last executing test programs: 15.948899222s ago: executing program 2 (id=115): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x1, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xd}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10) set_mempolicy(0x3, &(0x7f0000000200)=0x2000000009, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000007d00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) 15.714930612s ago: executing program 2 (id=117): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@newtaction={0x388, 0x30, 0x100, 0x71bd23, 0x25dfdbff, {}, [{0x374, 0x1, [@m_csum={0xf8, 0x14, 0x0, 0x0, {{0x9}, {0x58, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x2, 0x3, 0x8, 0x1, 0xa}, 0x33}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x4, 0xfffffffa, 0xffffffffffffffff, 0xd49, 0x100}, 0x78}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x4, 0x3e5, 0x4, 0x3, 0x1}, 0x21}}]}, {0x75, 0x6, "f90cc54fcc9c8095264b0e12b02dcd836b5130212160662c39452a4b445c2f4c6f1effca3ea3f7cd43a1f925fff035535b4d5683ceff45e1f9be83ff28d6ec46117cfbc7d48ae556ece944cd1739bc772a6f07d0d2c256696fa69d27ebd97ed3ce0d9d7316eea38492bd81fa862c6a1f75"}, {0xc}, {0xc, 0x8, {0x3, 0x3}}}}, @m_csum={0xc4, 0x1a, 0x0, 0x0, {{0x9}, {0x4}, {0x95, 0x6, "f0b8bf92cf8611111a0ff27fcc8825ca405600cfd0f6876d2892df6b5723118bb7d9d86de0a2706031cc8c62f7d1baf9b04f3a9ed11665c75023f87c16ce970413ede5e5f6782d0d17be877ac54c09075ed841c7daeddf3395a210eab4335ed3bcb36fe1598dc94259da01363ad59d8dc384cb8fe469869c99849bd0d19e999b2e8f62d563a2dcea91347cdc754302a566"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_nat={0x1b4, 0x12, 0x0, 0x0, {{0x8}, {0xa4, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x1, 0x40, 0x20000000, 0x6, 0x5}, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, 0xffffff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x4, 0x5, 0x8, 0xf, 0x1}, @local, @remote, 0xffffffff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x8, 0xffffffffffffffff, 0x1, 0x1}, @rand_addr=0x64010100, @remote, 0xffffff00, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x3, 0x8, 0x7, 0x8, 0x10}, @private=0xa010100, @rand_addr=0x64010101, 0xffffffff}}]}, {0xe9, 0x6, "9161facd0ff95a713a89d259046db020980876dac7871ca2ea6d1f1c366c68271521648418010000002f3933e73da4a79a059a5b352dddb52cb0c359429b1493717494c9c7c4691d794a967a8b1b9061f54eec486361cd31719abdb81e7bcc3582af1d6a442d255112274b18da8718c17a507f8aa0863e81581e17d5f423a719489282892a0f04944d6a2c7560578b1e3ea7736b05998bd0d92ec29eed8bd226a6c7088e40ea6ba0451286748a1307f49c244a1ca03ca68b2a2bd6e97b8e30273e1e5df634bd3c2b7c9f07e7d9e5d75b2cd61d22fc2506e657082d801af207b61501f395a9"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}]}]}, 0x388}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) sendto(0xffffffffffffffff, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 15.537375875s ago: executing program 2 (id=119): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="07000000040000000802000001"], 0x50) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000380)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_open_dev$vbi(0x0, 0x0, 0x2) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x20004, r4, 0x2}) r7 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r6}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r7, 0xc00c64d2, &(0x7f0000000180)={r8, 0x80000}) close_range(r7, 0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 15.514749388s ago: executing program 3 (id=120): openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = dup(r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICADD(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0xc048080) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$int_in(r3, 0x5421, 0x0) io_uring_enter(0xffffffffffffffff, 0x7277, 0x0, 0x0, 0x0, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) dup(0xffffffffffffffff) fcntl$dupfd(0xffffffffffffffff, 0x406, r4) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) openat$nullb(0xffffffffffffff9c, 0x0, 0x1e3002, 0x0) 13.245602099s ago: executing program 2 (id=122): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)={{0x11}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x7, 0x7, 0x1, 0x0, "56f493"}, @NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @log={{0x8}, @void}}]}]}], {0x14}}, 0x70}, 0x1, 0x0, 0x0, 0x240088c1}, 0x0) 13.041383575s ago: executing program 2 (id=123): mkdirat(0xffffffffffffff9c, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[], 0x58}}, 0x0) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000000040)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) ioctl$VIDIOC_DQEVENT(0xffffffffffffffff, 0x80885659, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) r5 = userfaultfd(0x80001) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000480)={0xaa, 0x600}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r6 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000340)={0x0, 0x304000, 0x1000, 0x0, 0x2}, 0x20) ioctl$UFFDIO_COPY(r5, 0xc028aa05, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000013000/0x4000)=nil, 0x3000, 0x3}) read$FUSE(r4, &(0x7f00000021c0)={0x2020}, 0x2020) socket$nl_generic(0x10, 0x3, 0x10) 10.608858387s ago: executing program 3 (id=129): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = socket$unix(0x1, 0x1, 0x0) recvmmsg$unix(r0, &(0x7f0000002780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40010000, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000000300)=""/102392, 0x18ff8) mount$9p_fd(0x0, 0x0, 0x0, 0x800, 0x0) prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sysvipc/sem\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000019340), r2) read$FUSE(r2, 0x0, 0x0) openat(r2, 0x0, 0x400001, 0x4) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="44000000100003055f04000000000000000000", @ANYRES32=0x0, @ANYBLOB="01000000000000001c0012800b0001006d616373656300000c00028005000f000200000008000500", @ANYRES32, @ANYBLOB], 0x44}}, 0x0) syz_open_dev$dri(0x0, 0x4, 0x14000) r4 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) write$binfmt_aout(r4, &(0x7f0000000400)=ANY=[@ANYBLOB="03040000b500000001"], 0xc8) openat$mixer(0xffffffffffffff9c, &(0x7f0000000040), 0x121800, 0x0) setuid(0xee00) ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000200)={0xb000, 0x1000, 0x9, 0x1, 0x80000000}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) 9.160368193s ago: executing program 3 (id=130): openat$kvm(0xffffffffffffff9c, 0x0, 0x109881, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000a00)=@abs, 0x2) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) io_uring_setup(0x7, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)={0x8a080, 0x39, 0x15}, 0x18) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x400c011) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f00000001c0)=0x3) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000569000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x30, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r4, 0x4400ae8f, &(0x7f0000000380)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ffd3bf79a1f5c5dc34cf2645cbc11c4562d22db8780edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b000000fb354673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0100f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce78754182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f26df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132155fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 8.291829975s ago: executing program 0 (id=131): r0 = socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4) setsockopt$inet_tcp_int(r2, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) capset(0x0, 0x0) connect$inet(r2, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10) sendto$inet(r2, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0) splice(r2, 0x0, r1, 0x0, 0xfea8, 0xa) close_range(r0, 0xffffffffffffffff, 0x0) 8.066223674s ago: executing program 1 (id=133): r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000480)={0xfffffffe, 0xfffffffc, 0x0, 'queue0\x00', 0x100}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000005480)={0x0, 0x20000008, 0x3cdb, {0x0, 0x10000}, 0x0, 0xfffffffe}) 6.821811724s ago: executing program 0 (id=134): openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x842, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x5e22, 0x0, @remote}, 0x1c) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0xfea7) r3 = socket$alg(0x26, 0x5, 0x0) r4 = accept4(r3, 0x0, 0x0, 0x0) sendfile(r4, 0xffffffffffffffff, &(0x7f0000000440)=0x100, 0x1002) socket$tipc(0x1e, 0x5, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={0x0, 0xfc}}, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff7000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000ff1000/0xc000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r6 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x1, 0x800000c1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50) io_uring_enter(r6, 0x2219, 0x7721, 0x16, 0x0, 0x0) 6.707824068s ago: executing program 2 (id=135): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x4000000) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0xd, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) syz_clone(0xb21e0000, 0x0, 0x1e, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x50, 0x2, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x50}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) 6.707585968s ago: executing program 1 (id=136): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@newtaction={0x388, 0x30, 0x100, 0x71bd23, 0x25dfdbff, {}, [{0x374, 0x1, [@m_csum={0xf8, 0x14, 0x0, 0x0, {{0x9}, {0x58, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x2, 0x3, 0x8, 0x1, 0xa}, 0x33}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x4, 0xfffffffa, 0xffffffffffffffff, 0xd49, 0x100}, 0x78}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x4, 0x3e5, 0x4, 0x3, 0x1}, 0x21}}]}, {0x75, 0x6, "f90cc54fcc9c8095264b0e12b02dcd836b5130212160662c39452a4b445c2f4c6f1effca3ea3f7cd43a1f925fff035535b4d5683ceff45e1f9be83ff28d6ec46117cfbc7d48ae556ece944cd1739bc772a6f07d0d2c256696fa69d27ebd97ed3ce0d9d7316eea38492bd81fa862c6a1f75"}, {0xc}, {0xc, 0x8, {0x3, 0x3}}}}, @m_csum={0xc4, 0x1a, 0x0, 0x0, {{0x9}, {0x4}, {0x95, 0x6, "f0b8bf92cf8611111a0ff27fcc8825ca405600cfd0f6876d2892df6b5723118bb7d9d86de0a2706031cc8c62f7d1baf9b04f3a9ed11665c75023f87c16ce970413ede5e5f6782d0d17be877ac54c09075ed841c7daeddf3395a210eab4335ed3bcb36fe1598dc94259da01363ad59d8dc384cb8fe469869c99849bd0d19e999b2e8f62d563a2dcea91347cdc754302a566"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_nat={0x1b4, 0x12, 0x0, 0x0, {{0x8}, {0xa4, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x1, 0x40, 0x20000000, 0x6, 0x5}, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, 0xffffff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x4, 0x5, 0x8, 0xf, 0x1}, @local, @remote, 0xffffffff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x8, 0xffffffffffffffff, 0x1, 0x1}, @rand_addr=0x64010100, @remote, 0xffffff00, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x3, 0x8, 0x7, 0x8, 0x10}, @private=0xa010100, @rand_addr=0x64010101, 0xffffffff}}]}, {0xe9, 0x6, "9161facd0ff95a713a89d259046db020980876dac7871ca2ea6d1f1c366c68271521648418010000002f3933e73da4a79a059a5b352dddb52cb0c359429b1493717494c9c7c4691d794a967a8b1b9061f54eec486361cd31719abdb81e7bcc3582af1d6a442d255112274b18da8718c17a507f8aa0863e81581e17d5f423a719489282892a0f04944d6a2c7560578b1e3ea7736b05998bd0d92ec29eed8bd226a6c7088e40ea6ba0451286748a1307f49c244a1ca03ca68b2a2bd6e97b8e30273e1e5df634bd3c2b7c9f07e7d9e5d75b2cd61d22fc2506e657082d801af207b61501f395a9"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}]}]}, 0x388}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) sendto(0xffffffffffffffff, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 6.294304891s ago: executing program 1 (id=137): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x1, 0x1}, 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r0}, 0x10) set_mempolicy(0x3, &(0x7f0000000200)=0x2000000009, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000007d00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) 5.509155232s ago: executing program 1 (id=138): syz_init_net_socket$ax25(0x3, 0x2, 0xc4) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000003c0)=@generic={&(0x7f0000000380)='./file0\x00', r0}, 0x18) msync(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x6) unshare(0x22020600) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) getcwd(0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000040), 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_128={{0x304}, "74b4b6f812818157", "fe0f232318769ac69f4d79a23999d0d2", "4110d24f", "9fee0dd3cddeb064"}, 0x28) sendto$inet6(r4, 0x0, 0x0, 0x8000, 0x0, 0x0) r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f00000000c0)={'pcl812\x00', [0x8001, 0x6, 0x1, 0x0, 0x0, 0xcc7, 0x8, 0x7, 0xa, 0x100, 0x2, 0x1, 0x8, 0x4, 0x6, 0xffffffff, 0x1, 0x1a449, 0x3, 0x40000003, 0x89, 0x2, 0xf27, 0x6, 0xb, 0x8, 0x5, 0x8, 0x4, 0x10000, 0xfffffff8]}) syz_emit_ethernet(0x66, &(0x7f0000000f80)={@broadcast, @random="6487a2bed3d6", @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x6c, 0x0, @private}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x0, 0xfffc}}}}}}, 0x0) prlimit64(0x0, 0xa, &(0x7f0000000140)={0x8, 0x8b}, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) socket$inet(0x2, 0x3, 0x6) 4.03932486s ago: executing program 1 (id=139): openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x2004c7f9, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b037511bf746bec66ba", 0x994b6e03113064ae, 0x0, 0x0, 0x0) recvmsg(r0, &(0x7f0000000100)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f0000000780)=""/4108, 0x437aba2}], 0x1, 0x0, 0xfffffdee, 0x407006}, 0x104) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x9cdc2384016f48b8) 2.675865886s ago: executing program 1 (id=140): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10c4, 0xea90, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)={0x0, 0x0, 0x8, {0x8, 0x0, "392cdaab4a73"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x20, 0x1, 0x3, "c282fe"}, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="20010e"], 0x0}) syz_usb_control_io(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000200)={0x0, 0xab, 0x8, &(0x7f0000000180)={0x2a, "247f23e017bb486c5c4b7165a6d6af0b920bf04121f0339400"}}) 1.819377626s ago: executing program 0 (id=141): r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000000)={&(0x7f0000000380)=[{0x1, 0xc401, 0x4f, &(0x7f0000000780)="2fa4aaca555c80e980979899f7a2e96c76e007198cf35a3e86a08a361ab693d4b578c5ca80b3dcebae4a9ec3d2084a95f036c2dab0a8e13b7f4757b2a22bf27639286b466ddcf6b2cae2a5a1d1fe21"}], 0x1}) 1.690942912s ago: executing program 3 (id=142): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) r1 = dup(r0) mmap(&(0x7f0000097000/0x1000)=nil, 0x1000, 0x4, 0x28011, r1, 0x0) 1.421340587s ago: executing program 3 (id=143): r0 = socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4) setsockopt$inet_tcp_int(r2, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) capset(0x0, 0x0) connect$inet(r2, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10) sendto$inet(r2, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0) splice(r2, 0x0, r1, 0x0, 0xfea8, 0xa) close_range(r0, 0xffffffffffffffff, 0x0) 1.411891368s ago: executing program 0 (id=151): r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000000)={&(0x7f0000000380)=[{0x1, 0xc401, 0x4f, &(0x7f0000000780)="2fa4aaca555c80e980979899f7a2e96c76e007198cf35a3e86a08a361ab693d4b578c5ca80b3dcebae4a9ec3d2084a95f036c2dab0a8e13b7f4757b2a22bf27639286b466ddcf6b2cae2a5a1d1fe21"}], 0x1}) 1.201360025s ago: executing program 0 (id=144): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000400)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2040, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8971, 0x0) r5 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x103a02, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$RTC_RD_TIME(r5, 0x80247009, 0x0) sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002b40)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x0) 50.828813ms ago: executing program 3 (id=145): r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000480)={0xfffffffe, 0xfffffffc, 0x0, 'queue0\x00', 0x100}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000005480)={0x0, 0x20000008, 0x3cdb, {0x0, 0x10000}, 0x0, 0xfffffffe}) 0s ago: executing program 0 (id=146): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x1, 0x1}, 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r0}, 0x10) set_mempolicy(0x3, &(0x7f0000000200)=0x2000000009, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000007d00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.7' (ED25519) to the list of known hosts. [ 74.618281][ T5758] cgroup: Unknown subsys name 'net' [ 74.794379][ T5758] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 76.474210][ T5758] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 78.226263][ T5774] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 78.247457][ T5775] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 78.266201][ T5775] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 78.279681][ T5780] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 78.287488][ T5775] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 78.296802][ T5780] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 78.304670][ T5775] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 78.313086][ T5780] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 78.321804][ T5775] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 78.330420][ T5775] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 78.338403][ T5780] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 78.345253][ T5785] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 78.350936][ T5780] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 78.360048][ T5780] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 78.370301][ T5777] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 78.377423][ T5784] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 78.378289][ T5777] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 78.390608][ T5784] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 78.393422][ T5777] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 78.401476][ T5784] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 78.413009][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 78.420621][ T5784] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 78.430376][ T5777] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 78.443561][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.950952][ T5768] chnl_net:caif_netlink_parms(): no params data found [ 79.033123][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 79.095700][ T5769] chnl_net:caif_netlink_parms(): no params data found [ 79.176182][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 79.233407][ T5768] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.241263][ T5768] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.249543][ T5768] bridge_slave_0: entered allmulticast mode [ 79.259624][ T5768] bridge_slave_0: entered promiscuous mode [ 79.275196][ T5768] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.282354][ T5768] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.289722][ T5768] bridge_slave_1: entered allmulticast mode [ 79.297248][ T5768] bridge_slave_1: entered promiscuous mode [ 79.393982][ T5769] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.402702][ T5769] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.411583][ T5769] bridge_slave_0: entered allmulticast mode [ 79.420078][ T5769] bridge_slave_0: entered promiscuous mode [ 79.431107][ T5768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.445120][ T5768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.460608][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.467899][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.476433][ T5772] bridge_slave_0: entered allmulticast mode [ 79.483525][ T5772] bridge_slave_0: entered promiscuous mode [ 79.491555][ T5769] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.498996][ T5769] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.506643][ T5769] bridge_slave_1: entered allmulticast mode [ 79.513729][ T5769] bridge_slave_1: entered promiscuous mode [ 79.550606][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.558010][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.565633][ T5772] bridge_slave_1: entered allmulticast mode [ 79.573088][ T5772] bridge_slave_1: entered promiscuous mode [ 79.622499][ T5769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.636528][ T5768] team0: Port device team_slave_0 added [ 79.669144][ T5769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.693522][ T5768] team0: Port device team_slave_1 added [ 79.715812][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.728702][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.764214][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.771580][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.779026][ T5770] bridge_slave_0: entered allmulticast mode [ 79.787563][ T5770] bridge_slave_0: entered promiscuous mode [ 79.810387][ T5769] team0: Port device team_slave_0 added [ 79.820290][ T5769] team0: Port device team_slave_1 added [ 79.840851][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.848103][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.874377][ T5768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.889170][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.897274][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.904464][ T5770] bridge_slave_1: entered allmulticast mode [ 79.912166][ T5770] bridge_slave_1: entered promiscuous mode [ 79.963524][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.971258][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.997483][ T5768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.023803][ T5772] team0: Port device team_slave_0 added [ 80.046956][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.054061][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.080796][ T5769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.103696][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.118122][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.130238][ T5772] team0: Port device team_slave_1 added [ 80.143620][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.151235][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.177659][ T5769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.247423][ T5768] hsr_slave_0: entered promiscuous mode [ 80.254018][ T5768] hsr_slave_1: entered promiscuous mode [ 80.289250][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.296628][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.322914][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.353477][ T5770] team0: Port device team_slave_0 added [ 80.360767][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.368163][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.394482][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.441214][ T5770] team0: Port device team_slave_1 added [ 80.455796][ T5086] Bluetooth: hci2: command tx timeout [ 80.490482][ T5769] hsr_slave_0: entered promiscuous mode [ 80.496963][ T5769] hsr_slave_1: entered promiscuous mode [ 80.503216][ T5769] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.512077][ T5769] Cannot create hsr debugfs directory [ 80.531371][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.536921][ T5086] Bluetooth: hci1: command tx timeout [ 80.538827][ T51] Bluetooth: hci3: command tx timeout [ 80.544340][ T5777] Bluetooth: hci0: command tx timeout [ 80.556094][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.582257][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.596136][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.603122][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.629336][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.693702][ T5772] hsr_slave_0: entered promiscuous mode [ 80.700889][ T5772] hsr_slave_1: entered promiscuous mode [ 80.708580][ T5772] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.716247][ T5772] Cannot create hsr debugfs directory [ 80.842540][ T5770] hsr_slave_0: entered promiscuous mode [ 80.852221][ T5770] hsr_slave_1: entered promiscuous mode [ 80.858579][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.866999][ T5770] Cannot create hsr debugfs directory [ 81.155306][ T5768] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 81.173926][ T5768] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 81.193310][ T5768] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 81.223177][ T5768] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 81.309833][ T5769] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 81.346635][ T5769] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 81.379600][ T5769] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 81.390724][ T5769] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 81.446553][ T5772] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 81.459220][ T5772] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 81.473133][ T5772] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 81.483736][ T5772] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 81.616422][ T5770] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 81.629506][ T5770] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 81.641314][ T5770] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 81.654251][ T5770] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 81.772021][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.820127][ T5768] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.838346][ T2934] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.845778][ T2934] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.899711][ T5769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.909350][ T2934] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.916556][ T2934] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.937112][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.968978][ T5769] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.011229][ T2934] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.018445][ T2934] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.046460][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.060083][ T2951] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.067418][ T2951] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.091655][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.140356][ T2960] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.147610][ T2960] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.230861][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.247392][ T2951] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.254627][ T2951] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.289847][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.297109][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.332898][ T3529] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.340179][ T3529] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.480287][ T5770] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 82.491613][ T5770] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 82.535806][ T5777] Bluetooth: hci2: command tx timeout [ 82.570328][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.616119][ T5777] Bluetooth: hci0: command tx timeout [ 82.616519][ T5086] Bluetooth: hci1: command tx timeout [ 82.621579][ T51] Bluetooth: hci3: command tx timeout [ 82.747328][ T5768] veth0_vlan: entered promiscuous mode [ 82.784248][ T5768] veth1_vlan: entered promiscuous mode [ 82.854057][ T5768] veth0_macvtap: entered promiscuous mode [ 82.900163][ T5768] veth1_macvtap: entered promiscuous mode [ 82.973928][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.001321][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.021329][ T5768] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.030916][ T5768] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.042005][ T5768] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.051788][ T5768] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.130689][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.147035][ T5769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.276551][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.284617][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.312910][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.362307][ T5770] veth0_vlan: entered promiscuous mode [ 83.379992][ T2951] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.401654][ T2951] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.433601][ T5769] veth0_vlan: entered promiscuous mode [ 83.449941][ T5770] veth1_vlan: entered promiscuous mode [ 83.521376][ T5769] veth1_vlan: entered promiscuous mode [ 83.539096][ T5772] veth0_vlan: entered promiscuous mode [ 83.585620][ T5770] veth0_macvtap: entered promiscuous mode [ 83.597460][ T5772] veth1_vlan: entered promiscuous mode [ 83.614065][ T5770] veth1_macvtap: entered promiscuous mode [ 83.699638][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.713878][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.728758][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.740388][ T5772] veth0_macvtap: entered promiscuous mode [ 83.752415][ T5772] veth1_macvtap: entered promiscuous mode [ 83.773315][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.784004][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.808213][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.826649][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.841375][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.871810][ T5769] veth0_macvtap: entered promiscuous mode [ 83.885729][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.902330][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.927094][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.953500][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.969450][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.982009][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.997504][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.010932][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.031861][ T5770] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.045551][ T5770] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.056120][ T5770] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.065048][ T5770] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.098141][ T5769] veth1_macvtap: entered promiscuous mode [ 84.113659][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.126286][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.138872][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.151140][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.161838][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.174913][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.284223][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.625883][ T51] Bluetooth: hci2: command tx timeout [ 84.667758][ T5772] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.687211][ T5772] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.697558][ T51] Bluetooth: hci1: command tx timeout [ 84.703024][ T51] Bluetooth: hci3: command tx timeout [ 84.708680][ T5777] Bluetooth: hci0: command tx timeout [ 84.719630][ T5772] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.730382][ T5772] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.759348][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.778739][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.793423][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.808012][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.819574][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.833885][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.853977][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.897395][ T5769] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.911822][ T5769] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.931350][ T5769] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.942096][ T5769] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.096269][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.365582][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.684069][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.693150][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.736196][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.745038][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 85.753852][ T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.762134][ T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.173872][ T2960] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.193221][ T2960] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.285902][ T2960] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.293805][ T2960] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.342390][ T3529] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.379348][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.390677][ T3529] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.432051][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.465777][ T2951] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.603695][ T2951] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.706245][ T5086] Bluetooth: hci2: command tx timeout [ 86.777905][ T5086] Bluetooth: hci3: command tx timeout [ 86.789683][ T5086] Bluetooth: hci0: command tx timeout [ 86.797864][ T51] Bluetooth: hci1: command tx timeout [ 89.016539][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 89.520314][ T5898] binder: 5897:5898 ioctl c0306201 2000000003c0 returned -14 [ 90.557648][ T5854] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 90.597982][ T5910] mmap: syz.1.15 (5910) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 90.656753][ T5910] syz.1.15[5910]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 90.722769][ T5910] loop1: detected capacity change from 0 to 2048 [ 90.746556][ T5912] loop3: detected capacity change from 0 to 128 [ 90.781950][ T5854] usb 1-1: Using ep0 maxpacket: 32 [ 90.830566][ T5854] usb 1-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 90.840972][ T5854] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.849989][ T5854] usb 1-1: Product: syz [ 90.854356][ T5854] usb 1-1: Manufacturer: syz [ 90.859117][ T5854] usb 1-1: SerialNumber: syz [ 90.873639][ T5910] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 90.890959][ T5854] usb 1-1: config 0 descriptor?? [ 91.123042][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.179379][ T5854] RobotFuzz Open Source InterFace, OSIF 1-1:0.0: version d4.15 found at bus 001 address 002 [ 92.142057][ T23] cfg80211: failed to load regulatory.db [ 92.362533][ T5931] netlink: 12 bytes leftover after parsing attributes in process `syz.3.21'. [ 92.977614][ T5935] netlink: 148 bytes leftover after parsing attributes in process `syz.3.21'. [ 94.170890][ T5949] loop2: detected capacity change from 0 to 128 [ 94.398450][ T5945] loop0: detected capacity change from 0 to 2048 [ 94.809316][ T5945] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.234282][ T5141] udevd[5141]: worker [5916] terminated by signal 33 (Unknown signal 33) [ 95.243527][ T967] usb 1-1: USB disconnect, device number 2 [ 95.306629][ T5141] udevd[5141]: worker [5916] failed while handling '/devices/virtual/block/loop0' [ 95.533252][ T5772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.757407][ T5973] netlink: 12 bytes leftover after parsing attributes in process `syz.0.34'. [ 96.395364][ T5976] netlink: 148 bytes leftover after parsing attributes in process `syz.0.34'. [ 97.329995][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 98.087972][ T5992] loop1: detected capacity change from 0 to 128 [ 99.325309][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.476061][ T6000] binder: 5999:6000 ioctl c0306201 2000000003c0 returned -14 [ 99.594761][ T5998] loop3: detected capacity change from 0 to 2048 [ 99.676458][ T5998] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.791582][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.814904][ T5783] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 101.014959][ T5783] usb 4-1: Using ep0 maxpacket: 32 [ 101.061381][ T5783] usb 4-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 101.091297][ T5783] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.123131][ T5783] usb 4-1: Product: syz [ 101.133526][ T5783] usb 4-1: Manufacturer: syz [ 101.141097][ T5783] usb 4-1: SerialNumber: syz [ 101.158008][ T5783] usb 4-1: config 0 descriptor?? [ 101.355362][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.365070][ T5783] RobotFuzz Open Source InterFace, OSIF 4-1:0.0: version d4.15 found at bus 004 address 002 [ 103.544343][ T6068] netlink: 12 bytes leftover after parsing attributes in process `syz.1.69'. [ 103.682903][ T6071] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 104.091611][ T6068] netlink: 148 bytes leftover after parsing attributes in process `syz.1.69'. [ 104.697876][ T6044] i2c i2c-1: failure reading data [ 104.799146][ T9] usb 4-1: USB disconnect, device number 2 [ 105.152239][ T6093] syz.3.79 uses obsolete (PF_INET,SOCK_PACKET) [ 105.174273][ T6090] kvm: pic: level sensitive irq not supported [ 105.174506][ T6090] kvm: pic: non byte read [ 105.187357][ T6090] kvm: pic: level sensitive irq not supported [ 105.187434][ T6090] kvm: pic: non byte read [ 105.201607][ T6090] kvm: pic: level sensitive irq not supported [ 105.201688][ T6090] kvm: pic: non byte read [ 105.216221][ T6090] kvm: pic: level sensitive irq not supported [ 105.216295][ T6090] kvm: pic: non byte read [ 105.227814][ T6090] kvm: pic: level sensitive irq not supported [ 105.227904][ T6090] kvm: pic: non byte read [ 105.242722][ T6090] kvm: pic: level sensitive irq not supported [ 105.242793][ T6090] kvm: pic: non byte read [ 105.274251][ T6090] kvm: pic: level sensitive irq not supported [ 105.274325][ T6090] kvm: pic: non byte read [ 105.310395][ T6090] kvm: pic: level sensitive irq not supported [ 105.310472][ T6090] kvm: pic: non byte read [ 105.328776][ T6090] kvm: pic: level sensitive irq not supported [ 105.329021][ T6090] kvm: pic: non byte read [ 105.340367][ T6090] kvm: pic: level sensitive irq not supported [ 105.340438][ T6090] kvm: pic: non byte read [ 106.255221][ T5783] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 106.265052][ T5854] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 106.456965][ T5783] usb 2-1: Using ep0 maxpacket: 32 [ 106.604944][ T5854] usb 4-1: Using ep0 maxpacket: 32 [ 106.617627][ T5783] usb 2-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 106.643917][ T5783] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.666188][ T5783] usb 2-1: Product: syz [ 107.408694][ T5783] usb 2-1: Manufacturer: syz [ 107.413361][ T5783] usb 2-1: SerialNumber: syz [ 107.667563][ T5854] usb 4-1: config 0 has an invalid interface number: 153 but max is 0 [ 107.676932][ T5854] usb 4-1: config 0 has no interface number 0 [ 107.688280][ T5854] usb 4-1: config 0 interface 153 has no altsetting 0 [ 107.702485][ T5854] usb 4-1: New USB device found, idVendor=3823, idProduct=0002, bcdDevice=29.cc [ 107.715100][ T5854] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.736541][ T5783] usb 2-1: config 0 descriptor?? [ 107.750847][ T5854] usb 4-1: Product: syz [ 107.777008][ T5854] usb 4-1: Manufacturer: syz [ 107.781701][ T5854] usb 4-1: SerialNumber: syz [ 107.822874][ T5854] usb 4-1: config 0 descriptor?? [ 108.056433][ T5854] usbtouchscreen: probe of 4-1:0.153 failed with error -71 [ 108.064974][ T5783] RobotFuzz Open Source InterFace, OSIF 2-1:0.0: version d4.15 found at bus 002 address 002 [ 108.077462][ T5854] usb 4-1: USB disconnect, device number 3 [ 109.373278][ T28] audit: type=1804 audit(1768581098.446:2): pid=6133 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.93" name="/newroot/23/file1" dev="fuse" ino=1 res=1 errno=0 [ 110.133396][ T6143] capability: warning: `syz.2.98' uses deprecated v2 capabilities in a way that may be insecure [ 110.329489][ T6148] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 110.390031][ T6123] i2c i2c-1: failure reading data [ 110.455622][ T5783] usb 2-1: USB disconnect, device number 2 [ 110.574950][ T23] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 110.600251][ T6153] netlink: 12 bytes leftover after parsing attributes in process `syz.2.102'. [ 110.618681][ T6153] netlink: 12 bytes leftover after parsing attributes in process `syz.2.102'. [ 110.628676][ T6153] netlink: 12 bytes leftover after parsing attributes in process `syz.2.102'. [ 110.638169][ T6153] Zero length message leads to an empty skb [ 110.788226][ T23] usb 1-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 110.811478][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.833109][ T23] usb 1-1: Product: syz [ 110.844849][ T23] usb 1-1: Manufacturer: syz [ 110.874937][ T23] usb 1-1: SerialNumber: syz [ 110.895768][ T23] r8152-cfgselector 1-1: config 0 descriptor?? [ 112.028581][ T23] r8152-cfgselector 1-1: Unknown version 0x0000 [ 112.473505][ T23] r8152-cfgselector 1-1: USB disconnect, device number 3 [ 113.114945][ T23] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 113.883340][ T23] usb 1-1: Using ep0 maxpacket: 32 [ 113.900891][ T23] usb 1-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 113.930821][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.953695][ T23] usb 1-1: Product: syz [ 113.974510][ T23] usb 1-1: Manufacturer: syz [ 114.001660][ T23] usb 1-1: SerialNumber: syz [ 114.036197][ T23] usb 1-1: config 0 descriptor?? [ 114.149921][ T6197] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 114.250873][ T23] RobotFuzz Open Source InterFace, OSIF 1-1:0.0: version d4.15 found at bus 001 address 004 [ 114.420202][ T28] audit: type=1800 audit(1768581103.496:3): pid=6203 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.118" name="bus" dev="overlay" ino=183 res=0 errno=0 [ 116.615214][ T6208] i2c i2c-1: failure reading data [ 116.856248][ T5760] usb 1-1: USB disconnect, device number 4 [ 119.481023][ T6239] netlink: 36 bytes leftover after parsing attributes in process `syz.3.129'. [ 123.593135][ T6259] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 127.744951][ T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 127.961290][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 127.972543][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 128.015079][ T9] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 128.055137][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.090386][ T9] usb 2-1: config 0 descriptor?? [ 128.536504][ T9] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0 [ 128.580068][ T9] cp2112 0003:10C4:EA90.0001: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0 [ 128.722163][ T9] cp2112 0003:10C4:EA90.0001: Part Number: 0x82 Device Version: 0xFE [ 129.950926][ T6307] ================================================================== [ 129.959061][ T6307] BUG: KASAN: stack-out-of-bounds in cp2112_xfer+0x714/0xf00 [ 129.966514][ T6307] Read of size 42 at addr ffffc9000c60fd41 by task syz.1.140/6307 [ 129.974343][ T6307] [ 129.976707][ T6307] CPU: 1 PID: 6307 Comm: syz.1.140 Not tainted syzkaller #0 [ 129.984017][ T6307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 129.994125][ T6307] Call Trace: [ 129.997455][ T6307] [ 130.000445][ T6307] dump_stack_lvl+0x16c/0x230 [ 130.005163][ T6307] ? cp2112_xfer+0x714/0xf00 [ 130.009810][ T6307] ? show_regs_print_info+0x20/0x20 [ 130.015046][ T6307] ? load_image+0x3b0/0x3b0 [ 130.019588][ T6307] ? register_lock_class+0xb5/0x890 [ 130.024845][ T6307] ? __virt_addr_valid+0xc3/0x540 [ 130.030005][ T6307] print_report+0xac/0x220 [ 130.034469][ T6307] ? cp2112_xfer+0x714/0xf00 [ 130.039130][ T6307] kasan_report+0x117/0x150 [ 130.043679][ T6307] ? cp2112_xfer+0x714/0xf00 [ 130.048331][ T6307] kasan_check_range+0x288/0x290 [ 130.053316][ T6307] ? cp2112_xfer+0x714/0xf00 [ 130.057957][ T6307] __asan_memcpy+0x29/0x70 [ 130.062425][ T6307] cp2112_xfer+0x714/0xf00 [ 130.066919][ T6307] ? cp2112_i2c_xfer+0xe70/0xe70 [ 130.071909][ T6307] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 130.077959][ T6307] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 130.083910][ T6307] __i2c_smbus_xfer+0x888/0x1d90 [ 130.088904][ T6307] ? cp2112_i2c_xfer+0xe70/0xe70 [ 130.093902][ T6307] ? i2c_smbus_write_i2c_block_data+0x1b0/0x1b0 [ 130.100197][ T6307] ? rt_mutex_adjust_prio_chain+0x2400/0x2400 [ 130.106324][ T6307] ? i2c_smbus_xfer+0x121/0x3a0 [ 130.111228][ T6307] i2c_smbus_xfer+0x267/0x3a0 [ 130.115954][ T6307] ? i2c_smbus_read_byte+0x1b0/0x1b0 [ 130.121284][ T6307] ? __might_fault+0xaa/0x120 [ 130.126001][ T6307] ? __might_fault+0xc6/0x120 [ 130.130717][ T6307] ? __might_fault+0xaa/0x120 [ 130.135444][ T6307] i2cdev_ioctl_smbus+0x423/0x670 [ 130.140528][ T6307] ? i2cdev_ioctl_rdwr+0x690/0x690 [ 130.145694][ T6307] ? __might_fault+0xaa/0x120 [ 130.150506][ T6307] ? __might_fault+0xc6/0x120 [ 130.155228][ T6307] ? __might_fault+0xaa/0x120 [ 130.159961][ T6307] i2cdev_ioctl+0x5d1/0x7e0 [ 130.164512][ T6307] ? i2cdev_write+0x120/0x120 [ 130.169239][ T6307] ? bpf_lsm_file_ioctl+0x9/0x10 [ 130.174221][ T6307] ? security_file_ioctl+0x80/0xa0 [ 130.179384][ T6307] ? i2cdev_write+0x120/0x120 [ 130.184118][ T6307] __se_sys_ioctl+0xfd/0x170 [ 130.188770][ T6307] do_syscall_64+0x55/0xb0 [ 130.193235][ T6307] ? clear_bhb_loop+0x40/0x90 [ 130.197960][ T6307] ? clear_bhb_loop+0x40/0x90 [ 130.202682][ T6307] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 130.208632][ T6307] RIP: 0033:0x7f35cbb8f749 [ 130.213093][ T6307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.232765][ T6307] RSP: 002b:00007f35cca6b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 130.241228][ T6307] RAX: ffffffffffffffda RBX: 00007f35cbde6090 RCX: 00007f35cbb8f749 [ 130.249252][ T6307] RDX: 0000200000000200 RSI: 0000000000000720 RDI: 0000000000000005 [ 130.257261][ T6307] RBP: 00007f35cbc13f91 R08: 0000000000000000 R09: 0000000000000000 [ 130.265284][ T6307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 130.273295][ T6307] R13: 00007f35cbde6128 R14: 00007f35cbde6090 R15: 00007ffc67b26668 [ 130.281323][ T6307] [ 130.284375][ T6307] [ 130.286729][ T6307] The buggy address belongs to stack of task syz.1.140/6307 [ 130.294042][ T6307] and is located at offset 33 in frame: [ 130.299780][ T6307] i2cdev_ioctl_smbus+0x0/0x670 [ 130.304675][ T6307] [ 130.307036][ T6307] This frame has 1 object: [ 130.311489][ T6307] [32, 66) 'temp' [ 130.311500][ T6307] [ 130.317578][ T6307] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc9000c608000 allocated at copy_process+0x549/0x3d70 [ 130.330578][ T6307] The buggy address belongs to the physical page: [ 130.337036][ T6307] page:ffffea0000a36240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28d89 [ 130.347252][ T6307] memcg:ffff88801a352002 [ 130.351553][ T6307] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 130.358708][ T6307] page_type: 0xffffffff() [ 130.363163][ T6307] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 130.371800][ T6307] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff88801a352002 [ 130.380430][ T6307] page dumped because: kasan: bad access detected [ 130.386899][ T6307] page_owner tracks the page as allocated [ 130.392678][ T6307] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 6291, tgid 6291 (syz.1.140), ts 129156674332, free_ts 116941492412 [ 130.410951][ T6307] post_alloc_hook+0x1cd/0x210 [ 130.415750][ T6307] get_page_from_freelist+0x195c/0x19f0 [ 130.421347][ T6307] __alloc_pages+0x1e3/0x460 [ 130.426001][ T6307] __vmalloc_node_range+0x96b/0x1320 [ 130.431342][ T6307] dup_task_struct+0x3d0/0x7c0 [ 130.436155][ T6307] copy_process+0x549/0x3d70 [ 130.440778][ T6307] kernel_clone+0x21b/0x840 [ 130.445326][ T6307] __se_sys_clone3+0x252/0x2c0 [ 130.450120][ T6307] do_syscall_64+0x55/0xb0 [ 130.454927][ T6307] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 130.460871][ T6307] page last free stack trace: [ 130.465574][ T6307] free_unref_page_prepare+0x7ce/0x8e0 [ 130.471080][ T6307] free_unref_page_list+0xbe/0x860 [ 130.476248][ T6307] release_pages+0x1fa0/0x2220 [ 130.481049][ T6307] __folio_batch_release+0x71/0xe0 [ 130.486197][ T6307] truncate_inode_pages_range+0x358/0xf00 [ 130.491956][ T6307] blkdev_flush_mapping+0x132/0x290 [ 130.497188][ T6307] blkdev_put+0x498/0x760 [ 130.501566][ T6307] blkdev_release+0x84/0x90 [ 130.506122][ T6307] __fput+0x234/0x970 [ 130.510182][ T6307] task_work_run+0x1ce/0x250 [ 130.514820][ T6307] exit_to_user_mode_loop+0xe6/0x110 [ 130.520192][ T6307] exit_to_user_mode_prepare+0xf6/0x180 [ 130.525797][ T6307] syscall_exit_to_user_mode+0x1a/0x50 [ 130.531301][ T6307] do_syscall_64+0x61/0xb0 [ 130.535753][ T6307] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 130.541961][ T6307] [ 130.544322][ T6307] Memory state around the buggy address: [ 130.549987][ T6307] ffffc9000c60fc00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f3 f3 f3 [ 130.558101][ T6307] ffffc9000c60fc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 130.566199][ T6307] >ffffc9000c60fd00: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 02 f3 f3 f3 [ 130.574383][ T6307] ^ [ 130.581607][ T6307] ffffc9000c60fd80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 130.589716][ T6307] ffffc9000c60fe00: f1 f1 f1 f1 04 f2 00 00 f2 f2 00 00 f3 f3 f3 f3 [ 130.597827][ T6307] ================================================================== [ 130.616042][ T6307] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 130.623316][ T6307] CPU: 0 PID: 6307 Comm: syz.1.140 Not tainted syzkaller #0 [ 130.630642][ T6307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 130.640740][ T6307] Call Trace: [ 130.644049][ T6307] [ 130.647017][ T6307] dump_stack_lvl+0x16c/0x230 [ 130.651748][ T6307] ? show_regs_print_info+0x20/0x20 [ 130.656996][ T6307] ? load_image+0x3b0/0x3b0 [ 130.661558][ T6307] panic+0x2c0/0x710 [ 130.665497][ T6307] ? bpf_jit_dump+0xd0/0xd0 [ 130.670063][ T6307] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 130.676013][ T6307] ? _raw_spin_unlock+0x40/0x40 [ 130.680900][ T6307] ? print_memory_metadata+0x314/0x400 [ 130.686422][ T6307] ? cp2112_xfer+0x714/0xf00 [ 130.691057][ T6307] check_panic_on_warn+0x84/0xa0 [ 130.696042][ T6307] ? cp2112_xfer+0x714/0xf00 [ 130.700677][ T6307] end_report+0x6f/0x140 [ 130.704958][ T6307] kasan_report+0x128/0x150 [ 130.709485][ T6307] ? cp2112_xfer+0x714/0xf00 [ 130.714107][ T6307] kasan_check_range+0x288/0x290 [ 130.719074][ T6307] ? cp2112_xfer+0x714/0xf00 [ 130.723694][ T6307] __asan_memcpy+0x29/0x70 [ 130.728140][ T6307] cp2112_xfer+0x714/0xf00 [ 130.732585][ T6307] ? cp2112_i2c_xfer+0xe70/0xe70 [ 130.737549][ T6307] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 130.743628][ T6307] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 130.749561][ T6307] __i2c_smbus_xfer+0x888/0x1d90 [ 130.754537][ T6307] ? cp2112_i2c_xfer+0xe70/0xe70 [ 130.759521][ T6307] ? i2c_smbus_write_i2c_block_data+0x1b0/0x1b0 [ 130.765810][ T6307] ? rt_mutex_adjust_prio_chain+0x2400/0x2400 [ 130.771919][ T6307] ? i2c_smbus_xfer+0x121/0x3a0 [ 130.776804][ T6307] i2c_smbus_xfer+0x267/0x3a0 [ 130.781530][ T6307] ? i2c_smbus_read_byte+0x1b0/0x1b0 [ 130.786881][ T6307] ? __might_fault+0xaa/0x120 [ 130.791591][ T6307] ? __might_fault+0xc6/0x120 [ 130.796300][ T6307] ? __might_fault+0xaa/0x120 [ 130.801027][ T6307] i2cdev_ioctl_smbus+0x423/0x670 [ 130.806095][ T6307] ? i2cdev_ioctl_rdwr+0x690/0x690 [ 130.811243][ T6307] ? __might_fault+0xaa/0x120 [ 130.815957][ T6307] ? __might_fault+0xc6/0x120 [ 130.820669][ T6307] ? __might_fault+0xaa/0x120 [ 130.825391][ T6307] i2cdev_ioctl+0x5d1/0x7e0 [ 130.829943][ T6307] ? i2cdev_write+0x120/0x120 [ 130.834650][ T6307] ? bpf_lsm_file_ioctl+0x9/0x10 [ 130.839607][ T6307] ? security_file_ioctl+0x80/0xa0 [ 130.844788][ T6307] ? i2cdev_write+0x120/0x120 [ 130.849523][ T6307] __se_sys_ioctl+0xfd/0x170 [ 130.854141][ T6307] do_syscall_64+0x55/0xb0 [ 130.858576][ T6307] ? clear_bhb_loop+0x40/0x90 [ 130.863280][ T6307] ? clear_bhb_loop+0x40/0x90 [ 130.867983][ T6307] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 130.873898][ T6307] RIP: 0033:0x7f35cbb8f749 [ 130.878337][ T6307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.897987][ T6307] RSP: 002b:00007f35cca6b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 130.906437][ T6307] RAX: ffffffffffffffda RBX: 00007f35cbde6090 RCX: 00007f35cbb8f749 [ 130.914429][ T6307] RDX: 0000200000000200 RSI: 0000000000000720 RDI: 0000000000000005 [ 130.922429][ T6307] RBP: 00007f35cbc13f91 R08: 0000000000000000 R09: 0000000000000000 [ 130.930431][ T6307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 130.938516][ T6307] R13: 00007f35cbde6128 R14: 00007f35cbde6090 R15: 00007ffc67b26668 [ 130.946517][ T6307] [ 130.950110][ T6307] Kernel Offset: disabled [ 130.954459][ T6307] Rebooting in 86400 seconds..