_1: entered allmulticast mode [ 1246.926327][T20603] bridge_slave_1: entered promiscuous mode [ 1247.068206][T20499] bridge0: port 1(bridge_slave_0) entered blocking state [ 1247.068336][T20499] bridge0: port 1(bridge_slave_0) entered disabled state [ 1247.068544][T20499] bridge_slave_0: entered allmulticast mode [ 1247.071325][T20499] bridge_slave_0: entered promiscuous mode [ 1247.207392][ T3472] hsr_slave_0: left promiscuous mode [ 1247.228284][ T3472] hsr_slave_1: left promiscuous mode [ 1247.229339][ T3472] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1247.279649][ T3472] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1249.187957][ T3472] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1249.227301][ T3472] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1249.928234][T20791] overlayfs: failed to resolve './file1': -2 [ 1250.163863][T20795] loop4: detected capacity change from 0 to 7 [ 1250.164917][T20795] Dev loop4: unable to read RDB block 7 [ 1250.164948][T20795] loop4: AHDI p1 p2 [ 1250.164976][T20795] loop4: partition table partially beyond EOD, truncated [ 1250.165233][T20795] loop4: p1 size 4227858431 extends beyond EOD, truncated [ 1250.274226][ T3472] team0 (unregistering): Port device team_slave_1 removed [ 1250.351875][T20797] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4832'. [ 1250.478507][ T3472] team0 (unregistering): Port device team_slave_0 removed [ 1251.230241][ T5975] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 1251.553864][ T3472] team0 (unregistering): Port device team_slave_1 removed [ 1252.393761][T14740] IPVS: starting estimator thread 0... [ 1252.487554][T20808] IPVS: using max 7 ests per chain, 16800 per kthread [ 1252.600231][ T3472] team0 (unregistering): Port device team_slave_0 removed [ 1252.766746][T20812] overlayfs: failed to resolve './file0': -2 [ 1254.607716][T20824] loop4: detected capacity change from 0 to 7 [ 1254.617444][T20824] Dev loop4: unable to read RDB block 7 [ 1254.617478][T20824] loop4: AHDI p1 p2 [ 1254.617524][T20824] loop4: partition table partially beyond EOD, truncated [ 1254.617810][T20824] loop4: p1 size 4227858431 extends beyond EOD, truncated [ 1254.715610][T20499] bridge0: port 2(bridge_slave_1) entered blocking state [ 1254.715818][T20499] bridge0: port 2(bridge_slave_1) entered disabled state [ 1254.716031][T20499] bridge_slave_1: entered allmulticast mode [ 1254.739854][T20499] bridge_slave_1: entered promiscuous mode [ 1254.891006][T20486] team0: Port device team_slave_0 added [ 1255.007308][T20486] team0: Port device team_slave_1 added [ 1255.010894][T20603] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1255.252394][T20603] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1255.633360][T20499] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1255.848336][T20838] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4844'. [ 1256.078993][T20499] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1256.530032][T20486] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1256.530053][T20486] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1256.530085][T20486] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1256.735516][T20603] team0: Port device team_slave_0 added [ 1256.742206][T20486] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1256.742257][T20486] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1256.742340][T20486] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1257.036064][T20603] team0: Port device team_slave_1 added [ 1257.056581][T20499] team0: Port device team_slave_0 added [ 1257.173625][T20499] team0: Port device team_slave_1 added [ 1258.928556][T20603] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1258.928578][T20603] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1258.928609][T20603] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1259.427470][T20603] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1259.427485][T20603] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1259.427506][T20603] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1260.631002][T20499] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1260.631023][T20499] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1260.631053][T20499] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1260.841817][T20486] hsr_slave_0: entered promiscuous mode [ 1260.845899][T20486] hsr_slave_1: entered promiscuous mode [ 1260.862955][T20486] debugfs: 'hsr0' already exists in 'hsr' [ 1260.865404][T20486] Cannot create hsr debugfs directory [ 1260.899702][T20499] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1260.899722][T20499] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1260.899753][T20499] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1261.606110][T20603] hsr_slave_0: entered promiscuous mode [ 1261.616340][T20603] hsr_slave_1: entered promiscuous mode [ 1261.618632][T20603] debugfs: 'hsr0' already exists in 'hsr' [ 1261.618701][T20603] Cannot create hsr debugfs directory [ 1261.698825][T20895] loop4: detected capacity change from 0 to 7 [ 1261.723481][T20895] Dev loop4: unable to read RDB block 7 [ 1261.723508][T20895] loop4: AHDI p1 p2 [ 1261.723532][T20895] loop4: partition table partially beyond EOD, truncated [ 1261.723726][T20895] loop4: p1 size 4227858431 extends beyond EOD, truncated [ 1262.635370][T20499] hsr_slave_0: entered promiscuous mode [ 1262.637078][T20499] hsr_slave_1: entered promiscuous mode [ 1262.638771][T20499] debugfs: 'hsr0' already exists in 'hsr' [ 1262.638798][T20499] Cannot create hsr debugfs directory [ 1265.987187][ T5813] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1266.015620][ T5813] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1266.017418][ T5813] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1266.035158][ T5813] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1266.036119][ T5813] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1267.342284][ T5117] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1267.367181][ T5117] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1267.368830][ T5117] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1267.370305][ T5117] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1267.371240][ T5117] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1268.337871][ T5117] Bluetooth: hci1: command tx timeout [ 1269.700904][ T5813] Bluetooth: hci3: command tx timeout [ 1269.857310][T20947] random: crng reseeded on system resumption [ 1270.817584][ T5117] Bluetooth: hci1: command tx timeout [ 1271.537821][ T3472] bridge_slave_1: left allmulticast mode [ 1271.537853][ T3472] bridge_slave_1: left promiscuous mode [ 1271.538141][ T3472] bridge0: port 2(bridge_slave_1) entered disabled state [ 1271.872805][ T5117] Bluetooth: hci3: command tx timeout [ 1272.315547][ T3472] bridge_slave_0: left allmulticast mode [ 1272.315708][ T3472] bridge_slave_0: left promiscuous mode [ 1272.332773][ T3472] bridge0: port 1(bridge_slave_0) entered disabled state [ 1272.895171][ T5117] Bluetooth: hci1: command tx timeout [ 1272.905137][ T68] nci: nci_extract_activation_params_iso_dep: unsupported activation_rf_tech_and_mode 0x2 [ 1273.377949][ T3472] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1274.151682][ T5117] Bluetooth: hci3: command tx timeout [ 1274.317809][ T3472] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1274.402124][ T3472] bond0 (unregistering): Released all slaves [ 1274.947065][ T5975] usb 4-1: new high-speed USB device number 113 using dummy_hcd [ 1274.957131][ T3472] hsr_slave_0: left promiscuous mode [ 1274.970159][ T5117] Bluetooth: hci1: command tx timeout [ 1275.099371][ T3472] hsr_slave_1: left promiscuous mode [ 1275.101165][ T3472] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1275.148317][ T3472] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1275.157470][ T5975] usb 4-1: Using ep0 maxpacket: 32 [ 1275.170294][ T5975] usb 4-1: config 0 has an invalid interface number: 89 but max is 0 [ 1275.170324][ T5975] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1275.170348][ T5975] usb 4-1: config 0 has no interface number 0 [ 1275.170386][ T5975] usb 4-1: config 0 interface 89 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1275.176353][ T5975] usb 4-1: New USB device found, idVendor=12d1, idProduct=7ef3, bcdDevice=54.68 [ 1275.176387][ T5975] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1275.176401][ T5975] usb 4-1: Product: syz [ 1275.176412][ T5975] usb 4-1: Manufacturer: syz [ 1275.176423][ T5975] usb 4-1: SerialNumber: syz [ 1275.225247][ T5975] usb 4-1: config 0 descriptor?? [ 1275.263775][ T5975] hub 4-1:0.89: bad descriptor, ignoring hub [ 1275.263820][ T5975] hub 4-1:0.89: probe with driver hub failed with error -5 [ 1275.265851][ T5975] option 4-1:0.89: GSM modem (1-port) converter detected [ 1276.041157][ T5975] usb 4-1: USB disconnect, device number 113 [ 1276.078268][T20987] random: crng reseeded on system resumption [ 1276.742352][ T5975] option 4-1:0.89: device disconnected [ 1277.506967][ T5117] Bluetooth: hci3: command tx timeout [ 1280.487666][ T3472] team0 (unregistering): Port device team_slave_1 removed [ 1280.627729][ T3472] team0 (unregistering): Port device team_slave_0 removed [ 1281.648998][T20913] chnl_net:caif_netlink_parms(): no params data found [ 1285.752860][T20603] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1287.516689][T20603] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1288.550832][T20603] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1288.771987][T20933] chnl_net:caif_netlink_parms(): no params data found [ 1288.791616][T20913] bridge0: port 1(bridge_slave_0) entered blocking state [ 1288.792639][T20913] bridge0: port 1(bridge_slave_0) entered disabled state [ 1288.792848][T20913] bridge_slave_0: entered allmulticast mode [ 1288.794889][T20913] bridge_slave_0: entered promiscuous mode [ 1288.873282][T20913] bridge0: port 2(bridge_slave_1) entered blocking state [ 1288.873420][T20913] bridge0: port 2(bridge_slave_1) entered disabled state [ 1288.873675][T20913] bridge_slave_1: entered allmulticast mode [ 1288.876508][T20913] bridge_slave_1: entered promiscuous mode [ 1289.127931][ T5813] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1289.150317][ T5813] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1289.151965][ T5813] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1289.153431][ T5813] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1289.154369][ T5813] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1295.537085][T21050] random: crng reseeded on system resumption [ 1297.507224][T21057] random: crng reseeded on system resumption [ 1299.381245][T20913] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1299.423737][T20913] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1299.642373][ T5813] Bluetooth: hci4: command tx timeout [ 1302.557418][ T5813] Bluetooth: hci4: command tx timeout [ 1303.784758][T20913] team0: Port device team_slave_0 added [ 1303.785033][T20933] bridge0: port 1(bridge_slave_0) entered blocking state [ 1303.797397][T20933] bridge0: port 1(bridge_slave_0) entered disabled state [ 1303.797954][T20933] bridge_slave_0: entered allmulticast mode [ 1303.804272][T20933] bridge_slave_0: entered promiscuous mode [ 1303.841502][ T3472] bridge_slave_1: left allmulticast mode [ 1303.841526][ T3472] bridge_slave_1: left promiscuous mode [ 1303.841705][ T3472] bridge0: port 2(bridge_slave_1) entered disabled state [ 1303.930346][ T3472] bridge_slave_0: left allmulticast mode [ 1303.930370][ T3472] bridge_slave_0: left promiscuous mode [ 1303.930584][ T3472] bridge0: port 1(bridge_slave_0) entered disabled state [ 1303.948042][T21085] fuse: Bad value for 'fd' [ 1304.025939][ T3472] bridge_slave_1: left allmulticast mode [ 1304.025973][ T3472] bridge_slave_1: left promiscuous mode [ 1304.026241][ T3472] bridge0: port 2(bridge_slave_1) entered disabled state [ 1304.080863][ T3472] bridge_slave_0: left allmulticast mode [ 1304.080898][ T3472] bridge_slave_0: left promiscuous mode [ 1304.081185][ T3472] bridge0: port 1(bridge_slave_0) entered disabled state [ 1304.567523][ T5813] Bluetooth: hci4: command tx timeout [ 1304.590331][ T3472] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1304.747845][ T3472] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1304.848247][ T3472] bond0 (unregistering): Released all slaves [ 1305.112133][ T45] nci: nci_extract_activation_params_iso_dep: unsupported activation_rf_tech_and_mode 0x2 [ 1305.464803][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 1305.464914][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 1305.489405][ T3472] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1305.583543][ T3472] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1306.730889][ T5813] Bluetooth: hci4: command tx timeout [ 1307.716664][ T3472] bond0 (unregistering): Released all slaves [ 1308.650833][T20913] team0: Port device team_slave_1 added [ 1308.651094][T20933] bridge0: port 2(bridge_slave_1) entered blocking state [ 1308.651349][T20933] bridge0: port 2(bridge_slave_1) entered disabled state [ 1308.651503][T20933] bridge_slave_1: entered allmulticast mode [ 1308.653571][T20933] bridge_slave_1: entered promiscuous mode [ 1309.734313][T21117] fuse: Invalid rootmode [ 1310.364770][T20913] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1310.364785][T20913] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1310.364806][T20913] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1311.395425][T20933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1312.390336][T20913] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1312.390355][T20913] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1312.390389][T20913] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1312.394826][T20933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1314.717682][T21132] random: crng reseeded on system resumption [ 1315.874480][T21141] netlink: zone id is out of range [ 1315.874498][T21141] netlink: zone id is out of range [ 1315.874614][T21141] netlink: zone id is out of range [ 1315.874742][T21141] netlink: zone id is out of range [ 1315.874816][T21141] netlink: zone id is out of range [ 1315.875494][T21141] netlink: zone id is out of range [ 1315.875657][T21141] netlink: zone id is out of range [ 1315.875707][T21141] netlink: zone id is out of range [ 1315.875976][T21141] netlink: zone id is out of range [ 1315.876084][T21141] netlink: zone id is out of range [ 1317.247907][ T3472] hsr_slave_0: left promiscuous mode [ 1317.267051][ T3472] hsr_slave_1: left promiscuous mode [ 1317.267866][ T3472] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1317.301428][ T3472] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1317.409355][ T3472] hsr_slave_0: left promiscuous mode [ 1317.451741][ T3472] hsr_slave_1: left promiscuous mode [ 1317.468075][ T3472] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1317.488447][ T3472] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1319.849234][ T3472] team0 (unregistering): Port device team_slave_1 removed [ 1320.049178][ T3472] team0 (unregistering): Port device team_slave_0 removed [ 1321.527807][ T3472] team0 (unregistering): Port device team_slave_1 removed [ 1321.677688][ T3472] team0 (unregistering): Port device team_slave_0 removed [ 1322.390478][T20933] team0: Port device team_slave_0 added [ 1322.483288][T21163] fuse: Invalid rootmode [ 1322.770620][T20933] team0: Port device team_slave_1 added [ 1326.284556][T20913] hsr_slave_0: entered promiscuous mode [ 1326.285617][T20913] hsr_slave_1: entered promiscuous mode [ 1326.352108][T21183] net_ratelimit: 46 callbacks suppressed [ 1326.352131][T21183] netlink: zone id is out of range [ 1326.352141][T21183] netlink: zone id is out of range [ 1326.352264][T21183] netlink: zone id is out of range [ 1326.352470][T21183] netlink: zone id is out of range [ 1326.352565][T21183] netlink: zone id is out of range [ 1326.353458][T21183] netlink: zone id is out of range [ 1326.353671][T21183] netlink: zone id is out of range [ 1326.353720][T21183] netlink: zone id is out of range [ 1326.354129][T21183] netlink: zone id is out of range [ 1326.354254][T21183] netlink: zone id is out of range [ 1326.732465][T20933] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1326.732481][T20933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1326.732502][T20933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1326.806258][T20933] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1326.806274][T20933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1326.806295][T20933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1327.949335][ T5117] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1327.984363][ T5117] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1327.991693][ T5117] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1328.057813][ T5117] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1328.058760][ T5117] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1328.863397][T21037] chnl_net:caif_netlink_parms(): no params data found [ 1329.039767][T21213] binder: 21212:21213 ioctl 4018620d 0 returned -22 [ 1329.140695][ T37] audit: type=1326 audit(1767616195.339:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21217 comm="syz.1.4921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f313a3bf749 code=0x7ffc0000 [ 1329.144912][ T37] audit: type=1326 audit(1767616195.349:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21217 comm="syz.1.4921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f313a3bf749 code=0x7ffc0000 [ 1329.145447][ T37] audit: type=1326 audit(1767616195.349:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21217 comm="syz.1.4921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f313a3bf749 code=0x7ffc0000 [ 1329.145751][ T37] audit: type=1326 audit(1767616195.349:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21217 comm="syz.1.4921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f313a3bf749 code=0x7ffc0000 [ 1329.149415][ T37] audit: type=1326 audit(1767616195.359:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21217 comm="syz.1.4921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f313a3bf749 code=0x7ffc0000 [ 1329.156909][ T37] audit: type=1326 audit(1767616195.359:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21217 comm="syz.1.4921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f313a3bf749 code=0x7ffc0000 [ 1329.163746][ T37] audit: type=1326 audit(1767616195.359:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21217 comm="syz.1.4921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f313a3bf749 code=0x7ffc0000 [ 1329.163984][ T37] audit: type=1326 audit(1767616195.369:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21217 comm="syz.1.4921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f313a3bf749 code=0x7ffc0000 [ 1329.164129][ T37] audit: type=1326 audit(1767616195.369:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21217 comm="syz.1.4921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f313a3bf749 code=0x7ffc0000 [ 1329.164267][ T37] audit: type=1326 audit(1767616195.369:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21217 comm="syz.1.4921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f313a3bf749 code=0x7ffc0000 [ 1329.625386][ T5813] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1329.657750][ T5813] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1329.659449][ T5813] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1329.661382][ T5813] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1329.662298][ T5813] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1329.848462][T21235] fuse: Invalid rootmode [ 1330.297328][ T5813] Bluetooth: hci5: command tx timeout [ 1332.407147][ T5813] Bluetooth: hci5: command tx timeout [ 1332.503199][ T5813] Bluetooth: hci1: command tx timeout [ 1332.514375][T16214] usb 2-1: new full-speed USB device number 120 using dummy_hcd [ 1332.689305][T16214] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1332.692381][T16214] usb 2-1: Dual-Role OTG device on HNP port [ 1332.692728][T16214] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice= 6.be [ 1332.692762][T16214] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1332.692784][T16214] usb 2-1: Product: syz [ 1332.692800][T16214] usb 2-1: Manufacturer: syz [ 1332.692815][T16214] usb 2-1: SerialNumber: syz [ 1332.698573][T16214] usb 2-1: config 0 descriptor?? [ 1334.182978][T21273] random: crng reseeded on system resumption [ 1334.566533][ T5813] Bluetooth: hci5: command tx timeout [ 1334.576878][ T5813] Bluetooth: hci1: command tx timeout [ 1335.683985][T16214] usb 2-1: USB disconnect, device number 120 [ 1335.837424][T21275] binder: 21274:21275 ioctl 4018620d 0 returned -22 [ 1335.938407][T21037] bridge0: port 1(bridge_slave_0) entered blocking state [ 1335.938621][T21037] bridge0: port 1(bridge_slave_0) entered disabled state [ 1335.938877][T21037] bridge_slave_0: entered allmulticast mode [ 1335.970088][T21037] bridge_slave_0: entered promiscuous mode [ 1335.987766][T21037] bridge0: port 2(bridge_slave_1) entered blocking state [ 1335.987902][T21037] bridge0: port 2(bridge_slave_1) entered disabled state [ 1335.988140][T21037] bridge_slave_1: entered allmulticast mode [ 1335.991505][T21037] bridge_slave_1: entered promiscuous mode [ 1336.418264][T14778] usb 2-1: new full-speed USB device number 121 using dummy_hcd [ 1336.568507][ T5813] Bluetooth: hci5: command tx timeout [ 1336.650487][ T5813] Bluetooth: hci1: command tx timeout [ 1337.195520][T21285] fuse: Bad value for 'rootmode' [ 1337.249587][T14778] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1337.252202][T14778] usb 2-1: Dual-Role OTG device on HNP port [ 1337.252552][T14778] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice= 6.be [ 1337.252580][T14778] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1337.252602][T14778] usb 2-1: Product: syz [ 1337.252617][T14778] usb 2-1: Manufacturer: syz [ 1337.252633][T14778] usb 2-1: SerialNumber: syz [ 1337.308533][T14778] usb 2-1: config 0 descriptor?? [ 1337.550295][T21037] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1338.726866][ T5813] Bluetooth: hci1: command tx timeout [ 1338.778672][T21037] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1339.587329][T14778] usb 2-1: USB disconnect, device number 121 [ 1342.007256][T21037] team0: Port device team_slave_0 added [ 1342.191959][T21037] team0: Port device team_slave_1 added [ 1342.523565][T21305] random: crng reseeded on system resumption [ 1343.861437][T21310] binder: 21309:21310 ioctl 4018620d 0 returned -22 [ 1344.213123][T21316] fuse: Bad value for 'rootmode' [ 1345.667089][T16214] usb 4-1: new full-speed USB device number 114 using dummy_hcd [ 1345.820778][T16214] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1345.824098][T16214] usb 4-1: Dual-Role OTG device on HNP port [ 1345.824431][T16214] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice= 6.be [ 1345.824460][T16214] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1345.824483][T16214] usb 4-1: Product: syz [ 1345.824499][T16214] usb 4-1: Manufacturer: syz [ 1345.824516][T16214] usb 4-1: SerialNumber: syz [ 1345.886125][T16214] usb 4-1: config 0 descriptor?? [ 1348.544153][T21333] random: crng reseeded on system resumption [ 1349.609690][ T5890] usb 4-1: USB disconnect, device number 114 [ 1349.712499][T21037] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1349.712518][T21037] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1349.712548][T21037] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1349.713496][T21197] chnl_net:caif_netlink_parms(): no params data found [ 1350.152960][T21348] binder: 21345:21348 ioctl c0306201 0 returned -14 [ 1350.566350][ T5117] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1350.588010][T21359] fuse: Bad value for 'rootmode' [ 1350.630704][ T5117] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1350.646604][ T5117] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1350.662622][ T5117] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1350.670334][ T5117] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1351.995097][T21227] chnl_net:caif_netlink_parms(): no params data found [ 1352.003228][T21197] bridge0: port 1(bridge_slave_0) entered blocking state [ 1352.003445][T21197] bridge0: port 1(bridge_slave_0) entered disabled state [ 1352.003658][T21197] bridge_slave_0: entered allmulticast mode [ 1352.021020][T21197] bridge_slave_0: entered promiscuous mode [ 1352.912576][ T5117] Bluetooth: hci3: command tx timeout [ 1352.959130][T21197] bridge0: port 2(bridge_slave_1) entered blocking state [ 1352.959305][T21197] bridge0: port 2(bridge_slave_1) entered disabled state [ 1352.959487][T21197] bridge_slave_1: entered allmulticast mode [ 1352.961441][T21197] bridge_slave_1: entered promiscuous mode [ 1353.653423][T21382] syz.3.4952 (21382): drop_caches: 2 [ 1353.898992][T21197] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1353.953799][T21197] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1354.356417][T21197] team0: Port device team_slave_0 added [ 1354.370490][T21227] bridge0: port 1(bridge_slave_0) entered blocking state [ 1354.370721][T21227] bridge0: port 1(bridge_slave_0) entered disabled state [ 1354.370895][T21227] bridge_slave_0: entered allmulticast mode [ 1354.372873][T21227] bridge_slave_0: entered promiscuous mode [ 1354.381293][T21197] team0: Port device team_slave_1 added [ 1354.382776][ T3472] bridge_slave_1: left allmulticast mode [ 1354.382850][ T3472] bridge_slave_1: left promiscuous mode [ 1354.383501][ T3472] bridge0: port 2(bridge_slave_1) entered disabled state [ 1354.468218][ T3472] bridge_slave_0: left allmulticast mode [ 1354.468242][ T3472] bridge_slave_0: left promiscuous mode [ 1354.468443][ T3472] bridge0: port 1(bridge_slave_0) entered disabled state [ 1354.530644][ T3472] bridge_slave_1: left allmulticast mode [ 1354.530671][ T3472] bridge_slave_1: left promiscuous mode [ 1354.530877][ T3472] bridge0: port 2(bridge_slave_1) entered disabled state [ 1354.599409][ T3472] bridge_slave_0: left allmulticast mode [ 1354.599434][ T3472] bridge_slave_0: left promiscuous mode [ 1354.599616][ T3472] bridge0: port 1(bridge_slave_0) entered disabled state [ 1354.670219][ T3472] bridge_slave_1: left allmulticast mode [ 1354.670245][ T3472] bridge_slave_1: left promiscuous mode [ 1354.670495][ T3472] bridge0: port 2(bridge_slave_1) entered disabled state [ 1354.730267][ T3472] bridge_slave_0: left allmulticast mode [ 1354.730292][ T3472] bridge_slave_0: left promiscuous mode [ 1354.730478][ T3472] bridge0: port 1(bridge_slave_0) entered disabled state [ 1354.967119][ T5117] Bluetooth: hci3: command tx timeout [ 1356.194412][ T5890] ------------[ cut here ]------------ [ 1356.194428][ T5890] faux_driver vkms: [drm] vblank wait timed out on crtc 0 [ 1356.194455][ T5890] WARNING: drivers/gpu/drm/drm_vblank.c:1318 at drm_wait_one_vblank+0x39a/0x5c0, CPU#1: kworker/1:4/5890 [ 1356.194611][ T5890] Modules linked in: [ 1356.194634][ T5890] CPU: 1 UID: 0 PID: 5890 Comm: kworker/1:4 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1356.194659][ T5890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1356.194675][ T5890] Workqueue: events drm_fb_helper_damage_work [ 1356.194753][ T5890] RIP: 0010:drm_wait_one_vblank+0x587/0x5c0 [ 1356.194778][ T5890] Code: 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 ba d4 f6 fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 8b 4c 24 04 <67> 48 0f b9 3a e9 d5 fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f [ 1356.194804][ T5890] RSP: 0018:ffffc90005dc7860 EFLAGS: 00010246 [ 1356.194822][ T5890] RAX: 1ffff110282e1800 RBX: ffffffff8ee5b070 RCX: 0000000000000000 [ 1356.194849][ T5890] RDX: ffffffff8b569b80 RSI: ffffffff8b584ca0 RDI: ffffffff8ee5b070 [ 1356.194866][ T5890] RBP: ffffc90005dc7948 R08: 0000000000000000 R09: 0000000000000000 [ 1356.194880][ T5890] R10: dffffc0000000000 R11: fffffbfff1db66ef R12: ffffffff8b584ca0 [ 1356.194895][ T5890] R13: ffff88814170c000 R14: 1ffff92000bb8f10 R15: ffffffff8b569b80 [ 1356.194909][ T5890] FS: 0000000000000000(0000) GS:ffff888126def000(0000) knlGS:0000000000000000 [ 1356.194924][ T5890] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1356.194937][ T5890] CR2: 000000110c3bb3e7 CR3: 000000005c6fa000 CR4: 00000000003526f0 [ 1356.194953][ T5890] Call Trace: [ 1356.194962][ T5890] [ 1356.194974][ T5890] ? __pfx_drm_wait_one_vblank+0x10/0x10 [ 1356.194993][ T5890] ? rt_spin_unlock+0x150/0x200 [ 1356.195072][ T5890] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1356.195118][ T5890] ? rt_spin_unlock+0x161/0x200 [ 1356.195152][ T5890] ? drm_vblank_get+0x147/0x260 [ 1356.195178][ T5890] drm_client_modeset_wait_for_vblank+0xc5/0xf0 [ 1356.195215][ T5890] drm_fb_helper_damage_work+0xc9/0x650 [ 1356.195240][ T5890] ? process_scheduled_works+0x9ef/0x1770 [ 1356.195277][ T5890] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 1356.195309][ T5890] ? process_scheduled_works+0x9ef/0x1770 [ 1356.195334][ T5890] ? process_scheduled_works+0x9ef/0x1770 [ 1356.195363][ T5890] process_scheduled_works+0xad1/0x1770 [ 1356.195447][ T5890] ? __pfx_process_scheduled_works+0x10/0x10 [ 1356.195472][ T5890] ? do_raw_spin_lock+0x121/0x290 [ 1356.195516][ T5890] worker_thread+0x8a0/0xda0 [ 1356.195556][ T5890] ? __kthread_parkme+0x7b/0x200 [ 1356.195595][ T5890] kthread+0x711/0x8a0 [ 1356.195629][ T5890] ? __pfx_worker_thread+0x10/0x10 [ 1356.195655][ T5890] ? __pfx_kthread+0x10/0x10 [ 1356.195685][ T5890] ? rt_spin_unlock+0x150/0x200 [ 1356.195720][ T5890] ? rt_spin_unlock+0x161/0x200 [ 1356.195748][ T5890] ? __pfx_kthread+0x10/0x10 [ 1356.195781][ T5890] ret_from_fork+0x510/0xa50 [ 1356.195836][ T5890] ? __pfx_ret_from_fork+0x10/0x10 [ 1356.195859][ T5890] ? __switch_to+0xc9e/0x1480 [ 1356.195899][ T5890] ? __pfx_kthread+0x10/0x10 [ 1356.195934][ T5890] ret_from_fork_asm+0x1a/0x30 [ 1356.195990][ T5890] [ 1356.196011][ T5890] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1356.196028][ T5890] CPU: 1 UID: 0 PID: 5890 Comm: kworker/1:4 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1356.196054][ T5890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1356.196069][ T5890] Workqueue: events drm_fb_helper_damage_work [ 1356.196097][ T5890] Call Trace: [ 1356.196107][ T5890] [ 1356.196117][ T5890] vpanic+0x1e0/0x670 [ 1356.196162][ T5890] panic+0xb9/0xc0 [ 1356.196194][ T5890] ? __pfx_panic+0x10/0x10 [ 1356.196237][ T5890] ? ret_from_fork_asm+0x1a/0x30 [ 1356.196278][ T5890] __warn+0x317/0x4b0 [ 1356.196309][ T5890] ? drm_wait_one_vblank+0x39a/0x5c0 [ 1356.196339][ T5890] ? drm_wait_one_vblank+0x39a/0x5c0 [ 1356.196364][ T5890] __report_bug+0x288/0x500 [ 1356.196458][ T5890] ? drm_wait_one_vblank+0x39a/0x5c0 [ 1356.196490][ T5890] ? __pfx___report_bug+0x10/0x10 [ 1356.196547][ T5890] report_bug_entry+0x19a/0x290 [ 1356.196584][ T5890] ? drm_wait_one_vblank+0x587/0x5c0 [ 1356.196606][ T5890] ? drm_wait_one_vblank+0x58c/0x5c0 [ 1356.196630][ T5890] handle_bug+0xca/0x200 [ 1356.196657][ T5890] exc_invalid_op+0x1a/0x50 [ 1356.196683][ T5890] asm_exc_invalid_op+0x1a/0x20 [ 1356.196706][ T5890] RIP: 0010:drm_wait_one_vblank+0x587/0x5c0 [ 1356.196732][ T5890] Code: 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 ba d4 f6 fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 8b 4c 24 04 <67> 48 0f b9 3a e9 d5 fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f [ 1356.196757][ T5890] RSP: 0018:ffffc90005dc7860 EFLAGS: 00010246 [ 1356.196775][ T5890] RAX: 1ffff110282e1800 RBX: ffffffff8ee5b070 RCX: 0000000000000000 [ 1356.196800][ T5890] RDX: ffffffff8b569b80 RSI: ffffffff8b584ca0 RDI: ffffffff8ee5b070 [ 1356.196818][ T5890] RBP: ffffc90005dc7948 R08: 0000000000000000 R09: 0000000000000000 [ 1356.196834][ T5890] R10: dffffc0000000000 R11: fffffbfff1db66ef R12: ffffffff8b584ca0 [ 1356.196850][ T5890] R13: ffff88814170c000 R14: 1ffff92000bb8f10 R15: ffffffff8b569b80 [ 1356.196892][ T5890] ? __pfx_drm_wait_one_vblank+0x10/0x10 [ 1356.196915][ T5890] ? rt_spin_unlock+0x150/0x200 [ 1356.196945][ T5890] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1356.196976][ T5890] ? rt_spin_unlock+0x161/0x200 [ 1356.197009][ T5890] ? drm_vblank_get+0x147/0x260 [ 1356.197034][ T5890] drm_client_modeset_wait_for_vblank+0xc5/0xf0 [ 1356.197075][ T5890] drm_fb_helper_damage_work+0xc9/0x650 [ 1356.197104][ T5890] ? process_scheduled_works+0x9ef/0x1770 [ 1356.197134][ T5890] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 1356.197169][ T5890] ? process_scheduled_works+0x9ef/0x1770 [ 1356.197186][ T5890] ? process_scheduled_works+0x9ef/0x1770 [ 1356.197206][ T5890] process_scheduled_works+0xad1/0x1770 [ 1356.197247][ T5890] ? __pfx_process_scheduled_works+0x10/0x10 [ 1356.197264][ T5890] ? do_raw_spin_lock+0x121/0x290 [ 1356.197296][ T5890] worker_thread+0x8a0/0xda0 [ 1356.197325][ T5890] ? __kthread_parkme+0x7b/0x200 [ 1356.197353][ T5890] kthread+0x711/0x8a0 [ 1356.197378][ T5890] ? __pfx_worker_thread+0x10/0x10 [ 1356.197397][ T5890] ? __pfx_kthread+0x10/0x10 [ 1356.197418][ T5890] ? rt_spin_unlock+0x150/0x200 [ 1356.197443][ T5890] ? rt_spin_unlock+0x161/0x200 [ 1356.197463][ T5890] ? __pfx_kthread+0x10/0x10 [ 1356.197487][ T5890] ret_from_fork+0x510/0xa50 [ 1356.197507][ T5890] ? __pfx_ret_from_fork+0x10/0x10 [ 1356.197524][ T5890] ? __switch_to+0xc9e/0x1480 [ 1356.197554][ T5890] ? __pfx_kthread+0x10/0x10 [ 1356.197578][ T5890] ret_from_fork_asm+0x1a/0x30 [ 1356.197616][ T5890] [ 1356.198238][ T5890] Kernel Offset: disabled