last executing test programs: 17m13.126079979s ago: executing program 2 (id=3): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000a80)={'syz0\x00', {0x5, 0x0, 0x0, 0x1000}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x200, 0x0, 0x0, 0x0, 0x6, 0xd127, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x8, 0x0, 0xfffffffc, 0xfffffffc, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x5, 0x0, 0x2000, 0x0, 0x0, 0x2ee19903, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x42ac, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0xe46, 0x0, 0xffffffff, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4], [0xfffffffe, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x400008, 0x0, 0x4, 0x0, 0x20, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffd, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x526d, 0x0, 0x0, 0x0, 0x335, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xfffffffd, 0x1000, 0x0, 0x0, 0x1, 0xfffffffd, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x956, 0x0, 0x1]}, 0x45c) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x8) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17m12.441286833s ago: executing program 2 (id=11): openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0xa, &(0x7f0000000280), 0x4) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x50, 0x10, 0x439, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x9801, 0x1303}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @sit={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_SPORT={0x6, 0x11, 0x4e21}, @IFLA_IPTUN_LOCAL={0x8, 0x2, @private=0xa010102}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @empty}, @IFLA_IPTUN_FLAGS={0x6, 0x8, 0x21}]}}}]}, 0x50}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x9}, 0x0) r7 = landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x18, 0x0) ioctl$FIDEDUPERANGE(r7, 0xc0189436, &(0x7f0000000100)=ANY=[@ANYBLOB="3a45fa4d91380990c10fb1010000000000000600"]) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000024c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000002c000000020a01020000000000000000010000000900010073797a30000000000900030073797a310000000038000000030a01040000000000000000010000010900030073797a32000000000c00024000000000000000010900010073797a30"], 0x7904}, 0x1, 0x0, 0x0, 0x4040}, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000380)={'bridge0\x00'}) 17m9.845612802s ago: executing program 2 (id=14): bpf$PROG_LOAD(0x5, 0x0, 0x0) close(0x3) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) socket$nl_generic(0x10, 0x3, 0x10) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="f78d9ca38fff48f3be52163448410000", 0x10}, {&(0x7f0000000540)="ebe3a0e9796cfd1647e299f4e376feba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x2, &(0x7f0000000380), 0x3b}], 0x1, 0x40001) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) sigaltstack(&(0x7f00000002c0)={&(0x7f0000000600)=""/248, 0x2, 0xf8}, &(0x7f0000000300)={&(0x7f0000000700)=""/237, 0x0, 0xed}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) 16m54.48010613s ago: executing program 32 (id=14): bpf$PROG_LOAD(0x5, 0x0, 0x0) close(0x3) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) socket$nl_generic(0x10, 0x3, 0x10) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="f78d9ca38fff48f3be52163448410000", 0x10}, {&(0x7f0000000540)="ebe3a0e9796cfd1647e299f4e376feba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x2, &(0x7f0000000380), 0x3b}], 0x1, 0x40001) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) sigaltstack(&(0x7f00000002c0)={&(0x7f0000000600)=""/248, 0x2, 0xf8}, &(0x7f0000000300)={&(0x7f0000000700)=""/237, 0x0, 0xed}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) 15m28.545531609s ago: executing program 1 (id=194): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r3, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000000000002}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x6, 0x0) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) ptrace$ARCH_SHSTK_ENABLE(0x1e, r4, 0x387081e94cfc6acd, 0x5001) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff030000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000008400050020010000000000000000000000000000000000002b00000000000000000000000000000000000000000500000000000002000700000000000000000000000000e00000020000000000000000000000004000000033"], 0x13c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20040880) socket(0x25, 0x1, 0x0) epoll_create1(0x0) sendmmsg$inet6(r2, &(0x7f0000000a80)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x4d7, @private2={0xfc, 0x2, '\x00', 0x1}, 0x3}, 0x1c, &(0x7f0000000900)=[{&(0x7f0000000400)="fc", 0x1}], 0x1}}], 0x1, 0x4c040) 15m27.062352946s ago: executing program 1 (id=195): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="71e67a15", 0x4) r1 = accept4$alg(r0, 0x0, 0x0, 0x80000) io_setup(0x42, &(0x7f0000000100)=0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, 0x0) io_submit(r2, 0x1, &(0x7f0000000580)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r1, &(0x7f0000000000)='e', 0x3f}]) sendmmsg$alg(r1, &(0x7f0000000980)=[{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000140)='=', 0x1}], 0x1}], 0x1, 0x0) 15m26.624456431s ago: executing program 1 (id=197): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000005480)=@delchain={0x198, 0x65, 0x300, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0xd}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0xd8}]}}, @TCA_RATE={0x6, 0x5, {0xb, 0x40}}, @filter_kind_options=@f_basic={{0xa}, {0x14c, 0x2, [@TCA_BASIC_ACT={0x148, 0x3, [@m_sample={0x90, 0x17, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x5}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x1ff}]}, {0x51, 0x6, "64a8416e1a2ad4f08a507ade2030959fbaf47dae3d8c5509c5f67bbd00abca8965993d237d8db6ee7a95acb45665d419103d3630ef3c99f3729bf251659b35ee457bb1f0377974ae753b08d9ac"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_connmark={0xb4, 0x5, 0x0, 0x0, {{0xd}, {0x4}, {0x81, 0x6, "6f3e464680b8dcb925d3c8416db18e2e0eecd7ba0f6003aaa71a565f40fa822f6bd63a4ca0ba27c7d18cbbdfbdb568fa69b75a5bdb35bbe794d9fbd87c7c443d003af1f22d796733e174a55728b309ff94c380276aa4c273687acbac759cf82dcb64f9e61b78c605fb9edbb86dd5ae3f174ba8489176ed907a788dd2e8"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x198}, 0x1, 0x0, 0x0, 0x40008c5}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 15m26.017118864s ago: executing program 1 (id=199): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140008000000000a000000"], 0x14}}, 0x40000) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000001080)={'vxcan0\x00'}) socket$inet_sctp(0x2, 0x5, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) fanotify_init(0x20, 0x80000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) socket$inet_mptcp(0x2, 0x1, 0x106) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x7b}, @printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7b}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x64, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) 15m24.107556968s ago: executing program 1 (id=204): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r3, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000000000002}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x6, 0x0) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) ptrace$ARCH_SHSTK_ENABLE(0x1e, r4, 0x387081e94cfc6acd, 0x5001) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff030000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000008400050020010000000000000000000000000000000000002b00000000000000000000000000000000000000000500000000000002000700000000000000000000000000e00000020000000000000000000000004000000033"], 0x13c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20040880) socket(0x25, 0x1, 0x0) epoll_create1(0x0) sendmmsg$inet6(r2, &(0x7f0000000a80)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x4d7, @private2={0xfc, 0x2, '\x00', 0x1}, 0x3}, 0x1c, &(0x7f0000000900)=[{&(0x7f0000000400)="fc", 0x1}], 0x1}}], 0x1, 0x4c040) 15m22.361158343s ago: executing program 1 (id=207): r0 = socket$l2tp6(0xa, 0x2, 0x73) bind$inet6(r0, 0x0, 0x0) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x18) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f00004b2000/0x400000)=nil) clock_gettime(0xc, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6(0xa, 0x3, 0x1) mount(0x0, &(0x7f00000000c0)='./cgroup\x00', 0x0, 0xc4, 0x0) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000100)='3', 0x1}], 0x1) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4c0202, 0x91) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000100)={"629b5e348c01922d8948955f1b2af74a", 0x0, 0x0, {0x2, 0x8}, {0x9, 0x1}, 0x80000001, [0x5, 0xbf7e2f, 0x1000, 0xdcdc, 0x3, 0x8000000000000001, 0x2, 0x1a84, 0x3, 0x100000001, 0x4, 0x7fffffffffffffff, 0x5, 0x9, 0xa, 0x8]}) ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f0000000240)={0x0, "7564d24a1a00000000000000a785cee9"}) r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0) ioctl$COMEDI_INSN(r3, 0x8028640c, 0x0) 15m6.590272807s ago: executing program 33 (id=207): r0 = socket$l2tp6(0xa, 0x2, 0x73) bind$inet6(r0, 0x0, 0x0) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x18) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f00004b2000/0x400000)=nil) clock_gettime(0xc, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6(0xa, 0x3, 0x1) mount(0x0, &(0x7f00000000c0)='./cgroup\x00', 0x0, 0xc4, 0x0) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000100)='3', 0x1}], 0x1) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4c0202, 0x91) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000100)={"629b5e348c01922d8948955f1b2af74a", 0x0, 0x0, {0x2, 0x8}, {0x9, 0x1}, 0x80000001, [0x5, 0xbf7e2f, 0x1000, 0xdcdc, 0x3, 0x8000000000000001, 0x2, 0x1a84, 0x3, 0x100000001, 0x4, 0x7fffffffffffffff, 0x5, 0x9, 0xa, 0x8]}) ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f0000000240)={0x0, "7564d24a1a00000000000000a785cee9"}) r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0) ioctl$COMEDI_INSN(r3, 0x8028640c, 0x0) 10m16.149258682s ago: executing program 3 (id=714): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket$unix(0x1, 0x1, 0x0) socket$kcm(0x11, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000008c0)={'bridge_slave_1\x00'}) syz_open_dev$tty1(0xc, 0x4, 0x1) keyctl$dh_compute(0x17, &(0x7f0000000000), &(0x7f0000000500)=""/4096, 0x1000, &(0x7f00000000c0)={0x0}) syz_emit_ethernet(0x71, 0x0, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f00000000c0)={0x84, @local, 0x4e20, 0x3, 'rr\x00', 0x30, 0x4, 0x68}, 0x2c) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @broadcast, 0x4e21, 0x3, 'fo\x00', 0x11, 0x3240, 0x3a}, {@loopback, 0x4e23, 0x4, 0xc3, 0x12d5c, 0x12d5c}}, 0x44) setsockopt$IP_VS_SO_SET_DELDEST(r1, 0x0, 0x488, &(0x7f0000000280)={{0x84, @empty, 0x4e20, 0x3, 'lblc\x00', 0x1d, 0x2, 0x2a}, {@loopback, 0x4e23, 0x10000, 0xc24, 0x9, 0xfffffffb}}, 0x44) 10m15.384356797s ago: executing program 3 (id=717): tgkill(0xffffffffffffffff, 0x0, 0x1e) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000001c0)='usrquota') chdir(&(0x7f0000000140)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_GETINFO(r0, 0xffffffff80000501, 0x0, &(0x7f00000002c0)) 10m15.109866828s ago: executing program 3 (id=719): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x80}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmmsg(r1, &(0x7f00000029c0), 0x400006d, 0x20000004) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @redirect={0x5, 0x0, 0x0, @rand_addr, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback, @remote}, '\x00\x00\x00\x00\x00\x00\x00\x00'}}}}}, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, 0x0, 0x100, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="0500000000000000000021"], 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 10m11.271213856s ago: executing program 3 (id=728): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket$unix(0x1, 0x1, 0x0) socket$kcm(0x11, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000008c0)={'bridge_slave_1\x00'}) syz_open_dev$tty1(0xc, 0x4, 0x1) keyctl$dh_compute(0x17, &(0x7f0000000000), &(0x7f0000000500)=""/4096, 0x1000, &(0x7f00000000c0)={0x0}) syz_emit_ethernet(0x71, 0x0, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f00000000c0)={0x84, @local, 0x4e20, 0x3, 'rr\x00', 0x30, 0x4, 0x68}, 0x2c) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @broadcast, 0x4e21, 0x3, 'fo\x00', 0x11, 0x3240, 0x3a}, {@loopback, 0x4e23, 0x4, 0xc3, 0x12d5c, 0x12d5c}}, 0x44) setsockopt$IP_VS_SO_SET_DELDEST(r1, 0x0, 0x488, &(0x7f0000000280)={{0x84, @empty, 0x4e20, 0x3, 'lblc\x00', 0x1d, 0x2, 0x2a}, {@loopback, 0x4e23, 0x10000, 0xc24, 0x9, 0xfffffffb}}, 0x44) 10m8.841297722s ago: executing program 3 (id=734): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xa43d, 0x80, 0x2, 0x3b9}, &(0x7f0000000000), &(0x7f0000000280)) 10m7.1250999s ago: executing program 3 (id=735): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_emit_ethernet(0x4e, &(0x7f00000000c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x5a}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@mptcp=@ack={0x1e, 0x4, 0x4}]}}}}}}}}, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xb, @empty, 0x2}, {0xa, 0x4e23, 0x7, @remote, 0x3}, 0xffffffffffffffff, 0x40000007}}, 0x48) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_QOS_MAP(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)=ANY=[], 0xc8}, 0x1, 0x0, 0x0, 0x4000000}, 0x42851) openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x202283, 0x0) sendmsg$GTP_CMD_ECHOREQ(r3, 0x0, 0x4041000) 10m6.648231905s ago: executing program 6 (id=736): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) 10m5.88795603s ago: executing program 6 (id=737): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r1, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000}) ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, &(0x7f0000000000)={0x28, 0x4, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0}) 10m5.599918495s ago: executing program 6 (id=739): r0 = fsopen(&(0x7f00000001c0)='tracefs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="940000000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff02000000040000000000000000000114000400000000f7000000000000ffffac1e00010800074000000001"], 0x94}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = fanotify_init(0xf00, 0x1000) readv(r5, 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0xac, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xac}}, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 10m3.604223651s ago: executing program 6 (id=742): fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r0 = fsmount(0xffffffffffffffff, 0x0, 0x0) fchdir(r0) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000040)="d8000000180081034e91f783db4cb9040a1d020006007409e8fc55a10a0015000400142603600e120800060000000401a8000800080002000000000004000461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb71b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad9e3bb9ad809d4e1cace81ed0bffece0b42a9ecbeeccd4e1ffffffffc1c9b6278754ca397c388b0dd6e4edef3d93000000000000004867edef090d", 0xd2}], 0x1}, 0x4000800) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x80000) sendmsg$kcm(r4, &(0x7f0000001880)={0x0, 0xf5, &(0x7f0000001600)=[{&(0x7f0000001a00)="e8a472", 0x3}, {&(0x7f00000000c0)="bcc9b1557de1fad1f955144629ed4dcf3c33679ea22502e3cff8923bf5d43921bc111a262f295a8eb540", 0x7fffeffd}, {&(0x7f0000001680)="094fb143daa9baa36aaa2cca06886c533118e056", 0x14}], 0x3}, 0x0) 10m2.216316248s ago: executing program 6 (id=747): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) socket$inet6_sctp(0xa, 0x1, 0x84) socket$key(0xf, 0x3, 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) syz_io_uring_setup(0x88f, &(0x7f0000000340)={0x0, 0x3cfa, 0x400, 0x2, 0x3b9}, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48240) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)=[0x7fffffff], 0x0, 0x1}) 10m0.702077464s ago: executing program 6 (id=750): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140008000000000a000000"], 0x14}}, 0x40000) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000001080)={'vxcan0\x00'}) socket$inet_sctp(0x2, 0x5, 0x84) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) fanotify_init(0x20, 0x80000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) socket$inet_mptcp(0x2, 0x1, 0x106) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x7b}, @printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7b}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x64, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) 9m51.842809546s ago: executing program 34 (id=735): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_emit_ethernet(0x4e, &(0x7f00000000c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x5a}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@mptcp=@ack={0x1e, 0x4, 0x4}]}}}}}}}}, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xb, @empty, 0x2}, {0xa, 0x4e23, 0x7, @remote, 0x3}, 0xffffffffffffffff, 0x40000007}}, 0x48) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_QOS_MAP(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)=ANY=[], 0xc8}, 0x1, 0x0, 0x0, 0x4000000}, 0x42851) openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x202283, 0x0) sendmsg$GTP_CMD_ECHOREQ(r3, 0x0, 0x4041000) 9m45.364032268s ago: executing program 35 (id=750): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140008000000000a000000"], 0x14}}, 0x40000) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000001080)={'vxcan0\x00'}) socket$inet_sctp(0x2, 0x5, 0x84) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) fanotify_init(0x20, 0x80000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) socket$inet_mptcp(0x2, 0x1, 0x106) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x7b}, @printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7b}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x64, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) 12.807306013s ago: executing program 0 (id=1653): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r0 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43) mknodat$loop(r0, &(0x7f00000002c0)='./file1\x00', 0x10, 0x0) chdir(0x0) linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0) rename(&(0x7f0000000140)='./file1\x00', &(0x7f0000000200)='./file0\x00') 12.654341406s ago: executing program 0 (id=1654): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x4600, 0x0) ioctl$BTRFS_IOC_GET_DEV_STATS(r2, 0xc4089434, &(0x7f0000000880)={0x0, 0x2, 0x1, [0x1, 0xeb5b, 0x6, 0x3, 0x100000000], [0x1, 0x3, 0x4, 0x2ca, 0x4, 0x200, 0x5, 0x5631, 0x7, 0x5, 0xfffffffffffffff7, 0xaf, 0x100000001, 0x7, 0x6e0, 0x86e, 0x2, 0x4, 0x1, 0x2, 0xfffffffffffffff7, 0x7c, 0x8, 0x4, 0x8, 0x157b84ad, 0x0, 0xa, 0x80000001, 0x9, 0x10001, 0xfffffffffffffff9, 0x5, 0x3, 0x1, 0x1, 0x1001, 0x1, 0x4, 0x3, 0x8, 0x7, 0xb, 0x3, 0x0, 0x9, 0x10000, 0x1000, 0x2, 0x8, 0x64, 0x280000000000, 0x2, 0x4, 0x7, 0xa, 0x3, 0x8, 0x2, 0x0, 0xa0000000000, 0xfffffffffffffff5, 0x7, 0x3, 0x176, 0x15f, 0x0, 0x5, 0x5, 0xfc72, 0x9, 0x7, 0x7, 0x2, 0x6, 0x81, 0x2, 0x4, 0x10000000100, 0x0, 0x9, 0x2ce1, 0x7f, 0x8, 0xeab5, 0xffffffffffffffff, 0xeffffffffffffffe, 0x6, 0x10001, 0x2b6, 0x1, 0x2e06ffea, 0x10001, 0xf2d5, 0xffffffffffffffff, 0x2b6b, 0x1, 0x4, 0x5ac, 0x7f95, 0x20000d13, 0x2c, 0x1ff, 0x1000, 0xd05, 0x1, 0x9e, 0x8000000000000000, 0x3, 0x0, 0x3, 0x5, 0xc, 0x6, 0x6281, 0x10, 0x7f, 0x7, 0x3, 0x3, 0x7]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = syz_open_dev$loop(&(0x7f0000000240), 0x6, 0x0) ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f0000000280)={0xffffffffffffffff, 0x0, {0x0, 0x0, 0x0, 0x32, 0x4000000000001001, 0x0, 0x0, 0x1c, 0xc, "faf98317e5a1149989fc8dbe53ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a8a0f3500000000000000000e00", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0x3, 0x6]}}) ioctl$SNDCTL_DSP_GETODELAY(0xffffffffffffffff, 0x80045017, 0x0) pipe2$9p(0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xdc}}, 0x0) prctl$PR_GET_TSC(0x43, 0x0) sendmsg$NFT_MSG_GETRULE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000190a0102"], 0x14}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000002d01000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newtaction={0x14, 0x30, 0xb, 0x80000, 0x40}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 11.241203906s ago: executing program 5 (id=1655): r0 = fsopen(&(0x7f0000000080)='ext3\x00', 0x0) socket$kcm(0x2, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x109980, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_XCRS(r1, 0x4188aea7, &(0x7f00000015c0)={0xb, 0x0, [{0x2, 0x0, 0x401}, {0x3, 0x0, 0xae}, {0x4}, {0x8, 0x0, 0x6}, {0x1, 0x0, 0x2c}, {0x4b2e, 0x0, 0x2}, {0xfffffffb, 0x0, 0x400000000000b0}, {0x80, 0x0, 0x6}, {0xc, 0x0, 0x3d}, {0x40, 0x0, 0x6}, {}, {0x3, 0x0, 0x5}, {0x7, 0x0, 0x1}, {0xfffffff9, 0x0, 0xfffffffffffff801}, {0x4, 0x0, 0x7}, {0x40, 0x0, 0x10f4}]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40820, 0x20}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0x3}]}, 0x3c}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_IO(r4, 0x2285, 0x0) getdents64(0xffffffffffffffff, &(0x7f0000002440)=""/181, 0xb5) write$sndseq(0xffffffffffffffff, &(0x7f00000005c0)=[{0x2, 0x7, 0x7f, 0x1, @time={0x40, 0xe69}, {0xe}, {0x7, 0x9}, @ext={0x0, 0x0}}, {0x0, 0x5, 0xff, 0x0, @tick=0x4, {0x1, 0x2}, {0x9, 0x81}, @connect={{0x62, 0x83}, {0x1, 0x40}}}], 0x38) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000280)='auto_da_alloc', &(0x7f00000000c0)='8\x00', 0x0) 10.573120614s ago: executing program 0 (id=1656): ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000880)={0x0, 0x2, 0x1, [0x1, 0xeb5b, 0x6, 0x2, 0x100000000], [0x1, 0x1, 0x6, 0x2ca, 0x4, 0x200, 0x5, 0x5631, 0x7, 0x5, 0xfffffffffffffff7, 0xaf, 0x100000001, 0x7, 0x6e0, 0x86e, 0x2, 0x4, 0x1, 0xfffffffffffffffe, 0xfffffffffffffff7, 0x7c, 0x8, 0x2ad6, 0x8, 0x1, 0x0, 0xa, 0x80000001, 0xd, 0x10001, 0xd, 0x5, 0x1, 0x1, 0x1, 0x1, 0xffffffffffffffff, 0x4, 0x7, 0x8, 0x7, 0xb, 0x3, 0x0, 0x9, 0x10001, 0x1000, 0x2, 0x200000008, 0x64, 0x280000000000, 0x2, 0x4, 0x7, 0xa, 0x3, 0x8, 0x2, 0x0, 0xa0000000000, 0xfffffffffffffff5, 0x7, 0x3, 0x176, 0x15f, 0x0, 0x5, 0x4, 0xfc72, 0x9, 0x2000000010, 0x7, 0x2, 0x6, 0x81, 0x2, 0x1, 0x10000000100, 0x0, 0x9, 0x2ce1, 0x7f, 0x8, 0xeab5, 0xffffffffffffffff, 0xf000000000000000, 0x6, 0x10001, 0x2b6, 0x1, 0x2e06ffea, 0x10001, 0xf2d5, 0xffffffffffffffff, 0x2b6b, 0x1, 0x4, 0x5ac, 0x7f95, 0xd13, 0x2c, 0x1ff, 0x1000, 0xd05, 0x1, 0x9e, 0x8000000000000000, 0x3, 0x0, 0x3, 0x5, 0xc, 0x6, 0x6281, 0x10, 0x7f, 0x7, 0x3, 0x3, 0x7]}) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mdstat\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(r0, &(0x7f0000000000)=""/42, 0x2a) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000240)={0x101, 0x8, {}, {0xffffffffffffffff}, 0x9, 0x7}) ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000280)={0x8a0, 0x6, {}, {r3}, 0x8, 0x6}) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) r4 = syz_open_dev$sg(&(0x7f0000000140), 0x6f5e, 0x0) capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x86, 0xffffffff, 0x2}) ioctl$FIBMAP(r4, 0x1, &(0x7f0000000040)=0x85) getdents(0xffffffffffffffff, &(0x7f0000000500)=""/198, 0xc6) mknodat$loop(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x4, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, 0x0) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r5, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r6, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r5, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r7, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b}) ioctl$SNDCTL_TMR_TEMPO(0xffffffffffffffff, 0xc0045405, &(0x7f0000000040)=0xef) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x5, 0xfffffffffffffffd, 0x8001, 0x0, 0x1000001000, 0x45}, 0x0, &(0x7f0000000080)={0x3ff, 0x4, 0x100000, 0x9, 0x0, 0x10, 0x80000002}, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 8.493612338s ago: executing program 5 (id=1659): r0 = fsopen(&(0x7f00000001c0)='tracefs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="940000000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff02000000040000000000000000000114000400000000f7000000000000ffffac1e00010800074000000001"], 0x94}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r5 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) r6 = fanotify_init(0xf00, 0x1000) fanotify_mark(r6, 0x105, 0x5000003a, r5, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x42, 0x0) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) readv(r6, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 8.419824337s ago: executing program 0 (id=1660): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000480)}) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x10000, 0x8, 0x2, 0x6, 0x1, 0x7f, 0x2}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000740)={&(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000700), 0x4}) 6.515261311s ago: executing program 5 (id=1661): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f0000002280)='./file1\x00', 0x400, 0x10) write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x1030002}}, 0x50) read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r2}, 0x10) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup3(r3, r0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x141042, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x11, r4, 0x0) 6.310901798s ago: executing program 0 (id=1662): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r0 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43) mknodat$loop(r0, &(0x7f00000002c0)='./file1\x00', 0x10, 0x0) chdir(0x0) linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0) rename(&(0x7f0000000140)='./file1\x00', &(0x7f0000000200)='./file0\x00') 6.154665006s ago: executing program 0 (id=1664): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd24, 0x2, {0x0, 0x0, 0x0, r2, {0x0, 0x2400}, {}, {0xfff2, 0x4}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4080}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = epoll_create1(0x80000) io_setup(0xdda, &(0x7f00000000c0)=0x0) r9 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$getregset(0x4204, r9, 0x200, &(0x7f0000000740)={0x0}) io_submit(r8, 0x1, &(0x7f0000000040)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x5, 0x2, r7, 0x0, 0x0, 0x0, 0x0, 0x2}]) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$FS_IOC_RESVSP(r6, 0x40305828, &(0x7f0000000000)={0x0, 0x4, 0xe6, 0x3}) r10 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000070500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r10], 0x4c}}, 0x40000) sendmmsg(r10, &(0x7f0000000000), 0x4000000000001f2, 0xfc) r11 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000001580)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0) read(r11, 0x0, 0x0) 6.136607666s ago: executing program 5 (id=1665): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYRES64], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x10}, 0x94) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c) socket$packet(0x11, 0xa, 0x300) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) socket(0x10, 0x803, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) r2 = syz_open_dev$dvb_frontend(0x0, 0x0, 0x141000) ioctl$FE_GET_PROPERTY(r2, 0x80106f53, 0x0) r3 = socket$rds(0x15, 0x5, 0x0) bind$rds(r3, &(0x7f0000000040)={0x2, 0x4e22, @loopback}, 0x10) sendmsg$rds(r3, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, 0x0, 0x0, &(0x7f0000001180)}, 0x0) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) syz_emit_ethernet(0xbe, &(0x7f0000000080)=ANY=[@ANYBLOB="2c1ffae7b9cc8d8ce93725f4161a589f6f31d83a625645807d8dd6498b836bec3b53bbf487653a42c2c4b11785"], 0x0) r4 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r5 = openat$mice(0xffffffffffffff9c, &(0x7f0000001400), 0x101) r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1c0102, 0x0) write$vga_arbiter(r6, &(0x7f0000000280)=ANY=[@ANYBLOB='lock io+me'], 0xc) write$vga_arbiter(r5, &(0x7f00000002c0)=ANY=[@ANYRES16=r6, @ANYBLOB="025409c3ac14d408ebf35d3b97c5799ccc021fd220019fb74b9eaff375f9640d988184aa507921339cd69fb7c86b962394e1c0d7c5e6a0761bdbbeb11addb1eb104778144f81991ed04283447fffcdb2b0fb148a589881e4", @ANYRESOCT, @ANYRES32=r6, @ANYRESOCT=r4], 0xd) 4.991174548s ago: executing program 4 (id=1666): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$dma_heap(0xffffffffffffff9c, 0x0, 0x141000, 0x0) memfd_secret(0x80000) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file2\x00', 0x1000, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, &(0x7f0000000340)={0x2000}, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) connect$inet6(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000000), 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x2, 0x2) ioctl$vim2m_VIDIOC_TRY_FMT(r3, 0xc0d05640, &(0x7f00000000c0)={0x2, @sliced={0x2, [0x6312, 0x6, 0x5, 0x3, 0x9, 0x6, 0x6, 0x6, 0xa, 0x0, 0x9, 0x44d, 0xffff, 0x954, 0x580, 0x5, 0x5, 0x800, 0x3, 0x3d, 0x4, 0xd1cc, 0x0, 0x5, 0xd, 0x2, 0x2c, 0x4, 0x40, 0xff, 0x3, 0x8, 0x4, 0xb, 0x3, 0x5, 0xa, 0x10, 0x9, 0x9, 0x67c, 0x1, 0xf9, 0x0, 0x76c, 0x1, 0x2b51, 0x2], 0x2}}) 3.499950314s ago: executing program 4 (id=1667): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbefb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000700)=@abs={0x0, 0x0, 0x10000}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) fsetxattr$system_posix_acl(r3, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="020000000100010000000000040806000000000010000600000000002000000000000000"], 0x24, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = syz_io_uring_setup(0x10f, &(0x7f0000000380)={0x0, 0x46eb, 0x400, 0xffffdffe, 0x32e}, &(0x7f0000000140)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, r4, 0x22, &(0x7f00000000c0)=@un=@file={0x1, './file0\x00'}, 0x0, 0x0, 0x1}) sendmsg$RDMA_NLDEV_CMD_SET(r3, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x98a51ef0240571bd}, 0xc, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x40040}, 0x20004001) io_uring_enter(r5, 0x3516, 0x67f, 0x64, 0x0, 0x0) 2.318730984s ago: executing program 4 (id=1668): write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, 0x0, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, 0x0, 0x0) getpid() ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$VFAT_IOCTL_READDIR_BOTH(0xffffffffffffffff, 0x890c, 0x0) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000020601080000000000000000000000080c00078008000640200000000500010006000000050005000a00000005000400000000000900020073797a31000000000c000300686173683a6970"], 0x50}, 0x1, 0x0, 0x0, 0x4010}, 0x20040000) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c0007801800018014000240"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) 2.136962611s ago: executing program 5 (id=1669): openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x48, 0x10, 0x439, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x9801, 0x1303}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @sit={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_SPORT={0x6, 0x11, 0x4e21}, @IFLA_IPTUN_LOCAL={0x8, 0x2, @private=0xa010102}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @empty}]}}}]}, 0x48}}, 0x0) socket$netlink(0x10, 0x3, 0x0) r5 = landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x18, 0x0) ioctl$FIDEDUPERANGE(r5, 0xc0189436, &(0x7f0000000100)=ANY=[@ANYBLOB="3a45fa4d91380990c10fb1010000000000000600"]) 2.069313259s ago: executing program 4 (id=1670): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mkdir(0x0, 0x0) write$nci(0xffffffffffffffff, 0x0, 0x20) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x5, 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x33e, 0x0, 0x0, 0x0, 0x4db, 0x8, 0x2, {0x4, 0x40}, {0x9, 0x1, 0xfffffffd}, {0x1}, {0x3, 0x0, 0xffffffff}, 0x0, 0x100, 0x10000040, 0x3, 0x0, 0x1, 0x0, 0xfffffc40, 0x2, 0x400, 0x100000, 0x10004, 0x21, 0x4, 0x0, 0x7}) 427.086717ms ago: executing program 4 (id=1671): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c) socket$packet(0x11, 0xa, 0x300) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) socket(0x10, 0x803, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) ioctl$FE_GET_PROPERTY(0xffffffffffffffff, 0x80106f53, 0x0) socket$rds(0x15, 0x5, 0x0) setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) syz_emit_ethernet(0xbe, &(0x7f0000000080)=ANY=[@ANYBLOB="2c1ffae7b9cc8d8ce93725f4161a589f6f31d83a625645807d8dd6498b836bec3b53bbf487653a42c2c4b11785"], 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000001400), 0x101) epoll_create(0xff9) write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB='lock io+me'], 0xc) write$vga_arbiter(r2, &(0x7f00000002c0)=ANY=[@ANYRES16, @ANYBLOB="025409c3ac14d408ebf35d3b97c5799ccc021fd220019fb74b9eaff375f9640d988184aa507921339cd69fb7c86b962394e1c0d7c5e6a0761bdbbeb11addb1eb104778144f81991ed04283447fffcdb2b0fb148a589881e4", @ANYRESOCT, @ANYRES32, @ANYRESOCT=r1], 0xd) 262.95908ms ago: executing program 5 (id=1672): r0 = fsopen(&(0x7f0000000000)='exfat\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000001100)='iocharset', &(0x7f0000001140)='\xe0^@&&}\'\x00', 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet(0x2, 0x1, 0x100) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', 0x0, 0x0) r5 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) tkill(r5, 0xb) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3}) ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(0xffffffffffffffff, 0xf504, 0x0) close(0x3) socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0xa}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x201, 0x0, 0x0, {0xa}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x4}}], {0x14}}, 0xa4}}, 0x0) 0s ago: executing program 4 (id=1673): r0 = fsopen(&(0x7f00000001c0)='tracefs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="940000000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff02000000040000000000000000000114000400000000f7000000000000ffffac1e00010800074000000001"], 0x94}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r5 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) r6 = fanotify_init(0xf00, 0x1000) fanotify_mark(r6, 0x105, 0x5000003a, r5, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x42, 0x0) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) readv(r6, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x14, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): he transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 660.266289][ T9416] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 660.338177][ T9416] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 660.338191][ T9416] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 660.338212][ T9416] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 660.542453][ T9601] fuse: Bad value for 'fd' [ 661.528264][ T9416] hsr_slave_0: entered promiscuous mode [ 661.531103][ T9416] hsr_slave_1: entered promiscuous mode [ 661.550326][ T9416] debugfs: 'hsr0' already exists in 'hsr' [ 661.550357][ T9416] Cannot create hsr debugfs directory [ 662.236167][ T37] audit: type=1326 audit(1772277609.474:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9617 comm="syz.5.907" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1479e2c799 code=0x0 [ 662.324361][ T362] bridge_slave_1: left allmulticast mode [ 662.324391][ T362] bridge_slave_1: left promiscuous mode [ 662.324646][ T362] bridge0: port 2(bridge_slave_1) entered disabled state [ 662.389604][ T362] bridge_slave_0: left allmulticast mode [ 662.389633][ T362] bridge_slave_0: left promiscuous mode [ 662.389881][ T362] bridge0: port 1(bridge_slave_0) entered disabled state [ 662.479112][ T362] bridge_slave_1: left allmulticast mode [ 662.479141][ T362] bridge_slave_1: left promiscuous mode [ 662.479384][ T362] bridge0: port 2(bridge_slave_1) entered disabled state [ 662.556313][ T362] bridge_slave_0: left allmulticast mode [ 662.556336][ T362] bridge_slave_0: left promiscuous mode [ 662.556552][ T362] bridge0: port 1(bridge_slave_0) entered disabled state [ 662.635815][ T809] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 662.785098][ T809] usb 5-1: Using ep0 maxpacket: 16 [ 662.801312][ T809] usb 5-1: New USB device found, idVendor=041e, idProduct=4018, bcdDevice=ed.b4 [ 662.801335][ T809] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 662.801350][ T809] usb 5-1: Product: syz [ 662.801360][ T809] usb 5-1: Manufacturer: syz [ 662.801371][ T809] usb 5-1: SerialNumber: syz [ 662.839079][ T809] usb 5-1: config 0 descriptor?? [ 662.854834][ T809] gspca_main: spca508-2.14.0 probing 041e:4018 [ 662.938273][ T362] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 663.049525][ T809] gspca_spca508: reg_read err -32 [ 663.124294][ T362] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 663.177071][ T809] gspca_spca508: reg_read err -71 [ 663.182114][ T809] gspca_spca508: reg_read err -71 [ 663.182528][ T809] gspca_spca508: reg_read err -71 [ 663.182947][ T809] gspca_spca508: reg_read err -71 [ 663.183337][ T809] gspca_spca508: reg write: error -71 [ 663.183436][ T809] spca508 5-1:0.0: probe with driver spca508 failed with error -71 [ 663.240946][ T809] usb 5-1: USB disconnect, device number 17 [ 663.347342][ T9631] program syz.5.910 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 663.447314][ T362] bond0 (unregistering): Released all slaves [ 664.397635][ T362] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 666.919752][ T362] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 667.100383][ T362] bond0 (unregistering): Released all slaves [ 669.585244][ T362] hsr_slave_0: left promiscuous mode [ 669.652720][ T362] hsr_slave_1: left promiscuous mode [ 669.653705][ T362] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 669.699839][ T9657] netlink: 40 bytes leftover after parsing attributes in process `syz.5.918'. [ 669.703420][ T362] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 669.929749][ T362] hsr_slave_0: left promiscuous mode [ 669.965388][ T362] hsr_slave_1: left promiscuous mode [ 669.967430][ T362] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 670.021629][ T362] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 670.201853][ T37] audit: type=1326 audit(1772277617.434:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9662 comm="syz.5.921" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1479e2c799 code=0x0 [ 670.585934][ T362] team0 (unregistering): Port device team_slave_1 removed [ 670.636065][ T362] team0 (unregistering): Port device team_slave_0 removed [ 671.316596][ T362] team0 (unregistering): Port device team_slave_1 removed [ 671.376148][ T362] team0 (unregistering): Port device team_slave_0 removed [ 672.166431][ T9361] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 673.731473][ T37] audit: type=1326 audit(1772277620.964:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9689 comm="syz.0.931" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0b0ec3c799 code=0x0 [ 673.811530][ T9063] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 674.032320][ T9063] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 674.055303][ T9063] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 674.057135][ T9063] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 674.059908][ T9063] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 674.116760][ T9701] netlink: 132 bytes leftover after parsing attributes in process `syz.5.932'. [ 677.255258][ T9063] Bluetooth: hci0: command tx timeout [ 678.312760][ T9693] chnl_net:caif_netlink_parms(): no params data found [ 679.296414][ T9063] Bluetooth: hci0: command tx timeout [ 680.150581][ T9693] bridge0: port 1(bridge_slave_0) entered blocking state [ 680.151339][ T9693] bridge0: port 1(bridge_slave_0) entered disabled state [ 680.151611][ T9693] bridge_slave_0: entered allmulticast mode [ 680.197913][ T9693] bridge_slave_0: entered promiscuous mode [ 680.235264][ T9693] bridge0: port 2(bridge_slave_1) entered blocking state [ 680.235400][ T9693] bridge0: port 2(bridge_slave_1) entered disabled state [ 680.235770][ T9693] bridge_slave_1: entered allmulticast mode [ 680.287088][ T9693] bridge_slave_1: entered promiscuous mode [ 680.323096][ T61] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 680.345371][ T61] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 680.351356][ T61] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 680.352583][ T61] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 680.356212][ T61] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 680.588707][ T9693] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 680.652278][ T9693] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 680.947648][ T9693] team0: Port device team_slave_0 added [ 681.227766][ T9693] team0: Port device team_slave_1 added [ 681.484429][ T9063] Bluetooth: hci0: command tx timeout [ 682.496544][ T9063] Bluetooth: hci1: command tx timeout [ 682.656100][ T9580] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 682.715173][ T809] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 682.918241][ T9580] usb 5-1: Using ep0 maxpacket: 16 [ 682.921152][ T9580] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 682.921178][ T9580] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 682.923860][ T9580] usb 5-1: New USB device found, idVendor=046d, idProduct=0900, bcdDevice=fa.5a [ 682.923881][ T9580] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 682.923895][ T9580] usb 5-1: Product: syz [ 682.923906][ T9580] usb 5-1: Manufacturer: syz [ 682.923917][ T9580] usb 5-1: SerialNumber: syz [ 682.950993][ T9693] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 682.951011][ T9693] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 682.951039][ T9693] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 682.958254][ T9580] usb 5-1: config 0 descriptor?? [ 683.151074][ T809] usb 6-1: Using ep0 maxpacket: 16 [ 683.308297][ T809] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 683.308359][ T809] usb 6-1: New USB device found, idVendor=06a3, idProduct=0ccd, bcdDevice= 0.00 [ 683.308385][ T809] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 683.545205][ T9063] Bluetooth: hci0: command tx timeout [ 683.574793][ T9580] usb 5-1: USB disconnect, device number 18 [ 683.720491][ T809] usb 6-1: config 0 descriptor?? [ 683.740905][ T9693] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 683.740924][ T9693] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 683.740961][ T9693] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 683.750565][ T809] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 685.149414][ T9798] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 685.314388][ T9063] Bluetooth: hci1: command tx timeout [ 685.521361][ T6173] usb 6-1: USB disconnect, device number 9 [ 685.885786][ T9804] overlay: filesystem on ./file0 not supported as upperdir [ 685.912188][ T9693] hsr_slave_0: entered promiscuous mode [ 685.913173][ T9693] hsr_slave_1: entered promiscuous mode [ 685.913929][ T9693] debugfs: 'hsr0' already exists in 'hsr' [ 685.913948][ T9693] Cannot create hsr debugfs directory [ 686.021991][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.022074][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 688.195434][ T9063] Bluetooth: hci1: command tx timeout [ 690.022347][ T9757] chnl_net:caif_netlink_parms(): no params data found [ 690.271969][ T9063] Bluetooth: hci1: command tx timeout [ 692.147919][ T9842] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 692.729499][ T362] bridge_slave_1: left allmulticast mode [ 692.729530][ T362] bridge_slave_1: left promiscuous mode [ 692.729787][ T362] bridge0: port 2(bridge_slave_1) entered disabled state [ 692.852485][ T362] bridge_slave_0: left allmulticast mode [ 692.852516][ T362] bridge_slave_0: left promiscuous mode [ 692.852798][ T362] bridge0: port 1(bridge_slave_0) entered disabled state [ 694.466471][ T362] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 694.610407][ T362] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 694.693776][ T362] bond0 (unregistering): Released all slaves [ 695.047516][ T9757] bridge0: port 1(bridge_slave_0) entered blocking state [ 695.048805][ T9757] bridge0: port 1(bridge_slave_0) entered disabled state [ 695.057862][ T9757] bridge_slave_0: entered allmulticast mode [ 695.165922][ T9757] bridge_slave_0: entered promiscuous mode [ 695.475461][ T9757] bridge0: port 2(bridge_slave_1) entered blocking state [ 695.475606][ T9757] bridge0: port 2(bridge_slave_1) entered disabled state [ 695.475857][ T9757] bridge_slave_1: entered allmulticast mode [ 695.479097][ T9757] bridge_slave_1: entered promiscuous mode [ 695.898831][ T362] hsr_slave_0: left promiscuous mode [ 695.935184][ T362] hsr_slave_1: left promiscuous mode [ 695.937259][ T362] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 696.903357][ T362] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 697.215212][ T9580] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 697.365154][ T9580] usb 1-1: Using ep0 maxpacket: 16 [ 697.367231][ T9580] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 697.367287][ T9580] usb 1-1: New USB device found, idVendor=06a3, idProduct=0ccd, bcdDevice= 0.00 [ 697.367316][ T9580] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 697.374710][ T9580] usb 1-1: config 0 descriptor?? [ 697.426336][ T362] team0 (unregistering): Port device team_slave_1 removed [ 697.457737][ T9580] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 697.587499][ T362] team0 (unregistering): Port device team_slave_0 removed [ 697.743687][ T9876] program syz.5.968 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 700.067574][ T9757] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 700.309532][ T9757] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 700.948484][ T9757] team0: Port device team_slave_0 added [ 700.972367][ T9757] team0: Port device team_slave_1 added [ 701.612180][ T9757] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 701.612198][ T9757] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 701.612228][ T9757] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 701.814755][ T9757] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 701.814776][ T9757] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 701.814806][ T9757] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 702.343329][ T9757] hsr_slave_0: entered promiscuous mode [ 702.344353][ T9757] hsr_slave_1: entered promiscuous mode [ 702.937909][ T36] usb 1-1: USB disconnect, device number 19 [ 704.226075][ T9920] program syz.5.977 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 704.458171][ T9693] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 705.019536][ T9693] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 705.106314][ T9693] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 705.975349][ T9693] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 708.839344][ T9958] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 708.970953][ T362] bridge_slave_1: left allmulticast mode [ 708.970976][ T362] bridge_slave_1: left promiscuous mode [ 708.971169][ T362] bridge0: port 2(bridge_slave_1) entered disabled state [ 709.046843][ T362] bridge_slave_0: left allmulticast mode [ 709.046874][ T362] bridge_slave_0: left promiscuous mode [ 709.047147][ T362] bridge0: port 1(bridge_slave_0) entered disabled state [ 711.271309][ T362] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 711.427319][ T362] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 711.517997][ T362] bond0 (unregistering): Released all slaves [ 712.049867][ T9986] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 713.188777][ T9693] 8021q: adding VLAN 0 to HW filter on device bond0 [ 713.325286][ T362] hsr_slave_0: left promiscuous mode [ 713.365197][ T362] hsr_slave_1: left promiscuous mode [ 713.366435][ T362] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 713.416138][ T362] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 715.775651][ T362] team0 (unregistering): Port device team_slave_1 removed [ 715.839154][ T362] team0 (unregistering): Port device team_slave_0 removed [ 718.401780][ T9693] 8021q: adding VLAN 0 to HW filter on device team0 [ 718.469621][ T1435] bridge0: port 1(bridge_slave_0) entered blocking state [ 718.469895][ T1435] bridge0: port 1(bridge_slave_0) entered forwarding state [ 718.538925][ T1346] bridge0: port 2(bridge_slave_1) entered blocking state [ 718.539069][ T1346] bridge0: port 2(bridge_slave_1) entered forwarding state [ 719.165123][ T9757] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 719.232372][ T9757] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 719.338262][ T9757] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 719.362072][T10054] fuse: Bad value for 'rootmode' [ 719.434758][ T9757] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 723.323916][ T9693] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 723.657282][ T9757] 8021q: adding VLAN 0 to HW filter on device bond0 [ 725.931562][T10100] program syz.0.1007 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 726.446517][ T9757] 8021q: adding VLAN 0 to HW filter on device team0 [ 726.586408][ T1435] bridge0: port 1(bridge_slave_0) entered blocking state [ 726.586500][ T1435] bridge0: port 1(bridge_slave_0) entered forwarding state [ 726.759339][ T1435] bridge0: port 2(bridge_slave_1) entered blocking state [ 726.759467][ T1435] bridge0: port 2(bridge_slave_1) entered forwarding state [ 729.645244][ T9693] veth0_vlan: entered promiscuous mode [ 729.698962][ T9693] veth1_vlan: entered promiscuous mode [ 729.890157][ T9693] veth0_macvtap: entered promiscuous mode [ 729.933303][ T9693] veth1_macvtap: entered promiscuous mode [ 730.255793][ T9693] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 730.651629][ T9693] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 730.815392][ T139] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 730.883411][ T139] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 730.954550][ T139] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 730.976186][ T139] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 732.750546][T10153] program syz.4.1018 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 732.942477][ T139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 732.942502][ T139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 733.268279][ T9757] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 734.516465][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 734.516488][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 734.963389][T10171] program syz.4.1020 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 735.987603][ T61] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 735.993901][ T61] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 736.027310][ T61] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 736.044427][ T61] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 736.052619][ T61] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 737.266843][T10197] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 738.206743][T10205] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 738.263998][ T9063] Bluetooth: hci4: command tx timeout [ 739.225863][T10212] program syz.4.1029 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 739.713521][ T61] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 739.733573][ T61] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 739.734847][ T61] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 739.753532][ T61] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 739.754729][ T61] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 740.058414][ T9329] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 740.448796][ T61] Bluetooth: hci4: command tx timeout [ 741.082727][ T9329] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 741.235778][T10232] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1034'. [ 741.855640][ T61] Bluetooth: hci0: command tx timeout [ 741.965116][ T6173] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 742.120183][ T6173] usb 6-1: Using ep0 maxpacket: 16 [ 742.290878][ T6173] usb 6-1: New USB device found, idVendor=041e, idProduct=4018, bcdDevice=ed.b4 [ 742.290912][ T6173] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 742.290933][ T6173] usb 6-1: Product: syz [ 742.290949][ T6173] usb 6-1: Manufacturer: syz [ 742.290964][ T6173] usb 6-1: SerialNumber: syz [ 742.345698][ T6173] usb 6-1: config 0 descriptor?? [ 742.411787][ T6173] gspca_main: spca508-2.14.0 probing 041e:4018 [ 742.495002][ T61] Bluetooth: hci4: command tx timeout [ 742.550577][T10258] program syz.4.1039 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 742.849766][ T6173] gspca_spca508: reg_read err -71 [ 742.856237][ T6173] gspca_spca508: reg_read err -71 [ 743.127863][ T6173] gspca_spca508: reg_read err -71 [ 743.128343][ T6173] gspca_spca508: reg_read err -71 [ 743.135189][ T6173] gspca_spca508: reg write: error -71 [ 743.135285][ T6173] spca508 6-1:0.0: probe with driver spca508 failed with error -71 [ 743.154274][ T6173] usb 6-1: USB disconnect, device number 10 [ 743.200447][ T9329] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 743.477522][T10269] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1041'. [ 743.670420][ T9329] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 743.941391][ T61] Bluetooth: hci0: command tx timeout [ 743.958671][T10179] chnl_net:caif_netlink_parms(): no params data found [ 744.674687][ T61] Bluetooth: hci4: command tx timeout [ 744.776090][T10179] bridge0: port 1(bridge_slave_0) entered blocking state [ 744.776179][T10179] bridge0: port 1(bridge_slave_0) entered disabled state [ 744.776373][T10179] bridge_slave_0: entered allmulticast mode [ 744.811256][T10179] bridge_slave_0: entered promiscuous mode [ 744.890222][T10179] bridge0: port 2(bridge_slave_1) entered blocking state [ 744.890357][T10179] bridge0: port 2(bridge_slave_1) entered disabled state [ 744.890599][T10179] bridge_slave_1: entered allmulticast mode [ 744.926676][T10287] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1045'. [ 744.952365][T10179] bridge_slave_1: entered promiscuous mode [ 745.497748][T10179] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 745.756984][T10179] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 746.015113][ T61] Bluetooth: hci0: command tx timeout [ 746.908151][T10179] team0: Port device team_slave_0 added [ 746.926986][T10179] team0: Port device team_slave_1 added [ 746.996421][ T9329] bridge_slave_1: left allmulticast mode [ 746.996443][ T9329] bridge_slave_1: left promiscuous mode [ 746.996634][ T9329] bridge0: port 2(bridge_slave_1) entered disabled state [ 747.107988][ T9329] bridge_slave_0: left allmulticast mode [ 747.108018][ T9329] bridge_slave_0: left promiscuous mode [ 747.108277][ T9329] bridge0: port 1(bridge_slave_0) entered disabled state [ 747.215107][ T809] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 747.365281][ T809] usb 5-1: Using ep0 maxpacket: 16 [ 747.370611][ T809] usb 5-1: New USB device found, idVendor=041e, idProduct=4018, bcdDevice=ed.b4 [ 747.370652][ T809] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 747.370667][ T809] usb 5-1: Product: syz [ 747.370678][ T809] usb 5-1: Manufacturer: syz [ 747.370688][ T809] usb 5-1: SerialNumber: syz [ 747.384427][ T809] usb 5-1: config 0 descriptor?? [ 747.430000][ T809] gspca_main: spca508-2.14.0 probing 041e:4018 [ 747.460576][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.460670][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.959937][ T809] gspca_spca508: reg_read err -71 [ 747.961329][ T809] gspca_spca508: reg_read err -71 [ 747.962641][ T809] gspca_spca508: reg_read err -71 [ 747.963064][ T809] gspca_spca508: reg_read err -71 [ 747.963474][ T809] gspca_spca508: reg write: error -71 [ 747.963563][ T809] spca508 5-1:0.0: probe with driver spca508 failed with error -71 [ 747.995364][ T809] usb 5-1: USB disconnect, device number 19 [ 748.095560][ T61] Bluetooth: hci0: command tx timeout [ 748.152844][ T9329] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 748.225849][ T9329] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 748.247881][ T9329] bond0 (unregistering): Released all slaves [ 748.349241][T10179] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 748.349255][T10179] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 748.349275][T10179] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 748.473755][T10217] chnl_net:caif_netlink_parms(): no params data found [ 748.525967][T10179] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 748.525993][T10179] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 748.526023][T10179] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 749.277743][ T809] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 749.439198][ T809] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 749.439233][ T809] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 749.439255][ T809] usb 5-1: Product: syz [ 749.439271][ T809] usb 5-1: Manufacturer: syz [ 749.439286][ T809] usb 5-1: SerialNumber: syz [ 749.522823][ T809] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 749.553768][ T36] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 749.782129][ T2112] usb 5-1: USB disconnect, device number 20 [ 750.260122][T10329] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1057'. [ 750.656031][ T36] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 750.656223][ T36] ath9k_htc: Failed to initialize the device [ 750.658877][ T2112] usb 5-1: ath9k_htc: USB layer deinitialized [ 751.638945][T10179] hsr_slave_0: entered promiscuous mode [ 751.640846][T10179] hsr_slave_1: entered promiscuous mode [ 751.641996][T10179] debugfs: 'hsr0' already exists in 'hsr' [ 751.642022][T10179] Cannot create hsr debugfs directory [ 752.105326][ T9329] hsr_slave_0: left promiscuous mode [ 752.150768][ T9329] hsr_slave_1: left promiscuous mode [ 752.151882][ T9329] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 752.151909][ T9329] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 752.206163][ T9329] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 752.206193][ T9329] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 752.288516][ T9329] veth1_macvtap: left promiscuous mode [ 752.288593][ T9329] veth0_macvtap: left promiscuous mode [ 752.288766][ T9329] veth1_vlan: left promiscuous mode [ 752.288884][ T9329] veth0_vlan: left promiscuous mode [ 752.395240][ T36] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 752.557514][ T36] usb 5-1: Using ep0 maxpacket: 16 [ 752.563034][ T36] usb 5-1: New USB device found, idVendor=041e, idProduct=4018, bcdDevice=ed.b4 [ 752.563065][ T36] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 752.563080][ T36] usb 5-1: Product: syz [ 752.563090][ T36] usb 5-1: Manufacturer: syz [ 752.563100][ T36] usb 5-1: SerialNumber: syz [ 752.582839][ T36] usb 5-1: config 0 descriptor?? [ 752.619545][ T36] gspca_main: spca508-2.14.0 probing 041e:4018 [ 753.161223][ T36] gspca_spca508: reg_read err -71 [ 753.161656][ T36] gspca_spca508: reg_read err -71 [ 753.162079][ T36] gspca_spca508: reg_read err -71 [ 753.162462][ T36] gspca_spca508: reg_read err -71 [ 753.162846][ T36] gspca_spca508: reg write: error -71 [ 753.162938][ T36] spca508 5-1:0.0: probe with driver spca508 failed with error -71 [ 753.188159][ T36] usb 5-1: USB disconnect, device number 21 [ 753.296540][ T9329] team0 (unregistering): Port device team_slave_1 removed [ 753.357740][ T9329] team0 (unregistering): Port device team_slave_0 removed [ 753.573554][T10217] bridge0: port 1(bridge_slave_0) entered blocking state [ 753.573680][T10217] bridge0: port 1(bridge_slave_0) entered disabled state [ 753.573876][T10217] bridge_slave_0: entered allmulticast mode [ 753.582942][T10217] bridge_slave_0: entered promiscuous mode [ 753.639420][T10217] bridge0: port 2(bridge_slave_1) entered blocking state [ 753.639551][T10217] bridge0: port 2(bridge_slave_1) entered disabled state [ 753.639767][T10217] bridge_slave_1: entered allmulticast mode [ 753.642651][T10217] bridge_slave_1: entered promiscuous mode [ 754.734186][T10217] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 756.689228][T10217] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 757.088452][T10217] team0: Port device team_slave_0 added [ 757.486155][T10375] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1070'. [ 757.606352][T10217] team0: Port device team_slave_1 added [ 758.540594][T10217] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 758.540615][T10217] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 758.540643][T10217] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 758.604640][T10217] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 758.604658][T10217] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 758.604687][T10217] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 759.987085][T10217] hsr_slave_0: entered promiscuous mode [ 759.988469][T10217] hsr_slave_1: entered promiscuous mode [ 759.989472][T10217] debugfs: 'hsr0' already exists in 'hsr' [ 759.989497][T10217] Cannot create hsr debugfs directory [ 762.506399][ T5780] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 762.714118][ T5780] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 762.714151][ T5780] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 762.714173][ T5780] usb 5-1: Product: syz [ 762.714188][ T5780] usb 5-1: Manufacturer: syz [ 762.714203][ T5780] usb 5-1: SerialNumber: syz [ 762.863777][T10419] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1080'. [ 762.932917][ T5780] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 762.982148][ T9] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 764.588157][ T5780] usb 5-1: USB disconnect, device number 22 [ 764.663040][ T9] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 764.663238][ T9] ath9k_htc: Failed to initialize the device [ 764.702493][ T5780] usb 5-1: ath9k_htc: USB layer deinitialized [ 769.518070][T10449] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1089'. [ 772.362732][T10179] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 772.435199][T10179] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 772.499298][T10179] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 774.053410][T10179] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 774.561758][ T9327] bridge_slave_1: left allmulticast mode [ 774.561789][ T9327] bridge_slave_1: left promiscuous mode [ 774.562044][ T9327] bridge0: port 2(bridge_slave_1) entered disabled state [ 774.646783][ T9327] bridge_slave_0: left allmulticast mode [ 774.646817][ T9327] bridge_slave_0: left promiscuous mode [ 774.647088][ T9327] bridge0: port 1(bridge_slave_0) entered disabled state [ 775.645837][ T9327] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 775.726324][ T9327] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 775.747354][ T9327] bond0 (unregistering): Released all slaves [ 776.122202][T10491] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1100'. [ 777.609849][T10498] program syz.5.1101 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 777.735139][ T9327] hsr_slave_0: left promiscuous mode [ 777.825216][ T9327] hsr_slave_1: left promiscuous mode [ 777.826281][ T9327] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 778.059347][ T9327] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 779.395158][ T6492] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 779.551368][ T6492] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 779.551402][ T6492] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 779.551424][ T6492] usb 5-1: Product: syz [ 779.551439][ T6492] usb 5-1: Manufacturer: syz [ 779.551455][ T6492] usb 5-1: SerialNumber: syz [ 779.693937][ T6492] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 779.722704][ T5780] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 780.896954][ T5880] usb 5-1: USB disconnect, device number 23 [ 781.107794][ T9327] team0 (unregistering): Port device team_slave_1 removed [ 781.265646][ T9327] team0 (unregistering): Port device team_slave_0 removed [ 781.710604][ T5780] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 781.710816][ T5780] ath9k_htc: Failed to initialize the device [ 781.711923][ T5880] usb 5-1: ath9k_htc: USB layer deinitialized [ 782.788107][T10535] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 784.990078][T10179] 8021q: adding VLAN 0 to HW filter on device bond0 [ 785.241098][T10179] 8021q: adding VLAN 0 to HW filter on device team0 [ 785.395378][ T9329] bridge0: port 1(bridge_slave_0) entered blocking state [ 785.395494][ T9329] bridge0: port 1(bridge_slave_0) entered forwarding state [ 785.480922][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 785.481037][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 787.587589][T10217] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 787.644298][T10217] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 787.664052][T10217] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 787.715449][T10217] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 791.793648][T10179] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 792.041282][T10615] program syz.0.1125 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 792.904039][T10217] 8021q: adding VLAN 0 to HW filter on device bond0 [ 793.010706][T10217] 8021q: adding VLAN 0 to HW filter on device team0 [ 793.071390][ T5927] bridge0: port 1(bridge_slave_0) entered blocking state [ 793.071529][ T5927] bridge0: port 1(bridge_slave_0) entered forwarding state [ 793.105763][ T6027] bridge0: port 2(bridge_slave_1) entered blocking state [ 793.106623][ T6027] bridge0: port 2(bridge_slave_1) entered forwarding state [ 796.415783][T10217] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 797.684597][T10676] program syz.4.1136 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 797.779049][ T9063] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 797.791938][ T9063] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 797.795966][ T9063] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 797.801215][ T9063] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 797.812123][ T9063] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 799.867693][ T61] Bluetooth: hci1: command tx timeout [ 802.004975][ T61] Bluetooth: hci1: command tx timeout [ 802.456260][ T9063] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 802.459426][ T9063] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 802.460984][ T9063] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 802.528704][ T9063] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 802.548220][ T9063] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 804.475185][ T9010] Bluetooth: hci1: command tx timeout [ 804.655114][ T61] Bluetooth: hci4: command tx timeout [ 806.601946][ T61] Bluetooth: hci1: command tx timeout [ 806.905848][ T61] Bluetooth: hci4: command tx timeout [ 808.490708][T10753] program syz.4.1154 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 808.903713][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.903784][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.986395][ T61] Bluetooth: hci4: command tx timeout [ 810.011959][T10679] chnl_net:caif_netlink_parms(): no params data found [ 810.892827][T10679] bridge0: port 1(bridge_slave_0) entered blocking state [ 810.892926][T10679] bridge0: port 1(bridge_slave_0) entered disabled state [ 810.893349][T10679] bridge_slave_0: entered allmulticast mode [ 810.923114][T10679] bridge_slave_0: entered promiscuous mode [ 811.152009][ T61] Bluetooth: hci4: command tx timeout [ 811.164637][T10679] bridge0: port 2(bridge_slave_1) entered blocking state [ 811.164779][T10679] bridge0: port 2(bridge_slave_1) entered disabled state [ 811.169958][T10679] bridge_slave_1: entered allmulticast mode [ 811.194834][T10679] bridge_slave_1: entered promiscuous mode [ 812.528085][ T9330] bridge_slave_1: left allmulticast mode [ 812.528107][ T9330] bridge_slave_1: left promiscuous mode [ 812.528271][ T9330] bridge0: port 2(bridge_slave_1) entered disabled state [ 812.608954][ T9330] bridge_slave_0: left allmulticast mode [ 812.608978][ T9330] bridge_slave_0: left promiscuous mode [ 812.609156][ T9330] bridge0: port 1(bridge_slave_0) entered disabled state [ 815.782141][T10800] program syz.4.1165 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 816.122203][ T9330] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 816.905899][ T9330] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 816.971887][ T9330] bond0 (unregistering): Released all slaves [ 817.131933][T10814] program syz.0.1170 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 817.953738][T10679] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 817.971125][T10679] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 818.146864][T10679] team0: Port device team_slave_0 added [ 818.149267][T10679] team0: Port device team_slave_1 added [ 818.239639][ T5880] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 818.306385][T10718] chnl_net:caif_netlink_parms(): no params data found [ 818.481290][T10825] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1173'. [ 818.636896][ T9330] hsr_slave_0: left promiscuous mode [ 818.656327][ T9330] hsr_slave_1: left promiscuous mode [ 818.657550][ T9330] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 818.697373][ T9330] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 819.287255][ T9330] team0 (unregistering): Port device team_slave_1 removed [ 819.327415][ T9330] team0 (unregistering): Port device team_slave_0 removed [ 819.650500][T10679] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 819.650520][T10679] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 819.650550][T10679] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 821.389112][T10832] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 821.901307][T10679] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 821.901326][T10679] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 821.901356][T10679] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 822.195096][ T5880] usb 6-1: unable to get BOS descriptor or descriptor too short [ 822.215499][ T5880] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 822.215540][ T5880] usb 6-1: can't read configurations, error -71 [ 822.499712][T10679] hsr_slave_0: entered promiscuous mode [ 822.523682][T10679] hsr_slave_1: entered promiscuous mode [ 823.382287][T10844] syz.5.1176 (10844) used greatest stack depth: 17288 bytes left [ 823.905806][T10718] bridge0: port 1(bridge_slave_0) entered blocking state [ 823.905935][T10718] bridge0: port 1(bridge_slave_0) entered disabled state [ 823.906147][T10718] bridge_slave_0: entered allmulticast mode [ 823.909001][T10718] bridge_slave_0: entered promiscuous mode [ 823.974015][T10718] bridge0: port 2(bridge_slave_1) entered blocking state [ 823.974099][T10718] bridge0: port 2(bridge_slave_1) entered disabled state [ 823.974250][T10718] bridge_slave_1: entered allmulticast mode [ 823.998900][T10718] bridge_slave_1: entered promiscuous mode [ 824.331841][T10718] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 824.429631][T10718] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 824.939658][T10718] team0: Port device team_slave_0 added [ 825.067668][T10867] program syz.5.1181 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 825.852413][T10718] team0: Port device team_slave_1 added [ 826.113786][T10718] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 826.113806][T10718] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 826.113836][T10718] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 826.170819][T10718] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 826.170833][T10718] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 826.170853][T10718] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 827.972028][T10880] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 828.388976][T10885] program syz.0.1175 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 829.211844][T10888] overlayfs: failed to resolve './file1': -2 [ 829.719473][T10718] hsr_slave_0: entered promiscuous mode [ 829.720440][T10718] hsr_slave_1: entered promiscuous mode [ 829.721137][T10718] debugfs: 'hsr0' already exists in 'hsr' [ 829.721155][T10718] Cannot create hsr debugfs directory [ 831.726755][T10903] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 831.726786][T10903] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 831.726809][T10903] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 834.192667][T10919] program syz.0.1191 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 836.923058][T10930] syz_tun: entered allmulticast mode [ 837.141183][T10937] program syz.0.1194 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 837.336294][T10679] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 837.832258][T10679] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 837.835631][T10940] overlayfs: failed to resolve './file1': -2 [ 837.962537][T10679] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 838.052462][T10679] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 838.841198][ T1428] bridge_slave_1: left allmulticast mode [ 838.841229][ T1428] bridge_slave_1: left promiscuous mode [ 838.841573][ T1428] bridge0: port 2(bridge_slave_1) entered disabled state [ 838.899315][ T1428] bridge_slave_0: left allmulticast mode [ 838.899337][ T1428] bridge_slave_0: left promiscuous mode [ 838.899519][ T1428] bridge0: port 1(bridge_slave_0) entered disabled state [ 840.767860][ T1428] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 840.847494][ T1428] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 841.103611][T10972] program syz.0.1202 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 842.048238][ T1428] bond0 (unregistering): Released all slaves [ 842.467848][T10985] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 842.896005][T10995] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1209'. [ 842.936663][ T1428] hsr_slave_0: left promiscuous mode [ 842.955223][ T1428] hsr_slave_1: left promiscuous mode [ 842.956076][ T1428] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 842.985737][ T1428] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 843.375061][ T1428] team0 (unregistering): Port device team_slave_1 removed [ 843.437221][ T1428] team0 (unregistering): Port device team_slave_0 removed [ 846.392793][T10679] 8021q: adding VLAN 0 to HW filter on device bond0 [ 846.490891][T10679] 8021q: adding VLAN 0 to HW filter on device team0 [ 846.550620][ T1346] bridge0: port 1(bridge_slave_0) entered blocking state [ 846.552031][ T1346] bridge0: port 1(bridge_slave_0) entered forwarding state [ 847.043494][ T1346] bridge0: port 2(bridge_slave_1) entered blocking state [ 847.043618][ T1346] bridge0: port 2(bridge_slave_1) entered forwarding state [ 847.070684][T10718] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 847.477385][T11021] warning: `syz.4.1216' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 847.478827][T10718] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 847.616396][T10718] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 847.708302][T10718] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 849.526194][T11040] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1219'. [ 851.134013][T10718] 8021q: adding VLAN 0 to HW filter on device bond0 [ 851.240266][T10718] 8021q: adding VLAN 0 to HW filter on device team0 [ 851.284563][ T1155] bridge0: port 1(bridge_slave_0) entered blocking state [ 851.284748][ T1155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 851.360687][ T9327] bridge0: port 2(bridge_slave_1) entered blocking state [ 851.377824][ T9327] bridge0: port 2(bridge_slave_1) entered forwarding state [ 851.552391][T10679] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 852.695595][T10718] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 852.971537][T11070] openvswitch: netlink: VXLAN extension message has 1 unknown bytes. [ 852.977414][T11070] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1224'. [ 853.517278][T10679] veth0_vlan: entered promiscuous mode [ 853.552950][T10679] veth1_vlan: entered promiscuous mode [ 853.562592][T11070] netdevsim netdevsim0: Direct firmware load for / [ 853.562592][T11070] failed with error -2 [ 853.567661][T11070] netdevsim netdevsim0: Falling back to sysfs fallback for: / [ 853.567661][T11070] [ 853.743498][T10679] veth0_macvtap: entered promiscuous mode [ 853.899036][T10679] veth1_macvtap: entered promiscuous mode [ 854.007659][T10679] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 854.089358][T10679] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 854.154295][ T1346] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 854.154544][ T1346] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 854.154601][ T1346] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 854.154656][ T1346] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 856.662307][T10718] veth0_vlan: entered promiscuous mode [ 856.724358][ T1155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 856.724384][ T1155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 856.807145][T10718] veth1_vlan: entered promiscuous mode [ 856.940914][T11094] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1228'. [ 857.136498][T10718] veth0_macvtap: entered promiscuous mode [ 857.164173][T10718] veth1_macvtap: entered promiscuous mode [ 857.299577][T10718] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 857.400062][T10718] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 857.441420][ T9330] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 857.441811][ T9330] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 857.450389][ T9330] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 857.450536][ T9330] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 858.198861][ T1155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 858.198884][ T1155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 858.552899][ T9330] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 858.552925][ T9330] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 858.733258][ T9010] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 858.915274][ T9010] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 858.917881][ T9010] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 858.919175][ T9010] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 858.919964][ T9010] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 860.702604][ T9010] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 860.702663][ T9010] CPU: 0 UID: 0 PID: 9010 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 860.702687][ T9010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 860.702702][ T9010] Workqueue: hci2 hci_rx_work [ 860.702754][ T9010] Call Trace: [ 860.702768][ T9010] [ 860.702778][ T9010] dump_stack_lvl+0xe8/0x150 [ 860.702817][ T9010] sysfs_create_dir_ns+0x271/0x2a0 [ 860.702843][ T9010] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 860.702870][ T9010] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 860.702897][ T9010] ? rt_spin_unlock+0x160/0x200 [ 860.702926][ T9010] kobject_add_internal+0x631/0xd10 [ 860.702972][ T9010] kobject_add+0x163/0x240 [ 860.703012][ T9010] ? __pfx_kobject_add+0x10/0x10 [ 860.703053][ T9010] ? get_device_parent+0x370/0x3a0 [ 860.703090][ T9010] device_add+0x408/0xb80 [ 860.703127][ T9010] hci_conn_add_sysfs+0xd5/0x210 [ 860.703167][ T9010] le_conn_complete_evt+0xf1d/0x1430 [ 860.703229][ T9010] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 860.703267][ T9010] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 860.703299][ T9010] ? lockdep_hardirqs_on+0x7a/0x110 [ 860.703332][ T9010] ? skb_pull_data+0xfb/0x200 [ 860.703371][ T9010] hci_le_conn_complete_evt+0x187/0x470 [ 860.703414][ T9010] hci_event_packet+0x7af/0x12c0 [ 860.703450][ T9010] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 860.703483][ T9010] ? __pfx_hci_event_packet+0x10/0x10 [ 860.703511][ T9010] ? rt_spin_unlock+0x14f/0x200 [ 860.703545][ T9010] ? hci_send_to_monitor+0xe2/0x590 [ 860.703571][ T9010] hci_rx_work+0x3ee/0x1030 [ 860.703608][ T9010] ? process_scheduled_works+0xa25/0x1830 [ 860.703643][ T9010] process_scheduled_works+0xb02/0x1830 [ 860.703707][ T9010] ? __pfx_process_scheduled_works+0x10/0x10 [ 860.703747][ T9010] ? assign_work+0x3d5/0x5e0 [ 860.703785][ T9010] worker_thread+0xa50/0xfc0 [ 860.703862][ T9010] kthread+0x388/0x470 [ 860.703889][ T9010] ? __pfx_worker_thread+0x10/0x10 [ 860.703920][ T9010] ? __pfx_kthread+0x10/0x10 [ 860.703946][ T9010] ret_from_fork+0x51e/0xb90 [ 860.703984][ T9010] ? __pfx_ret_from_fork+0x10/0x10 [ 860.704021][ T9010] ? __switch_to+0xc7d/0x1450 [ 860.704055][ T9010] ? __pfx_kthread+0x10/0x10 [ 860.704079][ T9010] ret_from_fork_asm+0x1a/0x30 [ 860.704121][ T9010] [ 860.704157][ T9010] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 860.704213][ T9010] Bluetooth: hci2: failed to register connection device [ 861.055200][ T61] Bluetooth: hci0: command tx timeout [ 862.014522][T11138] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1237'. [ 862.466232][ T9010] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 862.486314][ T9010] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 862.490647][ T9010] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 862.498710][ T9010] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 862.500474][ T9010] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 863.138806][ T61] Bluetooth: hci0: command tx timeout [ 863.267401][ T12] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 864.575760][ T61] Bluetooth: hci1: command tx timeout [ 865.224934][ T61] Bluetooth: hci0: command tx timeout [ 866.665087][ T61] Bluetooth: hci1: command tx timeout [ 866.808663][T11173] input: syz1 as /devices/virtual/input/input6 [ 866.908450][ T12] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 867.061300][ T9010] Bluetooth: hci2: command 0x0406 tx timeout [ 867.979991][ T61] Bluetooth: hci0: command tx timeout [ 868.736576][ T61] Bluetooth: hci1: command tx timeout [ 869.524815][T11190] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1247'. [ 869.580991][ T12] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 870.143935][ T12] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 870.341103][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.341202][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.815354][ T61] Bluetooth: hci1: command tx timeout [ 871.340416][T11109] chnl_net:caif_netlink_parms(): no params data found [ 871.668925][ T12] bridge_slave_1: left allmulticast mode [ 871.673537][ T12] bridge_slave_1: left promiscuous mode [ 871.673819][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 871.794494][ T12] bridge_slave_0: left allmulticast mode [ 871.794518][ T12] bridge_slave_0: left promiscuous mode [ 871.794698][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 875.361111][T11238] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1258'. [ 875.785696][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 875.865801][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 875.908280][ T12] bond0 (unregistering): Released all slaves [ 876.128298][T11145] chnl_net:caif_netlink_parms(): no params data found [ 876.158113][T11109] bridge0: port 1(bridge_slave_0) entered blocking state [ 876.158254][T11109] bridge0: port 1(bridge_slave_0) entered disabled state [ 876.158494][T11109] bridge_slave_0: entered allmulticast mode [ 876.160397][T11109] bridge_slave_0: entered promiscuous mode [ 876.205889][T11109] bridge0: port 2(bridge_slave_1) entered blocking state [ 876.206024][T11109] bridge0: port 2(bridge_slave_1) entered disabled state [ 876.206275][T11109] bridge_slave_1: entered allmulticast mode [ 876.218583][T11109] bridge_slave_1: entered promiscuous mode [ 877.591540][T11254] overlay: Unknown parameter '/bus' [ 878.094217][T11255] Can't find ip_set type bitmap:ip [ 878.306276][T11245] sg_write: data in/out 28/14 bytes for SCSI command 0x0-- guessing data in; [ 878.306276][T11245] program syz.0.1261 not setting count and/or reply_len properly [ 878.429926][T11109] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 878.462344][T11260] syz.4.1264 uses obsolete (PF_INET,SOCK_PACKET) [ 878.558910][T11109] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 879.725105][ T12] hsr_slave_0: left promiscuous mode [ 879.776981][ T12] hsr_slave_1: left promiscuous mode [ 879.780567][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 879.780589][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 879.834804][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 879.834835][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 880.324484][ T12] veth1_macvtap: left promiscuous mode [ 880.350748][ T12] veth0_macvtap: left promiscuous mode [ 880.465162][ T12] veth1_vlan: left promiscuous mode [ 880.465384][ T12] veth0_vlan: left promiscuous mode [ 880.618373][ T37] audit: type=1804 audit(1772277827.844:12): pid=11275 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.0.1267" name="/newroot/345/file1" dev="fuse" ino=1 res=1 errno=0 [ 881.405597][ T12] team0 (unregistering): Port device team_slave_1 removed [ 881.468118][ T12] team0 (unregistering): Port device team_slave_0 removed [ 881.931593][T11280] overlayfs: missing 'workdir' [ 882.109044][T11281] overlayfs: failed to resolve './file2': -2 [ 884.243355][T11109] team0: Port device team_slave_0 added [ 884.243587][T11145] bridge0: port 1(bridge_slave_0) entered blocking state [ 884.243728][T11145] bridge0: port 1(bridge_slave_0) entered disabled state [ 884.243907][T11145] bridge_slave_0: entered allmulticast mode [ 884.275033][T11145] bridge_slave_0: entered promiscuous mode [ 884.282098][T11109] team0: Port device team_slave_1 added [ 884.282329][T11145] bridge0: port 2(bridge_slave_1) entered blocking state [ 884.286845][T11145] bridge0: port 2(bridge_slave_1) entered disabled state [ 884.287368][T11145] bridge_slave_1: entered allmulticast mode [ 884.293831][T11145] bridge_slave_1: entered promiscuous mode [ 884.456851][T11109] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 884.456865][T11109] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 884.456885][T11109] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 884.462516][T11145] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 884.475711][T11109] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 884.475753][T11109] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 884.475850][T11109] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 884.617581][T11145] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 884.880990][T11145] team0: Port device team_slave_0 added [ 884.943024][T11145] team0: Port device team_slave_1 added [ 884.971531][T11109] hsr_slave_0: entered promiscuous mode [ 884.986489][T11109] hsr_slave_1: entered promiscuous mode [ 885.025108][T11100] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 885.174304][T11295] netlink: 'syz.5.1272': attribute type 6 has an invalid length. [ 885.294177][T11296] netlink: 'syz.5.1272': attribute type 6 has an invalid length. [ 885.346108][T11100] usb 5-1: Using ep0 maxpacket: 32 [ 885.603218][T11100] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 885.603273][T11100] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 885.603298][T11100] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 885.669822][T11100] usb 5-1: config 0 descriptor?? [ 885.683731][T11100] hub 5-1:0.0: USB hub found [ 885.915050][T11100] hub 5-1:0.0: 1 port detected [ 886.123619][T11100] hub 5-1:0.0: hub_hub_status failed (err = -71) [ 886.123651][T11100] hub 5-1:0.0: config failed, can't get hub status (err -71) [ 886.189350][T11145] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 886.189368][T11145] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 886.189395][T11145] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 886.239142][T11100] usbhid 5-1:0.0: can't add hid device: -71 [ 886.239271][T11100] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 886.311500][T11100] usb 5-1: USB disconnect, device number 24 [ 886.385043][ T809] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 886.406467][T11145] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 886.406497][T11145] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 886.406527][T11145] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 886.570028][ T809] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 886.570057][ T809] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 886.573468][ T809] usb 6-1: New USB device found, idVendor=1ac7, idProduct=0001, bcdDevice=cc.19 [ 886.573504][ T809] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 886.573525][ T809] usb 6-1: Product: syz [ 886.573540][ T809] usb 6-1: Manufacturer: syz [ 886.573555][ T809] usb 6-1: SerialNumber: syz [ 886.630910][ T809] usb 6-1: config 0 descriptor?? [ 886.831396][T11145] hsr_slave_0: entered promiscuous mode [ 886.947240][T11145] hsr_slave_1: entered promiscuous mode [ 886.948225][T11145] debugfs: 'hsr0' already exists in 'hsr' [ 886.948252][T11145] Cannot create hsr debugfs directory [ 887.068234][ T809] usb 6-1: USB disconnect, device number 13 [ 887.379120][ T61] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 887.379174][ T61] CPU: 1 UID: 0 PID: 61 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 887.379202][ T61] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 887.379222][ T61] Workqueue: hci3 hci_rx_work [ 887.379256][ T61] Call Trace: [ 887.379266][ T61] [ 887.379277][ T61] dump_stack_lvl+0xe8/0x150 [ 887.379316][ T61] sysfs_create_dir_ns+0x271/0x2a0 [ 887.379342][ T61] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 887.379369][ T61] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 887.379397][ T61] ? rt_spin_unlock+0x160/0x200 [ 887.379425][ T61] kobject_add_internal+0x631/0xd10 [ 887.379471][ T61] kobject_add+0x163/0x240 [ 887.379510][ T61] ? __pfx_kobject_add+0x10/0x10 [ 887.379552][ T61] ? get_device_parent+0x370/0x3a0 [ 887.379590][ T61] device_add+0x408/0xb80 [ 887.379625][ T61] hci_conn_add_sysfs+0xd5/0x210 [ 887.379656][ T61] le_conn_complete_evt+0xf1d/0x1430 [ 887.379707][ T61] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 887.379743][ T61] ? irqentry_exit+0x59e/0x620 [ 887.379772][ T61] ? rcu_is_watching+0x15/0xb0 [ 887.379804][ T61] ? skb_pull_data+0xfb/0x200 [ 887.379845][ T61] hci_le_conn_complete_evt+0x187/0x470 [ 887.379887][ T61] hci_event_packet+0x7af/0x12c0 [ 887.379921][ T61] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 887.379954][ T61] ? __pfx_hci_event_packet+0x10/0x10 [ 887.379982][ T61] ? preempt_schedule_common+0x82/0xd0 [ 887.380031][ T61] ? preempt_schedule_thunk+0x16/0x30 [ 887.380065][ T61] ? hci_send_to_monitor+0xe2/0x590 [ 887.380091][ T61] hci_rx_work+0x3ee/0x1030 [ 887.380122][ T61] ? preempt_schedule_thunk+0x16/0x30 [ 887.380153][ T61] ? process_scheduled_works+0xa25/0x1830 [ 887.380189][ T61] process_scheduled_works+0xb02/0x1830 [ 887.380254][ T61] ? __pfx_process_scheduled_works+0x10/0x10 [ 887.380296][ T61] ? assign_work+0x3d5/0x5e0 [ 887.380334][ T61] worker_thread+0xa50/0xfc0 [ 887.380399][ T61] kthread+0x388/0x470 [ 887.380425][ T61] ? __pfx_worker_thread+0x10/0x10 [ 887.380458][ T61] ? __pfx_kthread+0x10/0x10 [ 887.380484][ T61] ret_from_fork+0x51e/0xb90 [ 887.380520][ T61] ? __pfx_ret_from_fork+0x10/0x10 [ 887.380552][ T61] ? __switch_to+0xc7d/0x1450 [ 887.380586][ T61] ? __pfx_kthread+0x10/0x10 [ 887.380612][ T61] ret_from_fork_asm+0x1a/0x30 [ 887.380653][ T61] [ 887.381018][ T61] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 887.381310][ T61] Bluetooth: hci3: failed to register connection device [ 894.576019][ T9010] Bluetooth: hci3: command 0x0406 tx timeout [ 897.119464][ T12] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 897.852611][T11359] Illegal XDP return value 4294967282 on prog (id 30) dev N/A, expect packet loss! [ 897.880815][ T12] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 898.634588][ T12] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 900.150204][ T12] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 901.525218][T11375] input: syz1 as /devices/virtual/input/input7 [ 906.291667][ T12] bridge_slave_1: left allmulticast mode [ 906.291690][ T12] bridge_slave_1: left promiscuous mode [ 906.291883][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 906.400754][ T12] bridge_slave_0: left allmulticast mode [ 906.400785][ T12] bridge_slave_0: left promiscuous mode [ 906.401062][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 906.585915][T11404] loop6: detected capacity change from 0 to 7 [ 906.607207][ C0] blk_print_req_error: 10 callbacks suppressed [ 906.607226][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 906.607258][ C0] buffer_io_error: 10 callbacks suppressed [ 906.607271][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 906.609609][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 906.609650][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 906.609897][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 906.609925][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 906.610531][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 906.610560][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 906.612917][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 906.612947][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 906.613471][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 906.613502][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 906.773682][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 906.773730][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 906.773804][T11404] ldm_validate_partition_table(): Disk read failed. [ 906.775263][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 906.775347][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 906.788736][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 906.788838][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 906.790431][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 906.790515][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 906.918947][T11404] Dev loop6: unable to read RDB block 0 [ 906.946377][T11404] loop6: unable to read partition table [ 906.946649][T11404] loop6: partition table beyond EOD, truncated [ 906.946691][T11404] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 910.999608][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 911.047650][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 911.074590][ T12] bond0 (unregistering): Released all slaves [ 911.097010][T11437] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 911.097054][T11437] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 911.097075][T11437] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 912.887585][T11454] program syz.4.1305 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 919.396994][ T9580] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 920.438018][ T9010] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 920.454709][ T9010] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 920.466352][ T9010] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 920.469317][ T9010] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 920.472328][ T9010] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 920.535009][ T9580] usb 6-1: Using ep0 maxpacket: 16 [ 920.541451][ T9580] usb 6-1: New USB device found, idVendor=041e, idProduct=4018, bcdDevice=ed.b4 [ 920.541487][ T9580] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 920.541509][ T9580] usb 6-1: Product: syz [ 920.541525][ T9580] usb 6-1: Manufacturer: syz [ 920.541541][ T9580] usb 6-1: SerialNumber: syz [ 921.523900][ T9580] usb 6-1: config 0 descriptor?? [ 921.538710][ T9580] gspca_main: spca508-2.14.0 probing 041e:4018 [ 922.123842][ T9580] gspca_spca508: reg_read err -71 [ 922.124347][ T9580] gspca_spca508: reg_read err -71 [ 922.141195][ T9580] gspca_spca508: reg_read err -71 [ 922.141605][ T9580] gspca_spca508: reg_read err -71 [ 922.144203][ T9580] gspca_spca508: reg write: error -71 [ 922.144297][ T9580] spca508 6-1:0.0: probe with driver spca508 failed with error -71 [ 922.204558][ T9580] usb 6-1: USB disconnect, device number 14 [ 922.385675][ T12] hsr_slave_0: left promiscuous mode [ 922.425505][ T12] hsr_slave_1: left promiscuous mode [ 922.426605][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 922.426633][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 922.486130][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 922.486159][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 922.600253][ T12] veth1_macvtap: left promiscuous mode [ 922.600363][ T12] veth0_macvtap: left promiscuous mode [ 922.600622][ T12] veth1_vlan: left promiscuous mode [ 922.600803][ T12] veth0_vlan: left promiscuous mode [ 922.665225][ T61] Bluetooth: hci4: command tx timeout [ 922.666533][T11521] program syz.4.1317 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 922.800627][ T37] audit: type=1326 audit(1772277870.034:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11525 comm="syz.5.1319" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1479e2c799 code=0x0 [ 922.902327][ T37] audit: type=1326 audit(1772277870.134:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11525 comm="syz.5.1319" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1479e2c799 code=0x0 [ 922.960262][ T9010] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 922.983770][ T9010] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 922.989073][ T9010] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 923.009782][ T9010] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 923.010646][ T9010] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 924.587139][ T12] team0 (unregistering): Port device team_slave_1 removed [ 924.645954][ T12] team0 (unregistering): Port device team_slave_0 removed [ 924.815307][ T61] Bluetooth: hci4: command tx timeout [ 925.136543][ T61] Bluetooth: hci6: command tx timeout [ 926.897384][ T61] Bluetooth: hci4: command tx timeout [ 927.257299][ T61] Bluetooth: hci6: command tx timeout [ 929.138437][ T61] Bluetooth: hci4: command tx timeout [ 929.255561][ T5955] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 929.294959][ T61] Bluetooth: hci6: command tx timeout [ 929.425186][ T5955] usb 1-1: Using ep0 maxpacket: 32 [ 929.428483][ T5955] usb 1-1: unable to get BOS descriptor or descriptor too short [ 929.430188][ T5955] usb 1-1: config 102 has an invalid descriptor of length 0, skipping remainder of the config [ 929.430214][ T5955] usb 1-1: config 102 has 0 interfaces, different from the descriptor's value: 1 [ 929.457853][ T5955] usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=d9.27 [ 929.457956][ T5955] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 929.458009][ T5955] usb 1-1: Product: syz [ 929.458051][ T5955] usb 1-1: Manufacturer: syz [ 929.458079][ T5955] usb 1-1: SerialNumber: syz [ 930.345472][ T5955] usb 1-1: USB disconnect, device number 20 [ 930.476705][T11577] netlink: 'syz.5.1328': attribute type 1 has an invalid length. [ 931.190621][T11587] program syz.5.1329 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 931.375129][ T61] Bluetooth: hci6: command tx timeout [ 931.909368][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.911973][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.730671][T11603] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 932.731148][T11603] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 932.902892][T11604] overlayfs: failed to resolve './file2': -2 [ 933.643996][T11503] chnl_net:caif_netlink_parms(): no params data found [ 935.460108][T11619] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 935.460138][T11619] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 935.460153][T11619] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 938.031056][T11598] syz.0.1330 (11598): drop_caches: 2 [ 938.077235][T11528] chnl_net:caif_netlink_parms(): no params data found [ 938.799487][T11503] bridge0: port 1(bridge_slave_0) entered blocking state [ 938.799621][T11503] bridge0: port 1(bridge_slave_0) entered disabled state [ 938.799877][T11503] bridge_slave_0: entered allmulticast mode [ 938.812702][T11503] bridge_slave_0: entered promiscuous mode [ 938.885086][T11503] bridge0: port 2(bridge_slave_1) entered blocking state [ 938.885214][T11503] bridge0: port 2(bridge_slave_1) entered disabled state [ 938.885451][T11503] bridge_slave_1: entered allmulticast mode [ 938.888205][T11503] bridge_slave_1: entered promiscuous mode [ 939.328749][T11503] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 939.682098][T11652] netlink: 'syz.5.1339': attribute type 6 has an invalid length. [ 939.884130][T11653] netlink: 'syz.5.1339': attribute type 6 has an invalid length. [ 940.025819][T11503] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 940.265068][ T5955] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 940.702137][T11667] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1341'. [ 941.425107][T11503] team0: Port device team_slave_0 added [ 941.434988][ T5955] usb 5-1: Using ep0 maxpacket: 32 [ 941.453117][ T5955] usb 5-1: unable to get BOS descriptor or descriptor too short [ 941.460402][ T5955] usb 5-1: config 102 has an invalid descriptor of length 0, skipping remainder of the config [ 941.460427][ T5955] usb 5-1: config 102 has 0 interfaces, different from the descriptor's value: 1 [ 941.475663][ T5955] usb 5-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=d9.27 [ 941.475741][ T5955] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 941.475795][ T5955] usb 5-1: Product: syz [ 941.475839][ T5955] usb 5-1: Manufacturer: syz [ 941.475882][ T5955] usb 5-1: SerialNumber: syz [ 941.591734][T11503] team0: Port device team_slave_1 added [ 941.607821][T11528] bridge0: port 1(bridge_slave_0) entered blocking state [ 941.608264][T11528] bridge0: port 1(bridge_slave_0) entered disabled state [ 941.608516][T11528] bridge_slave_0: entered allmulticast mode [ 941.614578][T11528] bridge_slave_0: entered promiscuous mode [ 941.741830][T11528] bridge0: port 2(bridge_slave_1) entered blocking state [ 941.741962][T11528] bridge0: port 2(bridge_slave_1) entered disabled state [ 941.742189][T11528] bridge_slave_1: entered allmulticast mode [ 941.781487][T11528] bridge_slave_1: entered promiscuous mode [ 942.056059][T11503] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 942.056080][T11503] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 942.056109][T11503] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 942.823023][T11503] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 942.823043][T11503] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 942.823073][T11503] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 943.833490][T11528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 944.159019][T11528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 944.205446][ T5955] usb 5-1: USB disconnect, device number 25 [ 945.130463][T11528] team0: Port device team_slave_0 added [ 945.301831][T11528] team0: Port device team_slave_1 added [ 945.428677][T11503] hsr_slave_0: entered promiscuous mode [ 945.445699][T11503] hsr_slave_1: entered promiscuous mode [ 945.462376][T11503] debugfs: 'hsr0' already exists in 'hsr' [ 945.462402][T11503] Cannot create hsr debugfs directory [ 946.406624][T11528] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 946.406644][T11528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 946.406679][T11528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 946.624382][T11528] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 946.624401][T11528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 946.624430][T11528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 947.341740][T11716] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 947.517042][T11528] hsr_slave_0: entered promiscuous mode [ 947.546759][T11528] hsr_slave_1: entered promiscuous mode [ 947.550014][T11528] debugfs: 'hsr0' already exists in 'hsr' [ 947.550043][T11528] Cannot create hsr debugfs directory [ 947.638549][ T12] bridge_slave_1: left allmulticast mode [ 947.638579][ T12] bridge_slave_1: left promiscuous mode [ 947.638955][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 947.730812][ T12] bridge_slave_0: left allmulticast mode [ 947.730835][ T12] bridge_slave_0: left promiscuous mode [ 947.731034][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 948.116095][ T12] bridge_slave_1: left allmulticast mode [ 948.116118][ T12] bridge_slave_1: left promiscuous mode [ 948.116299][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 948.187583][ T12] bridge_slave_0: left allmulticast mode [ 948.187616][ T12] bridge_slave_0: left promiscuous mode [ 948.187885][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 948.485961][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 948.695853][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 948.744286][ T12] bond0 (unregistering): Released all slaves [ 948.855830][T11727] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1351'. [ 949.775926][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 949.957454][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 950.787068][ T12] bond0 (unregistering): Released all slaves [ 950.934700][T11732] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 950.934746][T11732] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 950.934767][T11732] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 951.104683][ T61] Bluetooth: hci2: unexpected event for opcode 0x203d [ 952.354363][T11744] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 953.816514][T11755] overlay: filesystem on ./file0 not supported as upperdir [ 953.894928][T11757] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1360'. [ 955.482761][ T61] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 955.483962][ T61] Bluetooth: hci2: Injecting HCI hardware error event [ 955.486166][ T9010] Bluetooth: hci2: hardware error 0x00 [ 957.145003][ T12] hsr_slave_0: left promiscuous mode [ 957.165097][ T12] hsr_slave_1: left promiscuous mode [ 957.165948][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 957.196023][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 957.295019][ T12] hsr_slave_0: left promiscuous mode [ 957.315259][ T12] hsr_slave_1: left promiscuous mode [ 957.316094][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 957.345745][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 957.672964][ T12] team0 (unregistering): Port device team_slave_1 removed [ 957.719432][ T12] team0 (unregistering): Port device team_slave_0 removed [ 958.105761][T11780] program syz.0.1366 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 958.336247][ T12] team0 (unregistering): Port device team_slave_1 removed [ 958.416084][ T12] team0 (unregistering): Port device team_slave_0 removed [ 958.900781][ T9010] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 961.025409][T11799] ALSA: mixer_oss: invalid OSS volume '' [ 961.523110][T11800] overlay: filesystem on ./file0 not supported as upperdir [ 963.208259][T11812] overlayfs: failed to resolve './file1': -2 [ 967.076653][T11845] ALSA: mixer_oss: invalid OSS volume '' [ 967.627192][ T809] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 969.044966][ T809] usb 6-1: Using ep0 maxpacket: 32 [ 969.063769][ T809] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 969.063797][ T809] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 969.090197][ T809] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 969.090229][ T809] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 969.090250][ T809] usb 6-1: Product: syz [ 969.090264][ T809] usb 6-1: Manufacturer: syz [ 969.090279][ T809] usb 6-1: SerialNumber: syz [ 969.157615][ T809] usb 6-1: config 0 descriptor?? [ 969.277391][T11528] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 969.379825][ T5955] usb 6-1: USB disconnect, device number 15 [ 969.444556][T11528] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 969.515027][T11528] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 969.669426][T11528] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 970.343591][T11503] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 970.415262][T11503] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 970.695195][T11503] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 971.262446][ T9010] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201' [ 971.262546][ T9010] CPU: 1 UID: 0 PID: 9010 Comm: kworker/u9:2 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 971.262582][ T9010] Tainted: [L]=SOFTLOCKUP [ 971.262591][ T9010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 971.262607][ T9010] Workqueue: hci5 hci_rx_work [ 971.262643][ T9010] Call Trace: [ 971.262652][ T9010] [ 971.262663][ T9010] dump_stack_lvl+0xe8/0x150 [ 971.262704][ T9010] sysfs_create_dir_ns+0x271/0x2a0 [ 971.262730][ T9010] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 971.262758][ T9010] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 971.262788][ T9010] ? rt_spin_unlock+0x160/0x200 [ 971.262817][ T9010] kobject_add_internal+0x631/0xd10 [ 971.262865][ T9010] kobject_add+0x163/0x240 [ 971.262906][ T9010] ? __pfx_kobject_add+0x10/0x10 [ 971.262950][ T9010] ? get_device_parent+0x370/0x3a0 [ 971.262990][ T9010] device_add+0x408/0xb80 [ 971.263029][ T9010] hci_conn_add_sysfs+0xd5/0x210 [ 971.263061][ T9010] le_conn_complete_evt+0xf1d/0x1430 [ 971.263116][ T9010] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 971.263156][ T9010] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 971.263188][ T9010] ? lockdep_hardirqs_on+0x7a/0x110 [ 971.263223][ T9010] ? skb_pull_data+0xfb/0x200 [ 971.263265][ T9010] hci_le_conn_complete_evt+0x187/0x470 [ 971.263310][ T9010] hci_event_packet+0x7af/0x12c0 [ 971.263346][ T9010] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 971.263382][ T9010] ? __pfx_hci_event_packet+0x10/0x10 [ 971.263410][ T9010] ? preempt_schedule_common+0x82/0xd0 [ 971.263442][ T9010] ? preempt_schedule_thunk+0x16/0x30 [ 971.263476][ T9010] ? hci_send_to_monitor+0xe2/0x590 [ 971.263503][ T9010] hci_rx_work+0x3ee/0x1030 [ 971.263535][ T9010] ? preempt_schedule_thunk+0x16/0x30 [ 971.263565][ T9010] ? process_scheduled_works+0xa25/0x1830 [ 971.263601][ T9010] process_scheduled_works+0xb02/0x1830 [ 971.263669][ T9010] ? __pfx_process_scheduled_works+0x10/0x10 [ 971.263710][ T9010] ? assign_work+0x3d5/0x5e0 [ 971.263749][ T9010] worker_thread+0xa50/0xfc0 [ 971.263815][ T9010] kthread+0x388/0x470 [ 971.263841][ T9010] ? __pfx_worker_thread+0x10/0x10 [ 971.263872][ T9010] ? __pfx_kthread+0x10/0x10 [ 971.263899][ T9010] ret_from_fork+0x51e/0xb90 [ 971.263935][ T9010] ? __pfx_ret_from_fork+0x10/0x10 [ 971.263967][ T9010] ? __switch_to+0xc7d/0x1450 [ 971.264001][ T9010] ? __pfx_kthread+0x10/0x10 [ 971.264027][ T9010] ret_from_fork_asm+0x1a/0x30 [ 971.264069][ T9010] [ 971.264453][ T9010] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 971.266923][ T9010] Bluetooth: hci5: failed to register connection device [ 971.342465][T11503] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 973.864126][T11889] overlay: filesystem on ./file0 not supported as upperdir [ 974.704199][T11528] 8021q: adding VLAN 0 to HW filter on device bond0 [ 976.641363][T11528] 8021q: adding VLAN 0 to HW filter on device team0 [ 976.869707][ T1435] bridge0: port 1(bridge_slave_0) entered blocking state [ 976.870734][ T1435] bridge0: port 1(bridge_slave_0) entered forwarding state [ 976.937438][ T1435] bridge0: port 2(bridge_slave_1) entered blocking state [ 976.938435][ T1435] bridge0: port 2(bridge_slave_1) entered forwarding state [ 977.370861][T11906] ALSA: mixer_oss: invalid OSS volume '' [ 977.688658][T11503] 8021q: adding VLAN 0 to HW filter on device bond0 [ 980.437102][T11528] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 981.665470][ T5955] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 981.855343][ T5955] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 981.855391][ T5955] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 981.855436][ T5955] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 981.855464][ T5955] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 981.937464][ T5955] usb 5-1: config 0 descriptor?? [ 982.308011][ T9010] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 982.328761][ T9010] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 982.331231][ T9010] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 982.333111][ T9010] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 982.358089][ T9010] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 982.682352][ T5955] pyra 0003:1E7D:2CF6.0001: unknown main item tag 0x2 [ 983.215219][ T9010] Bluetooth: hci5: Ignoring HCI_Connection_Complete for existing connection [ 983.719054][ T5955] pyra 0003:1E7D:2CF6.0001: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.4-1/input0 [ 983.725025][ T5955] pyra 0003:1E7D:2CF6.0001: couldn't init struct pyra_device [ 983.725083][ T5955] pyra 0003:1E7D:2CF6.0001: couldn't install mouse [ 983.785608][ T5955] pyra 0003:1E7D:2CF6.0001: probe with driver pyra failed with error -71 [ 983.804169][ T5955] usb 5-1: USB disconnect, device number 26 [ 984.220345][T11960] fido_id[11960]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 984.499693][ T9010] Bluetooth: hci0: command tx timeout [ 985.227391][ T61] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 985.232697][ T61] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 985.245376][ T61] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 985.264909][ T61] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 985.267926][ T61] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 986.575019][ T61] Bluetooth: hci0: command tx timeout [ 987.462173][ T9010] Bluetooth: hci1: command tx timeout [ 988.419816][T11998] loop5: detected capacity change from 0 to 7 [ 988.437878][T11998] Dev loop5: unable to read RDB block 7 [ 988.437922][T11998] loop5: unable to read partition table [ 988.438116][T11998] loop5: partition table beyond EOD, truncated [ 988.438185][T11998] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 988.580040][T12000] program syz.5.1411 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 988.665752][ T9010] Bluetooth: hci0: command tx timeout [ 989.458749][T12006] loop6: detected capacity change from 0 to 7 [ 989.695116][ T9010] Bluetooth: hci1: command tx timeout [ 990.735034][ T9010] Bluetooth: hci0: command tx timeout [ 991.635060][ C0] blk_print_req_error: 10 callbacks suppressed [ 991.635076][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 991.635099][ C0] buffer_io_error: 10 callbacks suppressed [ 991.635108][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 991.654443][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 991.654543][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 991.714413][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 991.714452][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 991.732517][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 991.732555][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 991.732854][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 991.732906][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 991.733134][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 991.733163][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 991.733403][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 991.733432][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 991.733566][T11092] ldm_validate_partition_table(): Disk read failed. [ 991.733796][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 991.733827][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 991.734069][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 991.734099][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 991.734329][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 991.734357][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 991.734648][T11092] Dev loop6: unable to read RDB block 0 [ 991.775007][ T9010] Bluetooth: hci1: command tx timeout [ 991.884790][T11092] loop6: unable to read partition table [ 991.885228][T11092] loop6: partition table beyond EOD, truncated [ 991.905701][T12006] ldm_validate_partition_table(): Disk read failed. [ 991.927940][T12006] Dev loop6: unable to read RDB block 0 [ 992.019431][T12006] loop6: unable to read partition table [ 992.019614][T12006] loop6: partition table beyond EOD, truncated [ 992.019628][T12006] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 993.365659][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.365733][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.856676][ T9010] Bluetooth: hci1: command tx timeout [ 993.929405][T12032] binder: BINDER_SET_CONTEXT_MGR already set [ 993.929424][T12032] binder: 12031:12032 ioctl 4018620d 2000000002c0 returned -16 [ 994.174412][T12038] loop6: detected capacity change from 0 to 7 [ 994.245414][T12038] ldm_validate_partition_table(): Disk read failed. [ 994.256838][T12038] Dev loop6: unable to read RDB block 0 [ 994.274129][T12038] loop6: unable to read partition table [ 994.277582][T12038] loop6: partition table beyond EOD, truncated [ 994.277858][T12038] loop_reread_partitions: partition scan of loop6 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 996.924225][T11953] chnl_net:caif_netlink_parms(): no params data found [ 997.152922][T12065] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 997.575214][ T9327] bridge_slave_1: left allmulticast mode [ 997.575245][ T9327] bridge_slave_1: left promiscuous mode [ 997.575501][ T9327] bridge0: port 2(bridge_slave_1) entered disabled state [ 997.712280][ T9327] bridge_slave_0: left allmulticast mode [ 997.712313][ T9327] bridge_slave_0: left promiscuous mode [ 997.712596][ T9327] bridge0: port 1(bridge_slave_0) entered disabled state [ 998.889964][ T9010] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 1001.534658][T12104] sg_write: data in/out 28/14 bytes for SCSI command 0x0-- guessing data in; [ 1001.534658][T12104] program syz.0.1441 not setting count and/or reply_len properly [ 1001.685630][ T9327] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1001.756406][ T9327] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1001.806682][ T9327] bond0 (unregistering): Released all slaves [ 1002.206424][T11972] chnl_net:caif_netlink_parms(): no params data found [ 1002.235158][T11953] bridge0: port 1(bridge_slave_0) entered blocking state [ 1002.236793][T11953] bridge0: port 1(bridge_slave_0) entered disabled state [ 1002.237310][T11953] bridge_slave_0: entered allmulticast mode [ 1002.268497][T11953] bridge_slave_0: entered promiscuous mode [ 1002.312615][T11953] bridge0: port 2(bridge_slave_1) entered blocking state [ 1002.312746][T11953] bridge0: port 2(bridge_slave_1) entered disabled state [ 1002.312986][T11953] bridge_slave_1: entered allmulticast mode [ 1002.339264][T11953] bridge_slave_1: entered promiscuous mode [ 1002.499917][ T37] audit: type=1326 audit(1772277949.734:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12116 comm="syz.5.1447" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1479e2c799 code=0x0 [ 1002.536728][ T9327] hsr_slave_0: left promiscuous mode [ 1002.555290][ T9327] hsr_slave_1: left promiscuous mode [ 1002.556323][ T9327] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1002.606047][ T9327] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1002.607736][ T37] audit: type=1326 audit(1772277949.844:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12116 comm="syz.5.1447" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1479e2c799 code=0x0 [ 1003.021573][T12113] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 1003.021595][T12113] overlayfs: failed to set xattr on upper [ 1003.021601][T12113] overlayfs: ...falling back to redirect_dir=nofollow. [ 1003.021620][T12113] overlayfs: ...falling back to index=off. [ 1003.021625][T12113] overlayfs: ...falling back to uuid=null. [ 1003.106689][T12113] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 1003.106726][T12113] overlayfs: failed to set xattr on upper [ 1003.106736][T12113] overlayfs: ...falling back to redirect_dir=nofollow. [ 1003.106746][T12113] overlayfs: ...falling back to index=off. [ 1003.106755][T12113] overlayfs: ...falling back to uuid=null. [ 1003.106808][T12113] overlayfs: conflicting lowerdir path [ 1003.128365][T12124] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1004.169331][ T9327] team0 (unregistering): Port device team_slave_1 removed [ 1004.885094][ T61] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 1004.972686][ T9327] team0 (unregistering): Port device team_slave_0 removed [ 1005.127802][T12137] netlink: 'syz.5.1452': attribute type 6 has an invalid length. [ 1006.819170][T11953] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1006.846271][T11953] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1006.969428][T11953] team0: Port device team_slave_0 added [ 1007.033505][T11953] team0: Port device team_slave_1 added [ 1007.042879][T11972] bridge0: port 1(bridge_slave_0) entered blocking state [ 1007.043084][T11972] bridge0: port 1(bridge_slave_0) entered disabled state [ 1007.043295][T11972] bridge_slave_0: entered allmulticast mode [ 1007.067601][T11972] bridge_slave_0: entered promiscuous mode [ 1007.098361][T11972] bridge0: port 2(bridge_slave_1) entered blocking state [ 1007.098558][T11972] bridge0: port 2(bridge_slave_1) entered disabled state [ 1007.098742][T11972] bridge_slave_1: entered allmulticast mode [ 1007.101734][T11972] bridge_slave_1: entered promiscuous mode [ 1007.187826][T11953] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1007.187846][T11953] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1007.187876][T11953] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1007.246819][T11953] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1007.246838][T11953] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1007.246866][T11953] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1007.354447][T11972] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1008.429248][T11972] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1009.226834][T12161] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 1009.226862][T12161] overlayfs: failed to set xattr on upper [ 1009.226869][T12161] overlayfs: ...falling back to redirect_dir=nofollow. [ 1009.226876][T12161] overlayfs: ...falling back to index=off. [ 1009.226883][T12161] overlayfs: ...falling back to uuid=null. [ 1009.418893][T12168] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 1009.418924][T12168] overlayfs: failed to set xattr on upper [ 1009.418932][T12168] overlayfs: ...falling back to redirect_dir=nofollow. [ 1009.418940][T12168] overlayfs: ...falling back to index=off. [ 1009.418949][T12168] overlayfs: ...falling back to uuid=null. [ 1009.418993][T12168] overlayfs: conflicting lowerdir path [ 1009.548664][T11953] hsr_slave_0: entered promiscuous mode [ 1009.551824][T11953] hsr_slave_1: entered promiscuous mode [ 1009.648480][T11972] team0: Port device team_slave_0 added [ 1009.703210][T11972] team0: Port device team_slave_1 added [ 1010.263473][T11972] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1010.263493][T11972] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1010.263529][T11972] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1010.521208][ T61] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 1011.215962][T11972] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1011.215982][T11972] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1011.216011][T11972] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1011.898087][T12196] netlink: 'syz.0.1463': attribute type 6 has an invalid length. [ 1013.775440][T11972] hsr_slave_0: entered promiscuous mode [ 1013.776965][T11972] hsr_slave_1: entered promiscuous mode [ 1013.777939][T11972] debugfs: 'hsr0' already exists in 'hsr' [ 1013.777963][T11972] Cannot create hsr debugfs directory [ 1014.154336][T12221] program syz.0.1471 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1016.072561][T12236] binder: 12234:12236 ioctl c0306201 200000000640 returned -22 [ 1016.253125][T12222] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 1016.253154][T12222] overlayfs: failed to set xattr on upper [ 1016.253163][T12222] overlayfs: ...falling back to redirect_dir=nofollow. [ 1016.253171][T12222] overlayfs: ...falling back to index=off. [ 1016.253180][T12222] overlayfs: ...falling back to uuid=null. [ 1016.312253][T12235] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 1016.312306][T12235] overlayfs: failed to set xattr on upper [ 1016.312317][T12235] overlayfs: ...falling back to redirect_dir=nofollow. [ 1016.312327][T12235] overlayfs: ...falling back to index=off. [ 1016.312336][T12235] overlayfs: ...falling back to uuid=null. [ 1016.312387][T12235] overlayfs: conflicting lowerdir path [ 1018.133821][T12251] binder_alloc: 12250: binder_alloc_buf, no vma [ 1018.230367][T12252] program syz.5.1480 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1021.136723][ T1155] bridge_slave_1: left allmulticast mode [ 1021.136756][ T1155] bridge_slave_1: left promiscuous mode [ 1021.137453][ T1155] bridge0: port 2(bridge_slave_1) entered disabled state [ 1021.238781][ T1155] bridge_slave_0: left allmulticast mode [ 1021.238805][ T1155] bridge_slave_0: left promiscuous mode [ 1021.238996][ T1155] bridge0: port 1(bridge_slave_0) entered disabled state [ 1021.975826][ T1155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1022.076029][ T1155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1022.108245][ T1155] bond0 (unregistering): Released all slaves [ 1022.643096][T12269] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 1022.643119][T12269] overlayfs: failed to set xattr on upper [ 1022.643125][T12269] overlayfs: ...falling back to redirect_dir=nofollow. [ 1022.643131][T12269] overlayfs: ...falling back to index=off. [ 1022.643136][T12269] overlayfs: ...falling back to uuid=null. [ 1022.692196][T12287] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 1022.692228][T12287] overlayfs: failed to set xattr on upper [ 1022.692237][T12287] overlayfs: ...falling back to redirect_dir=nofollow. [ 1022.692248][T12287] overlayfs: ...falling back to index=off. [ 1022.692256][T12287] overlayfs: ...falling back to uuid=null. [ 1022.692305][T12287] overlayfs: conflicting lowerdir path [ 1022.694211][ T1155] hsr_slave_0: left promiscuous mode [ 1022.766994][ T1155] hsr_slave_1: left promiscuous mode [ 1022.768767][ T1155] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1022.816335][ T1155] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1024.148479][T12298] program syz.5.1491 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1025.312724][ T1155] team0 (unregistering): Port device team_slave_1 removed [ 1025.398140][ T1155] team0 (unregistering): Port device team_slave_0 removed [ 1026.396513][T12301] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1027.081013][T12316] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1030.104567][T11953] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1030.227624][T11953] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1030.515170][T11953] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1030.665879][T11953] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1031.707939][T11972] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1031.760605][T11972] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1031.826844][T11972] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1031.882152][T11972] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1032.279374][T11953] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1032.364687][T11953] 8021q: adding VLAN 0 to HW filter on device team0 [ 1032.629297][ T1155] bridge0: port 1(bridge_slave_0) entered blocking state [ 1032.630006][ T1155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1032.659413][T11972] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1033.777505][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 1033.811194][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1034.007365][T11972] 8021q: adding VLAN 0 to HW filter on device team0 [ 1034.089909][T12367] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1034.134329][ T139] bridge0: port 1(bridge_slave_0) entered blocking state [ 1034.145098][ T139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1034.218582][ T139] bridge0: port 2(bridge_slave_1) entered blocking state [ 1034.223495][ T139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1039.681232][T11953] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1039.898503][T11972] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1041.995406][T12399] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 1041.995441][T12399] overlayfs: failed to set xattr on upper [ 1041.995451][T12399] overlayfs: ...falling back to redirect_dir=nofollow. [ 1041.995461][T12399] overlayfs: ...falling back to index=off. [ 1041.995470][T12399] overlayfs: ...falling back to uuid=null. [ 1042.053949][T12399] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 1042.053980][T12399] overlayfs: failed to set xattr on upper [ 1042.053989][T12399] overlayfs: ...falling back to redirect_dir=nofollow. [ 1042.053999][T12399] overlayfs: ...falling back to index=off. [ 1042.054008][T12399] overlayfs: ...falling back to uuid=null. [ 1042.054055][T12399] overlayfs: conflicting lowerdir path [ 1042.356786][T12437] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1042.622975][T11972] veth0_vlan: entered promiscuous mode [ 1042.665199][T11972] veth1_vlan: entered promiscuous mode [ 1042.916305][ T61] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1042.927774][ T61] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1042.929120][ T61] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1042.930646][ T61] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1042.931424][ T61] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1045.780071][ T61] Bluetooth: hci4: command tx timeout [ 1047.028540][ T61] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1047.033533][ T61] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1047.035560][ T61] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1047.039087][ T61] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1047.042282][ T61] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1047.910539][ T9010] Bluetooth: hci4: command tx timeout [ 1049.137697][ T9010] Bluetooth: hci0: command tx timeout [ 1049.231281][T12485] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 1049.231313][T12485] overlayfs: failed to set xattr on upper [ 1049.231322][T12485] overlayfs: ...falling back to redirect_dir=nofollow. [ 1049.231331][T12485] overlayfs: ...falling back to index=off. [ 1049.231340][T12485] overlayfs: ...falling back to uuid=null. [ 1049.277795][T12485] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 1049.277825][T12485] overlayfs: failed to set xattr on upper [ 1049.277834][T12485] overlayfs: ...falling back to redirect_dir=nofollow. [ 1049.277844][T12485] overlayfs: ...falling back to index=off. [ 1049.277852][T12485] overlayfs: ...falling back to uuid=null. [ 1049.277919][T12485] overlayfs: conflicting lowerdir path [ 1049.895351][T12444] chnl_net:caif_netlink_parms(): no params data found [ 1049.935560][ T9010] Bluetooth: hci4: command tx timeout [ 1052.157019][ T9010] Bluetooth: hci0: command tx timeout [ 1052.157057][ T9010] Bluetooth: hci4: command tx timeout [ 1052.447947][ T1181] bridge_slave_1: left allmulticast mode [ 1052.447978][ T1181] bridge_slave_1: left promiscuous mode [ 1052.448229][ T1181] bridge0: port 2(bridge_slave_1) entered disabled state [ 1052.539078][ T1181] bridge_slave_0: left allmulticast mode [ 1052.539107][ T1181] bridge_slave_0: left promiscuous mode [ 1052.539369][ T1181] bridge0: port 1(bridge_slave_0) entered disabled state [ 1054.175516][ T61] Bluetooth: hci0: command tx timeout [ 1055.636248][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 1055.636324][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.835724][ T1181] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1056.386836][ T61] Bluetooth: hci0: command tx timeout [ 1056.806457][ T1181] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1057.418809][ T1181] bond0 (unregistering): Released all slaves [ 1057.878243][T12468] chnl_net:caif_netlink_parms(): no params data found [ 1059.412660][T12557] ALSA: mixer_oss: invalid OSS volume '' [ 1059.527645][ T1181] hsr_slave_0: left promiscuous mode [ 1059.564978][ T1181] hsr_slave_1: left promiscuous mode [ 1059.566125][ T1181] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1059.806792][ T1181] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1062.527181][ T1181] team0 (unregistering): Port device team_slave_1 removed [ 1064.253104][ T1181] team0 (unregistering): Port device team_slave_0 removed [ 1065.275654][T12444] bridge0: port 1(bridge_slave_0) entered blocking state [ 1065.275796][T12444] bridge0: port 1(bridge_slave_0) entered disabled state [ 1065.276056][T12444] bridge_slave_0: entered allmulticast mode [ 1065.279398][T12444] bridge_slave_0: entered promiscuous mode [ 1065.547491][T12587] ALSA: mixer_oss: invalid OSS volume '' [ 1066.411975][T12444] bridge0: port 2(bridge_slave_1) entered blocking state [ 1066.412107][T12444] bridge0: port 2(bridge_slave_1) entered disabled state [ 1066.412311][T12444] bridge_slave_1: entered allmulticast mode [ 1066.680261][T12444] bridge_slave_1: entered promiscuous mode [ 1068.923475][T12444] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1069.017229][T12444] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1069.018659][T12468] bridge0: port 1(bridge_slave_0) entered blocking state [ 1069.018764][T12468] bridge0: port 1(bridge_slave_0) entered disabled state [ 1069.018940][T12468] bridge_slave_0: entered allmulticast mode [ 1069.022293][T12468] bridge_slave_0: entered promiscuous mode [ 1069.204279][T12468] bridge0: port 2(bridge_slave_1) entered blocking state [ 1069.204472][T12468] bridge0: port 2(bridge_slave_1) entered disabled state [ 1069.225148][T12468] bridge_slave_1: entered allmulticast mode [ 1069.228007][T12468] bridge_slave_1: entered promiscuous mode [ 1070.536349][T12444] team0: Port device team_slave_0 added [ 1070.627370][T12444] team0: Port device team_slave_1 added [ 1071.909758][T12468] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1071.938989][T12468] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1071.997541][T12444] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1071.997561][T12444] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1071.997591][T12444] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1072.000924][T12444] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1072.000940][T12444] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1072.000969][T12444] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1072.929936][T12468] team0: Port device team_slave_0 added [ 1072.943807][T12468] team0: Port device team_slave_1 added [ 1073.020991][T11100] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 1073.164912][T11100] usb 1-1: Using ep0 maxpacket: 32 [ 1073.168996][T11100] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1073.169023][T11100] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1073.176973][T11100] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1073.177056][T11100] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1073.177103][T11100] usb 1-1: Product: syz [ 1073.177138][T11100] usb 1-1: Manufacturer: syz [ 1073.177179][T11100] usb 1-1: SerialNumber: syz [ 1073.455111][T11100] usb 1-1: config 0 descriptor?? [ 1074.086912][T12638] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1565'. [ 1074.141493][T11100] usb 1-1: USB disconnect, device number 21 [ 1074.961687][T12444] hsr_slave_0: entered promiscuous mode [ 1074.963313][T12444] hsr_slave_1: entered promiscuous mode [ 1074.975171][T12468] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1074.975226][T12468] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1074.975306][T12468] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1075.160324][T12646] program syz.5.1566 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1075.259972][T12468] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1075.259992][T12468] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1075.260030][T12468] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1076.311492][T12468] hsr_slave_0: entered promiscuous mode [ 1076.313040][T12468] hsr_slave_1: entered promiscuous mode [ 1076.314173][T12468] debugfs: 'hsr0' already exists in 'hsr' [ 1076.314200][T12468] Cannot create hsr debugfs directory [ 1078.167023][ T61] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 1079.708415][T12682] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1575'. [ 1081.056073][T12690] netlink: 'syz.4.1578': attribute type 6 has an invalid length. [ 1081.127713][T12691] netlink: 'syz.4.1578': attribute type 6 has an invalid length. [ 1081.165051][ T9580] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 1081.306928][T12694] program syz.0.1579 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1081.344595][ T9580] usb 6-1: Using ep0 maxpacket: 32 [ 1081.349220][ T9580] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1081.349249][ T9580] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1081.354152][ T9580] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1081.354180][ T9580] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1081.354262][ T9580] usb 6-1: Product: syz [ 1081.354310][ T9580] usb 6-1: Manufacturer: syz [ 1081.354357][ T9580] usb 6-1: SerialNumber: syz [ 1082.131764][ T9580] usb 6-1: config 0 descriptor?? [ 1082.389027][ T5955] usb 6-1: USB disconnect, device number 16 [ 1084.544131][T12709] overlay: Unknown parameter '/bus' [ 1088.289010][T12725] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1096.054080][T12771] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1096.521374][ T13] bridge_slave_1: left allmulticast mode [ 1096.521398][ T13] bridge_slave_1: left promiscuous mode [ 1096.521605][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1096.605139][T11100] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 1096.664713][ T13] bridge_slave_0: left allmulticast mode [ 1096.667402][ T13] bridge_slave_0: left promiscuous mode [ 1096.668060][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1096.794929][T11100] usb 1-1: Using ep0 maxpacket: 32 [ 1096.799561][T11100] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1096.799588][T11100] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1096.850323][T11100] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1096.850346][T11100] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1096.850426][T11100] usb 1-1: Product: syz [ 1096.850437][T11100] usb 1-1: Manufacturer: syz [ 1096.850448][T11100] usb 1-1: SerialNumber: syz [ 1096.856476][T11100] usb 1-1: config 0 descriptor?? [ 1097.106712][ T809] usb 1-1: USB disconnect, device number 22 [ 1102.676744][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1102.765698][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1102.810984][ T13] bond0 (unregistering): Released all slaves [ 1103.255352][ T13] hsr_slave_0: left promiscuous mode [ 1103.295248][ T13] hsr_slave_1: left promiscuous mode [ 1103.296117][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1103.325877][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1103.425934][ T13] veth1_vlan: left promiscuous mode [ 1103.426121][ T13] veth0_vlan: left promiscuous mode [ 1103.645598][ T9010] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1103.649500][ T9010] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1103.650787][ T9010] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1103.652006][ T9010] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1103.652810][ T9010] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1105.745571][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1105.777652][ T9010] Bluetooth: hci1: command tx timeout [ 1105.943895][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1106.559642][T12816] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1107.901045][ T9010] Bluetooth: hci1: command tx timeout [ 1109.628039][ T61] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1109.645510][ T61] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1109.649403][ T61] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1109.651373][ T61] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1109.670785][ T61] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1109.956821][ T61] Bluetooth: hci1: command tx timeout [ 1111.855063][ T9010] Bluetooth: hci6: command tx timeout [ 1112.005693][T12882] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1112.020343][ T9010] Bluetooth: hci1: command tx timeout [ 1112.288977][T12814] chnl_net:caif_netlink_parms(): no params data found [ 1112.398740][ T37] audit: type=1326 audit(1772278059.624:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12888 comm="syz.5.1622" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1479e2c799 code=0x0 [ 1113.935054][ T9010] Bluetooth: hci6: command tx timeout [ 1116.028575][ T9010] Bluetooth: hci6: command tx timeout [ 1116.103989][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.104062][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 1118.175036][ T9010] Bluetooth: hci6: command tx timeout [ 1119.166827][T12951] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1119.414203][T12814] bridge0: port 1(bridge_slave_0) entered blocking state [ 1119.414345][T12814] bridge0: port 1(bridge_slave_0) entered disabled state [ 1119.414595][T12814] bridge_slave_0: entered allmulticast mode [ 1119.449925][T12814] bridge_slave_0: entered promiscuous mode [ 1119.475043][T12814] bridge0: port 2(bridge_slave_1) entered blocking state [ 1119.479397][T12814] bridge0: port 2(bridge_slave_1) entered disabled state [ 1119.479580][T12814] bridge_slave_1: entered allmulticast mode [ 1119.515168][T12814] bridge_slave_1: entered promiscuous mode [ 1119.539938][ T13] bridge_slave_1: left allmulticast mode [ 1119.539960][ T13] bridge_slave_1: left promiscuous mode [ 1119.540127][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1119.680921][ T13] bridge_slave_0: left allmulticast mode [ 1119.680954][ T13] bridge_slave_0: left promiscuous mode [ 1119.681211][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1120.210831][T12967] overlay: filesystem on ./file0 not supported as upperdir [ 1122.834040][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1123.005541][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1123.517818][ T13] bond0 (unregistering): Released all slaves [ 1124.946746][T12987] fuse: Unknown parameter 'fd0x0000000000000004' [ 1125.068564][T12991] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1125.073885][T12989] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1125.116482][T12814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1126.793957][ T13] hsr_slave_0: left promiscuous mode [ 1126.845243][ T13] hsr_slave_1: left promiscuous mode [ 1126.846320][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1127.096022][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1129.905162][T13022] fuse: Unknown parameter 'fd0x0000000000000004' [ 1130.041458][T13026] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1130.245715][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1130.328106][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1131.519316][T12814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1131.777157][T13024] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1133.893598][T13045] program syz.0.1656 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1134.288366][T12814] team0: Port device team_slave_0 added [ 1134.318495][T12814] team0: Port device team_slave_1 added [ 1136.259394][T12814] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1136.259411][T12814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1136.259434][T12814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1136.339630][T12814] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1136.339649][T12814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1136.339678][T12814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1136.377084][T12858] chnl_net:caif_netlink_parms(): no params data found [ 1136.515197][T13059] fuse: Unknown parameter 'fd0x0000000000000004' [ 1136.546681][T13061] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1140.424527][T12814] hsr_slave_0: entered promiscuous mode [ 1140.436625][T12814] hsr_slave_1: entered promiscuous mode [ 1140.440712][T12814] debugfs: 'hsr0' already exists in 'hsr' [ 1140.440779][T12814] Cannot create hsr debugfs directory [ 1140.585630][T12858] bridge0: port 1(bridge_slave_0) entered blocking state [ 1140.585835][T12858] bridge0: port 1(bridge_slave_0) entered disabled state [ 1140.586044][T12858] bridge_slave_0: entered allmulticast mode [ 1140.588769][T12858] bridge_slave_0: entered promiscuous mode [ 1140.635367][T12858] bridge0: port 2(bridge_slave_1) entered blocking state [ 1140.635511][T12858] bridge0: port 2(bridge_slave_1) entered disabled state [ 1140.635753][T12858] bridge_slave_1: entered allmulticast mode [ 1140.676069][T12858] bridge_slave_1: entered promiscuous mode [ 1143.935915][ T9580] ------------[ cut here ]------------ [ 1143.935933][ T9580] faux_driver vkms: [drm] vblank wait timed out on crtc 0 [ 1143.935958][ T9580] WARNING: drivers/gpu/drm/drm_vblank.c:1320 at drm_crtc_wait_one_vblank+0x357/0x500, CPU#1: kworker/1:4/9580 [ 1143.936014][ T9580] Modules linked in: [ 1143.936039][ T9580] CPU: 1 UID: 0 PID: 9580 Comm: kworker/1:4 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1143.936069][ T9580] Tainted: [L]=SOFTLOCKUP [ 1143.936078][ T9580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1143.936093][ T9580] Workqueue: events drm_fb_helper_damage_work [ 1143.936129][ T9580] RIP: 0010:drm_crtc_wait_one_vblank+0x4b6/0x500 [ 1143.936166][ T9580] Code: e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 2a c0 d4 fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 48 8b 3c 24 44 89 f6 e8 e9 f4 ff ff b8 92 ff ff ff [ 1143.936186][ T9580] RSP: 0000:ffffc900042678e0 EFLAGS: 00010246 [ 1143.936204][ T9580] RAX: 1ffff11004ab5800 RBX: ffffffff8f751120 RCX: 0000000000000000 [ 1143.936221][ T9580] RDX: ffffffff8bbf30c0 RSI: ffffffff8bc0efc0 RDI: ffffffff8f751120 [ 1143.936242][ T9580] RBP: ffffc900042679c8 R08: 0000000000000000 R09: 0000000000000000 [ 1143.936257][ T9580] R10: dffffc0000000000 R11: fffffbfff1ed4637 R12: ffffffff8bc0efc0 [ 1143.936274][ T9580] R13: ffff8880255ac000 R14: 0000000000000000 R15: ffffffff8bbf30c0 [ 1143.936291][ T9580] FS: 0000000000000000(0000) GS:ffff888126440000(0000) knlGS:0000000000000000 [ 1143.936311][ T9580] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1143.936326][ T9580] CR2: 00007fa536fe2e94 CR3: 00000000603f4000 CR4: 00000000003526f0 [ 1143.936346][ T9580] Call Trace: [ 1143.936355][ T9580] [ 1143.936370][ T9580] ? __pfx_drm_crtc_wait_one_vblank+0x10/0x10 [ 1143.936407][ T9580] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1143.936445][ T9580] ? rt_spin_unlock+0x160/0x200 [ 1143.936474][ T9580] ? drm_vblank_get+0x147/0x260 [ 1143.936516][ T9580] drm_client_modeset_wait_for_vblank+0xc5/0xf0 [ 1143.936550][ T9580] drm_fb_helper_damage_work+0x131/0x6f0 [ 1143.936597][ T9580] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 1143.936634][ T9580] ? preempt_schedule_thunk+0x16/0x30 [ 1143.936668][ T9580] ? process_scheduled_works+0xa25/0x1830 [ 1143.936706][ T9580] ? process_scheduled_works+0xa25/0x1830 [ 1143.936741][ T9580] process_scheduled_works+0xb02/0x1830 [ 1143.936805][ T9580] ? __pfx_process_scheduled_works+0x10/0x10 [ 1143.936845][ T9580] ? assign_work+0x3d5/0x5e0 [ 1143.936881][ T9580] worker_thread+0xa50/0xfc0 [ 1143.936946][ T9580] kthread+0x388/0x470 [ 1143.936971][ T9580] ? __pfx_worker_thread+0x10/0x10 [ 1143.937001][ T9580] ? __pfx_kthread+0x10/0x10 [ 1143.937027][ T9580] ret_from_fork+0x51e/0xb90 [ 1143.937065][ T9580] ? __pfx_ret_from_fork+0x10/0x10 [ 1143.937095][ T9580] ? __switch_to+0xc7d/0x1450 [ 1143.937128][ T9580] ? __pfx_kthread+0x10/0x10 [ 1143.937154][ T9580] ret_from_fork_asm+0x1a/0x30 [ 1143.937196][ T9580] [ 1143.937215][ T9580] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1143.937234][ T9580] CPU: 1 UID: 0 PID: 9580 Comm: kworker/1:4 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1143.937263][ T9580] Tainted: [L]=SOFTLOCKUP [ 1143.937271][ T9580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1143.937285][ T9580] Workqueue: events drm_fb_helper_damage_work [ 1143.937319][ T9580] Call Trace: [ 1143.937328][ T9580] [ 1143.937337][ T9580] vpanic+0x56c/0xa60 [ 1143.937371][ T9580] ? __pfx__printk+0x10/0x10 [ 1143.937396][ T9580] ? __pfx_vpanic+0x10/0x10 [ 1143.937427][ T9580] ? is_bpf_text_address+0x292/0x2b0 [ 1143.937458][ T9580] ? is_bpf_text_address+0x26/0x2b0 [ 1143.937499][ T9580] panic+0xc5/0xd0 [ 1143.937531][ T9580] ? __pfx_panic+0x10/0x10 [ 1143.937576][ T9580] ? ret_from_fork_asm+0x1a/0x30 [ 1143.937604][ T9580] __warn+0x315/0x4f0 [ 1143.937635][ T9580] ? drm_crtc_wait_one_vblank+0x357/0x500 [ 1143.937685][ T9580] ? drm_crtc_wait_one_vblank+0x357/0x500 [ 1143.937721][ T9580] __report_bug+0x29a/0x540 [ 1143.937759][ T9580] ? drm_crtc_wait_one_vblank+0x357/0x500 [ 1143.937796][ T9580] ? __pfx___report_bug+0x10/0x10 [ 1143.937842][ T9580] ? drm_crtc_wait_one_vblank+0x357/0x500 [ 1143.937882][ T9580] report_bug_entry+0x19a/0x290 [ 1143.937914][ T9580] ? drm_crtc_wait_one_vblank+0x4b6/0x500 [ 1143.937947][ T9580] ? drm_crtc_wait_one_vblank+0x4bb/0x500 [ 1143.937980][ T9580] handle_bug+0xca/0x200 [ 1143.938014][ T9580] exc_invalid_op+0x1a/0x50 [ 1143.938049][ T9580] asm_exc_invalid_op+0x1a/0x20 [ 1143.938072][ T9580] RIP: 0010:drm_crtc_wait_one_vblank+0x4b6/0x500 [ 1143.938107][ T9580] Code: e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 2a c0 d4 fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 48 8b 3c 24 44 89 f6 e8 e9 f4 ff ff b8 92 ff ff ff [ 1143.938126][ T9580] RSP: 0000:ffffc900042678e0 EFLAGS: 00010246 [ 1143.938145][ T9580] RAX: 1ffff11004ab5800 RBX: ffffffff8f751120 RCX: 0000000000000000 [ 1143.938162][ T9580] RDX: ffffffff8bbf30c0 RSI: ffffffff8bc0efc0 RDI: ffffffff8f751120 [ 1143.938180][ T9580] RBP: ffffc900042679c8 R08: 0000000000000000 R09: 0000000000000000 [ 1143.938195][ T9580] R10: dffffc0000000000 R11: fffffbfff1ed4637 R12: ffffffff8bc0efc0 [ 1143.938213][ T9580] R13: ffff8880255ac000 R14: 0000000000000000 R15: ffffffff8bbf30c0 [ 1143.938254][ T9580] ? __pfx_drm_crtc_wait_one_vblank+0x10/0x10 [ 1143.938289][ T9580] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1143.938327][ T9580] ? rt_spin_unlock+0x160/0x200 [ 1143.938354][ T9580] ? drm_vblank_get+0x147/0x260 [ 1143.938392][ T9580] drm_client_modeset_wait_for_vblank+0xc5/0xf0 [ 1143.938425][ T9580] drm_fb_helper_damage_work+0x131/0x6f0 [ 1143.938472][ T9580] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 1143.938508][ T9580] ? preempt_schedule_thunk+0x16/0x30 [ 1143.938536][ T9580] ? process_scheduled_works+0xa25/0x1830 [ 1143.938566][ T9580] ? process_scheduled_works+0xa25/0x1830 [ 1143.938599][ T9580] process_scheduled_works+0xb02/0x1830 [ 1143.938670][ T9580] ? __pfx_process_scheduled_works+0x10/0x10 [ 1143.938710][ T9580] ? assign_work+0x3d5/0x5e0 [ 1143.938747][ T9580] worker_thread+0xa50/0xfc0 [ 1143.938811][ T9580] kthread+0x388/0x470 [ 1143.938835][ T9580] ? __pfx_worker_thread+0x10/0x10 [ 1143.938864][ T9580] ? __pfx_kthread+0x10/0x10 [ 1143.938889][ T9580] ret_from_fork+0x51e/0xb90 [ 1143.938924][ T9580] ? __pfx_ret_from_fork+0x10/0x10 [ 1143.938955][ T9580] ? __switch_to+0xc7d/0x1450 [ 1143.938987][ T9580] ? __pfx_kthread+0x10/0x10 [ 1143.939013][ T9580] ret_from_fork_asm+0x1a/0x30 [ 1143.939054][ T9580] [ 1143.939774][ T9580] Kernel Offset: disabled