last executing test programs: 5m30.985680851s ago: executing program 3 (id=226): r0 = socket(0x10, 0x803, 0x0) sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000013c0)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000880)={0x0, 0x0, 0x80000}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0), 0x4) ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0) pipe2(&(0x7f0000000000), 0x4800) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@ipv6_getaddr={0x2c, 0x16, 0x1, 0x70bd2d, 0x0, {}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r3) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000e40), 0x40080, 0x0) ioctl$TCSETS(r4, 0x5402, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x50}}, 0x0) 5m28.766394886s ago: executing program 3 (id=231): sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) r0 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) getsockopt$ax25_int(r0, 0x101, 0x1, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) dup(0xffffffffffffffff) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102368, 0x18fe0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6_sctp(0xa, 0x5, 0x84) sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0) r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r3, 0x12, 0x2, &(0x7f0000000780)=""/175, &(0x7f00000000c0)=0xaf) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000280)={{0x6, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x5, 0xffffffffffffffff, 0xffffffefffffffff, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x9, 0xffffffffbfffffff, 0x0, 0x0, 0x7, 0x3, 0x80000000, 0x5, 0x0, 0x0, 0x4, 0xfffffffffffffffc, 0x6, 0x0, 0x40, 0x0, 0xfffffffffffffffd, 0x100200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x4, 0x1000, 0x2000000000, 0x7, 0x0, 0x40000000000000, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3, 0x0, 0x7, 0x10000, 0x7785, 0x0, 0x4, 0x0, 0x8, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x20, 0x80000000000, 0x0, 0x4, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x20, 0x80000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x8, 0x0, 0xaa, 0x0, 0x0, 0x0, 0x100, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xc0c0, 0x0, 0x0, 0x0, 0x4, 0x1, 0x0, 0x3, 0x0, 0xffffffffffeffffc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x80]}) 5m26.901817375s ago: executing program 3 (id=233): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r5, &(0x7f0000000180), 0x10) 5m25.630572795s ago: executing program 3 (id=238): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_NEW(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="200000000007010100000000000000000000010073797a3000000000"], 0x20}}, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) landlock_create_ruleset(0x0, 0x0, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00') syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000400)) socket$inet(0x2, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) epoll_create1(0x80000) fsopen(&(0x7f00000003c0)='bpf\x00', 0x0) socket(0x11, 0xa, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r1], 0x3c}}, 0x0) 5m23.663689644s ago: executing program 3 (id=241): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_NEW(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000002040)=ANY=[@ANYBLOB="2000000000070103000000000000000000000000090001000200000000000000fcec2fdb1fe51238899232db43c36464b2521e6303b9372a7b9779a2df3c2ffa07ac039d78ec6cc8c3d198a9c87b3c7565fbab83e7c21c438371920da04da5d47ed5"], 0x20}}, 0x0) sendmsg$NFNL_MSG_ACCT_DEL(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0xc0}, 0x4000000) sched_setscheduler(r0, 0x6, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000) prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil) r5 = syz_open_procfs(0x0, &(0x7f0000002700)='cmdline\x00') read$FUSE(r5, &(0x7f0000000000)={0x2020}, 0xfffffc7a) 5m22.480471119s ago: executing program 3 (id=245): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x30313953, 0x0, 0xa, [{}, {0x10}]}}) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) madvise(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x15) madvise(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setaffinity(0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="1400000025000100ffffff92f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) 5m7.442677935s ago: executing program 32 (id=245): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x30313953, 0x0, 0xa, [{}, {0x10}]}}) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) madvise(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x15) madvise(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setaffinity(0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="1400000025000100ffffff92f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) 2m46.905957907s ago: executing program 5 (id=483): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0xfffffffffffffd9f, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x6, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000003c0)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e22}, 0x6e) r4 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000280)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000380)={0x80001, 0x0, 0x26}, 0x18) move_mount(0xffffffffffffffff, &(0x7f00000001c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', r4, &(0x7f0000000400)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00'}, 0x10) ioctl$sock_inet_SIOCSIFADDR(r5, 0x8916, &(0x7f0000000080)={'veth1_to_batadv\x00', {0x2, 0x0, @remote}}) r6 = syz_open_dev$sndpcmc(&(0x7f0000000480), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r6, 0xc1004110, &(0x7f0000000000)={0x0, [0x6, 0xffff133e, 0xffffffff], [{0xffffffff, 0x7}, {0x31, 0x85}, {0x20, 0x7ff}, {0x1, 0x8}, {0x40, 0x7}, {}, {}, {}, {0x2000000, 0x20000}, {}, {0x1, 0x8}, {0x0, 0x8000000}]}) connect$unix(0xffffffffffffffff, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(0xffffffffffffffff, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r7 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000100), 0x8240, 0x0) mmap(&(0x7f000004c000/0x1000)=nil, 0x1000, 0x1000001, 0x28011, r7, 0x4b08d000) 2m45.616364485s ago: executing program 5 (id=484): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03"], 0x0) syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x40000, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(0xffffffffffffffff, 0xc0884113, &(0x7f0000000240)={0x1, 0x0, 0xfffffffd, 0x10001, 0x0, 0xfffffffffffffffd, 0x7, 0x100000000000000, 0xfffffffffffffffd, 0x9, 0xeffffffb, 0x1}) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x2, 0x1, 0x10}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) 2m40.498372273s ago: executing program 5 (id=494): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200)=0x1, 0x12) io_uring_setup(0x34d, &(0x7f0000000300)) r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r3, 0x0, 0xd2, &(0x7f0000000000)={@remote, @multicast1, 0x4, "d30f388c52647612d91de4353d68b0fa00", 0x0, 0x0, 0x4000000, 0x8}, 0x3c) setsockopt$MRT_ADD_MFC(r3, 0x0, 0xcc, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000200)={'sit0\x00', 0x0}) sendto$packet(r5, &(0x7f00000002c0)="12040500d3fc03fc01004788031c09100628", 0xfd35, 0x4, &(0x7f0000000140)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @multicast}, 0x14) 2m37.219001436s ago: executing program 5 (id=498): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000200), 0x111, 0x2}}, 0x20) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8) getresgid(&(0x7f0000000100), 0x0, 0x0) ioperm(0x0, 0x2, 0x7e) epoll_create1(0x0) r1 = syz_pidfd_open(0x0, 0x0) pidfd_send_signal(r1, 0x11, 0x0, 0x0) r2 = socket$can_raw(0x1d, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000005c0)={0x1, @pix={0x0, 0xfffffffd, 0x56595559, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x4}}) openat(0xffffffffffffff9c, 0x0, 0x105042, 0x1ff) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) r4 = syz_open_dev$usbfs(0x0, 0x800000001fe, 0x82) dup(r4) write$uinput_user_dev(r3, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0xc95a, 0xfffffff3, 0x9, 0x5, 0x2, 0x1, 0x5, 0x6, 0x4d, 0xfffffff2, 0x5f, 0xa, 0x3, 0xffff2d38, 0x1dd2, 0x2, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xffffffff, 0x1, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x7, 0x3, 0x7fff, 0x4c74, 0x8f00, 0x642, 0x3, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0x0, 0x5, 0x3c, 0x8f, 0x6, 0x6, 0x3, 0x10005, 0x4, 0x8, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x100, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffc, 0x3, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0xa, 0x4, 0x4, 0x3, 0x9, 0x400, 0x1, 0x6, 0x7, 0xff, 0x9e0, 0x7ff, 0x5f31, 0x4, 0x0, 0x6, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x5, 0x0, 0x1, 0x8000, 0xffff, 0x2, 0x7f, 0x9, 0x5, 0x3, 0x4, 0x1, 0x77, 0xfffffff8, 0x9, 0x48c93690, 0x2, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0x2, 0x5, 0x2, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x5, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x0, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0x54fe12d2, 0xbf, 0xb, 0x3, 0x400000, 0xfffffff9, 0x0, 0x1, 0x5, 0x0, 0x6, 0x0, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x3], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xceb, 0x1ff, 0x6, 0x7, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x6, 0xffffffff, 0x80000000, 0x5, 0x8, 0xc8, 0x3, 0x3, 0xffff, 0x3, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b93, 0xa1f, 0x8, 0x9, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1d, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c) r5 = syz_open_dev$swradio(&(0x7f00000004c0), 0x1, 0x2) ioctl$VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000500)={0x180, 0xb, 0x0, "d52431fea07d750800604ca6d8fa4f5920388a629ccdfa7df0a8885a0032510e", 0x41414270}) 2m32.747388023s ago: executing program 5 (id=504): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x200}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000000)={'syztnl2\x00', 0x0}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x3f00) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$SIOCNRDECOBS(r3, 0x89e2) get_robust_list(0x0, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x11, &(0x7f0000000200)={@remote, @random="0000dcf6177a", @void, {@mpls_uc={0x8864, {[], @llc={@llc={0xaa, 0xdc, 'T'}}}}}}, 0x0) r4 = socket$inet(0x10, 0x3, 0x0) sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000440)="4c0000001200ff09ff3a150099a283ff04b8008000f0ffff0000000600401500240036001fc411a0b598bc593ab6821148a730cc33a49868c62b2ca654a6613b6aab", 0x42}, {&(0x7f0000000080)='G%\x00\x00\x00\x00\x00\x00\x00\x00', 0xa}], 0x2}, 0x0) recvmmsg(r4, &(0x7f0000001300)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600}}], 0x300, 0x48, 0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYRES16, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x8084) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x44, &(0x7f0000000100)="0000000000000000000051229dc9", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_COPY(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000adb000/0x2000)=nil, &(0x7f0000fee000/0x11000)=nil, 0x2000}) 2m30.348895675s ago: executing program 5 (id=509): r0 = socket$nl_generic(0x10, 0x3, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000300)={&(0x7f0000032bc0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000af0000000090a01010000000000000000010000070800044000000001080004400000000195000d4043b524849311151b6247d292a0dd1e580081ae321cf15a6b9cfbac5e5000052f71a83f372c26ff818425e97e43d4e9ca6d920e597ee6360b0f74f290167cf2a9330be011b4b173777415848e45002c5aa82e32adff20a85719ed2b774caab6ae9eae44c841f785e1c7f7c11d9d57059130f43a4fcf048084f7d6ee9781f72d7d5c21a946e6ed43291f1219f45f7f6b51fc0000000800034000000010080008400000000008000840000000010900010073797a31000000000800044000000001080004400000000380020000080a01020000000000000000070000020c0005800800014000004305f80104805c000180090001006d617371000000004c000280080001400000000d0800034000000016080002400000000f0800024000000011080002400000001708000240000000000800034000000004080002400000000d080002400000000d3c0001800b0001006f626a72656600002c000280080003400000000908000140000000070900020073797a31000000000900020073797a3100000000100001800c000100636f756e746572002800018007000100637400001c0002800500030000000000080002400000000f08000440c935a67c44000180090001006d6173710000000034000280080003400000000a0800014000000001080001400000007b0800014000000005080001400000000a080003400000000f5c000180090001007866726d000000004c000280050003000000000008000240000000050500030002000000080001400000001105000300160000000500030000000000050003000000000008000440000000030500030001000000100001800b000100746172676574000040000180080001006e617400340002800800064000000015080006400000000108000540000000010800064000000009080002400000000a0800024000000002240001800b00010072656a65637400001400028008000140000000000800014000000001100001800a000100696e6e657200000065000740333db503aad01c3cb0874b7984a3a310092bde8e7e910c7d349e68e029b5b323e39a656e91603a59333fd9f8cef2bb51adabf3c368a73c00bc2852bbe926ff80440c00be79d460ffebdd69d0126c59896a2a1010f1f61e2dac5aadf8b1d978f865000000140000001100010000000000000000000100000a79d489dcf5cd6b34151dfb2dae968c87c1fae7653db496568907ef7c2d887514cf5ab656788ba48940a85a21d913182911cd5229efe760f38b5104a2508f485ae62eaa9ce69544e7abd61e1fbb00edf19084e5984fb53f9b2d1026"], 0x398}, 0x1, 0x0, 0x0, 0x2400c861}, 0x51) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) memfd_create(0x0, 0x1) r3 = socket(0x15, 0x5, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=ANY=[@ANYBLOB], 0x38}}, 0x0) syz_emit_vhci(0x0, 0xe) socketpair(0x1, 0x100000005, 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r3, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) read$dsp(0xffffffffffffffff, &(0x7f00000002c0)=""/59, 0x3b) r4 = open(0x0, 0x60142, 0x141) getsockopt$bt_BT_DEFER_SETUP(r4, 0x112, 0x7, 0x0, 0x0) copy_file_range(0xffffffffffffffff, 0x0, r4, 0x0, 0x3df1, 0x0) uname(&(0x7f0000000000)=""/123) sendmsg$nl_generic(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)={0x14, 0x25, 0x1, 0x70bd27, 0x25dfdbfc, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x40000) 2m14.64210241s ago: executing program 33 (id=509): r0 = socket$nl_generic(0x10, 0x3, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000300)={&(0x7f0000032bc0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000af0000000090a01010000000000000000010000070800044000000001080004400000000195000d4043b524849311151b6247d292a0dd1e580081ae321cf15a6b9cfbac5e5000052f71a83f372c26ff818425e97e43d4e9ca6d920e597ee6360b0f74f290167cf2a9330be011b4b173777415848e45002c5aa82e32adff20a85719ed2b774caab6ae9eae44c841f785e1c7f7c11d9d57059130f43a4fcf048084f7d6ee9781f72d7d5c21a946e6ed43291f1219f45f7f6b51fc0000000800034000000010080008400000000008000840000000010900010073797a31000000000800044000000001080004400000000380020000080a01020000000000000000070000020c0005800800014000004305f80104805c000180090001006d617371000000004c000280080001400000000d0800034000000016080002400000000f0800024000000011080002400000001708000240000000000800034000000004080002400000000d080002400000000d3c0001800b0001006f626a72656600002c000280080003400000000908000140000000070900020073797a31000000000900020073797a3100000000100001800c000100636f756e746572002800018007000100637400001c0002800500030000000000080002400000000f08000440c935a67c44000180090001006d6173710000000034000280080003400000000a0800014000000001080001400000007b0800014000000005080001400000000a080003400000000f5c000180090001007866726d000000004c000280050003000000000008000240000000050500030002000000080001400000001105000300160000000500030000000000050003000000000008000440000000030500030001000000100001800b000100746172676574000040000180080001006e617400340002800800064000000015080006400000000108000540000000010800064000000009080002400000000a0800024000000002240001800b00010072656a65637400001400028008000140000000000800014000000001100001800a000100696e6e657200000065000740333db503aad01c3cb0874b7984a3a310092bde8e7e910c7d349e68e029b5b323e39a656e91603a59333fd9f8cef2bb51adabf3c368a73c00bc2852bbe926ff80440c00be79d460ffebdd69d0126c59896a2a1010f1f61e2dac5aadf8b1d978f865000000140000001100010000000000000000000100000a79d489dcf5cd6b34151dfb2dae968c87c1fae7653db496568907ef7c2d887514cf5ab656788ba48940a85a21d913182911cd5229efe760f38b5104a2508f485ae62eaa9ce69544e7abd61e1fbb00edf19084e5984fb53f9b2d1026"], 0x398}, 0x1, 0x0, 0x0, 0x2400c861}, 0x51) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) memfd_create(0x0, 0x1) r3 = socket(0x15, 0x5, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=ANY=[@ANYBLOB], 0x38}}, 0x0) syz_emit_vhci(0x0, 0xe) socketpair(0x1, 0x100000005, 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r3, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) read$dsp(0xffffffffffffffff, &(0x7f00000002c0)=""/59, 0x3b) r4 = open(0x0, 0x60142, 0x141) getsockopt$bt_BT_DEFER_SETUP(r4, 0x112, 0x7, 0x0, 0x0) copy_file_range(0xffffffffffffffff, 0x0, r4, 0x0, 0x3df1, 0x0) uname(&(0x7f0000000000)=""/123) sendmsg$nl_generic(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)={0x14, 0x25, 0x1, 0x70bd27, 0x25dfdbfc, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x40000) 1m52.558039838s ago: executing program 2 (id=570): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x208400, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r1, 0x10d, 0xb0, &(0x7f0000000940), &(0x7f0000000080)=0x4) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket(0x10, 0x3, 0x0) write(r2, &(0x7f00000004c0)="3c00000058001f000307f4f9002304000a04d65f0800010002010002170003800500000099db973b91aa057972513500b0406700912deb5b85932234", 0x3c) add_key(&(0x7f0000000200)='user\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) r3 = add_key$user(&(0x7f0000000540), &(0x7f0000000380)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000440)={0x2, @pix={0x100, 0x2, 0x3631564e, 0x0, 0x23, 0xdb8, 0x5, 0xfff, 0x1, 0x8, 0x2, 0x2}}) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000240), 0x2000, 0x0) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd', @ANYRESOCT=r4, @ANYRESDEC=0x0, @ANYRES16=r3]) read$FUSE(r4, &(0x7f000000e280)={0x2020}, 0x2020) syz_fuse_handle_req(r4, &(0x7f000000c280)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c71329afd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e6ef001881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452942200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa81a98b74de0a26cebf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2caa3c4d872744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de7007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4c62e217bd9e19460762f36c66bc948fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449ede7ba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c5789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e38ae665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2643508861a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9af741e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beae69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c392a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3386abdf69540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a579aeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0f58b12ca4dc131c381b49b42b570bc1c2745f5f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f95011a3ba1d2fd8086a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc08fee00308420121d4c7431b3cfb80f9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906918966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e710cfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935ae91f7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007db9976f351717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992febcc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c799a903f651b0d013f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d20969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dce05a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f2948fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db679c67ea59c1350b8442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e195464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b22c1727d4b6df01957cae47443b706d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda4518b2e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdcdbf3ac27265b779db4f49bade0128eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5042d2a6e78bbfe5ee146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cd2c44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af418075338328f24e7504341c22bef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a", 0x2000, &(0x7f0000001940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x90, 0x0, 0x2, {0x2, 0x3, 0x0, 0x0, 0xfffffffd, 0x0, {0x4000000, 0xc, 0x0, 0x3, 0x0, 0x0, 0xffffffff, 0x0, 0x7, 0xc000}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000900)=@newlink={0x34, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x115, 0x2081}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}]}, 0x34}}, 0x28000000) 1m51.442562499s ago: executing program 2 (id=573): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) getpid() prctl$PR_SET_VMA(0x23, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, &(0x7f0000000040)='#\':-:)*!/^\xbb\x17(])}\x00') bind$can_raw(0xffffffffffffffff, &(0x7f0000000000), 0x10) socket$kcm(0xa, 0x922000000003, 0x11) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000480)={0x0, @in6={{0xa, 0x4e22, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3}}, 0x4, 0x2, 0x80000001, 0x4, 0x38, 0xf, 0x1}, 0x9c) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x42002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r2, &(0x7f0000000100)={{0x3, @default, 0x5}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}, 0x48) 1m49.246731827s ago: executing program 2 (id=576): sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x12, 0xc, &(0x7f0000000fc0)=ANY=[], 0x0, 0x22, 0x0, 0x0, 0x41000, 0x66, '\x00', 0x0, @cgroup_sock_addr=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6_udp(0xa, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00') read(r3, &(0x7f0000000b00)=""/193, 0xc1) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x9}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000280), 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000640)=ANY=[@ANYBLOB="30e01b3981"], 0x1000f) read$FUSE(r0, &(0x7f0000000480)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) getpgid(r4) pipe(0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r5, 0x0, 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r5, 0x0) 1m48.5625663s ago: executing program 2 (id=577): bind$alg(0xffffffffffffffff, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'salsa20\x00'}, 0x58) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) ioctl$SG_GET_REQUEST_TABLE(0xffffffffffffffff, 0x2284, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000680)={'wlan0\x00', &(0x7f0000000400)=@ethtool_rxfh={0x46, 0x10000, 0x1, 0x70a, 0x0, "92ba1f", 0x6}}) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_open_dev$rtc(&(0x7f0000000000), 0x0, 0x107000) dup(r1) ioctl$EXT4_IOC_GETFSUUID(0xffffffffffffffff, 0x8008662c, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0xe}, {0x0, 0x1}}}, 0x24}}, 0x880) ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000040)={0xf0f024}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2800) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000200)={0x2, @sliced={0x4, [0x0, 0xb95, 0x6, 0x0, 0x3, 0x86d3, 0xf, 0x6, 0x4, 0x80, 0x7fff, 0x9, 0x1, 0x1000, 0x4, 0x7, 0x2, 0xad, 0xfff, 0x7, 0x8, 0xfffc, 0x5, 0x8000, 0x800, 0x6, 0x2e53, 0x975f, 0x4, 0x1, 0x9, 0x8001, 0xa, 0x1, 0x7, 0x5, 0x9, 0x6, 0x7e70, 0x0, 0x47, 0x5, 0xff, 0x2, 0xd06, 0x2, 0x1, 0xbb7], 0x3ff}}) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x4010}, 0x44004) 1m45.263836355s ago: executing program 2 (id=584): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x40901, 0x20) write$FUSE_DIRENT(r4, &(0x7f0000000580)=ANY=[@ANYRESDEC, @ANYRESHEX], 0x200001d0) write$UHID_CREATE(r4, &(0x7f00000007c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', 0x0, 0x0, 0x4, 0x79, 0xfffffffa, 0x6, 0x3}}, 0x120) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) accept(r1, &(0x7f00000003c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, &(0x7f0000000440)=0x80) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@var={0x2, 0x0, 0x0, 0xe, 0x2}, @volatile={0x0, 0x0, 0x0, 0x2}]}, {0x0, [0x0, 0x2e]}}, 0x0, 0x38, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x9, 0x8, 0x8, 0x90, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r5, 0x1, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x48) creat(0x0, 0x81) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="12000000040000"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r7, @ANYRES32, @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r7, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r6}, 0x20) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) 1m44.245689939s ago: executing program 2 (id=586): r0 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) r2 = syz_open_dev$ttys(0xc, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000100)=0x15) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0x101000) ioctl$TCFLSH(r2, 0x40384708, 0x20000000) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0xe4}}, 0x0) r3 = socket$inet(0xa, 0x801, 0x84) connect$inet(r3, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r3, 0x100000001) r4 = accept4(r3, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_MAXSEG(r4, 0x84, 0xd, &(0x7f0000000180), 0x4) sendto$ax25(r4, &(0x7f0000000100)="e8c458668e251505922a17779eeb04941e0584cac1bf87ea60b60420c70195fe710ca1f303dd69dd76329126e407b3e01dd34f65e6f448413ae45099d30c2a11a3f9325438f4be2821c98967acbe94db6cfcd5b19e63606aa5ea7df6c190c6acee53764c218c07efa3d9f3", 0x6b, 0x20040000, 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)) ioctl$SIOCSIFHWADDR(r5, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"}) ioctl$KVM_RUN(r5, 0xae80, 0x0) geteuid() 1m36.256035389s ago: executing program 6 (id=534): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff) r2 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x22803) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x400000, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) ioctl$KVM_CAP_HYPERV_SYNIC2(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000300)) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) r7 = socket(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r7, 0xa00000000000000, 0x80, 0x0, 0x9c0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r2, 0x40a85323, 0x0) pipe2$9p(&(0x7f0000000140), 0x4080) dup3(r2, 0xffffffffffffffff, 0x0) sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)={0x14, r1, 0xb01, 0x70bd2d, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x709ee32257da3bbc}, 0x20000008) 1m34.60844742s ago: executing program 6 (id=598): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$UI_GET_VERSION(r1, 0x8004552d, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = socket$netlink(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000006800)={&(0x7f0000000080)={0x44, r8, 0x615, 0x0, 0x2, {}, [@MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x44}, 0x5}, 0x0) 1m28.10030363s ago: executing program 34 (id=586): r0 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) r2 = syz_open_dev$ttys(0xc, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000100)=0x15) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0x101000) ioctl$TCFLSH(r2, 0x40384708, 0x20000000) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0xe4}}, 0x0) r3 = socket$inet(0xa, 0x801, 0x84) connect$inet(r3, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r3, 0x100000001) r4 = accept4(r3, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_MAXSEG(r4, 0x84, 0xd, &(0x7f0000000180), 0x4) sendto$ax25(r4, &(0x7f0000000100)="e8c458668e251505922a17779eeb04941e0584cac1bf87ea60b60420c70195fe710ca1f303dd69dd76329126e407b3e01dd34f65e6f448413ae45099d30c2a11a3f9325438f4be2821c98967acbe94db6cfcd5b19e63606aa5ea7df6c190c6acee53764c218c07efa3d9f3", 0x6b, 0x20040000, 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)) ioctl$SIOCSIFHWADDR(r5, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"}) ioctl$KVM_RUN(r5, 0xae80, 0x0) geteuid() 1m19.197527824s ago: executing program 35 (id=598): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$UI_GET_VERSION(r1, 0x8004552d, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = socket$netlink(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000006800)={&(0x7f0000000080)={0x44, r8, 0x615, 0x0, 0x2, {}, [@MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x44}, 0x5}, 0x0) 14.210218578s ago: executing program 1 (id=706): r0 = socket(0x21, 0x2, 0x2) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000080)='H', 0x1}], 0x1}, 0x0) bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r1, &(0x7f0000000080)=ANY=[], 0x6) setsockopt$sock_int(r0, 0x1, 0x2e, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={0x0}, 0x1, 0x0, 0x0, 0x18}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00200000000080000000000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={0xffffffffffffffff, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, &(0x7f00000006c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xf2, &(0x7f0000000700), 0x0, 0x10, &(0x7f0000000740), &(0x7f0000000780), 0x8, 0x9f, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) r3 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000940), 0x8) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c00)={&(0x7f0000000a40)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x8c, 0x8c, 0x6, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x5, 0x26}}, @restrict={0xe, 0x0, 0x0, 0xb, 0x5}, @int={0x3, 0x0, 0x0, 0x1, 0x0, 0x64, 0x0, 0x5e, 0x7}, @enum={0x9, 0x8, 0x0, 0x6, 0x4, [{0x0, 0x3}, {0x7, 0x5}, {0xe, 0x1000}, {0xa, 0x4}, {0xe, 0x9}, {0xf, 0x3}, {0x4, 0x4}, {0xf, 0x3}]}, @volatile={0x1, 0x0, 0x0, 0x9, 0x2}]}, {0x0, [0x5f, 0x30, 0x5f, 0x5f]}}, &(0x7f0000000b40)=""/190, 0xaa, 0xbe, 0x0, 0x218f, 0x10000, @value=r3}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x6, 0x7, 0x0, &(0x7f0000000c40)='GPL\x00', 0x400000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) r5 = accept4$tipc(r0, 0x0, &(0x7f00000003c0), 0x800) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x5, &(0x7f00000027c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) vmsplice(0xffffffffffffffff, &(0x7f00000003c0)=[{0x0}], 0x1, 0x8) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000003c0)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB='&\x00'], 0x20) r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r6, &(0x7f0000000000)={0x1f, @none}, 0x8) setsockopt$bt_BT_VOICE(r6, 0x112, 0xb, 0x0, 0x0) epoll_wait(0xffffffffffffffff, 0xfffffffffffffffc, 0x27, 0xbf) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r7 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r0, &(0x7f0000000100)) ioctl$FAT_IOCTL_SET_ATTRIBUTES(r5, 0x40047211, &(0x7f0000000580)=0x10) epoll_ctl$EPOLL_CTL_MOD(r7, 0x3, r0, &(0x7f00000005c0)={0x2000a210}) setsockopt$IP_VS_SO_SET_EDITDEST(r0, 0x0, 0x489, &(0x7f0000000080)={{0x3a, @rand_addr=0x64010102, 0x4e20, 0x4, 'sed\x00', 0x22, 0x80000061, 0x5e}, {@dev={0xac, 0x14, 0x14, 0x11}, 0x4e22, 0x10000, 0xe190, 0x3, 0x2}}, 0x44) 12.562839169s ago: executing program 1 (id=710): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1ebc82, 0x0) ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000180)=0x800) socket$inet6_udplite(0xa, 0x2, 0x88) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="1802000002ca64967e00000000000e00000000000000000028000000850000002300000800000000000000c85748852d720247b1e7ada6fdecdf5844ac83d848d40fa45ebc"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x5484}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCPKT(r6, 0x5420, &(0x7f0000000100)=0xcf5) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TCSETAF(r6, 0x5408, &(0x7f0000001000)={0x4, 0xffff, 0x70, 0x5, 0x10, "6a29dd0defdaa37a"}) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000000)=0x14) ioctl$TCFLSH(r7, 0x40384708, 0x20000000) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r1}, 0x38) 11.079571457s ago: executing program 4 (id=713): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r4, &(0x7f0000000180), 0x10) sendmsg$can_bcm(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x5, 0x0, 0x0, {0x0, 0x2710}, {}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "f8ca44b8874fdf8a"}}, 0x48}}, 0x0) sendmsg$can_bcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)={0x6, 0x0, 0x0, {0x77359400}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x3, 0x0, 0x0, "b16df9f80fedfa09"}}, 0x48}, 0x1, 0x0, 0x0, 0x48c1}, 0x0) 9.914968961s ago: executing program 0 (id=714): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xd, &(0x7f0000000040)={0x6000000, 0x2}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) r0 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt$inet_dccp_int(r0, 0x21, 0xb, &(0x7f0000000100)=0x1000, 0x4) getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) syz_clone(0x4008d800, 0x0, 0x0, &(0x7f0000000380), 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x149a02, 0x0) write$binfmt_script(r4, 0x0, 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000001340)=@mangle={'mangle\x00', 0x10, 0x6, 0x948, 0x738, 0x738, 0xf0, 0x438, 0x738, 0x878, 0x878, 0x878, 0x878, 0x878, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xf0, 0x0, {0x7a00000000000000}}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@private0, @ipv4=@empty, 0xe}}}, {{@ipv6={@dev, @loopback, [], [], 'pimreg0\x00', 'veth1_macvtap\x00'}, 0x0, 0x118, 0x140, 0x0, {}, [@common=@unspec=@devgroup={{0x38}}, @common=@unspec=@connbytes={{0x38}}]}, @common=@unspec=@AUDIT={0x28}}, {{@uncond, 0x0, 0x1e0, 0x208, 0x0, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@empty, @private2, @loopback, @mcast2, @local, @mcast1, @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, @dev, @private1, @private1, @loopback, @loopback]}}]}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0x2d8, 0x300, 0x0, {}, [@common=@unspec=@bpf0={{0x230}}]}, @common=@unspec=@MARK={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0, [], [], 'bridge_slave_1\x00', 'gretap0\x00'}, 0x0, 0xf8, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4, @ipv6=@empty}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x9a8) r6 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r6, 0xc0045516, &(0x7f00000000c0)=0x81) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r6, 0xc1105517, &(0x7f0000000340)={{0xffffffff, 0x6, 0x0, 0xa45, 'syz0\x00'}, 0x2, 0x2, 0x8, 0x0, 0x0, 0xff, 'syz1\x00', 0x0}) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r6, 0xc0045516, &(0x7f0000000480)) 8.909660313s ago: executing program 0 (id=715): socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = creat(0x0, 0xecf86c37d53049cc) write$binfmt_elf32(r0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, 0x0, &(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$usbfs(0x0, 0x74, 0x101301) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0842b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca20508011132153c528f7bca92980a3223c5b9cdddedb0a14adddf9a6e70a26b5c0ee0879c349814bee9d96d8bd23db4e801d49201ae84090455682794098afa42b34196b1d849020eeeb1ef48d003d71524683d7cdfa841bca708414fb8ff49742420d1ab7fa678aa4806d5247616e8bc0b02887f8efe9310ccf9bec1c9b7f6671c9d59ac6b09b4436cafdd1887c8e884c930d21ace088ccc99a94d4b33da2fc1b1310bb607a9ad65844655de1ac9fd36d12e07a821fb950368a970c58fb4f3f403fdaf68902874"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, 0x0) close(r0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f000000b940)=[{{&(0x7f0000000240)=@file={0x1, './bus\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x40084}}], 0x1, 0x0) r6 = socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001500)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0) mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f00000000c0)='nfs\x00', 0x0, &(0x7f0000000000)='\x06\x00\x00\x00\x04\xb0\xfe\x98\x9a!s\x91]\xab\xc9\xa2IV\xb6-\xd9z\x81\x91\x8aP}I\xc6\x0e\xd9\v\xda\xbfS\x16 \x04\r\xcd\xdb\x9a\xd4\xaf\r\x11\xa0\xd7\xd7\xb6\x9bz\x99\xaf\xfd\x87fN\xad\x90U\xb4A\xdf\xabB\xbba\x7f\xb8\x96\x1a\xe7\xc1\xab\x16\x02\x000xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000200)='net/netstat\x00') lseek(r4, 0x9, 0x0) r5 = socket$igmp(0x2, 0x3, 0x2) setsockopt$IP_VS_SO_SET_STARTDAEMON(r5, 0x0, 0x48b, &(0x7f0000002100)={0x1, 'ip6gre0\x00', 0x1}, 0x18) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000080)=0x3) ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000000)=0x7d) setsockopt$IP_VS_SO_SET_STOPDAEMON(r4, 0x0, 0x48c, &(0x7f00000001c0)={0x2, 'erspan0\x00', 0xfffffffc}, 0x18) prlimit64(r1, 0x5, &(0x7f0000000100)={0x5, 0x3}, &(0x7f0000000180)) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'tunl0\x00', 0x0}) syz_clone(0x10080000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) timerfd_gettime(0xffffffffffffffff, 0x0) 6.255184131s ago: executing program 4 (id=718): ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0xfe, 0x7fff0000}]}) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)}) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, 0x0, 0x0) io_setup(0x3fe, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSETMODE(r3, 0x4b3a, 0x1) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) ioctl$TCXONC(r3, 0x4b3a, 0x0) 6.014000595s ago: executing program 1 (id=719): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ptrace(0x10, 0x0) process_mrelease(0xffffffffffffffff, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) socket$kcm(0x2, 0xa, 0x2) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) ioctl$KDFONTOP_GET(0xffffffffffffffff, 0x4b72, 0x0) prlimit64(0x0, 0xe, &(0x7f0000002500)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x12b3, 0x4e73, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020030000b03d25a806f8c2d94f90324fc602f1a04000a740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x0) read$rfkill(0xffffffffffffffff, &(0x7f0000000380), 0x8) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./file0\x00') mkdir(&(0x7f0000000040)='./file0\x00', 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00', 0x418402, 0x1) rmdir(&(0x7f00000001c0)='./file0\x00') 5.118503715s ago: executing program 4 (id=720): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) connect$unix(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb0100180000000000000018000000180000000400000002"], 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sched_setscheduler(0x0, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCGIFCONF(r1, 0x8912, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000580)='sockfs\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[], [], 0x2f}) r3 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) getdents(r3, &(0x7f0000000400)=""/132, 0x84) lseek(r3, 0x0, 0x4) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet_udp(0x2, 0x2, 0x0) close(r5) socket$nl_route(0x10, 0x3, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000040)={0x0, 0x2000, 0x0, {0x0, 0xa}, {0x1}, @const={0x0, {0x0, 0x8, 0x4, 0x81}}}) write$binfmt_misc(r4, 0x0, 0x0) 4.409432843s ago: executing program 1 (id=721): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) connect$inet6(r0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0xf0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r2, 0x21eae}}, 0x20}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0) close(r4) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r5, &(0x7f0000000080), 0x6) ioctl$sock_bt_hci(r5, 0x400448e7, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) ioctl$SIOCSIFHWADDR(r4, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="060000000010"}) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618d96d6d2e8553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="6c0100000b0601080005840008800c00078008001c40000000080c000580050015000f0000001c00078018000180140002400000000000000000000000000000000018010780140017007465616d5f736c6176655f31000000000c00078008000a40000000040c0007800800084000000084100007800900130073797a32000000000c000780080008"], 0x16c}, 0x1, 0x0, 0x0, 0x4008000}, 0x44) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2c0000000d0a010e0000000000000000010000000900"], 0x2c}}, 0x0) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000) 3.605934828s ago: executing program 4 (id=722): r0 = inotify_init() sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x5, 0x9) r1 = socket$kcm(0x2, 0x200000000000001, 0x106) rt_sigprocmask(0x0, 0x0, 0x0, 0x8) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x0, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = inotify_init() inotify_add_watch(r6, &(0x7f0000000300)='./file0\x00', 0xa50003d1) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r9, @ANYBLOB="080026008f0900000800b7"], 0x2c}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24008040) r10 = syz_open_procfs(0x0, 0x0) readlinkat(r10, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000002780)=""/4112, 0x1010) sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x2404c854) r11 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000280)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f4080003000601000004000200110000", 0x5b}, {&(0x7f0000000680)='\'', 0x1}], 0x2, 0x0, 0x0, 0x1f00c00e}, 0x0) 3.375413501s ago: executing program 0 (id=723): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x30313953, 0x0, 0xa, [{}, {0x10}]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setaffinity(0x0, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x4, 0x6, @broadcast}, 0x14) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x1, 0x0, 0x106, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000480)={0xe, 0x18, 0xfa00, @ib_path={&(0x7f0000000340)=[{0x2b, 0x0, [0xfffffffb, 0x9, 0x5, 0xffffffff, 0x9, 0x580, 0x9, 0x2, 0x5, 0x3, 0x0, 0x6a, 0x10001, 0x7fffffff, 0xe730, 0x1000]}], 0xffffffffffffffff, 0x1, 0x1, 0x48}}, 0x20) r2 = openat(0xffffffffffffff9c, 0x0, 0x401c2, 0x0) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='rpc_stats_latency\x00', 0xffffffffffffffff, 0x0, 0x40000000}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x7, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x17, 0x16, &(0x7f00000005c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xa914}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@map_idx_val={0x18, 0x3, 0x6, 0x0, 0x2}, @initr0={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1000200}, @call={0x85, 0x0, 0x0, 0x90}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$netlink(r3, 0x0, 0x0) sendmsg$NL80211_CMD_PROBE_MESH_LINK(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x4000010) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000380)=[@in6={0xa, 0x0, 0x0, @remote, 0x9}], 0x1c) setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8) recvmsg(r0, 0x0, 0x10102) 2.01135685s ago: executing program 4 (id=724): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, 0x0, 0xfffffffffffffffd, 0x5000}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x40000006) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r4 = openat$dir(0xffffffffffffff9c, 0x0, 0x140, 0x82) r5 = fanotify_init(0x4, 0x101801) fanotify_mark(r5, 0x105, 0x40001032, r4, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x281c2, 0x0) r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r6, r7, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x61, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r7, 0x4400ae8f, &(0x7f0000000380)={"0d78979038728ac34e605fdaf0834b15989a2e035c2cbd8818d93504457c83594d580ff3d7d59e704ac99ab5a66d65c8ed87d229e38300625b9824ea189b775e6798340a56dd4235cfcb59ccb775b8fb3d09c110674fb47bf8f5d74ae8e8bc790f93f6a975b5b88c382ac10aad39c1f4ef05f03f4ef11e71ea072eb065aa3051e72d51b2a32d8be382bc3e2d016d92938dffb7db8bd4960983b678178d65432e471741c18befef4d195c305b968f8482d77446c877f31345c56a363f68ab0f97189b8d226f8dc16c146f422c54e64a8ab9a1df29a78dcf121265389cce4d4c028863ded6424ed85f2459e731e083d21ee2373537066727f43494e9805109e79fcdbd2e9d77a2f7ddef0e0051e6abf26917b02ae54f1ca28d0c9d04cff1494f2af18fab499e90782983aa25163e709463038b4cc1ed3542f78211845de7f6c4d9c5b0ae984e13daf98cc0ef4786c8ffddb2b5d41a55167a04bf9ec4ac36258703c6172a2d615e771b29cb4c20a3ed978e47e1124038ab6a867c02858748389464bd642c47acbafb46d72a63257615c643db696e597dcb3d93ca45ea8b65f2b541cf1df8adee87d153e6cefc19db36329e4c9546b60de927516dc790a465869f5398d6b2d058194b922147ed46b49c47feab9c18ac3c9806fac19134d159e7872d31c10f0a9fb4af905494b80e45736d5c8641260bd81d9041b8c28acec9c0465dc8adab47b2089395e74e0d8208d880ee502877155da9102ffe6449302fe7d502ac83521918642ecce911a2d09c1469988dae8c55a4f9a30768fa29be948f228c1ae97e758023c7640fa2bb39e3b3d431c19e3ecea4d02bd69c5ac9a22e7e800d5549450d8ce0dac8641f78b42f813a1f9df41b865a1ee690f55ed0919c2746e4e757d4e916d71bb54f17b72cf5ae0182eb908d0fcaac1d57defb157cc1ee742ddb1073c437bf010c5e2412a1001eedf34a902e5ffca303ca49bd18e50298af4131433ebb6bc575607c2fd23dde277a8e59891600c1778b35994ff852f0e4ee2e2cfd4fbbdac77c89b6ffbe363eec7a142ce89d9adf35bd3346ccac467488a1b474c803b2fbc76aaa9de81d205e4d431ed10e76233ac64e59001e8e762d176f998add4ae7a31f15259f41919e167a718ea38cadf9a7e776413121ae701de817f2fb6b85cfa47c59c7604f2b0a4166ae05c34f2184dca817fbf9f9220c42ca52a1eff03bb6709cae1ae59cacb04e21e897bd802f952a2f6de66568ee69fe7eac2cae483eba16d2486a3b1a750e02318a4a703319c21f58ce9ec6d3759f22ba87c7339928dc22a5a6a918ce439b44c0cb27e3b02ac9dbb1c3c1aa22d048c78821b30a74be8fbe74bf2c9595debbd29926f72243837766d64cf26202b71a76738b37f285d0c2bbbdbd6260fd756e68b728c9979a57cc87175b46cea08b2428f42d4a"}) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) write$binfmt_aout(r8, 0x0, 0xff2e) read$FUSE(0xffffffffffffffff, &(0x7f0000000380)={0x2020}, 0x2020) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) 1.380117885s ago: executing program 0 (id=725): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) syz_open_dev$dri(0x0, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000040)='ramfs\x00', 0x400, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]}) r3 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) mknodat$loop(r3, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') open$dir(&(0x7f0000000000)='./bus\x00', 0x80200, 0x84) open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b00)={&(0x7f0000000540)='afs_get_tree\x00', r4}, 0x10) 1.359505366s ago: executing program 1 (id=726): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r4, &(0x7f0000000180), 0x10) sendmsg$can_bcm(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x5, 0x0, 0x0, {0x0, 0x2710}, {}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "f8ca44b8874fdf8a"}}, 0x48}}, 0x0) sendmsg$can_bcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)={0x6, 0x0, 0x0, {0x77359400}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x3, 0x0, 0x0, "b16df9f80fedfa09"}}, 0x48}, 0x1, 0x0, 0x0, 0x48c1}, 0x0) 1.357797211s ago: executing program 4 (id=727): r0 = socket$netlink(0x10, 0x3, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) syz_open_dev$midi(&(0x7f0000000100), 0x3ff, 0x2000) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, r3, 0x0, 0x100000500) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c000140000000000000000714000000110001"], 0xdc}}, 0x0) sendmsg$NFT_MSG_GETRULE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000190a01020000000000"], 0x14}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[], 0xa4}, 0x1, 0x0, 0x0, 0x2004c899}, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4084) read$FUSE(r1, 0x0, 0x0) write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f}}, 0x50) syz_fuse_handle_req(r1, 0x0, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b04, &(0x7f0000000000)={'wlan1\x00', @random="0200"}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@ipv4_newrule={0x40, 0x20, 0x1, 0x0, 0x0, {0x2, 0x14, 0x0, 0x0, 0x80}, [@FRA_GENERIC_POLICY=@FRA_IIFNAME={0x14, 0x3, 'lo\x00'}, @FRA_DST={0x8, 0x1, @private}, @FRA_FLOW={0x8, 0xb, 0x6}]}, 0x40}, 0x1, 0x0, 0x0, 0x4814}, 0x4000000) 0s ago: executing program 0 (id=728): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x0) sendmsg$NFT_MSG_GETOBJ(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="20000000130a01"], 0x20}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, 0x0) r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r2, &(0x7f0000000380)={{0x6, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast]}, 0x48) listen(r2, 0x1ad72f7) kernel console output (not intermixed with test programs): lave_0: entered promiscuous mode [ 61.381351][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.388909][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.415747][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.429396][ T5828] team0: Port device team_slave_1 added [ 61.444225][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.451402][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.458807][ T5825] bridge_slave_1: entered allmulticast mode [ 61.465374][ T5825] bridge_slave_1: entered promiscuous mode [ 61.471726][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.479111][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.486396][ T5835] bridge_slave_0: entered allmulticast mode [ 61.492915][ T5835] bridge_slave_0: entered promiscuous mode [ 61.500297][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.507432][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.533471][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.569439][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.576722][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.584182][ T5835] bridge_slave_1: entered allmulticast mode [ 61.590723][ T5835] bridge_slave_1: entered promiscuous mode [ 61.609338][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.616846][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.624185][ T5830] bridge_slave_0: entered allmulticast mode [ 61.631102][ T5830] bridge_slave_0: entered promiscuous mode [ 61.649062][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.677025][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.684582][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.710953][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.730042][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.737309][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.744961][ T5830] bridge_slave_1: entered allmulticast mode [ 61.751605][ T5830] bridge_slave_1: entered promiscuous mode [ 61.760054][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.774223][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.785982][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.795945][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.802913][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.828954][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.908370][ T5821] hsr_slave_0: entered promiscuous mode [ 61.914979][ T5821] hsr_slave_1: entered promiscuous mode [ 61.932994][ T5835] team0: Port device team_slave_0 added [ 61.941664][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.953814][ T5825] team0: Port device team_slave_0 added [ 61.980298][ T5828] hsr_slave_0: entered promiscuous mode [ 61.986785][ T5828] hsr_slave_1: entered promiscuous mode [ 61.992867][ T5828] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.001126][ T5828] Cannot create hsr debugfs directory [ 62.008839][ T5835] team0: Port device team_slave_1 added [ 62.016665][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.036395][ T5825] team0: Port device team_slave_1 added [ 62.086720][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.094168][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.121394][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.134711][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.141684][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.167949][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.187954][ T5830] team0: Port device team_slave_0 added [ 62.196148][ T5830] team0: Port device team_slave_1 added [ 62.224249][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.231229][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.257282][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.268172][ T5831] Bluetooth: hci0: command tx timeout [ 62.310875][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.318204][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.344761][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.353661][ T5826] Bluetooth: hci2: command tx timeout [ 62.362788][ T5831] Bluetooth: hci1: command tx timeout [ 62.406666][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.413797][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.429574][ T5831] Bluetooth: hci3: command tx timeout [ 62.439920][ T5826] Bluetooth: hci4: command tx timeout [ 62.451271][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.484057][ T5825] hsr_slave_0: entered promiscuous mode [ 62.490471][ T5825] hsr_slave_1: entered promiscuous mode [ 62.496845][ T5825] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.504802][ T5825] Cannot create hsr debugfs directory [ 62.515585][ T5835] hsr_slave_0: entered promiscuous mode [ 62.521741][ T5835] hsr_slave_1: entered promiscuous mode [ 62.528602][ T5835] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.536237][ T5835] Cannot create hsr debugfs directory [ 62.542197][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.549402][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.575423][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.767258][ T5830] hsr_slave_0: entered promiscuous mode [ 62.773964][ T5830] hsr_slave_1: entered promiscuous mode [ 62.779866][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.787698][ T5830] Cannot create hsr debugfs directory [ 62.892570][ T5821] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 62.914546][ T5821] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 62.942157][ T5821] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 62.964923][ T5821] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 63.005452][ T5825] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 63.036198][ T5825] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 63.048122][ T5825] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 63.062608][ T5825] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 63.103675][ T5835] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 63.135057][ T5835] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 63.145617][ T5835] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 63.170970][ T5835] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 63.202549][ T5828] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 63.234313][ T5828] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 63.265411][ T5828] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 63.289386][ T5828] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 63.308742][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.356940][ T5830] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 63.371710][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.380870][ T5830] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 63.407429][ T5830] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 63.427814][ T200] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.435158][ T200] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.448473][ T5830] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 63.469470][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.476690][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.509743][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.599969][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.618502][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.636879][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.651287][ T200] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.658445][ T200] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.675863][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.682983][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.708231][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.715422][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.760927][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.768112][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.837000][ T5825] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 63.878964][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.892768][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.925558][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.972173][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.995946][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.008316][ T3549] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.015495][ T3549] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.075901][ T200] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.083109][ T200] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.098418][ T200] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.105586][ T200] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.118107][ T200] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.125277][ T200] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.179751][ T5821] veth0_vlan: entered promiscuous mode [ 64.230101][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.242576][ T5821] veth1_vlan: entered promiscuous mode [ 64.285759][ T5821] veth0_macvtap: entered promiscuous mode [ 64.295567][ T5821] veth1_macvtap: entered promiscuous mode [ 64.357355][ T5826] Bluetooth: hci0: command tx timeout [ 64.369020][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.389885][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.423804][ T5826] Bluetooth: hci1: command tx timeout [ 64.424108][ T5831] Bluetooth: hci2: command tx timeout [ 64.462464][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.503597][ T5831] Bluetooth: hci4: command tx timeout [ 64.505012][ T5826] Bluetooth: hci3: command tx timeout [ 64.527368][ T5821] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.537111][ T5821] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.546346][ T5821] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.555959][ T5821] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.576730][ T5835] veth0_vlan: entered promiscuous mode [ 64.605515][ T5835] veth1_vlan: entered promiscuous mode [ 64.730805][ T5835] veth0_macvtap: entered promiscuous mode [ 64.754694][ T5835] veth1_macvtap: entered promiscuous mode [ 64.801733][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.816080][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.827390][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.843163][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.856071][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.868378][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.882096][ T5835] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.892847][ T5835] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.901992][ T5835] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.911492][ T5835] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.942915][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.944734][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.962636][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.978601][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.999702][ T5825] veth0_vlan: entered promiscuous mode [ 65.056918][ T2991] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.077125][ T5825] veth1_vlan: entered promiscuous mode [ 65.088666][ T2991] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.141318][ T5830] veth0_vlan: entered promiscuous mode [ 65.180731][ T5830] veth1_vlan: entered promiscuous mode [ 65.185748][ T2991] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.187978][ T5828] veth0_vlan: entered promiscuous mode [ 65.208593][ T2991] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.232871][ T5828] veth1_vlan: entered promiscuous mode [ 65.244936][ T5825] veth0_macvtap: entered promiscuous mode [ 65.288725][ T5825] veth1_macvtap: entered promiscuous mode [ 65.312133][ T5830] veth0_macvtap: entered promiscuous mode [ 65.327468][ T5828] veth0_macvtap: entered promiscuous mode [ 65.335423][ T3549] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.337718][ T5830] veth1_macvtap: entered promiscuous mode [ 65.354279][ T3549] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.362878][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.375466][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.385869][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.396675][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.408781][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.410677][ T5821] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 65.419759][ T5828] veth1_macvtap: entered promiscuous mode [ 65.490117][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.522762][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.542059][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.557234][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.582365][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.593983][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 65.617595][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 65.718651][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.790909][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.845510][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.882150][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.892455][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.977655][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.998729][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.050142][ T5825] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.075554][ T5825] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.087275][ T5825] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.239235][ T5825] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.339092][ T5912] xt_CT: You must specify a L4 protocol and not use inversions on it [ 67.009987][ T5831] Bluetooth: hci1: command tx timeout [ 67.015527][ T5831] Bluetooth: hci2: command tx timeout [ 67.020948][ T5831] Bluetooth: hci4: command tx timeout [ 67.026439][ T5836] Bluetooth: hci3: command tx timeout [ 67.100938][ T5826] Bluetooth: hci0: command tx timeout [ 67.153224][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 67.250483][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.298482][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.308458][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.319080][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.329312][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.342681][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.352955][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.470503][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.482492][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.492589][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.503119][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.513143][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.527292][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.537534][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.548109][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.570427][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.635073][ T5916] netlink: 60 bytes leftover after parsing attributes in process `syz.2.6'. [ 67.644761][ T5916] unsupported nlmsg_type 40 [ 68.416454][ T5828] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.430626][ T5828] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.440089][ T5828] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.449124][ T5828] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.461251][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.479904][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.500030][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.510845][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.526458][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.541804][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.552019][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.562608][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.620595][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.689226][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 68.864044][ T5873] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 69.079568][ T5830] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.082925][ T5873] usb 3-1: Using ep0 maxpacket: 16 [ 69.123386][ T5830] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.143636][ T5826] Bluetooth: hci4: command tx timeout [ 69.149119][ T5826] Bluetooth: hci2: command tx timeout [ 69.154688][ T5836] Bluetooth: hci1: command tx timeout [ 69.160126][ T5836] Bluetooth: hci0: command tx timeout [ 69.166371][ T5824] Bluetooth: hci3: command tx timeout [ 69.193481][ T5830] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.202883][ T5830] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.209857][ T5873] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 69.259124][ T5873] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 69.275811][ T5873] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 69.294863][ T5873] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.322450][ T5873] usb 3-1: Product: syz [ 69.327112][ T5873] usb 3-1: Manufacturer: syz [ 69.331864][ T5873] usb 3-1: SerialNumber: syz [ 69.373302][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.381858][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.480464][ T200] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.499247][ T200] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.519839][ T3549] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.573129][ T3549] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.574662][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 69.677180][ T5873] usb 3-1: 0:2 : does not exist [ 69.688180][ T5873] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 69.825173][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.836482][ T5873] usb 3-1: USB disconnect, device number 2 [ 69.858642][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.286122][ T2991] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.306692][ T2991] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.335916][ T5928] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 70.363764][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.371640][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.399844][ T5929] udevd[5929]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 70.533632][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 70.759873][ T5937] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5'. [ 71.675816][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.682514][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 74.242998][ T5872] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 74.404458][ T5963] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 74.713451][ T5872] usb 4-1: Using ep0 maxpacket: 8 [ 74.726679][ T5872] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0069, bcdDevice=6e.55 [ 74.936498][ T5872] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.945952][ T5872] usb 4-1: Product: syz [ 74.950164][ T5872] usb 4-1: Manufacturer: syz [ 74.955145][ T5872] usb 4-1: SerialNumber: syz [ 74.971198][ T5872] usb 4-1: config 0 descriptor?? [ 75.042170][ T5970] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 75.705861][ T5872] usb 4-1: can't set config #0, error -71 [ 75.712868][ T5872] usb 4-1: USB disconnect, device number 2 [ 77.803256][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 77.812797][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 78.863575][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 80.323486][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 80.326389][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 81.624552][ T5836] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 81.633029][ T5836] Bluetooth: hci1: Injecting HCI hardware error event [ 81.642168][ T5826] Bluetooth: hci1: hardware error 0x00 [ 81.867132][ T6032] netlink: 4 bytes leftover after parsing attributes in process `syz.0.30'. [ 82.565765][ T978] cfg80211: failed to load regulatory.db [ 83.863387][ T5826] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 87.185733][ T6057] dlm: no local IP address has been set [ 87.191540][ T6057] dlm: cannot start dlm midcomms -107 [ 88.182100][ T6063] netlink: 8 bytes leftover after parsing attributes in process `syz.2.38'. [ 90.250391][ T29] audit: type=1326 audit(1740721358.257:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6074 comm="syz.0.42" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee7318d169 code=0x7ffc0000 [ 90.896098][ T29] audit: type=1326 audit(1740721358.257:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6074 comm="syz.0.42" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee7318d169 code=0x7ffc0000 [ 90.919429][ T29] audit: type=1326 audit(1740721358.257:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6074 comm="syz.0.42" exe="/root/syz-executor" sig=0 arch=c000003e syscall=187 compat=0 ip=0x7fee7318d169 code=0x7ffc0000 [ 90.941054][ T29] audit: type=1326 audit(1740721358.257:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6074 comm="syz.0.42" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee7318d169 code=0x7ffc0000 [ 90.962573][ T29] audit: type=1326 audit(1740721358.257:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6074 comm="syz.0.42" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee7318d169 code=0x7ffc0000 [ 91.063874][ T29] audit: type=1326 audit(1740721358.267:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6074 comm="syz.0.42" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fee7318d169 code=0x7ffc0000 [ 91.095417][ T29] audit: type=1326 audit(1740721358.267:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6074 comm="syz.0.42" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee7318d169 code=0x7ffc0000 [ 91.117829][ T29] audit: type=1326 audit(1740721358.267:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6074 comm="syz.0.42" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee7318d169 code=0x7ffc0000 [ 91.140846][ T29] audit: type=1326 audit(1740721358.267:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6074 comm="syz.0.42" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fee7318d169 code=0x7ffc0000 [ 91.167030][ T29] audit: type=1326 audit(1740721358.267:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6074 comm="syz.0.42" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee7318d169 code=0x7ffc0000 [ 94.682457][ T6107] kvm: kvm [6099]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000 [ 95.795004][ T6107] kvm: kvm [6099]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000 [ 100.543137][ T6153] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 103.034092][ T6168] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3013113693 (3013113693 ns) > initial count (230350673 ns). Using initial count to start timer. [ 103.622069][ T6180] netlink: 12 bytes leftover after parsing attributes in process `syz.1.56'. [ 108.013262][ T6188] netlink: 16 bytes leftover after parsing attributes in process `syz.4.68'. [ 108.556513][ T6201] warning: `syz.0.71' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 114.068699][ T6240] netlink: 20 bytes leftover after parsing attributes in process `syz.2.80'. [ 116.491271][ T6246] ======================================================= [ 116.491271][ T6246] WARNING: The mand mount option has been deprecated and [ 116.491271][ T6246] and is ignored by this kernel. Remove the mand [ 116.491271][ T6246] option from the mount to silence this warning. [ 116.491271][ T6246] ======================================================= [ 118.462388][ T6263] cgroup: fork rejected by pids controller in /syz1 [ 120.065503][ T6274] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 120.887132][ T6283] input: syz0 as /devices/virtual/input/input5 [ 123.338937][ T6300] netlink: 24 bytes leftover after parsing attributes in process `syz.2.92'. [ 123.904427][ T6300] netlink: 24 bytes leftover after parsing attributes in process `syz.2.92'. [ 124.276686][ T1144] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.502337][ T1144] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.106352][ T1144] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.634089][ T6327] Bluetooth: MGMT ver 1.23 [ 127.554771][ T1144] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.335361][ T6339] netlink: zone id is out of range [ 128.370352][ T6339] netlink: zone id is out of range [ 128.391781][ T6347] process 'syz.0.102' launched '/dev/fd/8' with NULL argv: empty string added [ 128.409226][ T6341] 8021q: adding VLAN 0 to HW filter on device bond0 [ 128.422460][ T5836] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 128.433811][ T6339] netlink: zone id is out of range [ 128.457482][ T5836] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 128.467578][ T5836] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 128.481519][ T5836] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 128.490131][ T5836] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 128.499377][ T5836] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 128.540745][ T6339] netlink: zone id is out of range [ 128.585109][ T6339] netlink: zone id is out of range [ 128.590304][ T6339] netlink: zone id is out of range [ 128.635052][ T6341] bond0: (slave rose0): Enslaving as an active interface with an up link [ 128.652177][ T6339] netlink: zone id is out of range [ 128.666702][ T6339] netlink: set zone limit has 8 unknown bytes [ 128.736331][ T1144] bridge_slave_1: left allmulticast mode [ 128.782191][ T1144] bridge_slave_1: left promiscuous mode [ 128.875812][ T1144] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.249304][ T5836] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 129.258000][ T5836] Bluetooth: hci0: Injecting HCI hardware error event [ 129.266585][ T5836] Bluetooth: hci0: hardware error 0x00 [ 129.403389][ T1144] bridge_slave_0: left allmulticast mode [ 129.409106][ T1144] bridge_slave_0: left promiscuous mode [ 129.464594][ T1144] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.607408][ T5826] Bluetooth: hci3: command tx timeout [ 131.066963][ T6373] netlink: 24 bytes leftover after parsing attributes in process `syz.2.107'. [ 131.393260][ T5836] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 131.700286][ T6381] netlink: 277 bytes leftover after parsing attributes in process `syz.0.108'. [ 131.809452][ T6384] capability: warning: `syz.3.110' uses 32-bit capabilities (legacy support in use) [ 132.384908][ T1144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 132.404686][ T1144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 132.422079][ T1144] bond0 (unregistering): Released all slaves [ 132.478610][ T6373] netlink: 24 bytes leftover after parsing attributes in process `syz.2.107'. [ 132.973510][ T5836] Bluetooth: hci3: command tx timeout [ 133.105267][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.111560][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.205179][ T6375] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 133.355014][ T6375] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 134.139634][ T6393] tty tty25: ldisc open failed (-12), clearing slot 24 [ 134.194049][ T6375] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 134.293464][ T6375] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 134.329217][ T6375] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 134.402625][ T6375] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 135.452534][ T5836] Bluetooth: hci3: command tx timeout [ 135.453456][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout [ 135.488639][ T6403] netlink: 'syz.3.113': attribute type 1 has an invalid length. [ 135.496682][ T6403] netlink: 134744 bytes leftover after parsing attributes in process `syz.3.113'. [ 136.020395][ T6375] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 136.081673][ T6375] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 136.343724][ T5826] Bluetooth: hci4: command 0x0c1a tx timeout [ 136.983887][ T6375] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 137.618098][ T5836] Bluetooth: hci2: command 0x0c1a tx timeout [ 138.409634][ T5836] Bluetooth: hci3: command 0x0c1a tx timeout [ 138.423353][ T5826] Bluetooth: hci4: command 0x0c1a tx timeout [ 139.174598][ T1144] hsr_slave_0: left promiscuous mode [ 139.743367][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout [ 139.811737][ T1144] hsr_slave_1: left promiscuous mode [ 140.159543][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 140.223881][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 140.323449][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 140.363415][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 140.527959][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout [ 140.536620][ T5836] Bluetooth: hci4: command 0x0c1a tx timeout [ 140.645902][ T6446] netlink: 28 bytes leftover after parsing attributes in process `syz.2.123'. [ 140.751442][ T1144] veth1_macvtap: left promiscuous mode [ 140.778413][ T1144] veth0_macvtap: left promiscuous mode [ 140.799352][ T1144] veth1_vlan: left promiscuous mode [ 141.005043][ T1144] veth0_vlan: left promiscuous mode [ 141.056176][ T6451] block device autoloading is deprecated and will be removed. [ 142.583313][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout [ 144.699423][ T1144] team0 (unregistering): Port device team_slave_1 removed [ 144.767989][ T1144] team0 (unregistering): Port device team_slave_0 removed [ 145.686409][ T6488] netlink: zone id is out of range [ 145.692186][ T6488] netlink: zone id is out of range [ 145.698144][ T6488] netlink: zone id is out of range [ 145.704745][ T6488] netlink: zone id is out of range [ 145.710326][ T6488] netlink: zone id is out of range [ 145.715817][ T6488] netlink: zone id is out of range [ 145.720983][ T6488] netlink: zone id is out of range [ 145.731976][ T6488] netlink: set zone limit has 8 unknown bytes [ 146.963315][ T6345] chnl_net:caif_netlink_parms(): no params data found [ 147.203062][ T6504] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 148.323500][ T6490] mmap: syz.2.133 (6490) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 148.399204][ T6503] tty tty26: ldisc open failed (-12), clearing slot 25 [ 149.157085][ T6345] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.181089][ T6345] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.199490][ T6345] bridge_slave_0: entered allmulticast mode [ 149.224954][ T6345] bridge_slave_0: entered promiscuous mode [ 149.268609][ T6345] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.450057][ T6501] kvm: kvm [6500]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x780000695f [ 150.245766][ T6345] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.253131][ T6345] bridge_slave_1: entered allmulticast mode [ 150.288112][ T6345] bridge_slave_1: entered promiscuous mode [ 150.295552][ T6501] kvm: kvm [6500]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x81000069fd [ 150.682730][ T6537] vivid-006: disconnect [ 150.696644][ T6537] vivid-006: reconnect [ 151.108003][ T6345] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 151.167172][ T6345] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 151.932390][ T6345] team0: Port device team_slave_0 added [ 151.955479][ T6345] team0: Port device team_slave_1 added [ 154.001727][ T6345] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 154.026803][ T6345] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 154.485005][ T6345] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 154.502621][ T6345] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 154.510916][ T6345] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 154.537105][ T6345] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 154.705673][ T6567] netlink: zone id is out of range [ 154.711514][ T6567] netlink: zone id is out of range [ 154.716865][ T6567] netlink: zone id is out of range [ 154.722558][ T6567] netlink: zone id is out of range [ 154.728158][ T6567] netlink: zone id is out of range [ 154.733443][ T6567] netlink: zone id is out of range [ 154.738602][ T6567] netlink: zone id is out of range [ 154.749354][ T6567] netlink: set zone limit has 8 unknown bytes [ 155.209909][ T6564] Driver unsupported XDP return value 0 on prog (id 39) dev N/A, expect packet loss! [ 156.862635][ T6345] hsr_slave_0: entered promiscuous mode [ 156.909457][ T6345] hsr_slave_1: entered promiscuous mode [ 156.921605][ T6345] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 156.934239][ T6345] Cannot create hsr debugfs directory [ 158.917572][ T6602] netlink: 'syz.0.154': attribute type 3 has an invalid length. [ 159.767918][ T6604] netlink: zone id is out of range [ 159.773882][ T6604] netlink: zone id is out of range [ 159.779114][ T6604] netlink: zone id is out of range [ 159.785085][ T6604] netlink: zone id is out of range [ 159.790576][ T6604] netlink: zone id is out of range [ 159.795842][ T6604] netlink: zone id is out of range [ 159.801022][ T6604] netlink: zone id is out of range [ 159.814828][ T6604] netlink: set zone limit has 8 unknown bytes [ 160.321482][ T6605] netlink: 'syz.3.155': attribute type 3 has an invalid length. [ 160.341114][ T6605] netlink: 'syz.3.155': attribute type 3 has an invalid length. [ 160.626633][ T6599] netlink: zone id is out of range [ 160.631875][ T6599] netlink: zone id is out of range [ 162.266156][ T6631] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 162.273798][ T6631] IPv6: NLM_F_CREATE should be set when creating new route [ 163.253133][ T6635] netlink: 48 bytes leftover after parsing attributes in process `syz.0.160'. [ 163.449177][ T6345] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 163.536047][ T6345] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 163.729229][ T6345] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 163.943985][ T6345] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 164.573516][ T57] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 165.065745][ T57] usb 5-1: New USB device found, idVendor=04d8, idProduct=f372, bcdDevice= 0.00 [ 165.187846][ T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.577798][ T57] usb 5-1: config 0 descriptor?? [ 165.858174][ T6345] 8021q: adding VLAN 0 to HW filter on device bond0 [ 165.876476][ T6345] 8021q: adding VLAN 0 to HW filter on device team0 [ 165.890721][ T6320] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.897910][ T6320] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.044846][ T6662] net_ratelimit: 3 callbacks suppressed [ 166.044886][ T6662] netlink: zone id is out of range [ 166.056124][ T6662] netlink: zone id is out of range [ 166.061388][ T6662] netlink: zone id is out of range [ 166.067036][ T6662] netlink: zone id is out of range [ 166.072608][ T6662] netlink: zone id is out of range [ 166.078032][ T6662] netlink: zone id is out of range [ 166.083246][ T6662] netlink: zone id is out of range [ 166.092632][ T6662] netlink: set zone limit has 8 unknown bytes [ 166.536590][ T3549] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.543773][ T3549] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.646557][ T6643] netlink: 4 bytes leftover after parsing attributes in process `syz.4.164'. [ 166.688776][ T6643] team_slave_0: entered promiscuous mode [ 166.694750][ T6643] team_slave_1: entered promiscuous mode [ 166.903274][ T6643] macvtap1: entered promiscuous mode [ 166.922965][ T6668] netlink: 4 bytes leftover after parsing attributes in process `syz.4.164'. [ 166.947131][ T6643] team0: entered promiscuous mode [ 167.175453][ T6643] macvtap1: entered allmulticast mode [ 167.188358][ T6643] team0: entered allmulticast mode [ 167.221865][ T6643] team_slave_0: entered allmulticast mode [ 167.303473][ T6643] team_slave_1: entered allmulticast mode [ 167.322956][ T6671] Zero length message leads to an empty skb [ 167.330445][ T6643] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 167.683764][ T6668] team0: left allmulticast mode [ 167.688719][ T6668] team_slave_0: left allmulticast mode [ 167.703415][ T6668] team_slave_1: left allmulticast mode [ 167.713804][ T6668] team0: left promiscuous mode [ 168.625096][ T6668] team_slave_0: left promiscuous mode [ 168.630847][ T6668] team_slave_1: left promiscuous mode [ 168.688309][ T6671] ieee802154 phy0 wpan0: encryption failed: -22 [ 168.942780][ T6687] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 169.030533][ T6691] bridge_slave_0: left allmulticast mode [ 169.036413][ T6691] bridge_slave_0: left promiscuous mode [ 169.109040][ T6691] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.843880][ T57] usbhid 5-1:0.0: can't add hid device: -71 [ 169.846507][ T6697] netlink: 12 bytes leftover after parsing attributes in process `syz.0.173'. [ 169.850312][ T57] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 169.872833][ T6691] bridge_slave_1: left allmulticast mode [ 169.899536][ T6691] bridge_slave_1: left promiscuous mode [ 169.923437][ T6691] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.930737][ T57] usb 5-1: USB disconnect, device number 2 [ 169.947949][ T6691] bond0: (slave bond_slave_0): Releasing backup interface [ 169.982869][ T6691] bond0: (slave bond_slave_1): Releasing backup interface [ 170.035103][ T6691] team0: Port device team_slave_0 removed [ 170.047338][ T6691] team0: Port device team_slave_1 removed [ 170.067010][ T6691] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 170.074940][ T6691] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 170.084885][ T6691] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 170.092769][ T6691] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 170.298753][ T6345] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 170.376715][ T6711] syz.2.175 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 172.438250][ T6345] veth0_vlan: entered promiscuous mode [ 172.472851][ T6345] veth1_vlan: entered promiscuous mode [ 174.245923][ T6345] veth0_macvtap: entered promiscuous mode [ 174.342857][ T6739] netlink: zone id is out of range [ 174.348933][ T6739] netlink: zone id is out of range [ 174.354300][ T6739] netlink: zone id is out of range [ 174.360387][ T6739] netlink: zone id is out of range [ 174.366196][ T6739] netlink: zone id is out of range [ 174.371593][ T6739] netlink: zone id is out of range [ 174.376802][ T6739] netlink: zone id is out of range [ 174.387674][ T6739] netlink: set zone limit has 8 unknown bytes [ 174.679881][ T6345] veth1_macvtap: entered promiscuous mode [ 174.748901][ T6345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.834660][ T6345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.846676][ T6743] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 174.863276][ T6345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.878834][ T6345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.916897][ T6345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.940757][ T6345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.974801][ T6345] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 175.009874][ T6345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.019453][ T6748] netlink: 36 bytes leftover after parsing attributes in process `syz.3.181'. [ 175.040695][ T6748] netlink: 16 bytes leftover after parsing attributes in process `syz.3.181'. [ 175.052814][ T6748] netlink: 36 bytes leftover after parsing attributes in process `syz.3.181'. [ 175.058508][ T6345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.126380][ T6748] netlink: 36 bytes leftover after parsing attributes in process `syz.3.181'. [ 175.203997][ T6750] netlink: 'syz.0.183': attribute type 1 has an invalid length. [ 175.218482][ T6345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.242038][ T6752] vivid-000: disconnect [ 175.282959][ T6752] vivid-000: reconnect [ 175.444446][ T6345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.648104][ T6345] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.670414][ T6345] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.681714][ T6345] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 175.727215][ T6754] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 175.737586][ T6755] 8021q: adding VLAN 0 to HW filter on device bond1 [ 175.750585][ T1163] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 175.847459][ T6756] veth3: entered promiscuous mode [ 175.875814][ T6756] bond1: (slave veth3): Enslaving as a backup interface with a down link [ 175.924046][ T6345] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.927484][ T1163] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 175.940664][ T6345] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.977950][ T6345] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.001621][ T6345] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.576262][ T6748] syz.3.181 (6748) used greatest stack depth: 18736 bytes left [ 176.681794][ T3549] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 176.714077][ T3549] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 176.953589][ T200] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 177.171941][ T200] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 177.375139][ T6777] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode [ 177.478725][ T6777] bridge_slave_0: left allmulticast mode [ 177.508697][ T6777] bridge_slave_0: left promiscuous mode [ 177.527495][ T6769] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 177.533783][ T6769] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 177.541918][ T6777] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.573454][ T6769] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 177.585693][ T6777] bridge_slave_1: left allmulticast mode [ 177.645763][ T6777] bridge_slave_1: left promiscuous mode [ 177.647021][ T6791] netlink: 12 bytes leftover after parsing attributes in process `syz.3.187'. [ 177.651555][ T6777] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.692126][ T6780] netlink: 16 bytes leftover after parsing attributes in process `syz.2.188'. [ 177.767036][ T6777] bond0: (slave bond_slave_0): Releasing backup interface [ 177.881017][ T6777] bond0: (slave bond_slave_1): Releasing backup interface [ 179.034077][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout [ 179.094416][ T6777] team0: Port device team_slave_0 removed [ 179.256295][ T6777] team0: Port device team_slave_1 removed [ 179.318573][ T6777] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 179.330804][ T6777] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 179.413824][ T6777] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 179.465078][ T6777] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 179.543761][ T5826] Bluetooth: hci4: command 0x0c1a tx timeout [ 179.623519][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout [ 180.605928][ T6811] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 181.123293][ T6829] netlink: zone id is out of range [ 181.129179][ T6829] netlink: zone id is out of range [ 181.134445][ T6829] netlink: zone id is out of range [ 181.139755][ T6829] netlink: zone id is out of range [ 181.145301][ T6829] netlink: zone id is out of range [ 181.150463][ T6829] netlink: zone id is out of range [ 181.155662][ T6829] netlink: zone id is out of range [ 181.162269][ T6829] netlink: set zone limit has 8 unknown bytes [ 182.061040][ T6840] netlink: zone id is out of range [ 182.066692][ T6840] netlink: zone id is out of range [ 182.607967][ T6842] xt_CT: You must specify a L4 protocol and not use inversions on it [ 184.748005][ T6852] netlink: 'syz.0.202': attribute type 10 has an invalid length. [ 185.269165][ T6866] mac80211_hwsim hwsim16 wlan1: entered allmulticast mode [ 185.482931][ T6852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 185.669232][ T6875] netlink: 12 bytes leftover after parsing attributes in process `syz.1.204'. [ 186.165271][ T6852] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 186.242308][ T6868] bridge_slave_0: left allmulticast mode [ 186.317976][ T6868] bridge_slave_0: left promiscuous mode [ 186.373627][ T6868] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.379355][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 186.379374][ T29] audit: type=1326 audit(1740721454.407:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6882 comm="syz.4.206" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3d5d58d169 code=0x0 [ 186.478343][ T6868] bridge_slave_1: left allmulticast mode [ 186.496730][ T6868] bridge_slave_1: left promiscuous mode [ 186.502590][ T6868] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.697642][ T6888] Mount JFS Failure: -22 [ 186.702141][ T6888] jfs_mount failed w/return code = -22 [ 186.738050][ T6892] program syz.4.206 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 186.763017][ T6868] bond0: (slave bond_slave_0): Releasing backup interface [ 186.801190][ T6868] bond0: (slave bond_slave_1): Releasing backup interface [ 186.883689][ T6868] team0: Port device team_slave_0 removed [ 187.096909][ T6868] team0: Port device team_slave_1 removed [ 187.118945][ T6868] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 188.171954][ T6868] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 189.346097][ T6868] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 189.433851][ T6868] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 191.346599][ T6920] netlink: 8 bytes leftover after parsing attributes in process `syz.3.213'. [ 191.383527][ T6920] netlink: 'syz.3.213': attribute type 1 has an invalid length. [ 191.421958][ T6920] netlink: 'syz.3.213': attribute type 2 has an invalid length. [ 191.756196][ T6928] netlink: 24 bytes leftover after parsing attributes in process `syz.4.214'. [ 191.768028][ T6928] netlink: 24 bytes leftover after parsing attributes in process `syz.4.214'. [ 193.590930][ T6938] delete_channel: no stack [ 194.518082][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.531811][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 197.458942][ T6968] bond0: (slave batadv0): Releasing backup interface [ 198.124104][ T6968] bond1: (slave ip6gretap1): Removing an active aggregator [ 198.142912][ T6968] bond1: (slave ip6gretap1): Releasing backup interface [ 198.222743][ T6978] netlink: 12 bytes leftover after parsing attributes in process `syz.0.222'. [ 198.237686][ T6987] vivid-006: disconnect [ 198.263489][ T6987] vivid-006: reconnect [ 198.263918][ T6968] bond1: (slave ip6gretap1): the permanent HWaddr of slave - d2:ec:c3:02:f1:ae - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 198.777615][ T6968] bond1: (slave veth3): Releasing backup interface [ 201.136758][ T7014] Device name cannot be null; rc = [-22] [ 201.874317][ T7015] syz.2.230: attempt to access beyond end of device [ 201.874317][ T7015] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 201.888212][ T7015] SQUASHFS error: Failed to read block 0x0: -5 [ 201.897059][ T7015] unable to read squashfs_super_block [ 202.879215][ T7018] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 202.940794][ T7018] xt_nfacct: accounting object `syz1' does not exists [ 203.110548][ T7027] syz.4.234 uses obsolete (PF_INET,SOCK_PACKET) [ 204.924852][ T5961] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 204.947218][ T7040] netlink: 12 bytes leftover after parsing attributes in process `syz.3.238'. [ 205.309453][ T5961] usb 3-1: Using ep0 maxpacket: 8 [ 205.323777][ T5961] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 205.343273][ T5961] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 205.362173][ T5961] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 206.190498][ T5961] usb 3-1: string descriptor 0 read error: -71 [ 206.261884][ T5961] usb 3-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 207.266300][ T5961] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.332818][ T5961] usb 3-1: config 0 descriptor?? [ 207.356688][ T5961] usb 3-1: can't set config #0, error -71 [ 207.374897][ T5961] usb 3-1: USB disconnect, device number 3 [ 216.523089][ T7124] netlink: 12 bytes leftover after parsing attributes in process `syz.0.253'. [ 216.533225][ T7124] netlink: 76 bytes leftover after parsing attributes in process `syz.0.253'. [ 216.655592][ T7124] geneve2: entered allmulticast mode [ 217.139826][ T7126] mac80211_hwsim hwsim8 wlan1: entered allmulticast mode [ 217.279897][ T7133] bridge_slave_0: left allmulticast mode [ 217.322759][ T7133] bridge_slave_0: left promiscuous mode [ 217.381881][ T7133] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.390267][ T7126] netlink: 'syz.4.256': attribute type 10 has an invalid length. [ 217.415202][ T7133] bridge_slave_1: left allmulticast mode [ 217.421001][ T7133] bridge_slave_1: left promiscuous mode [ 217.431012][ T7133] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.501835][ T7135] netlink: 4 bytes leftover after parsing attributes in process `syz.1.255'. [ 217.522490][ T7135] netlink: 8 bytes leftover after parsing attributes in process `syz.1.255'. [ 217.701285][ T7133] bond0: (slave bond_slave_0): Releasing backup interface [ 218.057574][ T57] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 218.098823][ T7133] bond0: (slave bond_slave_1): Releasing backup interface [ 218.198050][ T7133] team0: Port device team_slave_0 removed [ 218.236257][ T57] usb 1-1: Using ep0 maxpacket: 8 [ 218.262146][ T57] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 218.289824][ T57] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 218.311369][ T57] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.330250][ T57] usb 1-1: config 0 descriptor?? [ 218.336656][ T7142] netlink: 12 bytes leftover after parsing attributes in process `syz.4.256'. [ 218.360314][ T7133] team0: Port device team_slave_1 removed [ 218.370376][ T7133] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 218.382548][ T7133] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 218.398612][ T7133] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 218.409849][ T7133] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 218.452482][ T7126] mac80211_hwsim hwsim8 wlan1: left allmulticast mode [ 218.550567][ T7148] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns [ 218.559764][ T7148] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 218.572858][ T7126] 8021q: adding VLAN 0 to HW filter on device bond0 [ 218.956665][ T7126] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 219.015262][ T57] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 219.231524][ T25] usb 1-1: USB disconnect, device number 2 [ 219.658782][ T5826] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 219.687386][ T5836] Bluetooth: hci3: hardware error 0x07 [ 221.181314][ T7152] netlink: 'syz.4.259': attribute type 3 has an invalid length. [ 221.190358][ T7152] netlink: 'syz.4.259': attribute type 3 has an invalid length. [ 221.198729][ T7152] netlink: 'syz.4.259': attribute type 3 has an invalid length. [ 221.206448][ T7152] netlink: 'syz.4.259': attribute type 3 has an invalid length. [ 221.214159][ T7152] netlink: 'syz.4.259': attribute type 3 has an invalid length. [ 221.221845][ T7152] netlink: 'syz.4.259': attribute type 3 has an invalid length. [ 221.229566][ T7152] netlink: 'syz.4.259': attribute type 3 has an invalid length. [ 221.237362][ T7152] netlink: 'syz.4.259': attribute type 3 has an invalid length. [ 221.245151][ T7152] netlink: 'syz.4.259': attribute type 3 has an invalid length. [ 221.402219][ T7167] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 221.573558][ T978] libceph: connect (1)[c::]:6789 error -101 [ 221.589057][ T978] libceph: mon0 (1)[c::]:6789 connect error [ 221.813651][ T5836] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 221.889603][ T978] libceph: connect (1)[c::]:6789 error -101 [ 221.979033][ T978] libceph: mon0 (1)[c::]:6789 connect error [ 222.017615][ T7168] ceph: No mds server is up or the cluster is laggy [ 222.115026][ T29] audit: type=1804 audit(1740721490.137:14): pid=7175 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.265" name="bus" dev="ramfs" ino=12236 res=1 errno=0 [ 222.156523][ T7167] macvlan0: entered allmulticast mode [ 222.184894][ T7167] veth1_vlan: entered allmulticast mode [ 223.347042][ T7167] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 226.248320][ T5824] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 226.262658][ T5824] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 226.272862][ T5824] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 226.298795][ T5824] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 226.306597][ T5824] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 226.314203][ T5824] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 226.491122][ T7216] netlink: 12 bytes leftover after parsing attributes in process `syz.2.272'. [ 226.531620][ T7218] netlink: 56 bytes leftover after parsing attributes in process `syz.1.271'. [ 228.835124][ T7242] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 228.863466][ T5836] Bluetooth: hci5: command tx timeout [ 229.377059][ T7208] chnl_net:caif_netlink_parms(): no params data found [ 230.904516][ T5836] Bluetooth: hci5: command tx timeout [ 231.727233][ T7208] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.743868][ T7208] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.843648][ T7208] bridge_slave_0: entered allmulticast mode [ 231.870244][ T7208] bridge_slave_0: entered promiscuous mode [ 232.002569][ T7208] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.047442][ T7208] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.054858][ T7208] bridge_slave_1: entered allmulticast mode [ 232.072465][ T7208] bridge_slave_1: entered promiscuous mode [ 233.021020][ T5836] Bluetooth: hci5: command tx timeout [ 233.073752][ T5961] libceph: connect (1)[c::]:6789 error -101 [ 233.089966][ T5961] libceph: mon0 (1)[c::]:6789 connect error [ 233.751022][ T57] libceph: connect (1)[c::]:6789 error -101 [ 233.759396][ T57] libceph: mon0 (1)[c::]:6789 connect error [ 233.804855][ T7208] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 233.816356][ T7208] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 233.847150][ T7273] ceph: No mds server is up or the cluster is laggy [ 234.661641][ T7282] 9pnet_fd: Insufficient options for proto=fd [ 234.697494][ T7208] team0: Port device team_slave_0 added [ 234.746422][ T7208] team0: Port device team_slave_1 added [ 235.063970][ T5836] Bluetooth: hci5: command tx timeout [ 235.556138][ T7208] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 235.622846][ T7208] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 235.829411][ T7208] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 236.394937][ T7208] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 236.401977][ T7208] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 236.509415][ T7208] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 237.910280][ T7208] hsr_slave_0: entered promiscuous mode [ 238.251705][ T7208] hsr_slave_1: entered promiscuous mode [ 238.273953][ T7208] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 238.281578][ T7208] Cannot create hsr debugfs directory [ 239.375438][ T7326] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 241.129815][ T7208] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 241.145429][ T7208] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 241.309871][ T7346] net_ratelimit: 6 callbacks suppressed [ 241.309911][ T7346] netlink: zone id is out of range [ 241.321440][ T7346] netlink: zone id is out of range [ 241.327026][ T7346] netlink: zone id is out of range [ 241.333086][ T7346] netlink: zone id is out of range [ 241.339116][ T7346] netlink: zone id is out of range [ 241.344696][ T7346] netlink: zone id is out of range [ 241.349916][ T7346] netlink: zone id is out of range [ 241.360633][ T7346] netlink: set zone limit has 8 unknown bytes [ 242.044562][ T7208] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 242.997322][ T7352] xt_CT: No such helper "pptp" [ 243.082291][ T7353] vlan2: entered promiscuous mode [ 243.087763][ T7353] veth1_to_batadv: entered promiscuous mode [ 243.098125][ T7353] veth1_to_batadv: left promiscuous mode [ 243.193045][ T7208] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 245.046636][ T7368] netlink: 84 bytes leftover after parsing attributes in process `syz.1.300'. [ 245.818891][ T7208] 8021q: adding VLAN 0 to HW filter on device bond0 [ 245.926811][ T7208] 8021q: adding VLAN 0 to HW filter on device team0 [ 245.971822][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.979040][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 246.206632][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.213820][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 247.888034][ T7380] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 249.307413][ T7396] ALSA: mixer_oss: invalid OSS volume '' [ 249.330013][ T7396] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 249.891289][ T7208] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 250.004905][ T7400] netlink: zone id is out of range [ 250.010789][ T7400] netlink: zone id is out of range [ 250.016099][ T7400] netlink: zone id is out of range [ 250.021842][ T7400] netlink: zone id is out of range [ 250.027438][ T7400] netlink: zone id is out of range [ 250.032730][ T7400] netlink: zone id is out of range [ 250.038157][ T7400] netlink: zone id is out of range [ 250.049231][ T7400] netlink: set zone limit has 8 unknown bytes [ 254.460483][ T7417] sg_write: process 278 (syz.0.313) changed security contexts after opening file descriptor, this is not allowed. [ 255.947395][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.955349][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.982363][ T7208] veth0_vlan: entered promiscuous mode [ 256.971924][ T7208] veth1_vlan: entered promiscuous mode [ 257.005656][ T7208] veth0_macvtap: entered promiscuous mode [ 257.015843][ T7208] veth1_macvtap: entered promiscuous mode [ 257.062974][ T7208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 257.087678][ T7208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 257.111729][ T7208] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 257.123879][ T7208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 257.244137][ T7208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 257.319190][ T7447] netlink: zone id is out of range [ 257.325135][ T7447] netlink: zone id is out of range [ 257.330505][ T7447] netlink: zone id is out of range [ 257.336654][ T7447] netlink: zone id is out of range [ 257.342496][ T7447] netlink: zone id is out of range [ 257.347953][ T7447] netlink: zone id is out of range [ 257.353229][ T7447] netlink: zone id is out of range [ 257.364119][ T7447] netlink: set zone limit has 8 unknown bytes [ 257.497797][ T7208] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 257.921060][ T7208] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.016508][ T7208] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.757049][ T7457] ptrace attach of "./syz-executor exec"[5821] was attempted by "./syz-executor exec"[7457] [ 259.278875][ T7457] syz.0.320 uses old SIOCAX25GETINFO [ 260.256062][ T7208] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.732939][ T7208] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.963314][ T29] audit: type=1326 audit(1740721531.297:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7465 comm="syz.1.324" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6f0258d169 code=0x0 [ 264.152480][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 264.188874][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 265.393582][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 265.401996][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 269.252195][ T7515] vivid-004: disconnect [ 269.670614][ T7511] vivid-004: reconnect [ 269.973708][ T7519] netlink: 4 bytes leftover after parsing attributes in process `syz.5.266'. [ 271.173399][ T29] audit: type=1326 audit(1740721538.117:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7516 comm="syz.1.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f0258d169 code=0x7ffc0000 [ 271.264307][ T29] audit: type=1326 audit(1740721538.117:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7516 comm="syz.1.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f0258d169 code=0x7ffc0000 [ 271.393113][ T29] audit: type=1326 audit(1740721538.127:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7516 comm="syz.1.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6f0258d169 code=0x7ffc0000 [ 272.795762][ T29] audit: type=1326 audit(1740721538.127:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7516 comm="syz.1.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f0258d169 code=0x7ffc0000 [ 272.855888][ T29] audit: type=1326 audit(1740721538.137:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7516 comm="syz.1.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f0258d169 code=0x7ffc0000 [ 272.878546][ T29] audit: type=1326 audit(1740721538.137:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7516 comm="syz.1.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f6f0258d169 code=0x7ffc0000 [ 272.900420][ T29] audit: type=1326 audit(1740721538.137:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7516 comm="syz.1.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f0258d169 code=0x7ffc0000 [ 273.050256][ T29] audit: type=1326 audit(1740721538.137:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7516 comm="syz.1.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f0258d169 code=0x7ffc0000 [ 273.075541][ T7537] validate_nla: 45 callbacks suppressed [ 273.075560][ T7537] netlink: 'syz.1.337': attribute type 10 has an invalid length. [ 273.098865][ T29] audit: type=1326 audit(1740721538.137:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7516 comm="syz.1.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f6f0258d169 code=0x7ffc0000 [ 273.127850][ T7540] QAT: Stopping all acceleration devices. [ 273.184142][ T7541] Cannot find add_set index 0 as target [ 273.538050][ T29] audit: type=1326 audit(1740721538.147:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7516 comm="syz.1.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f0258d169 code=0x7ffc0000 [ 273.973044][ T7545] netlink: 8 bytes leftover after parsing attributes in process `syz.2.339'. [ 274.386331][ T7537] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 277.428836][ T7477] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 278.428983][ T942] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 281.712780][ T942] usb 3-1: device descriptor read/64, error -71 [ 282.053374][ T942] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 285.489527][ T7676] vivid-000: disconnect [ 285.873623][ T29] kauditd_printk_skb: 10 callbacks suppressed [ 286.371256][ T29] audit: type=1800 audit(1740721553.737:36): pid=7671 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.354" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 286.568945][ T7670] vivid-000: reconnect [ 288.564812][ T29] audit: type=1800 audit(1740721556.577:37): pid=7697 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.361" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 291.430602][ T7705] netlink: 'syz.2.365': attribute type 15 has an invalid length. [ 295.607946][ T7745] xt_nat: multiple ranges no longer supported [ 296.836907][ T978] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 297.029099][ T978] usb 1-1: Using ep0 maxpacket: 8 [ 297.458860][ T978] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 297.458890][ T978] usb 1-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5 [ 297.458903][ T978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.464526][ T978] usb 1-1: config 0 descriptor?? [ 297.475464][ T978] usb 1-1: Found UVC 0.00 device (2833:0201) [ 297.475509][ T978] usb 1-1: No valid video chain found. [ 298.968340][ T9] usb 1-1: USB disconnect, device number 4 [ 299.883385][ T7770] wlan0 speed is unknown, defaulting to 1000 [ 299.891640][ T7770] wlan0 speed is unknown, defaulting to 1000 [ 300.097266][ T7770] wlan0 speed is unknown, defaulting to 1000 [ 300.104939][ T5872] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 300.374917][ T7770] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 300.782898][ T7770] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 300.794318][ T5872] usb 1-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 300.840663][ T5872] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.851507][ T7770] wlan0 speed is unknown, defaulting to 1000 [ 300.867069][ T5872] usb 1-1: Product: syz [ 300.969569][ T5872] usb 1-1: Manufacturer: syz [ 301.040649][ T5872] usb 1-1: SerialNumber: syz [ 301.212089][ T5872] r8152-cfgselector 1-1: Unknown version 0x0000 [ 301.242582][ T5872] r8152-cfgselector 1-1: config 0 descriptor?? [ 301.362529][ T7770] wlan0 speed is unknown, defaulting to 1000 [ 301.423751][ T7770] wlan0 speed is unknown, defaulting to 1000 [ 301.549264][ T7770] wlan0 speed is unknown, defaulting to 1000 [ 302.170406][ T7770] wlan0 speed is unknown, defaulting to 1000 [ 302.201489][ T7770] wlan0 speed is unknown, defaulting to 1000 [ 302.718046][ T5872] r8152-cfgselector 1-1: Unknown version 0x0000 [ 302.735160][ T5872] r8152-cfgselector 1-1: bad CDC descriptors [ 302.746308][ T5872] r8152-cfgselector 1-1: USB disconnect, device number 5 [ 303.427057][ T7784] tty tty28: ldisc open failed (-12), clearing slot 27 [ 305.350769][ T29] audit: type=1326 audit(1740721573.377:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7799 comm="syz.5.391" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc0aa38d169 code=0x0 [ 311.583589][ T7851] syz.4.401: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 311.598895][ T7851] CPU: 1 UID: 0 PID: 7851 Comm: syz.4.401 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0 [ 311.598919][ T7851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 311.598934][ T7851] Call Trace: [ 311.598943][ T7851] [ 311.598951][ T7851] dump_stack_lvl+0x241/0x360 [ 311.598979][ T7851] ? __pfx_dump_stack_lvl+0x10/0x10 [ 311.598997][ T7851] ? __pfx__printk+0x10/0x10 [ 311.599026][ T7851] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 311.599048][ T7851] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 311.599071][ T7851] warn_alloc+0x278/0x410 [ 311.599094][ T7851] ? __vmalloc_node_range_noprof+0x106/0x1380 [ 311.599115][ T7851] ? __pfx_warn_alloc+0x10/0x10 [ 311.599136][ T7851] ? kasan_save_track+0x3f/0x80 [ 311.599156][ T7851] ? __kasan_kmalloc+0x98/0xb0 [ 311.599179][ T7851] ? xsk_setsockopt+0x4aa/0x810 [ 311.599195][ T7851] ? do_sock_setsockopt+0x3af/0x720 [ 311.599217][ T7851] ? __x64_sys_setsockopt+0x1ee/0x280 [ 311.599237][ T7851] ? do_syscall_64+0xf3/0x230 [ 311.599257][ T7851] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.599287][ T7851] __vmalloc_node_range_noprof+0x126/0x1380 [ 311.599335][ T7851] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 311.599359][ T7851] ? __kasan_kmalloc+0x98/0xb0 [ 311.599392][ T7851] vmalloc_user_noprof+0x74/0x80 [ 311.599412][ T7851] ? xskq_create+0xb6/0x170 [ 311.599429][ T7851] xskq_create+0xb6/0x170 [ 311.599448][ T7851] xsk_init_queue+0xa1/0x100 [ 311.599468][ T7851] xsk_setsockopt+0x4aa/0x810 [ 311.599487][ T7851] ? __pfx_xsk_setsockopt+0x10/0x10 [ 311.599513][ T7851] ? __fget_files+0x2a/0x410 [ 311.599534][ T7851] ? __pfx_xsk_setsockopt+0x10/0x10 [ 311.599550][ T7851] do_sock_setsockopt+0x3af/0x720 [ 311.599580][ T7851] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 311.599609][ T7851] ? __fget_files+0x395/0x410 [ 311.599624][ T7851] ? __fget_files+0x2a/0x410 [ 311.599648][ T7851] __x64_sys_setsockopt+0x1ee/0x280 [ 311.599678][ T7851] do_syscall_64+0xf3/0x230 [ 311.599699][ T7851] ? clear_bhb_loop+0x35/0x90 [ 311.599724][ T7851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.599745][ T7851] RIP: 0033:0x7f3d5d58d169 [ 311.599766][ T7851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.599779][ T7851] RSP: 002b:00007f3d5afd3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 311.599797][ T7851] RAX: ffffffffffffffda RBX: 00007f3d5d7a6240 RCX: 00007f3d5d58d169 [ 311.599810][ T7851] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000008 [ 311.599820][ T7851] RBP: 00007f3d5d60e2a0 R08: 0000000000000052 R09: 0000000000000000 [ 311.599830][ T7851] R10: 0000400000000000 R11: 0000000000000246 R12: 0000000000000000 [ 311.599841][ T7851] R13: 0000000000000000 R14: 00007f3d5d7a6240 R15: 00007ffe1f8f0448 [ 311.599869][ T7851] [ 311.599876][ T7851] Mem-Info: [ 311.891587][ T7851] active_anon:3182 inactive_anon:11445 isolated_anon:0 [ 311.891587][ T7851] active_file:15046 inactive_file:37213 isolated_file:0 [ 311.891587][ T7851] unevictable:768 dirty:324 writeback:0 [ 311.891587][ T7851] slab_reclaimable:10249 slab_unreclaimable:101912 [ 311.891587][ T7851] mapped:40977 shmem:9990 pagetables:1029 [ 311.891587][ T7851] sec_pagetables:0 bounce:0 [ 311.891587][ T7851] kernel_misc_reclaimable:0 [ 311.891587][ T7851] free:1303913 free_pcp:3502 free_cma:0 [ 311.937503][ T7851] Node 0 active_anon:12728kB inactive_anon:45780kB active_file:60052kB inactive_file:148852kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:163852kB dirty:1292kB writeback:0kB shmem:38424kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB writeback_tmp:0kB kernel_stack:11848kB pagetables:4116kB sec_pagetables:0kB all_unreclaimable? no [ 311.980020][ T7851] Node 1 active_anon:0kB inactive_anon:0kB active_file:132kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:56kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 312.011525][ T7851] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 312.060964][ T7851] lowmem_reserve[]: 0 2490 2490 0 0 [ 312.069454][ T7851] Node 0 DMA32 free:1307240kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB active_anon:12724kB inactive_anon:46024kB active_file:59792kB inactive_file:148800kB unevictable:1536kB writepending:1316kB present:3129332kB managed:2550364kB mlocked:0kB bounce:0kB free_pcp:588kB local_pcp:392kB free_cma:0kB [ 312.117258][ T7851] lowmem_reserve[]: 0 0 0 0 0 [ 312.143455][ T7851] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:4kB inactive_anon:40kB active_file:260kB inactive_file:52kB unevictable:0kB writepending:0kB present:1048580kB managed:368kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:4kB free_cma:0kB [ 312.170833][ T7851] lowmem_reserve[]: 0 0 0 0 0 [ 312.175729][ T7851] Node 1 Normal free:3898096kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:132kB inactive_file:0kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111168kB mlocked:0kB bounce:0kB free_pcp:8192kB local_pcp:8192kB free_cma:0kB [ 312.206364][ T7851] lowmem_reserve[]: 0 0 0 0 0 [ 312.211227][ T7851] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 312.224495][ T7851] Node 0 DMA32: 211*4kB (UE) 134*8kB (UE) 39*16kB (U) 165*32kB (UM) 201*64kB (UME) 42*128kB (UME) 40*256kB (UME) 32*512kB (UME) 25*1024kB (UM) 6*2048kB (ME) 297*4096kB (UM) = 1307084kB [ 312.244704][ T7851] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 312.256517][ T7851] Node 1 Normal: 194*4kB (UME) 53*8kB (UME) 40*16kB (UME) 232*32kB (UME) 99*64kB (UME) 32*128kB (UME) 14*256kB (UM) 12*512kB (UME) 4*1024kB (UE) 5*2048kB (UME) 941*4096kB (M) = 3898096kB [ 312.279883][ T7851] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 312.289620][ T7851] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 312.299843][ T7851] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 312.309558][ T7851] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 312.319050][ T7851] 62283 total pagecache pages [ 312.323833][ T7851] 0 pages in swap cache [ 312.328038][ T7851] Free swap = 124540kB [ 312.332246][ T7851] Total swap = 124996kB [ 312.336566][ T7851] 2097051 pages RAM [ 312.340418][ T7851] 0 pages HighMem/MovableOnly [ 312.345234][ T7851] 427736 pages reserved [ 312.349475][ T7851] 0 pages cma reserved [ 316.015208][ T7881] openvswitch: netlink: ERSPAN option length err (len 4096, max 255). [ 316.158447][ T7881] [U] v3f"S/4:XTzWtlW= [ 316.165295][ T7881] [U] J"e:" [ 316.168895][ T7881] [U] [ 317.812415][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.889611][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 330.652692][ T7964] netlink: 8 bytes leftover after parsing attributes in process `syz.1.429'. [ 330.662052][ T7964] netlink: 16 bytes leftover after parsing attributes in process `syz.1.429'. [ 331.708257][ T7964] gtp0: entered promiscuous mode [ 331.713487][ T7964] gtp0: entered allmulticast mode [ 331.736092][ T7965] netlink: 12 bytes leftover after parsing attributes in process `syz.2.430'. [ 333.849418][ T7978] Invalid ELF header magic: != ELF [ 334.605017][ T7990] vivid-000: disconnect [ 335.222910][ T7992] netlink: 'syz.5.433': attribute type 1 has an invalid length. [ 335.337247][ T7992] netlink: 'syz.5.433': attribute type 1 has an invalid length. [ 335.725008][ T7989] bond0: entered promiscuous mode [ 335.739104][ T7995] dlm: no local IP address has been set [ 335.754482][ T7989] bond_slave_0: entered promiscuous mode [ 335.759474][ T7995] dlm: cannot start dlm midcomms -107 [ 335.942200][ T7989] bond_slave_1: entered promiscuous mode [ 336.436222][ T7978] vivid-000: reconnect [ 336.693742][ T8002] netlink: 4 bytes leftover after parsing attributes in process `syz.0.440'. [ 337.538438][ T8006] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 338.494717][ T8021] xt_nat: multiple ranges no longer supported [ 339.775728][ T7477] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 340.413343][ T7477] usb 5-1: Using ep0 maxpacket: 8 [ 340.536330][ T7477] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 341.350711][ T7477] usb 5-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5 [ 341.381405][ T7477] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 341.487208][ T7477] usb 5-1: config 0 descriptor?? [ 341.531389][ T7477] usb 5-1: can't set config #0, error -71 [ 341.603457][ T7477] usb 5-1: USB disconnect, device number 3 [ 342.481653][ T8049] dlm: no local IP address has been set [ 342.492605][ T8049] dlm: cannot start dlm midcomms -107 [ 345.822243][ T8050] vivid-008: disconnect [ 345.832008][ T8050] vivid-008: reconnect [ 347.621839][ T8068] netlink: 8 bytes leftover after parsing attributes in process `syz.4.455'. [ 349.951630][ T5836] Bluetooth: hci2: command 0x0c1a tx timeout [ 349.958311][ T8060] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 350.310750][ T8060] Bluetooth: hci2: Error when powering off device on rfkill (-110) [ 350.421975][ T8060] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 350.451823][ T8060] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 350.499107][ T8060] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 350.526551][ T8060] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 353.795743][ T8109] vivid-004: disconnect [ 353.801159][ T8109] vivid-004: reconnect [ 354.447547][ T8115] Can't find ip_set type hash:ip,port,ne\ [ 361.429979][ T8166] vivid-000: disconnect [ 361.446980][ T8166] vivid-000: reconnect [ 361.743632][ T978] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 362.141053][ T5872] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 362.196223][ T978] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 362.247930][ T978] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 362.286315][ T978] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 362.322711][ T978] usb 1-1: New USB device strings: Mfr=1, Product=3, SerialNumber=3 [ 362.352196][ T978] usb 1-1: Product: syz [ 362.373121][ T978] usb 1-1: Manufacturer: syz [ 362.381940][ T5872] usb 3-1: Using ep0 maxpacket: 16 [ 362.398125][ T978] usb 1-1: SerialNumber: syz [ 362.410466][ T5872] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 362.450683][ T5872] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 362.490929][ T5872] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 362.529373][ T5872] usb 3-1: string descriptor 0 read error: -22 [ 362.547321][ T5872] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 362.561278][ T5872] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 362.619012][ T5872] usb 3-1: 0:2 : does not exist [ 364.073681][ T9] usb 3-1: USB disconnect, device number 6 [ 364.384589][ T978] usb 1-1: USB disconnect, device number 6 [ 365.215601][ T9] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 365.466432][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 365.575789][ T9] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 365.595680][ T9] usb 6-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 366.312684][ T9] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 366.330633][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 366.412903][ T8195] vivid-004: disconnect [ 366.421753][ T8195] vivid-004: reconnect [ 366.686814][ T9] usbtmc 6-1:16.0: bulk endpoints not found [ 369.144414][ T9] usb 6-1: USB disconnect, device number 2 [ 372.387989][ T8233] devpts: called with bogus options [ 372.828968][ T8239] openvswitch: netlink: nsh attr 0 has unexpected len 96 expected 0 [ 372.837409][ T8239] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 374.092723][ T8244] vivid-004: disconnect [ 374.098079][ T8244] vivid-004: reconnect [ 378.239185][ T8258] netlink: 4 bytes leftover after parsing attributes in process `syz.1.503'. [ 379.217168][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 380.410086][ T978] IPVS: starting estimator thread 0... [ 381.433649][ T8279] vivid-008: disconnect [ 381.440765][ T8279] vivid-008: reconnect [ 381.527863][ T8285] IPVS: using max 20 ests per chain, 48000 per kthread [ 382.068319][ T8288] netlink: 'syz.2.510': attribute type 10 has an invalid length. [ 382.119005][ T8288] netlink: 40 bytes leftover after parsing attributes in process `syz.2.510'. [ 382.192219][ T8288] bridge0: port 3(veth1_vlan) entered blocking state [ 382.203619][ T8288] bridge0: port 3(veth1_vlan) entered disabled state [ 382.224577][ T8288] A link change request failed with some changes committed already. Interface veth1_vlan may have been left with an inconsistent configuration, please check. [ 383.956098][ T8312] vivid-004: disconnect [ 383.970668][ T8312] vivid-004: reconnect [ 384.950733][ T29] audit: type=1800 audit(1740721652.957:39): pid=8315 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.518" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 389.676428][ T8339] vivid-004: disconnect [ 389.684467][ T8339] vivid-004: reconnect [ 390.389467][ T8349] dlm: no local IP address has been set [ 390.395290][ T8349] dlm: cannot start dlm midcomms -107 [ 391.211142][ T8346] netlink: 76 bytes leftover after parsing attributes in process `syz.2.527'. [ 391.702212][ T8354] vivid-004: disconnect [ 391.720976][ T8354] vivid-004: reconnect [ 394.645316][ T8376] overlayfs: missing 'lowerdir' [ 397.692253][ T8394] dccp_close: ABORT with 15584 bytes unread [ 397.820396][ T5824] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 397.832325][ T5824] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 397.870460][ T5824] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 397.881336][ T5824] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 397.889455][ T5824] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 397.897426][ T5824] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 398.070218][ T8404] vivid-004: disconnect [ 398.175620][ T8406] netlink: zone id is out of range [ 398.184661][ T8406] netlink: zone id is out of range [ 398.190901][ T8406] netlink: zone id is out of range [ 398.201618][ T8406] netlink: zone id is out of range [ 398.209582][ T8406] netlink: zone id is out of range [ 398.217186][ T8406] netlink: zone id is out of range [ 398.222583][ T8406] netlink: zone id is out of range [ 398.266670][ T8406] netlink: set zone limit has 8 unknown bytes [ 398.524752][ T8404] vivid-004: reconnect [ 399.347365][ T5836] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 399.363558][ T5836] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 399.421390][ T5836] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 399.429933][ T5836] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 399.441015][ T5836] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 399.473632][ T5836] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 399.700762][ T8415] netlink: 12 bytes leftover after parsing attributes in process `syz.1.543'. [ 399.833844][ T8399] wlan0 speed is unknown, defaulting to 1000 [ 401.546739][ T5824] Bluetooth: hci6: command tx timeout [ 401.839967][ T8399] chnl_net:caif_netlink_parms(): no params data found [ 403.653319][ T5824] Bluetooth: hci6: command tx timeout [ 403.988877][ T8448] netlink: 16 bytes leftover after parsing attributes in process `syz.2.549'. [ 404.669301][ T8453] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 404.681017][ T8453] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 404.832125][ T8453] overlayfs: failed to look up (tracing) for ino (-66) [ 405.436460][ T8399] bridge0: port 1(bridge_slave_0) entered blocking state [ 405.465585][ T8399] bridge0: port 1(bridge_slave_0) entered disabled state [ 405.483660][ T8399] bridge_slave_0: entered allmulticast mode [ 405.498539][ T8399] bridge_slave_0: entered promiscuous mode [ 405.513155][ T8399] bridge0: port 2(bridge_slave_1) entered blocking state [ 405.521874][ T8399] bridge0: port 2(bridge_slave_1) entered disabled state [ 405.570064][ T8399] bridge_slave_1: entered allmulticast mode [ 405.610118][ T8399] bridge_slave_1: entered promiscuous mode [ 405.704553][ T5824] Bluetooth: hci6: command tx timeout [ 405.813638][ T5870] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 406.286359][ T5870] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 406.360103][ T5870] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 406.452035][ T5870] usb 1-1: Product: syz [ 406.455524][ T8399] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 406.474742][ T5870] usb 1-1: Manufacturer: syz [ 406.517785][ T8399] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 406.523248][ T5870] usb 1-1: SerialNumber: syz [ 406.529343][ T8465] vivid-004: disconnect [ 406.541996][ T8465] vivid-004: reconnect [ 407.528710][ T5870] usb 1-1: config 0 descriptor?? [ 407.783878][ T5824] Bluetooth: hci6: command tx timeout [ 408.215011][ T8399] team0: Port device team_slave_0 added [ 408.554568][ T5870] usb 1-1: Firmware: major: 128, minor: 178, hardware type: UNKNOWN (253) [ 408.670721][ T8474] syz.1.557: attempt to access beyond end of device [ 408.670721][ T8474] loop3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 408.684526][ T8474] FAT-fs (loop3): unable to read boot sector [ 408.786024][ T8399] team0: Port device team_slave_1 added [ 408.815020][ T5870] usb 1-1: Firmware: build ⊖#.5vkj(]Q [ 408.978285][ T8399] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 409.119690][ T5870] usb 1-1: failed to fetch extended address, random address set [ 409.136477][ T8399] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 409.147329][ T5870] usb 1-1: atusb_probe: initialization failed, error = -524 [ 409.162414][ C0] vkms_vblank_simulate: vblank timer overrun [ 409.961126][ T8399] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 410.041104][ T5870] atusb 1-1:0.0: probe with driver atusb failed with error -524 [ 410.098916][ T8399] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 410.135677][ T8399] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 410.279313][ T8399] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 410.687720][ T5870] usb 1-1: USB disconnect, device number 7 [ 411.831022][ T8399] hsr_slave_0: entered promiscuous mode [ 411.849614][ T8399] hsr_slave_1: entered promiscuous mode [ 412.628950][ T8399] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 412.755690][ T8399] Cannot create hsr debugfs directory [ 412.778285][ T7648] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 412.796249][ T7648] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 414.905575][ T8512] netlink: 12 bytes leftover after parsing attributes in process `syz.2.566'. [ 416.157578][ T8520] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 417.417830][ T8399] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 417.650152][ T8529] netlink: 'syz.2.570': attribute type 3 has an invalid length. [ 417.658385][ T8529] netlink: 8 bytes leftover after parsing attributes in process `syz.2.570'. [ 418.068588][ T8529] 8021q: adding VLAN 0 to HW filter on device bond1 [ 418.126594][ T8399] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 418.182150][ T8399] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 418.242186][ T8399] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 418.409680][ T8540] Unsupported ieee802154 address type: 0 [ 420.339603][ T8399] 8021q: adding VLAN 0 to HW filter on device bond0 [ 420.364067][ T8399] 8021q: adding VLAN 0 to HW filter on device team0 [ 420.399247][ T3549] bridge0: port 1(bridge_slave_0) entered blocking state [ 420.406401][ T3549] bridge0: port 1(bridge_slave_0) entered forwarding state [ 420.444793][ T3549] bridge0: port 2(bridge_slave_1) entered blocking state [ 420.451939][ T3549] bridge0: port 2(bridge_slave_1) entered forwarding state [ 421.887434][ T8562] netlink: 4 bytes leftover after parsing attributes in process `syz.2.577'. [ 423.498659][ T8573] netlink: 12 bytes leftover after parsing attributes in process `syz.0.579'. [ 423.844565][ T8562] veth1_vlan (unregistering): left allmulticast mode [ 424.128444][ T8562] bond0: (slave macvlan0): Releasing backup interface [ 424.476410][ T8399] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 424.497742][ T8582] netlink: zone id is out of range [ 424.513666][ T8582] netlink: zone id is out of range [ 424.518874][ T8582] netlink: zone id is out of range [ 424.534261][ T8582] netlink: zone id is out of range [ 424.540550][ T8582] netlink: zone id is out of range [ 424.546320][ T8582] netlink: zone id is out of range [ 424.551610][ T8582] netlink: zone id is out of range [ 425.129948][ T8582] netlink: set zone limit has 8 unknown bytes [ 426.959940][ T5872] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 427.001384][ T5872] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz0 [ 427.179152][ T8399] veth0_vlan: entered promiscuous mode [ 428.134097][ T8399] veth1_vlan: entered promiscuous mode [ 428.283121][ T8399] veth0_macvtap: entered promiscuous mode [ 428.319351][ T8399] veth1_macvtap: entered promiscuous mode [ 428.366770][ T8399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 428.377841][ T8399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 428.388261][ T8399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 429.401107][ T8399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 429.982643][ T8399] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 430.937171][ T8399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 430.966355][ T8399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 430.977300][ T8399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 430.989765][ T8399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 431.001653][ T8399] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 431.047384][ T8399] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 431.093456][ T8399] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 431.114954][ T8399] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 431.263301][ T8399] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 431.394019][ T8643] dlm: no local IP address has been set [ 431.399595][ T8643] dlm: cannot start dlm midcomms -107 [ 432.064916][ T7638] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 432.072748][ T7638] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 432.949409][ T6320] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 433.217462][ T6320] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 435.308389][ T8674] capability: warning: `syz.0.596' uses deprecated v2 capabilities in a way that may be insecure [ 435.395644][ T8675] netlink: 4 bytes leftover after parsing attributes in process `syz.0.596'. [ 439.243233][ T8688] Can't find ip_set type hash:ip,port,ne\ [ 440.383777][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 441.172835][ T8707] ipt_REJECT: TCP_RESET invalid for non-tcp [ 445.555119][ T8724] netlink: 'syz.0.611': attribute type 10 has an invalid length. [ 445.691892][ T5836] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 445.709904][ T5836] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 445.718862][ T5836] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 445.731679][ T5836] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 445.741695][ T5836] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 445.749124][ T5836] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 445.843972][ T8724] mac80211_hwsim hwsim3 wlan1: left allmulticast mode [ 446.406686][ T8724] 8021q: adding VLAN 0 to HW filter on device bond0 [ 446.566077][ T8724] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 446.677195][ T8724] netlink: 12 bytes leftover after parsing attributes in process `syz.0.611'. [ 447.874697][ T5824] Bluetooth: hci7: command tx timeout [ 448.173940][ T8738] wlan0 speed is unknown, defaulting to 1000 [ 448.545077][ T8760] netlink: zone id is out of range [ 448.550910][ T8760] netlink: zone id is out of range [ 448.556313][ T8760] netlink: zone id is out of range [ 448.562337][ T8760] netlink: zone id is out of range [ 448.568025][ T8760] netlink: zone id is out of range [ 448.573251][ T8760] netlink: zone id is out of range [ 448.578414][ T8760] netlink: zone id is out of range [ 448.589381][ T8760] netlink: set zone limit has 8 unknown bytes [ 449.387386][ T200] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.433737][ T8766] overlayfs: missing 'lowerdir' [ 449.445794][ T8766] fuse: Invalid rootmode [ 449.854229][ T8767] netlink: 'syz.4.618': attribute type 32 has an invalid length. [ 449.943443][ T5824] Bluetooth: hci7: command tx timeout [ 450.353642][ T8769] bond0: option mode: unable to set because the bond device has slaves [ 451.024516][ T200] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.023352][ T5824] Bluetooth: hci7: command tx timeout [ 452.213239][ T8785] tipc: Enabling of bearer rejected, failed to enable media [ 452.371390][ T5836] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 452.394650][ T5836] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 452.404862][ T200] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.587452][ T5836] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 452.602934][ T5836] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 452.605235][ T8786] wlan0 speed is unknown, defaulting to 1000 [ 453.615079][ T5836] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 453.622561][ T5836] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 454.545225][ T5836] Bluetooth: hci7: command tx timeout [ 455.111343][ T200] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.222119][ T8802] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 455.259182][ T8802] bond0: (slave wlan1): Releasing backup interface [ 455.291589][ T8802] netlink: 'syz.0.625': attribute type 10 has an invalid length. [ 455.372419][ T8802] mac80211_hwsim hwsim3 wlan1: left allmulticast mode [ 455.379426][ T8789] wlan0 speed is unknown, defaulting to 1000 [ 455.398020][ T8802] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 455.432204][ T8738] chnl_net:caif_netlink_parms(): no params data found [ 455.522892][ T8803] netlink: 12 bytes leftover after parsing attributes in process `syz.0.625'. [ 455.704446][ T8810] trusted_key: encrypted_key: insufficient parameters specified [ 456.307957][ T200] bridge_slave_1: left allmulticast mode [ 456.333466][ T200] bridge_slave_1: left promiscuous mode [ 456.342815][ T200] bridge0: port 2(bridge_slave_1) entered disabled state [ 456.431551][ T200] bridge_slave_0: left allmulticast mode [ 456.518812][ T200] bridge_slave_0: left promiscuous mode [ 456.578293][ T200] bridge0: port 1(bridge_slave_0) entered disabled state [ 457.073585][ T5824] Bluetooth: hci4: command tx timeout [ 458.221373][ T8830] new mount options do not match the existing superblock, will be ignored [ 458.235048][ T8830] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 458.575546][ T8832] Bluetooth: hci0: Opcode 0x0401 failed: -22 [ 459.155371][ T5824] Bluetooth: hci4: command tx timeout [ 460.410312][ T200] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 460.422296][ T200] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 460.436965][ T200] bond0 (unregistering): Released all slaves [ 460.576997][ T200] bond1 (unregistering): Released all slaves [ 460.591269][ T8738] bridge0: port 1(bridge_slave_0) entered blocking state [ 460.598617][ T8738] bridge0: port 1(bridge_slave_0) entered disabled state [ 460.606259][ T8738] bridge_slave_0: entered allmulticast mode [ 460.622846][ T8738] bridge_slave_0: entered promiscuous mode [ 460.663397][ T5824] Bluetooth: hci0: command tx timeout [ 460.690137][ T8827] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 460.792412][ T8738] bridge0: port 2(bridge_slave_1) entered blocking state [ 460.810589][ T8738] bridge0: port 2(bridge_slave_1) entered disabled state [ 460.843489][ T8738] bridge_slave_1: entered allmulticast mode [ 460.850570][ T8738] bridge_slave_1: entered promiscuous mode [ 461.284499][ T5824] Bluetooth: hci4: command tx timeout [ 462.463726][ T8738] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 462.521766][ T8738] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 462.826540][ T8868] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 463.419224][ T5824] Bluetooth: hci4: command tx timeout [ 463.866845][ T8879] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 464.636847][ T8883] overlayfs: overlapping lowerdir path [ 464.720578][ T8882] program syz.4.636 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 465.277543][ T8738] team0: Port device team_slave_0 added [ 466.558560][ T8789] chnl_net:caif_netlink_parms(): no params data found [ 468.090750][ T8909] dlm: no local IP address has been set [ 468.096558][ T8909] dlm: cannot start dlm midcomms -107 [ 469.196360][ T8911] evm: overlay not supported [ 469.712623][ T8738] team0: Port device team_slave_1 added [ 470.501645][ T200] hsr_slave_0: left promiscuous mode [ 470.519004][ T200] hsr_slave_1: left promiscuous mode [ 470.537320][ T200] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 470.561700][ T200] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 470.587812][ T200] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 470.715927][ T200] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 471.108663][ T200] veth1_macvtap: left promiscuous mode [ 471.143471][ T200] veth0_macvtap: left promiscuous mode [ 473.918652][ T200] team0 (unregistering): Port device team_slave_1 removed [ 474.006467][ T200] team0 (unregistering): Port device team_slave_0 removed [ 475.117979][ T8943] trusted_key: encrypted_key: insufficient parameters specified [ 477.873353][ T8738] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 477.881293][ T8738] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 477.983074][ T8738] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 478.008408][ T8738] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 478.024042][ T8738] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 478.060354][ T8738] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 478.114540][ T8738] hsr_slave_0: entered promiscuous mode [ 478.121788][ T8738] hsr_slave_1: entered promiscuous mode [ 478.128802][ T8738] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 478.136622][ T8738] Cannot create hsr debugfs directory [ 482.521668][ T8789] bridge0: port 1(bridge_slave_0) entered blocking state [ 482.557696][ T8789] bridge0: port 1(bridge_slave_0) entered disabled state [ 482.566663][ T8789] bridge_slave_0: entered allmulticast mode [ 482.734494][ T8789] bridge_slave_0: entered promiscuous mode [ 483.074293][ T8789] bridge0: port 2(bridge_slave_1) entered blocking state [ 483.107655][ T8789] bridge0: port 2(bridge_slave_1) entered disabled state [ 483.116179][ T8789] bridge_slave_1: entered allmulticast mode [ 483.124300][ T8789] bridge_slave_1: entered promiscuous mode [ 483.255233][ T8789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 483.296778][ T8994] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input8 [ 483.360929][ T9008] netlink: 12 bytes leftover after parsing attributes in process `syz.0.661'. [ 483.860263][ T8789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 484.114105][ T8789] team0: Port device team_slave_0 added [ 484.141129][ T8789] team0: Port device team_slave_1 added [ 484.243858][ T8789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 484.285063][ T8789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 484.558009][ T8789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 485.334640][ T8789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 485.334661][ T8789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 485.334685][ T8789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 485.370781][ C1] vkms_vblank_simulate: vblank timer overrun [ 486.267604][ T9028] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 486.728330][ T8789] hsr_slave_0: entered promiscuous mode [ 486.746734][ T8789] hsr_slave_1: entered promiscuous mode [ 486.768865][ T8789] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 486.827146][ T8789] Cannot create hsr debugfs directory [ 487.034968][ T9043] netlink: 4 bytes leftover after parsing attributes in process `syz.1.665'. [ 487.946554][ T9046] netlink: 'syz.1.665': attribute type 10 has an invalid length. [ 488.363896][ T200] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 488.891592][ T9035] netlink: 24 bytes leftover after parsing attributes in process `syz.1.665'. [ 488.971845][ T9046] mac80211_hwsim hwsim16 wlan1: left allmulticast mode [ 488.984087][ T8738] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 489.014973][ T8738] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 489.124247][ T200] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.161480][ T8738] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 489.679266][ T8738] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 489.812495][ T200] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 490.059751][ T9068] netlink: 12 bytes leftover after parsing attributes in process `syz.0.670'. [ 490.402125][ T200] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 490.449827][ T9075] netlink: 8 bytes leftover after parsing attributes in process `syz.4.672'. [ 490.626384][ T9079] vivid-000: disconnect [ 490.709957][ T9079] vivid-000: reconnect [ 491.589287][ T9081] netlink: 'syz.4.672': attribute type 3 has an invalid length. [ 493.053535][ T200] bridge_slave_1: left allmulticast mode [ 493.059238][ T200] bridge_slave_1: left promiscuous mode [ 493.122455][ T200] bridge0: port 2(bridge_slave_1) entered disabled state [ 493.310213][ T200] bridge_slave_0: left allmulticast mode [ 493.550010][ T200] bridge_slave_0: left promiscuous mode [ 493.837588][ T9111] fuse: Unknown parameter '0xffffffffffffffff' [ 493.877067][ T200] bridge0: port 1(bridge_slave_0) entered disabled state [ 493.903614][ T29] audit: type=1107 audit(1740721761.877:40): pid=9104 uid=0 auid=4294967295 ses=4294967295 subj=_ msg=']YbH4:&,1л1x' [ 497.451409][ T9130] netlink: 12 bytes leftover after parsing attributes in process `syz.4.681'. [ 498.279106][ T9138] vivid-000: disconnect [ 498.307652][ T9138] vivid-000: reconnect [ 498.764796][ T200] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 498.777653][ T200] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 498.788519][ T200] bond0 (unregistering): Released all slaves [ 498.861781][ T8789] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 499.164342][ T8789] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 499.247592][ T8789] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 499.272055][ T8789] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 500.342374][ T9159] netlink: 8 bytes leftover after parsing attributes in process `syz.1.685'. [ 501.263601][ T8789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 501.303014][ T8789] 8021q: adding VLAN 0 to HW filter on device team0 [ 501.832251][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.467163][ T200] hsr_slave_0: left promiscuous mode [ 502.684347][ T200] hsr_slave_1: left promiscuous mode [ 502.726861][ T200] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 502.897474][ T9190] netlink: zone id is out of range [ 502.902817][ T9190] netlink: zone id is out of range [ 502.908367][ T9190] netlink: zone id is out of range [ 502.913746][ T9190] netlink: zone id is out of range [ 502.919005][ T9190] netlink: zone id is out of range [ 502.924217][ T9190] netlink: zone id is out of range [ 502.929347][ T9190] netlink: zone id is out of range [ 502.935727][ T9190] netlink: set zone limit has 8 unknown bytes [ 502.987246][ T200] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 503.131677][ T200] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 503.284509][ T200] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 503.378937][ T200] veth1_macvtap: left promiscuous mode [ 503.406879][ T200] veth0_macvtap: left promiscuous mode [ 503.434094][ T200] veth1_vlan: left promiscuous mode [ 503.439561][ T200] veth0_vlan: left promiscuous mode [ 503.451524][ T5836] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 503.473680][ T5836] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 503.484660][ T5836] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 503.494512][ T5836] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 503.502247][ T5836] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 503.509898][ T5836] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 504.556690][ T200] team0 (unregistering): Port device team_slave_1 removed [ 504.610141][ T200] team0 (unregistering): Port device team_slave_0 removed [ 505.485878][ T9205] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 505.544904][ T5824] Bluetooth: hci6: command tx timeout [ 505.585267][ T9205] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 506.044597][ T7638] bridge0: port 1(bridge_slave_0) entered blocking state [ 506.051841][ T7638] bridge0: port 1(bridge_slave_0) entered forwarding state [ 506.089344][ T9216] netlink: 8 bytes leftover after parsing attributes in process `syz.1.694'. [ 506.421833][ T7638] bridge0: port 2(bridge_slave_1) entered blocking state [ 506.430434][ T7638] bridge0: port 2(bridge_slave_1) entered forwarding state [ 507.290169][ T8789] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 507.300862][ T8789] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 507.418075][ T9196] wlan0 speed is unknown, defaulting to 1000 [ 507.637694][ T5824] Bluetooth: hci6: command tx timeout [ 507.818871][ T9234] netlink: 8 bytes leftover after parsing attributes in process `syz.1.696'. [ 508.843771][ T9236] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 509.636948][ T9245] ISOFS: Unable to identify CD-ROM format. [ 509.823308][ T5824] Bluetooth: hci6: command tx timeout [ 510.467039][ T9244] input: syz0 as /devices/virtual/input/input9 [ 510.584450][ T9255] vivid-002: disconnect [ 510.589683][ T9255] vivid-002: reconnect [ 511.096755][ T9196] chnl_net:caif_netlink_parms(): no params data found [ 511.642854][ T9270] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 511.974287][ T5824] Bluetooth: hci6: command tx timeout [ 513.047457][ T9279] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 513.054444][ T9279] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 513.068554][ T9279] vhci_hcd vhci_hcd.0: Device attached [ 513.273337][ T5873] vhci_hcd: vhci_device speed not set [ 513.347199][ T5873] usb 35-1: new full-speed USB device number 2 using vhci_hcd [ 513.436225][ T9196] bridge0: port 1(bridge_slave_0) entered blocking state [ 513.458792][ T5836] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 513.480577][ T9196] bridge0: port 1(bridge_slave_0) entered disabled state [ 513.480657][ T5836] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 513.505795][ T5836] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 513.523913][ T5836] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 513.526926][ T9196] bridge_slave_0: entered allmulticast mode [ 513.539581][ T5836] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 513.551785][ T5836] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 513.582617][ T9196] bridge_slave_0: entered promiscuous mode [ 513.669449][ T9196] bridge0: port 2(bridge_slave_1) entered blocking state [ 513.683590][ T9196] bridge0: port 2(bridge_slave_1) entered disabled state [ 513.695227][ T9196] bridge_slave_1: entered allmulticast mode [ 513.703110][ T9196] bridge_slave_1: entered promiscuous mode [ 513.832245][ T9196] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 513.856044][ T9196] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 513.959346][ T9287] wlan0 speed is unknown, defaulting to 1000 [ 513.997658][ T9196] team0: Port device team_slave_0 added [ 514.016848][ T9196] team0: Port device team_slave_1 added [ 514.089259][ T9196] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 514.107690][ T9196] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 514.193131][ T9196] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 514.311735][ T9295] netlink: 'syz.0.705': attribute type 4 has an invalid length. [ 514.985945][ T9196] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 515.048841][ T9196] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 515.195650][ T9196] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 515.463876][ T9282] vhci_hcd: connection reset by peer [ 515.475918][ T3549] vhci_hcd: stop threads [ 515.480873][ T3549] vhci_hcd: release socket [ 515.492473][ T3549] vhci_hcd: disconnect device [ 515.570381][ T9196] hsr_slave_0: entered promiscuous mode [ 515.612221][ T9196] hsr_slave_1: entered promiscuous mode [ 515.624365][ T5824] Bluetooth: hci4: command tx timeout [ 515.672055][ T9196] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 515.717293][ T9196] Cannot create hsr debugfs directory [ 516.566175][ T9311] Option ' Pi ' to dns_resolver key: bad/missing value [ 516.890645][ T9312] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 517.430298][ T200] bridge_slave_1: left allmulticast mode [ 517.453443][ T200] bridge_slave_1: left promiscuous mode [ 517.463524][ T200] bridge0: port 2(bridge_slave_1) entered disabled state [ 517.629972][ T200] bridge_slave_0: left allmulticast mode [ 517.693376][ T200] bridge_slave_0: left promiscuous mode [ 517.699157][ T200] bridge0: port 1(bridge_slave_0) entered disabled state [ 517.706609][ T5824] Bluetooth: hci4: command 0x041b tx timeout [ 518.503402][ T5873] vhci_hcd: vhci_device speed not set [ 518.535030][ T9335] vivid-008: disconnect [ 518.540264][ T9335] vivid-008: reconnect [ 519.048211][ T9343] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 519.056408][ T9343] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 519.065728][ T9343] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 519.073630][ T9343] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 519.112043][ T9343] netlink: 'syz.0.712': attribute type 1 has an invalid length. [ 519.119874][ T9343] netlink: 224 bytes leftover after parsing attributes in process `syz.0.712'. [ 519.784853][ T5836] Bluetooth: hci4: command 0x041b tx timeout [ 519.915752][ T200] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 520.008645][ T9348] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 520.020687][ T9348] xt_bpf: check failed: parse error [ 520.157659][ T200] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 520.309287][ T200] bond0 (unregistering): Released all slaves [ 521.873562][ T5836] Bluetooth: hci4: command 0x041b tx timeout [ 521.960934][ T200] hsr_slave_0: left promiscuous mode [ 521.984043][ T200] hsr_slave_1: left promiscuous mode [ 521.996497][ T200] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 522.025151][ T200] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 522.050085][ T9357] fuse: Bad value for 'fd' [ 523.983712][ T5836] Bluetooth: hci4: command 0x041b tx timeout [ 524.447513][ T200] team0 (unregistering): Port device team_slave_1 removed [ 525.149886][ T200] team0 (unregistering): Port device team_slave_0 removed [ 525.344487][ T9375] overlay: Unknown parameter '/' [ 526.017123][ T9379] netlink: 'syz.1.721': attribute type 10 has an invalid length. [ 526.199335][ T9287] chnl_net:caif_netlink_parms(): no params data found [ 526.316704][ T9388] netlink: 12 bytes leftover after parsing attributes in process `syz.1.721'. [ 526.343373][ T9376] mac80211_hwsim hwsim16 wlan1: entered allmulticast mode [ 527.297743][ T9378] bond0: (slave netdevsim0): Releasing backup interface [ 527.528209][ T9379] mac80211_hwsim hwsim16 wlan1: left allmulticast mode [ 527.548247][ T9379] 8021q: adding VLAN 0 to HW filter on device bond0 [ 527.563129][ T9379] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 527.903262][ T9400] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer. [ 528.723511][ T9287] bridge0: port 1(bridge_slave_0) entered blocking state [ 529.672374][ T9287] bridge0: port 1(bridge_slave_0) entered disabled state [ 529.706860][ T9287] bridge_slave_0: entered allmulticast mode [ 529.741931][ T9287] bridge_slave_0: entered promiscuous mode [ 529.870421][ T9287] bridge0: port 2(bridge_slave_1) entered blocking state [ 530.029363][ T9287] bridge0: port 2(bridge_slave_1) entered disabled state [ 530.051585][ T9287] bridge_slave_1: entered allmulticast mode [ 530.085830][ T9287] bridge_slave_1: entered promiscuous mode [ 530.216466][ T9422] netlink: 12 bytes leftover after parsing attributes in process `syz.0.728'. [ 530.623951][ T30] INFO: task syz.5.509:8278 blocked for more than 144 seconds. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 530.671081][ T30] Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0 [ 530.693299][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 530.718294][ T30] task:syz.5.509 state:D stack:26032 pid:8278 tgid:8272 ppid:7208 task_flags:0x400040 flags:0x00000004 [ 530.780223][ T30] Call Trace: [ 530.806512][ T30] [ 530.809500][ T30] __schedule+0x18bc/0x4c40 [ 530.853255][ T30] ? __pfx___schedule+0x10/0x10 [ 530.858174][ T30] ? __pfx_lock_release+0x10/0x10 [ 530.883263][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 530.889230][ T30] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 530.985219][ T30] ? schedule+0x90/0x320 [ 530.989530][ T30] schedule+0x14b/0x320 [ 531.006914][ T30] schedule_preempt_disabled+0x13/0x30 [ 531.012433][ T30] __mutex_lock+0x817/0x1010 [ 531.033332][ T30] ? __mutex_lock+0x602/0x1010 [ 531.038160][ T30] ? nfsd_nl_version_get_doit+0x181/0x790 [ 531.048372][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 531.056781][ T30] ? genlmsg_put+0x145/0x2e0 [ 531.061507][ T30] nfsd_nl_version_get_doit+0x181/0x790 [ 531.080203][ T30] ? __pfx_genl_get_cmd+0x10/0x10 [ 531.093376][ T30] ? __pfx_nfsd_nl_version_get_doit+0x10/0x10 [ 531.099488][ T30] ? __local_bh_enable_ip+0x168/0x200 [ 531.123362][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 531.128822][ T30] genl_rcv_msg+0xb1f/0xec0 [ 531.140030][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 531.148062][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 531.153130][ T30] ? __pfx_nfsd_nl_version_get_doit+0x10/0x10 [ 531.168484][ T30] ? __pfx___might_resched+0x10/0x10 [ 531.177448][ T30] netlink_rcv_skb+0x206/0x480 [ 531.182252][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 531.193669][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 531.199000][ T30] ? __netlink_deliver_tap+0x7b0/0x7f0 [ 531.215458][ T30] genl_rcv+0x28/0x40 [ 531.223664][ T30] netlink_unicast+0x7f6/0x990 [ 531.228478][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 531.253411][ T30] ? __virt_addr_valid+0x45f/0x530 [ 531.258581][ T30] ? __phys_addr_symbol+0x2f/0x70 [ 531.273505][ T30] ? __check_object_size+0x47a/0x730 [ 531.278852][ T30] netlink_sendmsg+0x8de/0xcb0 [ 531.293286][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 531.302691][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 531.320264][ T30] __sock_sendmsg+0x221/0x270 [ 531.327931][ T30] ____sys_sendmsg+0x53a/0x860 [ 531.332949][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 531.338605][ T30] ? __fget_files+0x2a/0x410 [ 531.343969][ T30] ? __fget_files+0x2a/0x410 [ 531.348595][ T30] __sys_sendmsg+0x269/0x350 [ 531.353342][ T30] ? __pfx___sys_sendmsg+0x10/0x10 [ 531.358519][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 531.368299][ T30] ? do_syscall_64+0x100/0x230 [ 531.373099][ T30] ? do_syscall_64+0xb6/0x230 [ 531.382219][ T30] do_syscall_64+0xf3/0x230 [ 531.391404][ T30] ? clear_bhb_loop+0x35/0x90 [ 531.400540][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.406771][ T30] RIP: 0033:0x7fc0aa38d169 [ 531.411199][ T30] RSP: 002b:00007fc0ab291038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 531.419777][ T30] RAX: ffffffffffffffda RBX: 00007fc0aa5a6080 RCX: 00007fc0aa38d169 [ 531.427807][ T30] RDX: 0000000000040000 RSI: 0000400000000540 RDI: 0000000000000003 [ 531.439124][ T30] RBP: 00007fc0aa40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 531.447180][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 531.455313][ T30] R13: 0000000000000000 R14: 00007fc0aa5a6080 R15: 00007ffd671dccf8 [ 531.463400][ T30] [ 531.474097][ T30] [ 531.474097][ T30] Showing all locks held in the system: [ 531.481855][ T30] 1 lock held by khungtaskd/30: [ 531.562555][ T30] #0: ffffffff8eb38fa0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0 [ 531.594518][ T30] 3 locks held by kworker/u8:4/64: [ 531.599684][ T30] 4 locks held by kworker/u8:5/200: [ 531.614876][ T30] #0: ffff88801bef3148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 [ 531.626412][ T30] #1: ffffc90003037c60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 [ 531.637361][ T30] #2: ffffffff8feb6850 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60 [ 531.653366][ T30] #3: ffffffff8fec3088 (rtnl_mutex){+.+.}-{4:4}, at: cangw_pernet_exit_batch+0x20/0x90 [ 531.684159][ T30] 3 locks held by kworker/u8:7/1163: [ 531.689498][ T30] #0: ffff88801b089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 [ 531.753601][ T30] #1: ffffc9000408fc60 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 [ 531.764844][ T30] #2: ffffffff8fec3088 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 531.777317][ T30] 1 lock held by dhcpcd/5493: [ 531.782478][ T30] #0: ffffffff8fec3088 (rtnl_mutex){+.+.}-{4:4}, at: devinet_ioctl+0x34c/0x1d80 [ 531.796266][ T30] 2 locks held by getty/5580: [ 531.800941][ T30] #0: ffff88814d3450a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 531.810756][ T30] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x616/0x1770 [ 531.824471][ T30] 2 locks held by kworker/u8:11/6320: [ 531.829877][ T30] 2 locks held by syz.3.245/7085: [ 531.834944][ T30] #0: ffffffff8ff27190 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 531.843321][ T30] #1: ffffffff8ee05428 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x12d/0x1a90 [ 531.853736][ T30] 3 locks held by kworker/0:5/7477: [ 531.858917][ T30] #0: ffff88801b080d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 [ 531.870382][ T30] #1: ffffc9001de1fc60 ((fqdir_free_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 [ 531.881960][ T30] #2: ffffffff8eb3e340 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x530 [ 531.893898][ T30] 2 locks held by syz.5.509/8278: [ 531.898954][ T30] #0: ffffffff8ff27190 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 531.907358][ T30] #1: ffffffff8ee05428 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_version_get_doit+0x181/0x790 [ 531.917493][ T30] 2 locks held by kworker/1:1/8648: [ 531.922697][ T30] #0: ffff88801b080d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 [ 531.934979][ T30] #1: ffffc900173a7c60 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 [ 531.945501][ T30] 7 locks held by syz-executor/9196: [ 531.951104][ T30] #0: ffff88807c0ac420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x225/0xd10 [ 531.960210][ T30] #1: ffff88805bf53888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1ea/0x500 [ 531.970037][ T30] #2: ffff88814537a698 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500 [ 531.980170][ T30] #3: ffffffff8f769728 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xfc/0x480 [ 531.990630][ T30] #4: ffff88802138e0e8 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xce/0x7c0 [ 532.001363][ T30] #5: ffff888079c65250 (&devlink->lock_key#9){+.+.}-{4:4}, at: nsim_drv_remove+0x50/0x160 [ 532.011548][ T30] #6: ffffffff8eb3e340 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x530 [ 532.021647][ T30] 3 locks held by syz-executor/9287: [ 532.026978][ T30] #0: ffffffff8f664180 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x22/0x250 [ 532.036597][ T30] #1: ffffffff8fec3088 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0xc55/0x1d30 [ 532.046417][ T30] #2: ffffffff8eb3e478 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x451/0x820 [ 532.058106][ T30] 1 lock held by syz.1.726/9410: [ 532.063104][ T30] #0: ffffffff8fec3088 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3b/0x1b0 [ 532.072201][ T30] 1 lock held by syz.0.728/9422: [ 532.077571][ T30] #0: ffffffff8fec3088 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3b/0x1b0 [ 532.087371][ T30] [ 532.089760][ T30] ============================================= [ 532.089760][ T30] [ 532.188154][ T30] NMI backtrace for cpu 0 [ 532.188176][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0 [ 532.188193][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 532.188202][ T30] Call Trace: [ 532.188207][ T30] [ 532.188214][ T30] dump_stack_lvl+0x241/0x360 [ 532.188237][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 532.188254][ T30] ? __pfx__printk+0x10/0x10 [ 532.188284][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 532.188306][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 532.188321][ T30] ? _printk+0xd5/0x120 [ 532.188341][ T30] ? __pfx__printk+0x10/0x10 [ 532.188362][ T30] ? __wake_up_klogd+0xcc/0x110 [ 532.188381][ T30] ? __pfx__printk+0x10/0x10 [ 532.188402][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 532.188422][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 532.188442][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 532.188461][ T30] watchdog+0x1058/0x10a0 [ 532.188483][ T30] ? watchdog+0x1ea/0x10a0 [ 532.188507][ T30] ? __pfx_watchdog+0x10/0x10 [ 532.188527][ T30] kthread+0x7a9/0x920 [ 532.188546][ T30] ? __pfx_kthread+0x10/0x10 [ 532.188567][ T30] ? __pfx_watchdog+0x10/0x10 [ 532.188587][ T30] ? __pfx_kthread+0x10/0x10 [ 532.188606][ T30] ? __pfx_kthread+0x10/0x10 [ 532.188629][ T30] ? __pfx_kthread+0x10/0x10 [ 532.188648][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 532.188665][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 532.188693][ T30] ? __pfx_kthread+0x10/0x10 [ 532.188715][ T30] ret_from_fork+0x4b/0x80 [ 532.188733][ T30] ? __pfx_kthread+0x10/0x10 [ 532.188754][ T30] ret_from_fork_asm+0x1a/0x30 [ 532.188784][ T30] [ 532.188790][ T30] Sending NMI from CPU 0 to CPUs 1: [ 532.358919][ C1] NMI backtrace for cpu 1 [ 532.358933][ C1] CPU: 1 UID: 0 PID: 9287 Comm: syz-executor Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0 [ 532.358951][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 532.358961][ C1] RIP: 0010:debug_check_no_obj_freed+0x2be/0x580 [ 532.358990][ C1] Code: ff c7 48 8b 44 24 38 48 85 c0 0f 84 a4 02 00 00 49 89 c4 49 89 c5 49 c1 ed 03 48 b8 00 00 00 00 00 fc ff df 41 80 7c 05 00 00 <74> 08 4c 89 e7 e8 28 f6 31 fd 49 8b 04 24 48 89 44 24 38 49 8d 5c [ 532.359003][ C1] RSP: 0018:ffffc90003ddf720 EFLAGS: 00000046 [ 532.359017][ C1] RAX: dffffc0000000000 RBX: ffff88807e7c11d8 RCX: dffffc0000000000 [ 532.359029][ C1] RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffffc90003ddf600 [ 532.359039][ C1] RBP: ffffc90003ddf878 R08: 0000000000000003 R09: fffff520007bbec0 [ 532.359049][ C1] R10: dffffc0000000000 R11: fffff520007bbec0 R12: ffff8880233c67a8 [ 532.359061][ C1] R13: 1ffff11004678cf5 R14: ffff888078557298 R15: 0000000000000003 [ 532.359071][ C1] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 532.359083][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 532.359094][ C1] CR2: 00007f6f3fffcbd0 CR3: 000000007b0b4000 CR4: 00000000003526f0 [ 532.359108][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 532.359117][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 532.359126][ C1] Call Trace: [ 532.359132][ C1] [ 532.359138][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 532.359155][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 532.359177][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 532.359192][ C1] ? nmi_handle+0x2a/0x5a0 [ 532.359219][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 532.359237][ C1] ? nmi_handle+0x14f/0x5a0 [ 532.359257][ C1] ? nmi_handle+0x2a/0x5a0 [ 532.359277][ C1] ? debug_check_no_obj_freed+0x2be/0x580 [ 532.359303][ C1] ? default_do_nmi+0x63/0x160 [ 532.359319][ C1] ? exc_nmi+0x123/0x1f0 [ 532.359333][ C1] ? end_repeat_nmi+0xf/0x53 [ 532.359358][ C1] ? debug_check_no_obj_freed+0x2be/0x580 [ 532.359379][ C1] ? debug_check_no_obj_freed+0x2be/0x580 [ 532.359400][ C1] ? debug_check_no_obj_freed+0x2be/0x580 [ 532.359420][ C1] [ 532.359425][ C1] [ 532.359431][ C1] ? __pfx_lock_release+0x10/0x10 [ 532.359454][ C1] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 532.359478][ C1] ? find_unlink_vmap_area+0x2b6/0x2d0 [ 532.359496][ C1] remove_vm_area+0x1d3/0x300 [ 532.359515][ C1] vfree+0x7f/0x360 [ 532.359533][ C1] kcov_close+0x28/0x50 [ 532.359552][ C1] ? __pfx_kcov_close+0x10/0x10 [ 532.359570][ C1] __fput+0x3e9/0x9f0 [ 532.359591][ C1] task_work_run+0x24f/0x310 [ 532.359617][ C1] ? __pfx_task_work_run+0x10/0x10 [ 532.359638][ C1] ? do_exit+0xa25/0x28e0 [ 532.359658][ C1] ? do_exit+0xa25/0x28e0 [ 532.359677][ C1] do_exit+0xa2a/0x28e0 [ 532.359700][ C1] ? __pfx_do_exit+0x10/0x10 [ 532.359719][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 532.359738][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 532.359759][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 532.359779][ C1] ? _raw_spin_lock_irq+0xdf/0x120 [ 532.359798][ C1] do_group_exit+0x207/0x2c0 [ 532.359816][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 532.359833][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 532.359852][ C1] get_signal+0x168c/0x1720 [ 532.359872][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 532.359893][ C1] ? __pfx_get_signal+0x10/0x10 [ 532.359912][ C1] arch_do_signal_or_restart+0x96/0x860 [ 532.359930][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 532.359946][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 532.359972][ C1] ? syscall_exit_to_user_mode+0xa3/0x340 [ 532.359992][ C1] syscall_exit_to_user_mode+0xce/0x340 [ 532.360013][ C1] do_syscall_64+0x100/0x230 [ 532.360033][ C1] ? clear_bhb_loop+0x35/0x90 [ 532.360054][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 532.360073][ C1] RIP: 0033:0x7f525118effc [ 532.360085][ C1] Code: Unable to access opcode bytes at 0x7f525118efd2. [ 532.360093][ C1] RSP: 002b:00007ffc751f03c0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 532.360108][ C1] RAX: 0000000000000068 RBX: 00007f5251ed4620 RCX: 00007f525118effc [ 532.360118][ C1] RDX: 0000000000000068 RSI: 00007f5251ed4670 RDI: 0000000000000003 [ 532.360128][ C1] RBP: 0000000000000000 R08: 00007ffc751f0414 R09: 000000000000000c [ 532.360137][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 532.360146][ C1] R13: 0000000000000000 R14: 00007f5251ed4670 R15: 0000000000000000 [ 532.360163][ C1] [ 532.884871][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 532.891764][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0 [ 532.902255][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 532.912303][ T30] Call Trace: [ 532.915575][ T30] [ 532.918507][ T30] dump_stack_lvl+0x241/0x360 [ 532.923187][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 532.928375][ T30] ? __pfx__printk+0x10/0x10 [ 532.932954][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 532.938934][ T30] ? vscnprintf+0x5d/0x90 [ 532.943261][ T30] panic+0x349/0x880 [ 532.947162][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 532.953308][ T30] ? __pfx_panic+0x10/0x10 [ 532.957724][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 532.963088][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 532.969229][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 532.975378][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 532.981528][ T30] watchdog+0x1097/0x10a0 [ 532.985855][ T30] ? watchdog+0x1ea/0x10a0 [ 532.990267][ T30] ? __pfx_watchdog+0x10/0x10 [ 532.994938][ T30] kthread+0x7a9/0x920 [ 532.999004][ T30] ? __pfx_kthread+0x10/0x10 [ 533.003595][ T30] ? __pfx_watchdog+0x10/0x10 [ 533.008266][ T30] ? __pfx_kthread+0x10/0x10 [ 533.012848][ T30] ? __pfx_kthread+0x10/0x10 [ 533.017434][ T30] ? __pfx_kthread+0x10/0x10 [ 533.022016][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 533.027228][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 533.032437][ T30] ? __pfx_kthread+0x10/0x10 [ 533.037035][ T30] ret_from_fork+0x4b/0x80 [ 533.041457][ T30] ? __pfx_kthread+0x10/0x10 [ 533.046048][ T30] ret_from_fork_asm+0x1a/0x30 [ 533.050816][ T30] [ 533.054104][ T30] Kernel Offset: disabled [ 533.058419][ T30] Rebooting in 86400 seconds..