last executing test programs: 2m25.858612512s ago: executing program 2 (id=3): socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x100, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x2b, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x2}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0xc0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket(0x10, 0x3, 0x0) rseq(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0) quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0) 2m10.463898346s ago: executing program 32 (id=3): socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x100, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x2b, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x2}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0xc0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket(0x10, 0x3, 0x0) rseq(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0) quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0) 1m23.210327674s ago: executing program 0 (id=88): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000004c80)=[{0x0, 0x0, &(0x7f0000000300)=[{0x0}, {&(0x7f0000000a40)="a768e2d00ec5757e8f5f433f84c63a269953b038d5817617556310f9ee538468ee62c0d68b6b9fe9ade83c789bd66faf569fc7fbddfc2f6e4275c1df15f3a83eaa316135a25fe4533b1ca0ef0e263cab2f2549bb9e6b5695cbd3dfb61276f7bdee6ed41c81fab79a89034ceb07d274f93dbc4f59593d761520ba31b64e0a2ab5e78fb3667f84e7e29131ec5d39d6eb916df6133993516eaf9ae557d97dc044a88fb00065cb052a6cce15", 0xaa}, {&(0x7f0000000b00)="2112f3980a4c0902dcb1918da23fb18a9d89c4f0793b7c45b722417a6401d606e033776833d550074c2b667b4e127ea79880d00aeee8d16ca6f011603c22355681cd2e9d0d8a2fea2e9b525389d2e7b95aa129fef95245bffd1ccc58bb9ca56a50cd0b4da05e78cc4aef1e9157a66caefb0ba968710bfbc7baabaa3b06bf6e5fe4fe8ebcbc81a4dbda4b1b65ea2d852cda4881d7ceda7dcbef58471a951ca1851b50dd9276e0ab06fa0e23d023766294c911bff4e6d33acdd316322f4d5a1a4eb5ae51e511f2923f3318d83b9b438b20e0560a4834edb911911c7b557e37e94f6f0a2f1d291ae3049df23212a4b50eeb9c9a0901e8804d", 0xf7}], 0x3, &(0x7f0000000340)=[@assoc={0x18, 0x117, 0x4, 0x7}], 0x18, 0x4004090}, {0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000540)="d21e61c0af08368aedabcf6e445f1ca30a2f37d1f6d14042afeb21e49b0da7fd9f0940cf59647c14b7e6f19ac068f3a0920aed0a27cdd22c711855b5fb9f81ba75787a21c891067a458e010b16fa7d60083beff4", 0x54}, {&(0x7f0000000c00)="11bc0436f24447912dce9afd07fe935ecc6bd5eda7c7802f23cc14c83af658aba7129a55512896099992c8d02253e12016902434d12855df0a9b30e55e8f6259b106445aab46f952998eb7f8da0bad476b3c282f94edbd9aec43c836f227ecbc81a2e8dffb14b537cab2cd95a1351f3cdc2b6343f3521eb5638b256c10f93d4465c51329e7aed07efa4bdabe7b511b77df3e3cba7eac72df9b66860cf3b41a664167c6975937e78a75aa6ca347638a9eb31c60880c389de6a8919a67", 0xbc}, {&(0x7f0000000cc0)="a659d6cd13b743c3883fa66b26998868e129449c58fe04d445f9c63392ec1473c4e34a11a18e0fa2c3ff1fefe4200a23a2befe7c334b021bbad3522f8f3f36083d885cb29fa1829ff0caa3eb06fcfa1cc00d19092f9d6d93590fd4671bce11ec7b2f3912c5fe0804a2647a4de1f6d804e2da914136a7a4b169f152ec6af9204c3465d58e410029e4f28574ebfef1ac2fc1d17d5133793c9e9fbe4889c2a1427cb84332f6d4dad0f47d084b27c6c5afe46d605c7c33fa61fee2bdf78c16167904fab9a81bbb8a0ee73a56e9a67549a2701def6cc0224db8d147e08f15ec7d6f38efb1ad1253", 0xe5}], 0x3, 0x0, 0x0, 0x1}, {0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000e40)="c4ae7c0462b7d5d0f701a4979574ff8a5d74bf45c9e878972a42062f9b70e92f76ed2c49e2e8a043016efca580e1e24cbf53ef2fdb0d3810e8359c20b3938b1cb8574e51adc3cac209dd1c3b0fa44d9ca5ffbccfd95395", 0x57}, {&(0x7f0000000ec0)="9af11ddfb8ceb516a838dd3cedbe8ce91e02bfabade423d9a4d0ec122b7037a6bffa4c8dff825b4bb6af22c579faf7cd32f8fa2c632ee236967cf01e81fd58fa7de7dc69417ed5b34378c0cecc6e594591c035a1492419209e9b5aff174a1d1462bd1e5a8b80fbb1ce5c906a977485c7ae6af8991a8adedcede4e0eef2d587cf0504acfc212433c76b69460a6bd59788eff72bb7a32bdadca740aa47e60fc2210d5d4a9547afe26196f225cc9ddde32a2df9cccd74a4ba07a2ce22171a60f564119ed5d9dac59d865c6e1547e2c472e9bd574b1250286c316bd8bcc28407ca0e61b1c0e72349", 0xe6}, {&(0x7f0000000fc0)="26166583e37c8b7d00ab5146a77c416387ef936b5c5d71546721b5fe2369b8b7009262933b2d3280235aff09fc6b0d14ad0d2336b4f21ed53375838ff7f6c567b372b0124a5f1bc6ca1eef4cfdfe8e97b9cadc99cc2a870d680138b4bfe181d8181ce0e924e85ef677049d765a870450b00b1adda0d57413a2acb1d18236df1e", 0x80}], 0x3, 0x0, 0x0, 0x84090}], 0x3, 0x4004000) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 1m9.50878042s ago: executing program 0 (id=104): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400), 0x2582, 0x0) r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f640094", 0x29}], 0x1) rt_sigtimedwait(&(0x7f0000000000)={[0xe]}, 0x0, 0x0, 0x8) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40015}, 0x44080) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8000000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffff7f, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1m7.248716859s ago: executing program 0 (id=112): sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES32], 0x48) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000500)=ANY=[@ANYRES32=r5, @ANYRES32=r6, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r5}, &(0x7f00000006c0), &(0x7f0000000700)=r4}, 0x20) sendmsg$inet(r3, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1, 0x0, 0x0, 0x6000}, 0x20) 1m6.267418852s ago: executing program 0 (id=116): setresgid(0xee00, 0x0, 0x0) 1m5.531192046s ago: executing program 0 (id=118): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x20800000000, 0xb, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) set_mempolicy(0x4005, &(0x7f0000000080)=0x4, 0x8) sendmsg$802154_dgram(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x24, @none={0x0, 0x3}}, 0x14, &(0x7f0000000100)={0x0}, 0x7}, 0x240440c8) open_by_handle_at(0xffffffffffffffff, 0x0, 0x40003) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='ntfs3\x00', 0x1000080, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000) prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x40200, 0x0) preadv2(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/167, 0xa7}], 0x1, 0x0, 0x4, 0x1) 57.525878628s ago: executing program 0 (id=126): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000004c80)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000940)}, {&(0x7f0000000a40)="a768e2d00ec5757e8f5f433f84c63a269953b038d5817617556310f9ee538468ee62c0d68b6b9fe9ade83c789bd66faf569fc7fbddfc2f6e4275c1df15f3a83eaa316135a25fe4533b1ca0ef0e263cab2f2549bb9e6b5695cbd3dfb61276f7bdee6ed41c81fab79a89034ceb07d274f93dbc4f59593d761520ba31b64e0a2ab5e78fb3667f84e7e29131ec5d39d6eb916df6133993516eaf9ae557d97dc044a88fb00065cb052a6cce15", 0xaa}, {&(0x7f0000000b00)="2112f3980a4c0902dcb1918da23fb18a9d89c4f0793b7c45b722417a6401d606e033776833d550074c2b667b4e127ea79880d00aeee8d16ca6f011603c22355681cd2e9d0d8a2fea2e9b525389d2e7b95aa129fef95245bffd1ccc58bb9ca56a50cd0b4da05e78cc4aef1e9157a66caefb0ba968710bfbc7baabaa3b06bf6e5fe4fe8ebcbc81a4dbda4b1b65ea2d852cda4881d7ceda7dcbef58471a951ca1851b50dd9276e0ab06fa0e23d023766294c911bff4e6d33acdd316322f4d5a1a4eb5ae51e511f2923f3318d83b9b438b20e0560a4834edb911911c7b557e37e94f6f0a2f1d291ae3049df23212a4b50eeb9c9a0901e8804d", 0xf7}], 0x3, &(0x7f0000000340)=[@assoc={0x18, 0x117, 0x4, 0x7}], 0x18, 0x4004090}, {0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000540)="d21e61c0af08368aedabcf6e445f1ca30a2f37d1f6d14042afeb21e49b0da7fd9f0940cf59647c14b7e6f19ac068f3a0920aed0a27cdd22c711855b5fb9f81ba75787a21c891067a458e010b16fa7d60083beff4", 0x54}, {&(0x7f0000000c00)="11bc0436f24447912dce9afd07fe935ecc6bd5eda7c7802f23cc14c83af658aba7129a55512896099992c8d02253e12016902434d12855df0a9b30e55e8f6259b106445aab46f952998eb7f8da0bad476b3c282f94edbd9aec43c836f227ecbc81a2e8dffb14b537cab2cd95a1351f3cdc2b6343f3521eb5638b256c10f93d4465c51329e7aed07efa4bdabe7b511b77df3e3cba7eac72df9b66860cf3b41a664167c6975937e78a75aa6ca347638a9eb31c60880c389de6a8919a67", 0xbc}, {&(0x7f0000000cc0)="a659d6cd13b743c3883fa66b26998868e129449c58fe04d445f9c63392ec1473c4e34a11a18e0fa2c3ff1fefe4200a23a2befe7c334b021bbad3522f8f3f36083d885cb29fa1829ff0caa3eb06fcfa1cc00d19092f9d6d93590fd4671bce11ec7b2f3912c5fe0804a2647a4de1f6d804e2da914136a7a4b169f152ec6af9204c3465d58e410029e4f28574ebfef1ac2fc1d17d5133793c9e9fbe4889c2a1427cb84332f6d4dad0f47d084b27c6c5afe46d605c7c33fa61fee2bdf78c16167904fab9a81bbb8a0ee73a56e9a67549a2701def6cc0224db8d147e08f15ec7d6f38efb1ad1253", 0xe5}], 0x3, 0x0, 0x0, 0x1}, {0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000e40)="c4ae7c0462b7d5d0f701a4979574ff8a5d74bf45c9e878972a42062f9b70e92f76ed2c49e2e8a043016efca580e1e24cbf53ef2fdb0d3810e8359c20b3938b1cb8574e51adc3cac209dd1c3b0fa44d9ca5ffbccfd95395", 0x57}, {&(0x7f0000000ec0)="9af11ddfb8ceb516a838dd3cedbe8ce91e02bfabade423d9a4d0ec122b7037a6bffa4c8dff825b4bb6af22c579faf7cd32f8fa2c632ee236967cf01e81fd58fa7de7dc69417ed5b34378c0cecc6e594591c035a1492419209e9b5aff174a1d1462bd1e5a8b80fbb1ce5c906a977485c7ae6af8991a8adedcede4e0eef2d587cf0504acfc212433c76b69460a6bd59788eff72bb7a32bdadca740aa47e60fc2210d5d4a9547afe26196f225cc9ddde32a2df9cccd74a4ba07a2ce22171a60f564119ed5d9dac59d865c6e1547e2c472e9bd574b1250286c316bd8bcc28407ca0e61b1c0e72349", 0xe6}, {&(0x7f0000000fc0)="26166583e37c8b7d00ab5146a77c416387ef936b5c5d71546721b5fe2369b8b7009262933b2d3280235aff09fc6b0d14ad0d2336b4f21ed53375838ff7f6c567b372b0124a5f1bc6ca1eef4cfdfe8e97b9cadc99cc2a870d680138b4bfe181d8181ce0e924e85ef677049d765a870450b00b1adda0d57413a2acb1d18236df1e", 0x80}], 0x3, 0x0, 0x0, 0x84090}], 0x3, 0x4004000) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 53.388705262s ago: executing program 4 (id=127): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, 0x0, 0x0) sendmmsg$inet(r4, &(0x7f0000002c40)=[{{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000a80)="2a73ed35", 0x732a}], 0x1}}], 0x400000000000292, 0x0) 51.458028433s ago: executing program 4 (id=130): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x20800000000, 0xb, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) set_mempolicy(0x4005, &(0x7f0000000080)=0x4, 0x8) sendmsg$802154_dgram(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x24, @none={0x0, 0x3}}, 0x14, &(0x7f0000000100)={0x0}, 0x7}, 0x240440c8) open_by_handle_at(0xffffffffffffffff, 0x0, 0x40003) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='ntfs3\x00', 0x1000080, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x40200, 0x0) preadv2(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/167, 0xa7}], 0x1, 0x0, 0x4, 0x1) 42.25849719s ago: executing program 33 (id=126): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000004c80)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000940)}, {&(0x7f0000000a40)="a768e2d00ec5757e8f5f433f84c63a269953b038d5817617556310f9ee538468ee62c0d68b6b9fe9ade83c789bd66faf569fc7fbddfc2f6e4275c1df15f3a83eaa316135a25fe4533b1ca0ef0e263cab2f2549bb9e6b5695cbd3dfb61276f7bdee6ed41c81fab79a89034ceb07d274f93dbc4f59593d761520ba31b64e0a2ab5e78fb3667f84e7e29131ec5d39d6eb916df6133993516eaf9ae557d97dc044a88fb00065cb052a6cce15", 0xaa}, {&(0x7f0000000b00)="2112f3980a4c0902dcb1918da23fb18a9d89c4f0793b7c45b722417a6401d606e033776833d550074c2b667b4e127ea79880d00aeee8d16ca6f011603c22355681cd2e9d0d8a2fea2e9b525389d2e7b95aa129fef95245bffd1ccc58bb9ca56a50cd0b4da05e78cc4aef1e9157a66caefb0ba968710bfbc7baabaa3b06bf6e5fe4fe8ebcbc81a4dbda4b1b65ea2d852cda4881d7ceda7dcbef58471a951ca1851b50dd9276e0ab06fa0e23d023766294c911bff4e6d33acdd316322f4d5a1a4eb5ae51e511f2923f3318d83b9b438b20e0560a4834edb911911c7b557e37e94f6f0a2f1d291ae3049df23212a4b50eeb9c9a0901e8804d", 0xf7}], 0x3, &(0x7f0000000340)=[@assoc={0x18, 0x117, 0x4, 0x7}], 0x18, 0x4004090}, {0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000540)="d21e61c0af08368aedabcf6e445f1ca30a2f37d1f6d14042afeb21e49b0da7fd9f0940cf59647c14b7e6f19ac068f3a0920aed0a27cdd22c711855b5fb9f81ba75787a21c891067a458e010b16fa7d60083beff4", 0x54}, {&(0x7f0000000c00)="11bc0436f24447912dce9afd07fe935ecc6bd5eda7c7802f23cc14c83af658aba7129a55512896099992c8d02253e12016902434d12855df0a9b30e55e8f6259b106445aab46f952998eb7f8da0bad476b3c282f94edbd9aec43c836f227ecbc81a2e8dffb14b537cab2cd95a1351f3cdc2b6343f3521eb5638b256c10f93d4465c51329e7aed07efa4bdabe7b511b77df3e3cba7eac72df9b66860cf3b41a664167c6975937e78a75aa6ca347638a9eb31c60880c389de6a8919a67", 0xbc}, {&(0x7f0000000cc0)="a659d6cd13b743c3883fa66b26998868e129449c58fe04d445f9c63392ec1473c4e34a11a18e0fa2c3ff1fefe4200a23a2befe7c334b021bbad3522f8f3f36083d885cb29fa1829ff0caa3eb06fcfa1cc00d19092f9d6d93590fd4671bce11ec7b2f3912c5fe0804a2647a4de1f6d804e2da914136a7a4b169f152ec6af9204c3465d58e410029e4f28574ebfef1ac2fc1d17d5133793c9e9fbe4889c2a1427cb84332f6d4dad0f47d084b27c6c5afe46d605c7c33fa61fee2bdf78c16167904fab9a81bbb8a0ee73a56e9a67549a2701def6cc0224db8d147e08f15ec7d6f38efb1ad1253", 0xe5}], 0x3, 0x0, 0x0, 0x1}, {0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000e40)="c4ae7c0462b7d5d0f701a4979574ff8a5d74bf45c9e878972a42062f9b70e92f76ed2c49e2e8a043016efca580e1e24cbf53ef2fdb0d3810e8359c20b3938b1cb8574e51adc3cac209dd1c3b0fa44d9ca5ffbccfd95395", 0x57}, {&(0x7f0000000ec0)="9af11ddfb8ceb516a838dd3cedbe8ce91e02bfabade423d9a4d0ec122b7037a6bffa4c8dff825b4bb6af22c579faf7cd32f8fa2c632ee236967cf01e81fd58fa7de7dc69417ed5b34378c0cecc6e594591c035a1492419209e9b5aff174a1d1462bd1e5a8b80fbb1ce5c906a977485c7ae6af8991a8adedcede4e0eef2d587cf0504acfc212433c76b69460a6bd59788eff72bb7a32bdadca740aa47e60fc2210d5d4a9547afe26196f225cc9ddde32a2df9cccd74a4ba07a2ce22171a60f564119ed5d9dac59d865c6e1547e2c472e9bd574b1250286c316bd8bcc28407ca0e61b1c0e72349", 0xe6}, {&(0x7f0000000fc0)="26166583e37c8b7d00ab5146a77c416387ef936b5c5d71546721b5fe2369b8b7009262933b2d3280235aff09fc6b0d14ad0d2336b4f21ed53375838ff7f6c567b372b0124a5f1bc6ca1eef4cfdfe8e97b9cadc99cc2a870d680138b4bfe181d8181ce0e924e85ef677049d765a870450b00b1adda0d57413a2acb1d18236df1e", 0x80}], 0x3, 0x0, 0x0, 0x84090}], 0x3, 0x4004000) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 39.603369346s ago: executing program 4 (id=139): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, 0x0, 0x0) sendmmsg$inet(r4, &(0x7f0000002c40)=[{{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000a80)="2a73ed35", 0x732a}], 0x1}}], 0x400000000000292, 0x0) 37.995621417s ago: executing program 4 (id=141): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000000, &(0x7f0000000280)={0xa, 0x4e23, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8}, 0x1c) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0xc8000) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_netprio_ifpriomap(r1, &(0x7f0000000400), 0x2, 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r3 = open(&(0x7f0000000040)='./file0\x00', 0x80242, 0x1df2a23c5997fa7b) write$FUSE_CREATE_OPEN(r3, 0x0, 0x0) sendfile(r3, r3, &(0x7f0000000080), 0x7f04) getsockname$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @private2}, &(0x7f0000000380)=0x1c) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f0000000300)=0x4, &(0x7f0000000340)=0x2) socket$inet6(0xa, 0x1, 0xe6d7) ioctl$MEDIA_IOC_G_TOPOLOGY(r3, 0xc0487c04, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) io_uring_setup(0x4898, &(0x7f0000000680)={0x0, 0x21, 0x40, 0xfffffffc, 0x3ffff}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0xc56}, 0x0) 36.956757791s ago: executing program 4 (id=144): r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x0) fcntl$setlease(r0, 0x400, 0x1) fcntl$setlease(r0, 0x400, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0) r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x1) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xf4) r4 = syz_open_procfs(r2, &(0x7f0000000180)='io\x00') setreuid(0x0, 0xee01) pread64(r4, &(0x7f0000000100)=""/57, 0x39, 0x40000000009) 32.162502454s ago: executing program 4 (id=147): r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101081, 0x11) fcntl$lock(r0, 0x5, &(0x7f0000000200)={0x1}) ioctl$KVM_KVMCLOCK_CTRL(r0, 0xaead) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'syzkaller0\x00', 0x2}) socket$netlink(0x10, 0x3, 0xb) preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000000100)=""/20, 0x62}], 0x1, 0x9, 0x32a) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SET_TSC(0x1a, 0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/5, 0x1c000, 0x800, 0x8, 0x2}, 0x1c) setsockopt$XDP_TX_RING(r3, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f00000000c0)=0x100, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) bind$xdp(r3, &(0x7f00000001c0)={0x2c, 0x0, r5}, 0x10) bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x1, r5, 0x8000000, r3}, 0x10) socket$tipc(0x1e, 0x5, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) pselect6(0x40, &(0x7f00000001c0)={0xa00, 0x0, 0x100000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000005}, 0x0, 0x0) 14.816484057s ago: executing program 34 (id=147): r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101081, 0x11) fcntl$lock(r0, 0x5, &(0x7f0000000200)={0x1}) ioctl$KVM_KVMCLOCK_CTRL(r0, 0xaead) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'syzkaller0\x00', 0x2}) socket$netlink(0x10, 0x3, 0xb) preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000000100)=""/20, 0x62}], 0x1, 0x9, 0x32a) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SET_TSC(0x1a, 0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/5, 0x1c000, 0x800, 0x8, 0x2}, 0x1c) setsockopt$XDP_TX_RING(r3, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f00000000c0)=0x100, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) bind$xdp(r3, &(0x7f00000001c0)={0x2c, 0x0, r5}, 0x10) bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x1, r5, 0x8000000, r3}, 0x10) socket$tipc(0x1e, 0x5, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) pselect6(0x40, &(0x7f00000001c0)={0xa00, 0x0, 0x100000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000005}, 0x0, 0x0) 8.273192999s ago: executing program 3 (id=172): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}, 0x2000000}, 0x64) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x303}, "0587a06a93f2aad4", "9b84f987950ff3df25fa8f46983d34157e047d27ae4a66a6d15608a32cbaa5bc", '\x00', "be0ea450d5a50003"}, 0x38) 8.186186489s ago: executing program 3 (id=174): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000480)=[{0x0, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$uinput_user_dev(r1, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x80000000, 0x3, 0x3ff, 0x8, 0xfffffffd, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, 0x0, 0x0, 0x80000, 0x0, 0xf5b1, 0xffffffff, 0x10000000, 0x99, 0x20000000, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffe, 0x0, 0x0, 0x1], [0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedc0, 0x0, 0x5ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffff8, 0x2, 0x0, 0x2000079, 0x400, 0x0, 0x0, 0x10000, 0x40000, 0x0, 0xc0800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x4771], [0x0, 0x7f, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x4], [0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x4, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0xfffffffd, 0x0, 0x0, 0x0, 0x8001, 0x80, 0x0, 0x0, 0x0, 0x400, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ec5, 0x0, 0x8, 0x4, 0x0, 0x0, 0x0, 0xffffe]}, 0x45c) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x5) ioctl$UI_SET_SWBIT(r1, 0x4004556d, 0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x5c, 0x30, 0x1, 0x0, 0x4, {}, [{0x48, 0x1, [@m_ct={0x44, 0x22, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) close(0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r4, &(0x7f0000001240)=""/102400, 0x200000, 0x200000) ioctl$UI_DEV_CREATE(r1, 0x5501) write$uinput_user_dev(r1, &(0x7f0000000500)={'syz1\x00', {0xb710, 0xe, 0x3}, 0x34, [0xe, 0x1ff, 0x8, 0x3, 0x2, 0x8, 0x69, 0x2, 0x0, 0x874, 0x9, 0xd4a1, 0x3, 0x3, 0x7, 0x5b8, 0x2, 0x6, 0xc, 0x7, 0x51, 0xbe4, 0x100, 0x1, 0xa, 0x8, 0xfff, 0x8, 0xb, 0x80, 0x9ad, 0x26, 0x1, 0x5, 0x1, 0x6, 0x905e, 0xf87, 0xe2ee, 0x0, 0x6, 0x5, 0x1, 0x80000000, 0x1000, 0x1d7, 0x2, 0x6, 0xff, 0x8001, 0x10, 0x2, 0xc3bb, 0x1, 0x1, 0x5, 0x1, 0x4, 0x2, 0x339, 0xbbf, 0xfffff000, 0x100800, 0x8], [0x2, 0x100, 0x7af, 0x6, 0x5, 0x0, 0x5, 0x7fffc, 0x2, 0x6, 0xa, 0x10000, 0x2, 0x17, 0x20, 0x2, 0x5, 0x5, 0xa, 0x65, 0x9, 0x9, 0x8, 0x4, 0x7fff, 0x3ff, 0xffffff01, 0x8, 0x3, 0x9, 0xb6, 0x7cb4cb2c, 0x0, 0x2, 0x81, 0xffff, 0x7, 0xc5d3, 0xa, 0xc2e, 0x7, 0x9, 0x9, 0x8, 0x2, 0xfffffffe, 0x7c, 0x9, 0x5, 0x5, 0xa, 0x5, 0xc98, 0x9, 0xffffcbb6, 0xd0, 0x1, 0x5, 0x6, 0x1, 0x7, 0x5, 0x1, 0x6], [0x4, 0x5, 0xffffffff, 0x200, 0x5e4, 0x6, 0x6, 0x3, 0x1ff, 0x6, 0x9, 0x3, 0x0, 0x10000, 0x9, 0x3, 0x2, 0x89a, 0x100, 0x7, 0x2, 0x1, 0x3, 0xfffffffb, 0x7, 0x6, 0x20000007, 0x9, 0x4, 0x0, 0x3, 0x9, 0x0, 0x2, 0x6, 0x0, 0xfffffff8, 0x7, 0x0, 0x3, 0x6, 0x0, 0x5, 0x3, 0x9bb, 0xa, 0x0, 0x4, 0x7, 0x3ff, 0x0, 0xe5c, 0x1, 0x5, 0x9, 0x7, 0x80000000, 0x8, 0x1, 0xffff6139, 0x42c0, 0x76, 0xe339], [0xd54, 0x1, 0x9, 0xb, 0x4, 0x7f, 0x6, 0x2, 0x0, 0x7ff, 0x2, 0x10000, 0x8, 0x8001, 0x80, 0xfb, 0xe68f, 0xdaba, 0xfffffffe, 0x52b, 0x8010, 0x9, 0xfd, 0x80000000, 0x8, 0x8, 0x2, 0x5, 0xfffffffb, 0x5, 0x7, 0x7, 0xd2c7, 0x8001, 0x94, 0x80000000, 0x8, 0x0, 0x5, 0x0, 0x8, 0x6, 0x3, 0x7, 0x0, 0x7, 0x961a, 0x1, 0x7, 0x49, 0x7, 0x255d, 0xfffffffe, 0x0, 0x9, 0x5, 0x10, 0x7, 0x0, 0xff, 0x66, 0x90000000, 0x7, 0x81]}, 0x45c) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8) 6.834485266s ago: executing program 1 (id=178): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000000, &(0x7f0000000280)={0xa, 0x4e23, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8}, 0x1c) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0xc8000) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_netprio_ifpriomap(r1, &(0x7f0000000400), 0x2, 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r3 = open(&(0x7f0000000040)='./file0\x00', 0x80242, 0x1df2a23c5997fa7b) write$FUSE_CREATE_OPEN(r3, 0x0, 0x0) sendfile(r3, r3, &(0x7f0000000080), 0x7f04) getsockname$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @private2}, &(0x7f0000000380)=0x1c) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f0000000300)=0x4, &(0x7f0000000340)=0x2) socket$inet6(0xa, 0x1, 0xe6d7) io_uring_setup(0x4898, &(0x7f0000000680)={0x0, 0x21, 0x40, 0xfffffffc, 0x3ffff}) openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0xc56}, 0x0) 5.713469176s ago: executing program 1 (id=179): socket$nl_route(0x10, 0x3, 0x0) getresuid(0x0, &(0x7f00000001c0), 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none, 0x4, 0x1}, 0xe) listen(r0, 0x3) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000400)={0x1d, r4, 0x0, {0x0, 0xf0, 0x4}}, 0x18) setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newtclass={0x24, 0x28, 0x400, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xc}, {0xf, 0x10}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x884}, 0x20000050) userfaultfd(0x80001) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x1e0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc8) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@uuid_auto}, {@redirect_dir_off}, {@nfs_export_on}]}) 5.712018343s ago: executing program 3 (id=180): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x101402, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) close(0xffffffffffffffff) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={0x0, 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r2, 0x0, 0x40) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x8000102) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000480)=0x1) r6 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) setsockopt$inet_sctp_SCTP_INITMSG(r6, 0x84, 0x2, 0x0, 0x0) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r6, 0x84, 0x7b, 0x0, 0x0) sendmsg$nl_netfilter(r1, 0x0, 0x4000000) sendto$inet(r6, &(0x7f00000002c0)='!', 0x1, 0x2000c8d4, 0x0, 0x0) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) gettid() sendfile(r7, r7, 0x0, 0x200000) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_CLOCK(r8, 0xc048aec8, &(0x7f0000000240)={0x8, 0xc, 0xd3f, 0x8, 0xfffffffffffffff7}) 4.036304592s ago: executing program 3 (id=181): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) syz_emit_ethernet(0x4e, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x82200, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c000280080001400000000014000180090001006cdbf80789f3f947dd0002"], 0xe4}}, 0x20050840) sendmsg$IPSET_CMD_DEL(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x34, 0xa, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0x9}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x5}, @IPSET_ATTR_ADT={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4800}, 0x48080) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$tun(0xffffffffffffff9c, 0x0, 0xc2041, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) syz_memcpy_off$IO_URING_METADATA_FLAGS(0x0, 0x114, 0x0, 0x0, 0x4) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}, 0x2000000}, 0x64) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x303}, "0587a06a93f2aad4", "9b84f987950ff3df25fa8f46983d34157e047d27ae4a66a6d15608a32cbaa5bc", '\x00', "be0ea450d5a50003"}, 0x38) 3.868000621s ago: executing program 1 (id=182): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) syz_emit_ethernet(0x4e, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x82200, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c000280080001400000000014000180090001006cdbf80789f3f947dd0002"], 0xe4}}, 0x20050840) sendmsg$IPSET_CMD_DEL(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x34, 0xa, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0x9}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x5}, @IPSET_ATTR_ADT={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4800}, 0x48080) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$tun(0xffffffffffffff9c, 0x0, 0xc2041, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) syz_memcpy_off$IO_URING_METADATA_FLAGS(0x0, 0x114, 0x0, 0x0, 0x4) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}, 0x2000000}, 0x64) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x6, 0xfffffffffffffffd}, 0x0, &(0x7f0000000040)={0x3ff, 0x0, 0x1, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 1.970777315s ago: executing program 3 (id=183): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff81050000000000005800", 0x20}], 0x1) rt_sigtimedwait(&(0x7f0000000000)={[0xe]}, 0x0, 0x0, 0x8) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40015}, 0x44080) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8000000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffff7f, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.929499572s ago: executing program 1 (id=184): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000000, &(0x7f0000000280)={0xa, 0x4e23, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8}, 0x1c) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0xc8000) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_netprio_ifpriomap(r1, &(0x7f0000000400), 0x2, 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r3 = open(&(0x7f0000000040)='./file0\x00', 0x80242, 0x1df2a23c5997fa7b) write$FUSE_CREATE_OPEN(r3, 0x0, 0x0) sendfile(r3, r3, &(0x7f0000000080), 0x7f04) getsockname$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @private2}, &(0x7f0000000380)=0x1c) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f0000000300)=0x4, &(0x7f0000000340)=0x2) ioctl$MEDIA_IOC_G_TOPOLOGY(r3, 0xc0487c04, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, 0x0) ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000100)=0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0xc56}, 0x0) 1.106220335s ago: executing program 1 (id=185): syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x20) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0x1a1c65) clock_nanosleep(0x7, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r1, 0xc0684113, &(0x7f0000000040)={0x1, 0xfffff800, 0x1, 0x4000a, 0x8, 0x3, 0x40000000, 0x11, 0x7, 0x40, 0xffffffff, 0x2}) fsopen(&(0x7f0000000140)='cgroup2\x00', 0x0) syz_clone3(0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) 819.963371ms ago: executing program 3 (id=186): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) syz_emit_ethernet(0x4e, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x82200, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c000280080001400000000014000180090001006cdbf80789f3f947dd0002"], 0xe4}}, 0x20050840) sendmsg$IPSET_CMD_DEL(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x34, 0xa, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0x9}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x5}, @IPSET_ATTR_ADT={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4800}, 0x48080) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$tun(0xffffffffffffff9c, 0x0, 0xc2041, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) syz_memcpy_off$IO_URING_METADATA_FLAGS(0x0, 0x114, 0x0, 0x0, 0x4) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}, 0x2000000}, 0x64) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x6, 0xfffffffffffffffd}, 0x0, &(0x7f0000000040)={0x3ff, 0x0, 0x1, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x1214040, 0x0) 0s ago: executing program 1 (id=187): socket$nl_netfilter(0x10, 0x3, 0xc) semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000300)=""/252) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = semget(0x1, 0x0, 0x142) semctl$SEM_INFO(r1, 0x4, 0x13, &(0x7f0000001280)=""/137) ptrace$getregset(0x4204, r0, 0x200, &(0x7f0000000000)={&(0x7f0000000280)=""/4096, 0x1000}) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) r2 = openat$sequencer(0xffffff9c, &(0x7f0000001bc0), 0x88302, 0x0) ioctl$SNDCTL_SEQ_GETOUTCOUNT(r2, 0x4004510d, &(0x7f0000000000)) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4a, &(0x7f0000000040)=0x8, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x7f, 0x584e4f53, 0x3, 0x2, 0x7, 0x7, 0x5, 0x1, 0x4, 0x2, 0x7}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$KVM_GET_PIT2(0xffffffffffffffff, 0x8070ae9f, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) ftruncate(r4, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r6, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0) sendfile(r5, r4, 0x0, 0x578410eb) io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.231' (ED25519) to the list of known hosts. [ 78.656897][ T5781] cgroup: Unknown subsys name 'net' [ 78.927679][ T5781] cgroup: Unknown subsys name 'cpuset' [ 78.963602][ T5781] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 80.621318][ T5781] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 81.735387][ T31] cfg80211: failed to load regulatory.db [ 84.026308][ T61] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.042704][ T5799] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.054043][ T5799] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.063598][ T5800] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.065559][ T5800] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.066760][ T5800] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.067530][ T5800] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 84.081913][ T5802] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 84.109533][ T5802] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 84.117458][ T5800] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 84.119081][ T5114] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 84.120916][ T5114] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 84.121681][ T5114] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 84.129003][ T5114] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 84.129714][ T5114] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 84.197407][ T5802] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 84.211459][ T5802] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 84.213764][ T5802] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 84.226993][ T5802] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 84.229591][ T5802] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 84.257362][ T5800] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 84.258991][ T5800] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 84.259913][ T5800] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 84.261751][ T5800] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 84.283149][ T5114] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 84.997209][ T5803] chnl_net:caif_netlink_parms(): no params data found [ 85.125460][ T5796] chnl_net:caif_netlink_parms(): no params data found [ 85.142109][ T5804] chnl_net:caif_netlink_parms(): no params data found [ 85.172670][ T5795] chnl_net:caif_netlink_parms(): no params data found [ 85.194467][ T5808] chnl_net:caif_netlink_parms(): no params data found [ 85.375602][ T5803] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.376759][ T5803] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.377271][ T5803] bridge_slave_0: entered allmulticast mode [ 85.378753][ T5803] bridge_slave_0: entered promiscuous mode [ 85.438435][ T5803] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.438512][ T5803] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.438621][ T5803] bridge_slave_1: entered allmulticast mode [ 85.439971][ T5803] bridge_slave_1: entered promiscuous mode [ 85.541775][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.541897][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.542213][ T5796] bridge_slave_0: entered allmulticast mode [ 85.564377][ T5796] bridge_slave_0: entered promiscuous mode [ 85.592251][ T5804] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.592417][ T5804] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.593679][ T5804] bridge_slave_0: entered allmulticast mode [ 85.596006][ T5804] bridge_slave_0: entered promiscuous mode [ 85.619147][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.619248][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.619395][ T5796] bridge_slave_1: entered allmulticast mode [ 85.621250][ T5796] bridge_slave_1: entered promiscuous mode [ 85.624391][ T5795] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.624504][ T5795] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.624673][ T5795] bridge_slave_0: entered allmulticast mode [ 85.627009][ T5795] bridge_slave_0: entered promiscuous mode [ 85.630413][ T5804] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.630523][ T5804] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.630952][ T5804] bridge_slave_1: entered allmulticast mode [ 85.635279][ T5804] bridge_slave_1: entered promiscuous mode [ 85.637117][ T5808] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.637283][ T5808] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.637733][ T5808] bridge_slave_0: entered allmulticast mode [ 85.639993][ T5808] bridge_slave_0: entered promiscuous mode [ 85.672445][ T5803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.694517][ T5795] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.694633][ T5795] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.695086][ T5795] bridge_slave_1: entered allmulticast mode [ 85.697423][ T5795] bridge_slave_1: entered promiscuous mode [ 85.734005][ T5808] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.734121][ T5808] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.734611][ T5808] bridge_slave_1: entered allmulticast mode [ 85.737357][ T5808] bridge_slave_1: entered promiscuous mode [ 85.797593][ T5803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.820335][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.849400][ T5804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.977511][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.979939][ T5795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.000038][ T5804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.013606][ T5808] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.032658][ T5795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.035581][ T5803] team0: Port device team_slave_0 added [ 86.057039][ T5808] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.084683][ T5803] team0: Port device team_slave_1 added [ 86.112654][ T5796] team0: Port device team_slave_0 added [ 86.138608][ T5804] team0: Port device team_slave_0 added [ 86.157620][ T5796] team0: Port device team_slave_1 added [ 86.159388][ T5795] team0: Port device team_slave_0 added [ 86.178241][ T5804] team0: Port device team_slave_1 added [ 86.179993][ T5808] team0: Port device team_slave_0 added [ 86.204985][ T5114] Bluetooth: hci2: command tx timeout [ 86.205158][ T5802] Bluetooth: hci1: command tx timeout [ 86.206057][ T5795] team0: Port device team_slave_1 added [ 86.206869][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.206878][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.206890][ T5803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.213897][ T5802] Bluetooth: hci0: command tx timeout [ 86.283085][ T5802] Bluetooth: hci3: command tx timeout [ 86.289529][ T5808] team0: Port device team_slave_1 added [ 86.318563][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.318579][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.318597][ T5803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.354410][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.354427][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.354451][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.373244][ T5802] Bluetooth: hci4: command tx timeout [ 86.390354][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.390371][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.390395][ T5804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.412315][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.412332][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.412356][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.413849][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.413862][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.413885][ T5795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.420249][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.420263][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.420286][ T5804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.421872][ T5808] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.421884][ T5808] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.421906][ T5808] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.425645][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.425659][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.425683][ T5795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.450714][ T5808] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.450738][ T5808] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.450761][ T5808] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.582381][ T5803] hsr_slave_0: entered promiscuous mode [ 86.585368][ T5803] hsr_slave_1: entered promiscuous mode [ 86.696454][ T5804] hsr_slave_0: entered promiscuous mode [ 86.698962][ T5804] hsr_slave_1: entered promiscuous mode [ 86.699948][ T5804] debugfs: 'hsr0' already exists in 'hsr' [ 86.700060][ T5804] Cannot create hsr debugfs directory [ 86.710735][ T5796] hsr_slave_0: entered promiscuous mode [ 86.712070][ T5796] hsr_slave_1: entered promiscuous mode [ 86.715041][ T5796] debugfs: 'hsr0' already exists in 'hsr' [ 86.715064][ T5796] Cannot create hsr debugfs directory [ 86.744668][ T5795] hsr_slave_0: entered promiscuous mode [ 86.745910][ T5795] hsr_slave_1: entered promiscuous mode [ 86.746824][ T5795] debugfs: 'hsr0' already exists in 'hsr' [ 86.746846][ T5795] Cannot create hsr debugfs directory [ 86.787393][ T5808] hsr_slave_0: entered promiscuous mode [ 86.788678][ T5808] hsr_slave_1: entered promiscuous mode [ 86.789515][ T5808] debugfs: 'hsr0' already exists in 'hsr' [ 86.789537][ T5808] Cannot create hsr debugfs directory [ 87.882703][ T5803] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 87.942587][ T5803] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.000738][ T5803] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.030546][ T5803] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.131719][ T5796] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 88.159071][ T5796] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 88.178242][ T5796] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 88.237048][ T5796] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 88.283074][ T5114] Bluetooth: hci1: command tx timeout [ 88.283103][ T5114] Bluetooth: hci2: command tx timeout [ 88.283233][ T5802] Bluetooth: hci0: command tx timeout [ 88.364072][ T5802] Bluetooth: hci3: command tx timeout [ 88.393607][ T5804] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.430952][ T5804] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.443204][ T5802] Bluetooth: hci4: command tx timeout [ 88.452185][ T5804] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.515421][ T5804] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.650857][ T5795] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.683124][ T5795] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.720696][ T5795] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.766338][ T5795] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.888360][ T5803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.906117][ T5808] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.957801][ T5808] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.989968][ T5808] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.010433][ T5808] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.080176][ T5803] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.119602][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.120349][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.144174][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.162355][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.162429][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.235708][ T5796] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.281985][ T756] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.282093][ T756] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.306407][ T5804] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.321272][ T1170] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.321361][ T1170] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.395149][ T5804] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.400281][ T5795] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.466968][ T1170] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.467508][ T1170] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.515381][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.515617][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.549512][ T5795] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.606944][ T5808] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.620477][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.620691][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.672106][ T1170] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.672235][ T1170] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.737179][ T5808] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.779728][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.779982][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.809847][ T1130] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.810050][ T1130] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.847113][ T5803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.079324][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.160208][ T5803] veth0_vlan: entered promiscuous mode [ 90.237367][ T5803] veth1_vlan: entered promiscuous mode [ 90.364813][ T5800] Bluetooth: hci2: command tx timeout [ 90.364846][ T5800] Bluetooth: hci1: command tx timeout [ 90.364970][ T5802] Bluetooth: hci0: command tx timeout [ 90.443240][ T5802] Bluetooth: hci3: command tx timeout [ 90.475718][ T5803] veth0_macvtap: entered promiscuous mode [ 90.488153][ T5804] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.514879][ T5803] veth1_macvtap: entered promiscuous mode [ 90.532584][ T5802] Bluetooth: hci4: command tx timeout [ 90.639981][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.677188][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.696096][ T5795] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.720177][ T69] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.728074][ T69] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.742565][ T5808] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.742823][ T69] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.752490][ T69] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.835313][ T5804] veth0_vlan: entered promiscuous mode [ 90.956792][ T5804] veth1_vlan: entered promiscuous mode [ 91.100499][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.100524][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.121354][ T5795] veth0_vlan: entered promiscuous mode [ 91.145255][ T5796] veth0_vlan: entered promiscuous mode [ 91.148969][ T5808] veth0_vlan: entered promiscuous mode [ 91.175773][ T5795] veth1_vlan: entered promiscuous mode [ 91.204187][ T5804] veth0_macvtap: entered promiscuous mode [ 91.211061][ T5808] veth1_vlan: entered promiscuous mode [ 91.218306][ T5796] veth1_vlan: entered promiscuous mode [ 91.235871][ T1170] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.235884][ T1170] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.244700][ T5804] veth1_macvtap: entered promiscuous mode [ 91.325741][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.349781][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.381635][ T5808] veth0_macvtap: entered promiscuous mode [ 91.384366][ T5795] veth0_macvtap: entered promiscuous mode [ 91.420091][ T59] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.436877][ T5795] veth1_macvtap: entered promiscuous mode [ 91.441865][ T5796] veth0_macvtap: entered promiscuous mode [ 91.458482][ T59] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.459099][ T5808] veth1_macvtap: entered promiscuous mode [ 91.483577][ T59] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.513264][ T59] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.523546][ T5796] veth1_macvtap: entered promiscuous mode [ 91.647817][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.672587][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.732748][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.746358][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.751747][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.809015][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.812133][ T69] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.830410][ T69] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.842546][ T69] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.852045][ T5798] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 91.869544][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.869563][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.874561][ T69] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.886420][ T69] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.909266][ T69] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.952393][ T69] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.972291][ T69] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.064301][ T5798] usb 2-1: Using ep0 maxpacket: 16 [ 92.066336][ T69] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.096664][ T5798] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 92.119108][ T5798] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 92.119137][ T5798] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.119154][ T5798] usb 2-1: Product: syz [ 92.119167][ T5798] usb 2-1: Manufacturer: syz [ 92.119180][ T5798] usb 2-1: SerialNumber: syz [ 92.150397][ T5798] usb 2-1: config 0 descriptor?? [ 92.174157][ T69] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.178152][ T1170] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.178171][ T1170] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.178837][ T69] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.180676][ T5798] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 92.180697][ T5798] em28xx 2-1:0.0: DVB interface 0 found: bulk [ 92.259951][ T69] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.443617][ T5114] Bluetooth: hci1: command tx timeout [ 92.443649][ T5114] Bluetooth: hci2: command tx timeout [ 92.443697][ T5802] Bluetooth: hci0: command tx timeout [ 92.523211][ T5802] Bluetooth: hci3: command tx timeout [ 92.603501][ T5802] Bluetooth: hci4: command tx timeout [ 92.669665][ T1170] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.669683][ T1170] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.769230][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.769249][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.826006][ T5798] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 92.878823][ T756] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.878844][ T756] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.985339][ T756] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.985432][ T756] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.101444][ T756] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.101464][ T756] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.463652][ T5798] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 94.463694][ T5798] em28xx 2-1:0.0: board has no eeprom [ 94.563436][ T5798] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 94.563478][ T5798] em28xx 2-1:0.0: dvb set to bulk mode. [ 94.568709][ T5877] em28xx 2-1:0.0: Binding DVB extension [ 94.644291][ T5798] usb 2-1: USB disconnect, device number 2 [ 94.650754][ T5798] em28xx 2-1:0.0: Disconnecting em28xx [ 94.815271][ T5877] em28xx 2-1:0.0: Registering input extension [ 94.819493][ T5798] em28xx 2-1:0.0: Closing input extension [ 94.877226][ T5798] em28xx 2-1:0.0: Freeing device [ 95.296683][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.296704][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.438504][ T5913] netlink: 'syz.1.6': attribute type 9 has an invalid length. [ 95.438562][ T5913] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.6'. [ 99.519468][ T5935] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 99.944076][ T37] audit: type=1326 audit(1770053049.279:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5939 comm="syz.1.11" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f698f11aeb9 code=0x0 [ 104.752888][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 107.722887][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 107.722927][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 107.722959][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 107.722990][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 107.723020][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 107.723051][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 107.723083][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 107.723114][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 107.723144][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 108.526135][ T5967] process 'syz.0.18' launched '/dev/fd/3/./file1' with NULL argv: empty string added [ 110.239669][ T5980] 9pnet_virtio: no channels available for device syz [ 111.478866][ T5988] 9pnet_virtio: no channels available for device syz [ 111.828519][ T5800] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 111.854486][ T5800] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 111.862364][ T5800] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 111.888647][ T5800] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 111.896837][ T5800] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 113.590281][ T6012] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8) [ 113.590308][ T6012] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 113.592584][ T6012] vhci_hcd vhci_hcd.0: Device attached [ 113.745964][ T6012] input: syz0 as /devices/virtual/input/input7 [ 113.923638][ T9] usb 42-1: SetAddress Request (2) to port 0 [ 113.923708][ T9] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd [ 113.980264][ T5800] Bluetooth: hci5: command tx timeout [ 114.034618][ T6013] vhci_hcd: connection reset by peer [ 114.072997][ T69] vhci_hcd vhci_hcd.4: stop threads [ 114.074489][ T69] vhci_hcd vhci_hcd.4: release socket [ 114.074830][ T69] vhci_hcd vhci_hcd.4: disconnect device [ 115.971994][ T6038] netlink: 'syz.3.35': attribute type 9 has an invalid length. [ 115.972008][ T6038] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.35'. [ 116.044424][ T5800] Bluetooth: hci5: command tx timeout [ 118.959746][ T5800] Bluetooth: hci5: command tx timeout [ 119.013269][ T9] usb 42-1: device descriptor read/8, error -110 [ 119.153243][ T37] audit: type=1326 audit(1770053068.499:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6049 comm="syz.1.38" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f698f11aeb9 code=0x0 [ 119.312701][ T59] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.403868][ T5857] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 119.403893][ T5857] Bluetooth: hci0: Error when powering off device on rfkill (-110) [ 119.450681][ T9] usb usb42-port1: attempt power cycle [ 119.484608][ T5800] Bluetooth: hci0: command 0x0c1a tx timeout [ 120.218206][ T59] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.349137][ T9] usb usb42-port1: unable to enumerate USB device [ 120.403341][ T5992] chnl_net:caif_netlink_parms(): no params data found [ 120.890669][ T6066] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 120.890686][ T6066] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 120.890745][ T6066] vhci_hcd vhci_hcd.0: Device attached [ 121.003086][ T5800] Bluetooth: hci5: command tx timeout [ 121.176635][ T6066] input: syz0 as /devices/virtual/input/input8 [ 121.359921][ T6072] vhci_hcd: connection closed [ 121.383173][ T5937] usb 40-1: SetAddress Request (2) to port 0 [ 121.383257][ T5937] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd [ 121.430067][ T43] vhci_hcd vhci_hcd.3: stop threads [ 121.430094][ T43] vhci_hcd vhci_hcd.3: release socket [ 121.430163][ T43] vhci_hcd vhci_hcd.3: disconnect device [ 121.900356][ T5800] Bluetooth: hci1: command 0x0c1a tx timeout [ 121.951805][ T5857] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 121.951824][ T5857] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 122.561643][ T59] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.496561][ T5857] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 125.496586][ T5857] Bluetooth: hci2: Error when powering off device on rfkill (-110) [ 125.523119][ T5800] Bluetooth: hci2: command 0x0c1a tx timeout [ 125.816989][ T59] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.443082][ T5937] usb 40-1: device descriptor read/8, error -110 [ 127.624791][ T5937] usb usb40-port1: attempt power cycle [ 127.773467][ T5992] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.773652][ T5992] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.773883][ T5992] bridge_slave_0: entered allmulticast mode [ 127.777687][ T5992] bridge_slave_0: entered promiscuous mode [ 127.840744][ T5992] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.840878][ T5992] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.841108][ T5992] bridge_slave_1: entered allmulticast mode [ 127.907544][ T5992] bridge_slave_1: entered promiscuous mode [ 127.963962][ T5857] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 127.963984][ T5857] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 127.966049][ T5800] Bluetooth: hci3: command 0x0c1a tx timeout [ 128.180601][ T5992] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 128.195784][ T5937] usb usb40-port1: unable to enumerate USB device [ 128.422292][ T5992] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 137.744323][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.744419][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 142.250641][ T5992] team0: Port device team_slave_0 added [ 142.935483][ T5992] team0: Port device team_slave_1 added [ 144.023385][ T6204] 9pnet_virtio: no channels available for device syz [ 154.846442][ T5992] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 154.846459][ T5992] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 154.846483][ T5992] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 158.004650][ T5992] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 158.004666][ T5992] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 158.004691][ T5992] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 158.006576][ T59] bridge_slave_1: left allmulticast mode [ 158.006689][ T59] bridge_slave_1: left promiscuous mode [ 158.008503][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.971862][ T59] bridge_slave_0: left allmulticast mode [ 161.971891][ T59] bridge_slave_0: left promiscuous mode [ 161.972121][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.609926][ T6275] 9pnet_virtio: no channels available for device syz [ 165.253375][ T5937] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 165.647917][ T5937] usb 5-1: config 0 has an invalid interface number: 37 but max is 0 [ 165.647972][ T5937] usb 5-1: config 0 has no interface number 0 [ 165.677159][ T5937] usb 5-1: New USB device found, idVendor=2639, idProduct=0003, bcdDevice=fd.62 [ 165.677213][ T5937] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 165.677231][ T5937] usb 5-1: Product: syz [ 165.677244][ T5937] usb 5-1: Manufacturer: syz [ 165.677257][ T5937] usb 5-1: SerialNumber: syz [ 166.016577][ T5937] usb 5-1: config 0 descriptor?? [ 166.135718][ T5937] usb 5-1: can't set config #0, error -71 [ 166.161163][ T5937] usb 5-1: USB disconnect, device number 2 [ 166.885431][ T6307] input: syz0 as /devices/virtual/input/input9 [ 168.158424][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 168.226570][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 168.526120][ T59] bond0 (unregistering): Released all slaves [ 168.816461][ T6315] ntfs3(nullb0): Primary boot signature is not NTFS. [ 168.817030][ T6315] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 171.520533][ T5800] Bluetooth: hci5: command 0x0c1a tx timeout [ 171.534656][ T5857] Bluetooth: hci5: Opcode 0x0c1a failed: -110 [ 171.534679][ T5857] Bluetooth: hci5: Error when powering off device on rfkill (-110) [ 172.266124][ T6339] netlink: 4 bytes leftover after parsing attributes in process `syz.4.108'. [ 172.406976][ T5802] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 172.418941][ T5802] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 172.422437][ T5802] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 172.432458][ T5802] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 172.437590][ T5802] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 173.985720][ T5800] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 173.988112][ T5800] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 173.988514][ T5800] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 173.990030][ T5800] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 173.990782][ T5800] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 174.185228][ T6358] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 174.185255][ T6358] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 174.185338][ T6358] vhci_hcd vhci_hcd.0: Device attached [ 174.504989][ T6359] vhci_hcd: connection closed [ 174.509657][ T2141] vhci_hcd vhci_hcd.3: stop threads [ 174.509685][ T2141] vhci_hcd vhci_hcd.3: release socket [ 174.530008][ T2141] vhci_hcd vhci_hcd.3: disconnect device [ 174.553056][ T5857] usb 40-1: enqueue for inactive port 0 [ 174.866358][ T6358] smc: net device ip6_vti0 applied user defined pnetid SYZ1 [ 175.080588][ T5857] usb usb40-port1: attempt power cycle [ 176.040755][ T5857] usb usb40-port1: unable to enumerate USB device [ 176.043223][ T5802] Bluetooth: hci4: command tx timeout [ 176.279346][ T6383] netlink: 'syz.1.117': attribute type 9 has an invalid length. [ 176.279360][ T6383] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.117'. [ 178.124320][ T5802] Bluetooth: hci4: command tx timeout [ 178.167297][ T6399] netlink: 4 bytes leftover after parsing attributes in process `syz.4.120'. [ 178.552520][ T59] hsr_slave_0: left promiscuous mode [ 178.812938][ T59] hsr_slave_1: left promiscuous mode [ 178.825085][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 178.825237][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 178.957471][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 178.957498][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 179.099593][ T6412] 9pnet_virtio: no channels available for device syz [ 180.203438][ T5802] Bluetooth: hci4: command tx timeout [ 182.455167][ T5802] Bluetooth: hci4: command tx timeout [ 183.212087][ T59] veth1_macvtap: left promiscuous mode [ 183.292296][ T59] veth0_macvtap: left promiscuous mode [ 183.318587][ T59] veth1_vlan: left promiscuous mode [ 183.382001][ T59] veth0_vlan: left promiscuous mode [ 195.746114][ T6454] netlink: 'syz.1.131': attribute type 9 has an invalid length. [ 195.746129][ T6454] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.131'. [ 197.679841][ T6468] ntfs3(nullb0): Primary boot signature is not NTFS. [ 197.680320][ T6468] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 198.723684][ T6469] ntfs3(nullb0): Primary boot signature is not NTFS. [ 198.723816][ T6469] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 200.860316][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 200.860384][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 203.272959][ T6490] netlink: 'syz.3.140': attribute type 9 has an invalid length. [ 203.272974][ T6490] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.140'. [ 203.311549][ T5800] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 203.331537][ T5800] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 203.359686][ T5800] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 203.375430][ T5800] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 203.384976][ T5800] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 203.883707][ T6498] 9pnet_virtio: no channels available for device syz [ 205.873977][ T5802] Bluetooth: hci5: command tx timeout [ 206.663135][ T927] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 207.883429][ T5802] Bluetooth: hci5: command tx timeout [ 209.680046][ T927] usb 2-1: device not accepting address 3, error -71 [ 209.963466][ T5802] Bluetooth: hci5: command tx timeout [ 212.053560][ T5802] Bluetooth: hci5: command tx timeout [ 212.423459][ T59] team0 (unregistering): Port device team_slave_1 removed [ 212.543128][ T927] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 212.678625][ T59] team0 (unregistering): Port device team_slave_0 removed [ 212.708663][ T927] usb 2-1: config 0 has an invalid interface number: 37 but max is 0 [ 212.708691][ T927] usb 2-1: config 0 has no interface number 0 [ 212.712206][ T927] usb 2-1: New USB device found, idVendor=2639, idProduct=0003, bcdDevice=fd.62 [ 212.712235][ T927] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.712254][ T927] usb 2-1: Product: syz [ 212.712268][ T927] usb 2-1: Manufacturer: syz [ 212.712281][ T927] usb 2-1: SerialNumber: syz [ 212.719676][ T927] usb 2-1: config 0 descriptor?? [ 212.943227][ T5930] usb 2-1: USB disconnect, device number 5 [ 213.904076][ T6548] overlayfs: failed to resolve './bus': -2 [ 218.099656][ T6574] overlayfs: failed to resolve './bus': -2 [ 227.452259][ T5800] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 227.463121][ T5800] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 227.464280][ T5800] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 227.465870][ T5800] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 227.466702][ T5800] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 231.256192][ T5800] Bluetooth: hci6: command tx timeout [ 232.151211][ T6622] overlayfs: failed to resolve './bus': -2 [ 233.096423][ T5802] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 233.099280][ T5802] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 233.105606][ T5802] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 233.117905][ T5802] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 233.120581][ T5802] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 233.414729][ T5800] Bluetooth: hci6: command tx timeout [ 233.453418][ T6637] 9pnet_virtio: no channels available for device syz [ 234.164022][ T6641] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 234.164046][ T6641] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 234.164131][ T6641] vhci_hcd vhci_hcd.0: Device attached [ 234.223018][ T6641] input: syz0 as /devices/virtual/input/input10 [ 234.388839][ T6646] vhci_hcd: connection closed [ 234.392142][ T1113] vhci_hcd vhci_hcd.3: stop threads [ 234.392169][ T1113] vhci_hcd vhci_hcd.3: release socket [ 234.392258][ T1113] vhci_hcd vhci_hcd.3: disconnect device [ 234.634601][ T6655] 9pnet_virtio: no channels available for device syz [ 235.242980][ T5800] Bluetooth: hci7: command tx timeout [ 235.498757][ T5800] Bluetooth: hci6: command tx timeout [ 236.523451][ T5800] Bluetooth: hci4: command 0x0c1a tx timeout [ 236.782260][ T6670] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 236.782367][ T6670] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 236.782934][ T6670] overlayfs: missing 'lowerdir' [ 236.930649][ T5937] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 236.931098][ T5937] Bluetooth: hci4: Error when powering off device on rfkill (-110) [ 237.319790][ T6674] netlink: 'syz.3.181': attribute type 9 has an invalid length. [ 237.319804][ T6674] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.181'. [ 237.349959][ T5800] Bluetooth: hci7: command tx timeout [ 237.574168][ T5802] Bluetooth: hci6: command tx timeout [ 238.057890][ T6678] netlink: 'syz.1.182': attribute type 9 has an invalid length. [ 238.057906][ T6678] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.182'. [ 239.407157][ T5800] Bluetooth: hci5: command 0x0c1a tx timeout [ 239.427941][ T5802] Bluetooth: hci7: command tx timeout [ 239.431337][ T5937] Bluetooth: hci5: Opcode 0x0c1a failed: -110 [ 239.431416][ T5937] Bluetooth: hci5: Error when powering off device on rfkill (-110) [ 239.598783][ T6695] 9pnet_virtio: no channels available for device syz [ 240.529728][ T6716] netlink: 'syz.3.186': attribute type 9 has an invalid length. [ 240.529742][ T6716] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.186'. [ 241.173043][ T59] bridge_slave_1: left allmulticast mode [ 241.173073][ T59] bridge_slave_1: left promiscuous mode [ 241.173351][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.320948][ T59] bridge_slave_0: left allmulticast mode [ 241.320986][ T59] bridge_slave_0: left promiscuous mode [ 241.343625][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.482971][ T5800] Bluetooth: hci7: command tx timeout [ 242.123057][ T5937] Bluetooth: hci6: Opcode 0x0c1a failed: -110 [ 242.123083][ T5937] Bluetooth: hci6: Error when powering off device on rfkill (-110) [ 242.123196][ C1] ------------[ cut here ]------------ [ 242.123204][ C1] workqueue: cannot queue hci_cmd_timeout on wq hci6 [ 242.123237][ C1] WARNING: kernel/workqueue.c:2252 at __queue_work+0xd5c/0xff0, CPU#1: ktimers/1/29 [ 242.123265][ C1] Modules linked in: [ 242.123299][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 242.123320][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 242.123335][ C1] RIP: 0010:__queue_work+0xd87/0xff0 [ 242.123359][ C1] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 4a 7a 9b 00 49 8b 75 00 49 81 c7 68 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d e9 01 fb [ 242.123373][ C1] RSP: 0000:ffffc90000a3f930 EFLAGS: 00010082 [ 242.123385][ C1] RAX: 1ffff11003ff6953 RBX: 0000000000000008 RCX: ffff88801cad9e40 [ 242.123395][ C1] RDX: ffff88814dbc4168 RSI: ffffffff8a01eb10 RDI: ffffffff8f4a9e90 [ 242.123405][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100 [ 242.123414][ C1] R10: dffffc0000000000 R11: ffffffff818c2840 R12: dffffc0000000000 [ 242.123424][ C1] R13: ffff88801ffb4a98 R14: ffffffff8f4a9e90 R15: ffff88814dbc4168 [ 242.123434][ C1] FS: 0000000000000000(0000) GS:ffff8881266c9000(0000) knlGS:0000000000000000 [ 242.123463][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 242.123473][ C1] CR2: 0000001b2f019ff8 CR3: 000000001e796000 CR4: 00000000003526f0 [ 242.123486][ C1] Call Trace: [ 242.123492][ C1] [ 242.123503][ C1] ? do_raw_spin_lock+0x12b/0x2f0 [ 242.123536][ C1] call_timer_fn+0x192/0x5a0 [ 242.123555][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 242.123571][ C1] ? call_timer_fn+0xd4/0x5a0 [ 242.123587][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 242.123614][ C1] ? do_raw_spin_unlock+0xf5/0x210 [ 242.123637][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 242.123655][ C1] __run_timer_base+0x764/0x9f0 [ 242.123686][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 242.123709][ C1] ? __local_bh_disable_ip+0x3c/0x420 [ 242.123731][ C1] run_timer_softirq+0xb7/0x170 [ 242.123750][ C1] handle_softirqs+0x1de/0x640 [ 242.123775][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 242.123793][ C1] run_ktimerd+0x69/0x100 [ 242.123814][ C1] smpboot_thread_fn+0x541/0xa50 [ 242.123831][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 242.123862][ C1] kthread+0x726/0x8b0 [ 242.123883][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 242.123899][ C1] ? __pfx_kthread+0x10/0x10 [ 242.123915][ C1] ? rt_spin_unlock+0x14f/0x200 [ 242.123934][ C1] ? rt_spin_unlock+0x160/0x200 [ 242.123948][ C1] ? __pfx_kthread+0x10/0x10 [ 242.123967][ C1] ret_from_fork+0x51b/0xa40 [ 242.123986][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 242.124000][ C1] ? __switch_to+0xc82/0x1410 [ 242.124028][ C1] ? __pfx_kthread+0x10/0x10 [ 242.124050][ C1] ret_from_fork_asm+0x1a/0x30 [ 242.124084][ C1] [ 242.124092][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 242.124104][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 242.124121][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 242.124139][ C1] Call Trace: [ 242.124145][ C1] [ 242.124151][ C1] vpanic+0x1e0/0x670 [ 242.124174][ C1] panic+0xc5/0xd0 [ 242.124193][ C1] ? __pfx_panic+0x10/0x10 [ 242.124220][ C1] ? ret_from_fork_asm+0x1a/0x30 [ 242.124246][ C1] __warn+0x315/0x4a0 [ 242.124266][ C1] ? __queue_work+0xd5c/0xff0 [ 242.124283][ C1] ? __queue_work+0xd5c/0xff0 [ 242.124301][ C1] __report_bug+0x29a/0x540 [ 242.124328][ C1] ? __queue_work+0xd5c/0xff0 [ 242.124345][ C1] ? __pfx___report_bug+0x10/0x10 [ 242.124364][ C1] ? __pfx_hci_cmd_timeout+0x10/0x10 [ 242.124380][ C1] ? register_lock_class+0x31/0x2e0 [ 242.124399][ C1] ? __lock_acquire+0x6b5/0x2cf0 [ 242.124417][ C1] report_bug_entry+0x19a/0x290 [ 242.124437][ C1] ? __queue_work+0xd87/0xff0 [ 242.124451][ C1] ? __queue_work+0xd8c/0xff0 [ 242.124465][ C1] handle_bug+0xca/0x200 [ 242.124489][ C1] exc_invalid_op+0x1a/0x50 [ 242.124511][ C1] asm_exc_invalid_op+0x1a/0x20 [ 242.124527][ C1] RIP: 0010:__queue_work+0xd87/0xff0 [ 242.124543][ C1] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 4a 7a 9b 00 49 8b 75 00 49 81 c7 68 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d e9 01 fb [ 242.124556][ C1] RSP: 0000:ffffc90000a3f930 EFLAGS: 00010082 [ 242.124570][ C1] RAX: 1ffff11003ff6953 RBX: 0000000000000008 RCX: ffff88801cad9e40 [ 242.124581][ C1] RDX: ffff88814dbc4168 RSI: ffffffff8a01eb10 RDI: ffffffff8f4a9e90 [ 242.124592][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100 [ 242.124602][ C1] R10: dffffc0000000000 R11: ffffffff818c2840 R12: dffffc0000000000 [ 242.124614][ C1] R13: ffff88801ffb4a98 R14: ffffffff8f4a9e90 R15: ffff88814dbc4168 [ 242.124630][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 242.124651][ C1] ? __pfx_hci_cmd_timeout+0x10/0x10 [ 242.124669][ C1] ? do_raw_spin_lock+0x12b/0x2f0 [ 242.124702][ C1] call_timer_fn+0x192/0x5a0 [ 242.124729][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 242.124744][ C1] ? call_timer_fn+0xd4/0x5a0 [ 242.124761][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 242.124788][ C1] ? do_raw_spin_unlock+0xf5/0x210 [ 242.124816][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 242.124835][ C1] __run_timer_base+0x764/0x9f0 [ 242.124870][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 242.124893][ C1] ? __local_bh_disable_ip+0x3c/0x420 [ 242.124915][ C1] run_timer_softirq+0xb7/0x170 [ 242.124931][ C1] handle_softirqs+0x1de/0x640 [ 242.124954][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 242.124970][ C1] run_ktimerd+0x69/0x100 [ 242.124989][ C1] smpboot_thread_fn+0x541/0xa50 [ 242.125008][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 242.125035][ C1] kthread+0x726/0x8b0 [ 242.125058][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 242.125074][ C1] ? __pfx_kthread+0x10/0x10 [ 242.125089][ C1] ? rt_spin_unlock+0x14f/0x200 [ 242.125108][ C1] ? rt_spin_unlock+0x160/0x200 [ 242.125122][ C1] ? __pfx_kthread+0x10/0x10 [ 242.125141][ C1] ret_from_fork+0x51b/0xa40 [ 242.125158][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 242.125173][ C1] ? __switch_to+0xc82/0x1410 [ 242.125199][ C1] ? __pfx_kthread+0x10/0x10 [ 242.125219][ C1] ret_from_fork_asm+0x1a/0x30 [ 242.125254][ C1] [ 242.125894][ C1] Kernel Offset: disabled