last executing test programs: 13.135754838s ago: executing program 0 (id=103): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x48, 0x0, 0x8) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e21, 0x6, @local, 0x3ff}, 0x1c) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f00000001c0)) ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000040)=0xc) ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000640)=0x10) close(r2) r4 = syz_usb_connect$hid(0x2, 0x0, 0x0, 0x0) syz_usb_control_io(r4, 0x0, 0x0) syz_open_dev$dri(&(0x7f00000002c0), 0x1, 0x2100) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r7, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) r8 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newlink={0x20, 0x10, 0x403, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, r7, 0xff7f}}, 0x20}}, 0x0) r9 = socket(0x1, 0x803, 0x0) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x12}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r10}]}, 0x3c}}, 0x0) 11.932838668s ago: executing program 4 (id=107): socket$key(0xf, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x80489439, &(0x7f00000010c0)) socket(0x10, 0x3, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{0x0}], 0x1) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23, 0x1003, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) socket$inet6_mptcp(0xa, 0x1, 0x106) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe) sendmmsg$sock(r2, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0) 10.743260106s ago: executing program 1 (id=109): socketpair(0x1, 0x20000000000001, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_READ_FIXED={0x4, 0x4, 0x6000, @fd, 0xffffffff, 0x18f, 0xc69, 0x0, 0x1}) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x15) dup(0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000007f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32ef", 0x45}], 0x1}, 0x0) 10.591486045s ago: executing program 4 (id=110): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x6, 0x50, 0xffffffffffffffff, 0x0) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) madvise(&(0x7f000072a000/0x4000)=nil, 0x4000, 0x4) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x10) write$cgroup_int(r2, &(0x7f0000000000)=0x2b00, 0x12) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, 0xffffffffffffffff, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r3, 0x1, 0x3c, 0x0, 0x0) sendmmsg$inet(r3, &(0x7f0000000040)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4000800) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000cc0), 0x8a140, 0x0) ioctl$PTP_SYS_OFFSET_PRECISE(r4, 0xc0403d08, 0x0) r5 = syz_open_procfs(0x0, 0x0) lseek(r5, 0x4, 0x2) getdents(r5, 0x0, 0x48) 9.571826545s ago: executing program 1 (id=111): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f0000000180)=0x4, 0x4) sendmsg$tipc(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@id, 0x10, 0x0}, 0x0) connect$tipc(r0, &(0x7f0000000000)=@id={0x1e, 0x2, 0x2}, 0x10) 8.727826133s ago: executing program 1 (id=112): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r2, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f0000000240)=ANY=[@ANYBLOB="0100000000000000090000000200000002"]) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0xab, @loopback, 0x10001}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @loopback, 0x23}, 0x1c) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r3 = dup(r0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x2008cc10}, 0x4004883) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000)={0x1ff}) setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, 0x0, 0x0) r5 = socket$inet6_sctp(0xa, 0x801, 0x84) r6 = syz_io_uring_setup(0xcd0, &(0x7f0000000340)={0x0, 0x7f0a, 0x80, 0xfffffffe, 0x21c}, &(0x7f0000000300)=0x0, &(0x7f00000002c0)=0x0) syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r6, 0xa3d, 0x0, 0x0, 0x0, 0xff39) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0xa) syz_kvm_setup_cpu$x86(r10, r11, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000000)="400f01c3650f07470f01cab9800000c02e6726f3400fc7b50000000008040421000f30c4417ff030b9800000c00f3235000100000f30640f01cf65490fc79ce656000000f30f1efc6764653e470f1b690c", 0x51}], 0x1, 0xb, 0x0, 0x0) syz_kvm_setup_cpu$x86(r10, r11, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x57, 0x0, 0x0) ioctl$KVM_RUN(r11, 0xae80, 0x0) shutdown(r5, 0x1) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r14, 0x4048aecb, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000005009803"]) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000880)={'syz0\x00', {0x7, 0x4, 0x5, 0xfffa}, 0x1d, [0x7ffe, 0x4, 0xfffffff3, 0x80, 0x80, 0x2, 0x0, 0x7f, 0x6, 0x8, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x8, 0x4, 0x3c5b, 0x1, 0x3, 0x9, 0x1, 0x1f461e2c, 0x0, 0xe660, 0x4, 0x5, 0x101, 0x7fff, 0x4c74, 0x80000000, 0xa42, 0x3, 0xe, 0x0, 0x4bf12ccc, 0xfffffff8, 0x7, 0x0, 0x0, 0xd, 0x3e, 0x8f, 0x6, 0x10000006, 0x0, 0x2, 0x4, 0x8, 0x0, 0x80, 0x1, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000006, 0xffff, 0x134, 0x7ffe, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0x6, 0x3, 0x0, 0x7, 0x5, 0x0, 0xe, 0x312, 0x9, 0xea4, 0x0, 0x5, 0x4, 0x8000, 0x9, 0x400, 0x5, 0x6, 0x7, 0xff, 0x5, 0x9, 0x5f31, 0x4, 0x0, 0x2, 0x2, 0xa, 0x4, 0x9, 0x8, 0x800, 0x6, 0x7, 0x8000, 0x1, 0xfe000000, 0xff7d, 0x2, 0x7f, 0x9, 0x2, 0xffffffff, 0x9, 0x1, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0x2], [0x400, 0x4, 0xfffffffc, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x7c19, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x83, 0x80000003, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x8, 0x8, 0x4, 0x6d01, 0x5, 0x38, 0x800003, 0x200, 0x80, 0xf, 0xd, 0x2950bfaf, 0x7, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0xfffffff9, 0x1, 0x4, 0xffff, 0x0, 0x1a, 0x1c, 0x120000, 0x3, 0x16, 0xaaed, 0x4, 0x5aac], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x7, 0x2, 0xf58, 0x5, 0x2, 0x101, 0x10000, 0x6, 0x7ffe, 0x8, 0x4, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0xb6, 0x6, 0xffffffff, 0x80000000, 0x6b4d7043, 0x8, 0x10c8, 0xee1, 0xfffff000, 0xffff, 0x3, 0x7f, 0x100, 0x9602, 0x7, 0x2, 0x4, 0x6, 0x1, 0x10080, 0x5, 0x8, 0x30b1d693, 0xa1f, 0x8, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0x1ff, 0x1, 0x200, 0xffbf2441, 0xfff]}, 0x45c) 7.29092618s ago: executing program 1 (id=117): syz_emit_vhci(0x0, 0xec) 7.234981076s ago: executing program 2 (id=118): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000340)={0x0, 0xcc}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r0, &(0x7f0000000540)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x3, @loopback, 0x3}, 0x1c, &(0x7f00000004c0)=[{&(0x7f0000000240)="dc", 0x1}], 0x1}}], 0x1, 0x3404c891) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000680)=ANY=[@ANYRES32=0x0, @ANYBLOB="f7000200040003f1"], 0xc) 6.952153603s ago: executing program 1 (id=120): socket$key(0xf, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x80489439, &(0x7f00000010c0)) socket(0x10, 0x3, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{0x0}], 0x1) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23, 0x1003, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) socket$inet6_mptcp(0xa, 0x1, 0x106) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe) sendmmsg$sock(r2, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0) 6.888653265s ago: executing program 2 (id=121): socketpair(0x1, 0x20000000000001, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_READ_FIXED={0x4, 0x4, 0x6000, @fd, 0xffffffff, 0x18f, 0xc69, 0x0, 0x1}) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x15) dup(0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000007f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32ef", 0x45}], 0x1}, 0x0) 6.842389646s ago: executing program 0 (id=122): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r1 = socket$netlink(0x10, 0x3, 0x4) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) setsockopt$SO_J1939_ERRQUEUE(r3, 0x6b, 0x4, &(0x7f0000000080)=0x1, 0x4) bind$can_j1939(r3, &(0x7f0000000340)={0x1d, r4, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r4, {0xfffd, 0xffeb}, {0xb, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850) close_range(r1, 0xffffffffffffffff, 0x0) 5.8084686s ago: executing program 2 (id=124): ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0xc0686611, 0x0) socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0) r0 = syz_io_uring_setup(0x109, &(0x7f00000000c0)={0x0, 0x8006d89, 0x100, 0x2, 0x20000066}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_READ_FIXED={0x4, 0x4, 0x6000, @fd=r0, 0xffffffff, 0x18f, 0xc69, 0x0, 0x1}) mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="38010000fe00004a59ac3fab5a3b30692619d523a7eb0167d4f100fd8bcb"], 0x138) io_uring_enter(r0, 0x8aa, 0x0, 0x0, 0x0, 0x0) 5.701807826s ago: executing program 1 (id=125): r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) socket$inet(0x2, 0x6, 0x40000006) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x1000, &(0x7f0000456000/0x1000)=nil}) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000500)=ANY=[@ANYRES8=r6]) ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f0000000100)={"b46474f815e8d5535f0887c44335cc824dc6121bc72a77f532ff5dad4d643a9cab29d2310e04be14eb26c0af4985fe45e3b3b0680b3ec92725d74b9716e0f7c3119a2c9a0ae65ff4772e2e12733cb013c4308fe40863480747c0a7ddb9361b1578015ca1bb2c1677ebae096f08345476f567443842946ed946434c75916d1db83fe305920de65bfaf9bd940672216846cb16b8ae67cd3affc61375381f91b3b9f1cc5e38cafe5239aee71dcd481fbe1ecd2547ffbaad4469a74697c28fb9beefa6a5d736712a55eb9110c2cf7964062ba8cbc1c038e84f0f5db7fc7053118bf5221e3efa6fc3edb5d0ca3cde7054dd0751a332520aa8478b1775d552c5cc24d3c2df9eb333e5ca3aa06c1c2cf8526714f5caff2f55b41976fc20b64f1fc61d5b44f50953582a1825d32130a31abfeafd1987317879e29ac51b93c9659e023fff3ddb5e39dd19cc3ef1d883c78b9e073d08a9197fb3717df238b9831831214b186693be9dd2568bb77272e80df5dfed03e8c467627bedfbd93359a9f79a3aa37e873dc1357b37b43d813ea85267b0dc8b1c4cc51bd985328833beb2679b7fb762555bbea2da936b36f8f1673fd5f606b2b6eb23b72bf947206e8dbfeb40ca6f265a3485c8446e0f0da652860b88328073d2282c14b48a7774e62754a968b60e92205e8fafcdd70a55c3c4d1a4821ff44e6e3681f15ae091262e3a3290a24d8ceae30ebbf9d24287bb8a5d73c608d47d287f9e716cf02b4796a83fb0c05e45b89de9ef8bce834e6d7a0be6e30d2c66cb6e640cb01898454ad361bc0701d8fe56113335ae6adec59300db04691cc4a689034272a8e086a32ce7061b4f79fa8afbb48a6ce4b62bdc44af013d78980457e1fa61eb9204818606f4c3b03c0f33cd2a841ac9bc2b73151a96e31ab99e6ec969b5f2c3edd5f9abc69845e487af992758ba445368da93dae1d44360d52a534a88276b8aaf349841d8a4788c60408618437c442308dbf70efeda2e54e9b9e4fe5f76997c9dcb945a26bd75748c85d19ca8b99264dce50580e8d4dbda401dad7df31e9a7a6a3a83bfbdfb5394abd581ac0824fbcd75d2f5205c0b7c9188e6f26bfd97734d9a20433f6cdba9d14a5f32a4d97a57f4603b21146fd1aebf082e863d463c224ad623c17d8043d3bf083f0322408dd6ead6915ac6a4222ab51480eb6e11a8913348219515170d9df90d72d7363bbda3e327d19f98c0a856f98076380e788e602e8a2ae0a1930786874dc21a2e99abda15f35457cf1dcb440c4b41350d0eda352aad7f57a0adc8a6914da06460635ed21c4c11cd1a8ec778064c9f62efba2927828b23f94b16619a5520731c2c40ab8583c9f2e73233d74b84f4877ce6b35bb1180300"}) ioctl$KVM_RUN(r6, 0xae80, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r2, 0x0) r7 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12014f00000000107d1e38310000e10000010902240001000000000904000002030000000921000000012205000905810300"], 0x0) syz_usb_control_io(r7, 0x0, 0x0) syz_usb_control_io(r7, &(0x7f0000000000)={0x2c, &(0x7f0000000300)={0x20, 0x2, 0x5, {0x5, 0x8, '\x00\x00\x00'}}, 0x0, 0x0, 0x0, 0x0}, 0x0) r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendfile(r8, r8, 0x0, 0x200000) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r3, 0x7a5, &(0x7f0000000540)={{@local, 0x7f}, 0x1, 0x2, 0x2}) migrate_pages(0x0, 0x3, &(0x7f0000000300)=0x3, &(0x7f0000000340)=0x13e) ioctl$TCSETSW2(r1, 0x5408, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000280)={0x0, 0x20, 0x1}) 5.27199292s ago: executing program 3 (id=126): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x4, &(0x7f00000004c0)=[{0x800000000, 0x0, 0x3}], 0x1, 0xbfe, 0x0, 0x0, 0x8, 0x6e}) 5.221387328s ago: executing program 2 (id=127): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) ioctl$TIOCMGET(r2, 0x541e, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x40041) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB='4\x00\x00\x00>\x00\t\x00\x00\x00\x00\x00\x00\b\x00\x00'], 0x34}}, 0x84) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) 4.881138065s ago: executing program 4 (id=128): r0 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/uevent_helper', 0x149882, 0x60) write$RDMA_USER_CM_CMD_BIND_IP(r2, 0x0, 0x0) prlimit64(0x0, 0x1, 0x0, &(0x7f0000000340)) set_mempolicy(0x2, &(0x7f0000000080)=0x4716, 0x3) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000}) memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) r4 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x6}}, {{0xa, 0xfffe, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0x3}}}, 0x108) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x3, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x2, @loopback}}}, 0x108) 4.812227789s ago: executing program 3 (id=129): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000002b00"], 0x14}}, 0x84) 4.691576418s ago: executing program 0 (id=130): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x4, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x800}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x30, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb4}}, 0x0) 4.647693276s ago: executing program 4 (id=131): r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000000)=0xa60e, 0x6) 4.476865988s ago: executing program 3 (id=132): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc) memfd_create(0x0, 0x0) r4 = socket$unix(0x1, 0x5, 0x0) bind$unix(r4, &(0x7f0000000140)=@abs={0x1}, 0x6e) socket$unix(0x1, 0x1, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_GET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, 0x1, 0x9, 0x401, 0x0, 0x0, {0x3, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x14}, 0x4000) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4000000) sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000001200)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a8c000000030a0fdb00000000000000000a0000050900030073797a30000000000900010073797a31000000004c0008800c00024000deffff55c3dd9e0c00014000000000000000000c00024000000000000000000c00024000000000000000090c00014000000000000000060c000140000000000000026314000480080002403cb140bb080001400000000314000000"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) sendmsg$NFT_MSG_GETCHAIN(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000006c0)={0x14, 0x4, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x4040004}, 0x0) mkdir(0x0, 0x0) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r7, &(0x7f0000000100)={0x1f, 0x2}, 0x28) setreuid(0xee01, 0xee01) r8 = syz_io_uring_complete(0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r8, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x2, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x8, 0x1f}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x40800}, 0x4000051) 4.331932152s ago: executing program 4 (id=133): syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x402000, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) getsockopt$nfc_llcp(0xffffffffffffffff, 0x118, 0x3, &(0x7f0000000540)=""/181, 0xffffffffffffffce) ioctl$PIO_SCRNMAP(r1, 0x4b52, &(0x7f0000000000)) ioctl$VT_RESIZE(r1, 0x5609, &(0x7f0000000040)={0x1, 0x7, 0x3}) bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) socket$inet6_mptcp(0xa, 0x1, 0x106) syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0) 4.136176287s ago: executing program 0 (id=134): socketpair(0x1, 0x20000000000001, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_READ_FIXED={0x4, 0x4, 0x6000, @fd, 0xffffffff, 0x18f, 0xc69, 0x0, 0x1}) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x15) dup(0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000007f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec0012100001400a0c0c00bdad446b9bbc7a46e3988285dcdf12f21308f8", 0x67}], 0x1}, 0x0) 3.00166886s ago: executing program 3 (id=135): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) sched_setaffinity(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000003f64ecb21ed7d74b542e43ae9f57f61af1c5b6016901992307df92d7c26b05a7da0582d208fd1f57c41cee38c7023e71dc864ab49f7894dd5ee29721d0625ee50c8aeca9b5090d85ff1c5df40229f0981507171aec7dc97abd981893d51a27e8a1033fa344fa3c6c27705648a6"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x20c9}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000000), &(0x7f0000000040)=r1}, 0x20) r7 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) sendmsg$nl_route_sched(r7, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=@newtaction={0x68, 0x30, 0x1, 0x4000000, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000, 0x0, 0x4}, 0x3, r8}}]}, {0x4, 0xa}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x68}}, 0x0) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x9, 0xa, 0x30, 0x60}, {0x0, 0x0, 0x0, 0x0, 0x1, 0x200000003, 0x0, 0x40}, {0x1, 0x4, 0x0, 0x6}, 0x3, 0x0, 0x0, 0x0, 0x2}}, 0xb8}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x2500, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="6501000014"], 0x188}}, 0x0) 2.868021316s ago: executing program 2 (id=136): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) socket$nl_route(0x10, 0x3, 0x0) fsopen(0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) write$proc_mixer(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='RECLEV\nPHONEOUT\nSPEAKER \'CD\''], 0xb8) r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0) dup3(r3, r2, 0x0) 1.40105931s ago: executing program 3 (id=137): ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0xc0686611, 0x0) socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0) r0 = syz_io_uring_setup(0x109, &(0x7f00000000c0)={0x0, 0x8006d89, 0x100, 0x2, 0x20000066}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_READ_FIXED={0x4, 0x4, 0x6000, @fd=r0, 0xffffffff, 0x18f, 0xc69, 0x0, 0x1}) mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="38010000fe00004a59ac3fab5a3b30692619d523a7eb0167d4f100fd8bcb"], 0x138) io_uring_enter(r0, 0x8aa, 0x0, 0x0, 0x0, 0x0) 1.280444258s ago: executing program 4 (id=138): r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendmmsg$inet(r0, &(0x7f0000002980)=[{{0x0, 0x0, &(0x7f0000002880)=[{&(0x7f0000002540)="e2f21f5df2b498", 0x7}], 0x1}}], 0x1, 0xc1) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000400)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000140)={0x28, 0x4, r4, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x800}) ioctl$IOMMU_IOAS_COPY(r3, 0x3b83, &(0x7f0000000040)={0x28, 0x5, r4, r4, 0x3, 0xfffffffffffffffa, 0x3fff}) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r5, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) socket$nl_xfrm(0x10, 0x3, 0x6) listen(0xffffffffffffffff, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x360, 0x1c0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x480, 0xffffffff, 0xffffffff, 0x480, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c0) 1.167674869s ago: executing program 0 (id=139): r0 = socket$netlink(0x10, 0x3, 0xc) pipe(&(0x7f0000000180)) sendmsg$nl_route(r0, 0x0, 0x20008040) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x7}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 824.916423ms ago: executing program 2 (id=140): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000140)=0x3, 0x20) sendmsg$tipc(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@id, 0x10, 0x0}, 0x0) connect$tipc(r0, &(0x7f0000000000)=@id={0x1e, 0x2, 0x2}, 0x10) 378.580386ms ago: executing program 3 (id=141): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x58840}, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0}) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) socket(0x2b, 0x1, 0x1) r4 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x14, 0x601, 0x3, 0x0, {0x2b, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x4000) 0s ago: executing program 0 (id=142): r0 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/uevent_helper', 0x149882, 0x60) write$RDMA_USER_CM_CMD_BIND_IP(r2, 0x0, 0x0) prlimit64(0x0, 0x1, 0x0, &(0x7f0000000340)) set_mempolicy(0x2, &(0x7f0000000080)=0x4716, 0x3) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000}) memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) r4 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x6}}, {{0xa, 0xfffe, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0x3}}}, 0x108) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x3, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x2, @loopback}}}, 0x108) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.106' (ED25519) to the list of known hosts. syzkaller login: [ 86.781370][ T5826] cgroup: Unknown subsys name 'net' [ 87.017550][ T5826] cgroup: Unknown subsys name 'cpuset' [ 87.052667][ T5826] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 88.993323][ T5826] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 91.874644][ T10] cfg80211: failed to load regulatory.db [ 91.971397][ T5841] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 91.986876][ T5846] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 92.016763][ T5847] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 92.020610][ T5845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 92.021555][ T5847] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 92.035854][ T5847] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 92.036162][ T5845] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 92.042503][ T5847] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 92.044532][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 92.044712][ T5845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 92.045591][ T5847] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 92.054683][ T5847] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 92.057331][ T5847] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 92.062197][ T5847] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 92.062708][ T5847] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 92.072922][ T59] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 92.074808][ T59] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 92.078415][ T5156] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 92.097143][ T5156] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 92.103001][ T5156] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 92.217177][ T5853] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 92.223893][ T5853] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 92.234363][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 92.235882][ T5847] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 92.238144][ T5853] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 93.324025][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 93.342566][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 93.362767][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 93.593903][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 93.693357][ T5852] chnl_net:caif_netlink_parms(): no params data found [ 94.103521][ T5853] Bluetooth: hci1: command tx timeout [ 94.272085][ T5853] Bluetooth: hci2: command tx timeout [ 94.342348][ T5841] Bluetooth: hci4: command tx timeout [ 94.342355][ T5845] Bluetooth: hci0: command tx timeout [ 94.342614][ T5853] Bluetooth: hci3: command tx timeout [ 94.523871][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.525502][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.526118][ T5837] bridge_slave_0: entered allmulticast mode [ 94.529196][ T5837] bridge_slave_0: entered promiscuous mode [ 94.535972][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.536121][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.536397][ T5843] bridge_slave_0: entered allmulticast mode [ 94.539516][ T5843] bridge_slave_0: entered promiscuous mode [ 94.589022][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.589168][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.589377][ T5836] bridge_slave_0: entered allmulticast mode [ 94.597123][ T5836] bridge_slave_0: entered promiscuous mode [ 94.628957][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.640055][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.640632][ T5837] bridge_slave_1: entered allmulticast mode [ 94.656939][ T5837] bridge_slave_1: entered promiscuous mode [ 94.660816][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.660966][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.661162][ T5843] bridge_slave_1: entered allmulticast mode [ 94.672495][ T5843] bridge_slave_1: entered promiscuous mode [ 94.764183][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.764365][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.764557][ T5836] bridge_slave_1: entered allmulticast mode [ 94.767496][ T5836] bridge_slave_1: entered promiscuous mode [ 95.454359][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.454508][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.454744][ T5842] bridge_slave_0: entered allmulticast mode [ 95.457623][ T5842] bridge_slave_0: entered promiscuous mode [ 95.582944][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.583106][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.583297][ T5852] bridge_slave_0: entered allmulticast mode [ 95.585525][ T5852] bridge_slave_0: entered promiscuous mode [ 95.591289][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.659701][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.659936][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.660079][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.660259][ T5842] bridge_slave_1: entered allmulticast mode [ 95.675783][ T5842] bridge_slave_1: entered promiscuous mode [ 95.681758][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.684925][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.685089][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.685327][ T5852] bridge_slave_1: entered allmulticast mode [ 95.694025][ T5852] bridge_slave_1: entered promiscuous mode [ 95.706448][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.723733][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.839099][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.182209][ T5853] Bluetooth: hci1: command tx timeout [ 96.342025][ T5853] Bluetooth: hci2: command tx timeout [ 96.422254][ T5845] Bluetooth: hci3: command tx timeout [ 96.422298][ T5845] Bluetooth: hci4: command tx timeout [ 96.422418][ T5853] Bluetooth: hci0: command tx timeout [ 96.529726][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.609011][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.612780][ T5837] team0: Port device team_slave_0 added [ 96.617666][ T5843] team0: Port device team_slave_0 added [ 96.623028][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.627510][ T5836] team0: Port device team_slave_0 added [ 96.634741][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.639199][ T5837] team0: Port device team_slave_1 added [ 96.726691][ T5843] team0: Port device team_slave_1 added [ 96.730367][ T5836] team0: Port device team_slave_1 added [ 97.545247][ T5842] team0: Port device team_slave_0 added [ 97.706939][ T5852] team0: Port device team_slave_0 added [ 97.708807][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.708819][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.708839][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.714075][ T5842] team0: Port device team_slave_1 added [ 97.715563][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.715579][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.715608][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.717494][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.717509][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.717539][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.726977][ T5852] team0: Port device team_slave_1 added [ 97.729219][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.729236][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.729268][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.854513][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.854534][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.854567][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.856547][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.856561][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.856603][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.262154][ T5841] Bluetooth: hci1: command tx timeout [ 98.278669][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.278685][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.278704][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.292414][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.292435][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.292465][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.298095][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.298111][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.298142][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.302990][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.303010][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.303040][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.422377][ T5841] Bluetooth: hci2: command tx timeout [ 98.502314][ T5841] Bluetooth: hci3: command tx timeout [ 98.502335][ T5853] Bluetooth: hci0: command tx timeout [ 98.502364][ T5853] Bluetooth: hci4: command tx timeout [ 98.963564][ T5837] hsr_slave_0: entered promiscuous mode [ 98.964776][ T5837] hsr_slave_1: entered promiscuous mode [ 98.985337][ T5843] hsr_slave_0: entered promiscuous mode [ 98.986798][ T5843] hsr_slave_1: entered promiscuous mode [ 98.987867][ T5843] debugfs: 'hsr0' already exists in 'hsr' [ 98.987957][ T5843] Cannot create hsr debugfs directory [ 99.001152][ T5836] hsr_slave_0: entered promiscuous mode [ 99.012673][ T5836] hsr_slave_1: entered promiscuous mode [ 99.013597][ T5836] debugfs: 'hsr0' already exists in 'hsr' [ 99.013622][ T5836] Cannot create hsr debugfs directory [ 99.610664][ T5842] hsr_slave_0: entered promiscuous mode [ 99.611716][ T5842] hsr_slave_1: entered promiscuous mode [ 99.625428][ T5842] debugfs: 'hsr0' already exists in 'hsr' [ 99.625456][ T5842] Cannot create hsr debugfs directory [ 99.635791][ T5852] hsr_slave_0: entered promiscuous mode [ 99.637375][ T5852] hsr_slave_1: entered promiscuous mode [ 99.638374][ T5852] debugfs: 'hsr0' already exists in 'hsr' [ 99.638402][ T5852] Cannot create hsr debugfs directory [ 100.342273][ T5841] Bluetooth: hci1: command tx timeout [ 100.502163][ T5841] Bluetooth: hci2: command tx timeout [ 100.582091][ T5841] Bluetooth: hci3: command tx timeout [ 100.592579][ T5845] Bluetooth: hci0: command tx timeout [ 100.592645][ T5841] Bluetooth: hci4: command tx timeout [ 101.339206][ T5837] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 101.379929][ T5837] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 101.418863][ T5837] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 101.478062][ T5837] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 101.617973][ T5843] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 101.664391][ T5843] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 101.697085][ T5843] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 101.752209][ T5843] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 101.912892][ T5836] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 101.953621][ T5836] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 102.008126][ T5836] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 102.061784][ T5836] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 102.234934][ T5842] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 102.280587][ T5842] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 102.328866][ T5842] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 102.388395][ T5842] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 102.576509][ T5852] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 102.629959][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.630436][ T5852] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 102.690532][ T5852] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 102.734356][ T5852] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 102.869306][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.930066][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.944792][ T3560] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.945042][ T3560] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.002301][ T3560] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.002411][ T3560] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.091662][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.144084][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.149393][ T3606] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.149800][ T3606] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.216125][ T3606] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.216309][ T3606] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.305718][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.339417][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.400378][ T3504] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.400617][ T3504] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.466167][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.466324][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.535459][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.588604][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.618922][ T3504] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.619222][ T3504] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.684970][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.685218][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.797528][ T5852] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.906764][ T3606] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.906947][ T3606] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.970071][ T3606] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.972712][ T3606] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.068225][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.383269][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.612463][ T5837] veth0_vlan: entered promiscuous mode [ 104.714498][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.743243][ T5837] veth1_vlan: entered promiscuous mode [ 104.814944][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.882390][ T5843] veth0_vlan: entered promiscuous mode [ 104.964230][ T5843] veth1_vlan: entered promiscuous mode [ 105.048709][ T5837] veth0_macvtap: entered promiscuous mode [ 105.069105][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.106285][ T5837] veth1_macvtap: entered promiscuous mode [ 105.209831][ T5836] veth0_vlan: entered promiscuous mode [ 105.276360][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.291278][ T5843] veth0_macvtap: entered promiscuous mode [ 105.308068][ T5836] veth1_vlan: entered promiscuous mode [ 105.321711][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.345698][ T5843] veth1_macvtap: entered promiscuous mode [ 105.390947][ T3560] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.418000][ T1157] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.438752][ T1157] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.463331][ T1157] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.550667][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.551087][ T5852] veth0_vlan: entered promiscuous mode [ 105.651178][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.788342][ T5852] veth1_vlan: entered promiscuous mode [ 105.791152][ T5842] veth0_vlan: entered promiscuous mode [ 105.799345][ T5836] veth0_macvtap: entered promiscuous mode [ 105.801942][ T1157] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.826171][ T3560] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.858298][ T3560] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.881492][ T3560] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.905401][ T5836] veth1_macvtap: entered promiscuous mode [ 105.968737][ T3938] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.968765][ T3938] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.977168][ T5842] veth1_vlan: entered promiscuous mode [ 106.198448][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.207476][ T1692] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.207497][ T1692] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.275998][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.330609][ T5852] veth0_macvtap: entered promiscuous mode [ 106.370942][ T3606] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.372757][ T1692] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.372778][ T1692] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.400837][ T3606] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.418263][ T3606] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.433556][ T5852] veth1_macvtap: entered promiscuous mode [ 106.445814][ T3606] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.537941][ T5842] veth0_macvtap: entered promiscuous mode [ 106.622409][ T1692] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.622430][ T1692] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.627950][ T5842] veth1_macvtap: entered promiscuous mode [ 106.760330][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.886394][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.971809][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.981295][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.998093][ T3606] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.998114][ T3606] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.038433][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.053870][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.093441][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.099162][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.231926][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 107.232289][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 107.270159][ T3560] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.270178][ T3560] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.329884][ T3606] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.339304][ T3606] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.348804][ T3606] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.557734][ T3606] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.159967][ T1157] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.159988][ T1157] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.268502][ T5972] netlink: 160 bytes leftover after parsing attributes in process `syz.1.8'. [ 108.268542][ T5972] netlink: 160 bytes leftover after parsing attributes in process `syz.1.8'. [ 108.509020][ T3621] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.509042][ T3621] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.621747][ T3621] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.621768][ T3621] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.857857][ T3621] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.857879][ T3621] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.025541][ T5907] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 109.198716][ T5907] usb 2-1: Using ep0 maxpacket: 16 [ 109.198783][ T5975] mmap: syz.0.7 (5975) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 109.231397][ T5907] usb 2-1: config 0 has no interfaces? [ 109.263509][ T5907] usb 2-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60 [ 109.263540][ T5907] usb 2-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3 [ 109.263562][ T5907] usb 2-1: Product: syz [ 109.263576][ T5907] usb 2-1: Manufacturer: syz [ 109.263591][ T5907] usb 2-1: SerialNumber: syz [ 109.510321][ T5907] usb 2-1: config 0 descriptor?? [ 109.767646][ T5974] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 109.768210][ T5974] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 109.861346][ T5168] usb 2-1: USB disconnect, device number 2 [ 110.201942][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 110.521599][ T5990] netlink: 12 bytes leftover after parsing attributes in process `syz.3.13'. [ 110.873139][ T5999] netlink: 52 bytes leftover after parsing attributes in process `syz.3.16'. [ 111.222065][ T5168] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 111.412056][ T5168] usb 3-1: Using ep0 maxpacket: 32 [ 111.416177][ T5168] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 111.416211][ T5168] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 111.416240][ T5168] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 111.416259][ T5168] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 111.416278][ T5168] usb 3-1: config 0 interface 0 has no altsetting 0 [ 111.419852][ T5168] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 111.419875][ T5168] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 111.419890][ T5168] usb 3-1: Product: syz [ 111.419899][ T5168] usb 3-1: Manufacturer: syz [ 111.419910][ T5168] usb 3-1: SerialNumber: syz [ 111.539228][ T5168] usb 3-1: config 0 descriptor?? [ 111.563012][ T5168] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 111.569615][ T5168] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 111.809684][ T5984] usb 3-1: USB disconnect, device number 2 [ 111.843900][ T5984] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 112.781973][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 112.782138][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 112.782238][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 112.782357][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 112.782453][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 112.782531][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 112.782688][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.327791][ T6030] binfmt_misc: register: failed to install interpreter file ./file0 [ 113.583233][ T5168] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 113.800146][ T5168] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 113.800189][ T5168] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 113.800210][ T5168] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 113.800225][ T5168] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 113.851951][ T5168] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 113.853371][ T5168] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 113.853394][ T5168] usb 3-1: SerialNumber: syz [ 114.093142][ T5168] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 114.093749][ T5168] usb-storage 3-1:1.0: USB Mass Storage device detected [ 114.457734][ T5168] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 115.485751][ T6036] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 115.485924][ T6036] exFAT-fs (loop1): unable to read boot sector [ 115.485936][ T6036] exFAT-fs (loop1): failed to read boot sector [ 115.485946][ T6036] exFAT-fs (loop1): failed to recognize exfat type [ 115.973204][ T6039] netlink: 40 bytes leftover after parsing attributes in process `syz.2.23'. [ 116.471777][ T5168] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 116.686472][ T5168] usb 2-1: Using ep0 maxpacket: 32 [ 116.771369][ T5168] usb 2-1: config 0 interface 0 has no altsetting 0 [ 116.782442][ T5168] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 116.782465][ T5168] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.782478][ T5168] usb 2-1: Product: syz [ 116.782489][ T5168] usb 2-1: Manufacturer: syz [ 116.782499][ T5168] usb 2-1: SerialNumber: syz [ 116.790379][ T5168] usb 2-1: config 0 descriptor?? [ 117.248554][ T5168] gs_usb 2-1:0.0: Configuring for 1 interfaces [ 117.449709][ T5168] gs_usb 2-1:0.0: Couldn't get bit timing const for channel 0 (-EREMOTEIO) [ 117.449949][ T5168] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -121 [ 117.662386][ T5168] usb 2-1: USB disconnect, device number 3 [ 118.156010][ T6052] syz.0.30 uses obsolete (PF_INET,SOCK_PACKET) [ 118.902126][ T5914] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 118.956847][ T5168] usb 3-1: USB disconnect, device number 3 [ 119.077848][ T5914] usb 2-1: Using ep0 maxpacket: 32 [ 119.127378][ T5914] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 119.127424][ T5914] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 119.127471][ T5914] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 119.127490][ T5914] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 119.127509][ T5914] usb 2-1: config 0 interface 0 has no altsetting 0 [ 119.130460][ T5914] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 119.130488][ T5914] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 119.130508][ T5914] usb 2-1: Product: syz [ 119.130524][ T5914] usb 2-1: Manufacturer: syz [ 119.130536][ T5914] usb 2-1: SerialNumber: syz [ 119.457604][ T5914] usb 2-1: config 0 descriptor?? [ 119.538075][ T5914] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 119.553803][ T5914] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 119.810263][ T5914] usb 2-1: USB disconnect, device number 4 [ 119.823911][ T5914] ldusb 2-1:0.0: LD USB Device #0 now disconnected [ 120.631937][ T6073] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 120.633600][ T6073] exFAT-fs (loop2): unable to read boot sector [ 120.633645][ T6073] exFAT-fs (loop2): failed to read boot sector [ 120.633683][ T6073] exFAT-fs (loop2): failed to recognize exfat type [ 121.862770][ T5168] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 122.052318][ T5168] usb 2-1: Using ep0 maxpacket: 32 [ 122.061203][ T5168] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 122.061232][ T5168] usb 2-1: config 0 has no interface number 0 [ 122.094294][ T5168] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 122.094317][ T5168] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.094331][ T5168] usb 2-1: Product: syz [ 122.094342][ T5168] usb 2-1: Manufacturer: syz [ 122.094352][ T5168] usb 2-1: SerialNumber: syz [ 122.162327][ T5168] usb 2-1: config 0 descriptor?? [ 122.166730][ T5168] smsc95xx v2.0.0 [ 122.840544][ T38] audit: type=1326 audit(1756258444.347:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6080 comm="syz.1.39" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c34f3ebe9 code=0x7ffc0000 [ 122.840605][ T38] audit: type=1326 audit(1756258444.367:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6080 comm="syz.1.39" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c34f3ebe9 code=0x7ffc0000 [ 123.852026][ T5907] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 124.013060][ T5907] usb 3-1: Using ep0 maxpacket: 32 [ 124.016339][ T5907] usb 3-1: config 0 interface 0 has no altsetting 0 [ 124.022240][ T5907] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 124.022308][ T5907] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.022323][ T5907] usb 3-1: Product: syz [ 124.022333][ T5907] usb 3-1: Manufacturer: syz [ 124.022344][ T5907] usb 3-1: SerialNumber: syz [ 124.033216][ T5907] usb 3-1: config 0 descriptor?? [ 124.564217][ T5907] gs_usb 3-1:0.0: Configuring for 1 interfaces [ 124.772310][ T5907] gs_usb 3-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 124.812590][ T5907] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -22 [ 124.978896][ T5907] usb 3-1: USB disconnect, device number 4 [ 125.562321][ T5917] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 125.732014][ T5917] usb 1-1: Using ep0 maxpacket: 16 [ 125.736061][ T5917] usb 1-1: config 255 has an invalid interface number: 47 but max is 0 [ 125.736088][ T5917] usb 1-1: config 255 has no interface number 0 [ 125.736126][ T5917] usb 1-1: config 255 interface 47 has no altsetting 0 [ 125.969031][ T5917] usb 1-1: New USB device found, idVendor=0694, idProduct=0001, bcdDevice=b1.fc [ 125.969065][ T5917] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.969087][ T5917] usb 1-1: Product: syz [ 125.969101][ T5917] usb 1-1: Manufacturer: syz [ 125.969116][ T5917] usb 1-1: SerialNumber: syz [ 126.478137][ T6104] netlink: 8 bytes leftover after parsing attributes in process `syz.0.45'. [ 126.695979][ T5917] legousbtower 1-1:255.47: interrupt endpoints not found [ 126.724277][ T5917] usb 1-1: USB disconnect, device number 2 [ 126.741109][ T6110] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 126.764845][ T6110] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 128.503396][ T5168] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -110 [ 128.503429][ T5168] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD [ 128.512094][ T5168] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -32 [ 128.512475][ T5168] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -32 [ 130.141096][ T5168] usb 2-1: USB disconnect, device number 5 [ 131.704934][ T6141] netlink: 68 bytes leftover after parsing attributes in process `syz.3.54'. [ 132.305810][ T6153] netlink: 4 bytes leftover after parsing attributes in process `syz.2.59'. [ 132.353183][ T5914] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 132.512240][ T5914] usb 5-1: Using ep0 maxpacket: 32 [ 132.515521][ T5914] usb 5-1: config 0 interface 0 has no altsetting 0 [ 132.518498][ T5914] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 132.518519][ T5914] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.518533][ T5914] usb 5-1: Product: syz [ 132.518543][ T5914] usb 5-1: Manufacturer: syz [ 132.518554][ T5914] usb 5-1: SerialNumber: syz [ 132.600913][ T5914] usb 5-1: config 0 descriptor?? [ 133.018048][ T5914] gs_usb 5-1:0.0: Configuring for 1 interfaces [ 133.230045][ T5914] gs_usb 5-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 133.281399][ T5914] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -22 [ 133.465004][ T5914] usb 5-1: USB disconnect, device number 2 [ 133.678600][ T6162] Zero length message leads to an empty skb [ 135.052007][ T5914] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 135.232033][ T5914] usb 4-1: Using ep0 maxpacket: 8 [ 135.237049][ T5914] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 135.237085][ T5914] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 135.237111][ T5914] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 135.237136][ T5914] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 135.237181][ T5914] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 135.237204][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.673672][ T5914] usb 4-1: GET_CAPABILITIES returned 0 [ 135.673707][ T5914] usbtmc 4-1:16.0: can't read capabilities [ 136.037659][ T5914] usb 4-1: USB disconnect, device number 2 [ 136.571622][ T6190] netlink: 4 bytes leftover after parsing attributes in process `syz.0.68'. [ 136.615532][ T6190] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 137.465707][ T38] audit: type=1800 audit(1756258458.997:4): pid=6201 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.71" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 138.746115][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.746220][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 139.052085][ T45] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 139.232055][ T45] usb 1-1: Using ep0 maxpacket: 8 [ 139.303275][ T45] usb 1-1: config 1 has an invalid descriptor of length 158, skipping remainder of the config [ 139.303311][ T45] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 139.303333][ T45] usb 1-1: config 1 has no interface number 1 [ 139.303396][ T45] usb 1-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 139.405140][ T45] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 139.405174][ T45] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.405195][ T45] usb 1-1: Product: syz [ 139.405213][ T45] usb 1-1: Manufacturer: syz [ 139.405223][ T45] usb 1-1: SerialNumber: syz [ 139.547852][ T6221] binder: 6217:6221 ioctl c0306201 0 returned -14 [ 139.552522][ T6221] usb usb8: usbfs: process 6221 (syz.3.76) did not claim interface 0 before use [ 142.830130][ C0] vkms_vblank_simulate: vblank timer overrun [ 143.383965][ C0] vkms_vblank_simulate: vblank timer overrun [ 143.621416][ C0] vkms_vblank_simulate: vblank timer overrun [ 144.180486][ C0] vkms_vblank_simulate: vblank timer overrun [ 144.521394][ T45] usb 1-1: cannot find UAC_HEADER [ 144.764516][ T45] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 145.003352][ T6103] udevd[6103]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 145.195541][ T6242] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 145.373538][ T45] usb 1-1: USB disconnect, device number 3 [ 146.087093][ T6246] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 146.088967][ T6246] exFAT-fs (loop0): unable to read boot sector [ 146.089008][ T6246] exFAT-fs (loop0): failed to read boot sector [ 146.089045][ T6246] exFAT-fs (loop0): failed to recognize exfat type [ 155.088271][ T6310] netlink: 'syz.0.103': attribute type 1 has an invalid length. [ 155.088872][ T6312] netdevsim netdevsim0 netdevsim3: entered promiscuous mode [ 155.089519][ T6312] netdevsim netdevsim0 netdevsim3: entered allmulticast mode [ 155.304823][ T6315] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 155.486765][ T6310] bond1 (unregistering): Released all slaves [ 155.745576][ T5841] Bluetooth: hci4: link tx timeout [ 155.746083][ T5841] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 157.809609][ T5845] Bluetooth: hci4: command 0x0406 tx timeout [ 158.427349][ T6327] block nbd0: Attempted send on invalid socket [ 158.427367][ T6327] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 161.582913][ T6358] netlink: 4 bytes leftover after parsing attributes in process `syz.0.122'. [ 161.880761][ C0] vkms_vblank_simulate: vblank timer overrun [ 163.023505][ C0] vkms_vblank_simulate: vblank timer overrun [ 163.115875][ T5914] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 163.226913][ C0] vkms_vblank_simulate: vblank timer overrun [ 163.410908][ C0] vkms_vblank_simulate: vblank timer overrun [ 163.569667][ C0] vkms_vblank_simulate: vblank timer overrun [ 163.759745][ C0] vkms_vblank_simulate: vblank timer overrun [ 163.950768][ C0] vkms_vblank_simulate: vblank timer overrun [ 164.042197][ T5914] usb 2-1: Using ep0 maxpacket: 16 [ 164.046151][ T5914] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 164.046186][ T5914] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 164.046210][ T5914] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 164.047753][ T5914] usb 2-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 164.047780][ T5914] usb 2-1: New USB device strings: Mfr=225, Product=0, SerialNumber=0 [ 164.047801][ T5914] usb 2-1: Manufacturer: syz [ 164.251998][ T5914] usb 2-1: config 0 descriptor?? [ 164.458912][ C0] vkms_vblank_simulate: vblank timer overrun [ 164.586929][ C0] vkms_vblank_simulate: vblank timer overrun [ 164.922966][ C0] vkms_vblank_simulate: vblank timer overrun [ 165.210592][ C0] vkms_vblank_simulate: vblank timer overrun [ 165.720188][ C0] vkms_vblank_simulate: vblank timer overrun [ 165.818871][ T5914] ryos 0003:1E7D:3138.0001: unknown main item tag 0x0 [ 165.818915][ T5914] ryos 0003:1E7D:3138.0001: unknown main item tag 0x0 [ 165.818941][ T5914] ryos 0003:1E7D:3138.0001: unknown main item tag 0x0 [ 166.334002][ C0] vkms_vblank_simulate: vblank timer overrun [ 166.359340][ T5914] ryos 0003:1E7D:3138.0001: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 167.216179][ T6421] [ 167.216193][ T6421] ====================================================== [ 167.216202][ T6421] WARNING: possible circular locking dependency detected [ 167.216220][ T6421] syzkaller #0 Not tainted [ 167.216231][ T6421] ------------------------------------------------------ [ 167.216239][ T6421] syz.3.141/6421 is trying to acquire lock: [ 167.216251][ T6421] ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 167.216324][ T6421] [ 167.216324][ T6421] but task is already holding lock: [ 167.216332][ T6421] ffffffff8efa66c8 (smc_v6_hashinfo.lock){++.+}-{3:3}, at: smc_diag_dump_proto+0x174/0x1fb0 [ 167.216381][ T6421] [ 167.216381][ T6421] which lock already depends on the new lock. [ 167.216381][ T6421] [ 167.216389][ T6421] [ 167.216389][ T6421] the existing dependency chain (in reverse order) is: [ 167.216397][ T6421] [ 167.216397][ T6421] -> #1 (smc_v6_hashinfo.lock){++.+}-{3:3}: [ 167.216426][ T6421] lock_acquire+0x120/0x360 [ 167.216451][ T6421] rt_write_lock+0x6a/0x110 [ 167.216470][ T6421] smc_hash_sk+0x8f/0x2a0 [ 167.216485][ T6421] smc_sk_init+0x5a4/0x7f0 [ 167.216500][ T6421] __smc_create+0x10d/0x280 [ 167.216521][ T6421] __sock_create+0x4b0/0x9f0 [ 167.216537][ T6421] __sys_socket+0xd7/0x1b0 [ 167.216555][ T6421] __x64_sys_socket+0x7a/0x90 [ 167.216571][ T6421] do_syscall_64+0xfa/0x3b0 [ 167.216593][ T6421] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.216609][ T6421] [ 167.216609][ T6421] -> #0 ((softirq_ctrl.lock)){+.+.}-{3:3}: [ 167.216630][ T6421] validate_chain+0xb9b/0x2140 [ 167.216654][ T6421] __lock_acquire+0xab9/0xd20 [ 167.216674][ T6421] reacquire_held_locks+0x127/0x1d0 [ 167.216697][ T6421] lock_release+0x1b4/0x3e0 [ 167.216716][ T6421] __local_bh_enable_ip+0x10c/0x270 [ 167.216735][ T6421] sock_i_ino+0xa9/0xc0 [ 167.216756][ T6421] smc_diag_dump_proto+0xa4c/0x1fb0 [ 167.216773][ T6421] smc_diag_dump+0x59/0xa0 [ 167.216788][ T6421] netlink_dump+0x6e1/0xe90 [ 167.216811][ T6421] __netlink_dump_start+0x5cb/0x7e0 [ 167.216828][ T6421] smc_diag_handler_dump+0x178/0x210 [ 167.216845][ T6421] sock_diag_rcv_msg+0x4cc/0x600 [ 167.216861][ T6421] netlink_rcv_skb+0x208/0x470 [ 167.216878][ T6421] netlink_unicast+0x846/0xa10 [ 167.216893][ T6421] netlink_sendmsg+0x805/0xb30 [ 167.216911][ T6421] __sock_sendmsg+0x21c/0x270 [ 167.216926][ T6421] ____sys_sendmsg+0x508/0x820 [ 167.216948][ T6421] ___sys_sendmsg+0x21f/0x2a0 [ 167.216969][ T6421] __x64_sys_sendmsg+0x1a1/0x260 [ 167.216990][ T6421] do_syscall_64+0xfa/0x3b0 [ 167.217010][ T6421] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.217025][ T6421] [ 167.217025][ T6421] other info that might help us debug this: [ 167.217025][ T6421] [ 167.217030][ T6421] Possible unsafe locking scenario: [ 167.217030][ T6421] [ 167.217035][ T6421] CPU0 CPU1 [ 167.217040][ T6421] ---- ---- [ 167.217045][ T6421] rlock(smc_v6_hashinfo.lock); [ 167.217056][ T6421] lock((softirq_ctrl.lock)); [ 167.217068][ T6421] lock(smc_v6_hashinfo.lock); [ 167.217079][ T6421] lock((softirq_ctrl.lock)); [ 167.217090][ T6421] [ 167.217090][ T6421] *** DEADLOCK *** [ 167.217090][ T6421] [ 167.217094][ T6421] 3 locks held by syz.3.141/6421: [ 167.217103][ T6421] #0: ffff88805ed4e908 (nlk_cb_mutex-SOCK_DIAG){+.+.}-{4:4}, at: __netlink_dump_start+0xfe/0x7e0 [ 167.217143][ T6421] #1: ffffffff8efa66c8 (smc_v6_hashinfo.lock){++.+}-{3:3}, at: smc_diag_dump_proto+0x174/0x1fb0 [ 167.217182][ T6421] #2: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rt_read_lock+0x1f8/0x360 [ 167.217219][ T6421] [ 167.217219][ T6421] stack backtrace: [ 167.217260][ T6421] CPU: 1 UID: 0 PID: 6421 Comm: syz.3.141 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 167.217280][ T6421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 167.217297][ T6421] Call Trace: [ 167.217304][ T6421] [ 167.217311][ T6421] dump_stack_lvl+0x189/0x250 [ 167.217339][ T6421] ? __pfx_dump_stack_lvl+0x10/0x10 [ 167.217365][ T6421] ? __pfx__printk+0x10/0x10 [ 167.217384][ T6421] ? print_lock_name+0xde/0x100 [ 167.217402][ T6421] print_circular_bug+0x2ee/0x310 [ 167.217421][ T6421] check_noncircular+0x134/0x160 [ 167.217450][ T6421] validate_chain+0xb9b/0x2140 [ 167.217476][ T6421] ? validate_chain+0x897/0x2140 [ 167.217510][ T6421] __lock_acquire+0xab9/0xd20 [ 167.217534][ T6421] reacquire_held_locks+0x127/0x1d0 [ 167.217561][ T6421] ? __local_bh_disable_ip+0x264/0x400 [ 167.217585][ T6421] lock_release+0x1b4/0x3e0 [ 167.217606][ T6421] ? __local_bh_enable_ip+0x100/0x270 [ 167.217629][ T6421] __local_bh_enable_ip+0x10c/0x270 [ 167.217650][ T6421] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 167.217674][ T6421] ? rt_read_unlock+0x65/0xa0 [ 167.217691][ T6421] ? sock_i_ino+0x24/0xc0 [ 167.217716][ T6421] sock_i_ino+0xa9/0xc0 [ 167.217740][ T6421] smc_diag_dump_proto+0xa4c/0x1fb0 [ 167.217769][ T6421] ? __pfx_smc_diag_dump_proto+0x10/0x10 [ 167.217789][ T6421] ? __lruvec_stat_mod_folio+0x79/0x2f0 [ 167.217836][ T6421] ? __lruvec_stat_mod_folio+0x79/0x2f0 [ 167.217864][ T6421] ? __phys_addr+0xd3/0x180 [ 167.217890][ T6421] ? __kasan_kmalloc_large+0x85/0xa0 [ 167.217913][ T6421] ? rcu_is_watching+0x15/0xb0 [ 167.217939][ T6421] ? rcu_is_watching+0x15/0xb0 [ 167.217964][ T6421] ? trace_kmalloc+0x1f/0xd0 [ 167.217984][ T6421] ? __kmalloc_node_track_caller_noprof+0x213/0x450 [ 167.218010][ T6421] ? __build_skb_around+0x257/0x3e0 [ 167.218033][ T6421] smc_diag_dump+0x59/0xa0 [ 167.218051][ T6421] netlink_dump+0x6e1/0xe90 [ 167.218073][ T6421] ? __pfx_netlink_dump+0x10/0x10 [ 167.218090][ T6421] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 167.218111][ T6421] ? lockdep_hardirqs_on+0x9c/0x150 [ 167.218140][ T6421] __netlink_dump_start+0x5cb/0x7e0 [ 167.218161][ T6421] smc_diag_handler_dump+0x178/0x210 [ 167.218181][ T6421] ? __pfx_smc_diag_handler_dump+0x10/0x10 [ 167.218199][ T6421] ? __pfx_smc_diag_dump+0x10/0x10 [ 167.218217][ T6421] ? sock_diag_lock_handler+0x19/0x290 [ 167.218234][ T6421] ? sock_diag_lock_handler+0x19/0x290 [ 167.218253][ T6421] sock_diag_rcv_msg+0x4cc/0x600 [ 167.218272][ T6421] netlink_rcv_skb+0x208/0x470 [ 167.218290][ T6421] ? rcu_is_watching+0x15/0xb0 [ 167.218314][ T6421] ? __pfx_sock_diag_rcv_msg+0x10/0x10 [ 167.218332][ T6421] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 167.218355][ T6421] ? netlink_deliver_tap+0x2e/0x1b0 [ 167.218377][ T6421] netlink_unicast+0x846/0xa10 [ 167.218396][ T6421] ? __pfx_netlink_unicast+0x10/0x10 [ 167.218413][ T6421] ? netlink_sendmsg+0x6a2/0xb30 [ 167.218434][ T6421] netlink_sendmsg+0x805/0xb30 [ 167.218457][ T6421] ? __pfx_netlink_sendmsg+0x10/0x10 [ 167.218480][ T6421] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 167.218496][ T6421] ? __pfx_netlink_sendmsg+0x10/0x10 [ 167.218516][ T6421] __sock_sendmsg+0x21c/0x270 [ 167.218541][ T6421] ____sys_sendmsg+0x508/0x820 [ 167.218569][ T6421] ? __pfx_____sys_sendmsg+0x10/0x10 [ 167.218596][ T6421] ? import_iovec+0x74/0xa0 [ 167.218615][ T6421] ___sys_sendmsg+0x21f/0x2a0 [ 167.218639][ T6421] ? __pfx____sys_sendmsg+0x10/0x10 [ 167.218675][ T6421] ? __fget_files+0x2a/0x420 [ 167.218698][ T6421] ? __fget_files+0x3a6/0x420 [ 167.218750][ T6421] __x64_sys_sendmsg+0x1a1/0x260 [ 167.218775][ T6421] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 167.218814][ T6421] ? rcu_is_watching+0x15/0xb0 [ 167.218842][ T6421] ? do_syscall_64+0xbe/0x3b0 [ 167.218866][ T6421] do_syscall_64+0xfa/0x3b0 [ 167.218888][ T6421] ? lockdep_hardirqs_on+0x9c/0x150 [ 167.218909][ T6421] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.218927][ T6421] ? clear_bhb_loop+0x60/0xb0 [ 167.218946][ T6421] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.218969][ T6421] RIP: 0033:0x7f056f4aebe9 [ 167.218990][ T6421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 167.219005][ T6421] RSP: 002b:00007f056d2a9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 167.219023][ T6421] RAX: ffffffffffffffda RBX: 00007f056f6d6270 RCX: 00007f056f4aebe9 [ 167.219036][ T6421] RDX: 0000000000004000 RSI: 0000200000000140 RDI: 0000000000000008 [ 167.219048][ T6421] RBP: 00007f056f531e19 R08: 0000000000000000 R09: 0000000000000000 [ 167.219059][ T6421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 167.219069][ T6421] R13: 00007f056f6d6308 R14: 00007f056f6d6270 R15: 00007ffe234aca38 [ 167.219088][ T6421] [ 167.483148][ T5907] usb 2-1: USB disconnect, device number 6 [ 168.445129][ T6420] fido_id[6420]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory