last executing test programs: 14m7.467886547s ago: executing program 32 (id=199): r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x10001]}, 0x8, 0x0) r1 = syz_io_uring_setup(0x23d, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, 0x0) syz_io_uring_submit(r2, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0, 0x400}, {r0, 0x1a084}], 0x2, 0x0, 0x0, 0x0) timer_create(0x2, &(0x7f0000000800)={0x0, 0x21}, &(0x7f0000000000)=0x0) timer_settime(r3, 0x1, &(0x7f0000000880)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) 12m57.817250026s ago: executing program 33 (id=311): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000500)='rcu_utilization\x00', r3, 0x0, 0x4}, 0x18) memfd_create(0x0, 0x0) socket(0x2, 0x80805, 0x0) timer_create(0x2, &(0x7f0000000480)={0x0, 0x39, 0x0, @thr={0x0, 0x0}}, &(0x7f00000004c0)) socket$inet_udp(0x2, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) io_uring_setup(0xfc6, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') lseek(r4, 0x1000000, 0x0) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r5, 0xfffffffc) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r6, 0x0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x40) socket$nl_generic(0x10, 0x3, 0x10) 12m39.780579602s ago: executing program 0 (id=350): socket$nl_generic(0x10, 0x3, 0x10) keyctl$get_persistent(0x16, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb45, 0x100000000009, 0xa, 0x0, 0x3}, 0x0) listen(0xffffffffffffffff, 0x0) unshare(0x28040680) socket$alg(0x26, 0x5, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x60040, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20004804) bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="050000000600000008000000ad00000000000000", @ANYRES32, @ANYBLOB="00000004c486fc025c6302b80000000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/21], 0x50) 12m24.33843936s ago: executing program 34 (id=350): socket$nl_generic(0x10, 0x3, 0x10) keyctl$get_persistent(0x16, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb45, 0x100000000009, 0xa, 0x0, 0x3}, 0x0) listen(0xffffffffffffffff, 0x0) unshare(0x28040680) socket$alg(0x26, 0x5, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x60040, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20004804) bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="050000000600000008000000ad00000000000000", @ANYRES32, @ANYBLOB="00000004c486fc025c6302b80000000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/21], 0x50) 6m16.024014271s ago: executing program 1 (id=837): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)) chdir(&(0x7f00000003c0)='./bus\x00') r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r0, &(0x7f0000001fc0)=""/184, 0x20002078) 6m14.799452577s ago: executing program 1 (id=840): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000140), r0) sendmsg$NLBL_MGMT_C_LISTDEF(r0, 0x0, 0x40) 6m13.581739875s ago: executing program 1 (id=844): bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_io_uring_setup(0x63d, &(0x7f0000000640)={0x0, 0x8826, 0x80, 0x0, 0x2d}, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x3c, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000300000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40) 6m12.268029115s ago: executing program 1 (id=846): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) write$RDMA_USER_CM_CMD_QUERY(0xffffffffffffffff, &(0x7f00000001c0)={0x13, 0x10, 0xfa00, {0x0, 0xffffffffffffffff, 0x2}}, 0x18) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x60, 0x2, 0x6, 0x5, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xc8f}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x60}}, 0x20004000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004b74ffec85000000370000008500000007000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) 6m8.253804527s ago: executing program 1 (id=847): r0 = openat$sequencer(0xffffffffffffff9c, 0x0, 0x8002, 0x0) r1 = syz_io_uring_setup(0x239, &(0x7f0000001080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) write$P9_RSTATu(r0, &(0x7f0000000580)={0x21e, 0x2, 0x0, {{0x500, 0xdd, 0x0, 0x4, {}, 0x3810000, 0x0, 0x0, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pg>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1\x00\x00\x00\x00\x00\x00\x00\x00', 0x2, '\b\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300, 0x0, 0x0, 0xee01}}, 0x21e) 6m5.745619615s ago: executing program 1 (id=851): bpf$MAP_CREATE(0x0, 0x0, 0x48) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setitimer(0x0, 0x0, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)={0x14, 0x30, 0x107, 0x70bd2a, 0x25dfdbfd, {0x3, 0x7c}}, 0x14}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) 5m48.702766651s ago: executing program 35 (id=851): bpf$MAP_CREATE(0x0, 0x0, 0x48) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setitimer(0x0, 0x0, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)={0x14, 0x30, 0x107, 0x70bd2a, 0x25dfdbfd, {0x3, 0x7c}}, 0x14}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) 5m25.333351351s ago: executing program 4 (id=904): prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r0, 0xf504, 0x0) r1 = fsopen(&(0x7f0000000000)='ceph\x00', 0x0) sendmsg$NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, 0x0, 0x800) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f00000000c0)='test_dummy_encryption', &(0x7f0000000180)='auto_da_alloc', 0x0) 5m20.766626602s ago: executing program 4 (id=907): socket(0x2, 0x2, 0x1) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000040)=0xfffffffd) r1 = openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) setsockopt$RDS_FREE_MR(0xffffffffffffffff, 0x114, 0x3, &(0x7f00000005c0), 0x10) ioctl$FBIOBLANK(r1, 0x4611, 0x4) 5m19.073921094s ago: executing program 4 (id=909): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x23) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x3, @ipv4={'\x00', '\xff\xff', @local}, 0x40004}, 0x1c) connect$inet6(r0, &(0x7f0000000440)={0xa, 0xfffe, 0x380000, @empty, 0x401}, 0x1c) 5m18.553647383s ago: executing program 4 (id=911): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) r1 = syz_io_uring_setup(0x239, &(0x7f0000001080)={0x0, 0x0, 0x10100}, 0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) write$P9_RSTATu(r0, &(0x7f0000000580)={0x21e, 0x2, 0x0, {{0x500, 0xdd, 0x0, 0x4, {}, 0x3810000, 0x0, 0x0, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pg>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1\x00\x00\x00\x00\x00\x00\x00\x00', 0x2, '\b\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300, 0x0, 0x0, 0xee01}}, 0x21e) 5m17.574002356s ago: executing program 4 (id=913): socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'}) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r1 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x1, 0x180, 0x20ff, 0x5, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0) sendfile(r1, r1, &(0x7f0000000080), 0x7f03) 5m15.741543293s ago: executing program 4 (id=916): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) write$RDMA_USER_CM_CMD_QUERY(0xffffffffffffffff, &(0x7f00000001c0)={0x13, 0x10, 0xfa00, {0x0, 0xffffffffffffffff, 0x2}}, 0x18) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x60, 0x2, 0x6, 0x5, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xc8f}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x60}}, 0x20004000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004b74ffec85000000370000008500000007000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) 4m59.617780857s ago: executing program 36 (id=916): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) write$RDMA_USER_CM_CMD_QUERY(0xffffffffffffffff, &(0x7f00000001c0)={0x13, 0x10, 0xfa00, {0x0, 0xffffffffffffffff, 0x2}}, 0x18) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x60, 0x2, 0x6, 0x5, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xc8f}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x60}}, 0x20004000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004b74ffec85000000370000008500000007000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) 3m53.76347495s ago: executing program 7 (id=1028): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() r1 = socket$nl_route(0x10, 0x3, 0x0) lsetxattr(&(0x7f0000000280)='./file0\x00', &(0x7f0000000880)=@known='trusted.syz\x00', &(0x7f00000008c0)='\x00', 0x1, 0x1) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_sfeatures={0x33, 0x1, [{0xfe}]}}) pselect6(0x0, 0x0, &(0x7f0000000080)={0x7fffffffffffffff, 0x2, 0x0, 0x3, 0x8, 0x0, 0x7f, 0x100000040004000}, &(0x7f00000000c0)={0x0, 0x80006, 0x200, 0x2, 0x8, 0xc3, 0x100000000, 0x3c}, 0x0, 0x0) socket(0x2a, 0x2, 0x0) prlimit64(r0, 0xd, &(0x7f0000000140)={0x4, 0x9}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x17, 0x4, 0x6, 0xfffa}, 0x1d, [0x1, 0xc95a, 0xfffffff3, 0xb, 0x80, 0x2, 0xbe3, 0x7f, 0x6, 0x400004d, 0x39cc191a, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x3, 0x2, 0x4, 0x7, 0x1, 0x2c5b, 0x1, 0x24, 0x9, 0x1, 0x1f461e2c, 0x2, 0xe661, 0x8000, 0xb, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x242, 0x10001, 0xe, 0x0, 0x71, 0x2, 0x6, 0x3, 0x2, 0x5, 0x3e, 0x8f, 0x0, 0x6, 0x0, 0x92a3, 0x4, 0x1, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000004, 0x4, 0x12f, 0x7ffe, 0x10, 0xfffffff3, 0x12b432e6, 0xcb, 0xf9, 0xd, 0x9, 0x6c7, 0x1000, 0xc0fe626c, 0x3, 0x0, 0x2007, 0x492e0401, 0x2f, 0xe, 0x312, 0x78, 0xea8, 0x0, 0x4, 0x4, 0x8000, 0x9, 0x3fe, 0x0, 0x6, 0x1, 0xff, 0x5, 0x4ad, 0x5f31, 0x4, 0x0, 0x2, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x7, 0x8000, 0x1, 0xfe000000, 0x9, 0x2, 0x7f, 0x9, 0x3, 0x3, 0x9, 0x1, 0x7, 0x3, 0x9, 0x48c9368f, 0x42, 0x2], [0x4, 0x6, 0x0, 0x5, 0xfffffffa, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0xfffffffd, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x1, 0x8, 0x86, 0xffffffff, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0xffffffff, 0x3, 0x8, 0x4, 0x8001, 0x9, 0x38, 0x8, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0xac8, 0xbf, 0x10002, 0x3, 0x7ff, 0xfffffff9, 0x0, 0x1, 0xffff, 0x0, 0x6, 0x1c, 0x120000, 0x3, 0x6, 0xaaeb, 0x4, 0x25], [0x9, 0xbb31, 0x6, 0xefa, 0x5, 0x1, 0x3d9, 0x6, 0x7f, 0x5, 0xce7, 0x1ff, 0x2, 0x7, 0x5, 0x1003, 0x101, 0x50000, 0x6, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x6, 0xffffffff, 0x80000000, 0x5, 0x8, 0xc8, 0x101, 0x0, 0xffff, 0x3, 0x7f, 0x100, 0x9602, 0xb, 0x2, 0x4, 0x6, 0x1, 0x10080, 0x3, 0x8, 0x30b1d693, 0xa1f, 0x4, 0x7, 0x1, 0x6c1b, 0x0, 0x3, 0x5, 0xb1c, 0x1, 0x200, 0x9, 0xfff]}, 0x45c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a000000020000006d0500000200000000000000", @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000007546865a170e9bda323f86d0831e3723b3774cc0afbadd14eabfbc6f8b6eaa44801e043b2bfbbb76ff0f57de1c1e92b1362cfd37dcb9fbfce31624bc2df3791a08a32453cf645fd18555545040e22bd25701383dc91fe3c9298b1928bfe33216bfc25e51cee22f28f364b25fdb23e28bf70b9d84ba28bd9ab25863c3ff1b9ddfb60bf359b5d1ae02aac0af7eee85630fe3193f499f45845e3e27d68f6534da9bbfffe6a812f8c8118828be805850", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r3}, 0x38) getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000940)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0xf0b, 0x4, 0x25dfdbfe, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x28, 0x2, [@TCA_CAKE_RAW={0x8}, @TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x9}, @TCA_CAKE_MEMORY={0x8, 0xa, 0x101}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x4}]}}]}, 0x58}}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000140)={0xe, 0x20000008b}, 0x0) r5 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1e00000000010000080000000700000010000000", @ANYRES32=r3, @ANYBLOB="0300"/11, @ANYRES32=r4, @ANYRES32, @ANYBLOB="05000000020000000400"/28], 0x50) ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000400)={0xf0f02a, 0x2}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYRES32], 0x20}, 0x1, 0x0, 0x0, 0xc094}, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) 3m47.933519686s ago: executing program 7 (id=1034): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x20100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000140)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x9, 0x7, 0xfd, 0x1c, 0x5, 0x2, 0x4d, 0x2, 0xf9, 0x1, 0x80, 0xc, 0x8000000000000000}, {0x6, 0x80, 0x8, 0xc4, 0x4, 0x7, 0x6, 0x3, 0x7, 0xff, 0x0, 0x7d}, {0xe2a5, 0x401, 0x1, 0x9, 0x2, 0x6, 0x8, 0xb, 0xff, 0x6, 0x56, 0x3, 0x100}]}) 3m46.953372654s ago: executing program 7 (id=1040): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000340)={0x0, 0xcc}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000000c0)={0x0, 0xf7}, 0x8) 3m43.969434943s ago: executing program 7 (id=1044): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() r1 = socket$nl_route(0x10, 0x3, 0x0) lsetxattr(&(0x7f0000000280)='./file0\x00', &(0x7f0000000880)=@known='trusted.syz\x00', &(0x7f00000008c0)='\x00', 0x1, 0x1) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_sfeatures={0x33, 0x1, [{0xfe}]}}) pselect6(0x0, 0x0, &(0x7f0000000080)={0x7fffffffffffffff, 0x2, 0x0, 0x3, 0x8, 0x0, 0x7f, 0x100000040004000}, &(0x7f00000000c0)={0x0, 0x80006, 0x200, 0x2, 0x8, 0xc3, 0x100000000, 0x3c}, 0x0, 0x0) socket(0x2a, 0x2, 0x0) prlimit64(r0, 0xd, &(0x7f0000000140)={0x4, 0x9}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x17, 0x4, 0x6, 0xfffa}, 0x1d, [0x1, 0xc95a, 0xfffffff3, 0xb, 0x80, 0x2, 0xbe3, 0x7f, 0x6, 0x400004d, 0x39cc191a, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x3, 0x2, 0x4, 0x7, 0x1, 0x2c5b, 0x1, 0x24, 0x9, 0x1, 0x1f461e2c, 0x2, 0xe661, 0x8000, 0xb, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x242, 0x10001, 0xe, 0x0, 0x71, 0x2, 0x6, 0x3, 0x2, 0x5, 0x3e, 0x8f, 0x0, 0x6, 0x0, 0x92a3, 0x4, 0x1, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000004, 0x4, 0x12f, 0x7ffe, 0x10, 0xfffffff3, 0x12b432e6, 0xcb, 0xf9, 0xd, 0x9, 0x6c7, 0x1000, 0xc0fe626c, 0x3, 0x0, 0x2007, 0x492e0401, 0x2f, 0xe, 0x312, 0x78, 0xea8, 0x0, 0x4, 0x4, 0x8000, 0x9, 0x3fe, 0x0, 0x6, 0x1, 0xff, 0x5, 0x4ad, 0x5f31, 0x4, 0x0, 0x2, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x7, 0x8000, 0x1, 0xfe000000, 0x9, 0x2, 0x7f, 0x9, 0x3, 0x3, 0x9, 0x1, 0x7, 0x3, 0x9, 0x48c9368f, 0x42, 0x2], [0x4, 0x6, 0x0, 0x5, 0xfffffffa, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0xfffffffd, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x1, 0x8, 0x86, 0xffffffff, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0xffffffff, 0x3, 0x8, 0x4, 0x8001, 0x9, 0x38, 0x8, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0xac8, 0xbf, 0x10002, 0x3, 0x7ff, 0xfffffff9, 0x0, 0x1, 0xffff, 0x0, 0x6, 0x1c, 0x120000, 0x3, 0x6, 0xaaeb, 0x4, 0x25], [0x9, 0xbb31, 0x6, 0xefa, 0x5, 0x1, 0x3d9, 0x6, 0x7f, 0x5, 0xce7, 0x1ff, 0x2, 0x7, 0x5, 0x1003, 0x101, 0x50000, 0x6, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x6, 0xffffffff, 0x80000000, 0x5, 0x8, 0xc8, 0x101, 0x0, 0xffff, 0x3, 0x7f, 0x100, 0x9602, 0xb, 0x2, 0x4, 0x6, 0x1, 0x10080, 0x3, 0x8, 0x30b1d693, 0xa1f, 0x4, 0x7, 0x1, 0x6c1b, 0x0, 0x3, 0x5, 0xb1c, 0x1, 0x200, 0x9, 0xfff]}, 0x45c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a000000020000006d0500000200000000000000", @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000007546865a170e9bda323f86d0831e3723b3774cc0afbadd14eabfbc6f8b6eaa44801e043b2bfbbb76ff0f57de1c1e92b1362cfd37dcb9fbfce31624bc2df3791a08a32453cf645fd18555545040e22bd25701383dc91fe3c9298b1928bfe33216bfc25e51cee22f28f364b25fdb23e28bf70b9d84ba28bd9ab25863c3ff1b9ddfb60bf359b5d1ae02aac0af7eee85630fe3193f499f45845e3e27d68f6534da9bbfffe6a812f8c8118828be805850", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r3}, 0x38) getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000940)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0xf0b, 0x4, 0x25dfdbfe, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x28, 0x2, [@TCA_CAKE_RAW={0x8}, @TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x9}, @TCA_CAKE_MEMORY={0x8, 0xa, 0x101}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x4}]}}]}, 0x58}}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1e00000000010000080000000700000010000000", @ANYRES32=r3, @ANYBLOB="0300"/11, @ANYRES32=r4, @ANYRES32, @ANYBLOB="05000000020000000400"/28], 0x50) ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000400)={0xf0f02a, 0x2}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYRES32], 0x20}, 0x1, 0x0, 0x0, 0xc094}, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) 3m40.40375792s ago: executing program 7 (id=1050): syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x2b, 0x801, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x48f, &(0x7f0000000000)={0x2, @private=0xa010102, 0x0, 0x3, 'nq\x00', 0x1d, 0x8, 0x5}, 0x2c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r3, 0x4068aea3, &(0x7f0000000180)={0xbe, 0x0, 0x1}) 3m38.629798283s ago: executing program 7 (id=1055): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = socket$inet(0x2, 0x3, 0x9) shutdown(r2, 0x0) recvmmsg(r2, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) 3m21.842856934s ago: executing program 37 (id=1055): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = socket$inet(0x2, 0x3, 0x9) shutdown(r2, 0x0) recvmmsg(r2, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) 1m42.503971342s ago: executing program 5 (id=1220): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000000)={0x2c, &(0x7f0000000300)=ANY=[@ANYBLOB="000005"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="00030200000002"], 0x0, 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f00000004c0)={0x2c, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000205"], 0x0, 0x0, 0x0, 0x0}, 0x0) 1m41.233576502s ago: executing program 8 (id=1226): openat$ptmx(0xffffffffffffff9c, 0x0, 0xb00, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x34, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_LANES={0x8, 0x9, 0x1}]}, 0x34}}, 0x0) 1m40.569403411s ago: executing program 8 (id=1228): socket$inet(0x2b, 0x801, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, 0x0) 1m39.865648999s ago: executing program 8 (id=1230): sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_setup(0x1104, 0x0, &(0x7f00000001c0), 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x1ff, 0x1, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mkdir(0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000040)=0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000001000)={"db4c1421593cb4d3f8fe6094dc821bbbe06520701fc6de7b0349f34b0f8c556a9e9aff1355aab8d6da26d74608530f150f127f9e3f0a2f1fff0be9774c95d6c007c91903f78616596487bf50017c56b15385ab264cba5b168c62d971e67e6f3e73d60b5a8adbaaf2af8610c6a91c0a116f619adce4aa91d5a68faf8ee98693d32d8d8244381b5720ef596600e39491d216c22d0725904bab7d90fa8afb8fa04b707410aa300ef098609b4fa6dd77b1b7c321b1fc6356564ce3f90826be3a9a5be186ffc48eb13824e9dae77ed212a0f802074ff4f1725c4ad88cf5bbd36e3406bc59d96e82047631d8be9462ee7e54e5b2897c3fff38eabf67e1e160c2b5e18be06457844d89c9a606b7d25fbde713f4759da0bee1fabe3f71dcca63540f113a2b5edc4b327d1f9610377b97265d4aa875b4bc3c44bf8110d5df1beb1fe54794a0aa52dfc80df1caf7d812b4f1cdba1a6836b45ea2180d08439d411ce8e0755868cc839eaeac73e5d28f9f1990584038cf5fa6bee0c4095a27cc8c7b59519bf2a9bf1fedf54cc2dc6aea6c42c32de40c291e5f422f5c7792a08926af160fb379576dd81bac746232fb246817fc3248097914b75e83cc5eb518ce8fb643b34ca69c3b61f0d94e7db62dd480198d41e0862f1ec4429ab637569884a5ba446a0b09edfd986a2b3e15ee35bbd18610dad6271681ed240b0ffab9199b541013c0aadc36484da57511896c14776a41602aa1426edfbb828897d9c218b7936a0572840ebbc796e888a439b24e640324b511deb6ed0b2ce2f7567447826944b4f34101e492e8d20a2deda950e96e78f86d6d4c976f0c99041c94944309e6ce08d84a7c96677d570d9a57ec0506a4321d9e049b55be883ca3648c27772fc5dbaea5e6c2ded2ce72fb68989ae381fe1394cf6966ab04285d5ff8256bc2e85462b8d89aeeebd5432157c945b5dc1960d9282c6cc007fe029325d6078aef94d4954f956c71bcdf846f41392ebe0d3b289438d24ec4bc073617459a6b232445dd636a9f21140e14b162fd5ef1d626b0ff84884fd63d22cc1b05befb77ea937f3045cc15b125479b262c1e32fca75a5468423288c5776efee744b1fccb5e6d661d9d287cfa8582c96ea34a33c1bbc29c0035657da66a87150bbb885be5ee123e431fd793ea179a0fc77aaee66d874c0616cb32324826b36d0e27d14217ad1131cace3bae4ef82dfbc790e78de53a9bfbdb468bf0eb3ff134073b380858965de2d108862daf3fc6b49ad46f20832238aeaa5d010cf08e37938f0bb7bbeaa970c39ce9327a16fe07565708266ce9ef639bfa08538693b456228aa1c370d64ef9795b7cc208a2c528d381a042d149ed5c7f34ed26a7d5a4401b86434f054389e5dac7a4ee896e406d7b27240d925d478e0eb2202797832d3e2c74f4925ad58377b0d6ae9b97034f94"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x9, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) 1m39.476592773s ago: executing program 5 (id=1232): bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0, 0x2}, 0x20) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'}) prlimit64(0x0, 0xe, 0x0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x43, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000380)=0xd) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x40001e0, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket(0x40000000015, 0x5, 0x0) openat$sequencer2(0xffffffffffffff9c, 0x0, 0xc000, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000480)={@private2, 0x3e}) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000280)={@local, 0x65}) sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)={0x14, 0x16, 0xf15, 0x0, 0x25dfdbfb, "", [@typed={0x4}]}, 0x14}], 0x1}, 0x0) 1m37.430511075s ago: executing program 8 (id=1234): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a3100000000090003007379"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x50) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x8000002, 0x2000}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x3, @loopback}, 0x1c) 1m34.537520222s ago: executing program 5 (id=1236): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYRES32], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x58, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5c5, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x34040841}, 0x20044801) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xb635773f06ebbee2, 0x8031, r1, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) io_setup(0x6, &(0x7f00000003c0)=0x0) io_submit(r4, 0x1, &(0x7f00000000c0)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}]) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000640)=ANY=[], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x3, 0x15, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000090000000000000009000000189c00009aa340983f0d56d467a526474a5863ff3f", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018610000030000000000000000040000ac0d0c00040000009711e0ff0000000095000000000000003c63000008000000bf91000000000000b7020000020000008500000084000000b7000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x88983, 0x0) ioctl$TCXONC(r8, 0x540a, 0x2) ioctl$TIOCSPTLCK(r8, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r8, 0x5420, &(0x7f0000000200)=0x1b) r9 = ioctl$TIOCGPTPEER(r8, 0x5441, 0x3) ioctl$TCXONC(r9, 0x540a, 0x3) 1m33.957643936s ago: executing program 8 (id=1239): socket$inet(0x2b, 0x801, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, 0x0) 1m33.222780655s ago: executing program 5 (id=1242): socket$inet(0x2, 0x2, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x700}, {0x85, 0x0, 0x0, 0x86}}, {}, [@jmp={0x5, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2000}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x2a}}}, &(0x7f0000000080)='GPL\x00', 0x1, 0xff2, &(0x7f0000001cc0)=""/4082, 0x41100, 0xe}, 0x94) 1m33.076705858s ago: executing program 8 (id=1245): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'}) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0e0000000400000004"], 0x48) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'}) 1m32.477736836s ago: executing program 5 (id=1247): gettid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(r1, r1) socket$inet6(0xa, 0x1, 0x3a) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f0000000580)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x4c, r3, 0x200, 0x70bd28, 0x25dfdbfc, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x7, 0x68}}}}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0xd4, 0x19}}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x2, 0x18}}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x1, 0x1a}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x1e93fc4e03cf24c}, 0x1) creat(0x0, 0x0) gettid() timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000000), 0x6, 0x242) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) fsetxattr$security_capability(r4, &(0x7f0000001cc0), &(0x7f0000001d00)=@v2={0x2000000, [{0x101, 0x7}, {0x4, 0x20000000}]}, 0x14, 0x1) write$USERIO_CMD_SEND_INTERRUPT(r4, &(0x7f0000001d80)={0x2, 0x4}, 0x2) sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000380)={0x30, 0x2, 0x2, 0x5, 0x0, 0x0, {0x2, 0x0, 0x4}, [@CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x1}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x8001}, @CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x3}, @CTA_EXPECT_MASK={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) socket$inet6(0xa, 0x80002, 0x0) mkdir(&(0x7f0000000540)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) setsockopt(0xffffffffffffffff, 0xa, 0x14f, &(0x7f0000000500), 0x0) 1m31.106725692s ago: executing program 5 (id=1250): socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x1370, &(0x7f00000000c0)={0x0, 0x49fa, 0x10, 0x0, 0x4e}, &(0x7f0000000180)=0x0, &(0x7f0000000280)=0x0) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[0xffffffffffffffff], 0x1}) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r2, 0x47f6, 0x6ee0, 0x0, 0x0, 0x0) 1m17.530371155s ago: executing program 38 (id=1245): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'}) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0e0000000400000004"], 0x48) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'}) 1m15.498330693s ago: executing program 39 (id=1250): socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x1370, &(0x7f00000000c0)={0x0, 0x49fa, 0x10, 0x0, 0x4e}, &(0x7f0000000180)=0x0, &(0x7f0000000280)=0x0) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[0xffffffffffffffff], 0x1}) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r2, 0x47f6, 0x6ee0, 0x0, 0x0, 0x0) 25.512055073s ago: executing program 9 (id=1361): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000000c0)) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080)) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d00000007000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) writev(r0, &(0x7f0000000480)=[{&(0x7f0000000300)="062586c0d44dc999855a9d3cefd7768d", 0x10}], 0x1) 25.269903148s ago: executing program 2 (id=1362): ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) 24.069424757s ago: executing program 9 (id=1365): socket$l2tp(0x2, 0x2, 0x73) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYBLOB=',rootmode=0000000000000000040', @ANYRESDEC=0x0]) read$FUSE(r0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0/../file0/file0/file0\x00', 0x144) socket$can_bcm(0x1d, 0x2, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000440), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bind$inet(0xffffffffffffffff, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_MPP(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x1c, r4, 0x301, 0x0, 0xffffffff, {{0x11}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 18.157418026s ago: executing program 9 (id=1368): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x4055}, 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x4, 0x6, 0x101, 0x0, 0x0, {0x5, 0x0, 0x22}}, 0x14}, 0x1, 0x0, 0x0, 0x2000001}, 0x4000081) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x20000810) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x205, 0x6, 0x4, 0x0, 0x10003, 0x41, 0x400200cc0, 0x100ffd, 0x4, 0x0, 0x3, 0x3, 0x4, 0x2, 0x6a, 0x5], 0xeeee8000, 0x2011c0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17.665809267s ago: executing program 3 (id=1369): r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', 0xffffffffffffffff, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b80)=ANY=[], 0x50) r2 = getpgrp(0x0) fcntl$lock(r0, 0x7, &(0x7f0000000000)={0x0, 0x4, 0xc, 0x81, r2}) ptrace$ARCH_GET_UNTAG_MASK(0x1e, 0x0, &(0x7f0000000040), 0x4001) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r3, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f00000000c0)=[{0x0}], 0x1}}, {{0x0, 0x0, &(0x7f0000000440)}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000b40)}, {&(0x7f0000001a80)="d61f2c7a6ddbff16a09972b62284a63c170b9a6ec5cd29dfa047b76a9a0eeb4055c9dd2244e47c59e557c459c397cd02eb261fc7d521b1f2e95c3ce17726db0d3236a6d3b52d3f066554d84292329c8a6f034ff8d85d61dcf7ae508c5925903fb1feb7d07fe481313ad476131cf19514d6c77835e9cf82df2f153d9b82985da3e260fc6942d18345ac61b2958886a77e2a2726097d1888a25bee0fdec661520a057f8559f17e462bdf938f7f2303447bfaa744d3891372a825c63e83ff21650af922eaac39ab491cec071d31eebd6526d7a8ddd052d30beb962aeca814ad530c1413e502b92f3e51eaf75ec5b595b19e4945a1a821a8c47f804465f9e04d0ec9aff13036fe4f3a56b324e9ea795cc89d0f30433f3fa8aa7cc4dd93197840d644c6e48329c266316227ea917708cde40163a6b092d3c722a71e9f21255315cb87a74916d56da0479e7e8865b289fc8095a8477e7fee5eda0c55ec6d53c7aac85f6171717935832962f6db7889683497f3f5a4aa6c6af16908cc4c853536c4f624a75cae053c053f8490c028c15bf043adf4729306a4069324be546a83f71c16a15b86f1d6cb5505808acf055c982dfb14eaaa45b139ccc18952a1c1cbde3bb0d4882d72aa508b511b9a3e2b1a11b96aa29650279ca66b2ba92df4f9dcfa322ddd79d8a4da49182ac4d0c7078b2c2c2860e680276da35f952bc9627ab64d475aaeda4e896f04ffbb48983f29cee0574f219acb18778a0b17db40bca0", 0x21b}], 0x2}}], 0x3, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet6_udp(0xa, 0x2, 0x0) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001180), 0x2a01, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r4, 0x80083313, 0x0) 17.23971865s ago: executing program 2 (id=1370): r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r1 = syz_io_uring_setup(0x483f, &(0x7f00000010c0)={0x0, 0x1a93, 0x0, 0x3, 0xbbdffffc}, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r0, 0x80, &(0x7f00000000c0)=@un=@abs={0x1, 0x0, 0x4e23}, 0x0, 0x0, 0x2}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x3, 0x0, 0x0}, 0x94) io_uring_enter(r1, 0x47f6, 0x0, 0x4, 0x0, 0x0) 16.396038067s ago: executing program 3 (id=1371): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f00000000c0)='./file0\x00', 0x20000002) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 16.349785397s ago: executing program 6 (id=1372): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x400}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x0) 16.105687273s ago: executing program 0 (id=1273): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) r4 = socket(0x1d, 0x3, 0x1) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r3, 0x0, 0x8}, 0xfffffffffffffe39) socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301) ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000200)) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000180)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000b, 0x4031, 0xffffffffffffffff, 0x2251b000) ioctl$VIDIOC_SUBDEV_S_FMT(0xffffffffffffffff, 0xc0585605, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r6}, 0x10) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 16.021304053s ago: executing program 9 (id=1373): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000000)={0x2c, &(0x7f0000000300)=ANY=[@ANYBLOB="000005"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0003020000000203"], 0x0, 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f00000004c0)={0x2c, 0x0, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000205"], 0x0, 0x0, 0x0, 0x0}, 0x0) 15.657918114s ago: executing program 2 (id=1374): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000000c0)) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080)) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d0000000700000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) writev(r0, &(0x7f0000000480)=[{&(0x7f0000000300)="062586c0d44dc999855a9d3cefd7768d", 0x10}], 0x1) 15.460665155s ago: executing program 6 (id=1375): mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={0x0}, 0x18) close(r0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) sendmsg$unix(0xffffffffffffffff, 0x0, 0x4000011) r2 = socket$tipc(0x1e, 0x2, 0x0) connect$tipc(r2, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x5}}, 0x10) sendmmsg$inet(r2, &(0x7f0000006740)=[{{0x0, 0x0, &(0x7f00000056c0)=[{&(0x7f0000001240)="80349c0d9e8fcc9f44658138dc4a3c4ad42f918348474a5bc38ff0e0571fc22c8eb5cb22fdf30ced1a4c1ccb5e5b35fed7db48c1a8a7132adc5623d146ddfe2254dd2579b4284b53d1cea6206864473d31bdb00c9d1462458b678827e80c94d88099e7471a58b1463086f9cdd1ccc19fa2fc4a9dd5a56fe782d15e66648c7630f1aaa7e9820460c46e292dbb8fa6f6701048ff17f46097b1ee0750ed038f18b81b2ba014bf866062c9a6f88b5d07e13b7eddd968ba9c7a53609c7b61471a51fd85bceebc0a92b2cd7c45a7f4571e693abebc3c5ff16c8128d92476", 0xdb}, {&(0x7f0000000280)="5b4ea50f20d7212327afde5e7a457cde2dff791c69", 0x15}, {0x0}, {&(0x7f0000001440)="f0e266805aba28ca0c0d67b3479e1c7cb90d64b8ba8093c11696a92981d4fdd1f40043ce52efdea3f8d7b9ba23840df17c5a35207d6fc677263be310a063adb7b1528b8a04ec5b50d2cfa0df73c57f16a94941e8fb22f429a1f34b5b01514fefc4bd79a2cb936cf2eae82bd7b628431ae2d7b61059b35abc6ee24fd40e3c1bd6106af177bc4670395df7238a420fecf1e6ed3fe8906c3a2843215618fcb72ae77c6d36feefb4d45157e5d35fb4bf297d15ca042520f08e85ad2d7c5045fc7c4a2a8b6e149fc755d70437b3835083ee9fc662afbf840ab97f0adcdde20099bb22e909b937696e9d950ca0a361dfa8f5453454696927ae5a2401340264bdcdcd86941c18b536bdccb964461679d1b62855dadee9b66e5d494183283808c706247cdf83b45c44178775fc957483923b717724549dbe2f9a092fa07e93a7772d16bfbff9a0dd14d48d30b1e4f8206f92cf2fe08a7702f73404b79e77dec1b694e8a7c588a7bb2d770122291b10b456c4419dda49da0433a0aa5f0be221d29b45082b4f9521c2a1fbae507aa2652123619b78f340f01523bf9e6089e8e8186af2b85476d7059226f07467a6e036bf8808f2e9070b2a94ac1c64ec066def276c362a1d4a830edf754783f0a1e52e1adc4f6ca2d7200fd73b9cda79ccfcf57a27f60e184ebe12c4daeb214c2057b69719db280e0dcc2d10b085c7ab8e2394bae44893e3f335a3121bae3a33c32b004ab7bca48726029b77a6c784d2af3789fd520e37009d103c0a63598fa5857ee1b86a38a9feaf1d1f512d1884861c13d647d26888430e2f15e78cdd6a4c875e52de709dfdc4af4775ce03d7c8c3ff2b9fbae82dbabf11460bd1bc1ffe10c5062a265fd211a2b52a41613cc03917b8d34591885396369d1d172df31244a236c49d4457a936848684b59e326872d58c5db20684d1194ccb7ecbf5017f0f702f29c75cdeea09619db8bf00b41b1a165af13b3810d7f7b6a681aef628190f4fd53244a650b0500df500946792d003f2d2f0ba3c57f8257c0cc897cb1dabd63870ef86378a14e7f5068ea6a2311414656d766fb24e43c2a57b44cb1dc584d71e91628348790dc6a9adf85bc403a934e7603f7b45473407cf1395163b3efc9e880963bbd98140adfd624ccfc1141cd899826261e152265b9307695488c0cbad9027bf74b6f0c7adbc9878983d96e6026c818ac30fac3e2392e1c8fdab8ccf902d0915a471701083949efafc7a2e05608139fd0ef22d834ff02569878579c43635ad2d56d7cdfacaba8a3adc47c7fd42e521ca6b14726e68f67e2662c972bf9824ba847e22985400fad74280c22a0636aee80eeb7ef0c691cee94573ec78b53d43316ba691fd5274d1ff8085e297d2781a31f704dfeb58db9fa216c3356341207e953712de9ef27018bdfdddba8abc0c5f205908f12a42685ecc0c20cd92a57bba45a435f7bb412ccab1a6d877392971de8b808af07ea32b102dbcd7d00c869ad5cd8f5a5895b3d6dfef226d51d819756a85ffdde3d08f59fbbb7510a9ac3568f8f039fa7abc7b34685f3579050e88773cb4bb7958ff83aba1f23c8ab4ecd019c59781d47bcc50c64a957c3fa37311a240649313f77fa81020a5da0560d3bdabe6001ab6792ad782fe0e44bbb59efd4a524984742940563dd9e9a0226925324ac94373a9dcb16f32183ef3f465a13b83974f593e664f53131241e2133ce22917fbb412354a51026847f92aa7afadb1cdf51677fc2fe5938812ef17ae79f4db75afdfce3c5b8822dd612457b5f59dd616acdc473e97afb83f3c9789f3df399a2c3c89e8b5e6db33a306168b0cd4e8acbbd6ac81dd46cfb2f7d24b609d009049784611d027daa0cfb12111c1236aa010796cc687cbb151ba30e3a786ee8bfdae51e65a0c3667f7b8856089621742bdc19ad66f60eb48bd7f20b0ac2a523e89e6a7089e3704f266c52c58994e018e5d20b77a0413c71cafd420d9e0abb77e9f1199aca31f6d94372ca5736c749c197cac572e4962fc089f866a896763cd7b804c8e7211bd3a64f1ed12d65182deb850279ecb530683551bd50214e03b9f813431688dadf4caaf77d2e8b20d3e5c424243ab50f9c20462cea0f38eb080b02074e3e77a236d4ec929b04d134dcc5f767736c096794be3aec9f1195b87862128b436fbd0305a6ad6ebb0b2167e184c1de57048144b7567a6ad6c028c4b8a78858925f0ed415313da984484f753d14234d30964aa3d15af13337b6e5338d4f787abc18e0ea4d9656aa3c1d3eee0854078470a0e724062fd61a95f17516ca92faae8397ce07ba558a689ea49d25685a28c68fbc533892827829692d65a15711f0d14f7f685095f6c5dd085b30ffc4dfd9097157c1fab80023d24912861e87d1e484fe5a4476743dcb983d3eecabfe168db03f888432d8b1639e89c8f0513dc36ca8969ec364d28814fa6e21f979020df1292d772cd20c0eb4a5888f38d8d129e30ffee29ab6baf3b2f3a509e02d26b354f1ebe3531fe97968f1f678937b36f3684a8c100030a2328941dfc09574f7cebc26337cd4b2a6fc0b92affc3f3f892542e46fd6cfc2780c0b8a916b3fbb7f33a2537571b06643d82f86e2156740e024b360f48b844797971383610dc93abedc9945ec26d6a56e2701522e3fd6b77d4647a137346985af549d8944c652ddd797e1856a30f296258eb275981bc9432f38532d6e141d603b002c75247b3e71b39dbc01e8e64bc0cd510bd1700685a95ead8fb3fe8fbd72be2e8f9f5a9f1b2c400bfdc0aeabb14a7538c9a38a4839bf41120f2c2aa00277a327d7dff15f52854146a94ea41e4f14a15443124c6bcff43489e7e242c8315ed8d542377fefb6002292c1adc571c730d67b8dab5a4da06659fe7b69bac3147ef39fc877c323edbb9912886ab468c530a8d7844692010ea93effd20f4ccc47b3ff51f378c12b1d03155d49772f14d65bf2ce38f589ca4647b6713ae081fd13e74b307aba8bc34a4406d78c26ccfdf328f5c273b294f6c6419cc157eca59939ec4c0b95cc6d5f97c83c3f14aeb5b88910ec29cf64496d9b1b855fe073d4791507c7533846cdd7810667427583b3a8b7febb2c43643c09bebbb12c08781ac9d0995723fb47febef49e0d6631f054e5b3b3a284391590cfb5d5cf4aaa71586cb37b9fffa15848176da20969e88ed87dd8a4fa2b5140fd56f0a9973217f8ce0c6ee50b67214b6d7d6b84d41d83694a14b2e96f0cb79b49f5fe4dd21727c00819e83b6ea203bada46e9ae8ce7bebaf24f05fd20672e4230b3851b8f05bb2f0977dda7c8cdd1f2689b7a10a72018ff76699e53b2a3f77bf7fa03fe3cf85d4859c9db915fa5c1ddff79e77d0b1b6316d3e50d0d60a42271332f3e81376f120836cd3ea55b7f1453833a7bce0058f79b698a4bd0e857ae35b8ac8f20ed8f238475757af11ce7b450cf89191a4f27a365f594ef68efe6ea1a5c3518712b1aa37a1f47e05f85debfa461f5346d985a71e49ef17f4eb068862977d56671d445176934be6b5318300d7debf3ad8d7da0c014b25af2d8fa52753974116a8cea6c974692f5de03b526a075cc3bc8a4375333f0ef09dd3c361738a151f326ba3253c171f8f7876107eeac122a65124e59dfe7c66bb9546d6428559df314063ac08c03d96b04b6a91508371fa18348c65238546f3d489c7efc1bd01e6e389fbeaa8f125bc7b7c8673904eb676bbdfa3680fea612ba20fab20cdd411c2bafe0417b76852de9e863f09d291bf59510ead793cfd9d6710c0de77cefb5b65481d3aabde2683457b13e3b32ebc06f60d5afa47e36f652a95bd16dcf55dd3e1b05d0df9b8a183553097c2aa95aa175eda6792f58a74170781260e6120981549b3836d13ef037178dd8ddcb5a5624f3790f9d92b0f8f3cd11bddf478cd79456db871f32dd6e24948dd762ba2c22a94300f527c1df5ff05aef5ae4893ff88adc8f7af779d03fcb4ecabfa32460315f27505681242064541657acbb29f531043ce1d04ad189045140232f24f46d0580ada560c61fa4a90aec4743a9a0d466493476923cdff87a21127bac3da7d61d674d8bc9bd63cc3df85c707a912773e090256d5a0bdc5da8ceae2ca25c596410982b63055e6d292a31776cefe58457cb6b5cb92a2c69ed5eeed35e4ea3d6b54ee22e41dea28adac6e1eeadf604f0ef3a67c86974c3ecacdb7f502c74ed31138123dcb80282dbfb0ea0fc2a6016dccecbcbe4952c27b09e7abf784db6b7cc55366d048f16f6473a268b90a1c9b9c612f88bed9008308b11e47d79329cbefc3f313863eff4a16e6a70c41a296d3042a1164d0578297642ec82da1f92dfaa6a67ff9cfcd1b3e88fc442246a303a0e539ce65ad6fcb6d8657937cd88d4c30fd369f2bef0308f5db8824919139b25f82f56e24ef4cf1feda07c3bef9dd215575ed774dc05603f4664332c7b002c48d873bf1ebec930a273efc78dafe153f7eba9161002ca9a8fa855bc357f3a67810fc081b9ae9b4f69401ef93d039c7c1398fa8c9eeb1ce001e08e9231ce2c2beacdafe2955d4056e18d4d09ed22a996666d4df5ca91c37663bb54eb42fe39712736fa0e64ad4f8ca843fe52702c9ae48e60a3f5eac160f58ff3cb80684120845b9e34bc1aecb19662b1a429926ae351d004eca1d367fcb34facbeb2184716c5140a7e420c7f4379b0c43ce872b62723a587d9ad528c2aabf158cefa2df3422203b5cc73e9443825089527700b69a2331e0558a9b1e9d3e69a59896e6cf4df46b41a8cbb0e598a874fc23b16a6eda6eafde02451f0255ff9e6d1bd007c86dee8b6ae875752415b8057b916a3fe7b35cfcf7d38a50e461f1fc1d6a4541ba4079e1f21d0ea2a5ce4aad561215a1d75a2599c757cd6025753fc0578e4b7f4195ad025c46d50c5c351af1ce1e8f8c35439c8598293cd59d2e90a1445497b0249a314379dd13e95f00f2d8240190da9e12adbdd809b1a96900054db156d2893f7998aca02c86f61478a9b21e9e11a6f4b9f7f382243739e492e9048ed9c7b0b8118d966c0f41709abd171873c4", 0xe00}, {&(0x7f0000002440)="253c10cd0a56ebbb9e8b465670109c340c95f1d27d36cbeb7fa948545e9b18da346b70b5dc6ea12ad1a30e4f7038336f1af1d61b04de988f1755e9b3ba9919b2a4952ceda920a7f0e22dd239d4a74f2d1c854bc64f09f979aa3e9f5c25ff8ec189e5d809483583f648cd88702912", 0x6e}, {&(0x7f00000024c0)="2ba671ae8107530b978dd82841597ed8f4275ed9e6b9f7b73ee6324ddf688ad9d88125b82afd2e28aef7183086ce0dd4ee880fc56a2ca8b52ef8f5b5f3e475f49b0bcd201fe612703d680fdd1151dd32535b04d4697d472c7750d6c4c197162e9f872253b611b1ca20e79dcf40d1faf58a453f8db9a03fdd351b54ad4e77fa0fda7990bb281079ae7ba3994aef7380e1d6342305e2d12c57379fd12e784f48e4e832171df4576c8724e3bfd70ebc92fc11914cd4", 0xb4}, {&(0x7f00000025c0)="96cb9dfd0c61d5ed863c5a35109d427201da53416c37631f95451a170fdb734214157996b04630903a7ad20aca669b5120871c47c6ef4e5975222b9676223895144ae5c2898ba0e94642e43e374bf9515c7e840e62021f25181401bda4c4d2d77867390c0a05af019adabfe896d7824f0dcb1724c64da40478808059ea83fa60145e108809ca25edf6ab820f23a5ce2b1779aa8c037a26d99df56f39ff5beca1c1e0cbfd69e415971a02f5115f6da0ba6da9be9772efa870aa6b62774ce009e7bcca4b4a7a910aab97e7f3da899eaaf573ac8a926a7be9b5875b3bb707ae9124ead39e70948bcf654b6b4342043f756323494e4ec559866c5a480c3b156c0427f1cc1d373b77424ea38e3697e36dcefd261575e5516bfcedc7baa8cbebed0ce49dd27e6291dd6f968eaf37f13313ba0bd22b6a63496be04a42df10fef87386434103b5ef819a969e8792a7765dc52c310fbe89851eaf8b2eabcf27bd487f817d48a54b0c7e8b151f0941a6f4adcf6a4486f96f8d18a2928829db333ec08bffe029f4840fdc0433d75157e80b33c3041f193e5c3fb1b7c13d1d7d7a8fe3122ddef181a6534232731c8f91dae42d9a66b9c2e0c6de6da74c24752b53d344b3c9a48ed62705c3e93f7e346c0379a6ec672b3a73dcfc159a79a77bd7b9edd013e3e9832d4dca6f9f973d63d5d235c7e22822e012e4181e102e68b03bdec323db739968061a7ba6fcf9589bd2975520fe9f1b44e52489bf5f5b0125b14bc894f4ff1ad2ba817dad6ab1654a2cacce1cc5160ea4bf3d7011cbf16ad0389b6511448c4186da0a7a55be54031a6d2773ac33aab5d533e7bb213309193f2ca3970e8fffc2fdacbc96e6f49c116b0505385a8bf282589be6b844e2aaaa652459b5d021127f59009020d34932cd03fbe5fea45bdc1f68463c4afe2b5ea8f97dee5e2e6b58196aff00e5ca51a0087f02bcb1dbdd638a5c7590095561578c30904f7ea80072de21fcedd0e41da8e7fe3514eaabc603d770a6fbed5367edb7feb5c5edfda04c7b8a4bfce5c73b876f52fde7dc929f3ffa632eb9514596793533d20fd191b484e902ab104dfc34a8486ba64d3e31c495e043279d8d6b4e6ca3c3fd4ae43529e55be690309e1bc90af2e9188cd5673eea73c75d4decf8972039c086e4b47caee900e1422fd2fbe0303dd5147a9fa487a7b08ad529d0d3db2bae4b26a83de0b15b9b82f26b23336481aca875c48605dc8d25d872920d01e2e163cc13d1f026666f8f54d6fe7895b47939599d168dc98a2de4aac463d98cb39375ac13fadd722b9f1e221d35bde594c9e53aa0f34b235a9d68d8f4841f9455804cd8a7bf05315c5bab2fa8820e956a8161cdd685fc4e1344f9d89189057376a5d1c23273d475aaa72ccbf4b5d8f2863f3f0fe7c0f8b001c065bae68aad9d8878a5edcd8dcbeec07d317c0a81fc84b8b208c60db73c6cf86d46cac98a7df449581d74be7991f1fa6924b76a2d6077aacca10fc777f0d09c5420cfc38c4638957086c9a2065ce94a286da01527bd8b8fd5830f93bcab97a4d0ca13c55b4ee32a49e078b4d79e7b17200fb6a550cfcccd33c681e37bc83c7fcda081a67c2a828e65a75df33e587a05f75fe05aef4078b3482c9078e2edb63c74134f92461044871e4a71f40228d156cbb3beb53eb898e0b6ade2d486a7111ce074510ad957f0eeae0812dd3802db231d9a15948a6b133167eb51dde0199023dfb3471661c7f13f14e786278c551d60929ef969b15d4ea544a9cda830183052ca1072083fb304502f38bcfd46ef64091a2a64bacc55ff3e91f8a7a97f69a9524bdaa60c14d75ddb44e399158c603cded78f42b79a6e9b9c30575289a92558f4d1d9cbb35780c86462cb56d5b474901c17df6ccba95481c004c384b17f99fb29458c9c59666c5305c508561e654d5f1b8ed375231358828b73b487c5f3096211f863375333bb1d3970f7c4cbc7b0f122dbb330b24498f38d804ec0e9c8a5976578bfbc2e46e8d898ec08b3742d5f9ba03d56567f6541f075c4f45eec94a6af78065689e8851294c48f02d48b1266586db86266bd2d0cbb729b567ed7643edf6849f50ca7a28b4ef59433ff22ce0680ffb3348a458ff77b6a796e849cb456df4b443d625d423d10e21bf0bcc785a243cf70ed2ea7c52548cd366ad9af486a4a0171f21ee9d961aa808a69a066aeb0c605fe7a83291ba942df3d11ba1e12da7381d7af20ccbd0de5416ef389c65d1fd0ff209dce808c490707a371b317ce65765082d1c5f67846ddfa65f291117d6e5a795ac2961d56eb24060d8b160d5bd146cd61589c00a108a1dba9e8730157e403cc35b0cd64b3aa66eada80be3bbb974d4642aa76bdf87c2d63134af1c646b1f0bfd218d4e4ebd277ad1cfc9b6f20c4036c6a511cb1ce486c3a563ca9368b10bed088bcfcdab752e0c78a10e550544ee6250d3908e3e7b09b2119f94abc2fdf43d7c82a4ffce81a3f962124ace1108443f41202c6d055d37e99b4eb6287c485acabff03f3a115db1ec790fdc5436e97bf2443c2f707ffb513f6d6494812b2238d679c8787a854ec92126bdc4681803ed4a5b84590e4f00ce956c6c3394773303b0620d118d2290cb229ea3b9bb9de8d719a0f92a50d34909a363f5f6ff906326f917be78c914c78846ef30c9b107b26c0a55401ceabf5b3c669eaa7a1a36d97b01d5da410366e3da5d232fb711d26afd9d4a5016425e47c0ec9b6305673af4cb46526af752011793c322797fb706042da364b6e723b513fd73db6721b00bd80e0923fe075300951d4dfefdd029c3fed21b734bf102f96d58b50bf4edcad014670c2d93eeb4d7bda3d1b70d9e21262c644bb96855895e4c0b32c9ed599d940ac24814b69812c124648428e13d7f72d74feb30288eb78b4a99fadc96589d8a9c7047787aa802514ba28af4d5520ac50928cd75ca92e2934a2e126456bfe1587003e87d9428b1fdb6b7662c44a5fee9d537b7f43822e5b103aeece1aa603215c215de2873e3a6b327c5ed0a0190fb7645034e1839ad165f3f7f80fd793734ac1412bbe20d82aea543792047ba5c5b37ee11988cd7e71cd43547e13c6bbc1ce3cf6aff9727381f06feb83b23b694724d9259d3736eba6ee66ee73a224b8a978debbbc35f8e28cc8267646e5c8cd8076d2044d41eadce01738ab2c7dc763de5a8042b957680223c4d9fdbf65d17e8998444e8db36c50fbe3c9a83e506661a029c4538617d46b6a43675c6dcf283a45b99e44188fd2681a50747e819e7f37496207ec448670fe62a3cb94712abeafb5dd2690ec12b18f8d67d5b0db41a897124f8b94695501aba517447338034bf14d0f99cbf5518aa013e1f35a052b4d27d1247349ff7a83362444372f017fcbdfe972b91c46a0a57f4639204673341ae92bc2dbf2b8d1680b432552850964eb1e14f38995e7e404b1bd1bf63d8d58c7b4ec38e3b9e73959e6509ad9f67d684f62759f5cae90bf8c1781b5800922c312aa634e5748b6181fc37df267eb5c66afc0c9249f9f601136c78d817beddf308c6970ee0e8221abe6fa124f55de7e5e78398004095a175f58cc270840e8c6759627f139e4f9b3b362e2700c5d06da66e862d1016c9f89d18646a6bb823f992342433b03397ed7586f489824a1495d707c81d3885029a47845802ef97856e530789a5cb7239752c6509cdd094212cb4b1b8baa7416cf5000db59418ad7f7a0d7d8e4cb8ebbbe4c40ba0ccc25283b9c933e251fff9871fc01026faf", 0xa71}], 0x7}}], 0x1, 0x0) connect$tipc(r2, &(0x7f00000004c0)=@nameseq={0x1e, 0x1, 0x1, {0x43, 0x4, 0x3}}, 0x10) r3 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_VDPA_SET_CONFIG_CALL(r3, 0x4004af77, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') creat(&(0x7f0000000ac0)='./file0\x00', 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x0) lsetxattr$system_posix_acl(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='system.posix_acl_access\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="020000000100000000000000040000000097761baa6b76f6e9edf001c300000010000200000000002000000000000000"], 0x24, 0x0) 15.049211173s ago: executing program 3 (id=1376): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x844}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x19a, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x7, 0x6, 0x81, '\x00', 0x3c}) 11.74981121s ago: executing program 0 (id=1377): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='task_newtask\x00', 0xffffffffffffffff, 0x0, 0x4}, 0x18) bpf$ITER_CREATE(0xb, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0xc4c85513, &(0x7f0000000100)={0xc, 0x2}) 11.05131786s ago: executing program 6 (id=1378): socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r1 = gettid() process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/244, 0xf4}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15) 11.051015813s ago: executing program 9 (id=1379): ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) 10.96702954s ago: executing program 2 (id=1380): prlimit64(0x0, 0xe, &(0x7f0000000040)={0xa, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) setsockopt$MRT6_TABLE(0xffffffffffffffff, 0x29, 0xcf, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xa2, 0x7}}, './file0\x00'}) r3 = syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x0) ioctl$SG_GET_VERSION_NUM(r3, 0x2284, &(0x7f0000000080)) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e) syz_emit_ethernet(0x46, &(0x7f0000000300)=ANY=[], 0x0) sched_setscheduler(0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000200)) 10.942020645s ago: executing program 0 (id=1381): bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000380)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0600000004000000fd0f"], 0x50) 10.599156122s ago: executing program 3 (id=1382): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB="1890ca4758823d0c1ae56bd1bb0000eeffffff000000000000001ea2fd5c180100002020702500000000002020207b0af8ff00"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0x6, &(0x7f0000000340)=ANY=[@ANYBLOB="b40800000000000073113200000000008510008002000000b7000000000000009500c20000e97dc4d100001200000000e28540826aacedf0136bfc8e12c454801382d5dce5acedf11f4154d8e2254f3cdd946c300538967ce42ec6935a5abb162e9ea0c5c0481f5613834f00b96298e2529f8241fdec764867bf6a7b670bbea2fdddd353765dbf70d9344ac80ca300dca4ad53a10e170e8f85ff69a8b41701513ac110951b49cbc91ed5"], &(0x7f0000000080)='GPL\x00', 0x4}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0}, 0x94) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000171, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$IP_VS_SO_SET_DELDEST(0xffffffffffffffff, 0x6, 0x9, 0x0, 0x0) r3 = socket(0x40000000015, 0x5, 0x0) recvmmsg(r3, &(0x7f0000000b40)=[{{0x0, 0x38, 0x0, 0x0, &(0x7f0000000280)=""/11, 0xb}}], 0x5df, 0x2001, 0x0) 7.691734865s ago: executing program 2 (id=1383): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x4055}, 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x4, 0x6, 0x101, 0x0, 0x0, {0x5, 0x0, 0x22}}, 0x14}, 0x1, 0x0, 0x0, 0x2000001}, 0x4000081) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x20000810) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x205, 0x6, 0x4, 0x0, 0x10003, 0x41, 0x400200cc0, 0x100ffd, 0x4, 0x0, 0x3, 0x3, 0x4, 0x2, 0x6a, 0x5], 0xeeee8000, 0x2011c0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 6.84226012s ago: executing program 6 (id=1384): fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000}, 0x94) ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fremovexattr(0xffffffffffffffff, &(0x7f0000000400)=@random={'security.', ':\'\x00'}) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00', 0x14}) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x11) ioctl$UI_SET_LEDBIT(r4, 0x40045569, 0x4) ioctl$UI_DEV_SETUP(r4, 0x5501, 0x0) 4.064493667s ago: executing program 6 (id=1385): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x400}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x0) 3.605821444s ago: executing program 0 (id=1386): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0) r0 = inotify_init() inotify_add_watch(r0, 0x0, 0x20000002) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 3.496467887s ago: executing program 2 (id=1387): socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000100)=0x80000004, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x33, &(0x7f0000000640)={0x1, &(0x7f0000000680)=[{0x6, 0x0, 0x0, 0x3}]}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r0, 0x0, 0x800d}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) getrlimit(0xf, &(0x7f0000000080)) sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4) socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x22) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000003c0), 0x742, 0x40) readv(r1, 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x20100, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000140)) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_PIT(r4, 0x8048ae66, &(0x7f0000000080)={[{0x9, 0x7, 0xfd, 0x1c, 0x5, 0x2, 0x4d, 0x2, 0xf9, 0x1, 0x80, 0xc, 0x8000000000000000}, {0x6, 0x80, 0x8, 0xc4, 0x4, 0x7, 0x6, 0x3, 0x7, 0xff, 0x0, 0x7d}, {0xe2a5, 0x401, 0x1, 0x9, 0x2, 0x6, 0x8, 0xb, 0xff, 0x6, 0x56, 0x3, 0x100}]}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0xffffffffffffffff, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x1, 0x0, 0x100000000004, 0x0, 0x0, 0x2, 0x7fffffff], 0x80a0000}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 3.316639183s ago: executing program 3 (id=1388): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000380)='sched_switch\x00', r3}, 0x18) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r4, &(0x7f0000000000)={0x15, 0x110, 0xfa08, {r5, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x0, @empty}, @in={0x2, 0x0, @empty}}}, 0x118) write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f00000001c0)={0x13, 0x10, 0xfa00, {&(0x7f0000000480), r5, 0x2}}, 0x18) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x60, 0x2, 0x6, 0x5, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xc8f}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x60}}, 0x20004000) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000180)={'bond_slave_1\x00'}) socket$inet6_tcp(0xa, 0x1, 0x0) 634.887068ms ago: executing program 3 (id=1389): ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, 0x0, 0x0) r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x2180, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000300)={'pcl816\x00', [0x2f00, 0x5, 0xd097, 0xffffffff, 0x3, 0xfffffffe, 0x20000004, 0x6, 0xffe, 0x9, 0xc, 0x1, 0x7fff, 0x4, 0xfffe, 0x8, 0x5, 0x7, 0x830, 0x30000, 0x10000, 0x9, 0x800, 0x100101, 0x2, 0xffffffff, 0x7, 0x3, 0x4, 0x4, 0x70f]}) ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x40000000000001e9, &(0x7f0000000080)=[0x9, 0xfff, 0x4, 0xb, 0x662, 0xfffffff9, 0xe0, 0xfffffff7, 0x9, 0xf5, 0xffffffff, 0x2, 0x200, 0x3, 0x6], 0x0, 0x7}) read$FUSE(0xffffffffffffffff, &(0x7f0000000980)={0x2020}, 0x2020) 616.666274ms ago: executing program 0 (id=1390): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000000)={0x2c, &(0x7f0000000300)=ANY=[@ANYBLOB="000005"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0003020000000203"], 0x0, 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f00000004c0)={0x2c, 0x0, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000205"], 0x0, 0x0, 0x0, 0x0}, 0x0) 87.791028ms ago: executing program 9 (id=1391): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000000c0)) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080)) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d0000000700000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) writev(r0, &(0x7f0000000480)=[{&(0x7f0000000300)="062586c0d44dc999855a9d3cefd7768d", 0x10}], 0x1) 0s ago: executing program 6 (id=1392): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x844}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x19a, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x7, 0x6, 0x81, '\x00', 0x3c}) kernel console output (not intermixed with test programs): 4] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 603.347283][ T7838] Bluetooth: hci5: command tx timeout [ 603.550057][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 603.557041][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 604.370302][ T8387] netlink: 48 bytes leftover after parsing attributes in process `syz.1.573'. [ 604.976268][ T5815] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 605.007250][ T5815] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 605.043796][ T5815] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 605.086428][ T5815] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 605.100758][ T5815] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 605.434515][ T5815] Bluetooth: hci5: command tx timeout [ 605.840507][ T8354] chnl_net:caif_netlink_parms(): no params data found [ 607.130242][ T3894] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 607.196563][ T5815] Bluetooth: hci6: command tx timeout [ 607.517878][ T5815] Bluetooth: hci5: command tx timeout [ 607.633147][ T3894] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 607.933108][ T3894] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 608.154910][ T3894] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 608.420776][ T8391] chnl_net:caif_netlink_parms(): no params data found [ 608.746667][ T8174] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 608.776072][ T8354] bridge0: port 1(bridge_slave_0) entered blocking state [ 608.783855][ T8354] bridge0: port 1(bridge_slave_0) entered disabled state [ 608.792272][ T8354] bridge_slave_0: entered allmulticast mode [ 608.808509][ T8354] bridge_slave_0: entered promiscuous mode [ 609.212191][ T8354] bridge0: port 2(bridge_slave_1) entered blocking state [ 609.220132][ T8354] bridge0: port 2(bridge_slave_1) entered disabled state [ 609.230678][ T8354] bridge_slave_1: entered allmulticast mode [ 609.240847][ T8354] bridge_slave_1: entered promiscuous mode [ 609.280254][ T5815] Bluetooth: hci6: command tx timeout [ 609.588307][ T5815] Bluetooth: hci5: command tx timeout [ 609.600135][ T8426] netlink: 48 bytes leftover after parsing attributes in process `syz.1.583'. [ 609.762288][ T3894] bridge_slave_1: left allmulticast mode [ 609.769080][ T3894] bridge_slave_1: left promiscuous mode [ 609.776100][ T3894] bridge0: port 2(bridge_slave_1) entered disabled state [ 609.805854][ T3894] bridge_slave_0: left allmulticast mode [ 609.814229][ T3894] bridge_slave_0: left promiscuous mode [ 609.821599][ T3894] bridge0: port 1(bridge_slave_0) entered disabled state [ 610.314003][ T3894] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 610.334521][ T3894] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 610.359532][ T3894] bond0 (unregistering): Released all slaves [ 610.420587][ T8354] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 610.491507][ T8354] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 610.810508][ T3894] hsr_slave_0: left promiscuous mode [ 610.822883][ T3894] hsr_slave_1: left promiscuous mode [ 610.831575][ T3894] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 610.842331][ T3894] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 610.870922][ T3894] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 610.879363][ T3894] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 610.946502][ T3894] veth1_macvtap: left promiscuous mode [ 610.954754][ T3894] veth0_macvtap: left promiscuous mode [ 610.961070][ T3894] veth1_vlan: left promiscuous mode [ 610.966792][ T3894] veth0_vlan: left promiscuous mode [ 611.346466][ T5815] Bluetooth: hci6: command tx timeout [ 611.900106][ T3894] team0 (unregistering): Port device team_slave_1 removed [ 612.058269][ T3894] team0 (unregistering): Port device team_slave_0 removed [ 612.421874][ T8354] team0: Port device team_slave_0 added [ 612.467411][ T8354] team0: Port device team_slave_1 added [ 612.955077][ T8354] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 612.962463][ T8354] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 612.989368][ T8354] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 613.218691][ T8391] bridge0: port 1(bridge_slave_0) entered blocking state [ 613.228149][ T8391] bridge0: port 1(bridge_slave_0) entered disabled state [ 613.236245][ T8391] bridge_slave_0: entered allmulticast mode [ 613.247820][ T8391] bridge_slave_0: entered promiscuous mode [ 613.312870][ T8354] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 613.320184][ T8354] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 613.346723][ T8354] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 613.413343][ T8391] bridge0: port 2(bridge_slave_1) entered blocking state [ 613.421268][ T8391] bridge0: port 2(bridge_slave_1) entered disabled state [ 613.431591][ T8391] bridge_slave_1: entered allmulticast mode [ 613.441554][ T8391] bridge_slave_1: entered promiscuous mode [ 613.453454][ T5815] Bluetooth: hci6: command tx timeout [ 613.491999][ T3894] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.639074][ T3894] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.782605][ T8391] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 613.872079][ T3894] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.988738][ T8391] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 614.272362][ T3894] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.407967][ T8391] team0: Port device team_slave_0 added [ 614.447645][ T8354] hsr_slave_0: entered promiscuous mode [ 614.458502][ T8354] hsr_slave_1: entered promiscuous mode [ 614.554065][ T8391] team0: Port device team_slave_1 added [ 615.084895][ T8174] veth0_vlan: entered promiscuous mode [ 615.112081][ T8451] netlink: 48 bytes leftover after parsing attributes in process `syz.4.591'. [ 615.137235][ T8391] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 615.144484][ T8391] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 615.175062][ T8391] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 615.462755][ T3894] bridge_slave_1: left allmulticast mode [ 615.469057][ T3894] bridge_slave_1: left promiscuous mode [ 615.476164][ T3894] bridge0: port 2(bridge_slave_1) entered disabled state [ 615.587045][ T3894] bridge_slave_0: left allmulticast mode [ 615.593034][ T3894] bridge_slave_0: left promiscuous mode [ 615.600172][ T3894] bridge0: port 1(bridge_slave_0) entered disabled state [ 616.328218][ T3894] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 616.354953][ T3894] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 616.407785][ T3894] bond0 (unregistering): Released all slaves [ 616.438683][ T8391] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 616.445999][ T8391] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 616.473865][ T8391] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 616.773978][ T8174] veth1_vlan: entered promiscuous mode [ 617.154523][ T3894] hsr_slave_0: left promiscuous mode [ 617.162760][ T3894] hsr_slave_1: left promiscuous mode [ 617.171254][ T3894] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 617.182079][ T3894] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 617.194499][ T3894] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 617.204889][ T3894] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 617.243493][ T3894] veth1_macvtap: left promiscuous mode [ 617.249551][ T3894] veth0_macvtap: left promiscuous mode [ 617.255629][ T3894] veth1_vlan: left promiscuous mode [ 617.261278][ T3894] veth0_vlan: left promiscuous mode [ 617.316453][ T5869] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 617.631402][ T5869] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 617.645760][ T5869] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 617.655096][ T5869] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 617.675047][ T5869] usb 5-1: config 0 descriptor?? [ 617.706961][ T5869] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 618.055076][ T3894] team0 (unregistering): Port device team_slave_1 removed [ 618.133561][ T3894] team0 (unregistering): Port device team_slave_0 removed [ 618.682912][ T8391] hsr_slave_0: entered promiscuous mode [ 618.693833][ T8391] hsr_slave_1: entered promiscuous mode [ 618.703004][ T8391] debugfs: 'hsr0' already exists in 'hsr' [ 618.709105][ T8391] Cannot create hsr debugfs directory [ 619.460720][ T8174] veth0_macvtap: entered promiscuous mode [ 619.646844][ T8174] veth1_macvtap: entered promiscuous mode [ 620.127089][ T8174] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 620.301557][ T5868] usb 5-1: USB disconnect, device number 8 [ 620.693792][ T8174] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 620.751202][ T8354] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 620.835327][ T3894] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 620.897416][ T8354] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 620.941397][ T3894] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 620.954435][ T8354] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 621.055780][ T3894] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 621.077863][ T4084] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 621.090383][ T8354] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 622.235859][ T8391] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 622.354372][ T8391] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 622.434197][ T8391] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 622.567978][ T8391] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 623.038269][ T8354] 8021q: adding VLAN 0 to HW filter on device bond0 [ 623.327932][ T8354] 8021q: adding VLAN 0 to HW filter on device team0 [ 623.511655][ T1887] bridge0: port 1(bridge_slave_0) entered blocking state [ 623.519338][ T1887] bridge0: port 1(bridge_slave_0) entered forwarding state [ 623.650692][ T1887] bridge0: port 2(bridge_slave_1) entered blocking state [ 623.658376][ T1887] bridge0: port 2(bridge_slave_1) entered forwarding state [ 624.654268][ T8391] 8021q: adding VLAN 0 to HW filter on device bond0 [ 625.410112][ T8391] 8021q: adding VLAN 0 to HW filter on device team0 [ 625.773993][ T4530] bridge0: port 1(bridge_slave_0) entered blocking state [ 625.781780][ T4530] bridge0: port 1(bridge_slave_0) entered forwarding state [ 625.803850][ T4530] bridge0: port 2(bridge_slave_1) entered blocking state [ 625.811597][ T4530] bridge0: port 2(bridge_slave_1) entered forwarding state [ 627.712427][ T8354] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 628.663512][ T8391] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 634.773089][ T8354] veth0_vlan: entered promiscuous mode [ 634.949182][ T8354] veth1_vlan: entered promiscuous mode [ 635.797800][ T196] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 635.806197][ T196] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 635.870710][ T8588] tmpfs: Bad value for 'mpol' [ 636.134287][ T8354] veth0_macvtap: entered promiscuous mode [ 636.430341][ T8354] veth1_macvtap: entered promiscuous mode [ 637.139738][ T8354] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 637.417707][ T8354] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 637.771896][ T3994] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.236240][ T3894] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.245307][ T3894] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.360781][ T3894] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 638.535627][ T8391] veth0_vlan: entered promiscuous mode [ 638.676890][ T8391] veth1_vlan: entered promiscuous mode [ 639.867279][ T8391] veth0_macvtap: entered promiscuous mode [ 640.133636][ T8391] veth1_macvtap: entered promiscuous mode [ 640.374217][ T7838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 640.405384][ T7838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 640.489859][ T8391] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 640.522526][ T7838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 640.568903][ T8391] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 640.606449][ T7838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 640.684636][ T7838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 640.755204][ T196] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 640.971438][ T196] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.090008][ T196] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.255880][ T4084] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 642.869983][ T5815] Bluetooth: hci0: command tx timeout [ 644.726434][ T8606] chnl_net:caif_netlink_parms(): no params data found [ 644.949787][ T5815] Bluetooth: hci0: command tx timeout [ 647.026090][ T5815] Bluetooth: hci0: command tx timeout [ 649.110522][ T5815] Bluetooth: hci0: command tx timeout [ 650.708253][ T3825] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.916319][ T8606] bridge0: port 1(bridge_slave_0) entered blocking state [ 650.923948][ T8606] bridge0: port 1(bridge_slave_0) entered disabled state [ 650.932087][ T8606] bridge_slave_0: entered allmulticast mode [ 650.942108][ T8606] bridge_slave_0: entered promiscuous mode [ 651.040027][ T8606] bridge0: port 2(bridge_slave_1) entered blocking state [ 651.047707][ T8606] bridge0: port 2(bridge_slave_1) entered disabled state [ 651.055800][ T8606] bridge_slave_1: entered allmulticast mode [ 651.065940][ T8606] bridge_slave_1: entered promiscuous mode [ 651.192680][ T3825] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 651.802662][ T3825] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 652.002526][ T8606] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 652.158005][ T3825] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 652.341879][ T8606] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 653.033253][ T8606] team0: Port device team_slave_0 added [ 653.223828][ T8606] team0: Port device team_slave_1 added [ 653.739148][ T3825] bridge_slave_1: left allmulticast mode [ 653.745251][ T3825] bridge_slave_1: left promiscuous mode [ 653.752171][ T3825] bridge0: port 2(bridge_slave_1) entered disabled state [ 653.803005][ T3825] bridge_slave_0: left allmulticast mode [ 653.809532][ T3825] bridge_slave_0: left promiscuous mode [ 653.816821][ T3825] bridge0: port 1(bridge_slave_0) entered disabled state [ 654.541260][ T3825] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 654.605938][ T3825] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 654.637822][ T3825] bond0 (unregistering): Released all slaves [ 654.731648][ T8606] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 654.739063][ T8606] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 654.765843][ T8606] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 654.947838][ T8606] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 654.954996][ T8606] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 654.981498][ T8606] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 655.748889][ T3825] hsr_slave_0: left promiscuous mode [ 655.773984][ T3825] hsr_slave_1: left promiscuous mode [ 655.783091][ T3825] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 655.791226][ T3825] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 655.895960][ T3825] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 655.906427][ T3825] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 656.027606][ T3825] veth1_macvtap: left promiscuous mode [ 656.033599][ T3825] veth0_macvtap: left promiscuous mode [ 656.039823][ T3825] veth1_vlan: left promiscuous mode [ 656.045403][ T3825] veth0_vlan: left promiscuous mode [ 656.707144][ T8726] tmpfs: Bad value for 'mpol' [ 657.437311][ T3825] team0 (unregistering): Port device team_slave_1 removed [ 657.484347][ T3825] team0 (unregistering): Port device team_slave_0 removed [ 658.641820][ T8606] hsr_slave_0: entered promiscuous mode [ 658.652602][ T8606] hsr_slave_1: entered promiscuous mode [ 658.662022][ T8606] debugfs: 'hsr0' already exists in 'hsr' [ 658.668115][ T8606] Cannot create hsr debugfs directory [ 658.825146][ T3994] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 658.834083][ T3994] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 659.101783][ T3825] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 659.109975][ T3825] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 659.267037][ T4414] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 659.275201][ T4414] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 660.322911][ T8736] netlink: 188 bytes leftover after parsing attributes in process `syz.6.327'. [ 661.161100][ T8606] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 661.225030][ T8606] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 661.359906][ T8606] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 661.484430][ T8606] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 662.277030][ T8740] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.640'. [ 663.015793][ T7838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 663.036172][ T7838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 663.055411][ T7838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 663.089559][ T7838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 663.106794][ T7838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 663.997301][ T8606] 8021q: adding VLAN 0 to HW filter on device bond0 [ 664.448281][ T8606] 8021q: adding VLAN 0 to HW filter on device team0 [ 664.617437][ T4084] bridge0: port 1(bridge_slave_0) entered blocking state [ 664.625011][ T4084] bridge0: port 1(bridge_slave_0) entered forwarding state [ 664.799134][ T4084] bridge0: port 2(bridge_slave_1) entered blocking state [ 664.806817][ T4084] bridge0: port 2(bridge_slave_1) entered forwarding state [ 665.002263][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 665.010201][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 665.186200][ T7838] Bluetooth: hci3: command tx timeout [ 665.269831][ T8606] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 666.905433][ T8743] chnl_net:caif_netlink_parms(): no params data found [ 667.300574][ T7838] Bluetooth: hci3: command tx timeout [ 668.042187][ T3894] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.284893][ T3894] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.611888][ T3894] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.841772][ T8606] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 669.085724][ T3894] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 669.348751][ T7838] Bluetooth: hci3: command tx timeout [ 670.371874][ T30] audit: type=1326 audit(1755188118.142:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8781 comm="syz.6.650" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f89a5f8ebe9 code=0x0 [ 671.426349][ T7838] Bluetooth: hci3: command tx timeout [ 671.466953][ T3894] bridge_slave_1: left allmulticast mode [ 671.477841][ T3894] bridge_slave_1: left promiscuous mode [ 671.485012][ T3894] bridge0: port 2(bridge_slave_1) entered disabled state [ 671.695035][ T3894] bridge_slave_0: left allmulticast mode [ 671.701255][ T3894] bridge_slave_0: left promiscuous mode [ 671.708196][ T3894] bridge0: port 1(bridge_slave_0) entered disabled state [ 671.749530][ T8787] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 672.320327][ T3894] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 672.367628][ T3894] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 672.482653][ T3894] bond0 (unregistering): Released all slaves [ 672.795044][ T8743] bridge0: port 1(bridge_slave_0) entered blocking state [ 672.812255][ T8743] bridge0: port 1(bridge_slave_0) entered disabled state [ 672.821292][ T8743] bridge_slave_0: entered allmulticast mode [ 672.830567][ T8743] bridge_slave_0: entered promiscuous mode [ 672.968089][ T8743] bridge0: port 2(bridge_slave_1) entered blocking state [ 672.975845][ T8743] bridge0: port 2(bridge_slave_1) entered disabled state [ 672.983552][ T8743] bridge_slave_1: entered allmulticast mode [ 672.992552][ T8743] bridge_slave_1: entered promiscuous mode [ 673.796355][ T3894] hsr_slave_0: left promiscuous mode [ 673.823117][ T3894] hsr_slave_1: left promiscuous mode [ 673.839585][ T3894] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 673.847788][ T3894] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 673.874340][ T3894] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 673.882857][ T3894] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 673.974788][ T3894] veth1_macvtap: left promiscuous mode [ 673.980822][ T3894] veth0_macvtap: left promiscuous mode [ 673.987968][ T3894] veth1_vlan: left promiscuous mode [ 673.993568][ T3894] veth0_vlan: left promiscuous mode [ 674.984525][ T3894] team0 (unregistering): Port device team_slave_1 removed [ 675.213583][ T3894] team0 (unregistering): Port device team_slave_0 removed [ 675.617996][ T8743] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 675.700276][ T8818] tmpfs: Bad value for 'mpol' [ 675.837218][ T8743] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 676.506155][ T8743] team0: Port device team_slave_0 added [ 676.647058][ T8743] team0: Port device team_slave_1 added [ 677.454404][ T8606] veth0_vlan: entered promiscuous mode [ 677.514821][ T30] audit: type=1326 audit(1755188125.232:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8820 comm="syz.1.661" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f360138ebe9 code=0x0 [ 677.538392][ C1] vkms_vblank_simulate: vblank timer overrun [ 677.599367][ T8743] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 677.607026][ T8743] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 677.639016][ T8743] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 677.769828][ T8606] veth1_vlan: entered promiscuous mode [ 677.984393][ T8743] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 677.991993][ T8743] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 678.018409][ T8743] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 678.822684][ T8743] hsr_slave_0: entered promiscuous mode [ 678.834083][ T8743] hsr_slave_1: entered promiscuous mode [ 678.880136][ T8606] veth0_macvtap: entered promiscuous mode [ 678.907193][ T8606] veth1_macvtap: entered promiscuous mode [ 679.569433][ T8606] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 679.691633][ T8606] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 679.885414][ T3863] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 679.916133][ T3863] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 679.964813][ T3863] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.031567][ T3863] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 681.959814][ T30] audit: type=1326 audit(1755188129.812:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8852 comm="syz.6.673" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f89a5f8ebe9 code=0x0 [ 682.086718][ T8857] tmpfs: Bad value for 'mpol' [ 682.962272][ T8743] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 683.987148][ T8743] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 684.637483][ T8743] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 684.791469][ T8743] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 686.291297][ T8743] 8021q: adding VLAN 0 to HW filter on device bond0 [ 686.356285][ T30] audit: type=1326 audit(1755188134.182:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8893 comm="syz.1.684" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f360138ebe9 code=0x0 [ 686.524375][ T8743] 8021q: adding VLAN 0 to HW filter on device team0 [ 686.660959][ T1887] bridge0: port 1(bridge_slave_0) entered blocking state [ 686.668699][ T1887] bridge0: port 1(bridge_slave_0) entered forwarding state [ 686.797544][ T1887] bridge0: port 2(bridge_slave_1) entered blocking state [ 686.805126][ T1887] bridge0: port 2(bridge_slave_1) entered forwarding state [ 688.106859][ T8911] tmpfs: Bad value for 'mpol' [ 691.678564][ T8743] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 692.510939][ T1887] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 692.519144][ T1887] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 692.716232][ T3825] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 692.724297][ T3825] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 695.047649][ T8963] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 695.187525][ T8963] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 695.747884][ T8973] sctp: [Deprecated]: syz.1.704 (pid 8973) Use of struct sctp_assoc_value in delayed_ack socket option. [ 695.747884][ T8973] Use struct sctp_sack_info instead [ 697.965395][ T8743] veth0_vlan: entered promiscuous mode [ 698.124179][ T8743] veth1_vlan: entered promiscuous mode [ 698.596200][ T8743] veth0_macvtap: entered promiscuous mode [ 698.720703][ T8743] veth1_macvtap: entered promiscuous mode [ 698.988343][ T8743] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 699.230573][ T8743] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 699.494081][ T1887] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 699.694372][ T4530] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 699.786700][ T4530] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 699.931044][ T4414] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 702.211552][ T9008] loop6: detected capacity change from 0 to 128 [ 702.288460][ T9008] ext4: Bad value for 'resgid' [ 702.299707][ T9008] ext4: Bad value for 'resgid' [ 702.638515][ T5869] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 702.978543][ T5869] usb 7-1: Using ep0 maxpacket: 16 [ 703.087685][ T5869] usb 7-1: config index 0 descriptor too short (expected 16456, got 72) [ 703.096639][ T5869] usb 7-1: config 0 has an invalid interface number: 125 but max is 1 [ 703.105049][ T5869] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 703.122067][ T5869] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 703.134950][ T5869] usb 7-1: config 0 has no interface number 0 [ 703.141551][ T5869] usb 7-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 703.152982][ T5869] usb 7-1: config 0 interface 125 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 703.166540][ T5869] usb 7-1: config 0 interface 125 has no altsetting 0 [ 703.715320][ T5869] usb 7-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 703.731747][ T5869] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 703.741997][ T5869] usb 7-1: Product: syz [ 703.746519][ T5869] usb 7-1: Manufacturer: syz [ 703.751350][ T5869] usb 7-1: SerialNumber: syz [ 703.944069][ T5869] usb 7-1: config 0 descriptor?? [ 704.728512][ T5869] usb 7-1: USB disconnect, device number 2 [ 705.305815][ T5869] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 705.525264][ T5869] usb 5-1: Using ep0 maxpacket: 32 [ 705.598591][ T5869] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 705.610613][ T5869] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 705.621892][ T5869] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 705.632228][ T5869] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 7 [ 705.643436][ T5869] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 706.609047][ T5869] usb 5-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 706.619052][ T5869] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 706.627590][ T5869] usb 5-1: Product: syz [ 706.631978][ T5869] usb 5-1: Manufacturer: syz [ 706.636881][ T5869] usb 5-1: SerialNumber: syz [ 706.784309][ T5869] usb 5-1: config 0 descriptor?? [ 708.559767][ T5869] iforce 5-1:0.0: usb_submit_urb failed: -110 [ 708.571033][ T5869] iforce 5-1:0.0: usb_submit_urb failed: -32 [ 708.579027][ T5869] iforce 5-1:0.0: usb_submit_urb failed: -32 [ 708.586823][ T5869] iforce 5-1:0.0: usb_submit_urb failed: -32 [ 708.594443][ T5869] iforce 5-1:0.0: usb_submit_urb failed: -32 [ 708.602291][ T5869] iforce 5-1:0.0: usb_submit_urb failed: -32 [ 708.718269][ T5869] iforce 5-1:0.0: usb_submit_urb failed: -32 [ 708.726912][ T5869] iforce 5-1:0.0: usb_submit_urb failed: -32 [ 708.734575][ T5869] iforce 5-1:0.0: usb_submit_urb failed: -32 [ 708.802265][ T5869] iforce 5-1:0.0: usb_submit_urb failed: -32 [ 708.862111][ T5869] iforce 5-1:0.0: usb_submit_urb failed: -32 [ 708.930033][ T5869] iforce 5-1:0.0: usb_submit_urb failed: -32 [ 708.973794][ T5869] iforce 5-1:0.0: usb_submit_urb failed: -32 [ 709.034570][ T5869] iforce 5-1:0.0: usb_submit_urb failed: -32 [ 709.082202][ T5869] iforce 5-1:0.0: usb_submit_urb failed: -32 [ 709.143772][ T5869] iforce 5-1:0.0: usb_submit_urb failed: -32 [ 709.212617][ T5869] iforce 5-1:0.0: usb_submit_urb failed: -32 [ 709.286300][ T5869] iforce 5-1:0.0: usb_submit_urb failed: -32 [ 709.297978][ T5869] iforce 5-1:0.0: usb_submit_urb failed: -32 [ 709.306103][ T5869] iforce 5-1:0.0: usb_submit_urb failed: -32 [ 709.312643][ T5869] input input5: Timeout waiting for response from device. [ 710.023837][ T5868] usb 5-1: USB disconnect, device number 9 [ 715.267435][ T9069] loop7: detected capacity change from 0 to 128 [ 715.300134][ T9069] ext4: Bad value for 'resgid' [ 715.305152][ T9069] ext4: Bad value for 'resgid' [ 715.696442][ T5870] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 715.833670][ T9076] netlink: 76 bytes leftover after parsing attributes in process `syz.6.733'. [ 718.763069][ T5870] usb 8-1: Using ep0 maxpacket: 16 [ 719.458330][ T9074] netlink: 4 bytes leftover after parsing attributes in process `syz.4.736'. [ 720.301939][ T5870] usb 8-1: device descriptor read/all, error -71 [ 722.376515][ T9104] program syz.6.742 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 724.270167][ T9104] program syz.6.742 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 724.280230][ T9104] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 724.787584][ T9113] netlink: 14 bytes leftover after parsing attributes in process `syz.4.744'. [ 725.190243][ T5815] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 725.237529][ T5815] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 725.262400][ T5815] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 725.321332][ T5815] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 725.371146][ T5815] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 725.515849][ T5870] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 725.677108][ T9124] loop4: detected capacity change from 0 to 128 [ 725.687746][ T9124] ext4: Bad value for 'resgid' [ 725.692751][ T9124] ext4: Bad value for 'resgid' [ 725.781576][ T5870] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 725.790907][ T5870] usb 7-1: config 0 has no interface number 0 [ 725.848033][ T5870] usb 7-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 725.857590][ T5870] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 725.867062][ T5870] usb 7-1: Product: syz [ 725.871450][ T5870] usb 7-1: Manufacturer: syz [ 725.876510][ T5870] usb 7-1: SerialNumber: syz [ 726.019755][ T5870] usb 7-1: config 0 descriptor?? [ 726.354323][ T5870] usb 7-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 726.418932][ T5868] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 726.424723][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 726.433622][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 726.477675][ T5870] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 726.490364][ T5870] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 726.499075][ T5870] usb 7-1: media controller created [ 726.688233][ T5870] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 726.736960][ T5868] usb 5-1: Using ep0 maxpacket: 16 [ 726.787416][ T5868] usb 5-1: config index 0 descriptor too short (expected 16456, got 72) [ 726.796373][ T5868] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 726.804755][ T5868] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 726.815279][ T5868] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 726.824610][ T5868] usb 5-1: config 0 has no interface number 0 [ 726.831141][ T5868] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 726.842815][ T5868] usb 5-1: config 0 interface 125 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 726.856205][ T5868] usb 5-1: config 0 interface 125 has no altsetting 0 [ 727.118416][ T5870] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 727.220558][ T5868] usb 5-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 727.230261][ T5868] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 727.238702][ T5868] usb 5-1: Product: syz [ 727.243081][ T5868] usb 5-1: Manufacturer: syz [ 727.248091][ T5868] usb 5-1: SerialNumber: syz [ 727.520587][ T5815] Bluetooth: hci4: command tx timeout [ 727.522172][ T5868] usb 5-1: config 0 descriptor?? [ 727.740690][ T9118] chnl_net:caif_netlink_parms(): no params data found [ 727.857801][ T5868] usb 5-1: USB disconnect, device number 10 [ 728.479307][ T5815] Bluetooth: hci6: command 0x0406 tx timeout [ 729.372918][ T5870] usb 7-1: USB disconnect, device number 3 [ 729.389452][ T1861] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 729.581755][ T1861] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 729.603219][ T7838] Bluetooth: hci4: command tx timeout [ 729.631224][ T9147] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 729.647983][ T9151] netlink: 14 bytes leftover after parsing attributes in process `syz.6.757'. [ 729.788198][ T9151] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 729.937996][ T9151] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 730.084448][ T9151] bond0 (unregistering): Released all slaves [ 730.401883][ T1861] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 730.651389][ T1861] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.315920][ T9165] 9pnet_virtio: no channels available for device syz [ 731.797894][ T7838] Bluetooth: hci4: command tx timeout [ 733.052071][ T9170] overlayfs: failed to resolve './file0': -2 [ 733.461338][ T9118] bridge0: port 1(bridge_slave_0) entered blocking state [ 733.469180][ T9118] bridge0: port 1(bridge_slave_0) entered disabled state [ 733.477346][ T9118] bridge_slave_0: entered allmulticast mode [ 733.487341][ T9118] bridge_slave_0: entered promiscuous mode [ 733.531322][ T1861] bridge_slave_1: left allmulticast mode [ 733.537476][ T1861] bridge_slave_1: left promiscuous mode [ 733.544247][ T1861] bridge0: port 2(bridge_slave_1) entered disabled state [ 733.696151][ T1861] bridge_slave_0: left allmulticast mode [ 733.702075][ T1861] bridge_slave_0: left promiscuous mode [ 733.709022][ T1861] bridge0: port 1(bridge_slave_0) entered disabled state [ 733.828001][ T7838] Bluetooth: hci4: command tx timeout [ 734.359965][ T9177] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 734.391282][ T9179] loop7: detected capacity change from 0 to 128 [ 734.528802][ T9179] ext4: Bad value for 'resgid' [ 734.533808][ T9179] ext4: Bad value for 'resgid' [ 734.946240][ T5870] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 735.005009][ T1861] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 735.035320][ T1861] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 735.052353][ T1861] bond0 (unregistering): Released all slaves [ 735.196150][ T5870] usb 8-1: Using ep0 maxpacket: 16 [ 735.222561][ T5870] usb 8-1: config index 0 descriptor too short (expected 16456, got 72) [ 735.222718][ T5870] usb 8-1: config 0 has an invalid interface number: 125 but max is 1 [ 735.222854][ T5870] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 735.222983][ T5870] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 735.223126][ T5870] usb 8-1: config 0 has no interface number 0 [ 735.223265][ T5870] usb 8-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 735.223440][ T5870] usb 8-1: config 0 interface 125 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 735.223618][ T5870] usb 8-1: config 0 interface 125 has no altsetting 0 [ 735.293742][ T5870] usb 8-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 735.293913][ T5870] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 735.294051][ T5870] usb 8-1: Product: syz [ 735.294158][ T5870] usb 8-1: Manufacturer: syz [ 735.294277][ T5870] usb 8-1: SerialNumber: syz [ 735.307464][ T5870] usb 8-1: config 0 descriptor?? [ 735.593024][ T9118] bridge0: port 2(bridge_slave_1) entered blocking state [ 735.593436][ T9118] bridge0: port 2(bridge_slave_1) entered disabled state [ 735.594100][ T9118] bridge_slave_1: entered allmulticast mode [ 735.598161][ T9118] bridge_slave_1: entered promiscuous mode [ 735.824245][ T5870] usb 8-1: USB disconnect, device number 4 [ 736.032232][ T9118] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 736.168702][ T1861] hsr_slave_0: left promiscuous mode [ 736.227961][ T1861] hsr_slave_1: left promiscuous mode [ 736.237421][ T1861] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 736.245201][ T1861] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 736.382553][ T1861] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 736.397445][ T1861] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 736.586336][ T1861] veth1_macvtap: left promiscuous mode [ 736.592248][ T1861] veth0_macvtap: left promiscuous mode [ 736.605042][ T1861] veth1_vlan: left promiscuous mode [ 736.610809][ T1861] veth0_vlan: left promiscuous mode [ 737.382127][ T9197] overlayfs: failed to resolve './file1': -2 [ 738.081712][ T9203] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 738.278423][ T1861] team0 (unregistering): Port device team_slave_1 removed [ 738.376531][ T1861] team0 (unregistering): Port device team_slave_0 removed [ 738.763664][ T9118] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 740.240290][ T9118] team0: Port device team_slave_0 added [ 740.419949][ T9118] team0: Port device team_slave_1 added [ 740.889364][ T9118] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 740.900878][ T9118] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 740.928816][ T9118] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 744.113485][ T9118] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 744.121082][ T9118] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 744.147587][ T9118] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 744.726755][ T9229] overlayfs: failed to resolve './file1': -2 [ 745.208676][ T9118] hsr_slave_0: entered promiscuous mode [ 745.219428][ T9118] hsr_slave_1: entered promiscuous mode [ 748.253917][ T9260] overlayfs: failed to resolve './file1': -2 [ 750.137784][ T9118] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 750.177000][ T9118] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 750.275036][ T9118] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 751.031122][ T9118] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 752.072795][ T9118] 8021q: adding VLAN 0 to HW filter on device bond0 [ 752.360635][ T9118] 8021q: adding VLAN 0 to HW filter on device team0 [ 752.710574][ T3693] bridge0: port 1(bridge_slave_0) entered blocking state [ 752.718392][ T3693] bridge0: port 1(bridge_slave_0) entered forwarding state [ 753.128510][ T3693] bridge0: port 2(bridge_slave_1) entered blocking state [ 753.136235][ T3693] bridge0: port 2(bridge_slave_1) entered forwarding state [ 753.810566][ T9118] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 755.252846][ T9318] overlayfs: failed to clone lowerpath [ 755.485103][ T9318] overlayfs: missing 'lowerdir' [ 757.438606][ T9118] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 758.347731][ T9344] netlink: 'syz.6.832': attribute type 10 has an invalid length. [ 758.476572][ T9344] team0: Port device dummy0 added [ 760.139773][ T9357] overlayfs: failed to clone lowerpath [ 760.233511][ T9357] overlayfs: missing 'lowerdir' [ 762.533099][ T9378] netlink: 'syz.1.844': attribute type 10 has an invalid length. [ 763.129261][ T9384] IPVS: set_ctl: invalid protocol: 2 10.1.1.2:0 [ 763.376556][ T9118] veth0_vlan: entered promiscuous mode [ 763.553885][ T9118] veth1_vlan: entered promiscuous mode [ 769.113978][ T9118] veth0_macvtap: entered promiscuous mode [ 769.299175][ T9118] veth1_macvtap: entered promiscuous mode [ 769.562721][ T9118] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 769.711319][ T9118] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 769.833428][ T3825] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 769.883700][ T9402] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 769.893112][ T9402] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 769.895818][ T3825] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 769.954280][ T3825] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 770.032174][ T3825] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 770.958517][ T9416] netlink: 'syz.6.855': attribute type 10 has an invalid length. [ 776.599241][ T9456] netlink: 'syz.6.866': attribute type 10 has an invalid length. [ 785.139820][ T5815] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 785.149805][ T5815] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 785.167980][ T5815] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 785.183252][ T5815] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 785.206855][ T5815] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 785.575910][ T9494] ------------[ cut here ]------------ [ 785.581588][ T9494] verifier bug: REG INVARIANTS VIOLATION (true_reg2): range bounds violation u64=[0x0, 0x7800000000] s64=[0x0, 0xffffffffffffffff] u32=[0x80000000, 0x0] s32=[0x0, 0xffffffff] var_off=(0x0, 0x7800000000)(1) [ 785.602633][ T9494] WARNING: CPU: 1 PID: 9494 at kernel/bpf/verifier.c:2728 reg_bounds_sanity_check+0xb26/0x14b0 [ 785.613548][ T9494] Modules linked in: [ 785.617888][ T9494] CPU: 1 UID: 0 PID: 9494 Comm: syz.6.875 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) [ 785.630125][ T9494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 785.640492][ T9494] RIP: 0010:reg_bounds_sanity_check+0xb26/0x14b0 [ 785.653989][ T9494] Code: ff ff ff b5 20 ff ff ff ff b5 18 ff ff ff ff b5 48 ff ff ff ff b5 10 ff ff ff ff b5 08 ff ff ff e8 6f 17 02 ff 48 83 c4 38 90 <0f> 0b 90 90 4c 8b bd 70 ff ff ff e9 83 f8 ff ff 8b 3a e8 03 5b 79 [ 785.676062][ T9494] RSP: 0018:ffff88812e00af58 EFLAGS: 00010282 [ 785.682421][ T9494] RAX: ffffffff81207e8e RBX: ffff888027a31000 RCX: 0000000000080000 [ 785.690775][ T9494] RDX: ffffc9000d415000 RSI: 000000000001d15b RDI: 000000000001d15c [ 785.699068][ T9494] RBP: ffff88812e00b0d8 R08: ffffea000000000f R09: 0000000000000000 [ 785.707365][ T9494] R10: ffff888237b73028 R11: ffff88823f263620 R12: 0000000000000000 [ 785.715660][ T9494] R13: ffff888114a84ce0 R14: 0000000000000000 R15: 0000000000000000 [ 785.723839][ T9494] FS: 00007f89a41b46c0(0000) GS:ffff8881aa798000(0000) knlGS:0000000000000000 [ 785.733142][ T9494] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 785.740143][ T9494] CR2: 00007f89a3d91d58 CR3: 000000001ddb6000 CR4: 00000000003526f0 [ 785.755027][ T9494] Call Trace: [ 785.760486][ T9494] [ 785.763607][ T9494] ? kmsan_get_metadata+0xfb/0x160 [ 785.769211][ T9494] reg_set_min_max+0x335/0x440 [ 785.774392][ T9494] check_cond_jmp_op+0x3187/0x4820 [ 785.779927][ T9494] ? kmsan_get_metadata+0xfb/0x160 [ 785.785373][ T9494] do_check+0x2374/0x15760 [ 785.790178][ T9494] ? kmsan_get_metadata+0xfb/0x160 [ 785.795749][ T9494] ? kmsan_get_metadata+0xfb/0x160 [ 785.801168][ T9494] ? __pfx_kmsan_get_metadata+0x10/0x10 [ 785.807248][ T9494] do_check_common+0x2482/0x3740 [ 785.812508][ T9494] bpf_check+0x61f8/0x2a100 [ 785.817427][ T9494] ? pcpu_block_refresh_hint+0x450/0x580 [ 785.823349][ T9494] ? kmsan_get_metadata+0xfb/0x160 [ 785.828895][ T9494] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 785.835013][ T9494] ? pcpu_block_update_hint_alloc+0x12df/0x1390 [ 785.841663][ T9494] ? kmsan_get_metadata+0x150/0x160 [ 785.847235][ T9494] ? kmsan_get_metadata+0xfb/0x160 [ 785.859426][ T9494] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 785.868505][ T9494] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 785.874937][ T9494] ? kmsan_get_metadata+0xfb/0x160 [ 785.880767][ T9494] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 785.886981][ T9494] ? kmsan_get_metadata+0xfb/0x160 [ 785.892369][ T9494] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 785.898561][ T9494] ? strncpy_from_user+0xb1/0x470 [ 785.903961][ T9494] ? stack_depot_save_flags+0x35/0x7b0 [ 785.911240][ T9494] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 785.918929][ T9494] ? kmsan_get_metadata+0xfb/0x160 [ 785.924350][ T9494] ? kmsan_get_metadata+0xfb/0x160 [ 785.929985][ T9494] ? kmsan_get_metadata+0xfb/0x160 [ 785.935373][ T9494] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 785.942062][ T9494] ? kmsan_get_metadata+0xfb/0x160 [ 785.947571][ T9494] ? kmsan_get_metadata+0xfb/0x160 [ 785.959613][ T9494] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 785.967643][ T9494] bpf_prog_load+0x28e6/0x2e50 [ 785.972744][ T9494] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 785.979440][ T9494] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 785.986046][ T9494] ? security_bpf+0x88/0x620 [ 785.990894][ T9494] ? _copy_from_user+0xcb/0x100 [ 785.996084][ T9494] __sys_bpf+0x7f4/0xed0 [ 786.000654][ T9494] __x64_sys_bpf+0xa4/0xf0 [ 786.005559][ T9494] x64_sys_call+0x3550/0x3e20 [ 786.010576][ T9494] do_syscall_64+0xd9/0x210 [ 786.015393][ T9494] ? irqentry_exit+0x16/0x60 [ 786.020346][ T9494] ? clear_bhb_loop+0x40/0x90 [ 786.025562][ T9494] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 786.031781][ T9494] RIP: 0033:0x7f89a5f8ebe9 [ 786.036606][ T9494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 786.064042][ T9494] RSP: 002b:00007f89a41b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 786.074787][ T9494] RAX: ffffffffffffffda RBX: 00007f89a61b6180 RCX: 00007f89a5f8ebe9 [ 786.083093][ T9494] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005 [ 786.091359][ T9494] RBP: 00007f89a6011e19 R08: 0000000000000000 R09: 0000000000000000 [ 786.099643][ T9494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 786.107930][ T9494] R13: 00007f89a61b6218 R14: 00007f89a61b6180 R15: 00007ffee6d07578 [ 786.116325][ T9494] [ 786.119505][ T9494] ---[ end trace 0000000000000000 ]--- [ 787.366055][ T5815] Bluetooth: hci3: command tx timeout [ 788.418719][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 788.425400][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 789.444849][ T5815] Bluetooth: hci3: command tx timeout [ 790.367324][ T3796] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 791.507286][ T7838] Bluetooth: hci3: command tx timeout [ 792.018591][ T3796] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 792.542227][ T3796] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 792.655862][ T7838] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 792.666133][ T7838] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 792.676315][ T7838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 792.691436][ T7838] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 792.704042][ T7838] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 793.233676][ T3796] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 793.525740][ T9491] chnl_net:caif_netlink_parms(): no params data found [ 793.606345][ T7838] Bluetooth: hci3: command tx timeout [ 794.017831][ T9532] 9pnet_fd: Insufficient options for proto=fd [ 794.186295][ T3796] bridge_slave_1: left allmulticast mode [ 794.192194][ T3796] bridge_slave_1: left promiscuous mode [ 794.199159][ T3796] bridge0: port 2(bridge_slave_1) entered disabled state [ 794.295344][ T3796] bridge_slave_0: left allmulticast mode [ 794.301526][ T3796] bridge_slave_0: left promiscuous mode [ 794.308561][ T3796] bridge0: port 1(bridge_slave_0) entered disabled state [ 794.913379][ T7838] Bluetooth: hci4: command tx timeout [ 796.096017][ T3796] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 796.156276][ T3796] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 796.201850][ T3796] bond0 (unregistering): Released all slaves [ 796.976323][ T7838] Bluetooth: hci4: command tx timeout [ 797.006441][ T3796] hsr_slave_0: left promiscuous mode [ 797.519456][ T3796] hsr_slave_1: left promiscuous mode [ 797.537007][ T3796] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 797.544624][ T3796] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 797.556698][ T3796] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 797.564329][ T3796] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 797.724375][ T3796] veth1_macvtap: left promiscuous mode [ 797.739305][ T3796] veth0_macvtap: left promiscuous mode [ 797.745774][ T3796] veth1_vlan: left promiscuous mode [ 797.751402][ T3796] veth0_vlan: left promiscuous mode [ 799.175624][ T7838] Bluetooth: hci4: command tx timeout [ 799.583852][ T3796] team0 (unregistering): Port device team_slave_1 removed [ 799.614722][ T3796] team0 (unregistering): Port device team_slave_0 removed [ 802.056895][ T7838] Bluetooth: hci4: command tx timeout [ 810.419438][ T9516] chnl_net:caif_netlink_parms(): no params data found [ 810.499491][ T4084] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 810.712677][ T9491] bridge0: port 1(bridge_slave_0) entered blocking state [ 810.720710][ T9491] bridge0: port 1(bridge_slave_0) entered disabled state [ 810.728685][ T9491] bridge_slave_0: entered allmulticast mode [ 810.746896][ T9491] bridge_slave_0: entered promiscuous mode [ 810.971248][ T4084] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 811.100684][ T9491] bridge0: port 2(bridge_slave_1) entered blocking state [ 811.109317][ T9491] bridge0: port 2(bridge_slave_1) entered disabled state [ 811.117235][ T9491] bridge_slave_1: entered allmulticast mode [ 811.127112][ T9491] bridge_slave_1: entered promiscuous mode [ 811.302960][ T4084] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 812.019180][ T4084] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 812.582189][ T9491] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 814.553161][ T9491] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 815.985842][ T4084] bridge_slave_1: left allmulticast mode [ 815.991772][ T4084] bridge_slave_1: left promiscuous mode [ 815.998640][ T4084] bridge0: port 2(bridge_slave_1) entered disabled state [ 816.021247][ T9590] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 816.111698][ T4084] bridge_slave_0: left allmulticast mode [ 816.118507][ T4084] bridge_slave_0: left promiscuous mode [ 816.125242][ T4084] bridge0: port 1(bridge_slave_0) entered disabled state [ 816.714500][ T4084] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 816.786371][ T4084] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 816.857944][ T4084] bond0 (unregistering): Released all slaves [ 816.993936][ T9491] team0: Port device team_slave_0 added [ 817.094353][ T9491] team0: Port device team_slave_1 added [ 817.403243][ T9491] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 817.411590][ T9491] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 817.438380][ T9491] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 817.500767][ T9491] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 817.510238][ T9491] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 817.536926][ T9491] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 817.684640][ T9603] netlink: 8 bytes leftover after parsing attributes in process `syz.6.910'. [ 818.953048][ T9516] bridge0: port 1(bridge_slave_0) entered blocking state [ 818.960868][ T9516] bridge0: port 1(bridge_slave_0) entered disabled state [ 818.968746][ T9516] bridge_slave_0: entered allmulticast mode [ 818.977883][ T9516] bridge_slave_0: entered promiscuous mode [ 819.219673][ T9516] bridge0: port 2(bridge_slave_1) entered blocking state [ 819.227413][ T9516] bridge0: port 2(bridge_slave_1) entered disabled state [ 819.238857][ T9516] bridge_slave_1: entered allmulticast mode [ 819.248626][ T9516] bridge_slave_1: entered promiscuous mode [ 819.736356][ T4084] hsr_slave_0: left promiscuous mode [ 819.749472][ T4084] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 819.757388][ T4084] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 819.800972][ T4084] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 819.809243][ T4084] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 819.903114][ T4084] veth1_macvtap: left promiscuous mode [ 819.910756][ T4084] veth0_macvtap: left promiscuous mode [ 819.916958][ T4084] veth1_vlan: left promiscuous mode [ 819.922538][ T4084] veth0_vlan: left promiscuous mode [ 820.941748][ T4084] team0 (unregistering): Port device team_slave_1 removed [ 821.054194][ T4084] team0 (unregistering): Port device team_slave_0 removed [ 821.307923][ T4084] team0 (unregistering): Port device dummy0 removed [ 821.531955][ T9516] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 821.702434][ T9516] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 821.729857][ T9491] hsr_slave_0: entered promiscuous mode [ 821.740797][ T9491] hsr_slave_1: entered promiscuous mode [ 822.275323][ T9516] team0: Port device team_slave_0 added [ 822.341865][ T9516] team0: Port device team_slave_1 added [ 823.007079][ T9516] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 823.014453][ T9516] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 823.044293][ T9516] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 823.153976][ T9516] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 823.161394][ T9516] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 823.187984][ T9516] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 825.292305][ T9516] hsr_slave_0: entered promiscuous mode [ 825.301472][ T9516] hsr_slave_1: entered promiscuous mode [ 825.309520][ T9516] debugfs: 'hsr0' already exists in 'hsr' [ 825.315364][ T9516] Cannot create hsr debugfs directory [ 829.794639][ T9491] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 829.948795][ T9491] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 829.982149][ T9663] loop9: detected capacity change from 0 to 7 [ 829.993635][ T9663] buffer_io_error: 3 callbacks suppressed [ 829.993717][ T9663] Buffer I/O error on dev loop9, logical block 0, async page read [ 830.008970][ T9663] Buffer I/O error on dev loop9, logical block 0, async page read [ 830.017205][ T9663] Buffer I/O error on dev loop9, logical block 0, async page read [ 830.025552][ T9663] Buffer I/O error on dev loop9, logical block 0, async page read [ 830.033828][ T9663] Buffer I/O error on dev loop9, logical block 0, async page read [ 830.042094][ T9663] Buffer I/O error on dev loop9, logical block 0, async page read [ 830.050712][ T9663] Buffer I/O error on dev loop9, logical block 0, async page read [ 830.058825][ T9663] ldm_validate_partition_table(): Disk read failed. [ 830.065857][ T9663] Buffer I/O error on dev loop9, logical block 0, async page read [ 830.073967][ T9663] Buffer I/O error on dev loop9, logical block 0, async page read [ 830.082362][ T9663] Buffer I/O error on dev loop9, logical block 0, async page read [ 830.094332][ T9663] Dev loop9: unable to read RDB block 0 [ 830.101414][ T9663] loop9: unable to read partition table [ 830.110040][ T9663] loop9: partition table beyond EOD, truncated [ 830.116604][ T9663] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 830.116604][ T9663] ) failed (rc=-5) [ 830.200883][ T9491] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 830.474227][ T5865] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 830.595071][ T9491] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 830.681090][ T5865] usb 7-1: Using ep0 maxpacket: 32 [ 830.741612][ T5865] usb 7-1: config 0 interface 0 has no altsetting 0 [ 830.748789][ T5865] usb 7-1: New USB device found, idVendor=1b1c, idProduct=1c0d, bcdDevice= 0.00 [ 830.758288][ T5865] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 830.820793][ T5865] usb 7-1: config 0 descriptor?? [ 831.881218][ T9516] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 832.210890][ T9516] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 832.548474][ T9516] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 832.668292][ T9516] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 833.008230][ T9491] 8021q: adding VLAN 0 to HW filter on device bond0 [ 833.256580][ T9491] 8021q: adding VLAN 0 to HW filter on device team0 [ 833.318738][ T5865] usbhid 7-1:0.0: can't add hid device: -71 [ 833.331844][ T5865] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 833.388680][ T5865] usb 7-1: USB disconnect, device number 4 [ 833.389065][ T196] bridge0: port 1(bridge_slave_0) entered blocking state [ 833.402307][ T196] bridge0: port 1(bridge_slave_0) entered forwarding state [ 833.551679][ T196] bridge0: port 2(bridge_slave_1) entered blocking state [ 833.559390][ T196] bridge0: port 2(bridge_slave_1) entered forwarding state [ 835.507652][ T9516] 8021q: adding VLAN 0 to HW filter on device bond0 [ 835.978968][ T9516] 8021q: adding VLAN 0 to HW filter on device team0 [ 836.104626][ T4084] bridge0: port 1(bridge_slave_0) entered blocking state [ 836.112380][ T4084] bridge0: port 1(bridge_slave_0) entered forwarding state [ 836.240028][ T4084] bridge0: port 2(bridge_slave_1) entered blocking state [ 836.247769][ T4084] bridge0: port 2(bridge_slave_1) entered forwarding state [ 836.927134][ T9516] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 836.937958][ T9516] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 838.816892][ T9491] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 841.023714][ T5815] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 841.079801][ T5815] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 841.092227][ T5815] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 841.198739][ T5815] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 841.243896][ T5815] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 842.284229][ T9516] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 842.506558][ T5868] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 842.843614][ T5868] usb 8-1: Using ep0 maxpacket: 32 [ 842.919022][ T5868] usb 8-1: config 0 interface 0 has no altsetting 0 [ 842.927571][ T5868] usb 8-1: New USB device found, idVendor=1b1c, idProduct=1c0d, bcdDevice= 0.00 [ 842.937625][ T5868] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 843.184410][ T5868] usb 8-1: config 0 descriptor?? [ 843.427725][ T7838] Bluetooth: hci2: command tx timeout [ 844.850754][ T9707] chnl_net:caif_netlink_parms(): no params data found [ 845.506972][ T7838] Bluetooth: hci2: command tx timeout [ 846.876431][ T5868] usbhid 8-1:0.0: can't add hid device: -71 [ 846.887119][ T5868] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 846.959983][ T5868] usb 8-1: USB disconnect, device number 5 [ 847.625379][ T7838] Bluetooth: hci2: command tx timeout [ 847.979880][ T9707] bridge0: port 1(bridge_slave_0) entered blocking state [ 847.989436][ T9707] bridge0: port 1(bridge_slave_0) entered disabled state [ 847.997501][ T9707] bridge_slave_0: entered allmulticast mode [ 848.012257][ T9707] bridge_slave_0: entered promiscuous mode [ 848.233563][ T9707] bridge0: port 2(bridge_slave_1) entered blocking state [ 848.241797][ T9707] bridge0: port 2(bridge_slave_1) entered disabled state [ 848.250265][ T9707] bridge_slave_1: entered allmulticast mode [ 848.260421][ T9707] bridge_slave_1: entered promiscuous mode [ 849.189883][ T9747] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 849.202920][ T9747] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 849.243786][ T9747] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 849.258623][ T9747] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 849.316793][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 849.323475][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 849.375590][ T9747] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 849.671889][ T9747] Bluetooth: hci2: command tx timeout [ 849.967407][ T7838] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 849.991617][ T7838] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 850.002866][ T7838] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 850.021106][ T7838] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 850.031970][ T7838] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 850.221650][ T9707] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 850.404802][ T9707] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 850.922617][ T9707] team0: Port device team_slave_0 added [ 851.120662][ T9707] team0: Port device team_slave_1 added [ 851.435662][ T7838] Bluetooth: hci1: command tx timeout [ 851.599321][ T9707] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 851.606663][ T9707] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 851.632998][ T9707] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 851.907811][ T9707] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 851.914986][ T9707] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 851.941521][ T9707] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 852.250172][ T7838] Bluetooth: hci5: command tx timeout [ 852.809606][ T7884] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 852.847805][ T9707] hsr_slave_0: entered promiscuous mode [ 852.869753][ T9707] hsr_slave_1: entered promiscuous mode [ 852.883933][ T9707] debugfs: 'hsr0' already exists in 'hsr' [ 852.890086][ T9707] Cannot create hsr debugfs directory [ 853.096248][ T7884] usb 7-1: Using ep0 maxpacket: 32 [ 853.175336][ T7884] usb 7-1: config 0 interface 0 has no altsetting 0 [ 853.182661][ T7884] usb 7-1: New USB device found, idVendor=1b1c, idProduct=1c0d, bcdDevice= 0.00 [ 853.192185][ T7884] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 853.269904][ T9742] chnl_net:caif_netlink_parms(): no params data found [ 853.271333][ T7884] usb 7-1: config 0 descriptor?? [ 853.399175][ T9772] loop9: detected capacity change from 0 to 7 [ 853.416990][ T9772] buffer_io_error: 4 callbacks suppressed [ 853.417077][ T9772] Buffer I/O error on dev loop9, logical block 0, async page read [ 853.432231][ T9772] Buffer I/O error on dev loop9, logical block 0, async page read [ 853.447281][ T9772] Buffer I/O error on dev loop9, logical block 0, async page read [ 853.456435][ T9772] Buffer I/O error on dev loop9, logical block 0, async page read [ 853.464572][ T9772] Buffer I/O error on dev loop9, logical block 0, async page read [ 853.474231][ T9772] Buffer I/O error on dev loop9, logical block 0, async page read [ 853.483496][ T9772] Buffer I/O error on dev loop9, logical block 0, async page read [ 853.492924][ T9772] ldm_validate_partition_table(): Disk read failed. [ 853.500166][ T9772] Buffer I/O error on dev loop9, logical block 0, async page read [ 853.506672][ T7838] Bluetooth: hci1: command tx timeout [ 853.508902][ T9772] Buffer I/O error on dev loop9, logical block 0, async page read [ 853.522160][ T9772] Buffer I/O error on dev loop9, logical block 0, async page read [ 853.530926][ T9772] Dev loop9: unable to read RDB block 0 [ 853.540023][ T9772] loop9: unable to read partition table [ 853.558554][ T9772] loop9: partition table beyond EOD, truncated [ 853.565267][ T9772] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 853.565267][ T9772] ) failed (rc=-5) [ 853.673084][ T9748] chnl_net:caif_netlink_parms(): no params data found [ 854.306394][ T7838] Bluetooth: hci5: command tx timeout [ 854.482311][ T35] bridge_slave_1: left allmulticast mode [ 854.488667][ T35] bridge_slave_1: left promiscuous mode [ 854.496212][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 854.547638][ T35] bridge_slave_0: left allmulticast mode [ 854.553693][ T35] bridge_slave_0: left promiscuous mode [ 854.566757][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 855.221969][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 855.311520][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 855.420778][ T35] bond0 (unregistering): Released all slaves [ 855.620257][ T7838] Bluetooth: hci1: command tx timeout [ 856.036221][ T35] hsr_slave_0: left promiscuous mode [ 856.084354][ T35] hsr_slave_1: left promiscuous mode [ 856.093072][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 856.151575][ T7884] usbhid 7-1:0.0: can't add hid device: -71 [ 856.158956][ T7884] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 856.193288][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 856.396926][ T7838] Bluetooth: hci5: command tx timeout [ 856.906727][ T7884] usb 7-1: USB disconnect, device number 5 [ 857.409110][ T35] team0 (unregistering): Port device team_slave_1 removed [ 857.445879][ T35] team0 (unregistering): Port device team_slave_0 removed [ 857.676142][ T7838] Bluetooth: hci1: command tx timeout [ 858.243091][ T9707] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 858.396428][ T9707] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 858.481341][ T7838] Bluetooth: hci5: command tx timeout [ 858.768797][ T9707] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 859.185777][ T9707] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 859.210123][ T9748] bridge0: port 1(bridge_slave_0) entered blocking state [ 859.218042][ T9748] bridge0: port 1(bridge_slave_0) entered disabled state [ 859.226149][ T9748] bridge_slave_0: entered allmulticast mode [ 859.236285][ T9748] bridge_slave_0: entered promiscuous mode [ 859.261568][ T9742] bridge0: port 1(bridge_slave_0) entered blocking state [ 859.276929][ T9742] bridge0: port 1(bridge_slave_0) entered disabled state [ 859.284861][ T9742] bridge_slave_0: entered allmulticast mode [ 859.294980][ T9742] bridge_slave_0: entered promiscuous mode [ 859.347927][ T9748] bridge0: port 2(bridge_slave_1) entered blocking state [ 859.355698][ T9748] bridge0: port 2(bridge_slave_1) entered disabled state [ 859.363510][ T9748] bridge_slave_1: entered allmulticast mode [ 859.378568][ T9748] bridge_slave_1: entered promiscuous mode [ 862.097387][ T9742] bridge0: port 2(bridge_slave_1) entered blocking state [ 862.105094][ T9742] bridge0: port 2(bridge_slave_1) entered disabled state [ 862.113188][ T9742] bridge_slave_1: entered allmulticast mode [ 862.123147][ T9742] bridge_slave_1: entered promiscuous mode [ 862.199876][ T9748] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 862.488302][ T9748] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 863.026880][ T35] bridge_slave_1: left allmulticast mode [ 863.033087][ T35] bridge_slave_1: left promiscuous mode [ 863.039976][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 863.156121][ T35] bridge_slave_0: left allmulticast mode [ 863.168530][ T35] bridge_slave_0: left promiscuous mode [ 863.175271][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 864.600523][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 864.641267][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 864.673499][ T35] bond0 (unregistering): Released all slaves [ 864.722707][ T9742] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 864.833638][ T9748] team0: Port device team_slave_0 added [ 864.868491][ T9742] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 864.972367][ T35] hsr_slave_0: left promiscuous mode [ 864.994227][ T35] hsr_slave_1: left promiscuous mode [ 865.002914][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 865.066288][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 866.558794][ T35] team0 (unregistering): Port device team_slave_1 removed [ 866.663976][ T35] team0 (unregistering): Port device team_slave_0 removed [ 867.089648][ T9748] team0: Port device team_slave_1 added [ 867.489475][ T7838] Bluetooth: hci6: unexpected event for opcode 0x0c46 [ 868.608752][ T9742] team0: Port device team_slave_0 added [ 868.689220][ T9742] team0: Port device team_slave_1 added [ 869.015027][ T9748] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 869.023960][ T9748] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 869.050764][ T9748] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 869.129615][ T9742] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 869.137796][ T9742] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 869.164864][ T9742] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 869.187437][ T9748] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 869.194852][ T9748] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 869.226638][ T9748] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 869.354481][ T9742] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 869.354567][ T9742] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 869.354732][ T9742] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 869.669005][ T9707] 8021q: adding VLAN 0 to HW filter on device bond0 [ 869.902725][ T9748] hsr_slave_0: entered promiscuous mode [ 869.913894][ T9748] hsr_slave_1: entered promiscuous mode [ 869.957069][ T9742] hsr_slave_0: entered promiscuous mode [ 869.967976][ T9742] hsr_slave_1: entered promiscuous mode [ 869.977238][ T9742] debugfs: 'hsr0' already exists in 'hsr' [ 869.983178][ T9742] Cannot create hsr debugfs directory [ 870.179820][ T9707] 8021q: adding VLAN 0 to HW filter on device team0 [ 870.546254][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 870.553824][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 870.715154][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 870.722894][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 873.377518][ T9748] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 873.550493][ T9748] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 873.626737][ T9748] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 873.757469][ T9748] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 873.853492][ T9742] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 873.972028][ T9707] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 873.998491][ T9742] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 874.122051][ T9742] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 874.217155][ T9742] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 875.168537][ T9748] 8021q: adding VLAN 0 to HW filter on device bond0 [ 875.405995][ T9748] 8021q: adding VLAN 0 to HW filter on device team0 [ 875.507852][ T4530] bridge0: port 1(bridge_slave_0) entered blocking state [ 875.515593][ T4530] bridge0: port 1(bridge_slave_0) entered forwarding state [ 875.558724][ T9742] 8021q: adding VLAN 0 to HW filter on device bond0 [ 875.666198][ T4530] bridge0: port 2(bridge_slave_1) entered blocking state [ 875.673766][ T4530] bridge0: port 2(bridge_slave_1) entered forwarding state [ 876.028877][ T9742] 8021q: adding VLAN 0 to HW filter on device team0 [ 876.422142][ T9748] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 876.433045][ T9748] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 876.579898][ T4530] bridge0: port 1(bridge_slave_0) entered blocking state [ 876.587597][ T4530] bridge0: port 1(bridge_slave_0) entered forwarding state [ 876.613059][ T4530] bridge0: port 2(bridge_slave_1) entered blocking state [ 876.620845][ T4530] bridge0: port 2(bridge_slave_1) entered forwarding state [ 879.120584][ T9742] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 879.789128][ T9707] veth0_vlan: entered promiscuous mode [ 879.917320][ T9707] veth1_vlan: entered promiscuous mode [ 880.409760][ T9707] veth0_macvtap: entered promiscuous mode [ 880.524101][ T9707] veth1_macvtap: entered promiscuous mode [ 880.848649][ T9707] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 880.999592][ T9707] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 881.124144][ T3825] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 881.149441][ T3825] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 881.213528][ T9748] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 881.242140][ T3825] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 881.296257][ T3825] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 881.412544][ T9742] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 882.635092][ T9092] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 882.886787][ T9092] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 882.895077][ T9092] usb 7-1: config 0 has no interface number 0 [ 882.967263][ T9092] usb 7-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 882.976866][ T9092] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 882.985115][ T9092] usb 7-1: Product: syz [ 882.990231][ T9092] usb 7-1: Manufacturer: syz [ 882.995063][ T9092] usb 7-1: SerialNumber: syz [ 883.103069][ T9092] usb 7-1: config 0 descriptor?? [ 883.369866][ T9092] usb 7-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 883.414106][ T9092] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 883.429176][ T9092] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 883.446977][ T9092] usb 7-1: media controller created [ 883.585308][ T9092] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 884.041242][ T9092] i2c i2c-1: ec100: i2c rd failed=-32 reg=33 [ 884.061409][ T9748] veth0_vlan: entered promiscuous mode [ 884.217465][ T9748] veth1_vlan: entered promiscuous mode [ 884.630964][ T9742] veth0_vlan: entered promiscuous mode [ 884.753169][ T9748] veth0_macvtap: entered promiscuous mode [ 884.799439][ T9742] veth1_vlan: entered promiscuous mode [ 884.961619][ T9748] veth1_macvtap: entered promiscuous mode [ 885.104339][ T9945] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22) [ 885.119491][ T9092] usb 7-1: USB disconnect, device number 6 [ 885.889255][ T9742] veth0_macvtap: entered promiscuous mode [ 885.921715][ T9748] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 886.107005][ T9742] veth1_macvtap: entered promiscuous mode [ 886.197104][ T9742] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 886.232197][ T9742] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 886.333151][ T9748] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 886.352222][ T3894] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 886.427349][ T3894] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 886.479555][ T3894] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 886.566228][ T3894] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 886.575324][ T3894] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 886.679364][ T3894] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 886.701628][ T4530] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 886.761419][ T3796] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 887.701240][ T9960] netlink: 'syz.7.994': attribute type 4 has an invalid length. [ 888.357284][ T9969] snd_dummy snd_dummy.0: control 5:65279:0:syz0:0 is already present [ 890.271145][ T3894] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 890.279640][ T3894] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 890.375971][ T9997] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22) [ 891.083718][ T3994] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 891.092083][ T3994] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 891.860154][T10010] veth0_vlan: entered allmulticast mode [ 892.388843][T10016] snd_dummy snd_dummy.0: control 5:65279:0:syz0:0 is already present [ 894.447684][T10034] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22) [ 895.550742][ T3994] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 895.558997][ T3994] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 896.819772][ T9576] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 896.828038][ T9576] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 896.847619][ T3994] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 896.861025][ T3994] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 897.108569][ T9576] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 897.117250][ T9576] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 897.387070][T10055] snd_dummy snd_dummy.0: control 5:65279:0:syz0:0 is already present [ 898.419636][T10058] netlink: 'syz.8.878': attribute type 10 has an invalid length. [ 898.510400][T10058] team0: Port device dummy0 added [ 899.303983][T10070] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22) [ 899.384291][T10072] F2FS-fs (loop17): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 899.392834][T10072] F2FS-fs (loop17): Can't find valid F2FS filesystem in 1th superblock [ 899.402234][T10072] F2FS-fs (loop17): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 899.417704][T10072] F2FS-fs (loop17): Can't find valid F2FS filesystem in 2th superblock [ 902.573362][T10086] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1027'. [ 904.324567][T10090] netdevsim netdevsim7: Direct firmware load for failed with error -2 [ 904.340544][T10090] netdevsim netdevsim7: Falling back to sysfs fallback for: [ 907.285260][T10108] snd_dummy snd_dummy.0: control 5:65279:0:syz0:0 is already present [ 907.416010][T10107] netlink: 'syz.5.1031': attribute type 10 has an invalid length. [ 907.523203][T10107] team0: Port device dummy0 added [ 908.335991][T10120] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22) [ 911.449319][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 911.456153][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 912.116915][T10139] netdevsim netdevsim7: Direct firmware load for failed with error -2 [ 912.128649][T10139] netdevsim netdevsim7: Falling back to sysfs fallback for: [ 915.276438][T10154] netlink: 'syz.6.1047': attribute type 10 has an invalid length. [ 915.476334][T10157] IPVS: set_ctl: invalid protocol: 2 10.1.1.2:0 [ 916.901987][T10167] snd_dummy snd_dummy.0: control 5:65279:0:syz0:0 is already present [ 922.466469][ T7838] Bluetooth: hci1: unexpected cc 0x0809 length: 68 > 4 [ 923.924699][T10191] netdevsim netdevsim9: Direct firmware load for failed with error -2 [ 923.933647][T10191] netdevsim netdevsim9: Falling back to sysfs fallback for: [ 924.918596][T10189] netlink: 'syz.8.1062': attribute type 10 has an invalid length. [ 938.856442][T10230] snd_dummy snd_dummy.0: control 5:65279:0:syz0:0 is already present [ 939.489906][T10234] netdevsim netdevsim9: Direct firmware load for failed with error -2 [ 939.499020][T10234] netdevsim netdevsim9: Falling back to sysfs fallback for: [ 939.765208][ T9747] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 939.780132][ T9747] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 939.797122][ T9747] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 939.840575][ T9747] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 939.871937][ T9747] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 942.576912][ T9747] Bluetooth: hci3: command tx timeout [ 944.629333][ T9747] Bluetooth: hci3: command tx timeout [ 945.536676][T10255] loop9: detected capacity change from 0 to 7 [ 945.543776][T10255] buffer_io_error: 4 callbacks suppressed [ 945.543834][T10255] Buffer I/O error on dev loop9, logical block 0, async page read [ 945.558035][T10255] Buffer I/O error on dev loop9, logical block 0, async page read [ 945.566221][T10255] Buffer I/O error on dev loop9, logical block 0, async page read [ 945.574248][T10255] Buffer I/O error on dev loop9, logical block 0, async page read [ 945.582391][T10255] Buffer I/O error on dev loop9, logical block 0, async page read [ 945.590794][T10255] Buffer I/O error on dev loop9, logical block 0, async page read [ 945.606470][T10255] Buffer I/O error on dev loop9, logical block 0, async page read [ 945.614505][T10255] ldm_validate_partition_table(): Disk read failed. [ 945.623201][T10255] Buffer I/O error on dev loop9, logical block 0, async page read [ 945.631376][T10255] Buffer I/O error on dev loop9, logical block 0, async page read [ 945.639506][T10255] Buffer I/O error on dev loop9, logical block 0, async page read [ 945.647710][T10255] Dev loop9: unable to read RDB block 0 [ 945.653737][T10255] loop9: unable to read partition table [ 945.660239][T10255] loop9: partition table beyond EOD, truncated [ 945.666678][T10255] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 945.666678][T10255] ) failed (rc=-5) [ 946.159829][T10237] chnl_net:caif_netlink_parms(): no params data found [ 946.797724][ T9747] Bluetooth: hci3: command tx timeout [ 948.878640][ T9747] Bluetooth: hci3: command tx timeout [ 951.765013][T10237] bridge0: port 1(bridge_slave_0) entered blocking state [ 951.774540][T10237] bridge0: port 1(bridge_slave_0) entered disabled state [ 951.784278][T10237] bridge_slave_0: entered allmulticast mode [ 951.801853][T10237] bridge_slave_0: entered promiscuous mode [ 951.863763][ T9092] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 951.911049][T10237] bridge0: port 2(bridge_slave_1) entered blocking state [ 951.918671][T10237] bridge0: port 2(bridge_slave_1) entered disabled state [ 951.926542][T10237] bridge_slave_1: entered allmulticast mode [ 951.936665][T10237] bridge_slave_1: entered promiscuous mode [ 952.188627][ T9092] usb 7-1: Using ep0 maxpacket: 16 [ 954.801205][T10293] snd_dummy snd_dummy.0: control 5:65279:0:syz0:0 is already present [ 955.203672][T10237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 955.254426][T10237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 955.600745][ T9092] usb 7-1: device descriptor read/all, error -71 [ 955.619639][T10237] team0: Port device team_slave_0 added [ 955.704227][T10237] team0: Port device team_slave_1 added [ 957.030621][T10301] loop9: detected capacity change from 0 to 7 [ 958.006396][T10301] buffer_io_error: 4 callbacks suppressed [ 958.006487][T10301] Buffer I/O error on dev loop9, logical block 0, async page read [ 958.020662][T10301] Buffer I/O error on dev loop9, logical block 0, async page read [ 958.029004][T10301] Buffer I/O error on dev loop9, logical block 0, async page read [ 958.037346][T10301] Buffer I/O error on dev loop9, logical block 0, async page read [ 958.045757][T10301] Buffer I/O error on dev loop9, logical block 0, async page read [ 958.054120][T10301] Buffer I/O error on dev loop9, logical block 0, async page read [ 958.062581][T10301] Buffer I/O error on dev loop9, logical block 0, async page read [ 958.071606][T10301] ldm_validate_partition_table(): Disk read failed. [ 958.078778][T10301] Buffer I/O error on dev loop9, logical block 0, async page read [ 958.097720][T10301] Buffer I/O error on dev loop9, logical block 0, async page read [ 958.106028][T10301] Buffer I/O error on dev loop9, logical block 0, async page read [ 958.114132][T10301] Dev loop9: unable to read RDB block 0 [ 958.120355][T10301] loop9: unable to read partition table [ 958.944628][T10237] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 958.952819][T10237] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 958.979345][T10237] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 959.079527][T10237] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 959.086836][T10237] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 959.120150][T10237] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 959.161034][T10301] loop9: partition table beyond EOD, truncated [ 959.168023][T10301] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 959.168023][T10301] ) failed (rc=-5) [ 959.987999][T10237] hsr_slave_0: entered promiscuous mode [ 959.997407][T10237] hsr_slave_1: entered promiscuous mode [ 960.005674][T10237] debugfs: 'hsr0' already exists in 'hsr' [ 960.011514][T10237] Cannot create hsr debugfs directory [ 960.624682][T10320] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 964.456220][ T9747] Bluetooth: hci2: command 0x0406 tx timeout [ 969.770746][T10349] snd_dummy snd_dummy.0: control 5:65279:0:syz0:0 is already present [ 970.404633][T10237] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 970.630302][T10237] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 970.766940][T10237] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 970.846327][T10237] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 971.060351][T10359] overlay: ./file0 is not a directory [ 972.210029][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 972.216783][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 975.334918][ T9747] Bluetooth: hci1: command 0x0406 tx timeout [ 975.341634][ T9747] Bluetooth: hci5: command 0x0406 tx timeout [ 978.850116][ T9747] Bluetooth: hci2: unexpected event for opcode 0x0c46 [ 980.766526][ T3863] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 983.214918][ T3863] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 983.680605][ T3863] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 983.783178][ T3863] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 983.916643][T10237] 8021q: adding VLAN 0 to HW filter on device bond0 [ 984.111635][T10237] 8021q: adding VLAN 0 to HW filter on device team0 [ 984.224172][ T3994] bridge0: port 1(bridge_slave_0) entered blocking state [ 984.231965][ T3994] bridge0: port 1(bridge_slave_0) entered forwarding state [ 984.320480][ T3994] bridge0: port 2(bridge_slave_1) entered blocking state [ 984.328212][ T3994] bridge0: port 2(bridge_slave_1) entered forwarding state [ 984.500469][ T3863] bridge_slave_1: left allmulticast mode [ 984.515697][ T3863] bridge_slave_1: left promiscuous mode [ 984.522522][ T3863] bridge0: port 2(bridge_slave_1) entered disabled state [ 984.548272][T10401] snd_dummy snd_dummy.0: control 5:65279:0:syz0:0 is already present [ 984.549527][ T3863] bridge_slave_0: left allmulticast mode [ 984.562940][ T3863] bridge_slave_0: left promiscuous mode [ 984.570519][ T3863] bridge0: port 1(bridge_slave_0) entered disabled state [ 985.391386][ T3863] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 985.498176][ T3863] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 985.582732][ T3863] bond0 (unregistering): Released all slaves [ 986.480553][T10411] loop6: detected capacity change from 0 to 63 [ 986.665701][T10413] buffer_io_error: 4 callbacks suppressed [ 986.665784][T10413] Buffer I/O error on dev loop6, logical block 0, async page read [ 986.680216][T10413] Buffer I/O error on dev loop6, logical block 0, async page read [ 986.688871][T10413] Buffer I/O error on dev loop6, logical block 0, async page read [ 989.201961][ T9747] Bluetooth: hci6: unexpected event for opcode 0x0c46 [ 990.490664][ T3863] hsr_slave_0: left promiscuous mode [ 990.567197][ T3863] hsr_slave_1: left promiscuous mode [ 990.575837][ T3863] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 990.583444][ T3863] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 990.718514][ T3863] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 990.727083][ T3863] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 990.906603][ T3863] veth1_macvtap: left promiscuous mode [ 990.912387][ T3863] veth0_macvtap: left promiscuous mode [ 990.916747][T10438] netlink: 52 bytes leftover after parsing attributes in process `syz.8.1131'. [ 990.918570][ T3863] veth1_vlan: left promiscuous mode [ 990.927307][T10438] netlink: 16 bytes leftover after parsing attributes in process `syz.8.1131'. [ 990.932604][ T3863] veth0_vlan: left promiscuous mode [ 990.942217][T10438] netlink: 52 bytes leftover after parsing attributes in process `syz.8.1131'. [ 992.150980][ T3863] team0 (unregistering): Port device team_slave_1 removed [ 992.321865][ T3863] team0 (unregistering): Port device team_slave_0 removed [ 994.259621][T10462] snd_dummy snd_dummy.0: control 5:65279:0:syz0:0 is already present [ 999.234389][T10237] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1000.420797][T10482] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1144'. [ 1000.430240][T10482] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1144'. [ 1000.439730][T10482] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1144'. [ 1000.600403][ T9747] Bluetooth: hci2: unexpected event for opcode 0x0c46 [ 1001.596286][ T7838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1001.619302][ T7838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1001.629065][ T7838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1001.644007][ T7838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1001.687410][ T7838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1003.771512][T10490] chnl_net:caif_netlink_parms(): no params data found [ 1003.846103][ T7838] Bluetooth: hci0: command tx timeout [ 1005.303185][T10516] snd_dummy snd_dummy.0: control 5:65279:0:syz0:0 is already present [ 1005.925870][ T7838] Bluetooth: hci0: command tx timeout [ 1006.907608][T10526] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1156'. [ 1006.916990][T10526] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1156'. [ 1006.926434][T10526] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1156'. [ 1007.478079][ T7838] Bluetooth: hci5: unexpected event for opcode 0x0c46 [ 1007.543793][T10490] bridge0: port 1(bridge_slave_0) entered blocking state [ 1007.560118][T10490] bridge0: port 1(bridge_slave_0) entered disabled state [ 1007.568094][T10490] bridge_slave_0: entered allmulticast mode [ 1007.577653][T10490] bridge_slave_0: entered promiscuous mode [ 1007.699864][T10490] bridge0: port 2(bridge_slave_1) entered blocking state [ 1007.707886][T10490] bridge0: port 2(bridge_slave_1) entered disabled state [ 1007.716042][T10490] bridge_slave_1: entered allmulticast mode [ 1007.726423][T10490] bridge_slave_1: entered promiscuous mode [ 1008.036154][ T7838] Bluetooth: hci0: command tx timeout [ 1008.201207][T10490] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1008.359255][T10490] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1008.538152][T10101] bridge_slave_1: left allmulticast mode [ 1008.544267][T10101] bridge_slave_1: left promiscuous mode [ 1008.551292][T10101] bridge0: port 2(bridge_slave_1) entered disabled state [ 1008.598987][T10101] bridge_slave_0: left allmulticast mode [ 1008.605015][T10101] bridge_slave_0: left promiscuous mode [ 1008.612114][T10101] bridge0: port 1(bridge_slave_0) entered disabled state [ 1009.216918][T10101] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1009.259202][T10101] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1009.385677][T10101] bond0 (unregistering): Released all slaves [ 1009.511445][T10490] team0: Port device team_slave_0 added [ 1009.587587][T10490] team0: Port device team_slave_1 added [ 1009.858253][T10101] hsr_slave_0: left promiscuous mode [ 1009.918912][T10101] hsr_slave_1: left promiscuous mode [ 1009.927649][T10101] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1009.993477][T10101] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1010.079528][ T7838] Bluetooth: hci0: command tx timeout [ 1011.086537][T10565] netlink: 52 bytes leftover after parsing attributes in process `syz.8.1169'. [ 1011.101225][T10565] netlink: 16 bytes leftover after parsing attributes in process `syz.8.1169'. [ 1011.111992][T10565] netlink: 52 bytes leftover after parsing attributes in process `syz.8.1169'. [ 1011.248937][T10101] team0 (unregistering): Port device team_slave_1 removed [ 1011.317254][T10101] team0 (unregistering): Port device team_slave_0 removed [ 1012.210364][T10490] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1012.217787][T10490] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1012.244444][T10490] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1014.097397][T10490] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1014.111352][T10490] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1014.139272][T10490] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1014.466979][ T7838] Bluetooth: hci2: unexpected event for opcode 0x0c46 [ 1014.623895][T10490] hsr_slave_0: entered promiscuous mode [ 1014.634982][T10490] hsr_slave_1: entered promiscuous mode [ 1014.643255][T10490] debugfs: 'hsr0' already exists in 'hsr' [ 1014.649250][T10490] Cannot create hsr debugfs directory [ 1016.838440][T10490] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1016.842531][T10602] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1184'. [ 1016.855032][T10602] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1184'. [ 1016.870781][T10602] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1184'. [ 1016.935142][T10490] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1017.084261][T10490] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1018.531349][T10490] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1020.196793][ T7838] Bluetooth: hci2: unexpected event for opcode 0x0c46 [ 1020.667955][T10617] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1187'. [ 1021.310308][T10624] capability: warning: `syz.5.1190' uses 32-bit capabilities (legacy support in use) [ 1021.364259][T10490] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1021.376329][T10627] snd_dummy snd_dummy.0: control 5:65279:0:syz0:0 is already present [ 1021.514155][T10490] 8021q: adding VLAN 0 to HW filter on device team0 [ 1021.583687][ T9576] bridge0: port 1(bridge_slave_0) entered blocking state [ 1021.591384][ T9576] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1021.705260][ T9576] bridge0: port 2(bridge_slave_1) entered blocking state [ 1021.713005][ T9576] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1025.193743][T10490] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1025.377124][T10654] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1199'. [ 1026.277624][T10490] veth0_vlan: entered promiscuous mode [ 1026.280379][ T7838] Bluetooth: hci5: unexpected event for opcode 0x0c46 [ 1026.414213][T10490] veth1_vlan: entered promiscuous mode [ 1026.829788][T10490] veth0_macvtap: entered promiscuous mode [ 1026.924391][T10490] veth1_macvtap: entered promiscuous mode [ 1027.169194][T10490] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1027.271470][T10490] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1027.471995][ T3825] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1027.555136][ T3825] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1027.628773][ T3825] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1027.688044][ T3825] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1027.728889][T10674] netlink: 52 bytes leftover after parsing attributes in process `syz.8.1207'. [ 1027.739396][T10674] netlink: 16 bytes leftover after parsing attributes in process `syz.8.1207'. [ 1027.748785][T10674] netlink: 52 bytes leftover after parsing attributes in process `syz.8.1207'. [ 1028.242583][T10680] snd_dummy snd_dummy.0: control 5:65279:0:syz0:0 is already present [ 1030.521912][T10696] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1212'. [ 1032.032765][T10701] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 1032.525903][ T7838] Bluetooth: hci6: unexpected event for opcode 0x0c46 [ 1033.596985][ T5897] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 1033.629923][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 1033.636938][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 1033.847271][ T5897] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1033.858753][ T5897] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1033.874285][ T5897] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1033.885626][ T5897] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1033.981280][ T5897] usb 6-1: config 0 descriptor?? [ 1034.184635][T10736] snd_dummy snd_dummy.0: control 5:65279:0:syz0:0 is already present [ 1035.258093][ T5897] uclogic 0003:256C:006D.0004: failed retrieving Huion firmware version: -71 [ 1035.267815][ T5897] uclogic 0003:256C:006D.0004: failed probing parameters: -71 [ 1035.276056][ T5897] uclogic 0003:256C:006D.0004: probe with driver uclogic failed with error -71 [ 1035.365153][ T5897] usb 6-1: USB disconnect, device number 2 [ 1036.135770][T10752] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 1040.160160][ T3825] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1040.168435][ T3825] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1040.975955][ T4530] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1040.984026][ T4530] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1041.684038][T10783] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1069'. [ 1042.601353][T10795] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 1042.689147][T10798] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=640 (1280 ns) > initial count (34 ns). Using initial count to start timer. [ 1060.048296][ T9747] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1060.085131][ T9747] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1060.189175][ T9747] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1060.230231][ T9747] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1060.310554][ T9747] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1061.976196][ T7838] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1062.005168][ T7838] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1062.015586][ T7838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1062.098438][ T7838] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1062.156958][ T7838] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1062.466057][ T9747] Bluetooth: hci3: command tx timeout [ 1062.606977][T10887] chnl_net:caif_netlink_parms(): no params data found [ 1064.225800][ T9747] Bluetooth: hci4: command tx timeout [ 1064.555724][ T9747] Bluetooth: hci3: command tx timeout [ 1066.358578][ T9747] Bluetooth: hci4: command tx timeout [ 1066.653003][ T9747] Bluetooth: hci3: command tx timeout [ 1068.003247][T10904] chnl_net:caif_netlink_parms(): no params data found [ 1068.432137][ T9747] Bluetooth: hci4: command tx timeout [ 1068.536513][T10887] bridge0: port 1(bridge_slave_0) entered blocking state [ 1068.543992][T10887] bridge0: port 1(bridge_slave_0) entered disabled state [ 1068.551933][T10887] bridge_slave_0: entered allmulticast mode [ 1068.560909][T10887] bridge_slave_0: entered promiscuous mode [ 1068.710910][ T9747] Bluetooth: hci3: command tx timeout [ 1068.731639][T10887] bridge0: port 2(bridge_slave_1) entered blocking state [ 1068.739422][T10887] bridge0: port 2(bridge_slave_1) entered disabled state [ 1068.748818][T10887] bridge_slave_1: entered allmulticast mode [ 1068.758311][T10887] bridge_slave_1: entered promiscuous mode [ 1068.899473][T10887] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1068.952183][T10887] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1068.977463][T10938] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 1069.656272][T10887] team0: Port device team_slave_0 added [ 1069.740994][T10887] team0: Port device team_slave_1 added [ 1070.387332][T10887] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1070.394515][T10887] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1070.428708][T10887] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1070.464787][T10950] loop9: detected capacity change from 0 to 7 [ 1070.495008][T10887] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1070.502480][T10887] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1070.534656][T10887] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1070.557099][ T9747] Bluetooth: hci4: command tx timeout [ 1070.638145][T10950] Buffer I/O error on dev loop9, logical block 0, async page read [ 1070.646630][T10950] Buffer I/O error on dev loop9, logical block 0, async page read [ 1070.654854][T10950] Buffer I/O error on dev loop9, logical block 0, async page read [ 1070.663291][T10950] Buffer I/O error on dev loop9, logical block 0, async page read [ 1070.671779][T10950] Buffer I/O error on dev loop9, logical block 0, async page read [ 1070.680323][T10950] Buffer I/O error on dev loop9, logical block 0, async page read [ 1070.688862][T10950] Buffer I/O error on dev loop9, logical block 0, async page read [ 1070.697126][T10950] ldm_validate_partition_table(): Disk read failed. [ 1070.703937][T10950] Buffer I/O error on dev loop9, logical block 0, async page read [ 1070.712255][T10950] Buffer I/O error on dev loop9, logical block 0, async page read [ 1070.720474][T10950] Buffer I/O error on dev loop9, logical block 0, async page read [ 1070.736805][T10950] Dev loop9: unable to read RDB block 0 [ 1070.742951][T10950] loop9: unable to read partition table [ 1070.985794][T10950] loop9: partition table beyond EOD, truncated [ 1070.992253][T10950] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 1070.992253][T10950] ) failed (rc=-5) [ 1071.032246][ T1861] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1071.281791][ T1861] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1071.571427][T10959] snd_dummy snd_dummy.0: control 5:65279:0:syz0:0 is already present [ 1071.764336][ T1861] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1071.921520][T10887] hsr_slave_0: entered promiscuous mode [ 1071.932479][T10887] hsr_slave_1: entered promiscuous mode [ 1071.941956][T10887] debugfs: 'hsr0' already exists in 'hsr' [ 1071.948165][T10887] Cannot create hsr debugfs directory [ 1072.141327][ T1861] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1072.475144][T10904] bridge0: port 1(bridge_slave_0) entered blocking state [ 1072.485843][T10904] bridge0: port 1(bridge_slave_0) entered disabled state [ 1072.493782][T10904] bridge_slave_0: entered allmulticast mode [ 1072.504086][T10904] bridge_slave_0: entered promiscuous mode [ 1072.740662][T10904] bridge0: port 2(bridge_slave_1) entered blocking state [ 1072.748507][T10904] bridge0: port 2(bridge_slave_1) entered disabled state [ 1072.756753][T10904] bridge_slave_1: entered allmulticast mode [ 1072.767042][T10904] bridge_slave_1: entered promiscuous mode [ 1073.050111][ T1861] bridge_slave_1: left allmulticast mode [ 1073.056341][ T1861] bridge_slave_1: left promiscuous mode [ 1073.063105][ T1861] bridge0: port 2(bridge_slave_1) entered disabled state [ 1073.109154][ T1861] bridge_slave_0: left allmulticast mode [ 1073.115051][ T1861] bridge_slave_0: left promiscuous mode [ 1073.121936][ T1861] bridge0: port 1(bridge_slave_0) entered disabled state [ 1073.843589][ T1861] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1073.926947][ T1861] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1073.950635][ T1861] bond0 (unregistering): Released all slaves [ 1074.364377][T10904] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1074.592178][T10904] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1074.798700][ T1861] hsr_slave_0: left promiscuous mode [ 1074.817388][ T1861] hsr_slave_1: left promiscuous mode [ 1074.834183][ T1861] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1074.841936][ T1861] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1074.909483][ T1861] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1074.917329][ T1861] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1075.014537][ T1861] veth1_macvtap: left promiscuous mode [ 1075.021227][ T1861] veth0_macvtap: left promiscuous mode [ 1075.034192][ T1861] veth1_vlan: left promiscuous mode [ 1075.039953][ T1861] veth0_vlan: left promiscuous mode [ 1075.169473][T10988] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1301'. [ 1075.179634][T10988] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1301'. [ 1075.190180][T10988] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1301'. [ 1075.558025][T10993] loop9: detected capacity change from 0 to 7 [ 1075.580716][T10993] ldm_validate_partition_table(): Disk read failed. [ 1075.588204][T10993] Dev loop9: unable to read RDB block 0 [ 1075.594401][T10993] loop9: unable to read partition table [ 1075.617596][T10993] loop9: partition table beyond EOD, truncated [ 1075.624252][T10993] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 1075.624252][T10993] ) failed (rc=-5) [ 1076.073650][ T1861] team0 (unregistering): Port device team_slave_1 removed [ 1076.139677][ T1861] team0 (unregistering): Port device team_slave_0 removed [ 1076.383300][ T1861] team0 (unregistering): Port device dummy0 removed [ 1076.888132][T10904] team0: Port device team_slave_0 added [ 1077.081053][T10904] team0: Port device team_slave_1 added [ 1077.478538][T10904] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1077.491289][T10904] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1077.519402][T10904] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1077.705729][T10887] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1077.837093][T10904] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1077.844471][T10904] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1077.871081][T10904] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1078.122664][T10887] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1078.383895][ T35] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1078.606415][T10887] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1078.788877][ T35] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1078.908657][T10887] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1079.297984][ T35] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1079.778179][ T35] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1080.002179][T10904] hsr_slave_0: entered promiscuous mode [ 1080.013190][T10904] hsr_slave_1: entered promiscuous mode [ 1081.705634][T10887] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1081.744152][ T35] bridge_slave_1: left allmulticast mode [ 1081.750433][ T35] bridge_slave_1: left promiscuous mode [ 1081.759954][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 1081.832710][ T35] bridge_slave_0: left allmulticast mode [ 1081.840163][ T35] bridge_slave_0: left promiscuous mode [ 1081.850068][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 1083.898116][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1083.962642][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1083.981543][ T35] bond0 (unregistering): Released all slaves [ 1084.014523][T11028] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 1084.068642][T10887] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1084.229465][T10887] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1084.242274][T11029] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1312'. [ 1084.260472][T11029] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1312'. [ 1084.269920][T11029] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1312'. [ 1084.337638][T10887] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1085.136718][ T35] hsr_slave_0: left promiscuous mode [ 1085.158758][ T35] hsr_slave_1: left promiscuous mode [ 1085.172577][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1085.180475][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1085.224285][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1085.232090][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1085.325002][ T35] veth1_macvtap: left promiscuous mode [ 1085.331114][ T35] veth0_macvtap: left promiscuous mode [ 1085.337281][ T35] veth1_vlan: left promiscuous mode [ 1085.342852][ T35] veth0_vlan: left promiscuous mode [ 1086.451272][ T35] team0 (unregistering): Port device team_slave_1 removed [ 1086.489705][ T35] team0 (unregistering): Port device team_slave_0 removed [ 1086.797984][ T35] team0 (unregistering): Port device dummy0 removed [ 1089.963096][T10904] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1090.040308][T10904] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1090.117010][T10904] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1090.376112][T10887] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1090.411573][T10904] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1090.726977][T10887] 8021q: adding VLAN 0 to HW filter on device team0 [ 1090.896128][ T1861] bridge0: port 1(bridge_slave_0) entered blocking state [ 1090.903978][ T1861] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1091.156252][ T1861] bridge0: port 2(bridge_slave_1) entered blocking state [ 1091.164398][ T1861] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1095.059833][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 1095.067459][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 1095.223792][T10904] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1095.399202][T10904] 8021q: adding VLAN 0 to HW filter on device team0 [ 1095.557648][T10101] bridge0: port 1(bridge_slave_0) entered blocking state [ 1095.565214][T10101] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1095.582276][T10101] bridge0: port 2(bridge_slave_1) entered blocking state [ 1095.589959][T10101] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1095.760912][T10887] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1096.454049][T10887] veth0_vlan: entered promiscuous mode [ 1097.323139][T10887] veth1_vlan: entered promiscuous mode [ 1097.639292][T10887] veth0_macvtap: entered promiscuous mode [ 1097.747460][T10887] veth1_macvtap: entered promiscuous mode [ 1098.015834][T10887] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1098.111455][T10887] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1098.256902][ T1861] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1098.334153][ T1861] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1098.399145][ T1861] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1098.450466][ T3768] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1099.040950][T10904] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1099.661330][T10904] veth0_vlan: entered promiscuous mode [ 1099.754865][T10904] veth1_vlan: entered promiscuous mode [ 1100.185673][T10904] veth0_macvtap: entered promiscuous mode [ 1100.291281][T10904] veth1_macvtap: entered promiscuous mode [ 1100.450176][T10904] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1100.501810][T10904] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1100.713583][ T196] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1100.781373][ T196] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1100.826495][ T196] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1100.896076][ T196] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1108.864385][ T30] audit: type=1326 audit(1755188556.732:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11184 comm="syz.9.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15ee78ebe9 code=0x7ffc0000 [ 1108.976849][ T30] audit: type=1326 audit(1755188556.782:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11184 comm="syz.9.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15ee78ebe9 code=0x7ffc0000 [ 1109.000312][ T30] audit: type=1326 audit(1755188556.832:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11184 comm="syz.9.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f15ee78ebe9 code=0x7ffc0000 [ 1109.023426][ T30] audit: type=1326 audit(1755188556.832:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11184 comm="syz.9.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15ee78ebe9 code=0x7ffc0000 [ 1109.400865][ T4084] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1109.410144][ T4084] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1109.829846][ T1861] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1109.838604][ T1861] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1111.446856][T11212] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=640 (1280 ns) > initial count (34 ns). Using initial count to start timer. [ 1117.977878][ T3768] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1117.986815][ T3768] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1118.296736][T11231] random: crng reseeded on system resumption [ 1119.053481][ T9576] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1119.068893][ T9576] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1120.286287][ T5870] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 1124.021397][T11251] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=640 (1280 ns) > initial count (34 ns). Using initial count to start timer. [ 1124.429220][ T5870] usb 10-1: unable to read config index 0 descriptor/all [ 1124.440816][ T5870] usb 10-1: can't read configurations, error -71 [ 1126.049388][T11269] sd 0:0:1:0: device reset [ 1127.986034][ T7838] Bluetooth: hci0: command 0x0406 tx timeout [ 1129.720290][T11279] input: syz1 as /devices/virtual/input/input8 [ 1135.701293][T11294] ===================================================== [ 1135.709008][T11294] BUG: KMSAN: kernel-infoleak-after-free in _copy_to_user+0xcc/0x120 [ 1135.717621][T11294] _copy_to_user+0xcc/0x120 [ 1135.722324][T11294] do_insn_ioctl+0x59c/0x6d0 [ 1135.727374][T11294] comedi_unlocked_ioctl+0xa5e/0x1f60 [ 1135.732951][T11294] __se_sys_ioctl+0x23c/0x400 [ 1135.738001][T11294] __x64_sys_ioctl+0x97/0xe0 [ 1135.742783][T11294] x64_sys_call+0x1cbc/0x3e20 [ 1135.747940][T11294] do_syscall_64+0xd9/0x210 [ 1135.762328][T11294] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1135.771544][T11294] [ 1135.773992][T11294] Uninit was created at: [ 1135.778662][T11294] kfree+0x252/0xec0 [ 1135.782758][T11294] skb_free_head+0x1b5/0x3a0 [ 1135.787789][T11294] skb_release_data+0x9f7/0xac0 [ 1135.792912][T11294] __kfree_skb+0x6b/0x260 [ 1135.797592][T11294] sk_skb_reason_drop+0x126/0x440 [ 1135.802818][T11294] mrp_rcv+0x2a6d/0x2b60 [ 1135.807887][T11294] __netif_receive_skb+0x474/0xac0 [ 1135.813287][T11294] process_backlog+0x485/0xa00 [ 1135.818504][T11294] __napi_poll+0xdd/0x8a0 [ 1135.823039][T11294] net_rx_action+0xa59/0x1ac0 [ 1135.828176][T11294] handle_softirqs+0x166/0x6e0 [ 1135.833149][T11294] run_ksoftirqd+0x29/0x50 [ 1135.837953][T11294] smpboot_thread_fn+0x56c/0xa30 [ 1135.843144][T11294] kthread+0xd59/0xf00 [ 1135.847631][T11294] ret_from_fork+0x1e3/0x310 [ 1135.862304][T11294] ret_from_fork_asm+0x1a/0x30 [ 1135.870411][T11294] [ 1135.872849][T11294] Bytes 4-1955 of 1956 are uninitialized [ 1135.878776][T11294] Memory access of size 1956 starts at ffff888020dbc800 [ 1135.886082][T11294] Data copied to user address 0000200000000080 [ 1135.892359][T11294] [ 1135.894832][T11294] CPU: 1 UID: 0 PID: 11294 Comm: syz.3.1389 Tainted: G W 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) [ 1135.910039][T11294] Tainted: [W]=WARN [ 1135.913963][T11294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1135.924436][T11294] ===================================================== [ 1135.931632][T11294] Disabling lock debugging due to kernel taint [ 1135.938417][T11294] Kernel panic - not syncing: kmsan.panic set ... [ 1135.944992][T11294] CPU: 1 UID: 0 PID: 11294 Comm: syz.3.1389 Tainted: G B W 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) [ 1135.958975][T11294] Tainted: [B]=BAD_PAGE, [W]=WARN [ 1135.964123][T11294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1135.974337][T11294] Call Trace: [ 1135.977741][T11294] [ 1135.980790][T11294] __dump_stack+0x26/0x30 [ 1135.985355][T11294] dump_stack_lvl+0x53/0x270 [ 1135.990182][T11294] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1135.996232][T11294] dump_stack+0x1e/0x25 [ 1136.000603][T11294] vpanic+0x361/0xc50 [ 1136.004833][T11294] panic+0x15d/0x160 [ 1136.009002][T11294] kmsan_report+0x31c/0x320 [ 1136.013725][T11294] ? kmsan_internal_check_memory+0x1e1/0x230 [ 1136.019911][T11294] ? kmsan_copy_to_user+0xf1/0x190 [ 1136.025224][T11294] ? _copy_to_user+0xcc/0x120 [ 1136.030094][T11294] ? do_insn_ioctl+0x59c/0x6d0 [ 1136.035060][T11294] ? comedi_unlocked_ioctl+0xa5e/0x1f60 [ 1136.040795][T11294] ? __se_sys_ioctl+0x23c/0x400 [ 1136.045843][T11294] ? __x64_sys_ioctl+0x97/0xe0 [ 1136.050801][T11294] ? x64_sys_call+0x1cbc/0x3e20 [ 1136.055895][T11294] ? do_syscall_64+0xd9/0x210 [ 1136.060816][T11294] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1136.067094][T11294] ? kmsan_get_metadata+0xfb/0x160 [ 1136.072464][T11294] ? kmsan_get_metadata+0xfb/0x160 [ 1136.077889][T11294] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1136.083917][T11294] ? kmsan_get_metadata+0xfb/0x160 [ 1136.089250][T11294] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1136.095304][T11294] ? subdev_8255_insn+0x526/0x690 [ 1136.100670][T11294] ? kmsan_get_metadata+0xfb/0x160 [ 1136.106012][T11294] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1136.112048][T11294] ? kmsan_get_metadata+0xfb/0x160 [ 1136.117380][T11294] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 1136.123439][T11294] kmsan_internal_check_memory+0x1e1/0x230 [ 1136.129522][T11294] kmsan_copy_to_user+0xf1/0x190 [ 1136.134672][T11294] _copy_to_user+0xcc/0x120 [ 1136.139746][T11294] do_insn_ioctl+0x59c/0x6d0 [ 1136.144557][T11294] comedi_unlocked_ioctl+0xa5e/0x1f60 [ 1136.150189][T11294] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 1136.156211][T11294] __se_sys_ioctl+0x23c/0x400 [ 1136.161112][T11294] __x64_sys_ioctl+0x97/0xe0 [ 1136.165917][T11294] x64_sys_call+0x1cbc/0x3e20 [ 1136.170854][T11294] do_syscall_64+0xd9/0x210 [ 1136.175602][T11294] ? irqentry_exit+0x16/0x60 [ 1136.180393][T11294] ? clear_bhb_loop+0x40/0x90 [ 1136.185271][T11294] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1136.191464][T11294] RIP: 0033:0x7fca0d58ebe9 [ 1136.196027][T11294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1136.215868][T11294] RSP: 002b:00007fca0e356038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1136.224499][T11294] RAX: ffffffffffffffda RBX: 00007fca0d7b5fa0 RCX: 00007fca0d58ebe9 [ 1136.232642][T11294] RDX: 0000200000000000 RSI: 000000008028640c RDI: 0000000000000003 [ 1136.240773][T11294] RBP: 00007fca0d611e19 R08: 0000000000000000 R09: 0000000000000000 [ 1136.248907][T11294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1136.257038][T11294] R13: 00007fca0d7b6038 R14: 00007fca0d7b5fa0 R15: 00007fffc9bdc3a8 [ 1136.265226][T11294] [ 1136.268755][T11294] Kernel Offset: disabled [ 1136.273176][T11294] Rebooting in 86400 seconds..