last executing test programs: 6m31.093236069s ago: executing program 2 (id=165): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$cont(0x20, r0, 0x4000ffff, 0x4) 6m30.73993666s ago: executing program 2 (id=166): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r1, 0x40146f2c, 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) pipe2(&(0x7f0000001440)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r4, 0x0, r3, 0x0, 0x6, 0x0) write(r3, 0x0, 0x0) read$watch_queue(r2, 0x0, 0x0) sendmsg$NFNL_MSG_CTHELPER_GET(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) 6m27.495243231s ago: executing program 2 (id=169): bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x27}, 0x62) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r0, 0x0, 0x0) mknod$loop(&(0x7f0000000040)='./file0\x00', 0x6000, 0x0) openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, 0x0, 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r2, &(0x7f0000000200)={0x10, 0x0, 0xffffffff, 0x80065c9}, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0) sendmsg$NFT_BATCH(r3, 0x0, 0x20008000) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) close_range(r4, 0xffffffffffffffff, 0x0) 6m27.315095357s ago: executing program 2 (id=171): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x2501, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000002, 0x8, 0x1, 0x41, 0xc3d, 0x0, 0x2004cb, 0xffffffffffffffff, 0xa1d, 0x8, 0x5, 0x79, 0x3, 0x2], 0x3332d000, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@x86={0x9, 0x4, 0x8, 0x0, 0xf, 0xe, 0x7, 0x7, 0x4, 0x2, 0x9, 0x0, 0x0, 0xdc, 0x9, 0x6, 0x8, 0xfb, 0x11, '\x00', 0x2, 0x4}) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x4000, 0xe000, 0x0, 0x77, 0x0, 0x3, 0xcb, 0x2, 0x0, 0x6, 0x6}, {0x2, 0x9000, 0x3, 0xeb, 0x2, 0x0, 0x0, 0xff, 0x7, 0x0, 0x3}, {0xeeee0000, 0x1000, 0x0, 0x0, 0x7, 0xc4, 0x5, 0x1, 0x45, 0x3, 0x4, 0xfc}, {0x1, 0x0, 0x9, 0x4, 0x81, 0x0, 0x9, 0x0, 0x3, 0x0, 0x26}, {0x0, 0xffff1000, 0x3, 0x4, 0x0, 0x4, 0x0, 0x6, 0x2, 0x34, 0x4}, {0xffff1000, 0x1, 0x0, 0x78, 0x8, 0x0, 0x2, 0x1c, 0xa3, 0xff, 0x5}, {0xeeee8000, 0xdddd1000, 0xa, 0x4, 0x0, 0x0, 0x7, 0x20}, {0x0, 0x6000, 0xa, 0x0, 0xa4, 0x7, 0x8, 0x40, 0x26, 0x0, 0x0, 0xfe}, {0x80a0000, 0x3}, {0x3000, 0xfffd}, 0xddf8ffdb, 0x0, 0x0, 0x120, 0x0, 0xf801, 0xdddd1000, [0x80000001, 0x0, 0xffffffffffffffff, 0xfffffffffffffffe]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 6m26.111700164s ago: executing program 2 (id=174): r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0xf, @private2={0xfc, 0x2, '\x00', 0x1}, 0xffff}, 0x1c) r1 = socket$inet_udp(0x2, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) sendmmsg$inet(r1, &(0x7f0000000600)=[{{&(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10, 0x0}}], 0x1, 0x2000c844) r2 = socket$netlink(0x10, 0x3, 0x0) writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000280)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) sendto$inet(r1, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440606769ebdf12cfacae8e8c03f5db079da7d9ecda75e2a7d49d5cbcb370c4d789390a328ba42c9c60cf2154d1b659aa709e8980a522cfb72f23ad87fb7019706ccae98cfe7c4fd23e8297b8cabc46ede1ac3da78f1b488c6357e7edfcd417df6660af20a54ecdcb02f689ae15ee655d4b7b1ea733e88ee9f53669388dff487c1c49953f3bc142112bd4b582b29b35d43962ed245c2cd5d5df40a3e0ed6beaf3b641e84b0f0dfa121a9efe05269f9f4a0e9bcbf43c7a90a711f453668c730c3badedca687b71a9c27bab9e724cc4a4918713031596ea6fd01124f973f257ccd9665aee7df4a9d64f079d176abc00000000d7af3e2dd4396f72373fb0a787a6129ca41181f5087fb843212550b58e3707d5a0399de36c2503836cbe2133de4f574e9e05c96788b0de1bd13e390445433d96737b964fa8af2ac4b2f0f9390ca93d8d3d810044d024359e067c4553230ab748947d33f8fc115ce9a49e6571c45a05d786cbd49342c236537dbbeec666b07baab917252113a5b9a77283189b518f356debe42d80cf2d0687b9c64d0253a6a09286fded6e4f8557b8fb4f25ca4fb138af8945c74bbc98748eaaa030be5317646f195e6e085ac6ddb29542e3581961259987241f7e7061526a7afec8962e74215fea43703a4e543ee9d1a3c3f5f2a41977ece8fdadcf89ce331ce59bebae5f53513d0e10485d7ddbda60513bf339602510b3a23ea29a0d5d03a61e34d12942ea4a847c884b27b5344a456d02a55f8929cc567e7c792c01fab7a7b32780a14c361000609b817dd91507b04d875279527946fdb8fb92a512485e234d092c28f1d0a0498731ccc0eb10515d510e8945839307b46512ceca6f495fdd2c6ae5eb2ef3b2a40ebdc7edf0048e3fb5e3d97a9ea5113a6b70d20ad5c43f0df95d88c0f121a1884da21a21f0ba47420f8391a97921cc51871dbb272e43710fe71d5e342c3afd10608a8b02f00e8fbd8d570b6faace86c494ecea8913233391e7b7cec3d571bb3032181ed58e1b513e511f79ee562c8cde9b3b74c2e95dcde7fadb5a666bdc0c1684794620ce8cf0c0aee8e90b3ef6e7160d3f05", 0x324, 0x6000000000000000, 0x0, 0x0) 6m22.3792401s ago: executing program 2 (id=179): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) r1 = socket$inet6(0xa, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r2 = socket(0x1, 0x80802, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth0_to_batadv\x00', 0x0}) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000), 0x8) r5 = socket$packet(0x11, 0x2, 0x300) bind$packet(r5, &(0x7f00000001c0)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @random="27738d50c7f5"}, 0x14) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000), 0x8) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi1\x00', 0x3881, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) socket(0x840000000002, 0x3, 0x100) socket$pppl2tp(0x18, 0x1, 0x1) openat$sequencer(0xffffffffffffff9c, 0x0, 0x80200, 0x0) socket$packet(0x11, 0x3, 0x300) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, 0x0, 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$sock_int(r6, 0x1, 0x12, 0x0, &(0x7f0000000040)) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r1, &(0x7f00000010c0)=[{{&(0x7f0000000c00)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x0, {0xa, 0x0, 0x0, @dev}}, 0x0, &(0x7f0000000d00)=[{&(0x7f0000000c80)=""/125}, {&(0x7f0000000080)}, {&(0x7f0000000340)}], 0x0, &(0x7f0000000d40)=""/19}, 0x4}, {{&(0x7f0000000d80)=@ethernet={0x0, @remote}, 0x0, &(0x7f0000000f80)=[{&(0x7f0000001b00)=""/4096}, {&(0x7f0000000e00)=""/69}, {&(0x7f0000000e80)=""/252}], 0x0, &(0x7f0000000fc0)=""/193}}], 0x3fffffffffffe10, 0x4000002b, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r8 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r8, 0xc0145401, &(0x7f0000000040)={0x3, 0x0, 0x1, 0x3}) sendmsg$NFT_BATCH(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @range={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_RANGE_SREG={0x8, 0x1, 0x1, 0x0, 0xb}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000240)={'wlan1\x00', &(0x7f00000002c0)=@ethtool_stats}) 6m5.935362242s ago: executing program 32 (id=179): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) r1 = socket$inet6(0xa, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r2 = socket(0x1, 0x80802, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth0_to_batadv\x00', 0x0}) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000), 0x8) r5 = socket$packet(0x11, 0x2, 0x300) bind$packet(r5, &(0x7f00000001c0)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @random="27738d50c7f5"}, 0x14) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000), 0x8) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi1\x00', 0x3881, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) socket(0x840000000002, 0x3, 0x100) socket$pppl2tp(0x18, 0x1, 0x1) openat$sequencer(0xffffffffffffff9c, 0x0, 0x80200, 0x0) socket$packet(0x11, 0x3, 0x300) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, 0x0, 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$sock_int(r6, 0x1, 0x12, 0x0, &(0x7f0000000040)) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r1, &(0x7f00000010c0)=[{{&(0x7f0000000c00)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x0, {0xa, 0x0, 0x0, @dev}}, 0x0, &(0x7f0000000d00)=[{&(0x7f0000000c80)=""/125}, {&(0x7f0000000080)}, {&(0x7f0000000340)}], 0x0, &(0x7f0000000d40)=""/19}, 0x4}, {{&(0x7f0000000d80)=@ethernet={0x0, @remote}, 0x0, &(0x7f0000000f80)=[{&(0x7f0000001b00)=""/4096}, {&(0x7f0000000e00)=""/69}, {&(0x7f0000000e80)=""/252}], 0x0, &(0x7f0000000fc0)=""/193}}], 0x3fffffffffffe10, 0x4000002b, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r8 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r8, 0xc0145401, &(0x7f0000000040)={0x3, 0x0, 0x1, 0x3}) sendmsg$NFT_BATCH(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @range={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_RANGE_SREG={0x8, 0x1, 0x1, 0x0, 0xb}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000240)={'wlan1\x00', &(0x7f00000002c0)=@ethtool_stats}) 2m25.462389689s ago: executing program 4 (id=813): bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x27}, 0x62) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r0, 0x0, 0x0) mknod$loop(&(0x7f0000000040)='./file0\x00', 0x6000, 0x0) openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r2, &(0x7f0000000200)={0x10, 0x0, 0xffffffff, 0x80065c9}, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, 0x0, 0x0) sendmsg$NFT_BATCH(r3, 0x0, 0x20008000) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) close_range(r4, 0xffffffffffffffff, 0x0) 2m22.112005144s ago: executing program 4 (id=816): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000500), 0xffffffffffffffff) openat$dsp1(0xffffff9c, &(0x7f0000000040), 0x300, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e00000000000000000018000280080002001100000004000100080004"], 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x8090) 2m21.950414059s ago: executing program 4 (id=817): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, 0x0, 0x10) mount(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000280)='virtiofs\x00', 0x38130d1, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)}) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)) syz_emit_ethernet(0x22, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaefbbbbbbbbbb810074857b9e65ac4a001f"], 0x0) ioctl$HCIINQUIRY(r3, 0x400448ca, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000400)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(sm4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) r5 = accept4(r4, 0x0, 0x0, 0x80800) sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)}, 0x0) 2m19.884012783s ago: executing program 4 (id=822): openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x40}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) 2m19.01340203s ago: executing program 4 (id=824): bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x27}, 0x62) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r0, 0x0, 0x0) mknod$loop(&(0x7f0000000040)='./file0\x00', 0x6000, 0x0) openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r2, &(0x7f0000000200)={0x10, 0x0, 0xffffffff, 0x80065c9}, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(r3, 0x0, 0x20008000) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) close_range(r4, 0xffffffffffffffff, 0x0) 2m17.814273118s ago: executing program 4 (id=826): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x10, 0x4, 0x4, 0x1, 0x0, 0x1, 0xba7e}, 0x50) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4) r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000180)=0x6f) r4 = dup2(r3, r3) read$FUSE(r4, &(0x7f00000037c0)={0x2020}, 0xfffffffffffffe1c) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) sync() ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r6 = fsopen(&(0x7f0000000000)='proc\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) fstat(r1, &(0x7f0000000240)) 2m2.373774719s ago: executing program 33 (id=826): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x10, 0x4, 0x4, 0x1, 0x0, 0x1, 0xba7e}, 0x50) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4) r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000180)=0x6f) r4 = dup2(r3, r3) read$FUSE(r4, &(0x7f00000037c0)={0x2020}, 0xfffffffffffffe1c) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) sync() ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r6 = fsopen(&(0x7f0000000000)='proc\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) fstat(r1, &(0x7f0000000240)) 12.376747105s ago: executing program 1 (id=1083): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2}, 0x80) mount(0x0, 0x0, 0x0, 0x2200892, 0x0) syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="040e04004020"], 0x7) 12.2037184s ago: executing program 1 (id=1086): bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x27}, 0x62) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r0, 0x0, 0x0) mknod$loop(&(0x7f0000000040)='./file0\x00', 0x6000, 0x0) openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r2, &(0x7f0000000200)={0x10, 0x0, 0xffffffff, 0x80065c9}, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d0000001400000011"], 0xa8}}, 0x0) sendmsg$NFT_BATCH(r3, 0x0, 0x20008000) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) close_range(r4, 0xffffffffffffffff, 0x0) 10.421667595s ago: executing program 1 (id=1090): openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40046f41, &(0x7f0000000440)=0x10) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[@ANYRES64], &(0x7f0000000000)='GPL\x00', 0x2, 0xb1, &(0x7f0000000140)=""/177, 0x41000, 0xaa}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="540000000206050000000000000000000500000705000100070000000c0007800800120000000000050005000200000805000400000000000900020073797a310000000010000300686173683a69702c6d6163"], 0x54}, 0x1, 0x0, 0x0, 0x4055}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) r1 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) connect$llc(r1, &(0x7f0000000540)={0x1a, 0x20, 0x0, 0x9, 0x2, 0x0, @random="0500ca014000"}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) set_mempolicy(0x8006, &(0x7f0000000040)=0x200000fff, 0x5) r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r4, 0x11b, 0x3, &(0x7f0000000380)=0x20000, 0x4) r5 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00') writev(r5, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3) 9.098924747s ago: executing program 3 (id=1093): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x2501, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000002, 0x8, 0x1, 0x41, 0xc3d, 0x0, 0x2004cb, 0xffffffffffffffff, 0xa1d, 0x8, 0x5, 0x79, 0x3, 0x2], 0x3332d000, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 8.886588753s ago: executing program 5 (id=1094): openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x442, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = openat(0xffffffffffffffff, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e22}, 0x6e) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000002800)={0x0, 0x0, {0x0, @struct}, {0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) keyctl$KEYCTL_MOVE(0x4, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x4a102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000580), 0xaad80) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue0\x00'}) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x48850) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r3, 0xfffffffc) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r5 = dup(r4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r5, 0x2000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) write$binfmt_aout(r5, 0x0, 0xffffffdb) 8.383711559s ago: executing program 3 (id=1095): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000540)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x1001, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x40, 0x2, [@TCA_TBF_PRATE64={0xc, 0x5, 0xc2240edb8ac75ac7}, @TCA_TBF_BURST={0x8, 0x6, 0xff}, @TCA_TBF_PARMS={0x28, 0x1, {{0x5a, 0x2, 0x84d, 0x9, 0x1, 0x800}, {0x8c, 0x1, 0xfffc, 0x7fff, 0x4, 0xb}, 0x5, 0x34, 0x1a09}}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x50) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbfe, {0x0, 0x0, 0x0, r7, {0x0, 0x8}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000b0}, 0x4890) ioctl$SIOCSIFHWADDR(r1, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 7.39288878s ago: executing program 0 (id=1097): mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x100) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000002c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) 7.228829095s ago: executing program 0 (id=1098): bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x27}, 0x62) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r0, 0x0, 0x0) mknod$loop(&(0x7f0000000040)='./file0\x00', 0x6000, 0x0) openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r2, &(0x7f0000000200)={0x10, 0x0, 0xffffffff, 0x80065c9}, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d0000001400000011"], 0xa8}}, 0x0) sendmsg$NFT_BATCH(r3, 0x0, 0x20008000) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) close_range(r4, 0xffffffffffffffff, 0x0) 7.211632895s ago: executing program 3 (id=1099): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r2, 0xc05c6104, &(0x7f0000000440)={'\x00', 0x0, 0x6, 0x2, 0x0, 0x1, "f70000000000000000deffffff00", "88007600", "0300", "0001ffff", ["50d5c2a7c5ae5cace40000b6", "808e88e2e9ffffffffff00", "0cdd42000000000000c20d00", "00080100"]}) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r3, 0x1, 0x70bd27, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x12, 0x8c, 0x1}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x30) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0xc, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x80042, 0x0) ioctl$PTP_PEROUT_REQUEST2(r5, 0x40383d0c, &(0x7f00000002c0)={{0xff, 0x5}, {0x0, 0xae7}, 0xfffffe29, 0x6}) 6.162493328s ago: executing program 5 (id=1100): r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10) connect$inet(r0, &(0x7f00000003c0)={0x2, 0x0, @local}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(0xffffffffffffffff, 0xc1105518, &(0x7f00000005c0)={{0x7, 0x6, 0x9, 0x2c3, 'syz1\x00', 0x1}, 0x2, 0x4, 0xfffffff3, r1, 0x0, 0x4, 'syz0\x00', 0x0}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, 0x0, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYBLOB="0000000008001f00000000001400", @ANYRES64=r4], 0x38}}, 0x0) syz_usbip_server_init(0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000840)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0}) mount(&(0x7f00000001c0)=@sr0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000200)='ext2\x00', 0x21000d, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="0500000000000300000000000000000085100000020000008541057deeeed474ffcf0100000000000000009504000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0xf, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) sendmmsg$inet(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) 5.981484184s ago: executing program 0 (id=1101): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x16, 0x4, &(0x7f0000000080)=@framed={{}, [@ldst={0x2, 0x0, 0x3, 0x1, 0x0, 0xc, 0x8000000}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94) 5.921104876s ago: executing program 0 (id=1102): openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getpid() socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x40}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) 5.014555474s ago: executing program 3 (id=1103): r0 = socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x141101) socket$nl_generic(0x10, 0x3, 0x10) r1 = getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0) r2 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r2, &(0x7f0000000000)={0xa0000001}) sendmsg$nl_crypto(0xffffffffffffffff, 0x0, 0x8084) unshare(0x22020400) r6 = memfd_create(&(0x7f00000001c0)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\v\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\xd5)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0) execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) r7 = dup(0xffffffffffffffff) write$UHID_INPUT(r7, &(0x7f0000001040)={0xfc, {"a2e3ad09ed1a09f91b37090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f383b6c090890e0879b0a0ac6e70a9b3361959b509a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d07640936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, &(0x7f0000000040)=@x86={0x5, 0x3, 0x6, 0x0, 0x8, 0x7, 0x6, 0x0, 0x4, 0x9, 0x48, 0x9, 0x0, 0x7, 0x1, 0xa, 0x1, 0x40, 0x10, '\x00', 0x4d, 0x1f}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003a00)=[{{&(0x7f0000000180)={0xa, 0x4e24, 0x0, @loopback, 0xa}, 0x1c, 0x0, 0x0, &(0x7f0000001f40)}}], 0x1, 0x1000) epoll_pwait(r2, 0x0, 0x0, 0xfe, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="440000001000010404000000fdffffff00000000", @ANYRES32=0x0, @ANYBLOB="38410000440b00002400128009000100626f6e6400000000140002800500", @ANYBLOB="f7"], 0x44}, 0x1, 0x0, 0x0, 0x4000}, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f000012d000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000fef000/0xe000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f00005a4000/0x2000)=nil, &(0x7f0000ff5000/0x4000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f000012d000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0}, 0x64) socket$inet_sctp(0x2, 0x1, 0x84) io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x970, 0x1f480, 0x0, 0x39d}) 4.140612591s ago: executing program 5 (id=1104): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040), 0x60242, 0x0) write$vga_arbiter(r0, &(0x7f0000000000)=ANY=[], 0x8) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000780)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0xfffffffe, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) openat2$dir(0xffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r3, &(0x7f0000000300)=""/102400, 0x19000) ioctl$DVB_DEMUX_DMX_ADD_PID(0xffffffffffffffff, 0x40026f33, &(0x7f0000000100)=0xd5a2) r4 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8) r5 = gettid() timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r5}, &(0x7f0000000080)) read$FUSE(r4, &(0x7f00000008c0)={0x2020}, 0x2020) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5) syz_clone3(&(0x7f0000000180)={0x23800000, &(0x7f0000000040)=0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58) io_setup(0x482, &(0x7f0000000600)=0x0) io_submit(r7, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x7, r6, 0x0}]) timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0) syz_clone(0xb44040, 0x0, 0x0, 0x0, 0x0, 0x0) 2.606888339s ago: executing program 0 (id=1105): socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$inet_sctp_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f0000000000)={0x0, 0xa55c, 0x9d, "f6ae32d899c187791f2d74dab63b985370a5465948d8568154f4eaf6987951ffe689ec9d2d4e1f8de097038a024a71ec5c619f1f76a38e95c6c1f3d4bd57a89502449ce7eb16a0cbf47550b3f9604747edf9fde2a9b8016cfaef46889a8bba1455aa0e9b71e06ed61731ce29a11181bea37fd8ab7a146a0b23767546d447b07d93e573c61a94eb0eae3350f04527e14adfaee527935d11b1adba3c293c"}, 0xa5) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000380), 0x8000, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40186f40, &(0x7f0000000700)={0x1000000a, 0x1, 0x8f3e, 0x1, 'syz1\x00', 0x10000}) 2.486384442s ago: executing program 5 (id=1106): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) r5 = fsopen(&(0x7f0000000180)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x1, 0x0) fchdir(r6) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r7, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) mq_open(&(0x7f0000001880)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\x1c`\xbd\xe1e\x80\x7f\xd2&l0\xc1b\xac\x8b\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL%Jw\x99y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3\x05\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xc8\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xc7\xa7\x82\xb9V}`\xb7\xfc@\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v>\x9b\n0\xb2 h\xad5\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\'/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f9\xce\x1eYV\xa2\xc4\x03PV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x9b\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xc3\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xd1\x06F\xef\xbd\xeb\xf0\'\f\f\x003\xecp\x18\x9e\x1d\xeaH\xdaQ%+\xf4\xae\xab0\b\x17W\xba\xaf4E\xe62\xefm\xdd+\xb2\x1b:\xc0cc\x97\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x97s\x03`\xba\xf1\xdb\x05\xe5C)\x8f\xbchyL1:\xc2\xea\x8a\xfc\tq\xfa\xec&\xc7\xde\xf4\xf2\xb9\xe1\xa1\x80)1\xbe@Bt\xb7\xce\xc9\xee\xa8v\t\xfa,\xa2\x9a\xa3\\\xfbM\xb5\xfd\xa9\xe3\x9f\xf7\x85\x87w\x1d]& 8\xb5\xba\xea\xad\xa9\xd4V\xf1\xe9\xaaT\xc8\xff\xaf\xef\x91\xca\x9c\x80\xbeYd]\xfb\x1a\x96?\xb6\xd7{X\xa1H\xeb\xce\xd7\xb7\xf7\x15\xd6\x88\x91\xef{\xf8K@\xb6ch\x1e\x16\xd5m@\xa8\x91\xa5\xc5@\xa7\x00\xab\xc5\xc8\xc8\x9c\xe3:\xac\x1eG\xa0e\'/\x15G\x8e\xe5\x16\xd5S ]\xf8\xa1\xa46\x9a\xf0d!\xc8\x81S\xbc\x18\xdf\xa0\xfek\xb0(\xf7\xba5\x8e\xe5A\xd5l\xfbp\xcb\xa8\xf0b\x91\xc4\xd3+)Sy\x81\xe3\r%C\x03enM\xf1\xdf\xe3b\xb7\x9b\f\x82\xb1z\xcf^\x06\xcd\xa2\x96\xe3\xd5\xbd@1\xbe\x02\xad\\\x89\xd0\xe0\xa8\x11\xb4B\\\x14\\\xed5\x9c\xd7n\x8d\xec\xb5\xcc\xf8q\x00'/1189, 0x42, 0x4, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0xfd, 0x0, 0x7ffc0002}]}) mq_unlink(&(0x7f0000000000)='eth0\x00') sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800900010076657468000000000400028008000a00", @ANYRES32=r4], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x3c}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001e80)={0x12a4, 0x38, 0x301, 0x70bd27, 0xfffffffc, {0x4, 0x0, 0xec0}, [@generic="3564d286b8f01e69decac4d604d8c3eb2ca3db1f3d4b9db6687d755f7a94b4ff067958d9ca8c4fbe0125a250ccd79fbfd2adab8b67c5fb871f11504e969af090d4c3da26bb7e12933c1ea5332a98b24f2cbd5aed0acd5110fb53452e2e45ec393b4406c2b0b0170b5c17326cf91df0254b8edf33466f1ce8a41b47f1bab06f3a2018d3cf2427ebf4d3822c51dcfe5194dfd509ecdbd35a53", @generic="55796b360e6695a4de4c3b0415d5c12dbec1975750f3f38fb9f3c5a80a29aca22626a1e069fb35ea56aa75086e7dfc0388a49140d1986a47edc913e4702ce90bdb1f407991613cd095c0f99328cfdaae70e63d208fef573ba938dd3cfa5ab7d4cb95355266a99c7fc052694431a50aa834df658c72b97ea5da8ed530d2b2aedc72c2a04d4c6e76fda8e952415647c12b7d21c9fad89776809b82f4efaba8f47f3b47c7ff993875b73e98d132ab7a8b337de2e855dcaf65ef2e9cfda17e733819d52ed8082f98830748bbebc20bfe91fecc9790c705168c2dbae84e28ac8994daf2dd0ffac7d82975520f38a572ff786fc23b51ffb9f2aa1a281ca06a27285ec4837375acf1e171d92731ae7330f374745e04aa7caac02c4f729a53c78cff4e33d2f23f5afbc5ee4960357da324bbcc0b29f924d976ac4f684f0addd8df837293ad3cdb455e3006d7cea4446da6e2c989af429ab50fe5216aac1a33603280ab2a9b48e87cbbca7c29f4b1f3633f9e9f6f8b4286f1f919ec6d13852d6a35aaf81e478c57a8444485567849882dfb060a1629eaacec01bf1b8d486a4b392fddd3e1b68af07944d68d166256129a5ba7ac58e6470d9660637b1d72d23f923e90a1e08671febae4d25fe281be768f75e4dd3960ecd90433a4560bff83fbb809f57d85e068df913c8c5b719f967c6549a6d83abacef421a290e9b718e20f47a9844361ba6b55000a012fcb8238fb5043fc5268c267d0214b3fd000d17cdedfae8f8b3fc10e90c3c379664df85b3ea9e3aa42f49b8078a8cb22fc886a1f05c67cd1b9043486ee0da6f6476dfb4ad4bf23bea2c4a8416918137ab5b53202d5048b2eba1e021b79a91ba48900b7e71f4935f4ad6aeb33a03870af5a351dba5afd8cec40c6952d22f0ec2e034218888e9be832ad80c3d8cc2941af8c721f8b2df95ae512e63569633d4d3d90b04d42fe7309098c43c7f3aa80689c12374f40920df4137c78ee1c997440fde23b6fdb1671384938d6bfecfe71746377397157ef494224c14ffb01392672aaa2fef451c55200ca20faa7a963b729b20cf7f49486270d3d26148282cd8d5918472750ea14bbc134b8c043a3c032af70f15e6780da79c37c1628969a70ffbace4719bcbd3ee9de408e57d651d595d94fa620354684eb33778435d2aa7b3f80f5974e97a3c577c6f5407c408586a7ff5111708a9cb4fce7828225371ded5bfa8453dde7e17605f700a21923ac97236948f4fc9b0aafab488428805c2b8d9cfe5ef9bb6a9a5e7fb959f769bfba06999c3c97534cf5606d1e5ac65abd9f1d2b5a47865b1663f9d3db246ec228d01e73236fa83ccb81a231f4b533278baf70664be4c506e943a3d2ab938207ba740d938d2c6af5c19c464c1b30678062179542b6f9b9ef82fa85ea4f4d3aea3aa7ed3be58d37ea69408bf430d4abd6849722a88eb7c86f4d062ee2ceb9960d5b90182df1d435b9fa907c534c63143e32425da5040f52731ddd0f4f5ea1b57714709ea3a410d9469cb87647de5bc66ec0b6e3122135c045b6b2abcd910cb23f04c6cc1dcf6aadb030a7ea6efc0957fae7958590a92e1c94a985ecf8f83aeb458d083f399bca852559c5c02595833f6427b3705a9ccf95ec57d9b492568b79c301d4d359befae663db6f61da50725d2bf0adc7ac90e4a9929d21b5842cc11e6e9c27b831a50ffdb95deb688401964371dda1793a17ad6f5f23ebcad725a21f1f5a2ce8e015a61ae2c143402fbfec5a1835dd64fac2916e827d4f382e7fc9b12b582f40d6f2426bd87bb0f3e0cf623370549ee53a78753e852c67b495fdbc1873c92f188b44a0ef18afe01422f54b318429f504592ad30fa5951001b49c8439d42b30b4d1087b49c4cb0c2652731ff1b1784e96114d460fce98610a7612fe556d18246d0cc42e2db5da3dd9b80bb72035c1d15425361792fd9a4563aba3b4ca9b9ea8c735019a8d831483ffb0740f6282e0fd07fa07e2e342e298ae9e6523da15b5fd494aa943f0ca32dbc4e70adbc04b6e7c13544e56487e06a0e727d090ef9db17755c7fea254332e521e9d06aee7568c8a82b2b5f8ece49ad3f16084a4af671d74c5e2820ca90a6ad396135c4d237c4ae7c8e63e0e61847c1fc2fa88b6561ad23b76013659e4bb78debc568945236eca765a9b1e789d813c7484cf053e245c40731108a921b20a06ce98a84a30e3a4233a95647009a7d85b52b3bfb67752ecf83788918595c9d041dc5c1de503049cebc0736acac26bccbe50f7769fae092b5965897c9f8430780e23563a4bbed5da053accfbc48d9d7bbc081fa872a1c47cc5daff46f96cd18c8d1798af0eb8f3fcddfb4ecb45540eaa6123d25d512a8677f27fa0ab0ae12880fa58e08dfa2b929acb980f6b806a89a77ddea955f3bd1ac4123a9ae3bffc077926f10ee331278bd7323608fef61a36feb81b4b16d7f2f3745ecbc31d7c3b1e46aa5bf987e3c308d71b8ece62b217f801e41e65ed9ed51124501e4086e025723df4ddfa126ce6e247c79ae807e6dfeb81dd2d63e818a7b4bf9583a7ffaa1b32fb6da5f9856548af01feb9ad28b51981d6f5d1a6bd4b6a503dd00b1aaa0a8aec681b9c8272ac108f87c95d314a22f418471f7a0bdce6962f5dcb2c9766ad369be77cb230c6d8d31f5ec93ea002f2de0a5de0c3b953f763329f091dc5109bb3a64c5bd02a14f3a425ee71c9332a190911679c8fcc3434488c1e2d91cd56478e18d9b68876467c42dbffc68990edf21ab0c0e205cff28c4f99aabe39a5d399ad1f63e45797b40d14f2db966760d1fa51faa2bf899db297fbc32a7ffa6c0999839e4a81b8cbc0263a74d37265c5ca00607e00de59f95eaabdd9bdd464d878a5a3e22bdda80670c85f217fa164738fdd29a479dddc05cba35c8393be1c62e6a93b131ad4fbca6a97fffd404918355df89700cccf5e057e2a15afcd75c39c30355f24eba98ce4020b6ee69a2598f259b96c0f6987de960b29022a62c3405f67a306af9026dcd094210904fad425c7b5de4bb8d85c00813605fd2f5fd1da474924a4e8112b786c0384da0755d99e82361a438b019f0f8fe18c46901e25fa5bb9c0e3da5343f9acb13839e478dea1fc9819b35ad72aaeff15f5866e34644f0530722293bee438401bb0612a9ee48b3569613728db6b03000956d290b7b696ad5a3dccdd87ba5739ac6a8af8a025cdc6b15da72dff6e54151deaadb267521211d0ac28e17959bee6f38a3c58a556e3cf58e22e4a5f0987fefa2de32333ba3c47328be4a3ca6aecbf37f22f33b6cac61b5801df39cb361f12a25c8b745b0b0d36b29916deaa27c8e6e84232eccb5b44264f472d61080a0f7983d81d9237b9661fd37f2ca9044782f103f10b49f2fdac4746478f888cbe89c5e83bd5c99a7d7c2572d01146257d5586e67eb4fe2d197f03fd63a57adee2d136b76ed418d761f4498cc006aba79e21813cf21cce5a7c57457dadd82afacd4ed592486796b0a57507a9ceb49bd7895b74d8e915e438730452f80e7c8073829d8c377ee30033bcaa9bd11d078484ac9618f3ad7cc00281eac1c7634e337a17868c6df4f7a92632f3240e407681e488e49b9260c5ac78f0e30003eb5ce9c37f29b1724324e717dffbb7690602912eb6a03b0c0e1fbfba9b1b0d428386866254089e5733b559b3b036d0b4dc9f29bb8301df38ddd05fe6c1d1d836121716bc03212790a61cf0c12f34bdccf22a593fb1107f42e2f99d349b2df6fcfd23a586e04c4d9560749e080f5f92f0815aaa5d8888f35de8391613b2b2d91d0ad0dd168482d3b0fc2e8173f1b6af385d8891236ac7d44225546f3e6f544d03f8d0703385352caa3e1c7e929adcbfe9845d6950d79ee2f79c4d616bd56d2ae6f5868cf7d80b9179d51875b612ba4e779cf78eabeceea110128638dad23ee0b614a80923933b77a43a3e9be6fddca381aa3ea17673c338c4a6d86f87c82f8b3dc19b4dab9287fa9118cefa10c8f61372267e1bcdfcbf4462d46ec2cba2146518a02fdefd32b6aa92de9fd6755048754a0e610e40ba8eb409e22b567f8177e82e5b0a9e970f991ecae58f37b2f8d2a2845ff491707bea15b1cdfec147a4ff8da0fa3d8962c6b00bac25062d5770e35f82e0a0ee10729f8440c5932b68cf2ab893cfbb26e07c9a2a50e85c942120e8647233e87b05de6a6b16e3e9f9ddb81706f766be919b33e44aad5fb88c29a48e27cc2fa2d4b7b577381db5880f7c3ee12206790de927da9c871ecd66e7dee7fbdffbf73bac094c5ef20f2ed3468e3516b8b21c17d5707d23a50fe52a5d9ace1ccba1bdbf50a74414786ac00998183e425a505ad5386fc54956802c3d8814fdcfd859f25c72d706075fe3a6fd066d151aee22efa6f29d6b89f6c345d5a17f763ee5822024b38a944baa580e9fa2575f110fd89942db25c746fba8008b528972a68529a4ddee267baa2b7f8f92072895f9d68de148b810992c5c58d5b416a1425c6893a28c6c400302bd19cce5c0c9727e26e3086703431811f7b7f61e47dc9f9fde9533f976aae25cd30721484256f3f81f778a4aa57e2606fb1132d4aa291175e4f921bffd43abb2272ca7fced27569a8b24f0d528b404020c989254901edcd1d2a461236a72b0cdfa6f57e37a9991c018eacbd452308c200fee3eb0473745e54f153aad3b40385266cb645468cdef1c20c3712df3d6dc71bfb6863f9b33f4fd2bdfadc4250f0da841f3cd8ea85e8128b5cde07e544be2988135fb1bb3192864928b197d52df8b0c9908497eaf74bd57f4fa2b294746c60cefe596a9869f340393ba163bb84fe9000ba1816f131ab8fee447c4f28881ae753b434d8aa2cf1ea96cfd0bfc16b4cfde8e30c69880b9b5a87509c2808a9ef7ae949bb9a25a1011e7c8354416a8bdd1cc1ad9e34c9ec85388cd3a9fd19185430127b99758fa3b29957d7e6b1cba20693bb7c810f41c4f289f15df36ab22c3f3b65f4d32d5545d0bb51c6bc5dee69b548842d12cbebc5f499464a1608703e70cdb1ee2cbec059a82f6334bd346da309bf736f3d7388d004f4bdcb6d3cb486e2582ffc584f07d0d5c16e94f6645e4a94d158f753f96bbd9151704a4ec97eb00ac94c60e59b56d8f5a6123ad098c88a0aad4a8b00842aae930e016aea2eeeecf02311c7f33a6187e9088f8b2ba7bd18c5b3e76b0ee2fc1c5e28e53ed8f4faa7e983f8037de0a8411ea9158d6a437c98f890e59e24154f7b8ea0ccb5ba4fe9a813dc6a1d3066817f7f79b2a952d760b1fe9a206a23b5bfaba2221c061771f3b6f04cc751a6435d6116fd8b171178ef80c306f80b74b9e81903400225ec7232c544dc5948d7d26955fab9133b86ba2ec26c5b0d02b32f39ec7db329925d3c821ffad4b3f38f0739a5bff2729989bd632e644e0e33f2b0d43f893a16dbe9679c50036960868c881619f753344fe76d00ef4204cafa6c17118d4a8e73bd9258efae8ab5aae21c9cfb497aae7bb65c8570a9ccea6041ef2d34efe50724cef825bbd14c1b9c3e660507aefcf7ff5515cdd2f272268fc81d49c74079bb04c69dfad51adfe1af5fdef8962b6c20d6d01b1b55eb726da334ec686690539a05f3855f882ac270b4355fdf56d1f1c7c98e4d9f6dd268ed7cfea52b5ddd54eec9555bf75bcd12bd9889d4cc2fb2fbdb5dcd79d306e246f0f6ef68a77508e0f531f7563a010a7826cb3cd41ee6e9f3aa0fd2e5bddd8fc32dcf65b26fde04b07209af539f641e4d45a4c89ce8d04b0afa467dd3b7b86f2ccc72422858f", @typed={0x8, 0x92, 0x0, 0x0, @fd=r2}, @generic="2e3cee5f185de4d08a3f8b127ba9999402ab7f99e27b16cf248ac55301b80c2a4f70ee2bdadf852ffd2c0f891bedcc3f1677ec89cf0bf86ed1f584be20365c8c590bf7ad9a1eee50ca3bab36c81da54c54a9212e817252a9d01e8500b2afc3569fc28d903493ab6377cdc7b25a999db50a4cede88c043316c3675d4d68c5dd982d81cfbb4c97a7df9dff322b3ad3c8c6e057ab5703916a346e5e", @generic="d190021710a18976cc0e87ddbd11a36b2647ae0764f0474c010e883a206729c3ad2d3099b5dc4ef42138a658ac05fca12cf55f16c3d4affdc43ef5d7e631b6c86c44152b87dbfc88e5c94726d26f06", @typed={0x13, 0x4e, 0x0, 0x0, @str='/dev/cpu/#/msr\x00'}, @typed={0x13, 0x136, 0x0, 0x0, @str='/dev/cpu/#/msr\x00'}, @generic="fd07a5e7f4d07cdd3ff2437c1b72447e1d95bf5ab37cabcbd51addab5623ea26cada0bd79ab0271c4e7ae12e2556a724f21fb284f75a2bb4dd4ef0017363435499fb5cc3f01460761c808dc6fd80a9ac992c996ca059c8f0f28b2652b85a5e2641aaac02f970ae590348430d5e882d7bb2a33983b1500cdb6053326735b34ccfc483f259e744b61b9c1197ae1df484871802efe848542d2b9f0672cf1fabb07efd223e0032059e79002fc44aea2b13542185ffd5e1973f0dd36a13c2da7fa07ebb30da58a4f9314cea8f58c2d544ead697091bedee93bf01b2a11343c47c8775"]}, 0x12a4}, 0x1, 0x0, 0x0, 0x448d3}, 0x400c000) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) ioctl$VIDIOC_DQEVENT(r1, 0x80885659, 0x0) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="44000000090601020000000000000019030000000900020073797a310000000005000100070000001c0007800c00018008000140ffffffff0c00148008000140"], 0x44}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 2.430582224s ago: executing program 3 (id=1107): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000540)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x1001, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x40, 0x2, [@TCA_TBF_PRATE64={0xc, 0x5, 0xc2240edb8ac75ac7}, @TCA_TBF_BURST={0x8, 0x6, 0xff}, @TCA_TBF_PARMS={0x28, 0x1, {{0x5a, 0x2, 0x84d, 0x9, 0x1, 0x800}, {0x8c, 0x1, 0xfffc, 0x7fff, 0x4, 0xb}, 0x5, 0x34, 0x1a09}}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x50) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbfe, {0x0, 0x0, 0x0, r7, {0x0, 0x8}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000b0}, 0x4890) ioctl$SIOCSIFHWADDR(r1, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 2.415793955s ago: executing program 0 (id=1108): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r6 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r8 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xfffbffff, {0x0, 0x0, 0x0, r7, {0x0, 0x8}, {0xffff, 0xffff}, {0x8, 0xfff3}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40001}, 0x8010) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, r5, {0x3, 0xd}, {}, {0x3, 0xfff1}}}, 0x24}}, 0x40004) 2.187764482s ago: executing program 1 (id=1109): bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x27}, 0x62) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r0, 0x0, 0x0) mknod$loop(&(0x7f0000000040)='./file0\x00', 0x6000, 0x0) openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r2, &(0x7f0000000200)={0x10, 0x0, 0xffffffff, 0x80065c9}, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d0000001400000011"], 0xa8}}, 0x0) sendmsg$NFT_BATCH(r3, 0x0, 0x20008000) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) close_range(r4, 0xffffffffffffffff, 0x0) 1.206563812s ago: executing program 1 (id=1110): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r0, &(0x7f0000000400), 0xe) 1.070048787s ago: executing program 1 (id=1111): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r2, 0xc05c6104, &(0x7f0000000440)={'\x00', 0x0, 0x6, 0x2, 0x0, 0x1, "f70000000000000000deffffff00", "88007600", "0300", "0001ffff", ["50d5c2a7c5ae5cace40000b6", "808e88e2e9ffffffffff00", "0cdd42000000000000c20d00", "00080100"]}) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r3, 0x1, 0x70bd27, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x12, 0x8c, 0x1}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x30) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0xc, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x80042, 0x0) ioctl$PTP_PEROUT_REQUEST2(r5, 0x40383d0c, &(0x7f00000002c0)={{0xff, 0x5}, {0x0, 0xae7}, 0xfffffe29, 0x6}) 812.541134ms ago: executing program 5 (id=1112): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000022c0)=@deltfilter={0x24, 0x2d, 0x1, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x1, 0xfff3}, {0x6, 0xa}, {0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x4008841}, 0x50) 107.412507ms ago: executing program 5 (id=1113): r0 = syz_create_resource$binfmt(&(0x7f00000002c0)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r0, 0x41, 0x1ff) connect$unix(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) fchdir(0xffffffffffffffff) getpid() r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) r2 = userfaultfd(0x80801) r3 = syz_ublk_setup_io_uring(0x1d, &(0x7f0000000040)={0x0, 0x30b5, 0x0, 0x2, 0x158}, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0, &(0x7f0000000140)=0x0) syz_ublk_add_dev(r3, r4, r5, r6, &(0x7f0000000200)={0x2e, 0x14, 0x0, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f00000004c0)=@any_dev={0x3, 0xe26, 0x0, 0x0, 0x1000, 0x10000, 0xffffffffffffffff, 0x0, 0x4d}}}, &(0x7f0000000480)=0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) r9 = dup(r8) syz_ublk_setup_queues(r9, r7, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x3, 0x255, 0x0, r3}, &(0x7f0000000500)=[{0x0, 0x0, 0xffffffffffffffff, {0x0, 0x7ffffe, 0x8, 0x2000, 0x10000004, 0x0, r9}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0xffffed80, 0x1, 0x0, 0x146}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0xf910, 0x0, 0x1, 0x401f0, 0x0, r9}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x0, 0x8200, 0x2, 0x367}}], 0x1, &(0x7f0000000340)={0x2e, 0x44, 0x0, 0xffffffffffffffff, 0xc0107520, 0x0, 0x0, 0x0, 0x0, {}, 0x1f, 0x0, '\x00', {0xfff9, 0x4, 0x0, 0x0}}, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f00000000c0)={r2, 0x80000000, 0x9, 0x8}) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00'], 0x48) 0s ago: executing program 3 (id=1114): openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getpid() socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x40}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) kernel console output (not intermixed with test programs): workingset_nodes 0 [ 121.796915][ T6104] workingset_refault_anon 0 [ 121.796915][ T6104] workingset_refault_file 0 [ 121.796915][ T6104] workingset_activate_anon 0 [ 121.796915][ T6104] workingset_activate_file 0 [ 121.796915][ T6104] workingset_restore_anon 0 [ 121.796915][ T6104] workingset_restore_file 0 [ 121.796915][ T6104] workingset_nodereclaim 0 [ 121.796915][ T6104] nr_anon_pages 4786 [ 121.796915][ T6104] nr_mapped 24311 [ 121.796915][ T6104] nr_file_pages 45190 [ 121.796915][ T6104] nr_dirty 24 [ 121.796915][ T6104] nr_writeback 0 [ 121.796915][ T6104] nr_writeback_temp 0 [ 121.796915][ T6104] nr_shmem 4231 [ 121.796915][ T6104] nr_shmem_hugepages 0 [ 121.796915][ T6104] nr_shmem_pmdmapped 0 [ 121.796915][ T6104] nr_file_hugepages 0 [ 121.796915][ T6104] nr_file_pmdmapped 0 [ 121.796915][ T6104] nr_anon_transparent_hugepages 0 [ 121.796915][ T6104] nr_vmscan_write 0 [ 121.796915][ T6104] nr_vmscan_immediate_reclaim 0 [ 121.796915][ T6104] nr_dirtied 3000 [ 121.796915][ T6104] nr_written 2977 [ 121.796915][ T6104] nr_throttled_written 0 [ 121.796915][ T6104] nr_kernel_misc_reclaimable 0 [ 121.796915][ T6104] nr_foll_pin_acquired 0 [ 121.796915][ T6104] nr_foll_pin_released 0 [ 121.796915][ T6104] nr_kernel_stack 10452 [ 123.311193][ T6123] nbd: nbd2 already in use [ 123.523465][ T6125] nbd: must specify an index to disconnect [ 125.358979][ T6143] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 125.378588][ T6143] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 125.407772][ T6144] netlink: 8 bytes leftover after parsing attributes in process `syz.3.90'. [ 125.770203][ T6146] bad cache= option: noneages 0 [ 125.770203][ T6146] nr_free_cma 0 [ 125.770203][ T6146] numa_hit 452952 [ 125.770203][ T6146] numa_miss 0 [ 125.770203][ T6146] numa_foreign 0 [ 125.770203][ T6146] numa_interleave 45475 [ 125.770203][ T6146] numa_local 428462 [ 125.770203][ T6146] numa_other 24490 [ 125.770203][ T6146] nr_inactive_anon 0 [ 125.770203][ T6146] nr_active_anon 7704 [ 125.770203][ T6146] nr_inactive_file 39958 [ 125.770203][ T6146] nr_active_file 1026 [ 125.770203][ T6146] nr_unevictable 768 [ 125.770203][ T6146] nr_slab_reclaimable 9921 [ 125.770203][ T6146] nr_slab_unreclaimable 91611 [ 125.770203][ T6146] nr_isolated_anon 0 [ 125.770203][ T6146] nr_isolated_file 0 [ 125.770203][ T6146] workingset_nodes 0 [ 125.770203][ T6146] workingset_refault_anon 0 [ 125.770203][ T6146] workingset_refault_file 0 [ 125.770203][ T6146] workingset_activate_anon 0 [ 125.770203][ T6146] workingset_activate_file 0 [ 125.770203][ T6146] workingset_restore_anon 0 [ 125.770203][ T6146] workingset_restore_file 0 [ 125.770203][ T6146] workingset_nodereclaim 0 [ 125.770203][ T6146] nr_anon_pages 4747 [ 125.770203][ T6146] nr_mapped 26699 [ 125.770203][ T6146] nr_file_pages 44715 [ 125.770203][ T6146] nr_dirty 30 [ 125.770203][ T6146] nr_writeback 0 [ 125.770203][ T6146] nr_writeback_temp 0 [ 125.770203][ T6146] nr_shmem 3731 [ 125.770203][ T6146] nr_shmem_hugepages 0 [ 125.770203][ T6146] nr_shmem_pmdmapped 0 [ 125.770203][ T6146] nr_file_hugepages 0 [ 125.770203][ T6146] nr_file_pmdmapped 0 [ 125.770203][ T6146] nr_anon_transparent_hugepages 0 [ 125.770203][ T6146] nr_vmscan_write 0 [ 125.770203][ T6146] nr_vmscan_immediate_reclaim 0 [ 125.770203][ T6146] nr_dirtied 3006 [ 125.770203][ T6146] nr_written 2977 [ 125.770203][ T6146] nr_throttled_written 0 [ 125.770203][ T6146] nr_kernel_misc_reclaimable 0 [ 125.770203][ T6146] nr_foll_pin_acquired 0 [ 125.770203][ T6146] nr_foll_pin_released 0 [ 125.770203][ T6146] nr_kernel_stack 10444 [ 125.770649][ T6146] CIFS: VFS: bad cache= option: noneages 0 [ 125.770649][ T6146] nr_free_cma 0 [ 125.770649][ T6146] numa_hit 452952 [ 125.770649][ T6146] numa_miss 0 [ 125.770649][ T6146] numa_foreign 0 [ 125.770649][ T6146] numa_interleave 45475 [ 125.770649][ T6146] numa_local 428462 [ 125.770649][ T6146] numa_other 24490 [ 125.770649][ T6146] nr_inactive_anon 0 [ 125.770649][ T6146] nr_active_anon 7704 [ 125.770649][ T6146] nr_inactive_file 39958 [ 125.770649][ T6146] nr_active_file 1026 [ 125.770649][ T6146] nr_unevictable 768 [ 125.770649][ T6146] nr_slab_reclaimable 9921 [ 125.770649][ T6146] nr_slab_unreclaimable 91611 [ 125.770649][ T6146] nr_isolated_anon 0 [ 125.770649][ T6146] nr_isolated_file 0 [ 125.770649][ T6146] workingset_nodes 0 [ 125.770649][ T6146] workingset_refault_anon 0 [ 125.770649][ T6146] workingset_refault_file 0 [ 125.770649][ T6146] workingset_activate_anon 0 [ 125.770649][ T6146] workingset_activate_file 0 [ 125.770649][ T6146] workingset_restore_anon 0 [ 125.770649][ T6146] workingset_restore_file 0 [ 125.770649][ T6146] workingset_nodereclaim 0 [ 125.770649][ T6146] nr_anon_pages 4747 [ 125.770649][ T6146] nr_mapped 26699 [ 125.770649][ T6146] nr_file_pages 44715 [ 125.770649][ T6146] nr_dirty 30 [ 125.770649][ T6146] nr_writeback 0 [ 125.770649][ T6146] nr_writeback_temp 0 [ 125.770649][ T6146] nr_shmem 3731 [ 125.770649][ T6146] nr_shmem_hugepages 0 [ 125.770649][ T6146] nr_shmem_pmdmapped 0 [ 125.770649][ T6146] nr_file_hugepages 0 [ 125.770649][ T6146] nr_file_pmdmapped 0 [ 125.770649][ T6146] nr_anon_transparent_hugepages 0 [ 125.770649][ T6146] nr_vmscan_write 0 [ 125.770649][ T6146] nr_vmscan_immediate_reclaim 0 [ 125.770649][ T6146] nr_dirtied 3006 [ 125.770649][ T6146] nr_written 2977 [ 125.770649][ T6146] nr_throttled_written 0 [ 125.770649][ T6146] nr_kernel_misc_reclaimable 0 [ 125.770649][ T6146] nr_foll_pin_acquired 0 [ 125.770649][ T6146] nr_foll_pin_released 0 [ 125.770649][ T6146] nr_kernel_stack 10444 [ 126.613479][ T6143] bond0 (unregistering): Released all slaves [ 128.171700][ T1095] block nbd2: Possible stuck request ffff888021f68000: control (read@0,4096B). Runtime 30 seconds [ 129.036669][ T6158] nbd: nbd2 already in use [ 129.082680][ T6158] nbd: must specify an index to disconnect [ 129.114865][ T51] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 129.132368][ T51] Bluetooth: hci3: Injecting HCI hardware error event [ 129.144282][ T51] Bluetooth: hci3: hardware error 0x00 [ 130.228510][ T6178] lo speed is unknown, defaulting to 1000 [ 130.238242][ T6178] lo speed is unknown, defaulting to 1000 [ 130.261005][ T6178] lo speed is unknown, defaulting to 1000 [ 130.282775][ T6179] netlink: 8 bytes leftover after parsing attributes in process `syz.1.99'. [ 130.347611][ T6178] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 130.469258][ T6178] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 130.712490][ T55] block nbd1: Possible stuck request ffff888021f08000: control (read@0,1024B). Runtime 30 seconds [ 130.724517][ T55] block nbd1: Possible stuck request ffff888021f08200: control (read@1024,1024B). Runtime 30 seconds [ 130.750047][ T55] block nbd1: Possible stuck request ffff888021f08400: control (read@2048,1024B). Runtime 30 seconds [ 130.789261][ T6178] lo speed is unknown, defaulting to 1000 [ 130.791778][ T55] block nbd1: Possible stuck request ffff888021f08600: control (read@3072,1024B). Runtime 30 seconds [ 130.822869][ T6178] lo speed is unknown, defaulting to 1000 [ 130.841168][ T6178] lo speed is unknown, defaulting to 1000 [ 130.860976][ T6178] lo speed is unknown, defaulting to 1000 [ 131.143472][ T6185] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.258290][ T6185] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.308110][ T6185] 9pnet_virtio: no channels available for device syz [ 131.353888][ T51] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 131.377353][ T6193] bad cache= option: noneages 0 [ 131.377353][ T6193] nr_free_cma 0 [ 131.377353][ T6193] numa_hit 457182 [ 131.377353][ T6193] numa_miss 0 [ 131.377353][ T6193] numa_foreign 0 [ 131.377353][ T6193] numa_interleave 45475 [ 131.377353][ T6193] numa_local 432692 [ 131.377353][ T6193] numa_other 24490 [ 131.377353][ T6193] nr_inactive_anon 0 [ 131.377353][ T6193] nr_active_anon 5421 [ 131.377353][ T6193] nr_inactive_file 39961 [ 131.377353][ T6193] nr_active_file 1033 [ 131.377353][ T6193] nr_unevictable 768 [ 131.377353][ T6193] nr_slab_reclaimable 9938 [ 131.377353][ T6193] nr_slab_unreclaimable 91506 [ 131.377353][ T6193] nr_isolated_anon 0 [ 131.377353][ T6193] nr_isolated_file 0 [ 131.377353][ T6193] workingset_nodes 0 [ 131.377353][ T6193] workingset_refault_anon 0 [ 131.377353][ T6193] workingset_refault_file 0 [ 131.377353][ T6193] workingset_activate_anon 0 [ 131.377353][ T6193] workingset_activate_file 0 [ 131.377353][ T6193] workingset_restore_anon 0 [ 131.377353][ T6193] workingset_restore_file 0 [ 131.377353][ T6193] workingset_nodereclaim 0 [ 131.377353][ T6193] nr_anon_pages 4837 [ 131.377353][ T6193] nr_mapped 24327 [ 131.377353][ T6193] nr_file_pages 42355 [ 131.377353][ T6193] nr_dirty 49 [ 131.377353][ T6193] nr_writeback 0 [ 131.377353][ T6193] nr_writeback_temp 0 [ 131.377353][ T6193] nr_shmem 1361 [ 131.377353][ T6193] nr_shmem_hugepages 0 [ 131.377353][ T6193] nr_shmem_pmdmapped 0 [ 131.377353][ T6193] nr_file_hugepages 0 [ 131.377353][ T6193] nr_file_pmdmapped 0 [ 131.377353][ T6193] nr_anon_transparent_hugepages 0 [ 131.377353][ T6193] nr_vmscan_write 0 [ 131.377353][ T6193] nr_vmscan_immediate_reclaim 0 [ 131.377353][ T6193] nr_dirtied 3025 [ 131.377353][ T6193] nr_written 2977 [ 131.377353][ T6193] nr_throttled_written 0 [ 131.377353][ T6193] nr_kernel_misc_reclaimable 0 [ 131.377353][ T6193] nr_foll_pin_acquired 0 [ 131.377353][ T6193] nr_foll_pin_released 0 [ 131.377353][ T6193] nr_kernel_stack 10452 [ 131.377515][ T6193] CIFS: VFS: bad cache= option: noneages 0 [ 131.377515][ T6193] nr_free_cma 0 [ 131.377515][ T6193] numa_hit 457182 [ 131.377515][ T6193] numa_miss 0 [ 131.377515][ T6193] numa_foreign 0 [ 131.377515][ T6193] numa_interleave 45475 [ 131.377515][ T6193] numa_local 432692 [ 131.377515][ T6193] numa_other 24490 [ 131.377515][ T6193] nr_inactive_anon 0 [ 131.377515][ T6193] nr_active_anon 5421 [ 131.377515][ T6193] nr_inactive_file 39961 [ 131.377515][ T6193] nr_active_file 1033 [ 131.377515][ T6193] nr_unevictable 768 [ 131.377515][ T6193] nr_slab_reclaimable 9938 [ 131.377515][ T6193] nr_slab_unreclaimable 91506 [ 131.377515][ T6193] nr_isolated_anon 0 [ 131.377515][ T6193] nr_isolated_file 0 [ 131.377515][ T6193] workingset_nodes 0 [ 131.377515][ T6193] workingset_refault_anon 0 [ 131.377515][ T6193] workingset_refault_file 0 [ 131.377515][ T6193] workingset_activate_anon 0 [ 131.377515][ T6193] workingset_activate_file 0 [ 131.377515][ T6193] workingset_restore_anon 0 [ 131.377515][ T6193] workingset_restore_file 0 [ 131.377515][ T6193] workingset_nodereclaim 0 [ 131.377515][ T6193] nr_anon_pages 4837 [ 131.377515][ T6193] nr_mapped 24327 [ 131.377515][ T6193] nr_file_pages 42355 [ 131.377515][ T6193] nr_dirty 49 [ 131.377515][ T6193] nr_writeback 0 [ 131.377515][ T6193] nr_writeback_temp 0 [ 131.377515][ T6193] nr_shmem 1361 [ 131.377515][ T6193] nr_shmem_hugepages 0 [ 131.377515][ T6193] nr_shmem_pmdmapped 0 [ 131.377515][ T6193] nr_file_hugepages 0 [ 131.377515][ T6193] nr_file_pmdmapped 0 [ 131.377515][ T6193] nr_anon_transparent_hugepages 0 [ 131.377515][ T6193] nr_vmscan_write 0 [ 131.377515][ T6193] nr_vmscan_immediate_reclaim 0 [ 131.377515][ T6193] nr_dirtied 3025 [ 131.377515][ T6193] nr_written 2977 [ 131.377515][ T6193] nr_throttled_written 0 [ 131.377515][ T6193] nr_kernel_misc_reclaimable 0 [ 131.377515][ T6193] nr_foll_pin_acquired 0 [ 131.377515][ T6193] nr_foll_pin_released 0 [ 131.377515][ T6193] nr_kernel_stack 10452 [ 132.642311][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 133.298644][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.315420][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 137.914544][ T6235] siw: device registration error -23 [ 137.928785][ T6235] netlink: 8 bytes leftover after parsing attributes in process `syz.2.112'. [ 138.968265][ T6240] bad cache= option: noneages 0 [ 138.968265][ T6240] nr_free_cma 0 [ 138.968265][ T6240] numa_hit 463811 [ 138.968265][ T6240] numa_miss 0 [ 138.968265][ T6240] numa_foreign 0 [ 138.968265][ T6240] numa_interleave 45475 [ 138.968265][ T6240] numa_local 439321 [ 138.968265][ T6240] numa_other 24490 [ 138.968265][ T6240] nr_inactive_anon 0 [ 138.968265][ T6240] nr_active_anon 5529 [ 138.968265][ T6240] nr_inactive_file 39964 [ 138.968265][ T6240] nr_active_file 1099 [ 138.968265][ T6240] nr_unevictable 768 [ 138.968265][ T6240] nr_slab_reclaimable 9981 [ 138.968265][ T6240] nr_slab_unreclaimable 91689 [ 138.968265][ T6240] nr_isolated_anon 0 [ 138.968265][ T6240] nr_isolated_file 0 [ 138.968265][ T6240] workingset_nodes 0 [ 138.968265][ T6240] workingset_refault_anon 0 [ 138.968265][ T6240] workingset_refault_file 0 [ 138.968265][ T6240] workingset_activate_anon 0 [ 138.968265][ T6240] workingset_activate_file 0 [ 138.968265][ T6240] workingset_restore_anon 0 [ 138.968265][ T6240] workingset_restore_file 0 [ 138.968265][ T6240] workingset_nodereclaim 0 [ 138.968265][ T6240] nr_anon_pages 4947 [ 138.968265][ T6240] nr_mapped 24391 [ 138.968265][ T6240] nr_file_pages 42424 [ 138.968265][ T6240] nr_dirty 83 [ 138.968265][ T6240] nr_writeback 0 [ 138.968265][ T6240] nr_writeback_temp 0 [ 138.968265][ T6240] nr_shmem 1361 [ 138.968265][ T6240] nr_shmem_hugepages 0 [ 138.968265][ T6240] nr_shmem_pmdmapped 0 [ 138.968265][ T6240] nr_file_hugepages 0 [ 138.968265][ T6240] nr_file_pmdmapped 0 [ 138.968265][ T6240] nr_anon_transparent_hugepages 0 [ 138.968265][ T6240] nr_vmscan_write 0 [ 138.968265][ T6240] nr_vmscan_immediate_reclaim 0 [ 138.968265][ T6240] nr_dirtied 3059 [ 138.968265][ T6240] nr_written 2977 [ 138.968265][ T6240] nr_throttled_written 0 [ 138.968265][ T6240] nr_kernel_misc_reclaimable 0 [ 138.968265][ T6240] nr_foll_pin_acquired 0 [ 138.968265][ T6240] nr_foll_pin_released 0 [ 138.968265][ T6240] nr_kernel_stack 10592 [ 138.968427][ T6240] CIFS: VFS: bad cache= option: noneages 0 [ 138.968427][ T6240] nr_free_cma 0 [ 138.968427][ T6240] numa_hit 463811 [ 138.968427][ T6240] numa_miss 0 [ 138.968427][ T6240] numa_foreign 0 [ 138.968427][ T6240] numa_interleave 45475 [ 138.968427][ T6240] numa_local 439321 [ 138.968427][ T6240] numa_other 24490 [ 138.968427][ T6240] nr_inactive_anon 0 [ 138.968427][ T6240] nr_active_anon 5529 [ 138.968427][ T6240] nr_inactive_file 39964 [ 138.968427][ T6240] nr_active_file 1099 [ 138.968427][ T6240] nr_unevictable 768 [ 138.968427][ T6240] nr_slab_reclaimable 9981 [ 138.968427][ T6240] nr_slab_unreclaimable 91689 [ 138.968427][ T6240] nr_isolated_anon 0 [ 138.968427][ T6240] nr_isolated_file 0 [ 138.968427][ T6240] workingset_nodes 0 [ 138.968427][ T6240] workingset_refault_anon 0 [ 138.968427][ T6240] workingset_refault_file 0 [ 138.968427][ T6240] workingset_activate_anon 0 [ 138.968427][ T6240] workingset_activate_file 0 [ 138.968427][ T6240] workingset_restore_anon 0 [ 138.968427][ T6240] workingset_restore_file 0 [ 138.968427][ T6240] workingset_nodereclaim 0 [ 138.968427][ T6240] nr_anon_pages 4947 [ 138.968427][ T6240] nr_mapped 24391 [ 138.968427][ T6240] nr_file_pages 42424 [ 138.968427][ T6240] nr_dirty 83 [ 138.968427][ T6240] nr_writeback 0 [ 138.968427][ T6240] nr_writeback_temp 0 [ 138.968427][ T6240] nr_shmem 1361 [ 138.968427][ T6240] nr_shmem_hugepages 0 [ 138.968427][ T6240] nr_shmem_pmdmapped 0 [ 138.968427][ T6240] nr_file_hugepages 0 [ 138.968427][ T6240] nr_file_pmdmapped 0 [ 138.968427][ T6240] nr_anon_transparent_hugepages 0 [ 138.968427][ T6240] nr_vmscan_write 0 [ 138.968427][ T6240] nr_vmscan_immediate_reclaim 0 [ 138.968427][ T6240] nr_dirtied 3059 [ 138.968427][ T6240] nr_written 2977 [ 138.968427][ T6240] nr_throttled_written 0 [ 138.968427][ T6240] nr_kernel_misc_reclaimable 0 [ 138.968427][ T6240] nr_foll_pin_acquired 0 [ 138.968427][ T6240] nr_foll_pin_released 0 [ 138.968427][ T6240] nr_kernel_stack 10592 [ 139.456569][ T6245] syzkaller0: entered promiscuous mode [ 139.693601][ T6245] syzkaller0: entered allmulticast mode [ 144.622650][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 145.032268][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 146.160859][ T6268] 0xfffffffffffffffd-0x000000010000 : "" [ 146.274537][ T6268] mtd: partition "" is out of reach -- disabled [ 146.408960][ T6268] ftl_cs: FTL header not found. [ 146.971083][ T6278] siw: device registration error -23 [ 146.978717][ T6278] netlink: 8 bytes leftover after parsing attributes in process `syz.3.125'. [ 147.516690][ T6285] bad cache= option: noneages 0 [ 147.516690][ T6285] nr_free_cma 0 [ 147.516690][ T6285] numa_hit 473209 [ 147.516690][ T6285] numa_miss 0 [ 147.516690][ T6285] numa_foreign 0 [ 147.516690][ T6285] numa_interleave 45475 [ 147.516690][ T6285] numa_local 448719 [ 147.516690][ T6285] numa_other 24490 [ 147.516690][ T6285] nr_inactive_anon 0 [ 147.516690][ T6285] nr_active_anon 7699 [ 147.516690][ T6285] nr_inactive_file 39966 [ 147.516690][ T6285] nr_active_file 1131 [ 147.516690][ T6285] nr_unevictable 768 [ 147.516690][ T6285] nr_slab_reclaimable 9970 [ 147.516690][ T6285] nr_slab_unreclaimable 91769 [ 147.516690][ T6285] nr_isolated_anon 1 [ 147.516690][ T6285] nr_isolated_file 0 [ 147.516690][ T6285] workingset_nodes 0 [ 147.516690][ T6285] workingset_refault_anon 0 [ 147.516690][ T6285] workingset_refault_file 0 [ 147.516690][ T6285] workingset_activate_anon 0 [ 147.516690][ T6285] workingset_activate_file 0 [ 147.516690][ T6285] workingset_restore_anon 0 [ 147.516690][ T6285] workingset_restore_file 0 [ 147.516690][ T6285] workingset_nodereclaim 0 [ 147.516690][ T6285] nr_anon_pages 7106 [ 147.516690][ T6285] nr_mapped 24391 [ 147.516690][ T6285] nr_file_pages 42458 [ 147.516690][ T6285] nr_dirty 93 [ 147.516690][ T6285] nr_writeback 0 [ 147.516690][ T6285] nr_writeback_temp 0 [ 147.516690][ T6285] nr_shmem 1361 [ 147.516690][ T6285] nr_shmem_hugepages 0 [ 147.516690][ T6285] nr_shmem_pmdmapped 0 [ 147.516690][ T6285] nr_file_hugepages 0 [ 147.516690][ T6285] nr_file_pmdmapped 0 [ 147.516690][ T6285] nr_anon_transparent_hugepages 0 [ 147.516690][ T6285] nr_vmscan_write 0 [ 147.516690][ T6285] nr_vmscan_immediate_reclaim 0 [ 147.516690][ T6285] nr_dirtied 3079 [ 147.516690][ T6285] nr_written 2987 [ 147.516690][ T6285] nr_throttled_written 0 [ 147.516690][ T6285] nr_kernel_misc_reclaimable 0 [ 147.516690][ T6285] nr_foll_pin_acquired 0 [ 147.516690][ T6285] nr_foll_pin_released 0 [ 147.516690][ T6285] nr_kernel_stack 10336 [ 147.516834][ T6285] CIFS: VFS: bad cache= option: noneages 0 [ 147.516834][ T6285] nr_free_cma 0 [ 147.516834][ T6285] numa_hit 473209 [ 147.516834][ T6285] numa_miss 0 [ 147.516834][ T6285] numa_foreign 0 [ 147.516834][ T6285] numa_interleave 45475 [ 147.516834][ T6285] numa_local 448719 [ 147.516834][ T6285] numa_other 24490 [ 147.516834][ T6285] nr_inactive_anon 0 [ 147.516834][ T6285] nr_active_anon 7699 [ 147.516834][ T6285] nr_inactive_file 39966 [ 147.516834][ T6285] nr_active_file 1131 [ 147.516834][ T6285] nr_unevictable 768 [ 147.516834][ T6285] nr_slab_reclaimable 9970 [ 147.516834][ T6285] nr_slab_unreclaimable 91769 [ 147.516834][ T6285] nr_isolated_anon 1 [ 147.516834][ T6285] nr_isolated_file 0 [ 147.516834][ T6285] workingset_nodes 0 [ 147.516834][ T6285] workingset_refault_anon 0 [ 147.516834][ T6285] workingset_refault_file 0 [ 147.516834][ T6285] workingset_activate_anon 0 [ 147.516834][ T6285] workingset_activate_file 0 [ 147.516834][ T6285] workingset_restore_anon 0 [ 147.516834][ T6285] workingset_restore_file 0 [ 147.516834][ T6285] workingset_nodereclaim 0 [ 147.516834][ T6285] nr_anon_pages 7106 [ 147.516834][ T6285] nr_mapped 24391 [ 147.516834][ T6285] nr_file_pages 42458 [ 147.516834][ T6285] nr_dirty 93 [ 147.516834][ T6285] nr_writeback 0 [ 147.516834][ T6285] nr_writeback_temp 0 [ 147.516834][ T6285] nr_shmem 1361 [ 147.516834][ T6285] nr_shmem_hugepages 0 [ 147.516834][ T6285] nr_shmem_pmdmapped 0 [ 147.516834][ T6285] nr_file_hugepages 0 [ 147.516834][ T6285] nr_file_pmdmapped 0 [ 147.516834][ T6285] nr_anon_transparent_hugepages 0 [ 147.516834][ T6285] nr_vmscan_write 0 [ 147.516834][ T6285] nr_vmscan_immediate_reclaim 0 [ 147.516834][ T6285] nr_dirtied 3079 [ 147.516834][ T6285] nr_written 2987 [ 147.516834][ T6285] nr_throttled_written 0 [ 147.516834][ T6285] nr_kernel_misc_reclaimable 0 [ 147.516834][ T6285] nr_foll_pin_acquired 0 [ 147.516834][ T6285] nr_foll_pin_released 0 [ 147.516834][ T6285] nr_kernel_stack 10336 [ 148.384026][ T51] Bluetooth: hci0: Malformed LE Event: 0x1b [ 155.778906][ T6327] siw: device registration error -23 [ 155.793676][ T6327] netlink: 8 bytes leftover after parsing attributes in process `syz.0.138'. [ 156.385791][ T28] audit: type=1326 audit(1782129682.311:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6344 comm="syz.3.141" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92f659ce59 code=0x7ffc0000 [ 156.441212][ T28] audit: type=1326 audit(1782129682.351:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6344 comm="syz.3.141" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92f659ce59 code=0x7ffc0000 [ 156.468012][ T28] audit: type=1326 audit(1782129682.351:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6344 comm="syz.3.141" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f92f659ce59 code=0x7ffc0000 [ 156.494084][ T28] audit: type=1326 audit(1782129682.351:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6344 comm="syz.3.141" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92f659ce59 code=0x7ffc0000 [ 156.530309][ T28] audit: type=1326 audit(1782129682.351:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6344 comm="syz.3.141" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92f659ce59 code=0x7ffc0000 [ 156.640103][ T28] audit: type=1326 audit(1782129682.361:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6344 comm="syz.3.141" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f92f659ce59 code=0x7ffc0000 [ 156.732105][ T28] audit: type=1326 audit(1782129682.371:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6344 comm="syz.3.141" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92f659ce59 code=0x7ffc0000 [ 156.984811][ T28] audit: type=1326 audit(1782129682.391:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6344 comm="syz.3.141" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92f659ce59 code=0x7ffc0000 [ 157.300386][ T28] audit: type=1326 audit(1782129682.391:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6344 comm="syz.3.141" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f92f659ce59 code=0x7ffc0000 [ 157.695258][ T28] audit: type=1326 audit(1782129682.391:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6344 comm="syz.3.141" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92f659ce59 code=0x7ffc0000 [ 158.234691][ T1095] block nbd2: Possible stuck request ffff888021f68000: control (read@0,4096B). Runtime 60 seconds [ 160.103214][ T6363] netlink: 8 bytes leftover after parsing attributes in process `syz.0.147'. [ 160.388450][ T6371] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 161.433889][ T10] block nbd1: Possible stuck request ffff888021f08000: control (read@0,1024B). Runtime 60 seconds [ 161.445335][ T10] block nbd1: Possible stuck request ffff888021f08200: control (read@1024,1024B). Runtime 60 seconds [ 161.457494][ T10] block nbd1: Possible stuck request ffff888021f08400: control (read@2048,1024B). Runtime 60 seconds [ 161.474006][ T10] block nbd1: Possible stuck request ffff888021f08600: control (read@3072,1024B). Runtime 60 seconds [ 169.155755][ T5140] udevd[5140]: worker [5786] /devices/virtual/block/nbd2 is taking a long time [ 169.261495][ T5140] udevd[5140]: worker [5780] /devices/virtual/block/nbd1 is taking a long time [ 171.556025][ T6456] netlink: 'syz.2.174': attribute type 4 has an invalid length. [ 174.442615][ T6456] syz.2.174 (6456) used greatest stack depth: 19704 bytes left [ 184.731747][ T6580] lo speed is unknown, defaulting to 1000 [ 184.940236][ T6591] 9pnet_virtio: no channels available for device syz [ 185.405317][ T6602] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 185.472747][ T6602] CIFS mount error: No usable UNC path provided in device string! [ 185.472747][ T6602] [ 185.502606][ T6602] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 185.648177][ T6609] netlink: 8 bytes leftover after parsing attributes in process `syz.0.211'. [ 185.669813][ T28] kauditd_printk_skb: 41 callbacks suppressed [ 185.669862][ T28] audit: type=1400 audit(1782129711.571:55): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=6607 comm="syz.0.211" [ 189.630919][ T5849] block nbd2: Possible stuck request ffff888021f68000: control (read@0,4096B). Runtime 90 seconds [ 191.513016][ T10] block nbd1: Possible stuck request ffff888021f08000: control (read@0,1024B). Runtime 90 seconds [ 191.525530][ T10] block nbd1: Possible stuck request ffff888021f08200: control (read@1024,1024B). Runtime 90 seconds [ 191.542249][ T10] block nbd1: Possible stuck request ffff888021f08400: control (read@2048,1024B). Runtime 90 seconds [ 191.554331][ T10] block nbd1: Possible stuck request ffff888021f08600: control (read@3072,1024B). Runtime 90 seconds [ 191.800273][ T5085] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 191.821700][ T5085] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 191.832474][ T5085] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 191.849172][ T5085] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 191.857438][ T5085] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 191.865353][ T5085] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 192.022392][ T6632] lo speed is unknown, defaulting to 1000 [ 192.336133][ T6645] CIFS mount error: No usable UNC path provided in device string! [ 192.336133][ T6645] [ 192.364387][ T6645] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 192.560481][ T6632] chnl_net:caif_netlink_parms(): no params data found [ 193.912333][ T5085] Bluetooth: hci4: command tx timeout [ 194.667320][ T6632] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.718175][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.724718][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.787932][ T6632] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.904661][ T6632] bridge_slave_0: entered allmulticast mode [ 195.096639][ T6632] bridge_slave_0: entered promiscuous mode [ 195.308978][ T6632] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.419868][ T6632] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.524189][ T6632] bridge_slave_1: entered allmulticast mode [ 195.660492][ T6632] bridge_slave_1: entered promiscuous mode [ 195.765695][ T6632] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 195.779183][ T6632] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 195.826283][ T6632] team0: Port device team_slave_0 added [ 195.835893][ T6632] team0: Port device team_slave_1 added [ 195.899718][ T6632] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 195.912458][ T6632] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 195.950015][ T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 195.961064][ T6632] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 195.980733][ T6632] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 195.988281][ T6632] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 196.022323][ T5085] Bluetooth: hci4: command tx timeout [ 196.038351][ T6632] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 196.156390][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 196.170691][ T6632] hsr_slave_0: entered promiscuous mode [ 196.173483][ T9] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 196.195383][ T9] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 196.212249][ T9] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 196.221387][ T6632] hsr_slave_1: entered promiscuous mode [ 196.227383][ T9] usb 2-1: Product: syz [ 196.227407][ T9] usb 2-1: Manufacturer: syz [ 196.227424][ T9] usb 2-1: SerialNumber: syz [ 196.243779][ T9] usb 2-1: config 0 descriptor?? [ 196.249656][ T6668] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 196.280059][ T6632] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 196.297680][ T6632] Cannot create hsr debugfs directory [ 196.426152][ T6684] CIFS mount error: No usable UNC path provided in device string! [ 196.426152][ T6684] [ 196.439357][ T6684] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 196.905035][ T6632] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 196.935839][ T6632] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 196.961100][ T5812] usb 2-1: USB disconnect, device number 3 [ 197.079340][ T6632] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 197.116392][ T6632] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 198.137802][ T6632] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.160563][ T5085] Bluetooth: hci4: command tx timeout [ 198.257730][ T6632] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.354238][ T996] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.361730][ T996] bridge0: port 1(bridge_slave_0) entered forwarding state [ 198.932999][ T3461] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.940229][ T3461] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.232254][ T5085] Bluetooth: hci4: command tx timeout [ 201.854359][ T6719] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 202.340156][ T6632] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.696206][ T6731] loop5: detected capacity change from 0 to 7 [ 202.718376][ T6731] Dev loop5: unable to read RDB block 7 [ 202.734061][ T6731] loop5: unable to read partition table [ 202.740380][ T6731] loop5: partition table beyond EOD, truncated [ 202.771297][ T6731] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 202.804330][ T6732] Dev loop5: unable to read RDB block 7 [ 202.810008][ T6732] loop5: unable to read partition table [ 202.837581][ T6732] loop5: partition table beyond EOD, truncated [ 202.852993][ T6732] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 203.238206][ T6632] veth0_vlan: entered promiscuous mode [ 203.289291][ T6632] veth1_vlan: entered promiscuous mode [ 203.528386][ T6632] veth0_macvtap: entered promiscuous mode [ 203.776759][ T6632] veth1_macvtap: entered promiscuous mode [ 204.402617][ T6632] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.501043][ T6632] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.602115][ T6632] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.694708][ T6632] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.797846][ T6632] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.910415][ T6632] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.027961][ T6632] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.156544][ T6632] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.328293][ T6632] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 205.647992][ T6632] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.790522][ T6632] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.915859][ T6632] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 206.044037][ T6632] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.160441][ T6632] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 206.269588][ T6632] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.281277][ T6632] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 206.292209][ T6632] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.304349][ T6632] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 206.342901][ T6632] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.359125][ T6632] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.418848][ T6632] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.462256][ T6632] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.523444][ T6758] netlink: 20 bytes leftover after parsing attributes in process `syz.0.249'. [ 206.705610][ T2890] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.742894][ T2890] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.876870][ T996] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.911345][ T996] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 207.212294][ T27] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 207.217051][ T6777] block device autoloading is deprecated and will be removed. [ 207.432810][ T27] usb 4-1: Using ep0 maxpacket: 16 [ 207.493400][ T27] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 207.633860][ T27] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 207.756355][ T27] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.881188][ T27] usb 4-1: Product: syz [ 207.945470][ T27] usb 4-1: Manufacturer: syz [ 208.005818][ T27] usb 4-1: SerialNumber: syz [ 208.215280][ T27] usb 4-1: config 0 descriptor?? [ 208.331205][ T27] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 208.450734][ T27] em28xx 4-1:0.0: DVB interface 0 found: bulk [ 209.757045][ T27] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 210.471960][ T27] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 210.512365][ T27] em28xx 4-1:0.0: board has no eeprom [ 210.794115][ T6797] process 'syz.4.261' launched './file1' with NULL argv: empty string added [ 210.862228][ T27] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 210.879917][ T27] em28xx 4-1:0.0: dvb set to bulk mode. [ 210.920478][ T27] em28xx 4-1:0.0: Binding DVB extension [ 211.102462][ T6800] netlink: 64 bytes leftover after parsing attributes in process `syz.4.261'. [ 212.172307][ T5784] Bluetooth: hci0: command 0x0406 tx timeout [ 212.180122][ T5776] Bluetooth: hci2: command 0x0406 tx timeout [ 212.712675][ T27] em28xx 4-1:0.0: Registering input extension [ 213.552443][ T27] usb 4-1: USB disconnect, device number 2 [ 213.582100][ T27] em28xx 4-1:0.0: Disconnecting em28xx [ 213.607925][ T27] em28xx 4-1:0.0: Closing input extension [ 213.724172][ T27] em28xx 4-1:0.0: Freeing device [ 217.036813][ T6830] netlink: 64 bytes leftover after parsing attributes in process `syz.0.270'. [ 219.693581][ T5849] block nbd2: Possible stuck request ffff888021f68000: control (read@0,4096B). Runtime 120 seconds [ 221.602329][ T10] block nbd1: Possible stuck request ffff888021f08000: control (read@0,1024B). Runtime 120 seconds [ 221.620899][ T10] block nbd1: Possible stuck request ffff888021f08200: control (read@1024,1024B). Runtime 120 seconds [ 221.633375][ T10] block nbd1: Possible stuck request ffff888021f08400: control (read@2048,1024B). Runtime 120 seconds [ 221.644490][ T10] block nbd1: Possible stuck request ffff888021f08600: control (read@3072,1024B). Runtime 120 seconds [ 221.725392][ T6899] ======================================================= [ 221.725392][ T6899] WARNING: The mand mount option has been deprecated and [ 221.725392][ T6899] and is ignored by this kernel. Remove the mand [ 221.725392][ T6899] option from the mount to silence this warning. [ 221.725392][ T6899] ======================================================= [ 222.797064][ T6910] netlink: 24 bytes leftover after parsing attributes in process `syz.0.294'. [ 223.500613][ T28] audit: type=1800 audit(1782129749.421:56): pid=6904 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.291" name="bus" dev="ramfs" ino=13424 res=0 errno=0 [ 223.962336][ T967] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 224.297182][ T967] usb 2-1: config 0 interface 0 altsetting 251 bulk endpoint 0x9 has invalid maxpacket 99 [ 224.417867][ T967] usb 2-1: config 0 interface 0 has no altsetting 0 [ 224.588041][ T967] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 224.622685][ T967] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 224.666054][ T967] usb 2-1: Product: syz [ 224.679525][ T967] usb 2-1: Manufacturer: syz [ 224.687783][ T967] usb 2-1: SerialNumber: syz [ 224.725795][ T967] usb 2-1: config 0 descriptor?? [ 224.733214][ T6921] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 224.788594][ T967] usb 2-1: selecting invalid altsetting 0 [ 225.017218][ T967] usb 2-1: USB disconnect, device number 4 [ 225.567687][ T6947] 9pnet_virtio: no channels available for device syz [ 225.660834][ T6949] usb usb7: usbfs: process 6949 (syz.1.303) did not claim interface 0 before use [ 225.911578][ T6960] netlink: 8 bytes leftover after parsing attributes in process `syz.3.307'. [ 227.999162][ T6979] netlink: 64 bytes leftover after parsing attributes in process `syz.4.311'. [ 228.538484][ T6988] 9pnet_virtio: no channels available for device syz [ 228.758961][ T6994] loop5: detected capacity change from 0 to 7 [ 228.768882][ T6994] Dev loop5: unable to read RDB block 7 [ 228.775990][ T6994] loop5: AHDI p1 p3 p4 [ 228.784940][ T6994] loop5: partition table partially beyond EOD, truncated [ 228.799994][ T6994] loop5: p1 size 100663296 extends beyond EOD, truncated [ 228.816271][ T6994] loop5: p3 size 4261412863 extends beyond EOD, truncated [ 228.863794][ T7000] Dev loop5: unable to read RDB block 7 [ 228.870150][ T7000] loop5: AHDI p1 p3 p4 [ 228.888758][ T7000] loop5: partition table partially beyond EOD, truncated [ 228.910435][ T7000] loop5: p1 size 100663296 extends beyond EOD, truncated [ 228.928680][ T7000] loop5: p3 size 4261412863 extends beyond EOD, truncated [ 229.013508][ T6552] udevd[6552]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 229.035667][ T5774] udevd[5774]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 230.109591][ T7015] netlink: 96 bytes leftover after parsing attributes in process `syz.0.323'. [ 230.676882][ T7025] batadv_slave_0: entered promiscuous mode [ 230.741184][ T7029] 9pnet_virtio: no channels available for device syz [ 233.621079][ T7030] netlink: 4 bytes leftover after parsing attributes in process `syz.3.326'. [ 233.630952][ T7030] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 234.791107][ T7030] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 234.906222][ T7028] syz.3.326 (7028) used greatest stack depth: 17896 bytes left [ 234.934061][ T7037] loop5: detected capacity change from 0 to 7 [ 234.963952][ T7037] Dev loop5: unable to read RDB block 7 [ 234.984009][ T7037] loop5: AHDI p1 p3 p4 [ 234.988288][ T7037] loop5: partition table partially beyond EOD, truncated [ 235.084210][ T7037] loop5: p1 size 100663296 extends beyond EOD, truncated [ 235.117826][ T7037] loop5: p3 size 4261412863 extends beyond EOD, truncated [ 235.198122][ T7038] Dev loop5: unable to read RDB block 7 [ 235.219084][ T7038] loop5: AHDI p1 p3 p4 [ 235.228415][ T7038] loop5: partition table partially beyond EOD, truncated [ 235.239695][ T7038] loop5: p1 size 100663296 extends beyond EOD, truncated [ 235.265850][ T7038] loop5: p3 size 4261412863 extends beyond EOD, truncated [ 235.511439][ T7044] 9pnet_fd: Insufficient options for proto=fd [ 236.463454][ T6552] udevd[6552]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 236.484187][ T5774] udevd[5774]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 239.118367][ T7067] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.110544][ T7067] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.172816][ T7078] netlink: 68 bytes leftover after parsing attributes in process `syz.1.341'. [ 242.220852][ T7078] netlink: 8 bytes leftover after parsing attributes in process `syz.1.341'. [ 242.274149][ T7082] 9pnet_virtio: no channels available for device syz [ 242.284341][ T7067] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.303659][ T7081] loop5: detected capacity change from 0 to 7 [ 242.320319][ T7081] Dev loop5: unable to read RDB block 7 [ 242.334269][ T28] audit: type=1804 audit(1782129768.261:57): pid=7082 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.342" name="/newroot/21/bus/bus" dev="overlay" ino=150 res=1 errno=0 [ 242.360898][ T7081] loop5: AHDI p1 p3 p4 [ 242.392272][ T7081] loop5: partition table partially beyond EOD, truncated [ 242.399582][ T7081] loop5: p1 size 100663296 extends beyond EOD, truncated [ 242.453002][ T7067] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.473975][ T7081] loop5: p3 size 4261412863 extends beyond EOD, truncated [ 242.567460][ T7067] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.593539][ T7067] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.603927][ T7083] Dev loop5: unable to read RDB block 7 [ 242.616316][ T7067] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.637645][ T7067] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.767077][ T7083] loop5: AHDI p1 p3 p4 [ 242.800257][ T7083] loop5: partition table partially beyond EOD, truncated [ 242.846824][ T7083] loop5: p1 size 100663296 extends beyond EOD, truncated [ 242.909466][ T7083] loop5: p3 size 4261412863 extends beyond EOD, truncated [ 243.117798][ T7088] block device autoloading is deprecated and will be removed. [ 243.151997][ T5774] udevd[5774]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 243.164824][ T6552] udevd[6552]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 243.274507][ T7091] lo speed is unknown, defaulting to 1000 [ 243.404069][ T7104] binder: 7101:7104 ioctl c0306201 2000000002c0 returned -14 [ 247.253546][ T7152] netlink: 28 bytes leftover after parsing attributes in process `syz.0.357'. [ 249.015263][ T7163] loop5: detected capacity change from 0 to 7 [ 249.335776][ T7163] Dev loop5: unable to read RDB block 7 [ 249.414500][ T7163] loop5: AHDI p1 p3 p4 [ 249.456203][ T7163] loop5: partition table partially beyond EOD, truncated [ 249.560151][ T7163] loop5: p1 size 100663296 extends beyond EOD, truncated [ 249.597013][ T7163] loop5: p3 size 4261412863 extends beyond EOD, truncated [ 249.754349][ T5774] udevd[5774]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 249.757972][ T6552] udevd[6552]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 249.794965][ T5849] block nbd2: Possible stuck request ffff888021f68000: control (read@0,4096B). Runtime 150 seconds (èN  ýÿÿÿÿÿÿÿ@ üÿÿÿÿÿ  ¨/dev/fusefd=0x0000000000000003,rootmode=00000000000000000040000,user_id=00000000000000000000,group_id=00000000000000000000P)9à̆@sÿÿÿ [ 250.333853][ T7175] netlink: 8 bytes leftover after parsing attributes in process `syz.0.362'. [ 250.386664][ T7175] netlink: 4 bytes leftover after parsing attributes in process `syz.0.362'. ./file0/file0[ 250.465808][ T7175] 8021q: adding VLAN 0 to HW filter on device bond0 [ 250.575618][ T7175] bond1: (slave bond0): making interface the new active one [ 250.606706][ T7175] bond1: (slave bond0): Enslaving as an active interface with an up link [ 250.653647][ T7186] netlink: 'syz.0.362': attribute type 4 has an invalid length. [ 250.659971][ T7195] netlink: 12 bytes leftover after parsing attributes in process `syz.3.365'. [ 250.673912][ T7186] netlink: 152 bytes leftover after parsing attributes in process `syz.0.362'. [ 250.725737][ T5085] block nbd4: Receive control failed (result -107) [ 250.791416][ T7186] .`: renamed from bond0 (while UP) [ 250.910828][ T7175] netlink: 'syz.0.362': attribute type 8 has an invalid length. ./file0fuseh'ûÿÿs[ 251.570520][ T7222] loop5: detected capacity change from 0 to 7 [ 251.606608][ T7222] Dev loop5: unable to read RDB block 7 [ 251.623827][ T7222] loop5: AHDI p1 p3 p4 [ 251.628111][ T7222] loop5: partition table partially beyond EOD, truncated [ 251.671822][ T7222] loop5: p1 size 100663296 extends beyond EOD, truncated [ 251.682669][ T10] block nbd1: Possible stuck request ffff888021f08000: control (read@0,1024B). Runtime 150 seconds [ 251.694007][ T10] block nbd1: Possible stuck request ffff888021f08200: control (read@1024,1024B). Runtime 150 seconds [ 251.707048][ T10] block nbd1: Possible stuck request ffff888021f08400: control (read@2048,1024B). Runtime 150 seconds [ 251.719517][ T10] block nbd1: Possible stuck request ffff888021f08600: control (read@3072,1024B). Runtime 150 seconds [ 251.745708][ T7222] loop5: p3 size 4261412863 extends beyond EOD, truncated [ 251.847754][ T7211] lo speed is unknown, defaulting to 1000 [ 251.896179][ T7226] syzkaller0: entered promiscuous mode [ 251.933704][ T7226] syzkaller0: entered allmulticast mode [ 252.133269][ T5774] udevd[5774]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 252.147194][ T6552] udevd[6552]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 252.167955][ T7229] tipc: Started in network mode [ 252.201958][ T7229] tipc: Node identity 8a03038ff32e, cluster identity 4711 [ 252.248961][ T7229] tipc: Enabled bearer , priority 0 [ 252.354791][ T7225] tipc: Resetting bearer [ 252.527206][ T7225] tipc: Disabling bearer [ 253.887185][ T7249] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 254.950390][ T7281] loop5: detected capacity change from 0 to 7 [ 254.982577][ T7281] Dev loop5: unable to read RDB block 7 [ 255.002315][ T7281] loop5: AHDI p1 p3 p4 [ 255.007165][ T7281] loop5: partition table partially beyond EOD, truncated [ 255.035333][ T7281] loop5: p1 size 100663296 extends beyond EOD, truncated [ 255.076543][ T7281] loop5: p3 size 4261412863 extends beyond EOD, truncated [ 255.294004][ T5774] udevd[5774]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 255.340719][ T6552] udevd[6552]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 256.156970][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.164227][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.670965][ T7331] binder: 7329:7331 ioctl c0306201 200000000680 returned -14 [ 256.851898][ T7319] lo speed is unknown, defaulting to 1000 [ 258.112258][ T27] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 258.292493][ T27] usb 1-1: Using ep0 maxpacket: 32 [ 258.319779][ T27] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 258.369630][ T27] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 258.405859][ T27] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 258.443271][ T27] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 258.481139][ T27] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 258.499025][ T27] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 258.537828][ T27] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 258.550364][ T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.591223][ T27] usb 1-1: config 0 descriptor?? [ 259.097957][ T7376] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 260.821156][ T27] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 260.917812][ T27] usb 1-1: USB disconnect, device number 2 [ 260.977008][ T27] usblp0: removed [ 262.140654][ T7419] syz.4.413 uses obsolete (PF_INET,SOCK_PACKET) [ 262.180949][ T7417] binder: 7415:7417 ioctl c0306201 0 returned -14 [ 262.773265][ T7420] lo speed is unknown, defaulting to 1000 [ 263.604182][ T7436] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 263.612481][ T7436] IPv6: NLM_F_CREATE should be set when creating new route [ 264.864886][ T7448] Bluetooth: MGMT ver 1.22 [ 264.913319][ T7446] warning: `syz.3.420' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 268.832393][ T5763] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 269.042341][ T5763] usb 2-1: Using ep0 maxpacket: 16 [ 269.044400][ T5763] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 269.044436][ T5763] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 269.044483][ T5763] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 269.044509][ T5763] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.046549][ T5763] usb 2-1: config 0 descriptor?? [ 269.764908][ T7497] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 270.026478][ T7492] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 270.304841][ T7492] trusted_key: encrypted_key: keyword 'load±|óÊ“.V§í' not recognized [ 272.113543][ T5763] usbhid 2-1:0.0: can't add hid device: -71 [ 272.119749][ T5763] usbhid: probe of 2-1:0.0 failed with error -71 [ 272.208997][ T5763] usb 2-1: USB disconnect, device number 5 [ 274.976931][ T7548] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 277.201504][ T7559] 9pnet_virtio: no channels available for device syz [ 278.823502][ T7578] 9pnet_virtio: no channels available for device syz [ 278.902837][ T7581] capability: warning: `syz.1.458' uses deprecated v2 capabilities in a way that may be insecure [ 279.382434][ T7591] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 279.918321][ T5849] block nbd2: Possible stuck request ffff888021f68000: control (read@0,4096B). Runtime 180 seconds [ 281.817410][ T10] block nbd1: Possible stuck request ffff888021f08000: control (read@0,1024B). Runtime 180 seconds [ 281.817466][ T10] block nbd1: Possible stuck request ffff888021f08200: control (read@1024,1024B). Runtime 180 seconds [ 281.817499][ T10] block nbd1: Possible stuck request ffff888021f08400: control (read@2048,1024B). Runtime 180 seconds [ 281.817531][ T10] block nbd1: Possible stuck request ffff888021f08600: control (read@3072,1024B). Runtime 180 seconds [ 282.218805][ T7616] mmap: syz.4.468 (7616) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 282.749471][ T7625] netlink: 8 bytes leftover after parsing attributes in process `syz.3.470'. [ 286.325122][ T7649] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 288.035099][ T7674] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 289.948332][ T7696] loop5: detected capacity change from 0 to 7 [ 289.990743][ T7696] Dev loop5: unable to read RDB block 7 [ 290.084165][ T7696] loop5: unable to read partition table [ 290.090160][ T7696] loop5: partition table beyond EOD, truncated [ 290.141871][ T7696] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 290.206329][ T7697] Dev loop5: unable to read RDB block 7 [ 290.228262][ T7697] loop5: unable to read partition table [ 290.255433][ T7697] loop5: partition table beyond EOD, truncated [ 290.273825][ T7697] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 296.384416][ T7732] netlink: 20 bytes leftover after parsing attributes in process `syz.0.493'. [ 297.085919][ T7744] loop5: detected capacity change from 0 to 7 [ 297.103737][ T7744] Dev loop5: unable to read RDB block 7 [ 297.109980][ T7744] loop5: unable to read partition table [ 297.117645][ T7744] loop5: partition table beyond EOD, truncated [ 297.125668][ T7744] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 297.186482][ T7745] Dev loop5: unable to read RDB block 7 [ 297.194648][ T7745] loop5: unable to read partition table [ 297.205389][ T7745] loop5: partition table beyond EOD, truncated [ 297.216285][ T7745] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 298.300602][ T7753] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 302.123258][ T7778] netlink: 8 bytes leftover after parsing attributes in process `syz.4.505'. [ 302.188484][ T7782] loop5: detected capacity change from 0 to 7 [ 302.200216][ T7782] Dev loop5: unable to read RDB block 7 [ 302.218990][ T7782] loop5: unable to read partition table [ 302.229241][ T7782] loop5: partition table beyond EOD, truncated [ 302.261353][ T7782] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 302.311084][ T7784] Dev loop5: unable to read RDB block 7 [ 302.324184][ T7784] loop5: unable to read partition table [ 302.342876][ T7784] loop5: partition table beyond EOD, truncated [ 302.354918][ T7784] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 303.074969][ T7795] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 303.517882][ T7799] syzkaller0: entered promiscuous mode [ 303.580153][ T7799] syzkaller0: entered allmulticast mode [ 307.531755][ T7819] loop5: detected capacity change from 0 to 7 [ 307.540620][ T7819] Dev loop5: unable to read RDB block 7 [ 307.560072][ T7819] loop5: unable to read partition table [ 307.574696][ T7819] loop5: partition table beyond EOD, truncated [ 307.602672][ T7819] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 307.693964][ T7823] Dev loop5: unable to read RDB block 7 [ 307.699734][ T7823] loop5: unable to read partition table [ 307.724307][ T7823] loop5: partition table beyond EOD, truncated [ 307.730565][ T7823] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 308.202306][ T5814] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 308.400142][ T5814] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 308.400177][ T5814] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 308.400216][ T5814] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 308.400246][ T5814] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 308.421456][ T5814] usb 4-1: config 0 descriptor?? [ 308.431333][ T5814] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 308.452367][ T5814] dvb-usb: bulk message failed: -22 (3/0) [ 308.506669][ T5814] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 308.510849][ T5814] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 308.511068][ T5814] usb 4-1: media controller created [ 308.521503][ T5814] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 308.540278][ T5814] dvb-usb: bulk message failed: -22 (6/0) [ 308.540452][ T5814] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 308.571820][ T5814] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input8 [ 308.586672][ T5814] dvb-usb: schedule remote query interval to 150 msecs. [ 308.586702][ T5814] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 308.758450][ T5814] dvb-usb: bulk message failed: -22 (1/0) [ 308.758584][ T5814] dvb-usb: error while querying for an remote control event. [ 308.825508][ T7839] netlink: 4 bytes leftover after parsing attributes in process `syz.3.519'. [ 308.912252][ T5814] dvb-usb: bulk message failed: -22 (1/0) [ 308.912292][ T5814] dvb-usb: error while querying for an remote control event. [ 309.072221][ T5814] dvb-usb: bulk message failed: -22 (1/0) [ 309.078629][ T5814] dvb-usb: error while querying for an remote control event. [ 309.262224][ T5814] dvb-usb: bulk message failed: -22 (1/0) [ 309.269748][ T5814] dvb-usb: error while querying for an remote control event. [ 309.454288][ T5814] dvb-usb: bulk message failed: -22 (1/0) [ 309.460149][ T5814] dvb-usb: error while querying for an remote control event. [ 309.682255][ T5763] dvb-usb: bulk message failed: -22 (1/0) [ 309.688059][ T5763] dvb-usb: error while querying for an remote control event. [ 309.727899][ T967] usb 4-1: USB disconnect, device number 3 [ 309.797897][ T967] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 310.554158][ T5849] block nbd2: Possible stuck request ffff888021f68000: control (read@0,4096B). Runtime 210 seconds [ 311.835382][ T10] block nbd1: Possible stuck request ffff888021f08000: control (read@0,1024B). Runtime 210 seconds [ 311.846350][ T10] block nbd1: Possible stuck request ffff888021f08200: control (read@1024,1024B). Runtime 210 seconds [ 311.861280][ T10] block nbd1: Possible stuck request ffff888021f08400: control (read@2048,1024B). Runtime 210 seconds [ 311.872736][ T10] block nbd1: Possible stuck request ffff888021f08600: control (read@3072,1024B). Runtime 210 seconds [ 312.506548][ T7869] loop5: detected capacity change from 0 to 7 [ 312.509680][ T7869] Dev loop5: unable to read RDB block 7 [ 312.509732][ T7869] loop5: unable to read partition table [ 312.509893][ T7869] loop5: partition table beyond EOD, truncated [ 312.509956][ T7869] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 312.576360][ T7869] Dev loop5: unable to read RDB block 7 [ 312.590310][ T7869] loop5: unable to read partition table [ 312.593500][ T7869] loop5: partition table beyond EOD, truncated [ 312.637202][ T7869] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 313.051129][ T7878] input: syz1 as /devices/virtual/input/input9 [ 313.162827][ T28] audit: type=1400 audit(1782129839.091:58): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F041 [ 315.609357][ T5085] Bluetooth: hci4: command 0x0406 tx timeout [ 317.007347][ T7892] netlink: 'syz.3.536': attribute type 2 has an invalid length. [ 317.016628][ T7892] netlink: 'syz.3.536': attribute type 2 has an invalid length. [ 317.601410][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.649134][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.834259][ T7896] netlink: 8 bytes leftover after parsing attributes in process `syz.4.538'. [ 318.279128][ T7908] loop5: detected capacity change from 0 to 7 [ 318.332334][ T7908] Dev loop5: unable to read RDB block 7 [ 318.349486][ T7906] (null): rxe_set_mtu: Set mtu to 1024 [ 318.356836][ T7906] hsr0 speed is unknown, defaulting to 1000 [ 318.366975][ T7906] hsr0 speed is unknown, defaulting to 1000 [ 318.374900][ T7906] hsr0 speed is unknown, defaulting to 1000 [ 318.419350][ T7908] loop5: unable to read partition table [ 318.451150][ T7908] loop5: partition table beyond EOD, truncated [ 318.496830][ T7908] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 318.614915][ T7906] infiniband syz0: set active [ 318.620295][ T7906] infiniband syz0: added hsr0 [ 318.651628][ T967] hsr0 speed is unknown, defaulting to 1000 [ 318.660963][ T7910] Dev loop5: unable to read RDB block 7 [ 318.666915][ T7910] loop5: unable to read partition table [ 318.673229][ T7910] loop5: partition table beyond EOD, truncated [ 318.680100][ T7910] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 318.719359][ T7906] RDS/IB: syz0: added [ 318.724871][ T7906] smc: adding ib device syz0 with port count 1 [ 318.731463][ T7906] smc: ib device syz0 port 1 has pnetid [ 318.741680][ T7906] hsr0 speed is unknown, defaulting to 1000 [ 318.787349][ T967] hsr0 speed is unknown, defaulting to 1000 [ 319.015227][ T7906] hsr0 speed is unknown, defaulting to 1000 [ 319.033468][ T5085] block nbd5: Receive control failed (result -32) [ 319.033476][ T51] block nbd5: Receive control failed (result -32) [ 319.280354][ T7906] hsr0 speed is unknown, defaulting to 1000 [ 319.505234][ T7906] hsr0 speed is unknown, defaulting to 1000 [ 319.627977][ T7906] hsr0 speed is unknown, defaulting to 1000 [ 320.672429][ T5814] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 320.854715][ T5814] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 320.873951][ T5814] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 320.888893][ T5814] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 320.899048][ T5814] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.951058][ T5814] usb 2-1: config 0 descriptor?? [ 320.978871][ T5814] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 320.998868][ T5814] dvb-usb: bulk message failed: -22 (3/0) [ 321.032881][ T5814] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 321.070096][ T5814] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 321.093241][ T5814] usb 2-1: media controller created [ 321.126317][ T5814] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 321.185870][ T5814] dvb-usb: bulk message failed: -22 (6/0) [ 321.210391][ T5814] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 321.233613][ T5814] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input10 [ 321.278474][ T5814] dvb-usb: schedule remote query interval to 150 msecs. [ 321.305098][ T5814] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 321.335184][ T5814] usb 2-1: USB disconnect, device number 6 [ 321.387364][ T5814] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 322.070655][ T7941] netlink: 'syz.1.550': attribute type 2 has an invalid length. [ 322.078724][ T7941] netlink: 'syz.1.550': attribute type 2 has an invalid length. [ 322.924905][ T7944] loop5: detected capacity change from 0 to 7 [ 322.978875][ T7944] Dev loop5: unable to read RDB block 7 [ 322.994075][ T7944] loop5: unable to read partition table [ 323.010616][ T7944] loop5: partition table beyond EOD, truncated [ 323.095362][ T7944] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 323.165862][ T7946] Dev loop5: unable to read RDB block 7 [ 323.171643][ T7946] loop5: unable to read partition table [ 323.243218][ T7946] loop5: partition table beyond EOD, truncated [ 323.263738][ T7946] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 324.532659][ T5085] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 324.935684][ T7978] netlink: 'syz.4.562': attribute type 2 has an invalid length. [ 324.944248][ T7978] netlink: 'syz.4.562': attribute type 2 has an invalid length. [ 328.180841][ T8002] loop5: detected capacity change from 0 to 7 [ 328.209376][ T8002] Dev loop5: unable to read RDB block 7 [ 328.225266][ T8002] loop5: unable to read partition table [ 328.231323][ T8002] loop5: partition table beyond EOD, truncated [ 328.261686][ T8002] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 328.328932][ T8006] Dev loop5: unable to read RDB block 7 [ 328.342337][ T8006] loop5: unable to read partition table [ 328.362229][ T8006] loop5: partition table beyond EOD, truncated [ 328.387953][ T8006] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 331.033879][ T8015] loop5: detected capacity change from 0 to 7 [ 331.075496][ T8015] Dev loop5: unable to read RDB block 7 [ 331.090089][ T8015] loop5: unable to read partition table [ 331.145271][ T8017] netlink: 'syz.0.573': attribute type 2 has an invalid length. [ 331.153595][ T8017] netlink: 'syz.0.573': attribute type 2 has an invalid length. [ 331.200305][ T8015] loop5: partition table beyond EOD, truncated [ 331.300008][ T8015] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 331.471573][ T8018] Dev loop5: unable to read RDB block 7 [ 331.595641][ T8018] loop5: unable to read partition table [ 331.687952][ T8018] loop5: partition table beyond EOD, truncated [ 331.773120][ T8018] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 333.843607][ T5815] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 334.046565][ T5815] usb 4-1: config index 0 descriptor too short (expected 1572, got 36) [ 334.064787][ T5815] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 334.111678][ T5815] usb 4-1: New USB device found, idVendor=05ac, idProduct=0238, bcdDevice= 0.40 [ 334.135233][ T5815] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 334.186214][ T5815] usb 4-1: Product: syz [ 334.190480][ T5815] usb 4-1: Manufacturer: syz [ 334.229678][ T5815] usb 4-1: SerialNumber: syz [ 334.299046][ T5815] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input11 [ 334.482296][ T5125] bcm5974 4-1:1.0: could not read from device [ 334.505596][ T5815] bcm5974 4-1:1.0: could not read from device [ 334.572759][ T5125] bcm5974 4-1:1.0: could not read from device [ 334.693362][ T5815] input: failed to attach handler mousedev to device input11, error: -5 [ 334.727184][ T5125] bcm5974 4-1:1.0: could not read from device [ 334.760523][ T5815] usb 4-1: USB disconnect, device number 4 [ 334.787348][ T5125] bcm5974 4-1:1.0: could not read from device [ 334.861704][ T8053] netlink: 'syz.0.588': attribute type 2 has an invalid length. [ 334.869805][ T8053] netlink: 'syz.0.588': attribute type 2 has an invalid length. [ 339.120608][ T8104] netlink: 40 bytes leftover after parsing attributes in process `syz.4.608'. [ 340.638625][ T5849] block nbd2: Possible stuck request ffff888021f68000: control (read@0,4096B). Runtime 240 seconds [ 341.918482][ T10] block nbd1: Possible stuck request ffff888021f08000: control (read@0,1024B). Runtime 240 seconds [ 341.930768][ T10] block nbd1: Possible stuck request ffff888021f08200: control (read@1024,1024B). Runtime 240 seconds [ 341.946718][ T10] block nbd1: Possible stuck request ffff888021f08400: control (read@2048,1024B). Runtime 240 seconds [ 341.962570][ T10] block nbd1: Possible stuck request ffff888021f08600: control (read@3072,1024B). Runtime 240 seconds [ 342.675720][ T8136] netlink: 'syz.4.620': attribute type 8 has an invalid length. [ 342.684057][ T8136] netlink: 8 bytes leftover after parsing attributes in process `syz.4.620'. [ 346.442224][ T5812] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 347.172412][ T5812] usb 2-1: Using ep0 maxpacket: 32 [ 347.183670][ T5812] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 347.214378][ T5812] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 347.232755][ T5812] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 347.241424][ T5812] usb 2-1: Product: syz [ 347.246309][ T5812] usb 2-1: Manufacturer: syz [ 347.250966][ T5812] usb 2-1: SerialNumber: syz [ 347.339335][ T5812] usb 2-1: config 0 descriptor?? [ 347.345874][ T8188] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 347.356142][ T5812] hub 2-1:0.0: bad descriptor, ignoring hub [ 347.365210][ T5812] hub: probe of 2-1:0.0 failed with error -5 [ 348.434062][ T5763] usb 2-1: USB disconnect, device number 7 [ 349.088122][ T8204] netlink: 12 bytes leftover after parsing attributes in process `syz.4.648'. [ 351.755118][ T8228] tipc: Enabled bearer , priority 0 [ 351.795713][ T8228] syzkaller0: entered promiscuous mode [ 351.830756][ T8228] syzkaller0: entered allmulticast mode [ 351.861044][ T8232] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(10) [ 351.868217][ T8232] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 351.878532][ T8232] vhci_hcd vhci_hcd.0: Device attached [ 352.094438][ T8232] netlink: 'syz.4.647': attribute type 12 has an invalid length. [ 352.104359][ T8228] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 353.089547][ T8233] vhci_hcd: connection closed [ 353.327750][ T6431] vhci_hcd: stop threads [ 353.385997][ T6431] vhci_hcd: release socket [ 353.520471][ T786] usb 42-1: SetAddress Request (2) to port 0 [ 353.529492][ T6431] vhci_hcd: disconnect device [ 353.531583][ T8238] tipc: Resetting bearer [ 353.556387][ T786] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd [ 353.635462][ T8227] tipc: Resetting bearer [ 353.666756][ T786] usb 42-1: enqueue for inactive port 0 [ 353.776585][ T8227] tipc: Disabling bearer [ 353.876037][ T967] tipc: Node number set to 2032993167 [ 353.936755][ T8245] netlink: 12 bytes leftover after parsing attributes in process `syz.4.651'. [ 354.122486][ T786] usb usb42-port1: attempt power cycle [ 354.993389][ T786] usb usb42-port1: unable to enumerate USB device [ 357.712434][ T8280] tipc: Started in network mode [ 357.742856][ T8280] tipc: Node identity de52c4062fbd, cluster identity 4711 [ 357.792399][ T8280] tipc: Enabled bearer , priority 0 [ 357.831903][ T8281] syzkaller0: entered promiscuous mode [ 357.837651][ T8281] syzkaller0: entered allmulticast mode [ 357.850583][ T8280] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 358.858964][ T8285] netlink: 12 bytes leftover after parsing attributes in process `syz.3.664'. [ 358.895923][ T8281] tipc: Resetting bearer [ 359.136988][ T8278] tipc: Resetting bearer [ 359.223480][ T8278] tipc: Disabling bearer [ 359.272230][ T27] tipc: Node number set to 4059022342 [ 360.543147][ T5085] Bluetooth: hci0: unexpected event for opcode 0x2006 [ 365.323053][ T8337] tipc: Started in network mode [ 365.342507][ T8337] tipc: Node identity 96b4c86a0b07, cluster identity 4711 [ 365.350107][ T8337] tipc: Enabled bearer , priority 0 [ 365.436382][ T8337] syzkaller0: entered promiscuous mode [ 365.468963][ T8337] syzkaller0: entered allmulticast mode [ 365.503275][ T8337] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 365.624899][ T8337] tipc: Resetting bearer [ 365.662951][ T8336] tipc: Resetting bearer [ 365.759114][ T8336] tipc: Disabling bearer [ 367.767401][ T8380] netlink: 12 bytes leftover after parsing attributes in process `syz.4.694'. [ 367.985043][ T8384] tipc: Started in network mode [ 367.995279][ T8384] tipc: Node identity a61287713deb, cluster identity 4711 [ 368.005787][ T8384] tipc: Enabled bearer , priority 0 [ 368.024335][ T8384] syzkaller0: entered promiscuous mode [ 368.031026][ T8384] syzkaller0: entered allmulticast mode [ 368.094765][ T8384] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 368.195697][ T8384] tipc: Resetting bearer [ 368.247886][ T5085] Bluetooth: hci2: unexpected event for opcode 0x0c25 [ 368.255419][ T8383] tipc: Resetting bearer [ 368.282861][ T8387] binder: Unknown parameter 'max7777' [ 368.346440][ T8383] tipc: Disabling bearer [ 369.941377][ T8417] kernel read not supported for file /eth0 (pid: 8417 comm: syz.1.707) [ 369.963405][ T28] audit: type=1800 audit(1782129895.891:59): pid=8417 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.707" name="eth0" dev="mqueue" ino=18444 res=0 errno=0 [ 370.007566][ T8416] syzkaller0: entered promiscuous mode [ 370.020691][ T8416] syzkaller0: entered allmulticast mode [ 370.132596][ T8423] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 370.141730][ T8423] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 370.172957][ T8423] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 370.184927][ T8423] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 371.235437][ T1095] block nbd2: Possible stuck request ffff888021f68000: control (read@0,4096B). Runtime 270 seconds [ 371.434825][ T8430] tipc: Enabled bearer , priority 0 [ 371.472833][ T8430] syzkaller0: entered promiscuous mode [ 371.512183][ T8430] syzkaller0: entered allmulticast mode [ 371.548329][ T8430] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 371.619445][ T8430] tipc: Resetting bearer [ 371.650242][ T8429] tipc: Resetting bearer [ 371.779649][ T8429] tipc: Disabling bearer [ 371.992513][ T10] block nbd1: Possible stuck request ffff888021f08000: control (read@0,1024B). Runtime 270 seconds [ 372.003644][ T10] block nbd1: Possible stuck request ffff888021f08200: control (read@1024,1024B). Runtime 270 seconds [ 372.015289][ T10] block nbd1: Possible stuck request ffff888021f08400: control (read@2048,1024B). Runtime 270 seconds [ 372.027399][ T10] block nbd1: Possible stuck request ffff888021f08600: control (read@3072,1024B). Runtime 270 seconds [ 372.552914][ T5085] Bluetooth: hci4: unexpected event for opcode 0x1408 [ 372.969270][ T8450] syzkaller0: entered promiscuous mode [ 372.979772][ T8450] syzkaller0: entered allmulticast mode [ 374.722443][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 374.981320][ T8487] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 375.183957][ T8489] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 376.792192][ T5085] Bluetooth: hci4: command 0x0406 tx timeout [ 377.435385][ T8498] syzkaller0: entered promiscuous mode [ 377.480367][ T8498] syzkaller0: entered allmulticast mode [ 377.771528][ T78] Bluetooth: (null): Invalid header checksum [ 377.802646][ T78] Bluetooth: (null): Invalid header checksum [ 377.875213][ T1304] Bluetooth: (null): Invalid header checksum [ 378.328025][ T3461] Bluetooth: (null): Invalid header checksum [ 378.342530][ T3461] Bluetooth: (null): Invalid header checksum [ 378.348767][ T3461] Bluetooth: (null): Invalid header checksum [ 378.355407][ T3461] Bluetooth: (null): Invalid header checksum [ 379.057512][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.068160][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 381.617688][ T8543] syzkaller0: entered promiscuous mode [ 381.633881][ T8543] syzkaller0: entered allmulticast mode [ 381.885436][ T8556] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 382.587082][ T9] kernel write not supported for file /input/mouse0 (pid: 9 comm: kworker/0:1) [ 382.669786][ T8556] (null): rxe_set_mtu: Set mtu to 1024 [ 382.680779][ T8556] rdma_rxe: rxe_newlink: failed to add wg2 [ 382.854344][ T8570] tipc: Enabled bearer , priority 0 [ 382.875994][ T8570] syzkaller0: entered promiscuous mode [ 382.896598][ T8570] syzkaller0: entered allmulticast mode [ 382.938655][ T8570] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 383.014147][ T8570] tipc: Resetting bearer [ 383.082533][ T8569] tipc: Resetting bearer [ 383.120587][ T8569] tipc: Disabling bearer [ 384.209988][ T8583] binder: 8582:8583 ioctl c0306201 2000000002c0 returned -14 [ 387.671084][ T8598] kvm: user requested TSC rate below hardware speed [ 390.219670][ T8620] tipc: Enabled bearer , priority 0 [ 390.229577][ T8620] syzkaller0: entered promiscuous mode [ 390.235314][ T8620] syzkaller0: entered allmulticast mode [ 390.252888][ T8620] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 390.330244][ T8626] tipc: Resetting bearer [ 390.426455][ T8617] tipc: Resetting bearer [ 390.554361][ T8617] tipc: Disabling bearer [ 391.335631][ T9] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 391.678977][ T9] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 391.841866][ T8649] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 391.861904][ T9] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 391.872871][ T9] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 392.048983][ T8655] siw: device registration error -23 [ 392.859179][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.433174][ T8640] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 393.461077][ T9] usb 4-1: Quirk or no altest; falling back to MIDI 1.0 [ 396.707062][ T5140] udevd[5140]: worker [5786] /devices/virtual/block/nbd2 timeout; kill it [ 397.140783][ T9] usb 4-1: USB disconnect, device number 5 [ 397.183802][ T5140] udevd[5140]: seq 10357 '/devices/virtual/block/nbd2' killed [ 397.191734][ T5140] udevd[5140]: worker [5780] /devices/virtual/block/nbd1 timeout; kill it [ 397.280844][ T5140] udevd[5140]: seq 10376 '/devices/virtual/block/nbd1' killed [ 397.460638][ T8666] tipc: Enabled bearer , priority 0 [ 397.474392][ T8666] syzkaller0: entered promiscuous mode [ 397.481020][ T8666] syzkaller0: entered allmulticast mode [ 397.526599][ T8666] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 397.657496][ T8667] tipc: Resetting bearer [ 397.687461][ T8665] tipc: Resetting bearer [ 397.946967][ T8665] tipc: Disabling bearer [ 399.129373][ T8673] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.539823][ T8673] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.902634][ T8] tipc: Node number set to 2645805162 [ 400.104146][ T8673] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 400.496817][ T8673] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 400.600295][ T8673] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.617300][ T8673] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.633817][ T8673] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.650523][ T8673] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.848929][ T1095] block nbd2: Possible stuck request ffff888021f68000: control (read@0,4096B). Runtime 300 seconds [ 403.851159][ T6337] block nbd1: Possible stuck request ffff888021f08000: control (read@0,1024B). Runtime 300 seconds [ 404.118982][ T6337] block nbd1: Possible stuck request ffff888021f08200: control (read@1024,1024B). Runtime 300 seconds [ 404.131873][ T6337] block nbd1: Possible stuck request ffff888021f08400: control (read@2048,1024B). Runtime 300 seconds [ 404.143210][ T6337] block nbd1: Possible stuck request ffff888021f08600: control (read@3072,1024B). Runtime 300 seconds [ 404.200734][ T8697] capability: warning: `syz.4.792' uses 32-bit capabilities (legacy support in use) [ 405.471161][ T8705] bridge1: entered promiscuous mode [ 405.562916][ T8705] bridge1: entered allmulticast mode [ 406.312524][ T8] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 406.536577][ T8710] tipc: Enabled bearer , priority 0 [ 406.563657][ T8710] syzkaller0: entered promiscuous mode [ 406.569219][ T8710] syzkaller0: entered allmulticast mode [ 406.574970][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 406.583120][ T8] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 406.603733][ T8710] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 406.605723][ T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 406.657946][ T8] usb 5-1: config 16 interface 0 altsetting 0 has an invalid endpoint with address 0xB6, skipping [ 406.681328][ T8711] tipc: Resetting bearer [ 406.702143][ T8] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 406.732537][ T8709] tipc: Resetting bearer [ 406.739013][ T8] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 406.772279][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 406.791853][ T8709] tipc: Disabling bearer [ 406.812658][ T8] usbtmc 5-1:16.0: bulk endpoints not found [ 408.745904][ T8726] siw: device registration error -23 [ 409.757146][ T786] usb 5-1: USB disconnect, device number 2 [ 410.898825][ T8737] tipc: Enabled bearer , priority 0 [ 410.906820][ T8737] syzkaller0: entered promiscuous mode [ 410.916115][ T8737] syzkaller0: entered allmulticast mode [ 410.926475][ T8737] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 410.997859][ T8737] tipc: Resetting bearer [ 411.014168][ T8736] tipc: Resetting bearer [ 411.113569][ T8736] tipc: Disabling bearer [ 412.992320][ T8756] siw: device registration error -23 [ 417.044753][ T8800] syzkaller0: entered promiscuous mode [ 417.050439][ T8800] syzkaller0: entered allmulticast mode [ 417.098701][ T8797] tipc: Enabled bearer , priority 0 [ 417.115917][ T8795] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 417.509311][ T8795] tipc: Resetting bearer [ 417.750620][ T8789] tipc: Resetting bearer [ 417.881913][ T8789] tipc: Disabling bearer [ 426.914694][ T8847] tipc: Enabled bearer , priority 0 [ 427.604587][ T8849] syzkaller0: entered promiscuous mode [ 427.677691][ T8849] syzkaller0: entered allmulticast mode [ 427.805171][ T8847] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 428.092971][ T8849] tipc: Resetting bearer [ 428.145795][ T8846] tipc: Resetting bearer [ 428.186696][ T8846] tipc: Disabling bearer [ 433.657487][ T8889] tipc: Enabled bearer , priority 0 [ 433.665306][ T8889] syzkaller0: entered promiscuous mode [ 433.671109][ T8889] syzkaller0: entered allmulticast mode [ 433.683104][ T8889] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 433.727975][ T8889] tipc: Resetting bearer [ 433.745310][ T8888] tipc: Resetting bearer [ 433.786808][ T8888] tipc: Disabling bearer [ 434.073862][ T1095] block nbd2: Possible stuck request ffff888021f68000: control (read@0,4096B). Runtime 330 seconds [ 435.026789][ T6337] block nbd1: Possible stuck request ffff888021f08000: control (read@0,1024B). Runtime 330 seconds [ 435.038981][ T6337] block nbd1: Possible stuck request ffff888021f08200: control (read@1024,1024B). Runtime 330 seconds [ 435.050457][ T6337] block nbd1: Possible stuck request ffff888021f08400: control (read@2048,1024B). Runtime 330 seconds [ 435.072358][ T6337] block nbd1: Possible stuck request ffff888021f08600: control (read@3072,1024B). Runtime 330 seconds [ 435.736255][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 435.765139][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 435.774826][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 435.792204][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 435.816234][ T51] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 435.823987][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 435.833147][ T8907] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 435.957718][ T8905] lo speed is unknown, defaulting to 1000 [ 435.988152][ T8905] hsr0 speed is unknown, defaulting to 1000 [ 438.844082][ T5085] Bluetooth: hci1: command tx timeout [ 439.833451][ T8931] tipc: Enabled bearer , priority 0 [ 439.863957][ T8931] syzkaller0: entered promiscuous mode [ 439.869759][ T8931] syzkaller0: entered allmulticast mode [ 439.970277][ T8933] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 439.995491][ T8931] tipc: Resetting bearer [ 440.037425][ T8929] tipc: Resetting bearer [ 440.122224][ T8929] tipc: Disabling bearer [ 440.140391][ T8905] chnl_net:caif_netlink_parms(): no params data found [ 440.337045][ T8905] bridge0: port 1(bridge_slave_0) entered blocking state [ 440.347088][ T8905] bridge0: port 1(bridge_slave_0) entered disabled state [ 440.362639][ T8905] bridge_slave_0: entered allmulticast mode [ 440.376199][ T8905] bridge_slave_0: entered promiscuous mode [ 440.477526][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.484158][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.486919][ T8905] bridge0: port 2(bridge_slave_1) entered blocking state [ 440.522391][ T8905] bridge0: port 2(bridge_slave_1) entered disabled state [ 440.530990][ T8905] bridge_slave_1: entered allmulticast mode [ 440.543778][ T8905] bridge_slave_1: entered promiscuous mode [ 440.644969][ T8905] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 440.663919][ T8905] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 440.745611][ T8905] team0: Port device team_slave_0 added [ 440.767930][ T8905] team0: Port device team_slave_1 added [ 440.856570][ T8905] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 440.864465][ T8905] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 440.892368][ T5085] Bluetooth: hci1: command tx timeout [ 440.902427][ T8905] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 440.935326][ T8905] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 440.952813][ T8905] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 441.011246][ T8905] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 441.116260][ T8905] hsr_slave_0: entered promiscuous mode [ 441.124443][ T8905] hsr_slave_1: entered promiscuous mode [ 441.131733][ T8905] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 441.142272][ T8905] Cannot create hsr debugfs directory [ 441.367743][ T8905] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 441.385670][ T8905] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 441.396965][ T8905] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 441.410898][ T8905] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 441.508324][ T8905] 8021q: adding VLAN 0 to HW filter on device bond0 [ 441.537883][ T8905] 8021q: adding VLAN 0 to HW filter on device team0 [ 441.554206][ T1304] bridge0: port 1(bridge_slave_0) entered blocking state [ 441.561480][ T1304] bridge0: port 1(bridge_slave_0) entered forwarding state [ 441.582699][ T996] bridge0: port 2(bridge_slave_1) entered blocking state [ 441.589919][ T996] bridge0: port 2(bridge_slave_1) entered forwarding state [ 441.833036][ T8905] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 442.101305][ T8905] veth0_vlan: entered promiscuous mode [ 442.118241][ T8905] veth1_vlan: entered promiscuous mode [ 442.158392][ T8905] veth0_macvtap: entered promiscuous mode [ 442.169077][ T8905] veth1_macvtap: entered promiscuous mode [ 442.191241][ T8905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 442.202490][ T8905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.213570][ T8905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 442.225235][ T8905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.235785][ T8905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 442.246960][ T8905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.256937][ T8905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 442.268376][ T8905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.280843][ T8905] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 442.296678][ T8905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 442.308453][ T8905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.319751][ T8905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 442.331423][ T8905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.341808][ T8905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 442.352380][ T8905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.363733][ T8905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 442.375748][ T8905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.385851][ T8905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 442.398996][ T8905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.411112][ T8905] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 442.428407][ T8905] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 442.439033][ T8905] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 442.448185][ T8905] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 442.457825][ T8905] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 442.579804][ T996] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 442.602695][ T996] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 442.631918][ T1304] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 442.643173][ T1304] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 442.953422][ T5085] Bluetooth: hci1: command tx timeout [ 443.801237][ T8955] tipc: Enabled bearer , priority 0 [ 443.836102][ T8955] syzkaller0: entered promiscuous mode [ 443.844798][ T8955] syzkaller0: entered allmulticast mode [ 443.965243][ T8958] tipc: Resetting bearer [ 444.170705][ T8951] tipc: Resetting bearer [ 444.611325][ T8951] tipc: Disabling bearer [ 445.033615][ T5085] Bluetooth: hci1: command tx timeout [ 445.603347][ T27] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 445.792313][ T27] usb 4-1: Using ep0 maxpacket: 8 [ 445.807138][ T27] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 445.817666][ T27] usb 4-1: config 0 has no interface number 0 [ 445.834379][ T27] usb 4-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 445.862874][ T27] usb 4-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping [ 445.890601][ T27] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 445.913255][ T27] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 445.932868][ T27] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 445.974885][ T27] usb 4-1: config 0 descriptor?? [ 445.989241][ T27] ldusb 4-1:0.55: Interrupt in endpoint not found [ 446.204681][ T27] usb 4-1: USB disconnect, device number 6 [ 448.209052][ T8979] tipc: Enabled bearer , priority 0 [ 448.217629][ T8979] syzkaller0: entered promiscuous mode [ 448.223843][ T8979] syzkaller0: entered allmulticast mode [ 448.666543][ T8979] tipc: Resetting bearer [ 448.682691][ T983] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 448.732147][ T983] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 448.757206][ T8976] tipc: Resetting bearer [ 448.943119][ T8976] tipc: Disabling bearer [ 449.750016][ T8991] tipc: Enabled bearer , priority 0 [ 449.792647][ T8991] syzkaller0: entered promiscuous mode [ 449.798221][ T8991] syzkaller0: entered allmulticast mode [ 449.923276][ T8993] tipc: Resetting bearer [ 449.991375][ T8990] tipc: Resetting bearer [ 450.181782][ T8990] tipc: Disabling bearer [ 454.708492][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 454.741885][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 455.312667][ T9038] tipc: Started in network mode [ 455.317673][ T9038] tipc: Node identity b21573d61fa3, cluster identity 4711 [ 455.442435][ T9038] tipc: Enabled bearer , priority 0 [ 455.449757][ T9039] syzkaller0: entered promiscuous mode [ 455.462746][ T9039] syzkaller0: entered allmulticast mode [ 456.455332][ T9038] tipc: Resetting bearer [ 456.511393][ T9036] tipc: Resetting bearer [ 456.623130][ T9036] tipc: Disabling bearer [ 456.905490][ T8] tipc: Node number set to 2914415574 [ 458.667309][ T9053] gfs2: gfs2 mount does not exist [ 460.285033][ T9068] o2cb: This node has not been configured. [ 460.311692][ T9068] o2cb: Cluster check failed. Fix errors before retrying. [ 460.322545][ T9068] (syz.5.890,9068,1):user_dlm_register:674 ERROR: status = -22 [ 460.330254][ T9068] (syz.5.890,9068,1):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file1" [ 460.608875][ T9076] [U] ¥ [ 460.612156][ T9076] [U] [ 460.614918][ T9076] [U] [ 460.617683][ T9076] [U] [ 460.620427][ T9076] [U] [ 460.623267][ T9076] [U] [ 460.626025][ T9076] [U] [ 460.628791][ T9076] [U] [ 460.643553][ T9076] [U] [ 460.646369][ T9076] [U] [ 460.649135][ T9076] [U] [ 460.651900][ T9076] [U] [ 460.654655][ T9076] [U] [ 460.657411][ T9076] [U] [ 460.660250][ T9076] [U] [ 460.663014][ T9076] [U] [ 460.673299][ T9076] [U] [ 460.676112][ T9076] [U] [ 460.678888][ T9076] [U] [ 460.681635][ T9076] [U] [ 460.684386][ T9076] [U] [ 460.687141][ T9076] [U] [ 460.689900][ T9076] [U] [ 460.692751][ T9076] [U] [ 460.704834][ T9076] [U] [ 460.707730][ T9076] [U] [ 460.710577][ T9076] [U] [ 460.713725][ T9076] [U] [ 460.716475][ T9076] [U] [ 460.719226][ T9076] [U] [ 460.722066][ T9076] [U] [ 460.724823][ T9076] [U] [ 460.750875][ T9076] [U] [ 460.753719][ T9076] [U] [ 460.756471][ T9076] [U] [ 460.759234][ T9076] [U] [ 460.762075][ T9076] [U] [ 460.764828][ T9076] [U] [ 460.767581][ T9076] [U] [ 460.770328][ T9076] [U] [ 460.781292][ T9076] [U] [ 460.784352][ T9076] [U] [ 460.787103][ T9076] [U] [ 460.789859][ T9076] [U] [ 460.792630][ T9076] [U] [ 460.795384][ T9076] [U] [ 460.798311][ T9076] [U] [ 460.801247][ T9076] [U] [ 460.812399][ T9076] [U] [ 460.815299][ T9076] [U] [ 460.818161][ T9076] [U] [ 460.820924][ T9076] [U] [ 460.823703][ T9076] [U] [ 460.826463][ T9076] [U] [ 460.829305][ T9076] [U] [ 460.832052][ T9076] [U] [ 460.844820][ T9076] [U] [ 460.847624][ T9076] [U] [ 460.850378][ T9076] [U] [ 460.853225][ T9076] [U] [ 460.855986][ T9076] [U] [ 460.858742][ T9076] [U] [ 460.861506][ T9076] [U] [ 460.864264][ T9076] [U] [ 460.890696][ T9076] [U] [ 460.893550][ T9076] [U] [ 460.896308][ T9076] [U] [ 460.899089][ T9076] [U] [ 460.901925][ T9076] [U] [ 460.904791][ T9076] [U] [ 460.907568][ T9076] [U] [ 460.910349][ T9076] [U] [ 460.920845][ T9076] [U] [ 460.923665][ T9076] [U] [ 460.926425][ T9076] [U] [ 460.929198][ T9076] [U] [ 460.931950][ T9076] [U] [ 460.934739][ T9076] [U] [ 460.937496][ T9076] [U] [ 460.940251][ T9076] [U] [ 460.951649][ T9076] [U] [ 460.954467][ T9076] [U] [ 460.957317][ T9076] [U] [ 460.960071][ T9076] [U] [ 460.962824][ T9076] [U] [ 460.965726][ T9076] [U] [ 460.968474][ T9076] [U] [ 460.971269][ T9076] [U] [ 461.006701][ T9076] [U] [ 461.009649][ T9076] [U] [ 461.012404][ T9076] [U] [ 461.015160][ T9076] [U] [ 461.017916][ T9076] [U] [ 461.020679][ T9076] [U] [ 461.023435][ T9076] [U] [ 461.026195][ T9076] [U] [ 461.047398][ T9076] [U] [ 461.050202][ T9076] [U] [ 461.052966][ T9076] [U] [ 461.055713][ T9076] [U] [ 461.058460][ T9076] [U] [ 461.061214][ T9076] [U] [ 461.064010][ T9076] [U] [ 461.066762][ T9076] [U] [ 461.076825][ T9076] [U] [ 461.079624][ T9076] [U] [ 461.082378][ T9076] [U] [ 461.085133][ T9076] [U] [ 461.087882][ T9076] [U] [ 461.090645][ T9076] [U] [ 461.093508][ T9076] [U] [ 461.096271][ T9076] [U] [ 461.149851][ T9076] [U] [ 461.152710][ T9076] [U] [ 461.155477][ T9076] [U] [ 461.158223][ T9076] [U] [ 461.160979][ T9076] [U] [ 461.163750][ T9076] [U] [ 461.166500][ T9076] [U] [ 461.169244][ T9076] [U] [ 461.189348][ T9076] [U] [ 461.192187][ T9076] [U] [ 461.195024][ T9076] [U] [ 461.197779][ T9076] [U] [ 461.200620][ T9076] [U] [ 461.203372][ T9076] [U] [ 461.206123][ T9076] [U] [ 461.221724][ T9078] tipc: Enabled bearer , priority 0 [ 461.254640][ T9075] [U] [ 461.262518][ T9078] syzkaller0: entered promiscuous mode [ 461.268111][ T9078] syzkaller0: entered allmulticast mode [ 461.314352][ T9078] tipc: Resetting bearer [ 461.345342][ T9077] tipc: Resetting bearer [ 461.409870][ T9077] tipc: Disabling bearer [ 461.913243][ T9087] 9pnet_virtio: no channels available for device syz [ 462.312218][ T5085] Bluetooth: hci1: command tx timeout [ 465.291275][ T1095] block nbd2: Possible stuck request ffff888021f68000: control (read@0,4096B). Runtime 360 seconds [ 465.453453][ T6337] block nbd1: Possible stuck request ffff888021f08000: control (read@0,1024B). Runtime 360 seconds [ 465.465353][ T6337] block nbd1: Possible stuck request ffff888021f08200: control (read@1024,1024B). Runtime 360 seconds [ 465.476699][ T6337] block nbd1: Possible stuck request ffff888021f08400: control (read@2048,1024B). Runtime 360 seconds [ 465.487961][ T6337] block nbd1: Possible stuck request ffff888021f08600: control (read@3072,1024B). Runtime 360 seconds [ 468.764606][ T9123] tipc: Enabled bearer , priority 0 [ 468.826303][ T9124] syzkaller0: entered promiscuous mode [ 468.841502][ T9124] syzkaller0: entered allmulticast mode [ 468.909729][ T9123] tipc: Resetting bearer [ 468.969858][ T9122] tipc: Resetting bearer [ 469.272143][ T9122] tipc: Disabling bearer [ 472.186628][ T9147] syzkaller0: entered promiscuous mode [ 472.194109][ T9147] syzkaller0: entered allmulticast mode [ 472.252790][ T9147] tipc: Enabled bearer , priority 0 [ 472.307949][ T9147] tipc: Resetting bearer [ 472.348957][ T9146] tipc: Resetting bearer [ 472.423164][ T5085] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 472.434702][ T5085] CPU: 1 PID: 5085 Comm: kworker/u5:1 Not tainted syzkaller #0 [ 472.442340][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 472.452475][ T5085] Workqueue: hci2 hci_rx_work [ 472.457402][ T5085] Call Trace: [ 472.460787][ T5085] [ 472.463837][ T5085] dump_stack_lvl+0x18c/0x250 [ 472.468673][ T5085] ? show_regs_print_info+0x20/0x20 [ 472.473984][ T5085] ? load_image+0x420/0x420 [ 472.478590][ T5085] sysfs_create_dir_ns+0x26e/0x2a0 [ 472.483807][ T5085] ? __lock_acquire+0x7d80/0x7d80 [ 472.488989][ T5085] ? sysfs_warn_dup+0xa0/0xa0 [ 472.493986][ T5085] ? do_raw_spin_unlock+0x121/0x230 [ 472.499355][ T5085] kobject_add_internal+0x617/0xc90 [ 472.504715][ T5085] kobject_add+0x164/0x240 [ 472.509192][ T5085] ? kobject_init+0x1d0/0x1d0 [ 472.514030][ T5085] ? get_device_parent+0x366/0x390 [ 472.519338][ T5085] device_add+0x3fa/0xc40 [ 472.523730][ T5085] hci_conn_add_sysfs+0xd5/0x1e0 [ 472.528917][ T5085] le_conn_complete_evt+0xe9f/0x1480 [ 472.534254][ T5085] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 472.540550][ T5085] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 472.546322][ T5085] ? mutex_unlock+0x10/0x10 [ 472.550888][ T5085] ? skb_pull_data+0xf0/0x1f0 [ 472.555726][ T5085] hci_le_enh_conn_complete_evt+0x189/0x460 [ 472.561686][ T5085] ? hci_le_remote_conn_param_req_evt+0xcb0/0xcb0 [ 472.568243][ T5085] ? hci_remote_host_features_evt+0x150/0x150 [ 472.574368][ T5085] hci_event_packet+0x7b4/0x1280 [ 472.579367][ T5085] ? __lock_acquire+0x7d80/0x7d80 [ 472.584433][ T5085] ? lock_chain_count+0x20/0x20 [ 472.589323][ T5085] ? bis_list+0x290/0x290 [ 472.593696][ T5085] ? lockdep_hardirqs_on+0x98/0x150 [ 472.599572][ T5085] ? hci_send_to_monitor+0xd7/0x4f0 [ 472.604815][ T5085] hci_rx_work+0x43a/0xd60 [ 472.609292][ T5085] ? process_scheduled_works+0x975/0x1600 [ 472.615105][ T5085] process_scheduled_works+0xa60/0x1600 [ 472.620990][ T5085] ? worker_attach_to_pool+0x370/0x370 [ 472.626584][ T5085] ? assign_work+0x3cc/0x5d0 [ 472.631391][ T5085] worker_thread+0xa5e/0xfe0 [ 472.636227][ T5085] ? _raw_spin_unlock+0x40/0x40 [ 472.641583][ T5085] ? __kthread_parkme+0x71/0x1c0 [ 472.646858][ T5085] kthread+0x2fa/0x390 [ 472.651154][ T5085] ? pr_cont_work+0x550/0x550 [ 472.656059][ T5085] ? kthread_blkcg+0xd0/0xd0 [ 472.660772][ T5085] ret_from_fork+0x48/0x80 [ 472.665281][ T5085] ? kthread_blkcg+0xd0/0xd0 [ 472.670259][ T5085] ret_from_fork_asm+0x11/0x20 [ 472.675120][ T5085] [ 472.709937][ T9146] tipc: Disabling bearer [ 472.731356][ T5085] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 472.752373][ T5085] Bluetooth: hci2: failed to register connection device [ 473.193025][ T9162] tipc: Enabling of bearer rejected, failed to enable media [ 473.343297][ T9152] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 473.372924][ T9152] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 473.563149][ T9152] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 473.618862][ T9152] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 473.683420][ T9152] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 473.772373][ T9152] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 473.812160][ T9152] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 473.882580][ T9152] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 474.243653][ T9174] netlink: 64 bytes leftover after parsing attributes in process `syz.5.922'. [ 474.872212][ T5085] Bluetooth: hci2: command 0x0406 tx timeout [ 475.677327][ T5085] Bluetooth: hci4: command 0x0406 tx timeout [ 475.752302][ T5085] Bluetooth: hci1: command 0x0c1a tx timeout [ 477.468450][ T5085] Bluetooth: hci2: command 0x0406 tx timeout [ 477.759150][ T5085] Bluetooth: hci4: command 0x0406 tx timeout [ 477.832197][ T5085] Bluetooth: hci1: command 0x0c1a tx timeout [ 478.289943][ T9202] tipc: Enabled bearer , priority 0 [ 478.298176][ T9202] syzkaller0: entered promiscuous mode [ 478.304285][ T9202] syzkaller0: entered allmulticast mode [ 478.368428][ T9202] tipc: Resetting bearer [ 478.438445][ T9201] tipc: Resetting bearer [ 478.619805][ T9201] tipc: Disabling bearer [ 479.317897][ T9208] netlink: 64 bytes leftover after parsing attributes in process `syz.5.932'. [ 479.513246][ T5085] Bluetooth: hci2: command 0x0406 tx timeout [ 479.912220][ T5085] Bluetooth: hci1: command 0x0c1a tx timeout [ 482.239262][ T9235] 9pnet_virtio: no channels available for device syz [ 483.769726][ T9237] netlink: 64 bytes leftover after parsing attributes in process `syz.3.944'. [ 483.963875][ T9228] tipc: Enabled bearer , priority 0 [ 484.079036][ T9243] syzkaller0: entered promiscuous mode [ 484.126099][ T9243] syzkaller0: entered allmulticast mode [ 484.372809][ T9243] tipc: Resetting bearer [ 484.481947][ T9227] tipc: Resetting bearer [ 484.794817][ T9227] tipc: Disabling bearer [ 486.657315][ T9266] usb usb7: usbfs: process 9266 (syz.1.951) did not claim interface 0 before use [ 486.906145][ T9274] tipc: Enabled bearer , priority 0 [ 486.929487][ T9274] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 486.981242][ T9274] tipc: Resetting bearer [ 487.087267][ T9273] tipc: Disabling bearer [ 489.763966][ T9294] syzkaller0: entered promiscuous mode [ 489.856560][ T9294] syzkaller0: entered allmulticast mode [ 492.058225][ T9307] (null): rxe_set_mtu: Set mtu to 1024 [ 492.067861][ T9307] rdma_rxe: rxe_newlink: failed to add hsr0 [ 494.083306][ T9314] tipc: Enabled bearer , priority 0 [ 494.132927][ T9314] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 494.218038][ T9314] tipc: Resetting bearer [ 494.359887][ T9313] tipc: Disabling bearer [ 495.513118][ T1095] block nbd2: Possible stuck request ffff888021f68000: control (read@0,4096B). Runtime 390 seconds [ 495.515280][ T6337] block nbd1: Possible stuck request ffff888021f08000: control (read@0,1024B). Runtime 390 seconds [ 495.535844][ T6337] block nbd1: Possible stuck request ffff888021f08200: control (read@1024,1024B). Runtime 390 seconds [ 495.547528][ T6337] block nbd1: Possible stuck request ffff888021f08400: control (read@2048,1024B). Runtime 390 seconds [ 495.558923][ T6337] block nbd1: Possible stuck request ffff888021f08600: control (read@3072,1024B). Runtime 390 seconds [ 496.578724][ T9338] (null): rxe_set_mtu: Set mtu to 1024 [ 496.587877][ T9338] rdma_rxe: rxe_newlink: failed to add hsr0 [ 498.601779][ T9348] tipc: Enabled bearer , priority 0 [ 498.643564][ T9348] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 498.777873][ T9348] tipc: Resetting bearer [ 498.814358][ T9347] tipc: Disabling bearer [ 498.935143][ T2890] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 498.976786][ T2890] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 499.428822][ T9356] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 499.492115][ T9356] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 499.792294][ T9356] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 499.822363][ T9356] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 500.117246][ T9356] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 500.142155][ T9356] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 500.313932][ T9356] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 500.348526][ T9356] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 500.608419][ T9356] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 20004 - 0 [ 500.617659][ T9356] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 500.652844][ T9356] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 20004 - 0 [ 500.661682][ T9356] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 500.745331][ T9356] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 20004 - 0 [ 500.754472][ T9356] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 500.777510][ T9356] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 20004 - 0 [ 500.787197][ T9356] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 501.916710][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.932500][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.392225][ T9376] (null): rxe_set_mtu: Set mtu to 1024 [ 503.398037][ T9376] rdma_rxe: rxe_newlink: failed to add hsr0 [ 506.114807][ T9384] syzkaller0: entered promiscuous mode [ 506.120552][ T9384] syzkaller0: entered allmulticast mode [ 506.183237][ T9384] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 507.453215][ T9390] comedi comedi0: reset error (fatal) [ 508.095284][ T9] IPVS: starting estimator thread 0... [ 508.192920][ T9406] IPVS: using max 16 ests per chain, 38400 per kthread [ 509.331337][ T9425] syzkaller0: entered promiscuous mode [ 509.348695][ T9425] syzkaller0: entered allmulticast mode [ 509.367218][ T9425] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 510.702164][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 513.690682][ T9448] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1009'. [ 514.966856][ T9457] syzkaller0: entered promiscuous mode [ 514.983951][ T9457] syzkaller0: entered allmulticast mode [ 515.071436][ T9463] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 519.803327][ T9489] 9pnet_virtio: no channels available for device syz [ 520.594522][ T9494] syzkaller0: entered promiscuous mode [ 520.623266][ T9494] syzkaller0: entered allmulticast mode [ 520.648346][ T9494] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 521.727903][ T9509] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1028'. [ 523.931850][ T9528] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1032'. [ 525.755090][ T6337] block nbd1: Possible stuck request ffff888021f08000: control (read@0,1024B). Runtime 420 seconds [ 525.781785][ T6337] block nbd1: Possible stuck request ffff888021f08200: control (read@1024,1024B). Runtime 420 seconds [ 525.830723][ T6337] block nbd1: Possible stuck request ffff888021f08400: control (read@2048,1024B). Runtime 420 seconds [ 525.880990][ T6337] block nbd1: Possible stuck request ffff888021f08600: control (read@3072,1024B). Runtime 420 seconds [ 527.139813][ T1095] block nbd2: Possible stuck request ffff888021f68000: control (read@0,4096B). Runtime 420 seconds [ 527.815933][ T9551] syzkaller0: entered promiscuous mode [ 527.821486][ T9551] syzkaller0: entered allmulticast mode [ 527.865292][ T9551] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 532.907987][ T9591] syzkaller0: entered promiscuous mode [ 532.922168][ T9591] syzkaller0: entered allmulticast mode [ 532.944993][ T9591] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 533.475202][ T6431] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 533.532353][ T6431] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 537.542122][ T27] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 537.772128][ T27] usb 1-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65 [ 537.781445][ T27] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 538.482147][ T27] usb 1-1: Product: syz [ 538.486406][ T27] usb 1-1: Manufacturer: syz [ 538.491060][ T27] usb 1-1: SerialNumber: syz [ 538.508092][ T27] usb 1-1: config 0 descriptor?? [ 538.732256][ T27] usb 1-1: ignoring: probably an ADSL modem [ 539.256739][ T27] cxacru 1-1:0.0: usbatm_usb_probe: bind failed: -19! [ 539.279251][ T27] usb 1-1: USB disconnect, device number 3 [ 541.247868][ T9648] binder_alloc: 9646: binder_alloc_buf size 16384 failed, no address space [ 541.272501][ T9648] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 543.370283][ T786] IPVS: starting estimator thread 0... [ 543.502499][ T9669] IPVS: using max 16 ests per chain, 38400 per kthread [ 547.232385][ T8] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 547.433076][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 547.468796][ T8] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 547.504746][ T8] usb 1-1: config 4 has 0 interfaces, different from the descriptor's value: 1 [ 547.525775][ T8] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=76.fe [ 547.535463][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 547.543731][ T8] usb 1-1: Product: syz [ 547.548216][ T8] usb 1-1: Manufacturer: syz [ 547.554786][ T8] usb 1-1: SerialNumber: syz [ 547.777123][ T27] usb 1-1: USB disconnect, device number 4 [ 549.272703][ T9715] tipc: Enabled bearer , priority 0 [ 549.338964][ T9715] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 549.442558][ T9714] tipc: Disabling bearer [ 549.703759][ T9721] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1099'. [ 549.774609][ T9721] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.889217][ T9721] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.138195][ T9721] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.156381][ T9734] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 551.275490][ T9721] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.489671][ T9721] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.537003][ T9721] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.577960][ T9721] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.642579][ T9721] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 552.082947][ T9741] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1103'. [ 552.377725][ T9741] bond1: entered promiscuous mode [ 554.404662][ T9758] netlink: 'syz.5.1106': attribute type 1 has an invalid length. [ 554.483595][ T9758] 8021q: adding VLAN 0 to HW filter on device bond1 [ 554.579406][ T9765] tipc: Enabled bearer , priority 0 [ 554.682297][ T9761] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 554.723741][ T28] audit: type=1326 audit(1782130080.641:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9757 comm="syz.5.1106" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf8f99ce59 code=0x7ffc0000 [ 554.750014][ T28] audit: type=1326 audit(1782130080.641:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9757 comm="syz.5.1106" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf8f99ce59 code=0x7ffc0000 [ 554.779610][ T28] audit: type=1326 audit(1782130080.641:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9757 comm="syz.5.1106" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=241 compat=0 ip=0x7fdf8f99ce59 code=0x7ffc0000 [ 554.875534][ T28] audit: type=1326 audit(1782130080.651:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9757 comm="syz.5.1106" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf8f99ce59 code=0x7ffc0000 [ 555.151883][ T28] audit: type=1326 audit(1782130080.651:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9757 comm="syz.5.1106" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf8f99ce59 code=0x7ffc0000 [ 555.386912][ T28] audit: type=1326 audit(1782130080.651:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9757 comm="syz.5.1106" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fdf8f99ce59 code=0x7ffc0000 [ 555.661607][ T9758] bond1: (slave veth3): Enslaving as an active interface with a down link [ 555.711011][ T9762] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 555.717195][ T9775] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1111'. [ 555.736495][ T9762] bond1: (slave batadv1): making interface the new active one [ 555.751377][ T9762] batadv1: entered promiscuous mode [ 555.758434][ T9762] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 556.312734][ T6337] block nbd1: Possible stuck request ffff888021f08000: control (read@0,1024B). Runtime 450 seconds [ 556.358009][ T6337] block nbd1: Possible stuck request ffff888021f08200: control (read@1024,1024B). Runtime 450 seconds [ 556.405455][ T6337] block nbd1: Possible stuck request ffff888021f08400: control (read@2048,1024B). Runtime 450 seconds [ 556.451793][ T6337] block nbd1: Possible stuck request ffff888021f08600: control (read@3072,1024B). Runtime 450 seconds [ 556.678331][ T9759] tipc: Disabling bearer [ 556.952292][ T29] INFO: task udevd:5780 blocked for more than 143 seconds. [ 556.963187][ T29] Not tainted syzkaller #0 [ 557.006862][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 557.041828][ T29] task:udevd state:D stack:25896 pid:5780 ppid:5140 flags:0x00004006 [ 557.068120][ T29] Call Trace: [ 557.078925][ T29] [ 557.086913][ T29] __schedule+0x15ae/0x4660 [ 557.097311][ T29] ? asan.module_dtor+0x20/0x20 [ 557.111623][ T29] ? mark_lock+0x94/0x320 [ 557.117598][ T29] ? __lock_acquire+0x7d80/0x7d80 [ 557.130977][ T29] ? lock_chain_count+0x20/0x20 [ 557.144053][ T29] ? _raw_spin_lock_irq+0xbb/0xf0 [ 557.157277][ T29] ? _raw_spin_lock_irqsave+0x100/0x100 [ 557.172153][ T29] schedule+0xbd/0x170 [ 557.184001][ T29] io_schedule+0x80/0xd0 [ 557.195987][ T29] folio_wait_bit_common+0x881/0xfa0 [ 557.210103][ T29] ? folio_wait_bit+0x30/0x30 [ 557.220839][ T29] ? _compound_head+0x120/0x120 [ 557.231664][ T29] ? filemap_add_folio+0x190/0x3d0 [ 557.247282][ T29] ? __filemap_get_folio+0x71e/0xbe0 [ 557.259791][ T29] ? blkdev_writepage+0x30/0x30 [ 557.277967][ T29] do_read_cache_folio+0x1c0/0x7f0 [ 557.283580][ T29] ? blkdev_writepage+0x30/0x30 [ 557.289006][ T29] read_part_sector+0xd2/0x350 [ 557.296592][ T29] adfspart_check_POWERTEC+0x93/0xed0 [ 557.302484][ T29] ? adfspart_check_ADFS+0x620/0x620 [ 557.309066][ T29] ? put_partition+0x360/0x360 [ 557.314276][ T29] ? alloc_pages+0x4e1/0x740 [ 557.319119][ T29] bdev_disk_changed+0x755/0x1450 [ 557.324869][ T29] ? bdev_resize_partition+0xf0/0xf0 [ 557.331505][ T29] ? _atomic_dec_and_lock+0x93/0x120 [ 557.349721][ T29] ? iput+0x33f/0x900 [ 557.354463][ T29] blkdev_get_whole+0x30d/0x390 [ 557.359696][ T29] blkdev_get_by_dev+0x3a9/0x610 [ 557.370641][ T29] blkdev_open+0x14e/0x360 [ 557.375663][ T29] do_dentry_open+0x880/0x14b0 [ 557.380685][ T29] ? blkdev_mmap+0x1b0/0x1b0 [ 557.394965][ T29] path_openat+0x284f/0x3270 [ 557.401028][ T29] ? do_sys_openat2+0xda/0x1d0 [ 557.413341][ T29] ? __x64_sys_openat+0x139/0x160 [ 557.419503][ T29] ? verify_lock_unused+0x140/0x140 [ 557.429867][ T29] ? do_filp_open+0x430/0x430 [ 557.435640][ T29] do_filp_open+0x1f2/0x430 [ 557.441495][ T29] ? vfs_tmpfile+0x480/0x480 [ 557.447781][ T29] ? _raw_spin_unlock+0x28/0x40 [ 557.453416][ T29] ? alloc_fd+0x590/0x640 [ 557.458163][ T29] do_sys_openat2+0x134/0x1d0 [ 557.464184][ T29] ? do_sys_open+0xe0/0xe0 [ 557.469092][ T29] ? lockdep_hardirqs_on_prepare+0x44c/0x7d0 [ 557.476329][ T29] ? lock_chain_count+0x20/0x20 [ 557.482831][ T29] __x64_sys_openat+0x139/0x160 [ 557.488092][ T29] do_syscall_64+0x55/0xb0 [ 557.494359][ T29] ? clear_bhb_loop+0x40/0x90 [ 557.499633][ T29] ? clear_bhb_loop+0x40/0x90 [ 557.505368][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 557.511745][ T29] RIP: 0033:0x7fd24eca7407 [ 557.518563][ T29] RSP: 002b:00007fffa6a46410 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 557.527803][ T29] RAX: ffffffffffffffda RBX: 00007fd24f466880 RCX: 00007fd24eca7407 [ 557.537334][ T29] RDX: 00000000000a0800 RSI: 00005612d843e320 RDI: ffffffffffffff9c [ 557.552338][ T29] RBP: 00005612d8421910 R08: 0000000000000000 R09: 0000000000000000 [ 557.560947][ T29] R10: 0000000000000000 R11: 0000000000000202 R12: 00005612d8434e20 [ 557.575196][ T29] R13: 00005612d8439410 R14: 0000000000000000 R15: 00005612d8434e20 [ 557.586727][ T29] [ 557.628576][ T1095] block nbd2: Possible stuck request ffff888021f68000: control (read@0,4096B). Runtime 450 seconds [ 557.631402][ T29] INFO: task udevd:5786 blocked for more than 143 seconds. [ 557.722258][ T29] Not tainted syzkaller #0 [ 557.746498][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 557.764579][ T29] task:udevd state:D stack:25256 pid:5786 ppid:5140 flags:0x00004006 [ 557.794550][ T29] Call Trace: [ 557.807755][ T29] [ 557.814627][ T29] __schedule+0x15ae/0x4660 [ 557.825514][ T29] ? asan.module_dtor+0x20/0x20 [ 557.834807][ T29] ? mark_lock+0x94/0x320 [ 557.839341][ T29] ? __lock_acquire+0x7d80/0x7d80 [ 557.849536][ T29] ? lock_chain_count+0x20/0x20 [ 557.860730][ T29] ? _raw_spin_lock_irq+0xbb/0xf0 [ 557.869850][ T29] ? _raw_spin_lock_irqsave+0x100/0x100 [ 557.882260][ T29] schedule+0xbd/0x170 [ 557.897828][ T29] io_schedule+0x80/0xd0 [ 557.909050][ T29] folio_wait_bit_common+0x881/0xfa0 [ 557.919135][ T29] ? folio_wait_bit+0x30/0x30 [ 557.929660][ T29] ? _compound_head+0x120/0x120 [ 557.939022][ T29] ? filemap_add_folio+0x190/0x3d0 [ 557.944796][ T29] ? __filemap_get_folio+0x71e/0xbe0 [ 557.950412][ T29] ? blkdev_writepage+0x30/0x30 [ 557.955928][ T29] do_read_cache_folio+0x1c0/0x7f0 [ 557.961328][ T29] ? blkdev_writepage+0x30/0x30 [ 557.966824][ T29] read_part_sector+0xd2/0x350 [ 557.971889][ T29] adfspart_check_POWERTEC+0x93/0xed0 [ 557.977786][ T29] ? adfspart_check_ADFS+0x620/0x620 [ 557.985999][ T29] ? put_partition+0x360/0x360 [ 557.990948][ T29] ? alloc_pages+0x4e1/0x740 [ 558.001067][ T29] bdev_disk_changed+0x755/0x1450 [ 558.006774][ T29] ? bdev_resize_partition+0xf0/0xf0 [ 558.018973][ T29] ? _atomic_dec_and_lock+0x93/0x120 [ 558.025846][ T29] ? iput+0x33f/0x900 [ 558.037312][ T29] blkdev_get_whole+0x30d/0x390 [ 558.044346][ T29] blkdev_get_by_dev+0x3a9/0x610 [ 558.052489][ T29] blkdev_open+0x14e/0x360 [ 558.057168][ T29] do_dentry_open+0x880/0x14b0 [ 558.063389][ T29] ? blkdev_mmap+0x1b0/0x1b0 [ 558.072264][ T29] path_openat+0x284f/0x3270 [ 558.077030][ T29] ? do_sys_openat2+0xda/0x1d0 [ 558.083556][ T29] ? __x64_sys_openat+0x139/0x160 [ 558.092165][ T29] ? verify_lock_unused+0x140/0x140 [ 558.097641][ T29] ? do_filp_open+0x430/0x430 [ 558.105729][ T29] ? lockdep_hardirqs_on_prepare+0x44c/0x7d0 [ 558.116043][ T29] do_filp_open+0x1f2/0x430 [ 558.120715][ T29] ? vfs_tmpfile+0x480/0x480 [ 558.127214][ T29] ? _raw_spin_unlock+0x28/0x40 [ 558.132447][ T29] ? alloc_fd+0x590/0x640 [ 558.142638][ T29] do_sys_openat2+0x134/0x1d0 [ 558.147481][ T29] ? do_sys_open+0xe0/0xe0 [ 558.153871][ T29] ? lockdep_hardirqs_on_prepare+0x44c/0x7d0 [ 558.163496][ T29] ? lock_chain_count+0x20/0x20 [ 558.173764][ T29] __x64_sys_openat+0x139/0x160 [ 558.182556][ T29] do_syscall_64+0x55/0xb0 [ 558.187347][ T29] ? clear_bhb_loop+0x40/0x90 [ 558.193008][ T29] ? clear_bhb_loop+0x40/0x90 [ 558.197948][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 558.209183][ T29] RIP: 0033:0x7fd24eca7407 [ 558.225882][ T29] RSP: 002b:00007fffa6a46410 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 558.240770][ T29] RAX: ffffffffffffffda RBX: 00007fd24f466880 RCX: 00007fd24eca7407 [ 558.249458][ T29] RDX: 00000000000a0800 RSI: 00005612d84358d0 RDI: ffffffffffffff9c [ 558.291666][ T29] RBP: 00005612d8421910 R08: 0000000000000000 R09: 0000000000000000 [ 558.394573][ T29] R10: 0000000000000000 R11: 0000000000000202 R12: 00005612d856b5a0 [ 558.417819][ T29] R13: 00005612d8439410 R14: 0000000000000000 R15: 00005612d856b5a0 [ 558.426715][ T29] [ 558.429966][ T29] [ 558.429966][ T29] Showing all locks held in the system: [ 558.439376][ T29] 1 lock held by kworker/0:0/8: [ 558.446965][ T29] #0: ffff888017c72538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_scheduled_works+0x975/0x1600 [ 558.458348][ T29] 3 locks held by kworker/u4:1/12: [ 558.463731][ T29] 1 lock held by khungtaskd/29: [ 558.468846][ T29] #0: ffffffff8d131da0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 [ 558.479150][ T29] 3 locks held by kworker/u4:4/78: [ 558.484398][ T29] 3 locks held by kworker/u4:8/2890: [ 558.489992][ T29] #0: ffff88802c21f138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x975/0x1600 [ 558.501952][ T29] #1: ffffc9000b9d7d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x975/0x1600 [ 558.521737][ T29] #2: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 558.531766][ T29] 3 locks held by kworker/u4:9/3461: [ 558.537541][ T29] #0: ffff888017c71538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x975/0x1600 [ 558.550089][ T29] #1: ffffc9000c847d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x975/0x1600 [ 558.561802][ T29] #2: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 558.571354][ T29] 2 locks held by getty/5531: [ 558.576491][ T29] #0: ffff8880314420a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 558.586750][ T29] #1: ffffc9000326e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x428/0x1370 [ 558.597214][ T29] 1 lock held by udevd/5780: [ 558.601872][ T29] #0: ffff888021dc34c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x11b/0x610 [ 558.612470][ T29] 1 lock held by udevd/5786: [ 558.617204][ T29] #0: ffff888021f104c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x11b/0x610 [ 558.628034][ T29] 2 locks held by kworker/u4:11/6476: [ 558.634527][ T29] #0: ffff888141e64938 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x975/0x1600 [ 558.645938][ T29] #1: ffffc90017f07d00 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0x975/0x1600 [ 558.658589][ T29] 1 lock held by syz.4.826/8813: [ 558.663686][ T29] #0: ffff888021f104c8 (&disk->open_mutex){+.+.}-{3:3}, at: sync_bdevs+0x1a4/0x320 [ 558.673486][ T29] 2 locks held by syz.0.1108/9763: [ 558.678870][ T29] #0: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x41/0x1c0 [ 558.688238][ T29] #1: ffffffff8d137778 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x306/0x880 [ 558.699542][ T29] 3 locks held by syz.1.1111/9775: [ 558.704870][ T29] #0: ffffffff8e424b30 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 558.713729][ T29] #1: ffff88807e442250 (&devlink->lock_key#4){+.+.}-{3:3}, at: devlink_get_from_attrs_lock+0x113/0x360 [ 558.725523][ T29] #2: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: nsim_destroy+0x3f/0x180 [ 558.735373][ T29] 2 locks held by syz.3.1114/9787: [ 558.740627][ T29] #0: ffffffff8e424b30 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 558.749542][ T29] #1: ffffffff8e3bfe48 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x5e/0x890 [ 558.759575][ T29] [ 558.763524][ T29] ============================================= [ 558.763524][ T29] [ 558.772993][ T29] NMI backtrace for cpu 1 [ 558.777380][ T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 558.784622][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 558.794734][ T29] Call Trace: [ 558.798057][ T29] [ 558.801034][ T29] dump_stack_lvl+0x18c/0x250 [ 558.805765][ T29] ? __wake_up_klogd+0xd9/0x100 [ 558.810677][ T29] ? show_regs_print_info+0x20/0x20 [ 558.815928][ T29] ? load_image+0x420/0x420 [ 558.820488][ T29] nmi_cpu_backtrace+0x3a6/0x3e0 [ 558.825487][ T29] ? nmi_trigger_cpumask_backtrace+0x2f0/0x2f0 [ 558.831730][ T29] ? load_image+0x420/0x420 [ 558.836288][ T29] ? wq_watchdog_touch+0xef/0x170 [ 558.841392][ T29] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 558.847520][ T29] nmi_trigger_cpumask_backtrace+0x17a/0x2f0 [ 558.853544][ T29] watchdog+0xf59/0xfa0 [ 558.857770][ T29] ? watchdog+0x1e1/0xfa0 [ 558.862140][ T29] kthread+0x2fa/0x390 [ 558.866256][ T29] ? hungtask_pm_notify+0x50/0x50 [ 558.871500][ T29] ? kthread_blkcg+0xd0/0xd0 [ 558.876143][ T29] ret_from_fork+0x48/0x80 [ 558.880601][ T29] ? kthread_blkcg+0xd0/0xd0 [ 558.885329][ T29] ret_from_fork_asm+0x11/0x20 [ 558.890230][ T29] [ 558.893894][ T29] Sending NMI from CPU 1 to CPUs 0: [ 558.899167][ C0] NMI backtrace for cpu 0 [ 558.899192][ C0] CPU: 0 PID: 78 Comm: kworker/u4:4 Not tainted syzkaller #0 [ 558.899209][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 558.899220][ C0] Workqueue: events_unbound nsim_dev_trap_report_work [ 558.899283][ C0] RIP: 0010:memset_orig+0x42/0xac [ 558.899303][ C0] Code: c1 41 89 f9 41 83 e1 07 75 6c 48 89 d1 48 c1 e9 06 74 35 0f 1f 44 00 00 48 ff c9 48 89 07 48 89 47 08 48 89 47 10 48 89 47 18 <48> 89 47 20 48 89 47 28 48 89 47 30 48 89 47 38 48 8d 7f 40 75 d8 [ 558.899375][ C0] RSP: 0018:ffffc900015b78f0 EFLAGS: 00000206 [ 558.899388][ C0] RAX: fcfcfcfcfcfcfcfc RBX: ffff888017c42140 RCX: 0000000000000028 [ 558.899401][ C0] RDX: 0000000000001000 RSI: 00000000000000fc RDI: ffffed100bf925c0 [ 558.899414][ C0] RBP: 00000000000c2820 R08: dffffc0000000000 R09: 0000000000000000 [ 558.899425][ C0] R10: ffffed100bf92000 R11: fffffbfff1d15cbe R12: 0000000000000003 [ 558.899437][ C0] R13: 0000000000000001 R14: ffffea00017f2400 R15: 0000000000030004 [ 558.899448][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 558.899462][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 558.899473][ C0] CR2: 0000555578adc4e8 CR3: 0000000076669000 CR4: 00000000003506f0 [ 558.899488][ C0] Call Trace: [ 558.899494][ C0] [ 558.899500][ C0] new_slab+0x112/0x2d0 [ 558.899529][ C0] ___slab_alloc+0xc5c/0x12f0 [ 558.899563][ C0] ? __alloc_skb+0x138/0x2c0 [ 558.899587][ C0] __kmem_cache_alloc_node+0x11f/0x250 [ 558.899611][ C0] ? __alloc_skb+0x138/0x2c0 [ 558.899630][ C0] ? __alloc_skb+0x138/0x2c0 [ 558.899648][ C0] __kmalloc_node_track_caller+0xa4/0x230 [ 558.899672][ C0] ? rcu_is_watching+0x15/0xb0 [ 558.899695][ C0] ? __alloc_skb+0x138/0x2c0 [ 558.899713][ C0] kmalloc_reserve+0x116/0x240 [ 558.899735][ C0] __alloc_skb+0x138/0x2c0 [ 558.899755][ C0] nsim_dev_trap_report_work+0x253/0xa90 [ 558.899782][ C0] ? process_scheduled_works+0x975/0x1600 [ 558.899806][ C0] process_scheduled_works+0xa60/0x1600 [ 558.899842][ C0] ? worker_attach_to_pool+0x370/0x370 [ 558.899866][ C0] ? assign_work+0x3cc/0x5d0 [ 558.899889][ C0] worker_thread+0xa5e/0xfe0 [ 558.899915][ C0] ? _raw_spin_unlock+0x40/0x40 [ 558.899940][ C0] ? __kthread_parkme+0x71/0x1c0 [ 558.899961][ C0] kthread+0x2fa/0x390 [ 558.899976][ C0] ? pr_cont_work+0x550/0x550 [ 558.899996][ C0] ? kthread_blkcg+0xd0/0xd0 [ 558.900012][ C0] ret_from_fork+0x48/0x80 [ 558.900032][ C0] ? kthread_blkcg+0xd0/0xd0 [ 558.900049][ C0] ret_from_fork_asm+0x11/0x20 [ 558.900080][ C0] [ 558.986756][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 558.986798][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 558.986851][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 558.986878][ T29] Call Trace: [ 558.986901][ T29] [ 558.986930][ T29] dump_stack_lvl+0x18c/0x250 [ 558.987025][ T29] ? show_regs_print_info+0x20/0x20 [ 558.987089][ T29] ? load_image+0x420/0x420 [ 558.987196][ T29] panic+0x2ca/0x720 [ 558.987301][ T29] ? bpf_jit_dump+0xd0/0xd0 [ 558.987393][ T29] ? __irq_work_queue_local+0x13a/0x3b0 [ 558.987489][ T29] ? preempt_schedule_thunk+0x1a/0x30 [ 558.987579][ T29] ? nmi_trigger_cpumask_backtrace+0x2a4/0x2f0 [ 558.987675][ T29] watchdog+0xf98/0xfa0 [ 558.987752][ T29] ? watchdog+0x1e1/0xfa0 [ 558.987837][ T29] kthread+0x2fa/0x390 [ 558.987882][ T29] ? hungtask_pm_notify+0x50/0x50 [ 558.987949][ T29] ? kthread_blkcg+0xd0/0xd0 [ 558.988001][ T29] ret_from_fork+0x48/0x80 [ 558.988072][ T29] ? kthread_blkcg+0xd0/0xd0 [ 558.988124][ T29] ret_from_fork_asm+0x11/0x20 [ 558.988230][ T29] [ 558.994486][ T29] Kernel Offset: disabled [ 559.271249][ T29] Rebooting in 86400 seconds..