last executing test programs: 6.724541182s ago: executing program 0 (id=1): openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3f, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4c, 0x6, 0x5f, 0x9, 0x5, 0xffff2d34, 0xffffff01, 0x6, 0x4, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x1, 0x824, 0xd, 0x1, 0x2, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8c, 0x6, 0x6, 0x0, 0x5, 0x4, 0xfffffffa, 0x3fc, 0x80, 0x0, 0x2, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x2, 0x8004, 0xf292, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x78, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x31, 0xe, 0x312, 0x78, 0xea4, 0x2, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0xd, 0x6, 0x47, 0x8000, 0xfffffffd, 0xfdfffffd, 0xffff, 0x400, 0x4, 0x9, 0x3, 0x3, 0x20000007, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x6, 0x7ff7, 0x0, 0x5, 0xb, 0x3, 0x5, 0x405, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x3e, 0xd9, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1002, 0xa2, 0x7, 0x953a, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x6, 0xb, 0x5, 0x893a, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x149, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x1, 0x4, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0x8af, 0x8, 0x6, 0x226, 0x5, 0x5, 0x28, 0x30b1d693, 0xa1f, 0xf43, 0x6, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 6.469764408s ago: executing program 0 (id=7): r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0xf}, 0x1c) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x98a3, 0x4) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x41e, 0x2801, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x2, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x3}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f00000001c0)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x5, {0x5, 0x0, "b1a748"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001780)=ANY=[@ANYBLOB="140000001400290200000000fddbdf250200002921597d15c95e9fc327003c7c4d8f36a37bc5855d491a807b1ab5efa83261b6862b536a8ed8b5d798bd9a94488f9bb1eced33dc681b284f76272a927420875fd3552cc656c7d6322d621e45fc13dcb772b862e2181b544628015878433e761865de2d86cb357ab0b6831908ebb3ce7883601c8114fa3efad6f2d528cc810100000000000000c6a2fad08f871c5fe868f39c61c792291ee98fdabe05331499ce350c3e1b357d4c54f34ac93bcdb5a2401a7f34e9f0bf1dbcd1b4d62c6cd07a5dd26d0867dadf43bd12a82488d14449133dd83d22d744402ec4c2296910e3a437837cc18331515b0000000000002159a216221e5c1dd9255504a6076b11c8c74633061b213d60e5c685d827df3cf4ac9dfd41e164ec0c250837e5bcbf7fa09fafc8d2877ebe0d6015df52a0f1a25bd308903849081a76d0f20412948f53e71821b3ccba64fdb3445f62c4b086c9cfc929abde960f8c79fce1af5833c871c926232ac02514fa3e5176263109480b1df00c8bcb02996dfe202929584d4230664c261a9297d56b39f9a2a5e429cff1326a1431ed4cb3f3fdef975f26f67cce501804dfc0284b31"], 0x14}}, 0x880) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff}, 0x6) write$bt_hci(r3, &(0x7f0000000080)={0x1, @le_add_to_accept_list={{0x2011, 0x7}, {0x9, @none}}}, 0xb) r4 = syz_open_dev$vcsa(&(0x7f0000000580), 0x2, 0x183682) sendmsg$IPSET_CMD_SWAP(r4, &(0x7f0000001740)={&(0x7f0000001440)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001700)={&(0x7f0000001480)={0x2c, 0x6, 0x6, 0x201, 0x0, 0x0, {0x0, 0x0, 0xf7}, [@IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x2c}}, 0x4000800) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x208000, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x10800, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020}, 0x2020) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) sendmsg$NL80211_CMD_DEAUTHENTICATE(0xffffffffffffffff, &(0x7f0000001a40)={&(0x7f0000001940)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000001a00)={&(0x7f0000005ac0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYBLOB="080027fd7000fbdbdf252700000008000300d02b4e3ab6d653d76451145fd24e40e59eaba32cf1fcc117f75d7949c95f44d17b5bf6111a516f1931044518ac00f207a1f944257898", @ANYRES32=r7, @ANYBLOB="0a0006005050505050500000"], 0x28}}, 0x90) socket$inet_icmp(0x2, 0x2, 0x1) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000940)={'gre0\x00', &(0x7f0000000900)={'erspan0\x00', 0x0, 0x8, 0x700, 0x0, 0xfffffffe, {{0x7, 0x4, 0x3, 0x3, 0x1c, 0x66, 0x0, 0x1f, 0x0, 0x0, @rand_addr=0x64010102, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@timestamp={0x44, 0x8, 0xd8, 0x0, 0x7, [0x0]}]}}}}}) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f00000005c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0x8, @empty, 0x43be}, {0xa, 0x4e20, 0x8, @private2={0xfc, 0x2, '\x00', 0x1}, 0x1}, 0xffffffffffffffff, 0xd8}}, 0x48) 6.24450359s ago: executing program 2 (id=8): openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = socket$igmp6(0xa, 0x3, 0x2) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'syz_tun\x00', 0x0}) r3 = syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000080)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000200)={0x980912, 0x0, '\x00', @string=0x0}}) bind$packet(r1, &(0x7f0000000300)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @remote}, 0x14) r4 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000e00)=ANY=[@ANYBLOB="1201000000000040de28021100000000000109022400010000d00009040004010300000009210100f90122050009058103"], 0x0) syz_usb_control_io(r4, 0x0, 0x0) syz_usb_control_io(r4, &(0x7f0000000040)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB="200b4000000028b1"], 0x0, 0x0, 0x0, 0x0}, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ptype\x00') r6 = socket$packet(0x11, 0x3, 0x300) bind$packet(r6, &(0x7f0000000000)={0x11, 0x5, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) preadv(r5, &(0x7f0000000000)=[{&(0x7f0000000340)=""/171, 0xab}], 0x1, 0x33, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000d00), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010029bd7000000000000c000000200001801400020073797a5f74756e00000000000000000008000300020000001800038014"], 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x297f, 0x4) sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 4.27919922s ago: executing program 0 (id=14): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x11) syz_usb_connect(0x0, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="120100009080e140fc044a500243010203010902"], 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100)=0x7) 4.260925459s ago: executing program 2 (id=15): socket(0x10, 0x2, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x48890) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r2, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r1, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) 4.016164963s ago: executing program 2 (id=16): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000340)={0x400000100002f, {0x0, 0xfffffeff, 0x0, 0xffffffff, 0xfffffff6}}) 3.917812742s ago: executing program 2 (id=17): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') open(&(0x7f00000005c0)='./bus\x00', 0x66842, 0x0) 3.578285904s ago: executing program 2 (id=19): r0 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0x80015b1b, 0x0) 3.494359102s ago: executing program 3 (id=20): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000000)={0x43, 0x8, 0x9, 0x7, 0x1a, "ad54d1d83808ee07"}) 3.283037871s ago: executing program 3 (id=21): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x28, r1, 0x607, 0x70bd2a, 0x0, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x460769a9}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x28}}, 0x0) 3.072312769s ago: executing program 3 (id=22): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket(0x40000000015, 0x5, 0x0) connect$inet(r1, &(0x7f0000000200)={0x2, 0x4e22, @loopback}, 0x10) sendmsg$xdp(r1, 0x0, 0x0) read$alg(r1, &(0x7f0000003780)=""/4096, 0x1000) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4000000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}}) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3000003, 0x2010, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') preadv(r2, &(0x7f0000000000)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) set_mempolicy(0x2, 0x0, 0x3ff) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-ssse3\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) recvmmsg$unix(r5, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) r6 = syz_open_dev$video4linux(&(0x7f0000000040), 0x1, 0x0) ioctl$VIDIOC_SUBDEV_S_CROP(r6, 0xc038563c, &(0x7f0000000240)={0x0, 0x0, {0xffffffff, 0x8000008, 0x0, 0x80000000}}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) 2.682461468s ago: executing program 1 (id=23): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) iopl(0x3) timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) waitid(0x0, r2, 0x0, 0x8, 0x0) waitid(0x1, r2, 0x0, 0x4, 0x0) 2.54333463s ago: executing program 0 (id=24): r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x3, @random="bb7fb37b9489", 'bond0\x00'}}, 0x1e) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)="2e00000011008b88040f80ee59acbc04130800480f0000005e2900421803001825800000000000000280000c0012", 0x2e}], 0x1}, 0x0) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x3, @remote, 'nicvf0\x00'}}, 0x1e) 2.259235176s ago: executing program 1 (id=25): r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000080)=@t={0x81, 0x8, 0x0, 0x80}) 1.973904261s ago: executing program 1 (id=26): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x28, 0x3, 0x6, 0x101, 0x0, 0x0, {0x3, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x24000090}, 0x0) 1.763539456s ago: executing program 1 (id=27): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f00000005c0)="123c163d8e1379f8f5e165bbe2eeb74ab23f7b4f158b153d324bdf0c9b46dcdf71dbff5ab31c1c6f0893c609831d792514d1df541e059e5d0817d37e194b61885803c0b6ea461f068ac7ff4d0296cc46d612a2d6893733e63c529dc8b98806c0c08064d1746cb773379bdb843100e2bb", 0x70, 0x24008000, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="68377863ac6ea61666eaa696435a75f1626fe3a3acedcaf71527ff51d446daac757559d2d6fc2b90952355ec6c61d718c91784312b1b4771888a0811895b02ffb658934b0bbd6466c9cc04cc7252f1f1deea5a8b9c6797c8f1263db526cf88899f7ecab544662eb34743cefb660a78cb9468d2900b3cda4cca9d89ab6d341d145acf249276dda272407bc98d9e5431316d468b9e4750f2316589dc4de3157592d27fd723a512c85b08035842b75ec422346f9696f4bb3226b0ca75d135ebd8cae46fb83b71c103e1fdcb1934fd1d28b4916abe2c44e26ea72be426c27052e81621209600", 0xe4}, {&(0x7f0000000840)="5453b4b759f9d4f4f33bda880b70e0fcdde06223919f4585429ef69078a4956f646ea03bfd4c090a003c01f32b1a175baf38c1eb4572c8b372accf9128062e58ff575546876a2804144c3aea98c4a3533396f87e860de8c66bceb0e6b387ec853b7e91c57587d38436637e702ae18eeccefdcd7a3cdd7bfc327b5d619b57d56afe1628b65e2948af5ee0e3f52746a5aff58bb7c6d253a58bf745584d1bc19fe5e42b5534eab9e9d2587b413e81f68b60f56130f82b327f5fe900e3e1503d7b117ec7d291a81090e6685b066c07bc6b783d1d23a056426d6502133386b51e657046c1c43a2a2c4a7611ee6592a5ee08700d24d832163b3def6c49c580956e51433a0a017d80d68574f8c43477bd9c0363321a7e589e86ffea215c1102cce8ffd1cd39a5f7658f22eee8a114772cb1e3c392d90b1b01ea2bac2c5911f388a774d5d7faaf89cb796c844f8dceb44ca4684f25cc79a3385d5b8e52e2dfed72d1f8c5858ed65c09af541ba111f73dd4fd763614585c1d07fe8e2fd278a0d7bdcc73970afa1d32a6e084f5b6384fca6ef4bb295451f614620c10e0fc235165e49afa57196cd54580ce9bc909dbccd00fe6e514e413a33199b4c9097b413b93660ebeac7b14652b27c364a8591912055ccd170cf22bc35849", 0x1d5}, {&(0x7f0000000ac0)="d48c8225ddfdf2c06c27763617468581389d34126760ba3dd0fe077a7c2ce378dd62cafeeb4ba1493766d09fd561d69a5bf8109ffcd3e43d8c16b9c3fa92d4439c5af1fa4775d01dcf0748a24ab51b52fbe75287abd479bdd154b4efe531a242d90a1ca2799c242bfd4ddd8271448d3415bd3a907ad340dc2fa2471393212d02eb25242808cffdc4e7a646211c18ac8602f5fc1e4f82b72871a8d42f37988365ff226c1523bf01617976acac641421438e16378094c94f2e55a44150d9a358d92606afb12f21a63daadbb143d6ccdae88d53521b9fe51ffa00000000e1f095b85da84acb08bb69065ba688260458a1b6602b23ac9aac14c931157aef573538b3fb4b54c0158313e3b4009fa93c57fe4f9e8ce9c72ac8a72a26e29f081e2c213a57d4143d5306c9e9f9d3e818e13ae35f4ffcb44a4af726f447f2545bc4f350d424812bbcd73617eb6cab3829b690be054e58bdd6", 0x154}, {&(0x7f0000000740)="f52ec22aafecc37a6d9995f1afb5c1727f223f9b84451a110b1dfbf19cc7ed183ba93f6d55645001887fc999262b9c938e22ef5ec46b", 0x36}], 0x4}}], 0x1, 0xc0) 1.52419889s ago: executing program 0 (id=28): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @broadcast}, 0x10) ioctl$int_in(r0, 0x5452, &(0x7f0000002300)=0x200) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) 1.404082951s ago: executing program 1 (id=29): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000180)={&(0x7f0000000000)=""/74, 0x1321000, 0x1000, 0x800, 0x7}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) creat(&(0x7f0000000000)='./file0\x00', 0x108) socket$l2tp(0x2, 0x2, 0x73) r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f0000008380)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x1, 0xc18da8, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50) syz_fuse_handle_req(r1, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) setsockopt(r3, 0x84, 0x81, 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r3, 0x84, 0x17, &(0x7f0000000440)=ANY=[], 0x9) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) 970.277394ms ago: executing program 3 (id=30): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x143080, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000002c0)=0xfffffffe) 752.237259ms ago: executing program 3 (id=31): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f0000001080), 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f00000089c0)=[{{&(0x7f0000001f00)={0x2, 0x4e23, @broadcast}, 0x10, 0x0}}, {{&(0x7f00000020c0)={0x2, 0x4e23, @broadcast}, 0x10, 0x0}}], 0x2, 0x20004804) getsockname$unix(0xffffffffffffffff, 0x0, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) fsmount(0xffffffffffffffff, 0x1, 0x8c) socket$alg(0x26, 0x5, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) ioperm(0x2, 0x7, 0x13) r1 = syz_open_dev$video(&(0x7f0000000040), 0x7, 0x0) ioctl$VIDIOC_S_FMT(r1, 0xc0d05640, &(0x7f0000000340)={0x1}) mount$9p_rdma(0x0, 0x0, 0x0, 0x3b8c039, &(0x7f0000000440)=ANY=[]) openat$mice(0xffffffffffffff9c, 0x0, 0x20000) read$msr(0xffffffffffffffff, 0x0, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) mq_timedreceive(0xffffffffffffffff, &(0x7f0000000700)=""/200, 0xc8, 0x0, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) bind$l2tp6(0xffffffffffffffff, 0x0, 0x0) mmap$xdp(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000007, 0x10, 0xffffffffffffffff, 0x80000000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) chdir(0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='ecryptfs\x00', 0x0, 0x0) 402.713868ms ago: executing program 1 (id=32): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="310428bd7000ffffffff1600000018000180140002006e657464657673696d3000400000000005000300000000000500020001"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 108.275351ms ago: executing program 0 (id=33): mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) socket$pppl2tp(0x18, 0x1, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000380)='memory.stat\x00', 0x0, 0x0) r5 = socket$netlink(0x10, 0x3, 0x14) sendfile(r5, r4, 0x0, 0x17) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) write$FUSE_STATX(r4, &(0x7f0000000540)={0x130, 0x0, 0x0, {0x3, 0x6, 0x0, '\x00', {0x2000, 0x5, 0x7, 0xc07, 0x0, 0x0, 0xc000, '\x00', 0x1, 0x3ff, 0x0, 0x3, {0x0, 0x1}, {0x4, 0x800}, {0x961, 0x6a5ad1fb}, {0xfffffffffffffffe}, 0x80000000, 0xdc, 0x7e, 0xa}}}, 0x130) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, 0x0, 0x2f) mkdir(&(0x7f0000000080)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x4000000, &(0x7f0000000280)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) umount2(&(0x7f0000000100)='./bus\x00', 0x8) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000080)=0x7) ioctl$TIOCSETD(r6, 0x5412, 0x0) 40.604292ms ago: executing program 2 (id=34): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x140041, 0x0) ioctl$TIOCSSOFTCAR(r0, 0x5453, 0x0) 0s ago: executing program 3 (id=35): r0 = syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d370f0100000000000000000006241a0000000c241b4800f3ff00050080050905810300020000000904010000020d00000904010102020d0000090582020004000000090503020002"], 0x0) ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x40305829, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000bc0)={0x44, 0x0, 0x0, 0x0, &(0x7f00000009c0)={0x20, 0x80, 0x1c, {0x3, 0x9, 0xe4c, 0x2, 0x3, 0x3865, 0x8, 0x9, 0x1, 0x5, 0x4, 0x81}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.104' (ED25519) to the list of known hosts. [ 82.182187][ T5818] cgroup: Unknown subsys name 'net' [ 82.309120][ T5818] cgroup: Unknown subsys name 'cpuset' [ 82.318493][ T5818] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.071011][ T5818] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.741204][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.749749][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.775462][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.775973][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.783237][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.797342][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.805680][ T5842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.806718][ T5834] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.814527][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.830536][ T5842] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.833219][ T5844] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.838530][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.845155][ T5844] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.852285][ T5842] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.870542][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.883138][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.893717][ T5842] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.901977][ T5842] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.910687][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.918276][ T5842] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.559771][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 87.612299][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 87.734733][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 87.823688][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.831802][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.840163][ T5830] bridge_slave_0: entered allmulticast mode [ 87.848667][ T5830] bridge_slave_0: entered promiscuous mode [ 87.882876][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.890316][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.900265][ T5830] bridge_slave_1: entered allmulticast mode [ 87.908407][ T5830] bridge_slave_1: entered promiscuous mode [ 87.944685][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.951996][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.959267][ T5829] bridge_slave_0: entered allmulticast mode [ 87.966739][ T5829] bridge_slave_0: entered promiscuous mode [ 87.999792][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 88.010266][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.017444][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.024534][ T5829] bridge_slave_1: entered allmulticast mode [ 88.032109][ T5829] bridge_slave_1: entered promiscuous mode [ 88.109817][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.122834][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.144035][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.153757][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.161357][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.168594][ T5838] bridge_slave_0: entered allmulticast mode [ 88.175807][ T5838] bridge_slave_0: entered promiscuous mode [ 88.208386][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.218395][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.225951][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.233128][ T5838] bridge_slave_1: entered allmulticast mode [ 88.240941][ T5838] bridge_slave_1: entered promiscuous mode [ 88.300040][ T5830] team0: Port device team_slave_0 added [ 88.340921][ T5830] team0: Port device team_slave_1 added [ 88.354043][ T5829] team0: Port device team_slave_0 added [ 88.363486][ T5829] team0: Port device team_slave_1 added [ 88.371821][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.385010][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.520102][ T5838] team0: Port device team_slave_0 added [ 88.527156][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.534114][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.562090][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.575615][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.582576][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.608535][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.619890][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.627816][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.635115][ T5828] bridge_slave_0: entered allmulticast mode [ 88.643553][ T5828] bridge_slave_0: entered promiscuous mode [ 88.654103][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.661242][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.691786][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.704706][ T5838] team0: Port device team_slave_1 added [ 88.719473][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.727197][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.734311][ T5828] bridge_slave_1: entered allmulticast mode [ 88.741586][ T5828] bridge_slave_1: entered promiscuous mode [ 88.748836][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.756413][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.782554][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.860184][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.870130][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.877308][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.903624][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.926088][ T5840] Bluetooth: hci2: command tx timeout [ 88.926095][ T5836] Bluetooth: hci1: command tx timeout [ 88.957408][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.995249][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.002331][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.028665][ T5840] Bluetooth: hci0: command tx timeout [ 89.034074][ T5836] Bluetooth: hci3: command tx timeout [ 89.040085][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.061847][ T5829] hsr_slave_0: entered promiscuous mode [ 89.068717][ T5829] hsr_slave_1: entered promiscuous mode [ 89.105822][ T5830] hsr_slave_0: entered promiscuous mode [ 89.112319][ T5830] hsr_slave_1: entered promiscuous mode [ 89.119056][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.126800][ T5830] Cannot create hsr debugfs directory [ 89.152474][ T5828] team0: Port device team_slave_0 added [ 89.160827][ T5828] team0: Port device team_slave_1 added [ 89.264631][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.272769][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.298714][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.315103][ T5838] hsr_slave_0: entered promiscuous mode [ 89.321949][ T5838] hsr_slave_1: entered promiscuous mode [ 89.328375][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.335957][ T5838] Cannot create hsr debugfs directory [ 89.360483][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.367634][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.397293][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.576942][ T5828] hsr_slave_0: entered promiscuous mode [ 89.583416][ T5828] hsr_slave_1: entered promiscuous mode [ 89.590461][ T5828] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.598095][ T5828] Cannot create hsr debugfs directory [ 89.892400][ T5829] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.907672][ T5829] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.924383][ T5829] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.958973][ T5829] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 90.041929][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 90.055238][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 90.080568][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 90.092826][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 90.161007][ T5838] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 90.173940][ T5838] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 90.187483][ T5838] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 90.198878][ T5838] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 90.312596][ T5828] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 90.323116][ T5828] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 90.350808][ T5828] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 90.360702][ T5828] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 90.470203][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.520197][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.534741][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.558330][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.595338][ T4244] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.602636][ T4244] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.621693][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.632139][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.639295][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.652123][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.684257][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.691379][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.719870][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.726989][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.756059][ T4244] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.763167][ T4244] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.779525][ T4244] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.786662][ T4244] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.929068][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.005064][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.015135][ T5836] Bluetooth: hci2: command tx timeout [ 91.020819][ T5836] Bluetooth: hci1: command tx timeout [ 91.053888][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.061122][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.090618][ T5840] Bluetooth: hci0: command tx timeout [ 91.090628][ T5836] Bluetooth: hci3: command tx timeout [ 91.096779][ T1143] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.108658][ T1143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.384699][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.545820][ T5829] veth0_vlan: entered promiscuous mode [ 91.590363][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.608248][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.623143][ T5829] veth1_vlan: entered promiscuous mode [ 91.670397][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.721148][ T5829] veth0_macvtap: entered promiscuous mode [ 91.747142][ T5829] veth1_macvtap: entered promiscuous mode [ 91.798875][ T5830] veth0_vlan: entered promiscuous mode [ 91.831235][ T5838] veth0_vlan: entered promiscuous mode [ 91.837504][ T5830] veth1_vlan: entered promiscuous mode [ 91.863419][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.878727][ T5838] veth1_vlan: entered promiscuous mode [ 91.892741][ T5828] veth0_vlan: entered promiscuous mode [ 91.911495][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.933642][ T5828] veth1_vlan: entered promiscuous mode [ 91.963780][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.973653][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.000281][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.013587][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.030176][ T5830] veth0_macvtap: entered promiscuous mode [ 92.043535][ T5830] veth1_macvtap: entered promiscuous mode [ 92.054747][ T10] cfg80211: failed to load regulatory.db [ 92.104461][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.113642][ T5838] veth0_macvtap: entered promiscuous mode [ 92.137969][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.150275][ T5828] veth0_macvtap: entered promiscuous mode [ 92.164365][ T5838] veth1_macvtap: entered promiscuous mode [ 92.181307][ T49] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.193245][ T5828] veth1_macvtap: entered promiscuous mode [ 92.219507][ T49] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.228563][ T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.256862][ T4244] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.279884][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.292085][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.309044][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.346968][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.363822][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.378482][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.408405][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.417329][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.452623][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.465012][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.482573][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.492994][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.525105][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.538598][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.571513][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.583346][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.590656][ T5829] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 92.626748][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.634676][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.715135][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.737507][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.793754][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.819285][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.829675][ T1143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.842057][ T1143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.971516][ T5927] syz.3.5 uses obsolete (PF_INET,SOCK_PACKET) [ 92.995149][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.018679][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.086453][ T5840] Bluetooth: hci1: command tx timeout [ 93.086497][ T5836] Bluetooth: hci2: command tx timeout [ 93.125212][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.147298][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.166031][ T5836] Bluetooth: hci0: command tx timeout [ 93.166335][ T5840] Bluetooth: hci3: command tx timeout [ 93.235672][ T48] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 93.415176][ T48] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 93.439081][ T48] usb 4-1: config 4 has 0 interfaces, different from the descriptor's value: 1 [ 93.471713][ T48] usb 4-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 93.516643][ T48] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.658437][ T3080] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 93.815585][ T5831] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 93.825622][ T3080] usb 1-1: Using ep0 maxpacket: 8 [ 93.853113][ T3080] usb 1-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 93.873304][ T3080] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.894433][ T3080] usb 1-1: config 0 descriptor?? [ 93.985117][ T5950] process 'syz.1.13' launched './file1' with NULL argv: empty string added [ 94.036757][ T5831] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 94.063343][ T5831] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 94.073915][ T5831] usb 3-1: config 0 interface 0 has no altsetting 0 [ 94.081799][ T5831] usb 3-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 94.099865][ T5831] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.106767][ T5952] netlink: 'syz.3.5': attribute type 27 has an invalid length. [ 94.138070][ T5831] usb 3-1: config 0 descriptor?? [ 94.318334][ T5952] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.326508][ T5952] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.364388][ T3080] prodikeys 0003:041E:2801.0001: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.0-1/input0 [ 94.530298][ T5952] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 94.565034][ T5952] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 94.598150][ T5831] hid-steam 0003:28DE:1102.0002: unknown main item tag 0x0 [ 94.626694][ T5831] hid-steam 0003:28DE:1102.0002: unknown main item tag 0x0 [ 94.660463][ T5831] hid-steam 0003:28DE:1102.0002: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.2-1/input0 [ 94.766214][ T5831] hid-steam 0003:28DE:1102.0002: Steam Controller 'XXXXXXXXXX' connected [ 94.811323][ T5831] input: Steam Controller as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:28DE:1102.0002/input/input5 [ 94.848405][ T1143] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.854270][ T5896] usb 1-1: USB disconnect, device number 2 [ 94.879649][ T1143] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.917084][ T12] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.980139][ T5831] hid-steam 0003:28DE:1102.0003: unknown main item tag 0x0 [ 94.990083][ T1143] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.019003][ T5831] hid-steam 0003:28DE:1102.0003: unknown main item tag 0x0 [ 95.059871][ T5831] hid-steam 0003:28DE:1102.0003: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.2-1/input0 [ 95.113344][ T5831] usb 3-1: USB disconnect, device number 2 [ 95.168013][ T5840] Bluetooth: hci1: command tx timeout [ 95.168023][ T5836] Bluetooth: hci2: command tx timeout [ 95.185099][ T5831] hid-steam 0003:28DE:1102.0002: Steam Controller 'XXXXXXXXXX' disconnected [ 95.248113][ T5840] Bluetooth: hci3: command tx timeout [ 95.248123][ T5836] Bluetooth: hci0: command tx timeout [ 95.338557][ T5958] fido_id[5958]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 95.638586][ T5961] can0: slcan on ptm0. [ 95.915715][ T5831] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 95.943988][ T5876] usb 4-1: USB disconnect, device number 2 [ 96.067297][ T30] audit: type=1800 audit(1751167517.122:2): pid=5968 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.17" name="bus" dev="overlay" ino=46 res=0 errno=0 [ 96.126363][ T5831] usb 1-1: config 0 has no interfaces? [ 96.144194][ T5831] usb 1-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 96.179760][ T5831] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.206956][ T5831] usb 1-1: Product: syz [ 96.211164][ T5831] usb 1-1: Manufacturer: syz [ 96.255909][ T5831] usb 1-1: SerialNumber: syz [ 96.290591][ T5831] usb 1-1: config 0 descriptor?? [ 96.524335][ T5876] usb 1-1: USB disconnect, device number 3 [ 96.596459][ T5831] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 96.636209][ T5959] can0 (unregistered): slcan off ptm0. [ 96.775036][ T5831] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 96.791300][ T5831] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 96.818812][ T5831] usb 3-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 96.863009][ T5831] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 96.923271][ T5831] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.959362][ T5831] usbtmc 3-1:16.0: bulk endpoints not found [ 97.368539][ T6000] netlink: 14 bytes leftover after parsing attributes in process `syz.0.24'. [ 97.507751][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.744024][ T6000] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 97.776558][ T6000] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 97.853323][ T6000] bond0 (unregistering): Released all slaves [ 98.396072][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.676027][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.684715][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.705969][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.714520][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.723451][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.732303][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.741388][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.750279][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.041595][ T6032] 9pnet_virtio: no channels available for device syz [ 99.424443][ T6034] Device name cannot be null; rc = [-22] [ 99.673397][ T5831] usb 3-1: USB disconnect, device number 3 [ 99.811429][ T6038] ================================================================== [ 99.819539][ T6038] BUG: KASAN: slab-out-of-bounds in pause_parse_request+0x40/0x160 [ 99.827472][ T6038] Read of size 8 at addr ffff888020b21fb0 by task syz.1.32/6038 [ 99.835120][ T6038] [ 99.837458][ T6038] CPU: 1 UID: 0 PID: 6038 Comm: syz.1.32 Not tainted 6.16.0-rc3-next-20250627-syzkaller #0 PREEMPT(full) [ 99.837478][ T6038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 99.837487][ T6038] Call Trace: [ 99.837493][ T6038] [ 99.837500][ T6038] dump_stack_lvl+0x189/0x250 [ 99.837520][ T6038] ? __virt_addr_valid+0x1c8/0x5c0 [ 99.837537][ T6038] ? rcu_is_watching+0x15/0xb0 [ 99.837550][ T6038] ? __kasan_check_byte+0x12/0x40 [ 99.837567][ T6038] ? __pfx_dump_stack_lvl+0x10/0x10 [ 99.837582][ T6038] ? rcu_is_watching+0x15/0xb0 [ 99.837595][ T6038] ? lock_release+0x4b/0x3e0 [ 99.837617][ T6038] ? __virt_addr_valid+0x1c8/0x5c0 [ 99.837633][ T6038] ? __virt_addr_valid+0x4a5/0x5c0 [ 99.837650][ T6038] print_report+0xd2/0x2b0 [ 99.837668][ T6038] ? pause_parse_request+0x40/0x160 [ 99.837685][ T6038] kasan_report+0x118/0x150 [ 99.837701][ T6038] ? pause_parse_request+0x40/0x160 [ 99.837719][ T6038] ? __pfx_pause_parse_request+0x10/0x10 [ 99.837735][ T6038] pause_parse_request+0x40/0x160 [ 99.837752][ T6038] ? __pfx_pause_parse_request+0x10/0x10 [ 99.837767][ T6038] ethnl_default_set_doit+0x2c1/0xa40 [ 99.837787][ T6038] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 99.837805][ T6038] genl_family_rcv_msg_doit+0x215/0x300 [ 99.837821][ T6038] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 99.837839][ T6038] ? bpf_lsm_capable+0x9/0x20 [ 99.837854][ T6038] ? security_capable+0x7e/0x2e0 [ 99.837874][ T6038] genl_rcv_msg+0x60e/0x790 [ 99.837889][ T6038] ? __pfx_genl_rcv_msg+0x10/0x10 [ 99.837907][ T6038] ? ref_tracker_free+0x63a/0x7d0 [ 99.837923][ T6038] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 99.837942][ T6038] ? __pfx_ref_tracker_free+0x10/0x10 [ 99.837961][ T6038] netlink_rcv_skb+0x208/0x470 [ 99.837979][ T6038] ? __pfx_genl_rcv_msg+0x10/0x10 [ 99.837992][ T6038] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 99.838015][ T6038] ? down_read+0x1ad/0x2e0 [ 99.838036][ T6038] genl_rcv+0x28/0x40 [ 99.838048][ T6038] netlink_unicast+0x75b/0x8d0 [ 99.838067][ T6038] netlink_sendmsg+0x805/0xb30 [ 99.838088][ T6038] ? __pfx_netlink_sendmsg+0x10/0x10 [ 99.838107][ T6038] ? aa_sock_msg_perm+0xf1/0x1d0 [ 99.838124][ T6038] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 99.838142][ T6038] ? __pfx_netlink_sendmsg+0x10/0x10 [ 99.838160][ T6038] __sock_sendmsg+0x219/0x270 [ 99.838177][ T6038] ____sys_sendmsg+0x505/0x830 [ 99.838199][ T6038] ? __pfx_____sys_sendmsg+0x10/0x10 [ 99.838222][ T6038] ? import_iovec+0x74/0xa0 [ 99.838238][ T6038] ___sys_sendmsg+0x21f/0x2a0 [ 99.838259][ T6038] ? __pfx____sys_sendmsg+0x10/0x10 [ 99.838290][ T6038] ? __fget_files+0x2a/0x420 [ 99.838308][ T6038] ? __fget_files+0x3a0/0x420 [ 99.838329][ T6038] __x64_sys_sendmsg+0x19b/0x260 [ 99.838343][ T6038] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 99.838366][ T6038] ? rcu_is_watching+0x15/0xb0 [ 99.838381][ T6038] ? do_syscall_64+0xbe/0x3b0 [ 99.838400][ T6038] do_syscall_64+0xfa/0x3b0 [ 99.838416][ T6038] ? lockdep_hardirqs_on+0x9c/0x150 [ 99.838432][ T6038] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.838445][ T6038] ? clear_bhb_loop+0x60/0xb0 [ 99.838460][ T6038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.838473][ T6038] RIP: 0033:0x7f6e97f8e929 [ 99.838486][ T6038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.838498][ T6038] RSP: 002b:00007f6e98e28038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 99.838514][ T6038] RAX: ffffffffffffffda RBX: 00007f6e981b5fa0 RCX: 00007f6e97f8e929 [ 99.838525][ T6038] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 99.838534][ T6038] RBP: 00007f6e98010b39 R08: 0000000000000000 R09: 0000000000000000 [ 99.838542][ T6038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 99.838551][ T6038] R13: 0000000000000000 R14: 00007f6e981b5fa0 R15: 00007fffda776a28 [ 99.838565][ T6038] [ 99.838570][ T6038] [ 100.219497][ T6038] Allocated by task 6038: [ 100.223825][ T6038] kasan_save_track+0x3e/0x80 [ 100.228499][ T6038] __kasan_kmalloc+0x93/0xb0 [ 100.233086][ T6038] __kmalloc_noprof+0x27a/0x4f0 [ 100.237935][ T6038] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 100.243997][ T6038] genl_family_rcv_msg_doit+0xb8/0x300 [ 100.249448][ T6038] genl_rcv_msg+0x60e/0x790 [ 100.253949][ T6038] netlink_rcv_skb+0x208/0x470 [ 100.258724][ T6038] genl_rcv+0x28/0x40 [ 100.262707][ T6038] netlink_unicast+0x75b/0x8d0 [ 100.267470][ T6038] netlink_sendmsg+0x805/0xb30 [ 100.272237][ T6038] __sock_sendmsg+0x219/0x270 [ 100.276927][ T6038] ____sys_sendmsg+0x505/0x830 [ 100.281723][ T6038] ___sys_sendmsg+0x21f/0x2a0 [ 100.286408][ T6038] __x64_sys_sendmsg+0x19b/0x260 [ 100.291341][ T6038] do_syscall_64+0xfa/0x3b0 [ 100.295856][ T6038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.301756][ T6038] [ 100.304074][ T6038] The buggy address belongs to the object at ffff888020b21f80 [ 100.304074][ T6038] which belongs to the cache kmalloc-64 of size 64 [ 100.317950][ T6038] The buggy address is located 8 bytes to the right of [ 100.317950][ T6038] allocated 40-byte region [ffff888020b21f80, ffff888020b21fa8) [ 100.332364][ T6038] [ 100.334698][ T6038] The buggy address belongs to the physical page: [ 100.341102][ T6038] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20b21 [ 100.349866][ T6038] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 100.357414][ T6038] page_type: f5(slab) [ 100.361402][ T6038] raw: 00fff00000000000 ffff88801a8418c0 ffffea0000b1d040 dead000000000005 [ 100.370027][ T6038] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 100.378616][ T6038] page dumped because: kasan: bad access detected [ 100.385026][ T6038] page_owner tracks the page as allocated [ 100.390746][ T6038] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5187, tgid 5187 (S02klogd), ts 29797704487, free_ts 28171302986 [ 100.409512][ T6038] post_alloc_hook+0x240/0x2a0 [ 100.414285][ T6038] get_page_from_freelist+0x21e4/0x22c0 [ 100.419831][ T6038] __alloc_frozen_pages_noprof+0x181/0x370 [ 100.425639][ T6038] alloc_pages_mpol+0x232/0x4a0 [ 100.430495][ T6038] allocate_slab+0x8a/0x370 [ 100.435000][ T6038] ___slab_alloc+0xbeb/0x1410 [ 100.439675][ T6038] __kmalloc_noprof+0x305/0x4f0 [ 100.444521][ T6038] tomoyo_commit_ok+0x29/0x1d0 [ 100.449285][ T6038] tomoyo_update_domain+0x54a/0x880 [ 100.454479][ T6038] tomoyo_write_file+0x384/0xbb0 [ 100.459423][ T6038] tomoyo_supervisor+0x1167/0x1480 [ 100.464542][ T6038] tomoyo_path_permission+0x25a/0x380 [ 100.469916][ T6038] tomoyo_check_open_permission+0x24d/0x3b0 [ 100.475806][ T6038] security_file_open+0xb1/0x270 [ 100.480743][ T6038] do_dentry_open+0x35e/0x1970 [ 100.485509][ T6038] vfs_open+0x3b/0x340 [ 100.489581][ T6038] page last free pid 1 tgid 1 stack trace: [ 100.495378][ T6038] __free_frozen_pages+0xb80/0xd80 [ 100.500501][ T6038] kasan_depopulate_vmalloc_pte+0x74/0xa0 [ 100.506227][ T6038] __apply_to_page_range+0xb8f/0x1380 [ 100.511603][ T6038] kasan_release_vmalloc+0xa2/0xd0 [ 100.516757][ T6038] purge_vmap_node+0x214/0x8f0 [ 100.521541][ T6038] __purge_vmap_area_lazy+0x7a4/0xb40 [ 100.526919][ T6038] _vm_unmap_aliases+0x70f/0x7b0 [ 100.531859][ T6038] change_page_attr_set_clr+0x305/0xeb0 [ 100.537412][ T6038] set_memory_nx+0xd6/0x110 [ 100.541921][ T6038] free_kernel_image_pages+0x85/0x100 [ 100.547292][ T6038] kernel_init+0x31/0x1d0 [ 100.551623][ T6038] ret_from_fork+0x3fc/0x770 [ 100.556226][ T6038] ret_from_fork_asm+0x1a/0x30 [ 100.560994][ T6038] [ 100.563318][ T6038] Memory state around the buggy address: [ 100.568942][ T6038] ffff888020b21e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 100.577001][ T6038] ffff888020b21f00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 100.585058][ T6038] >ffff888020b21f80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 100.593109][ T6038] ^ [ 100.598731][ T6038] ffff888020b22000: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc 00 00 [ 100.606788][ T6038] ffff888020b22080: 00 00 00 00 00 00 00 00 fc fc fc fc 00 00 00 00 [ 100.614841][ T6038] ================================================================== [ 100.639904][ T6038] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 100.647130][ T6038] CPU: 0 UID: 0 PID: 6038 Comm: syz.1.32 Not tainted 6.16.0-rc3-next-20250627-syzkaller #0 PREEMPT(full) [ 100.658412][ T6038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 100.668464][ T6038] Call Trace: [ 100.671742][ T6038] [ 100.674683][ T6038] dump_stack_lvl+0x99/0x250 [ 100.679292][ T6038] ? __asan_memcpy+0x40/0x70 [ 100.683894][ T6038] ? __pfx_dump_stack_lvl+0x10/0x10 [ 100.689095][ T6038] ? __pfx__printk+0x10/0x10 [ 100.693692][ T6038] panic+0x2db/0x790 [ 100.697596][ T6038] ? __pfx_panic+0x10/0x10 [ 100.702014][ T6038] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 100.707923][ T6038] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 100.714260][ T6038] ? print_memory_metadata+0x314/0x400 [ 100.719729][ T6038] ? pause_parse_request+0x40/0x160 [ 100.724929][ T6038] check_panic_on_warn+0x89/0xb0 [ 100.729867][ T6038] ? pause_parse_request+0x40/0x160 [ 100.735073][ T6038] end_report+0x78/0x160 [ 100.739313][ T6038] kasan_report+0x129/0x150 [ 100.743815][ T6038] ? pause_parse_request+0x40/0x160 [ 100.749012][ T6038] ? __pfx_pause_parse_request+0x10/0x10 [ 100.754648][ T6038] pause_parse_request+0x40/0x160 [ 100.759675][ T6038] ? __pfx_pause_parse_request+0x10/0x10 [ 100.765304][ T6038] ethnl_default_set_doit+0x2c1/0xa40 [ 100.770682][ T6038] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 100.777009][ T6038] genl_family_rcv_msg_doit+0x215/0x300 [ 100.782564][ T6038] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 100.788628][ T6038] ? bpf_lsm_capable+0x9/0x20 [ 100.793307][ T6038] ? security_capable+0x7e/0x2e0 [ 100.798252][ T6038] genl_rcv_msg+0x60e/0x790 [ 100.802756][ T6038] ? __pfx_genl_rcv_msg+0x10/0x10 [ 100.807775][ T6038] ? ref_tracker_free+0x63a/0x7d0 [ 100.812799][ T6038] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 100.818701][ T6038] ? __pfx_ref_tracker_free+0x10/0x10 [ 100.824072][ T6038] netlink_rcv_skb+0x208/0x470 [ 100.828839][ T6038] ? __pfx_genl_rcv_msg+0x10/0x10 [ 100.833866][ T6038] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 100.839165][ T6038] ? down_read+0x1ad/0x2e0 [ 100.843592][ T6038] genl_rcv+0x28/0x40 [ 100.847572][ T6038] netlink_unicast+0x75b/0x8d0 [ 100.852336][ T6038] netlink_sendmsg+0x805/0xb30 [ 100.857104][ T6038] ? __pfx_netlink_sendmsg+0x10/0x10 [ 100.862393][ T6038] ? aa_sock_msg_perm+0xf1/0x1d0 [ 100.867339][ T6038] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 100.872626][ T6038] ? __pfx_netlink_sendmsg+0x10/0x10 [ 100.877913][ T6038] __sock_sendmsg+0x219/0x270 [ 100.882594][ T6038] ____sys_sendmsg+0x505/0x830 [ 100.887363][ T6038] ? __pfx_____sys_sendmsg+0x10/0x10 [ 100.892657][ T6038] ? import_iovec+0x74/0xa0 [ 100.897161][ T6038] ___sys_sendmsg+0x21f/0x2a0 [ 100.901859][ T6038] ? __pfx____sys_sendmsg+0x10/0x10 [ 100.907092][ T6038] ? __fget_files+0x2a/0x420 [ 100.911695][ T6038] ? __fget_files+0x3a0/0x420 [ 100.916376][ T6038] __x64_sys_sendmsg+0x19b/0x260 [ 100.921312][ T6038] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 100.926781][ T6038] ? rcu_is_watching+0x15/0xb0 [ 100.931551][ T6038] ? do_syscall_64+0xbe/0x3b0 [ 100.936239][ T6038] do_syscall_64+0xfa/0x3b0 [ 100.940753][ T6038] ? lockdep_hardirqs_on+0x9c/0x150 [ 100.945957][ T6038] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.952025][ T6038] ? clear_bhb_loop+0x60/0xb0 [ 100.956707][ T6038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.962598][ T6038] RIP: 0033:0x7f6e97f8e929 [ 100.967029][ T6038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.986642][ T6038] RSP: 002b:00007f6e98e28038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 100.995056][ T6038] RAX: ffffffffffffffda RBX: 00007f6e981b5fa0 RCX: 00007f6e97f8e929 [ 101.003023][ T6038] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 101.010991][ T6038] RBP: 00007f6e98010b39 R08: 0000000000000000 R09: 0000000000000000 [ 101.018960][ T6038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 101.026928][ T6038] R13: 0000000000000000 R14: 00007f6e981b5fa0 R15: 00007fffda776a28 [ 101.034902][ T6038] [ 101.038167][ T6038] Kernel Offset: disabled [ 101.042482][ T6038] Rebooting in 86400 seconds..