last executing test programs: 2m25.015872683s ago: executing program 0 (id=482): socket$nl_route(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b2b, &(0x7f0000000040)={'wlan1\x00', @random="008000"}) 2m24.489791568s ago: executing program 0 (id=483): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x1, 0x1cb8c0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141102) socket$vsock_stream(0x28, 0x1, 0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) socket$xdp(0x2c, 0x3, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) pselect6(0x40, &(0x7f00000001c0)={0xa00, 0x0, 0x100000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000005}, 0x0, 0x0) 2m23.394906702s ago: executing program 0 (id=489): r0 = socket$inet6(0xa, 0x3, 0x3c) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a00000709000100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x4000810) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) setrlimit(0x0, &(0x7f0000000180)={0x6}) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) ioctl$int_out(r2, 0x0, &(0x7f0000000040)) openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendmsg$NFC_CMD_LLC_SET_PARAMS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x7, &(0x7f0000001fc0)={&(0x7f0000001f40)={0x24, 0x0, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@NFC_ATTR_LLC_PARAM_LTO={0x5, 0xf, 0x4f}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000045}, 0x5000) sendfile(r4, r4, 0x0, 0x200902) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x5000, 0x0, @loopback, 0x5}, 0x1c) syz_extract_tcp_res(&(0x7f0000000580), 0x8147, 0x200) syz_extract_tcp_res(&(0x7f00000005c0)={0x41424344}, 0xff, 0x1) mlock(&(0x7f0000869000/0x4000)=nil, 0x4000) syz_emit_ethernet(0x5a, &(0x7f0000000500)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}, @void, {@ipv4={0x800, @tcp={{0x8, 0x4, 0x1, 0x8, 0x4c, 0x65, 0x0, 0x3, 0x6, 0x0, @private=0xa010102, @private=0xa010102, {[@rr={0x7, 0xb, 0x35, [@broadcast, @empty]}]}}, {{0x4e22, 0x4e23, r5, 0x41424344, 0x1, 0x0, 0xb, 0xc2, 0x5, 0x0, 0x9, {[@window={0x3, 0x3}, @generic={0x1, 0x12, "ff9a30062b66ab5f75734e0d07e2adcd"}]}}}}}}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x64, 0x30, 0xb, 0x0, 0x0, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x9}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1) 2m19.918159625s ago: executing program 0 (id=496): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, 0x0, 0x0, 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x94) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) sched_setscheduler(0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) eventfd(0xfffffff9) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000800)=""/90}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000340)=0x1) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000380)={0x0, 0x3fb, 0x7fff}) 2m17.310036402s ago: executing program 0 (id=503): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x87, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x6, 0x8, 0x8001, 0x0, 0xb3, 0x4, 0xfffffe0000000001, 0x7, 0xffffffff}, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f00000007c0)=ANY=[], 0x119) r3 = add_key$user(&(0x7f0000000000), &(0x7f0000000340)={'syz', 0x2}, &(0x7f0000000480)="d25a9850a9a91163f76c5357f3bbadf2656e10d77f85d1028e60ab4e45b931e71645d3d636e82cfdeaadb674e1693d4a7de63820fefc4f787e272b122ebbff6884b3de82f8a3df9a2d0b67e46c349917110300b94240185146e52ac1540130161b6534e99e466173af4c775f238fae344b198915446b576be455f251e79f7ec703f937cd8530410f37000000000000", 0x8f, 0xfffffffffffffffe) r4 = add_key$user(0x0, &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r3, r4, r3}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000008000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x50) syz_open_dev$sg(&(0x7f0000000000), 0x4, 0x8000) bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB], 0x48) socketpair(0x2b, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) syz_emit_ethernet(0x141, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaabba6dde655713788a84d008100300086dd61ab279c0103110000000000000000000000ffffac141433fe8000000000000000000000000000aa4e244e200103907801080000c1dbb85dd2e710187de2755a5a57d363edcc98333396facdd578da8e3397d001e80760a98182e1710242074ac83b3c45d4a8b083f79845a644998482b934a5e5a952841f0bc8a73e29e69415f57196bae21959e6bff3cb8c187d29ca1836a5b5b472220c5347b89e5bebc5822ae74b2c95ecc9a2922be9b0f9c175a65288afe257b388af0d64993787f5e69bd9519d85251666398c780426ce186e030c45e89cc798819a217381dcf681cc4f3de35b861da7c42ea80082e41a9f3e3c6459a2749875ab86bc23192827a66dbeb8fcee5cd34f8bbd91ef27bb0574bba8b42193f0034f9f34bc9b77de6e6e59071b5d90e441ec4ee4"], 0x0) r5 = syz_open_dev$sndctrl(&(0x7f00000012c0), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r5, 0xc2c45512, &(0x7f0000000a00)={{0x8, 0x0, 0x0, 0x8, 'syz1\x00'}, 0x0, [0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800]}) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x4}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) 2m13.354753509s ago: executing program 0 (id=508): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x60800, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r3 = gettid() r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000840), 0x0) read(r4, &(0x7f0000000200)=""/209, 0xd1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r4, 0x4040534e, &(0x7f0000000180)={0x335, @time={0x8, 0x5}, 0x42, {}, 0x2, 0x0, 0x40}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r4, 0x40045304, &(0x7f0000000300)={0x8106, 0xc93b, 0x1, 'queue0\x00', 0x80000001}) tkill(r3, 0x7) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x1f, 0x11, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000001000000850000007b000000b708000000000000dbaaf8fff1000000b5080000020000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b705000008000000850000006a0000009500000000000000"], &(0x7f0000000600)='GPL\x00', 0xa, 0x0, 0x0, 0x41000, 0x1e, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000040)={r6}, 0xc) r7 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x1f, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x20000001, 0x0, 0x0, 0x0, 0xfffffffd}, [@call={0x85, 0x0, 0x0, 0x13}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r8 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000) ioctl$DVB_DEMUX_DMX_SET_FILTER(r8, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"2ac78e02ff04856af9fb71f0d3fe13be", "3dfab043e15fad27a639f105b5e9f977", "47eb0b1889b90f105d66b3e5a7c94742"}, 0x4, 0x4}) preadv(r8, &(0x7f0000000480)=[{&(0x7f0000000180)=""/1, 0x1}], 0x1, 0x1, 0xd) r9 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x441c2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001980)=@base={0x1a, 0x5, 0x100, 0x8, 0x102, 0xffffffffffffffff, 0xc0000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x2}, 0x50) ftruncate(r9, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$TOKEN_CREATE(0x24, &(0x7f00000003c0)={0x0, r2}, 0x8) recvmmsg(r11, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0) sendfile(r10, r9, 0x0, 0x578410eb) 1m57.988444345s ago: executing program 32 (id=508): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x60800, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r3 = gettid() r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000840), 0x0) read(r4, &(0x7f0000000200)=""/209, 0xd1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r4, 0x4040534e, &(0x7f0000000180)={0x335, @time={0x8, 0x5}, 0x42, {}, 0x2, 0x0, 0x40}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r4, 0x40045304, &(0x7f0000000300)={0x8106, 0xc93b, 0x1, 'queue0\x00', 0x80000001}) tkill(r3, 0x7) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x1f, 0x11, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000001000000850000007b000000b708000000000000dbaaf8fff1000000b5080000020000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b705000008000000850000006a0000009500000000000000"], &(0x7f0000000600)='GPL\x00', 0xa, 0x0, 0x0, 0x41000, 0x1e, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000040)={r6}, 0xc) r7 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x1f, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x20000001, 0x0, 0x0, 0x0, 0xfffffffd}, [@call={0x85, 0x0, 0x0, 0x13}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r8 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000) ioctl$DVB_DEMUX_DMX_SET_FILTER(r8, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"2ac78e02ff04856af9fb71f0d3fe13be", "3dfab043e15fad27a639f105b5e9f977", "47eb0b1889b90f105d66b3e5a7c94742"}, 0x4, 0x4}) preadv(r8, &(0x7f0000000480)=[{&(0x7f0000000180)=""/1, 0x1}], 0x1, 0x1, 0xd) r9 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x441c2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001980)=@base={0x1a, 0x5, 0x100, 0x8, 0x102, 0xffffffffffffffff, 0xc0000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x2}, 0x50) ftruncate(r9, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$TOKEN_CREATE(0x24, &(0x7f00000003c0)={0x0, r2}, 0x8) recvmmsg(r11, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0) sendfile(r10, r9, 0x0, 0x578410eb) 1m38.676186879s ago: executing program 3 (id=571): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='maps\x00') exit(0x80000000) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_CONTINUE(r0, 0x8010aa01, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) 1m37.700397743s ago: executing program 3 (id=573): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@hyper}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000000)={{@hyper, 0x10400003}, @hyper, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1}) close(r0) 1m36.708485138s ago: executing program 3 (id=574): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xb2, &(0x7f0000000140)=""/178, 0x2c8a4ed31704d5db, 0x6f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x100, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(r3, 0x0, 0x0) sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, 0x0, 0x0) 1m34.682026162s ago: executing program 3 (id=577): socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xb, 0xfffffffffffffffe, 0xfffffffc}, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000019080)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, 0x0, 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000003c0), 0x8040, 0x0) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_SETTRIGGER(r1, 0x40045010, &(0x7f0000000000)=0x6728) write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) close_range(r0, 0xffffffffffffffff, 0x0) 1m33.905497234s ago: executing program 3 (id=579): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x61) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x103080, 0x0) syz_open_dev$usbfs(&(0x7f00000000c0), 0x1, 0x92082) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000000)={0x6, 0x4, &(0x7f0000001a00)=ANY=[@ANYBLOB], &(0x7f0000001a40)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000500)={0x5, 0x5, {0x0}, {}, 0x3c, 0x4b6}) ptrace$PTRACE_SETSIGMASK(0x420b, r3, 0x8, &(0x7f0000000540)={[0x1]}) lsetxattr$trusted_overlay_redirect(0x0, &(0x7f0000000480), 0x0, 0x0, 0x1) r4 = socket$netlink(0x10, 0x3, 0x4) writev(r4, &(0x7f0000000300)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560aff820fffff5bab003a0000002058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100040c100000000100224e0000", 0x58}], 0x1) syz_open_procfs(0x0, &(0x7f0000000580)='stack\x00') r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r5, 0x4038ae7a, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000000000c02000000000000000000000d0000000000005f00a4330b05b81792a507cfe9a9510ecad25e"], 0x0, 0x34}, 0x28) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r6, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x5, 0x5}, 0x28, [0x9, 0x2, 0x18, 0x2, 0x2, 0x400, 0x80000000, 0x0, 0x8, 0x0, 0x6, 0x1, 0xfffffffb, 0x39, 0x747d5e13, 0x800, 0xfffffb9a, 0xfffffffb, 0x0, 0xfffffffb, 0x2004, 0x3, 0x0, 0xf250, 0x80, 0x4800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x10001, 0x1ff, 0x208000, 0x0, 0x3, 0xc, 0x3, 0xba55, 0x8da8, 0x2, 0x200, 0x2, 0x4, 0xe, 0x4, 0x2, 0x6f, 0x8, 0x409, 0x7, 0x199d, 0x6, 0x2, 0x9, 0xffffffff, 0x4, 0x0, 0x1000, 0x5, 0x3d, 0x8, 0xa, 0x5], [0x7, 0x1e, 0x3, 0x8000, 0xfffffffd, 0x3, 0x0, 0x25, 0x7, 0xfffffffc, 0x8, 0x7fff, 0x72c, 0x1c32, 0x3, 0x5, 0x10000, 0x400, 0x7ffd, 0x3, 0x3, 0x297, 0x5, 0x0, 0x981, 0x4, 0x0, 0x3ff, 0x0, 0xfffffffe, 0x8, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x7, 0x1, 0xffffffff, 0x6, 0x200000c, 0x800, 0xffff, 0x6, 0x96, 0xfffffff9, 0x2, 0x0, 0x2, 0x400, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x7, 0x200, 0x3], [0x401, 0x8000c584, 0xffff, 0xcd3, 0x7, 0x1f, 0x404, 0x4, 0x4008, 0xc, 0x7, 0x9, 0xe88, 0x5, 0x80000001, 0x8, 0x3f92, 0x1000, 0x0, 0x10, 0x1, 0xfffffff9, 0x0, 0x1000, 0x80040101, 0x5, 0x4, 0x5, 0x200003, 0x2, 0x5, 0x80, 0x9, 0xf8, 0x10000, 0x0, 0x3, 0x400004, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x9, 0x956, 0x0, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2005, 0x9, 0x4, 0x9cf1, 0x9, 0x20000005, 0x3, 0xd9, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0xffff, 0x3, 0x3, 0x88, 0x2, 0x4000000, 0x6, 0x50, 0x2, 0x763, 0xb, 0x402, 0x1, 0x5, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x3, 0x4, 0xe47, 0x4, 0x3, 0x4, 0x200, 0x2851, 0x3b, 0x20000001, 0x5, 0x5, 0xa80a, 0x65f413f9, 0x4, 0x20008, 0x8a5, 0x86, 0x44, 0x409, 0x6, 0x4, 0x4, 0xe, 0x4, 0xffffffff, 0x8001, 0xffff8a33, 0xfffffff8, 0x401, 0x3, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x101, 0xf, 0xf, 0x136, 0x6]}, 0x45c) ioctl$UI_DEV_SETUP(r6, 0x405c5503, &(0x7f0000000140)={{0x400, 0x7, 0x6}, 'syz1\x00', 0x40}) openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) 1m30.341094148s ago: executing program 3 (id=584): socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$tty1(0xc, 0x4, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB='`'], 0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setrlimit(0xc, &(0x7f0000000200)={0x3, 0x4}) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}}, 0x800) recvmmsg(r1, &(0x7f0000007700), 0x318, 0xfc0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f0000000ac0)={'filter\x00', 0x102, 0x4, 0x404, 0x0, 0x10c, 0x10c, 0x324, 0x324, 0x324, 0x4, 0x0, {[{{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@link_local, @empty, @remote, @multicast1}}}, {{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@broadcast, @mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0xb}, @multicast2, @empty, 0x9, 0xffffffff}}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {}, {@empty, {[0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'batadv_slave_1\x00', 'ipvlan1\x00'}, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@random="e9fb760d26c0", @multicast1, @broadcast}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x450) setsockopt$RDS_CONG_MONITOR(0xffffffffffffffff, 0x114, 0x6, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000090000000000000000000000000a20000000000a01040000000000000000010000020900010073797a30000000002c000000030a01020000000000000000a770b7c60100fffe0900010073797a30000000000900030073797a30000000002c000000060a010400000000000000000100000008000b4000000008040004800900010073797a3000000000140000001100010000000000000000000000000a8cd6f616297a1409306e0587dacd852577096133333d0a621c34d10610f9e1239285f7b4cd8835a7870c9fb5ac0482e73b6208d7e49b908dc56bb9a4618129f90fb1fc16ef2f5f959570b6df334641925c364e4b73fce85551c57303f6f2c7a87b5225c4ed8b639a50cc7bc83ffe4c44a203c3c1e5e709c8d31dc59b1a3bd02e31afb6319b5f333e74fc827d6df2933867479835f14a13e0a0be87a442"], 0xa0}, 0x1, 0x0, 0x0, 0x40070}, 0x0) openat$rfkill(0xffffff9c, &(0x7f0000000040), 0x182, 0x0) openat$nci(0xffffff9c, &(0x7f0000000080), 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x17, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)=[0xffffffffffffffff]}, 0x1) 1m20.773822257s ago: executing program 4 (id=598): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) recvmsg$can_raw(r0, 0x0, 0x40010020) 1m20.517111623s ago: executing program 4 (id=601): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x1b87, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x2, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) 1m14.988420357s ago: executing program 33 (id=584): socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$tty1(0xc, 0x4, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB='`'], 0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setrlimit(0xc, &(0x7f0000000200)={0x3, 0x4}) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}}, 0x800) recvmmsg(r1, &(0x7f0000007700), 0x318, 0xfc0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f0000000ac0)={'filter\x00', 0x102, 0x4, 0x404, 0x0, 0x10c, 0x10c, 0x324, 0x324, 0x324, 0x4, 0x0, {[{{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@link_local, @empty, @remote, @multicast1}}}, {{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@broadcast, @mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0xb}, @multicast2, @empty, 0x9, 0xffffffff}}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {}, {@empty, {[0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'batadv_slave_1\x00', 'ipvlan1\x00'}, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@random="e9fb760d26c0", @multicast1, @broadcast}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x450) setsockopt$RDS_CONG_MONITOR(0xffffffffffffffff, 0x114, 0x6, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000090000000000000000000000000a20000000000a01040000000000000000010000020900010073797a30000000002c000000030a01020000000000000000a770b7c60100fffe0900010073797a30000000000900030073797a30000000002c000000060a010400000000000000000100000008000b4000000008040004800900010073797a3000000000140000001100010000000000000000000000000a8cd6f616297a1409306e0587dacd852577096133333d0a621c34d10610f9e1239285f7b4cd8835a7870c9fb5ac0482e73b6208d7e49b908dc56bb9a4618129f90fb1fc16ef2f5f959570b6df334641925c364e4b73fce85551c57303f6f2c7a87b5225c4ed8b639a50cc7bc83ffe4c44a203c3c1e5e709c8d31dc59b1a3bd02e31afb6319b5f333e74fc827d6df2933867479835f14a13e0a0be87a442"], 0xa0}, 0x1, 0x0, 0x0, 0x40070}, 0x0) openat$rfkill(0xffffff9c, &(0x7f0000000040), 0x182, 0x0) openat$nci(0xffffff9c, &(0x7f0000000080), 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x17, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)=[0xffffffffffffffff]}, 0x1) 1m14.979958411s ago: executing program 4 (id=607): ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x82, 0x3, 0x0, 0x717e387b, 0x40, "1ae34e0626788a22b2fb12dab240794233a5bd", 0x4, 0x2}) ppoll(&(0x7f00000000c0)=[{}], 0x1, 0x0, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r0, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000010000000040100"}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0xf9) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000001c0)=0xd) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000280)=0xb3) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000140)=0x5) 1m11.799961934s ago: executing program 4 (id=615): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x1b87, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x2, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) 1m5.341096389s ago: executing program 4 (id=622): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000210081044e81f782db44", 0xe}], 0x1}, 0x0) r0 = socket$kcm(0x2, 0x5, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x22, &(0x7f0000000000), 0x10) 1m5.088996713s ago: executing program 4 (id=624): write(0xffffffffffffffff, &(0x7f0000000280)="6aa6bcf414c89222141ffd6e3e0fee102e9d9772441fc60ce66d7f1c697456e500d6483dc075eac161fd5e4b93f919bd659621ce33b0de8c9d7a9ce08facf651ff0e07e0097110aa0a993e5b4a0c75b2a3ce02d21a7aea6c05b69e7e948f00d7153d42ead4bdb3eb38c7755129f53424a0144d8a5f673849314c166c2fd393595e12e1fef9a3dba456c1a6b36c74f3d520de6a5841d259e0abfd2297735558b0eb001295f78d7dccc703b154b9cb3052e91713a5f0ca9127ed08eba9a24f4605b0c3be3cdc9bdc8430545b465052fc4cbf360ea070455d691af90ded22f98528ddd64bbd70ba7c103abba61dc95714fcedfcdad372288cf27409731a14c9baaefcfbaacffdc50b353b43b79de31f9db9ab378f464f63fbfb4f0cfa3f7b037077f3069f04501dceabd334ff7fa65bc3847e5fc29a2827f950040d91c5c90192e0b9304cf2740f20b6d84593fa50a5a63b06ef078f86f478e3fde6dc98b64138bdbbb0bb3c594c0518579d26f1e694e5f449a2bf2c3fd37fe1814e3b1de331f6866dc951a9b40b1ac58ab951d046a88e4e870024bc375ee1a9dee616504e12a2e4914960632a3db9b6897f7a10f763939ad309392a31aef396da1de95dbbaddb1eb30537a1cf201f48058421d010650ed8042a906293c477a18ae8c412038bf1880f932b25effe8c06a786ec1522211a8fb2962bd92943ee9d684752ed3e5e8e0023f8c40f7cd97a6071f73cc25fe534d41a05e4bbf2e3063567e6b91051", 0x21d) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8923, &(0x7f0000000480)={'lo\x00', @local}) 50.005505663s ago: executing program 34 (id=624): write(0xffffffffffffffff, &(0x7f0000000280)="6aa6bcf414c89222141ffd6e3e0fee102e9d9772441fc60ce66d7f1c697456e500d6483dc075eac161fd5e4b93f919bd659621ce33b0de8c9d7a9ce08facf651ff0e07e0097110aa0a993e5b4a0c75b2a3ce02d21a7aea6c05b69e7e948f00d7153d42ead4bdb3eb38c7755129f53424a0144d8a5f673849314c166c2fd393595e12e1fef9a3dba456c1a6b36c74f3d520de6a5841d259e0abfd2297735558b0eb001295f78d7dccc703b154b9cb3052e91713a5f0ca9127ed08eba9a24f4605b0c3be3cdc9bdc8430545b465052fc4cbf360ea070455d691af90ded22f98528ddd64bbd70ba7c103abba61dc95714fcedfcdad372288cf27409731a14c9baaefcfbaacffdc50b353b43b79de31f9db9ab378f464f63fbfb4f0cfa3f7b037077f3069f04501dceabd334ff7fa65bc3847e5fc29a2827f950040d91c5c90192e0b9304cf2740f20b6d84593fa50a5a63b06ef078f86f478e3fde6dc98b64138bdbbb0bb3c594c0518579d26f1e694e5f449a2bf2c3fd37fe1814e3b1de331f6866dc951a9b40b1ac58ab951d046a88e4e870024bc375ee1a9dee616504e12a2e4914960632a3db9b6897f7a10f763939ad309392a31aef396da1de95dbbaddb1eb30537a1cf201f48058421d010650ed8042a906293c477a18ae8c412038bf1880f932b25effe8c06a786ec1522211a8fb2962bd92943ee9d684752ed3e5e8e0023f8c40f7cd97a6071f73cc25fe534d41a05e4bbf2e3063567e6b91051", 0x21d) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8923, &(0x7f0000000480)={'lo\x00', @local}) 5.631410852s ago: executing program 1 (id=676): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x1b87, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x2, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) 5.209046706s ago: executing program 2 (id=678): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$sw_sync(0xffffffffffffff9c, 0x0, 0x8040, 0x0) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_SETTRIGGER(r1, 0x40045010, &(0x7f0000000000)=0x6728) write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) close_range(r0, 0xffffffffffffffff, 0x0) 4.962995673s ago: executing program 2 (id=679): openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x800}, 0x50) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) syz_open_dev$vim2m(0x0, 0x0, 0x2) signalfd4(r1, &(0x7f0000000440)={[0x14]}, 0x8, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x3801}, {0x2c}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0xffc0}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x94) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, 0x0) 4.893110706s ago: executing program 1 (id=680): r0 = socket$inet6(0xa, 0x3, 0x3c) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a00000709000100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x4000810) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) setrlimit(0x0, &(0x7f0000000180)={0x6}) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) ioctl$int_out(r2, 0x0, &(0x7f0000000040)) openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendfile(r4, r4, 0x0, 0x200902) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x5000, 0x0, @loopback, 0x5}, 0x1c) syz_extract_tcp_res(&(0x7f0000000580), 0x8147, 0x200) syz_extract_tcp_res(&(0x7f00000005c0), 0xff, 0x1) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x64, 0x30, 0xb, 0x0, 0x0, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x9}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0) 4.755173298s ago: executing program 2 (id=681): socket$netlink(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) socket$inet(0x2, 0x1, 0x100) socket$inet_smc(0x2b, 0x1, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]}) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 3.498554273s ago: executing program 2 (id=682): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x61) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x103080, 0x0) syz_open_dev$usbfs(&(0x7f00000000c0), 0x1, 0x92082) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000000)={0x6, 0x4, &(0x7f0000001a00)=ANY=[@ANYBLOB], &(0x7f0000001a40)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000500)={0x5, 0x5, {0x0}, {}, 0x3c, 0x4b6}) ptrace$PTRACE_SETSIGMASK(0x420b, r4, 0x8, &(0x7f0000000540)={[0x1]}) lsetxattr$trusted_overlay_redirect(0x0, &(0x7f0000000480), 0x0, 0x0, 0x1) r5 = socket$netlink(0x10, 0x3, 0x4) writev(r5, &(0x7f0000000300)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560aff820fffff5bab003a0000002058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100040c100000000100224e0000", 0x58}], 0x1) syz_open_procfs(0x0, &(0x7f0000000580)='stack\x00') r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r6, 0x4038ae7a, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000000000c02000000000000000000000d0000000000005f00a4330b05b81792a507cfe9a9510ecad25e"], 0x0, 0x34}, 0x28) r7 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r7, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x5, 0x5}, 0x28, [0x9, 0x2, 0x18, 0x2, 0x2, 0x400, 0x80000000, 0x0, 0x8, 0x0, 0x6, 0x1, 0xfffffffb, 0x39, 0x747d5e13, 0x800, 0xfffffb9a, 0xfffffffb, 0x0, 0xfffffffb, 0x2004, 0x3, 0x0, 0xf250, 0x80, 0x4800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x10001, 0x1ff, 0x208000, 0x0, 0x3, 0xc, 0x3, 0xba55, 0x8da8, 0x2, 0x200, 0x2, 0x4, 0xe, 0x4, 0x2, 0x6f, 0x8, 0x409, 0x7, 0x199d, 0x6, 0x2, 0x9, 0xffffffff, 0x4, 0x0, 0x1000, 0x5, 0x3d, 0x8, 0xa, 0x5], [0x7, 0x1e, 0x3, 0x8000, 0xfffffffd, 0x3, 0x0, 0x25, 0x7, 0xfffffffc, 0x8, 0x7fff, 0x72c, 0x1c32, 0x3, 0x5, 0x10000, 0x400, 0x7ffd, 0x3, 0x3, 0x297, 0x5, 0x0, 0x981, 0x4, 0x0, 0x3ff, 0x0, 0xfffffffe, 0x8, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x7, 0x1, 0xffffffff, 0x6, 0x200000c, 0x800, 0xffff, 0x6, 0x96, 0xfffffff9, 0x2, 0x0, 0x2, 0x400, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x7, 0x200, 0x3], [0x401, 0x8000c584, 0xffff, 0xcd3, 0x7, 0x1f, 0x404, 0x4, 0x4008, 0xc, 0x7, 0x9, 0xe88, 0x5, 0x80000001, 0x8, 0x3f92, 0x1000, 0x0, 0x10, 0x1, 0xfffffff9, 0x0, 0x1000, 0x80040101, 0x5, 0x4, 0x5, 0x200003, 0x2, 0x5, 0x80, 0x9, 0xf8, 0x10000, 0x0, 0x3, 0x400004, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x9, 0x956, 0x0, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2005, 0x9, 0x4, 0x9cf1, 0x9, 0x20000005, 0x3, 0xd9, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0xffff, 0x3, 0x3, 0x88, 0x2, 0x4000000, 0x6, 0x50, 0x2, 0x763, 0xb, 0x402, 0x1, 0x5, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x3, 0x4, 0xe47, 0x4, 0x3, 0x4, 0x200, 0x2851, 0x3b, 0x20000001, 0x5, 0x5, 0xa80a, 0x65f413f9, 0x4, 0x20008, 0x8a5, 0x86, 0x44, 0x409, 0x6, 0x4, 0x4, 0xe, 0x4, 0xffffffff, 0x8001, 0xffff8a33, 0xfffffff8, 0x401, 0x3, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x101, 0xf, 0xf, 0x136, 0x6]}, 0x45c) ioctl$UI_DEV_SETUP(r7, 0x405c5503, &(0x7f0000000140)={{0x400, 0x7, 0x6}, 'syz1\x00', 0x40}) openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) 3.0479658s ago: executing program 1 (id=683): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x138}}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x22003, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000040), 0x0) socket(0x2d, 0x2, 0x0) 1.731846316s ago: executing program 2 (id=684): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000002340)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4509c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a900d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a3c0db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848022e8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0000000000000000000000000001545f0ec539c3b58facd2f62dc3307a6c91d6b"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r5, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r8, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000440), 0xfd}, 0x2062) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYBLOB='/'], 0x20) 461.354091ms ago: executing program 1 (id=685): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x8002, 0x0, 0x1}, 0x48) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f00000000c0)={r0}, 0xc) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi1\x00', 0x400, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) lsm_list_modules(0x0, &(0x7f0000000000)=0x2, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r2, &(0x7f0000001240)=""/102400, 0x200000, 0x200000) 280.517569ms ago: executing program 1 (id=686): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000003c0), 0x8040, 0x0) r1 = openat$adsp1(0xffffffffffffff9c, 0x0, 0xa0301, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_SETTRIGGER(r1, 0x40045010, &(0x7f0000000000)=0x6728) write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) close_range(r0, 0xffffffffffffffff, 0x0) 161.495084ms ago: executing program 1 (id=687): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f066bbeeb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8c, 0x0) syz_open_dev$cec(&(0x7f0000000080), 0x0, 0xe8c00) io_setup(0x3, &(0x7f0000000180)) 0s ago: executing program 2 (id=688): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x1b87, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x2, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) kernel console output (not intermixed with test programs): [ 92.030274][ T868] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.1.79' (ED25519) to the list of known hosts. [ 97.433410][ T5783] cgroup: Unknown subsys name 'net' [ 97.695227][ T5783] cgroup: Unknown subsys name 'cpuset' [ 97.769090][ T5783] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 100.169517][ T5783] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 103.053401][ T5812] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 103.067626][ T5820] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 103.081028][ T5820] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 103.083683][ T5820] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 103.084918][ T5820] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 103.085997][ T5820] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 103.087558][ T5820] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 103.087872][ T5820] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 103.091602][ T5820] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 103.097200][ T5820] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 103.110275][ T5820] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 103.112033][ T5821] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 103.128100][ T5821] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 103.151897][ T5822] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 103.152092][ T5821] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 103.154821][ T5821] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 103.159384][ T5821] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 103.159816][ T5822] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 103.160668][ T5821] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 103.168653][ T5822] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 103.262796][ T5823] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 103.270266][ T5823] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 103.282760][ T5823] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 103.283962][ T5822] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 103.335993][ T60] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 104.523512][ T5804] chnl_net:caif_netlink_parms(): no params data found [ 104.559348][ T5805] chnl_net:caif_netlink_parms(): no params data found [ 104.736072][ T5803] chnl_net:caif_netlink_parms(): no params data found [ 104.760995][ T5806] chnl_net:caif_netlink_parms(): no params data found [ 104.812318][ T5802] chnl_net:caif_netlink_parms(): no params data found [ 105.111465][ T5804] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.112550][ T5804] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.113419][ T5804] bridge_slave_0: entered allmulticast mode [ 105.115524][ T5804] bridge_slave_0: entered promiscuous mode [ 105.140342][ T5805] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.140955][ T5805] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.141863][ T5805] bridge_slave_0: entered allmulticast mode [ 105.158784][ T5805] bridge_slave_0: entered promiscuous mode [ 105.221719][ T5804] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.221828][ T5804] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.222041][ T5804] bridge_slave_1: entered allmulticast mode [ 105.224309][ T5804] bridge_slave_1: entered promiscuous mode [ 105.240180][ T5805] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.240580][ T5805] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.244222][ T5805] bridge_slave_1: entered allmulticast mode [ 105.256571][ T5805] bridge_slave_1: entered promiscuous mode [ 105.301064][ T5816] Bluetooth: hci2: command tx timeout [ 105.378481][ T5823] Bluetooth: hci1: command tx timeout [ 105.379611][ T60] Bluetooth: hci3: command tx timeout [ 105.379703][ T5823] Bluetooth: hci0: command tx timeout [ 105.379773][ T5816] Bluetooth: hci4: command tx timeout [ 105.484749][ T5803] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.484883][ T5803] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.485076][ T5803] bridge_slave_0: entered allmulticast mode [ 105.487398][ T5803] bridge_slave_0: entered promiscuous mode [ 105.534016][ T5806] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.534153][ T5806] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.534361][ T5806] bridge_slave_0: entered allmulticast mode [ 105.537314][ T5806] bridge_slave_0: entered promiscuous mode [ 105.570786][ T5804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.587031][ T5805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.601953][ T5803] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.602068][ T5803] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.602269][ T5803] bridge_slave_1: entered allmulticast mode [ 105.604567][ T5803] bridge_slave_1: entered promiscuous mode [ 105.606173][ T5802] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.606275][ T5802] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.606417][ T5802] bridge_slave_0: entered allmulticast mode [ 105.614584][ T5802] bridge_slave_0: entered promiscuous mode [ 105.633054][ T5806] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.633330][ T5806] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.633946][ T5806] bridge_slave_1: entered allmulticast mode [ 105.657441][ T5806] bridge_slave_1: entered promiscuous mode [ 105.683996][ T5804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.703727][ T5805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.737488][ T5802] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.737646][ T5802] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.737799][ T5802] bridge_slave_1: entered allmulticast mode [ 105.754542][ T5802] bridge_slave_1: entered promiscuous mode [ 105.917927][ T5803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.949854][ T5806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.953272][ T5804] team0: Port device team_slave_0 added [ 105.955891][ T5805] team0: Port device team_slave_0 added [ 105.967386][ T5803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.984071][ T5802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.001195][ T5806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.014069][ T5804] team0: Port device team_slave_1 added [ 106.025152][ T5805] team0: Port device team_slave_1 added [ 106.050627][ T5802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.194637][ T5803] team0: Port device team_slave_0 added [ 106.220439][ T5806] team0: Port device team_slave_0 added [ 106.221815][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.221829][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 106.221850][ T5804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.224677][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.224695][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 106.224922][ T5805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.323329][ T5803] team0: Port device team_slave_1 added [ 106.336575][ T5802] team0: Port device team_slave_0 added [ 106.351740][ T5806] team0: Port device team_slave_1 added [ 106.362656][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.362714][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 106.362799][ T5804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.367890][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.367935][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 106.368012][ T5805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.464372][ T5802] team0: Port device team_slave_1 added [ 107.091450][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.091464][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 107.091489][ T5803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.161119][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.161140][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 107.161171][ T5806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.167516][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.167530][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 107.167552][ T5803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.174931][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.174989][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 107.175061][ T5802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.186718][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.186781][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 107.186860][ T5806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.389578][ T5816] Bluetooth: hci2: command tx timeout [ 107.409976][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.410000][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 107.410020][ T5802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.459179][ T5816] Bluetooth: hci4: command tx timeout [ 107.459206][ T5823] Bluetooth: hci3: command tx timeout [ 107.469353][ T5816] Bluetooth: hci0: command tx timeout [ 107.469365][ T5823] Bluetooth: hci1: command tx timeout [ 107.550211][ T5804] hsr_slave_0: entered promiscuous mode [ 107.551653][ T5804] hsr_slave_1: entered promiscuous mode [ 107.577465][ T5805] hsr_slave_0: entered promiscuous mode [ 107.588042][ T5805] hsr_slave_1: entered promiscuous mode [ 107.596112][ T5805] debugfs: 'hsr0' already exists in 'hsr' [ 107.596216][ T5805] Cannot create hsr debugfs directory [ 107.738164][ T5803] hsr_slave_0: entered promiscuous mode [ 107.747140][ T5803] hsr_slave_1: entered promiscuous mode [ 107.747910][ T5803] debugfs: 'hsr0' already exists in 'hsr' [ 107.747930][ T5803] Cannot create hsr debugfs directory [ 107.791937][ T5806] hsr_slave_0: entered promiscuous mode [ 107.793500][ T5806] hsr_slave_1: entered promiscuous mode [ 107.794366][ T5806] debugfs: 'hsr0' already exists in 'hsr' [ 107.794388][ T5806] Cannot create hsr debugfs directory [ 107.849728][ T5802] hsr_slave_0: entered promiscuous mode [ 107.850865][ T5802] hsr_slave_1: entered promiscuous mode [ 107.851576][ T5802] debugfs: 'hsr0' already exists in 'hsr' [ 107.851595][ T5802] Cannot create hsr debugfs directory [ 108.947933][ T5804] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 108.984178][ T5804] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 109.019788][ T5804] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 109.081859][ T5804] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 109.251675][ T5805] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 109.294953][ T5805] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 109.329985][ T5805] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 109.386197][ T5805] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 109.460493][ T5816] Bluetooth: hci2: command tx timeout [ 109.539446][ T5816] Bluetooth: hci1: command tx timeout [ 109.539475][ T5823] Bluetooth: hci3: command tx timeout [ 109.539489][ T5816] Bluetooth: hci0: command tx timeout [ 109.539504][ T5823] Bluetooth: hci4: command tx timeout [ 109.547147][ T5803] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 109.616480][ T5803] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 109.676409][ T5803] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 109.723169][ T5803] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 109.875960][ T5806] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 109.933686][ T5806] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 109.987521][ T5806] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 110.050220][ T5806] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 110.247489][ T5804] 8021q: adding VLAN 0 to HW filter on device bond0 [ 110.264691][ T5802] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 110.306663][ T5802] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 110.352359][ T5802] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 110.402142][ T5802] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 110.494918][ T5804] 8021q: adding VLAN 0 to HW filter on device team0 [ 110.552232][ T70] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.552437][ T70] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.597885][ T5805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 110.635552][ T1109] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.635682][ T1109] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.732937][ T5805] 8021q: adding VLAN 0 to HW filter on device team0 [ 110.792821][ T5803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 110.815527][ T1109] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.815711][ T1109] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.883285][ T70] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.883382][ T70] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.965557][ T5803] 8021q: adding VLAN 0 to HW filter on device team0 [ 111.000957][ T5806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.037846][ T3184] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.053898][ T3184] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.120224][ T1227] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.120401][ T1227] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.231333][ T5806] 8021q: adding VLAN 0 to HW filter on device team0 [ 111.288818][ T5802] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.326458][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.326601][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.405549][ T1109] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.406721][ T1109] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.505449][ T5802] 8021q: adding VLAN 0 to HW filter on device team0 [ 111.539692][ T5823] Bluetooth: hci2: command tx timeout [ 111.584639][ T3559] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.584964][ T3559] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.618809][ T5823] Bluetooth: hci0: command tx timeout [ 111.618854][ T5816] Bluetooth: hci4: command tx timeout [ 111.618859][ T5823] Bluetooth: hci3: command tx timeout [ 111.618918][ T60] Bluetooth: hci1: command tx timeout [ 111.662707][ T1227] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.662959][ T1227] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.745524][ T5804] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 112.139109][ T5804] veth0_vlan: entered promiscuous mode [ 112.186590][ T5805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 112.200809][ T5804] veth1_vlan: entered promiscuous mode [ 112.327066][ T5803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 112.486769][ T5804] veth0_macvtap: entered promiscuous mode [ 112.545462][ T5804] veth1_macvtap: entered promiscuous mode [ 112.594092][ T5805] veth0_vlan: entered promiscuous mode [ 112.632036][ T5806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 112.675017][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 112.687486][ T5805] veth1_vlan: entered promiscuous mode [ 112.737158][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 112.794630][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.815584][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.833639][ T5802] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 112.853546][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.878957][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.067965][ T5805] veth0_macvtap: entered promiscuous mode [ 113.137723][ T5806] veth0_vlan: entered promiscuous mode [ 113.173264][ T5805] veth1_macvtap: entered promiscuous mode [ 113.246400][ T5806] veth1_vlan: entered promiscuous mode [ 113.306119][ T3559] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.306147][ T3559] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.376220][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 113.403183][ T5802] veth0_vlan: entered promiscuous mode [ 113.454936][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 113.488637][ T5803] veth0_vlan: entered promiscuous mode [ 113.496721][ T3559] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.496745][ T3559] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.528118][ T3559] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.553923][ T5802] veth1_vlan: entered promiscuous mode [ 113.567098][ T3559] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.580528][ T3559] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.581196][ T3559] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.685591][ T5803] veth1_vlan: entered promiscuous mode [ 113.751326][ T5806] veth0_macvtap: entered promiscuous mode [ 113.833494][ T5806] veth1_macvtap: entered promiscuous mode [ 114.019523][ T5802] veth0_macvtap: entered promiscuous mode [ 114.087143][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 114.094034][ T5802] veth1_macvtap: entered promiscuous mode [ 114.123491][ T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.123516][ T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.150224][ T5803] veth0_macvtap: entered promiscuous mode [ 114.316480][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 114.397333][ T5803] veth1_macvtap: entered promiscuous mode [ 114.467497][ T1227] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.484508][ T5919] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 114.487972][ T1227] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.493610][ T3531] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.493634][ T3531] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.545692][ T1227] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.594533][ T1227] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.610629][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 114.734020][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 114.811608][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 114.853139][ T3559] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.908555][ T3559] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.940404][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 114.946080][ T3559] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.034648][ T3559] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.338555][ T79] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.533894][ T79] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.534825][ T79] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.534897][ T79] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.780888][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.780914][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.786267][ T5934] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 116.892583][ T5936] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9'. [ 117.273777][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.273802][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.632666][ T5942] 9pnet_virtio: no channels available for device syz [ 117.675876][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.675902][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.796941][ T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.796973][ T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.124557][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.124583][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.474708][ T5951] warning: `syz.1.2' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 119.539311][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.539330][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.108520][ T5959] binder_alloc: 5958: binder_alloc_buf, no vma [ 120.146731][ T5957] Zero length message leads to an empty skb [ 122.358468][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 122.451931][ T5974] netlink: 20 bytes leftover after parsing attributes in process `syz.2.15'. [ 124.120500][ T60] block nbd4: Receive control failed (result -32) [ 124.201580][ T5976] nbd4: detected capacity change from 0 to 63 [ 124.225536][ T5980] block nbd4: NBD_DISCONNECT [ 124.225853][ T5980] block nbd4: Send disconnect failed -32 [ 124.225870][ T5980] block nbd4: shutting down sockets [ 124.321342][ T64] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 4 prio class 2 [ 124.321456][ T64] Buffer I/O error on dev nbd4, logical block 0, async page read [ 124.321533][ T64] Buffer I/O error on dev nbd4, logical block 1, async page read [ 124.321554][ T64] Buffer I/O error on dev nbd4, logical block 2, async page read [ 124.321574][ T64] Buffer I/O error on dev nbd4, logical block 3, async page read [ 124.324436][ T5875] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 124.324473][ T5875] Buffer I/O error on dev nbd4, logical block 0, async page read [ 124.324555][ T5875] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 124.324581][ T5875] Buffer I/O error on dev nbd4, logical block 1, async page read [ 124.324638][ T5875] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 124.324664][ T5875] Buffer I/O error on dev nbd4, logical block 2, async page read [ 124.324720][ T5875] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 124.324745][ T5875] Buffer I/O error on dev nbd4, logical block 3, async page read [ 124.324823][ T5875] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 124.324850][ T5875] Buffer I/O error on dev nbd4, logical block 0, async page read [ 124.324905][ T5875] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 124.324931][ T5875] Buffer I/O error on dev nbd4, logical block 1, async page read [ 124.324986][ T5875] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 124.325052][ T5875] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 124.325129][ T5875] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 124.326945][ T5875] ldm_validate_partition_table(): Disk read failed. [ 124.327734][ T5875] Dev nbd4: unable to read RDB block 0 [ 124.339071][ T5875] nbd4: unable to read partition table [ 124.695620][ T5875] ldm_validate_partition_table(): Disk read failed. [ 124.696347][ T5875] Dev nbd4: unable to read RDB block 0 [ 124.697235][ T5875] nbd4: unable to read partition table [ 125.052008][ T5995] netlink: 404 bytes leftover after parsing attributes in process `syz.3.20'. [ 125.052183][ T5995] netlink: 404 bytes leftover after parsing attributes in process `syz.3.20'. [ 126.538574][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 126.748380][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 126.808345][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 127.108317][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 127.198378][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 127.828428][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 127.887131][ T6015] netlink: 2 bytes leftover after parsing attributes in process `syz.1.22'. [ 127.977953][ T6014] netlink: 48 bytes leftover after parsing attributes in process `syz.2.23'. [ 127.981840][ T6014] netlink: 8 bytes leftover after parsing attributes in process `syz.2.23'. [ 128.359451][ T6023] syz.0.25 uses obsolete (PF_INET,SOCK_PACKET) [ 128.368381][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 129.750535][ T6014] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 129.750690][ T6014] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 129.783966][ T6032] fuse: Bad value for 'fd' [ 130.031451][ T6011] block nbd1: shutting down sockets [ 130.190918][ T6014] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 130.315875][ T6014] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 130.315994][ T6014] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 130.449631][ T6014] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 130.587428][ T6014] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 130.587526][ T6014] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 130.803535][ T6014] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 130.919416][ T6014] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 130.939694][ T6014] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 131.056991][ T6014] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 131.174376][ T6014] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 131.174527][ T6014] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 131.312049][ T6014] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 131.778509][ T60] Bluetooth: hci1: command 0x0c1a tx timeout [ 132.351972][ T60] Bluetooth: hci0: command 0x0c1a tx timeout [ 133.348348][ T60] Bluetooth: hci2: command 0x0c1a tx timeout [ 133.348899][ T60] Bluetooth: hci3: command 0x0c1a tx timeout [ 133.847590][ T60] Bluetooth: hci4: command 0x0c1a tx timeout [ 133.860684][ T60] Bluetooth: hci1: command 0x0c1a tx timeout [ 135.658429][ T5812] Bluetooth: hci0: command 0x0c1a tx timeout [ 135.938949][ T60] Bluetooth: hci4: command 0x0c1a tx timeout [ 135.942052][ T5812] Bluetooth: hci1: command 0x0c1a tx timeout [ 136.266624][ T60] Bluetooth: hci2: command 0x0c1a tx timeout [ 136.266848][ T5812] Bluetooth: hci3: command 0x0c1a tx timeout [ 136.569633][ T6060] ªªªªªª5gæ¹Q[Ô: renamed from lo (while UP) [ 136.855981][ T6063] netlink: 396 bytes leftover after parsing attributes in process `syz.0.34'. [ 136.856072][ T6063] netlink: 396 bytes leftover after parsing attributes in process `syz.0.34'. [ 137.382383][ T6067] nbd1: detected capacity change from 0 to 63 [ 137.388898][ T6073] block nbd1: NBD_DISCONNECT [ 137.391249][ T6073] block nbd1: Disconnected due to user request. [ 137.391274][ T6073] block nbd1: shutting down sockets [ 137.404747][ T6077] blk_print_req_error: 135 callbacks suppressed [ 137.404800][ T6077] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 137.404917][ T6077] buffer_io_error: 138 callbacks suppressed [ 137.404961][ T6077] Buffer I/O error on dev nbd1, logical block 0, async page read [ 137.405133][ T6077] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 137.405198][ T6077] Buffer I/O error on dev nbd1, logical block 1, async page read [ 137.405343][ T6077] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 137.405407][ T6077] Buffer I/O error on dev nbd1, logical block 2, async page read [ 137.405545][ T6077] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 137.405602][ T6077] Buffer I/O error on dev nbd1, logical block 3, async page read [ 137.405771][ T6077] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 137.480154][ T6077] Buffer I/O error on dev nbd1, logical block 0, async page read [ 137.480460][ T6077] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 137.480555][ T6077] Buffer I/O error on dev nbd1, logical block 1, async page read [ 137.480706][ T6077] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 137.480779][ T6077] Buffer I/O error on dev nbd1, logical block 2, async page read [ 137.480922][ T6077] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 137.480987][ T6077] Buffer I/O error on dev nbd1, logical block 3, async page read [ 137.481143][ T6077] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 137.481210][ T6077] Buffer I/O error on dev nbd1, logical block 0, async page read [ 137.481350][ T6077] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 137.481427][ T6077] Buffer I/O error on dev nbd1, logical block 1, async page read [ 137.484079][ T6077] ldm_validate_partition_table(): Disk read failed. [ 137.485835][ T6077] Dev nbd1: unable to read RDB block 0 [ 137.488170][ T6077] nbd1: unable to read partition table [ 137.518554][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 137.698380][ T60] Bluetooth: hci0: command 0x0c1a tx timeout [ 137.749311][ T6077] ldm_validate_partition_table(): Disk read failed. [ 137.749996][ T6077] Dev nbd1: unable to read RDB block 0 [ 137.757819][ T6077] nbd1: unable to read partition table [ 137.808497][ T10] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 138.022147][ T60] Bluetooth: hci4: command 0x0c1a tx timeout [ 138.066206][ T10] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 138.066242][ T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 138.066336][ T10] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 138.111673][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.111770][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.142604][ T10] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 138.142639][ T10] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 138.142663][ T10] usb 3-1: Product: syz [ 138.142680][ T10] usb 3-1: Manufacturer: syz [ 138.338892][ T60] Bluetooth: hci3: command 0x0c1a tx timeout [ 138.339018][ T60] Bluetooth: hci2: command 0x0c1a tx timeout [ 138.404084][ T10] cdc_wdm 3-1:1.0: skipping garbage [ 138.404213][ T10] cdc_wdm 3-1:1.0: skipping garbage [ 138.404259][ T10] cdc_wdm 3-1:1.0: probe with driver cdc_wdm failed with error -22 [ 138.664549][ T5810] usb 3-1: USB disconnect, device number 2 [ 138.859777][ T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 139.056132][ T10] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 139.056172][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 139.056202][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 139.056227][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 139.056276][ T10] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 139.056301][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.173701][ T10] usb 5-1: config 0 descriptor?? [ 139.495631][ T6102] netlink: 396 bytes leftover after parsing attributes in process `syz.1.49'. [ 139.496257][ T6102] netlink: 396 bytes leftover after parsing attributes in process `syz.1.49'. [ 139.760793][ T10] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 140.118372][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 141.066183][ T6119] netlink: 12 bytes leftover after parsing attributes in process `syz.1.55'. [ 142.403068][ T60] Bluetooth: hci3: unexpected event 0x03 length: 1 < 11 [ 142.596336][ T6128] netlink: 'syz.0.59': attribute type 3 has an invalid length. [ 142.998869][ T6120] binder: 6118:6120 ioctl 0 200000000040 returned -22 [ 143.626670][ T10] usb 5-1: USB disconnect, device number 2 [ 145.420632][ T6138] vivid-006: kernel_thread() failed [ 145.506842][ T6138] vivid-006: kernel_thread() failed [ 147.593231][ T6145] netlink: 396 bytes leftover after parsing attributes in process `syz.3.62'. [ 147.593317][ T6145] netlink: 396 bytes leftover after parsing attributes in process `syz.3.62'. [ 148.531189][ T6158] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 148.840437][ T60] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11 [ 149.853922][ T6173] vivid-002: kernel_thread() failed [ 149.942809][ T6173] vivid-002: kernel_thread() failed [ 151.758788][ T6185] netlink: 396 bytes leftover after parsing attributes in process `syz.4.75'. [ 151.758892][ T6185] netlink: 396 bytes leftover after parsing attributes in process `syz.4.75'. [ 151.815485][ T6186] netlink: 8 bytes leftover after parsing attributes in process `syz.0.79'. [ 152.409358][ T60] Bluetooth: hci3: unexpected event 0x03 length: 1 < 11 [ 154.718822][ T6211] vivid-006: kernel_thread() failed [ 154.807789][ T6211] vivid-006: kernel_thread() failed [ 157.131295][ T6232] netlink: 8 bytes leftover after parsing attributes in process `syz.3.93'. [ 157.410109][ T6234] binder: BINDER_SET_CONTEXT_MGR already set [ 157.410122][ T6234] binder: 6233:6234 ioctl 4018620d 200000004a80 returned -16 [ 157.691496][ T6236] netlink: 396 bytes leftover after parsing attributes in process `syz.3.95'. [ 157.691568][ T6236] netlink: 396 bytes leftover after parsing attributes in process `syz.3.95'. [ 157.757314][ T60] Bluetooth: hci1: unexpected event for opcode 0x1005 [ 158.204270][ T60] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11 [ 160.683552][ T6257] vivid-004: kernel_thread() failed [ 160.769081][ T6257] vivid-004: kernel_thread() failed [ 162.220864][ T6261] netlink: 'syz.4.103': attribute type 3 has an invalid length. [ 163.590689][ T6279] netlink: 396 bytes leftover after parsing attributes in process `syz.2.109'. [ 163.590787][ T6279] netlink: 396 bytes leftover after parsing attributes in process `syz.2.109'. [ 165.521014][ T6299] netlink: 'syz.2.117': attribute type 3 has an invalid length. [ 168.406958][ T6316] netlink: 396 bytes leftover after parsing attributes in process `syz.3.122'. [ 168.407048][ T6316] netlink: 396 bytes leftover after parsing attributes in process `syz.3.122'. [ 171.830994][ T6336] netlink: 'syz.3.128': attribute type 3 has an invalid length. [ 173.550507][ T6355] vivid-008: kernel_thread() failed [ 173.629729][ T6355] vivid-008: kernel_thread() failed [ 175.585915][ T6366] netlink: 396 bytes leftover after parsing attributes in process `syz.2.136'. [ 175.585988][ T6366] netlink: 396 bytes leftover after parsing attributes in process `syz.2.136'. [ 177.245593][ T6374] ªªªªªª: renamed from lo (while UP) [ 177.377826][ T6377] netlink: 56 bytes leftover after parsing attributes in process `syz.2.142'. [ 177.740479][ T6386] netlink: 4 bytes leftover after parsing attributes in process `syz.2.146'. [ 177.833733][ T6386] dummy0: entered promiscuous mode [ 177.834453][ T6386] macvtap1: entered promiscuous mode [ 177.834709][ T6386] macvtap1: entered allmulticast mode [ 177.834726][ T6386] dummy0: entered allmulticast mode [ 178.255204][ T6396] netlink: 396 bytes leftover after parsing attributes in process `syz.0.150'. [ 178.255295][ T6396] netlink: 396 bytes leftover after parsing attributes in process `syz.0.150'. [ 182.799238][ T6419] netlink: 56 bytes leftover after parsing attributes in process `syz.1.155'. [ 182.847196][ T6421] binder: 6420:6421 ioctl 4018620d 0 returned -22 [ 185.126753][ T6444] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 185.127792][ T6444] batadv_slave_0: entered promiscuous mode [ 185.127811][ T6444] batadv_slave_0: entered allmulticast mode [ 185.561100][ T6451] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 185.561133][ T6451] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 185.564825][ T6451] vhci_hcd vhci_hcd.0: Device attached [ 185.822628][ T6452] vhci_hcd: connection closed [ 185.834060][ T5971] vhci_hcd vhci_hcd.0: stop threads [ 185.836709][ T5971] vhci_hcd vhci_hcd.0: release socket [ 185.836787][ T5971] vhci_hcd vhci_hcd.0: disconnect device [ 187.799765][ T6463] netlink: 56 bytes leftover after parsing attributes in process `syz.2.169'. [ 188.069307][ T6467] binder: 6466:6467 ioctl 4018620d 0 returned -22 [ 190.477187][ T6486] faux_driver vkms: [drm] Unknown color mode 6; guessing buffer size. [ 191.490095][ T6491] netlink: 24 bytes leftover after parsing attributes in process `syz.3.179'. [ 193.678458][ T6499] binder: 6498:6499 ioctl 4018620d 0 returned -22 [ 196.503620][ T60] Bluetooth: hci1: unexpected event for opcode 0x0804 [ 196.809472][ T6529] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 198.586035][ T6541] binder: 6540:6541 ioctl c0306201 0 returned -14 [ 200.603245][ T60] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 200.644107][ T60] Bluetooth: hci1: Injecting HCI hardware error event [ 200.674548][ T5812] Bluetooth: hci1: hardware error 0x00 [ 202.398535][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 202.398620][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 202.818922][ T5812] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 204.113020][ T6554] could not allocate digest TFM handle sha256-neon [ 205.041337][ T6568] Illegal XDP return value 32768 on prog (id 19) dev syz_tun, expect packet loss! [ 206.539383][ T6579] loop5: detected capacity change from 0 to 7 [ 206.677107][ T6579] Dev loop5: unable to read RDB block 7 [ 206.677465][ T6579] loop5: AHDI p1 [ 206.677512][ T6579] loop5: partition table partially beyond EOD, truncated [ 206.888482][ T10] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 207.071473][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 207.077205][ T10] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 207.077244][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 48, changing to 9 [ 207.077274][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 24624, setting to 1024 [ 207.159055][ T10] usb 3-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 207.159091][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.159116][ T10] usb 3-1: Product: syz [ 207.159132][ T10] usb 3-1: Manufacturer: syz [ 207.159148][ T10] usb 3-1: SerialNumber: syz [ 207.230986][ T10] usb 3-1: config 0 descriptor?? [ 207.653485][ T10] rc_core: IR keymap rc-streamzap not found [ 207.653510][ T10] Registered IR keymap rc-empty [ 207.785710][ T10] rc rc0: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 207.949028][ T10] input: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input9 [ 209.973185][ T10] usb 3-1: USB disconnect, device number 3 [ 210.621335][ T6620] netlink: 4 bytes leftover after parsing attributes in process `syz.2.219'. [ 210.938827][ T6628] loop5: detected capacity change from 0 to 7 [ 210.965490][ T6628] Dev loop5: unable to read RDB block 7 [ 210.965517][ T6628] loop5: AHDI p1 [ 210.965547][ T6628] loop5: partition table partially beyond EOD, truncated [ 213.647401][ T6657] netlink: 4 bytes leftover after parsing attributes in process `syz.1.234'. [ 213.862677][ T6662] loop5: detected capacity change from 0 to 7 [ 213.899139][ T6662] Dev loop5: unable to read RDB block 7 [ 213.899175][ T6662] loop5: AHDI p1 [ 213.899207][ T6662] loop5: partition table partially beyond EOD, truncated [ 214.207253][ T6667] netlink: 52 bytes leftover after parsing attributes in process `syz.0.240'. [ 214.895993][ T6667] netlink: 72 bytes leftover after parsing attributes in process `syz.0.240'. [ 214.967009][ T6675] netlink: 2 bytes leftover after parsing attributes in process `syz.2.237'. [ 217.183180][ T6700] netlink: 4 bytes leftover after parsing attributes in process `syz.0.249'. [ 220.061070][ T6674] block nbd2: shutting down sockets [ 225.127057][ T5812] Bluetooth: hci3: unexpected event for opcode 0x0c12 [ 226.346179][ T6743] netlink: 4 bytes leftover after parsing attributes in process `syz.0.263'. [ 231.262485][ T6775] binder: 6774:6775 ioctl 0 0 returned -22 [ 231.371765][ T6777] netlink: 4 bytes leftover after parsing attributes in process `syz.1.274'. [ 233.544286][ T38] audit: type=1800 audit(1770744513.912:2): pid=6808 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.285" name="bus" dev="overlay" ino=353 res=0 errno=0 [ 233.704340][ T38] audit: type=1804 audit(1770744514.062:3): pid=6808 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.285" name="/newroot/64/bus/file0" dev="overlay" ino=354 res=1 errno=0 [ 234.643545][ T6808] evm: overlay not supported [ 234.925970][ T6816] netlink: 4 bytes leftover after parsing attributes in process `syz.3.288'. [ 234.965745][ T6816] team_slave_0: entered promiscuous mode [ 234.965801][ T6816] team_slave_1: entered promiscuous mode [ 234.966072][ T6816] macvtap1: entered promiscuous mode [ 234.966083][ T6816] team0: entered promiscuous mode [ 234.966560][ T6816] macvtap1: entered allmulticast mode [ 234.966570][ T6816] team0: entered allmulticast mode [ 234.966579][ T6816] team_slave_0: entered allmulticast mode [ 234.966592][ T6816] team_slave_1: entered allmulticast mode [ 234.967938][ T6816] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 237.928432][ T5817] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 238.158383][ T5817] usb 1-1: Using ep0 maxpacket: 8 [ 238.163260][ T5817] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 238.163297][ T5817] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 48, changing to 9 [ 238.163326][ T5817] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 24624, setting to 1024 [ 238.282879][ T5817] usb 1-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 238.282917][ T5817] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.282933][ T5817] usb 1-1: Product: syz [ 238.282943][ T5817] usb 1-1: Manufacturer: syz [ 238.282954][ T5817] usb 1-1: SerialNumber: syz [ 238.381315][ T5817] usb 1-1: config 0 descriptor?? [ 238.558911][ T5817] rc_core: IR keymap rc-streamzap not found [ 238.558934][ T5817] Registered IR keymap rc-empty [ 238.563099][ T5817] rc rc0: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 238.601183][ T5817] input: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input10 [ 238.838438][ T5817] usb 1-1: USB disconnect, device number 2 [ 239.702825][ T38] audit: type=1800 audit(1770744520.072:4): pid=6861 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.305" name="bus" dev="overlay" ino=376 res=0 errno=0 [ 242.079016][ T6875] netlink: 2 bytes leftover after parsing attributes in process `syz.3.306'. [ 243.115479][ T6869] block nbd3: shutting down sockets [ 243.330467][ T6875] uprobe: syz.3.306:6875 failed to unregister, leaking uprobe [ 247.530137][ T6931] netlink: 24 bytes leftover after parsing attributes in process `syz.0.327'. [ 248.728525][ T38] audit: type=1800 audit(1770744529.082:5): pid=6935 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.330" name="bus" dev="overlay" ino=405 res=0 errno=0 [ 249.609057][ T6953] netlink: 2 bytes leftover after parsing attributes in process `syz.0.332'. [ 251.380244][ T6950] block nbd0: shutting down sockets [ 252.164360][ T6971] netlink: 24 bytes leftover after parsing attributes in process `syz.2.338'. [ 253.295818][ T38] audit: type=1800 audit(1770744533.632:6): pid=6980 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.345" name="bus" dev="overlay" ino=419 res=0 errno=0 [ 256.740096][ T7005] netlink: 24 bytes leftover after parsing attributes in process `syz.2.350'. [ 257.830175][ T7007] netlink: 24 bytes leftover after parsing attributes in process `syz.1.352'. [ 258.875521][ T7018] netlink: 2 bytes leftover after parsing attributes in process `syz.3.351'. [ 259.808617][ T7022] block nbd3: shutting down sockets [ 263.369244][ T7067] netlink: 12 bytes leftover after parsing attributes in process `syz.4.368'. [ 266.129811][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 266.129891][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 270.191291][ T7109] netlink: 24 bytes leftover after parsing attributes in process `syz.0.381'. [ 271.123893][ T7103] netlink: 2 bytes leftover after parsing attributes in process `syz.3.379'. [ 271.587931][ T38] audit: type=1800 audit(1770744551.922:7): pid=7117 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.388" name="bus" dev="overlay" ino=422 res=0 errno=0 [ 271.588004][ T38] audit: type=1804 audit(1770744551.932:8): pid=7117 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.388" name="/newroot/76/bus/file0" dev="overlay" ino=423 res=1 errno=0 [ 271.588056][ T38] audit: type=1804 audit(1770744551.942:9): pid=7117 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.4.388" name="/newroot/76/bus/file0" dev="overlay" ino=423 res=1 errno=0 [ 272.996245][ T7101] block nbd3: shutting down sockets [ 273.245357][ T7135] overlayfs: missing 'lowerdir' [ 274.872111][ T7152] netlink: 12 bytes leftover after parsing attributes in process `syz.0.396'. [ 275.590929][ T7158] netlink: 24 bytes leftover after parsing attributes in process `syz.2.398'. [ 278.100832][ T38] audit: type=1804 audit(1770744558.482:10): pid=7172 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.399" name="/newroot/78/bus/file0" dev="overlay" ino=445 res=1 errno=0 [ 278.226853][ T38] audit: type=1804 audit(1770744558.482:11): pid=7165 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.4.399" name="/newroot/78/bus/file0" dev="overlay" ino=445 res=1 errno=0 [ 280.972623][ T7199] syz.4.410 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 282.567949][ T7207] netlink: 24 bytes leftover after parsing attributes in process `syz.2.411'. [ 283.940528][ T7214] netlink: 8 bytes leftover after parsing attributes in process `syz.2.414'. [ 284.195078][ T7214] netlink: 8 bytes leftover after parsing attributes in process `syz.2.414'. [ 284.209643][ T7214] netlink: 8 bytes leftover after parsing attributes in process `syz.2.414'. [ 285.348986][ T7214] netlink: 8 bytes leftover after parsing attributes in process `syz.2.414'. [ 285.889265][ T7223] netlink: 4 bytes leftover after parsing attributes in process `syz.4.417'. [ 285.912669][ T7223] team_slave_0: entered promiscuous mode [ 285.912710][ T7223] team_slave_1: entered promiscuous mode [ 285.912903][ T7223] macvtap1: entered promiscuous mode [ 285.912913][ T7223] team0: entered promiscuous mode [ 285.913432][ T7223] macvtap1: entered allmulticast mode [ 285.913442][ T7223] team0: entered allmulticast mode [ 285.913450][ T7223] team_slave_0: entered allmulticast mode [ 285.913463][ T7223] team_slave_1: entered allmulticast mode [ 285.914617][ T7223] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 290.842844][ T7253] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 290.842876][ T7253] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 290.868353][ T7253] vhci_hcd vhci_hcd.0: Device attached [ 290.873583][ T7254] vhci_hcd: connection closed [ 290.919356][ T79] vhci_hcd vhci_hcd.4: stop threads [ 290.919378][ T79] vhci_hcd vhci_hcd.4: release socket [ 290.919410][ T79] vhci_hcd vhci_hcd.4: disconnect device [ 291.319064][ T38] audit: type=1326 audit(1770744571.682:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7257 comm="syz.3.428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf2c5bbf79 code=0x7ffc0000 [ 291.325543][ T38] audit: type=1326 audit(1770744571.702:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7257 comm="syz.3.428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf2c5bbf79 code=0x7ffc0000 [ 291.389401][ T38] audit: type=1326 audit(1770744571.762:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7257 comm="syz.3.428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fcf2c5bbf79 code=0x7ffc0000 [ 291.392754][ T38] audit: type=1326 audit(1770744571.762:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7257 comm="syz.3.428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf2c5bbf79 code=0x7ffc0000 [ 291.392800][ T38] audit: type=1326 audit(1770744571.762:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7257 comm="syz.3.428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf2c5bbf79 code=0x7ffc0000 [ 291.392833][ T38] audit: type=1326 audit(1770744571.762:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7257 comm="syz.3.428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7fcf2c5bbf79 code=0x7ffc0000 [ 291.392865][ T38] audit: type=1326 audit(1770744571.762:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7257 comm="syz.3.428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf2c5bbf79 code=0x7ffc0000 [ 291.392897][ T38] audit: type=1326 audit(1770744571.762:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7257 comm="syz.3.428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf2c5bbf79 code=0x7ffc0000 [ 291.392930][ T38] audit: type=1326 audit(1770744571.762:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7257 comm="syz.3.428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=200 compat=0 ip=0x7fcf2c5bbf79 code=0x7ffc0000 [ 291.392961][ T38] audit: type=1326 audit(1770744571.762:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7257 comm="syz.3.428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf2c5bbf79 code=0x7ffc0000 [ 292.004883][ T7268] netlink: 2 bytes leftover after parsing attributes in process `syz.0.427'. [ 293.551152][ T7276] netlink: 12 bytes leftover after parsing attributes in process `syz.4.430'. [ 294.474906][ T7280] netlink: 12 bytes leftover after parsing attributes in process `syz.1.431'. [ 297.570512][ T7298] netlink: 12 bytes leftover after parsing attributes in process `syz.2.434'. [ 299.045153][ T7311] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 299.069727][ T7311] batadv_slave_0: entered promiscuous mode [ 299.069752][ T7311] batadv_slave_0: entered allmulticast mode [ 299.418560][ T7265] block nbd0: shutting down sockets [ 300.111506][ T7300] binder: 7296:7300 ioctl 0 200000000040 returned -22 [ 300.789366][ T7330] netlink: 12 bytes leftover after parsing attributes in process `syz.3.442'. [ 302.237022][ T7336] tipc: Started in network mode [ 302.237458][ T7336] tipc: Node identity fffffffa, cluster identity 4711 [ 302.237481][ T7336] tipc: Node number set to 4294967290 [ 302.566798][ T7342] netlink: 48 bytes leftover after parsing attributes in process `syz.2.445'. [ 303.832475][ T7342] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 303.832827][ T7342] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 303.832958][ T7342] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 303.833013][ T7342] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 304.054576][ T7342] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 304.054643][ T7342] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 304.901138][ T7350] netlink: 12 bytes leftover after parsing attributes in process `syz.1.447'. [ 306.063117][ T60] Bluetooth: hci3: command 0x0c1a tx timeout [ 306.063168][ T60] Bluetooth: hci2: command 0x0c1a tx timeout [ 306.063201][ T60] Bluetooth: hci0: command 0x0c1a tx timeout [ 306.098590][ T60] Bluetooth: hci4: command 0x0c1a tx timeout [ 307.050248][ T7370] netlink: 24 bytes leftover after parsing attributes in process `syz.4.452'. [ 308.098453][ T5812] Bluetooth: hci3: command 0x0c1a tx timeout [ 308.229587][ T5812] Bluetooth: hci4: command 0x0c1a tx timeout [ 308.442015][ T7376] netlink: 2 bytes leftover after parsing attributes in process `syz.2.453'. [ 308.542228][ T7377] netlink: 12 bytes leftover after parsing attributes in process `syz.0.455'. [ 309.449554][ T7393] netlink: 12 bytes leftover after parsing attributes in process `syz.1.459'. [ 309.831882][ T7397] netlink: 24 bytes leftover after parsing attributes in process `syz.4.460'. [ 311.701251][ T7380] binder: 7375:7380 ioctl 0 200000000040 returned -22 [ 318.277844][ T7420] netlink: 12 bytes leftover after parsing attributes in process `syz.4.467'. [ 320.502617][ T7448] binder: 7419:7448 ioctl 0 200000000040 returned -22 [ 321.090716][ T7453] netlink: 12 bytes leftover after parsing attributes in process `syz.0.475'. [ 321.231354][ T7457] netlink: 12 bytes leftover after parsing attributes in process `syz.1.476'. [ 322.482896][ T7466] netlink: 2 bytes leftover after parsing attributes in process `syz.3.478'. [ 323.558764][ T7471] binder: 7452:7471 ioctl 0 200000000040 returned -22 [ 323.919683][ T7474] netlink: 4 bytes leftover after parsing attributes in process `syz.4.480'. [ 324.082411][ T7474] macvtap2: entered promiscuous mode [ 324.082643][ T7474] macvtap2: entered allmulticast mode [ 324.118546][ T7474] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 326.572924][ T7500] netlink: 12 bytes leftover after parsing attributes in process `syz.0.489'. [ 327.545533][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 327.545603][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 328.499138][ T7516] binder: 7498:7516 ioctl 0 200000000040 returned -22 [ 329.399100][ T7524] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 329.587685][ T7524] netlink: 16 bytes leftover after parsing attributes in process `syz.3.495'. [ 330.785149][ T7542] netlink: 12 bytes leftover after parsing attributes in process `syz.1.498'. [ 332.036484][ T7549] netlink: 2 bytes leftover after parsing attributes in process `syz.4.501'. [ 334.560859][ T7561] netlink: 12 bytes leftover after parsing attributes in process `syz.2.506'. [ 336.354182][ T7568] binder: 7560:7568 ioctl 0 200000000040 returned -22 [ 337.213545][ T7574] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 345.848866][ T7615] netlink: 2 bytes leftover after parsing attributes in process `syz.2.519'. [ 345.918690][ T7612] netlink: 12 bytes leftover after parsing attributes in process `syz.4.517'. [ 346.115393][ T7617] netlink: 12 bytes leftover after parsing attributes in process `syz.1.521'. [ 346.733836][ T7618] binder: 7616:7618 ioctl 0 200000000040 returned -22 [ 353.612503][ T60] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 353.635963][ T60] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 353.638728][ T60] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 353.652289][ T60] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 353.688652][ T60] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 354.947273][ T7652] netlink: 12 bytes leftover after parsing attributes in process `syz.1.533'. [ 355.778919][ T60] Bluetooth: hci5: command tx timeout [ 357.859295][ T60] Bluetooth: hci5: command tx timeout [ 359.000974][ T7660] syz.2.535 (7660) used greatest stack depth: 18656 bytes left [ 361.461109][ T60] Bluetooth: hci5: command tx timeout [ 361.716794][ T6611] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.480744][ T7698] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.544' sets config #0 [ 362.481522][ T7698] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.544' sets config #1 [ 363.384635][ T7704] netlink: 8 bytes leftover after parsing attributes in process `syz.2.547'. [ 363.545467][ T60] Bluetooth: hci5: command tx timeout [ 365.730145][ T6611] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.893891][ T7734] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 365.894141][ T7734] block device autoloading is deprecated and will be removed. [ 366.176261][ T5817] libceph: connect (1)[c::]:6789 error -101 [ 366.177007][ T5817] libceph: mon0 (1)[c::]:6789 connect error [ 366.254320][ T5817] libceph: connect (1)[c::]:6789 error -101 [ 366.254542][ T5817] libceph: mon0 (1)[c::]:6789 connect error [ 366.300859][ T7737] ceph: No mds server is up or the cluster is laggy [ 366.512257][ T5817] libceph: connect (1)[c::]:6789 error -101 [ 366.512479][ T5817] libceph: mon0 (1)[c::]:6789 connect error [ 366.936266][ T6611] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.592484][ T7640] chnl_net:caif_netlink_parms(): no params data found [ 368.512503][ T6611] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.765983][ T7771] netlink: 8 bytes leftover after parsing attributes in process `syz.1.560'. [ 371.424265][ T7640] bridge0: port 1(bridge_slave_0) entered blocking state [ 371.425342][ T7640] bridge0: port 1(bridge_slave_0) entered disabled state [ 371.425694][ T7640] bridge_slave_0: entered allmulticast mode [ 371.488695][ T7640] bridge_slave_0: entered promiscuous mode [ 371.603432][ T7640] bridge0: port 2(bridge_slave_1) entered blocking state [ 371.624180][ T7640] bridge0: port 2(bridge_slave_1) entered disabled state [ 371.624399][ T7640] bridge_slave_1: entered allmulticast mode [ 371.732033][ T7640] bridge_slave_1: entered promiscuous mode [ 372.621834][ T7810] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 372.621867][ T7810] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 372.641039][ T7811] netlink: 8 bytes leftover after parsing attributes in process `syz.2.572'. [ 372.644517][ T7811] netlink: 8 bytes leftover after parsing attributes in process `syz.2.572'. [ 372.644834][ T7811] netlink: 8 bytes leftover after parsing attributes in process `syz.2.572'. [ 372.645066][ T7811] netlink: 8 bytes leftover after parsing attributes in process `syz.2.572'. [ 372.706175][ T7810] vhci_hcd vhci_hcd.0: Device attached [ 372.733302][ T7814] vhci_hcd: connection closed [ 372.811284][ T12] vhci_hcd vhci_hcd.1: stop threads [ 372.811313][ T12] vhci_hcd vhci_hcd.1: release socket [ 372.811348][ T12] vhci_hcd vhci_hcd.1: disconnect device [ 373.051963][ T6611] bridge_slave_1: left allmulticast mode [ 373.052136][ T6611] bridge_slave_1: left promiscuous mode [ 373.055059][ T6611] bridge0: port 2(bridge_slave_1) entered disabled state [ 375.022170][ T6611] bridge_slave_0: left allmulticast mode [ 375.022205][ T6611] bridge_slave_0: left promiscuous mode [ 375.022469][ T6611] bridge0: port 1(bridge_slave_0) entered disabled state [ 379.729299][ T7855] netlink: 24 bytes leftover after parsing attributes in process `syz.4.583'. [ 383.393030][ T6028] IPVS: starting estimator thread 0... [ 383.498654][ T7875] IPVS: using max 7 ests per chain, 16800 per kthread [ 387.656808][ T7896] netlink: 24 bytes leftover after parsing attributes in process `syz.2.595'. [ 389.006845][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 389.006923][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 389.709275][ T6611] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 392.079337][ T6611] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 392.725779][ T6611] bond0 (unregistering): Released all slaves [ 392.883043][ T7640] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 392.919383][ T7854] netlink: 8 bytes leftover after parsing attributes in process `syz.3.584'. [ 392.960163][ T7640] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 393.443797][ T7924] netlink: 24 bytes leftover after parsing attributes in process `syz.2.605'. [ 395.081873][ T7640] team0: Port device team_slave_0 added [ 395.100175][ T7640] team0: Port device team_slave_1 added [ 395.497424][ T7640] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 395.497449][ T7640] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 395.497475][ T7640] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 395.636896][ T7640] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 395.636917][ T7640] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 395.636947][ T7640] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 395.772986][ T5812] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 395.832305][ T5812] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 395.845496][ T5812] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 395.859709][ T5812] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 395.868623][ T5812] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 398.124713][ T7640] hsr_slave_0: entered promiscuous mode [ 398.126304][ T7640] hsr_slave_1: entered promiscuous mode [ 398.127341][ T7640] debugfs: 'hsr0' already exists in 'hsr' [ 398.127369][ T7640] Cannot create hsr debugfs directory [ 398.608355][ T60] Bluetooth: hci0: command tx timeout [ 398.763968][ T7982] netlink: 24 bytes leftover after parsing attributes in process `syz.2.616'. [ 402.635102][ T60] Bluetooth: hci0: command tx timeout [ 404.666827][ T60] Bluetooth: hci0: command tx timeout [ 404.708461][ T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 404.870257][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 404.874339][ T9] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 404.874412][ T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 404.874437][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 404.874464][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 404.874489][ T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 404.874552][ T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 404.874579][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.198502][ T6611] hsr_slave_0: left promiscuous mode [ 405.200197][ T9] usb 3-1: GET_CAPABILITIES returned 0 [ 405.200260][ T9] usbtmc 3-1:16.0: can't read capabilities [ 405.250317][ T6611] hsr_slave_1: left promiscuous mode [ 405.275787][ T6611] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 405.275950][ T6611] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 405.320810][ T6611] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 405.320844][ T6611] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 405.447564][ T9] usb 3-1: USB disconnect, device number 4 [ 405.554763][ T6611] veth1_macvtap: left promiscuous mode [ 405.555110][ T6611] veth0_macvtap: left promiscuous mode [ 405.555368][ T6611] veth1_vlan: left promiscuous mode [ 405.580609][ T6611] veth0_vlan: left promiscuous mode [ 408.288348][ T60] Bluetooth: hci0: command tx timeout [ 409.432414][ T8019] netlink: 24 bytes leftover after parsing attributes in process `syz.2.626'. [ 412.595675][ T5812] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 412.610330][ T5812] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 412.612471][ T5812] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 412.614692][ T5812] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 412.615619][ T5812] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 413.760940][ T8032] netlink: 'syz.1.629': attribute type 1 has an invalid length. [ 413.760970][ T8032] netlink: 224 bytes leftover after parsing attributes in process `syz.1.629'. [ 414.738356][ T60] Bluetooth: hci3: command tx timeout [ 416.818332][ T60] Bluetooth: hci3: command tx timeout [ 417.599569][ T6611] team0 (unregistering): Port device team_slave_1 removed [ 417.829336][ T6611] team0 (unregistering): Port device team_slave_0 removed [ 418.928363][ T60] Bluetooth: hci3: command tx timeout [ 419.905991][ T5812] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 419.990570][ T5812] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 420.012010][ T5812] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 420.013849][ T5812] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 420.014843][ T5812] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 420.609914][ T8009] ªªªªªª5gæ¹Q: renamed from lo (while UP) [ 420.982964][ T60] Bluetooth: hci3: command tx timeout [ 422.178411][ T60] Bluetooth: hci6: command tx timeout [ 422.996198][ T8060] netlink: 24 bytes leftover after parsing attributes in process `syz.1.635'. [ 424.265510][ T60] Bluetooth: hci6: command tx timeout [ 424.756701][ T8075] netlink: 24 bytes leftover after parsing attributes in process `syz.1.636'. [ 427.113644][ T60] Bluetooth: hci6: command tx timeout [ 428.209681][ T7945] chnl_net:caif_netlink_parms(): no params data found [ 429.208269][ T60] Bluetooth: hci6: command tx timeout [ 430.485114][ T8042] chnl_net:caif_netlink_parms(): no params data found [ 430.906303][ T8103] netlink: 'syz.2.640': attribute type 1 has an invalid length. [ 430.906334][ T8103] netlink: 224 bytes leftover after parsing attributes in process `syz.2.640'. [ 436.207889][ T7945] bridge0: port 1(bridge_slave_0) entered blocking state [ 436.208105][ T7945] bridge0: port 1(bridge_slave_0) entered disabled state [ 436.221682][ T7945] bridge_slave_0: entered allmulticast mode [ 437.209235][ T7945] bridge_slave_0: entered promiscuous mode [ 437.244038][ T7945] bridge0: port 2(bridge_slave_1) entered blocking state [ 437.244175][ T7945] bridge0: port 2(bridge_slave_1) entered disabled state [ 437.244449][ T7945] bridge_slave_1: entered allmulticast mode [ 437.248532][ T7945] bridge_slave_1: entered promiscuous mode [ 438.686017][ T56] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.897424][ T8025] chnl_net:caif_netlink_parms(): no params data found [ 438.928617][ T8134] netlink: 'syz.1.649': attribute type 1 has an invalid length. [ 438.928641][ T8134] netlink: 224 bytes leftover after parsing attributes in process `syz.1.649'. [ 439.306358][ T8141] netlink: 12 bytes leftover after parsing attributes in process `syz.1.651'. [ 439.361481][ T56] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 439.443273][ T7945] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 441.586509][ T7945] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 441.807517][ T8141] binder: 8140:8141 ioctl 0 200000000040 returned -22 [ 442.371738][ T56] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.459373][ T8042] bridge0: port 1(bridge_slave_0) entered blocking state [ 442.459516][ T8042] bridge0: port 1(bridge_slave_0) entered disabled state [ 442.459783][ T8042] bridge_slave_0: entered allmulticast mode [ 442.462820][ T8042] bridge_slave_0: entered promiscuous mode [ 442.598613][ T8042] bridge0: port 2(bridge_slave_1) entered blocking state [ 442.598709][ T8042] bridge0: port 2(bridge_slave_1) entered disabled state [ 442.598933][ T8042] bridge_slave_1: entered allmulticast mode [ 442.600913][ T8042] bridge_slave_1: entered promiscuous mode [ 442.615260][ T7945] team0: Port device team_slave_0 added [ 442.823829][ T7945] team0: Port device team_slave_1 added [ 443.255119][ T56] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.531031][ T8042] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 443.606448][ T8025] bridge0: port 1(bridge_slave_0) entered blocking state [ 443.611636][ T8025] bridge0: port 1(bridge_slave_0) entered disabled state [ 443.612367][ T8025] bridge_slave_0: entered allmulticast mode [ 443.653479][ T8025] bridge_slave_0: entered promiscuous mode [ 443.674949][ T8042] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 443.686173][ T7945] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 443.686227][ T7945] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 443.686306][ T7945] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 443.691401][ T8025] bridge0: port 2(bridge_slave_1) entered blocking state [ 443.691786][ T8025] bridge0: port 2(bridge_slave_1) entered disabled state [ 443.692388][ T8025] bridge_slave_1: entered allmulticast mode [ 443.732895][ T8025] bridge_slave_1: entered promiscuous mode [ 443.911964][ T7945] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 443.911985][ T7945] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 443.912016][ T7945] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 444.331162][ T8042] team0: Port device team_slave_0 added [ 444.486037][ T8042] team0: Port device team_slave_1 added [ 444.502367][ T8025] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 446.083487][ T8025] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 447.189818][ T8186] netlink: 12 bytes leftover after parsing attributes in process `syz.2.659'. [ 447.244330][ T8042] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 447.244351][ T8042] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 447.244382][ T8042] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 447.346920][ T8042] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 447.346944][ T8042] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 447.346975][ T8042] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 447.416764][ T7945] hsr_slave_0: entered promiscuous mode [ 447.434578][ T7945] hsr_slave_1: entered promiscuous mode [ 447.460916][ T8025] team0: Port device team_slave_0 added [ 447.561692][ T8025] team0: Port device team_slave_1 added [ 448.036540][ T8187] binder: 8185:8187 ioctl 0 200000000040 returned -22 [ 448.217634][ T8025] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 448.217660][ T8025] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 448.217750][ T8025] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 448.305612][ T8042] hsr_slave_0: entered promiscuous mode [ 448.306753][ T8042] hsr_slave_1: entered promiscuous mode [ 448.307481][ T8042] debugfs: 'hsr0' already exists in 'hsr' [ 448.307500][ T8042] Cannot create hsr debugfs directory [ 448.614361][ T56] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 448.796982][ T8025] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 448.797022][ T8025] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 448.797054][ T8025] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 449.236471][ T60] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 449.362281][ T56] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.772618][ T56] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.959651][ T8025] hsr_slave_0: entered promiscuous mode [ 449.960733][ T8025] hsr_slave_1: entered promiscuous mode [ 449.961476][ T8025] debugfs: 'hsr0' already exists in 'hsr' [ 449.961495][ T8025] Cannot create hsr debugfs directory [ 450.212824][ T56] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.423895][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 450.679615][ T60] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11 [ 453.473407][ T7945] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 453.708777][ T8223] netlink: 12 bytes leftover after parsing attributes in process `syz.1.668'. [ 453.743490][ T7945] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 453.832606][ T56] bridge_slave_1: left allmulticast mode [ 453.832642][ T56] bridge_slave_1: left promiscuous mode [ 453.832936][ T56] bridge0: port 2(bridge_slave_1) entered disabled state [ 453.960703][ T56] bridge_slave_0: left allmulticast mode [ 453.960748][ T56] bridge_slave_0: left promiscuous mode [ 453.961191][ T56] bridge0: port 1(bridge_slave_0) entered disabled state [ 454.071467][ T56] bridge_slave_1: left allmulticast mode [ 454.071495][ T56] bridge_slave_1: left promiscuous mode [ 454.071693][ T56] bridge0: port 2(bridge_slave_1) entered disabled state [ 454.189412][ T56] bridge_slave_0: left allmulticast mode [ 454.189439][ T56] bridge_slave_0: left promiscuous mode [ 454.190296][ T56] bridge0: port 1(bridge_slave_0) entered disabled state [ 454.337254][ T56] bridge_slave_1: left allmulticast mode [ 454.337287][ T56] bridge_slave_1: left promiscuous mode [ 454.337548][ T56] bridge0: port 2(bridge_slave_1) entered disabled state [ 454.471481][ T8224] binder: 8222:8224 ioctl 0 200000000040 returned -22 [ 454.518658][ T56] bridge_slave_0: left allmulticast mode [ 454.518729][ T56] bridge_slave_0: left promiscuous mode [ 454.528774][ T56] bridge0: port 1(bridge_slave_0) entered disabled state [ 455.086761][ T5812] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 455.116049][ T5812] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 455.119275][ T5812] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 455.121209][ T5812] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 455.122368][ T5812] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 456.079546][ T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 456.200009][ T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 456.276050][ T56] bond0 (unregistering): Released all slaves [ 457.218334][ T60] Bluetooth: hci1: command tx timeout [ 457.903097][ T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 457.979102][ T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 458.023289][ T56] bond0 (unregistering): Released all slaves [ 459.298659][ T60] Bluetooth: hci1: command tx timeout [ 459.539443][ T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 459.631340][ T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 459.654405][ T56] bond0 (unregistering): Released all slaves [ 459.689302][ T7945] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 459.996342][ T8238] netlink: 8 bytes leftover after parsing attributes in process `syz.2.671'. [ 460.197615][ T56] tipc: Left network mode [ 460.629067][ T8042] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 461.393964][ T60] Bluetooth: hci1: command tx timeout [ 461.397020][ T8254] netlink: 12 bytes leftover after parsing attributes in process `syz.1.674'. [ 461.501205][ T60] block nbd0: Receive control failed (result -107) [ 461.583788][ T8042] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 464.075992][ T60] Bluetooth: hci1: command tx timeout [ 464.191044][ T8269] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 464.191137][ T8269] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 464.191263][ T8269] vhci_hcd vhci_hcd.0: Device attached [ 464.193514][ T8270] vhci_hcd: connection closed [ 464.194204][ T5971] vhci_hcd vhci_hcd.1: stop threads [ 464.194232][ T5971] vhci_hcd vhci_hcd.1: release socket [ 464.194274][ T5971] vhci_hcd vhci_hcd.1: disconnect device [ 464.313506][ T8042] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 464.518418][ T8042] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 464.849129][ T8281] netlink: 12 bytes leftover after parsing attributes in process `syz.1.680'. [ 465.393114][ T8292] binder: 8280:8292 ioctl 0 200000000040 returned -22 [ 469.392068][ T8025] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 469.738453][ T8025] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 469.827046][ T8312] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 469.827068][ T8312] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 469.827247][ T8312] vhci_hcd vhci_hcd.0: Device attached [ 469.857526][ T8314] vhci_hcd: connection closed [ 469.870458][ T1105] vhci_hcd vhci_hcd.2: stop threads [ 469.870675][ T1105] vhci_hcd vhci_hcd.2: release socket [ 469.888035][ T1105] vhci_hcd vhci_hcd.2: disconnect device [ 469.944462][ T8316] 9pnet_virtio: no channels available for device syz [ 471.738782][ T56] hsr_slave_0: left promiscuous mode [ 471.763011][ T56] hsr_slave_1: left promiscuous mode [ 471.764568][ T56] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 471.799222][ T56] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 471.867956][ T9] ------------[ cut here ]------------ [ 471.867978][ T9] faux_driver vkms: [drm] vblank wait timed out on crtc 0 [ 471.867999][ T9] WARNING: drivers/gpu/drm/drm_vblank.c:1318 at drm_wait_one_vblank+0x3b5/0x5d0, CPU#0: kworker/0:0/9 [ 471.868053][ T9] Modules linked in: [ 471.868138][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 471.868165][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 471.868181][ T9] Workqueue: events drm_fb_helper_damage_work [ 471.868217][ T9] RIP: 0010:drm_wait_one_vblank+0x5a2/0x5d0 [ 471.868250][ T9] Code: 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 4f 76 db fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 8b 4c 24 04 <67> 48 0f b9 3a e9 e3 fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f [ 471.868270][ T9] RSP: 0018:ffffc900000e78e0 EFLAGS: 00010246 [ 471.868290][ T9] RAX: 1ffff11004855200 RBX: ffffffff8f535760 RCX: 0000000000000000 [ 471.868308][ T9] RDX: ffffffff8b9f0aa0 RSI: ffffffff8ba0c800 RDI: ffffffff8f535760 [ 471.868326][ T9] RBP: ffffc900000e79c8 R08: 0000000000000000 R09: 0000000000000000 [ 471.868341][ T9] R10: dffffc0000000000 R11: fffffbfff1e9118f R12: ffffffff8ba0c800 [ 471.868360][ T9] R13: ffff8880242a9000 R14: 1ffff9200001cf20 R15: ffffffff8b9f0aa0 [ 471.868378][ T9] FS: 0000000000000000(0000) GS:ffff8881265a9000(0000) knlGS:0000000000000000 [ 471.868397][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 471.868414][ T9] CR2: 00007f20f39c9c49 CR3: 0000000039ab6000 CR4: 00000000003526f0 [ 471.868434][ T9] Call Trace: [ 471.868447][ T9] [ 471.868464][ T9] ? __pfx_drm_wait_one_vblank+0x10/0x10 [ 471.868492][ T9] ? rt_spin_unlock+0x14f/0x200 [ 471.868527][ T9] ? __pfx_autoremove_wake_function+0x10/0x10 [ 471.868556][ T9] ? rt_spin_unlock+0x160/0x200 [ 471.868595][ T9] ? drm_vblank_get+0x147/0x260 [ 471.868625][ T9] drm_client_modeset_wait_for_vblank+0xc5/0xf0 [ 471.868651][ T9] drm_fb_helper_damage_work+0x131/0x6f0 [ 471.868684][ T9] ? process_scheduled_works+0xa0f/0x17a0 [ 471.868714][ T9] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 471.868750][ T9] ? process_scheduled_works+0xa0f/0x17a0 [ 471.868780][ T9] ? process_scheduled_works+0xa0f/0x17a0 [ 471.868807][ T9] process_scheduled_works+0xaec/0x17a0 [ 471.868865][ T9] ? __pfx_process_scheduled_works+0x10/0x10 [ 471.868887][ T9] ? do_raw_spin_lock+0x12b/0x2f0 [ 471.868915][ T9] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 471.868951][ T9] worker_thread+0xda6/0x1360 [ 471.869006][ T9] kthread+0x388/0x470 [ 471.869037][ T9] ? __pfx_worker_thread+0x10/0x10 [ 471.869060][ T9] ? __pfx_kthread+0x10/0x10 [ 471.869092][ T9] ret_from_fork+0x51b/0xa40 [ 471.869121][ T9] ? __pfx_ret_from_fork+0x10/0x10 [ 471.869146][ T9] ? __switch_to+0xc82/0x1410 [ 471.869185][ T9] ? __pfx_kthread+0x10/0x10 [ 471.869217][ T9] ret_from_fork_asm+0x1a/0x30 [ 471.869273][ T9] [ 471.869291][ T9] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 471.869307][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 471.869332][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 471.869346][ T9] Workqueue: events drm_fb_helper_damage_work [ 471.869372][ T9] Call Trace: [ 471.869382][ T9] [ 471.869391][ T9] vpanic+0x1e0/0x670 [ 471.869429][ T9] panic+0xc5/0xd0 [ 471.869463][ T9] ? __pfx_panic+0x10/0x10 [ 471.869508][ T9] ? ret_from_fork_asm+0x1a/0x30 [ 471.869548][ T9] __warn+0x315/0x4a0 [ 471.869581][ T9] ? drm_wait_one_vblank+0x3b5/0x5d0 [ 471.869609][ T9] ? drm_wait_one_vblank+0x3b5/0x5d0 [ 471.869638][ T9] __report_bug+0x29a/0x540 [ 471.869672][ T9] ? drm_wait_one_vblank+0x3b5/0x5d0 [ 471.869701][ T9] ? __pfx___report_bug+0x10/0x10 [ 471.869751][ T9] report_bug_entry+0x19a/0x290 [ 471.869786][ T9] ? drm_wait_one_vblank+0x5a2/0x5d0 [ 471.869812][ T9] ? drm_wait_one_vblank+0x5a7/0x5d0 [ 471.869838][ T9] handle_bug+0xca/0x200 [ 471.869872][ T9] exc_invalid_op+0x1a/0x50 [ 471.869903][ T9] asm_exc_invalid_op+0x1a/0x20 [ 471.869925][ T9] RIP: 0010:drm_wait_one_vblank+0x5a2/0x5d0 [ 471.869952][ T9] Code: 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 4f 76 db fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 8b 4c 24 04 <67> 48 0f b9 3a e9 e3 fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f [ 471.869971][ T9] RSP: 0018:ffffc900000e78e0 EFLAGS: 00010246 [ 471.869990][ T9] RAX: 1ffff11004855200 RBX: ffffffff8f535760 RCX: 0000000000000000 [ 471.870006][ T9] RDX: ffffffff8b9f0aa0 RSI: ffffffff8ba0c800 RDI: ffffffff8f535760 [ 471.870023][ T9] RBP: ffffc900000e79c8 R08: 0000000000000000 R09: 0000000000000000 [ 471.870038][ T9] R10: dffffc0000000000 R11: fffffbfff1e9118f R12: ffffffff8ba0c800 [ 471.870055][ T9] R13: ffff8880242a9000 R14: 1ffff9200001cf20 R15: ffffffff8b9f0aa0 [ 471.870097][ T9] ? __pfx_drm_wait_one_vblank+0x10/0x10 [ 471.870124][ T9] ? rt_spin_unlock+0x14f/0x200 [ 471.870157][ T9] ? __pfx_autoremove_wake_function+0x10/0x10 [ 471.870186][ T9] ? rt_spin_unlock+0x160/0x200 [ 471.870227][ T9] ? drm_vblank_get+0x147/0x260 [ 471.870257][ T9] drm_client_modeset_wait_for_vblank+0xc5/0xf0 [ 471.870284][ T9] drm_fb_helper_damage_work+0x131/0x6f0 [ 471.870315][ T9] ? process_scheduled_works+0xa0f/0x17a0 [ 471.870344][ T9] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 471.870379][ T9] ? process_scheduled_works+0xa0f/0x17a0 [ 471.870401][ T9] ? process_scheduled_works+0xa0f/0x17a0 [ 471.870427][ T9] process_scheduled_works+0xaec/0x17a0 [ 471.870483][ T9] ? __pfx_process_scheduled_works+0x10/0x10 [ 471.870506][ T9] ? do_raw_spin_lock+0x12b/0x2f0 [ 471.870532][ T9] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 471.870569][ T9] worker_thread+0xda6/0x1360 [ 471.870624][ T9] kthread+0x388/0x470 [ 471.870655][ T9] ? __pfx_worker_thread+0x10/0x10 [ 471.870678][ T9] ? __pfx_kthread+0x10/0x10 [ 471.870709][ T9] ret_from_fork+0x51b/0xa40 [ 471.870737][ T9] ? __pfx_ret_from_fork+0x10/0x10 [ 471.870768][ T9] ? __switch_to+0xc82/0x1410 [ 471.870808][ T9] ? __pfx_kthread+0x10/0x10 [ 471.870841][ T9] ret_from_fork_asm+0x1a/0x30 [ 471.870895][ T9] [ 471.871516][ T9] Kernel Offset: disabled