last executing test programs: 6.580141614s ago: executing program 1 (id=110): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x10e, &(0x7f00000000c0)={0x0, 0x8d2dc, 0x0, 0xffffffff}, &(0x7f00000003c0)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r1, 0x0, 0x0, 0x0, 0x80000}) io_uring_enter(r2, 0x47f5, 0x0, 0x0, 0x0, 0x0) syz_usb_connect(0x1, 0x113, &(0x7f0000000180)=ANY=[], 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2e) syz_kvm_setup_syzos_vm$x86(r5, &(0x7f0000c00000/0x400000)=nil) inotify_init() openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) epoll_create1(0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) 6.550377954s ago: executing program 3 (id=111): socket$inet6_mptcp(0xa, 0x1, 0x106) r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0) fcntl$setlease(r0, 0x400, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) fcntl$lock(r1, 0x25, &(0x7f00000002c0)) r2 = syz_open_procfs(0x0, &(0x7f0000000280)='fdinfo/4\x00') preadv(r2, &(0x7f0000001600)=[{&(0x7f0000000040)=""/35, 0x2b}], 0x1, 0x0, 0x0) 6.328837759s ago: executing program 3 (id=113): socket$nl_route(0x10, 0x3, 0x0) unshare(0x8000000) connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e20, @remote}, 0x10) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x17, &(0x7f0000000140)=0xec62, 0x4) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='numa_maps\x00') exit(0x5) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0) syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) modify_ldt$write(0x1, &(0x7f0000000000)={0xfff}, 0x10) modify_ldt$write(0x1, &(0x7f0000000000)={0x80, 0x0, 0x400}, 0x10) connect$unix(0xffffffffffffffff, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c000140000000000000000714000000110001"], 0xdc}}, 0x0) sendmsg$NFT_MSG_GETRULE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000190a0102"], 0x14}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2004c899}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@ipv6_getroute={0x2c, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_MARK={0x8}, @RTA_OIF={0x8}]}, 0x2c}}, 0x0) timerfd_create(0x0, 0x0) 5.848589728s ago: executing program 2 (id=114): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, 0x0, 0x0) newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x100) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000003300)={0x2020}, 0x2020) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r5 = fsopen(&(0x7f0000000000)='virtiofs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) 4.651366561s ago: executing program 2 (id=116): openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x842, 0x0) r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000080)=0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000840)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x8000020}, 0xc, &(0x7f0000000800)={&(0x7f0000000740)={0x8c, r3, 0x100, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x10000, 0x37}}}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "fd4e4e9f361a2219d35735ad54f9a1a557573eadee274238"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "b967d98120ad85a91cd5a02a6493c714d4557726bbf9df8e"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "e320bd21fe3e1dcb9ebcb5a325b2cdf84afc86f17ed174bf"}]]}, 0x8c}, 0x1, 0x0, 0x0, 0x4000}, 0x80) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00', @ANYRES16=r3, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r5, @ANYBLOB="0800050004000000050053000100000094725e6b08fa07f7a4ec457442a1417fe0312dee78589a818d97dfeaa343f7deaaf1f24e9c19329dd887af0b10a756a127efb320a8177443d0b5661fefc263926f72440b96f5ac9d57370788cd3607803cb703675a1f98080cd1e07c36f7fb8866d0a2a4b35bfd16345a8945120fdb9128a619d2eae05afcb1b19284e6682571b08e3bced2050c31ceae2752825f140303ff990a5c0ad6ff3754609fce1fec16a1552aba18e62a10df945db117c2626d45339c3664d773416bfbdea4c33c680c6a46b583c264200a3ed4ee768419aac2a73cb08fe088081ff57b2d2c0ec45a0c"], 0x2c}}, 0xc0c4) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, &(0x7f0000000100)={0x48}) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000000)={0x28, 0x7, 0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3000, 0xb}) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r6, 0x29, 0xcf, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x4000, 0x0) sendmsg$NL80211_CMD_GET_POWER_SAVE(r1, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000640)={&(0x7f0000000980)=ANY=[@ANYBLOB="20000000e1bdfae7353b5e164f2ac79266dc55e4ba79dfd4c3ecdeab6f1e197c1e13239945d6811bfed325f340edf633fb12be34e1ec65e45a85b01c42f3a16fd37d4616bf324e2d633ce118528d448bba326f65a7c2dea3a7e6f4b45059c48547624bbd805f9c7fe52d6e77cbef1a36c2fbd8f73ded793beb5e1426539d6b82d433dff74b6025a55f7f1e145772e429e2b73b1ec267ecd64da1fdf48ea4433eb2bccf8fb92b6a003b1e5d0476fc2a2770af768512bc", @ANYRES16=r3, @ANYBLOB], 0x20}, 0x1, 0x0, 0x0, 0x81}, 0x20000081) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000029c0)=ANY=[@ANYBLOB="10000000350007010000000000000000047c0000"], 0x14}}, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000200), r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f00000002c0)=@ethtool_sfeatures={0x3b, 0x2, [{0xfe, 0x80000000}, {0xfffffff9}]}}) sendmsg$NL80211_CMD_GET_SURVEY(r1, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x28, r3, 0x800, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x4, 0x1c}}}}, ["", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x41}, 0x40050) 4.519783253s ago: executing program 0 (id=117): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000180), 0x0, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000140)={0x8, 0x2, 0x0, "2115beba7af972a16fd06e6b5694848119e1a8bc94b6871c7f46690000000011"}) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@my=0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f00000001c0)={{@host}, @host, 0x0, 0x0, 0x2449, 0x0, 0x4, 0x0, 0x9}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f00000006c0)={{@my=0x1}, @any, 0x0, 0x1, 0xa0c, 0x1, 0x4, 0x4, 0x4}) ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r0, 0x7aa, &(0x7f0000000180)={{@my=0x1}}) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x3}) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r5 = dup3(r4, r3, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000400)="d8000000140081044e81f782db44b9040a1d08020a000000040000a118000200ff11000000000e1208000f0100810401a80016ea1f0008400304000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee40021146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a0000000000000000", 0xd5}], 0x1, 0x0, 0x0, 0x7400}, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000780)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000500)={0x90, 0x0, &(0x7f0000000600)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x0, &(0x7f0000000240)={@fda={0x66646185, 0x6, 0x1, 0x2e}, @fda={0x66646185, 0x4, 0x2, 0x38}, @fda={0x66646185, 0x1, 0x1, 0x5}}, 0x0}}, @transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000380)={@fd={0x66642a85, 0x0, r4}, @fda={0x66646185, 0x5, 0x1, 0x40}, @fd={0x66642a85, 0x0, r5}}, &(0x7f0000000440)={0x0, 0x18, 0x38}}, 0x1000}], 0xb, 0x0, &(0x7f0000000480)="8f77fa1cddf1eb3d46a178"}) 4.443654455s ago: executing program 2 (id=118): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.time\x00', 0x26e1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$rxrpc(0x21, 0x2, 0xa) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r6, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r7, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c"], 0x3c}}, 0x0) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001a80)={0x18, 0x2, &(0x7f0000000200)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x1ff00, 0x0, 0x0, 0x0, 0x8}], &(0x7f00000004c0)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r9}, 0x10) openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) socket$nl_route(0x10, 0x3, 0x0) 4.238492389s ago: executing program 0 (id=119): openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x842, 0x0) r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000080)=0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000840)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x8000020}, 0xc, &(0x7f0000000800)={&(0x7f0000000740)={0x8c, r3, 0x100, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x10000, 0x37}}}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "fd4e4e9f361a2219d35735ad54f9a1a557573eadee274238"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "b967d98120ad85a91cd5a02a6493c714d4557726bbf9df8e"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "e320bd21fe3e1dcb9ebcb5a325b2cdf84afc86f17ed174bf"}]]}, 0x8c}, 0x1, 0x0, 0x0, 0x4000}, 0x80) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00', @ANYRES16=r3, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r5, @ANYBLOB="0800050004000000050053000100000094725e6b08fa07f7a4ec457442a1417fe0312dee78589a818d97dfeaa343f7deaaf1f24e9c19329dd887af0b10a756a127efb320a8177443d0b5661fefc263926f72440b96f5ac9d57370788cd3607803cb703675a1f98080cd1e07c36f7fb8866d0a2a4b35bfd16345a8945120fdb9128a619d2eae05afcb1b19284e6682571b08e3bced2050c31ceae2752825f140303ff990a5c0ad6ff3754609fce1fec16a1552aba18e62a10df945db117c2626d45339c3664d773416bfbdea4c33c680c6a46b583c264200a3ed4ee768419aac2a73cb08fe088081ff57b2d2c0ec45a0c"], 0x2c}}, 0xc0c4) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r6, 0x3ba0, &(0x7f0000000100)={0x48}) ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000000)={0x28, 0x7, 0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3000, 0xb}) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xcf, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x4000, 0x0) sendmsg$NL80211_CMD_GET_POWER_SAVE(r1, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000640)={&(0x7f0000000980)=ANY=[@ANYBLOB="20000000e1bdfae7353b5e164f2ac79266dc55e4ba79dfd4c3ecdeab6f1e197c1e13239945d6811bfed325f340edf633fb12be34e1ec65e45a85b01c42f3a16fd37d4616bf324e2d633ce118528d448bba326f65a7c2dea3a7e6f4b45059c48547624bbd805f9c7fe52d6e77cbef1a36c2fbd8f73ded793beb5e1426539d6b82d433dff74b6025a55f7f1e145772e429e2b73b1ec267ecd64da1fdf48ea4433eb2bccf8fb92b6a003b1e5d0476fc2a2770af768512bc", @ANYRES16=r3, @ANYBLOB], 0x20}, 0x1, 0x0, 0x0, 0x81}, 0x20000081) syz_genetlink_get_family_id$SEG6(&(0x7f0000000200), r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f00000002c0)=@ethtool_sfeatures={0x3b, 0x2, [{0xfe, 0x80000000}, {0xfffffff9}]}}) sendmsg$NL80211_CMD_GET_SURVEY(r1, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x28, r3, 0x800, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x4, 0x1c}}}}, ["", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x41}, 0x40050) ioctl$IOMMU_IOAS_COPY(0xffffffffffffffff, 0x3b83, &(0x7f0000000040)={0x28, 0x3, 0x0, 0x0, 0x7fff, 0xe62, 0x7}) 3.967606474s ago: executing program 0 (id=120): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sched_setaffinity(0x0, 0xfffffffffffffdb0, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000340)=ANY=[@ANYBLOB="f0000000100013070000000000000000fc020000000000000000000000000000fe8000000000000000000000000000100004000000000000000000202c000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe"], 0xf0}, 0x1, 0xe}, 0x10) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x0, @void}, 0x10) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/65, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74, 0x8080000}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, 0x0) 3.1161922s ago: executing program 1 (id=121): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10) sendmmsg$inet(r0, &(0x7f00000008c0)=[{{&(0x7f0000000680)={0x2, 0x4e22, @multicast2}, 0x10, 0x0}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000011c0)="f5b1935310db0e4cbab4828a853927cfb0f1f78b16e7780196b024beff2a7483f1eb1ef7e9aa01356a55af5cd3af42eba76c4166c0a6977fe266524bfb92edc2395f83a17aff75052546a317ea6b248554b20991856824e82cb20d37113c16df72b48d99ec3ad467a8e090193036eabb2a158594a1a602dc0159593739fa1b7a2c77806b45d3e18d416ee8b43ae21c727bb42d77afc5758d09fd8381562b3427c8b04d638233164e2b0b9411e131f746ea1ecd07c71f438950375476b11ee4a337a5ee7587348140c5049cecbb9760db80c808b2d02d36b9471ac6b24ccb279435f2b5b76c3c4004abea5d419ba69b3610b9902c3c860573dce3f6cd06df60c63d7e0baeb5b1f0bf09d517ef212a206d7632a337e2c3a4266ef349b3cb464d998b9f0a08eae2706222c428cdc19fc703eb4822bfb9dde7826cc020fcbe7b9554dc7d6bec7aee70530086f56f85ac0764eb3d1557850c4fa4c15560c2a7c52259cabfb84871e4c39c13f119928380740c3207dc99cdef51dc255ddfe49d95e18f6dbd4e36bba400467bb0f54b7cbbbd2d583643619acba636b47d07b04b42ee693d7b554767337d1eb253ebfc4df7b2430cbdfb44d04f94f70abe9835ad0745525f5d01b4e71ccc9816cdcb6b2c85e51b392e0c608c7ab932479d05000612721c41da93b1ec8545c23fcd5c95cb6a7d58a41552df02be9ae41ccc394b4e3a855defcfa18480faa1dd8e5a18806a098563561ab0607454f79a07b2fe4571b29e2d9413e6a60d372033188b9356bcf3421966ed6673aac2ecad131f9ede70a8f1b71b1ad0cfa1bc8ee91ec6cb7418db420dc5d942d3ec34db354dd29e5d8ea17efd167f90253293590a5843dfe6fbcf94d34bc14bcf2fe9e5594d37af19bdf80365f851ffc643ce24bb31d4bab294df8089fbaf240edd5223e2adcdfbf1de697df78cdcd8be6010d1cc7c5894f11b6fc8421b460cdbaf8c1caad1c08bfc3963d724f79a56e77fa5b73dd89ad8c96b97c27067e5f2a35ae9f9cdf17004056547001292ba9952346d07fba02f5225592385eed16f52437662124fc0c24fb3c100924608f178d413190dc5f0b1dd1b7c45806f7cbdd668a3c484f114e2d1ca9f4eacbd0845903794f695bc9fa49ebadcd18e1ff59cc5b7d444f0684ddf3ddf22e388770c1ba5d3b0eac6989871603a850bdf0171ab470c56a6306acd1494d25379a27f8bd188f885dcf4e40a64c1bf88ae0ff430bab773e9d7bac7fda2f7aa2d4968207356ca35b1a04c081e750471b885fceeae1a10b8a32b51907b51d1792e29345d06669c9efd4ea62368a23c819de6cd6934a1335ecbafb59321dd1a3cb63ec99202d48f7ebf73282f9bea530f7cae700a2cd33324d6d082dc9ab77f755e4d26302eb61bae485b30747de6bb80c023745848d61b341ddba4bb78a7df9e67478dc26926b6ba76f480c5a3abbf9caa73439e0303364923a710188489e68b22c298e0cd7e71bd85705c9abee04dfd508469e6eb14a61cb24e29dc5a8a1ba5cc4feecffa894eb23c1a072f36aa75094aa03b2c8d5efba7", 0x454}], 0x1}}], 0x2, 0xc044) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'dummy0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c0000001000fbff27bd7002fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="14100400040004001c00128009000100766c616e000000000c000280060001000400000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r4], 0x4c}, 0x1, 0x0, 0x0, 0x28001}, 0x8000002) write$binfmt_misc(r0, 0x0, 0x0) 2.960598423s ago: executing program 1 (id=122): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_CAP_X86_USER_SPACE_MSR(0xffffffffffffffff, 0x4068aea3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) connect$tipc(0xffffffffffffffff, 0x0, 0x0) 2.937397644s ago: executing program 3 (id=123): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="f800000016008502000000000000000020010000000000000000000000000002a600000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032"], 0xf8}}, 0x0) sendmsg$nl_xfrm(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}}, 0x0) 2.144169579s ago: executing program 0 (id=124): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, 0x0, 0x0) newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x100) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000003280), 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r5 = fsopen(&(0x7f0000000000)='virtiofs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) 1.075802249s ago: executing program 0 (id=125): r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f00000001c0)={&(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x3}) dup3(r0, 0xffffffffffffffff, 0x0) 915.192803ms ago: executing program 3 (id=126): openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x842, 0x0) r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000080)=0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000840)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x8000020}, 0xc, &(0x7f0000000800)={&(0x7f0000000740)={0x8c, r3, 0x100, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x10000, 0x37}}}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "fd4e4e9f361a2219d35735ad54f9a1a557573eadee274238"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "b967d98120ad85a91cd5a02a6493c714d4557726bbf9df8e"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "e320bd21fe3e1dcb9ebcb5a325b2cdf84afc86f17ed174bf"}]]}, 0x8c}, 0x1, 0x0, 0x0, 0x4000}, 0x80) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00', @ANYRES16=r3, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r5, @ANYBLOB="0800050004000000050053000100000094725e6b08fa07f7a4ec457442a1417fe0312dee78589a818d97dfeaa343f7deaaf1f24e9c19329dd887af0b10a756a127efb320a8177443d0b5661fefc263926f72440b96f5ac9d57370788cd3607803cb703675a1f98080cd1e07c36f7fb8866d0a2a4b35bfd16345a8945120fdb9128a619d2eae05afcb1b19284e6682571b08e3bced2050c31ceae2752825f140303ff990a5c0ad6ff3754609fce1fec16a1552aba18e62a10df945db117c2626d45339c3664d773416bfbdea4c33c680c6a46b583c264200a3ed4ee768419aac2a73cb08fe088081ff57b2d2c0ec45a0c"], 0x2c}}, 0xc0c4) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, &(0x7f0000000100)={0x48}) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000000)={0x28, 0x7, 0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3000, 0xb}) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r6, 0x29, 0xcf, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x4000, 0x0) sendmsg$NL80211_CMD_GET_POWER_SAVE(r1, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000640)={&(0x7f0000000980)=ANY=[@ANYBLOB="20000000e1bdfae7353b5e164f2ac79266dc55e4ba79dfd4c3ecdeab6f1e197c1e13239945d6811bfed325f340edf633fb12be34e1ec65e45a85b01c42f3a16fd37d4616bf324e2d633ce118528d448bba326f65a7c2dea3a7e6f4b45059c48547624bbd805f9c7fe52d6e77cbef1a36c2fbd8f73ded793beb5e1426539d6b82d433dff74b6025a55f7f1e145772e429e2b73b1ec267ecd64da1fdf48ea4433eb2bccf8fb92b6a003b1e5d0476fc2a2770af768512bc", @ANYRES16=r3, @ANYBLOB], 0x20}, 0x1, 0x0, 0x0, 0x81}, 0x20000081) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000029c0)=ANY=[@ANYBLOB="10000000350007010000000000000000047c0000"], 0x14}}, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000200), r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f00000002c0)=@ethtool_sfeatures={0x3b, 0x2, [{0xfe, 0x80000000}, {0xfffffff9}]}}) sendmsg$NL80211_CMD_GET_SURVEY(r1, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x28, r3, 0x800, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x4, 0x1c}}}}, ["", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x41}, 0x40050) 859.619744ms ago: executing program 2 (id=127): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000100)={0x2, 'geneve0\x00', 0x2a34}, 0x18) getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, &(0x7f00000001c0), 0x0) 665.136238ms ago: executing program 3 (id=128): openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x842, 0x0) r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000080)=0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000840)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x8000020}, 0xc, &(0x7f0000000800)={&(0x7f0000000740)={0x8c, r3, 0x100, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x10000, 0x37}}}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "fd4e4e9f361a2219d35735ad54f9a1a557573eadee274238"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "b967d98120ad85a91cd5a02a6493c714d4557726bbf9df8e"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "e320bd21fe3e1dcb9ebcb5a325b2cdf84afc86f17ed174bf"}]]}, 0x8c}, 0x1, 0x0, 0x0, 0x4000}, 0x80) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00', @ANYRES16=r3, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r5, @ANYBLOB="0800050004000000050053000100000094725e6b08fa07f7a4ec457442a1417fe0312dee78589a818d97dfeaa343f7deaaf1f24e9c19329dd887af0b10a756a127efb320a8177443d0b5661fefc263926f72440b96f5ac9d57370788cd3607803cb703675a1f98080cd1e07c36f7fb8866d0a2a4b35bfd16345a8945120fdb9128a619d2eae05afcb1b19284e6682571b08e3bced2050c31ceae2752825f140303ff990a5c0ad6ff3754609fce1fec16a1552aba18e62a10df945db117c2626d45339c3664d773416bfbdea4c33c680c6a46b583c264200a3ed4ee768419aac2a73cb08fe088081ff57b2d2c0ec45a0c"], 0x2c}}, 0xc0c4) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r6, 0x3ba0, &(0x7f0000000100)={0x48}) ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000000)={0x28, 0x7, 0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3000, 0xb}) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xcf, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x4000, 0x0) sendmsg$NL80211_CMD_GET_POWER_SAVE(r1, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000640)={&(0x7f0000000980)=ANY=[@ANYBLOB="20000000e1bdfae7353b5e164f2ac79266dc55e4ba79dfd4c3ecdeab6f1e197c1e13239945d6811bfed325f340edf633fb12be34e1ec65e45a85b01c42f3a16fd37d4616bf324e2d633ce118528d448bba326f65a7c2dea3a7e6f4b45059c48547624bbd805f9c7fe52d6e77cbef1a36c2fbd8f73ded793beb5e1426539d6b82d433dff74b6025a55f7f1e145772e429e2b73b1ec267ecd64da1fdf48ea4433eb2bccf8fb92b6a003b1e5d0476fc2a2770af768512bc", @ANYRES16=r3, @ANYBLOB], 0x20}, 0x1, 0x0, 0x0, 0x81}, 0x20000081) syz_genetlink_get_family_id$SEG6(&(0x7f0000000200), r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f00000002c0)=@ethtool_sfeatures={0x3b, 0x2, [{0xfe, 0x80000000}, {0xfffffff9}]}}) sendmsg$NL80211_CMD_GET_SURVEY(r1, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x28, r3, 0x800, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x4, 0x1c}}}}, ["", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x41}, 0x40050) ioctl$IOMMU_IOAS_COPY(0xffffffffffffffff, 0x3b83, &(0x7f0000000040)={0x28, 0x3, 0x0, 0x0, 0x7fff, 0xe62, 0x7}) 611.964118ms ago: executing program 2 (id=129): r0 = socket(0x10, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) eventfd2(0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) syz_open_procfs(r2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffff9c, 0x0, 0xa00, 0x1c2) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) dup3(r4, r3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000000)={'ip6tnl0\x00', &(0x7f0000000080)={'syztnl2\x00', 0x0, 0x4, 0x7e, 0x25, 0x1, 0x60, @private2, @private0, 0x1, 0x7, 0x25a1, 0x3e}}) 559.07395ms ago: executing program 1 (id=130): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10) sendmmsg$inet(r0, &(0x7f00000008c0)=[{{&(0x7f0000000680)={0x2, 0x4e22, @multicast2}, 0x10, 0x0}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000011c0)="f5b1935310db0e4cbab4828a853927cfb0f1f78b16e7780196b024beff2a7483f1eb1ef7e9aa01356a55af5cd3af42eba76c4166c0a6977fe266524bfb92edc2395f83a17aff75052546a317ea6b248554b20991856824e82cb20d37113c16df72b48d99ec3ad467a8e090193036eabb2a158594a1a602dc0159593739fa1b7a2c77806b45d3e18d416ee8b43ae21c727bb42d77afc5758d09fd8381562b3427c8b04d638233164e2b0b9411e131f746ea1ecd07c71f438950375476b11ee4a337a5ee7587348140c5049cecbb9760db80c808b2d02d36b9471ac6b24ccb279435f2b5b76c3c4004abea5d419ba69b3610b9902c3c860573dce3f6cd06df60c63d7e0baeb5b1f0bf09d517ef212a206d7632a337e2c3a4266ef349b3cb464d998b9f0a08eae2706222c428cdc19fc703eb4822bfb9dde7826cc020fcbe7b9554dc7d6bec7aee70530086f56f85ac0764eb3d1557850c4fa4c15560c2a7c52259cabfb84871e4c39c13f119928380740c3207dc99cdef51dc255ddfe49d95e18f6dbd4e36bba400467bb0f54b7cbbbd2d583643619acba636b47d07b04b42ee693d7b554767337d1eb253ebfc4df7b2430cbdfb44d04f94f70abe9835ad0745525f5d01b4e71ccc9816cdcb6b2c85e51b392e0c608c7ab932479d05000612721c41da93b1ec8545c23fcd5c95cb6a7d58a41552df02be9ae41ccc394b4e3a855defcfa18480faa1dd8e5a18806a098563561ab0607454f79a07b2fe4571b29e2d9413e6a60d372033188b9356bcf3421966ed6673aac2ecad131f9ede70a8f1b71b1ad0cfa1bc8ee91ec6cb7418db420dc5d942d3ec34db354dd29e5d8ea17efd167f90253293590a5843dfe6fbcf94d34bc14bcf2fe9e5594d37af19bdf80365f851ffc643ce24bb31d4bab294df8089fbaf240edd5223e2adcdfbf1de697df78cdcd8be6010d1cc7c5894f11b6fc8421b460cdbaf8c1caad1c08bfc3963d724f79a56e77fa5b73dd89ad8c96b97c27067e5f2a35ae9f9cdf17004056547001292ba9952346d07fba02f5225592385eed16f52437662124fc0c24fb3c100924608f178d413190dc5f0b1dd1b7c45806f7cbdd668a3c484f114e2d1ca9f4eacbd0845903794f695bc9fa49ebadcd18e1ff59cc5b7d444f0684ddf3ddf22e388770c1ba5d3b0eac6989871603a850bdf0171ab470c56a6306acd1494d25379a27f8bd188f885dcf4e40a64c1bf88ae0ff430bab773e9d7bac7fda2f7aa2d4968207356ca35b1a04c081e750471b885fceeae1a10b8a32b51907b51d1792e29345d06669c9efd4ea62368a23c819de6cd6934a1335ecbafb59321dd1a3cb63ec99202d48f7ebf73282f9bea530f7cae700a2cd33324d6d082dc9ab77f755e4d26302eb61bae485b30747de6bb80c023745848d61b341ddba4bb78a7df9e67478dc26926b6ba76f480c5a3abbf9caa73439e0303364923a710188489e68b22c298e0cd7e71bd85705c9abee04dfd508469e6eb14a61cb24e29dc5a8a1ba5cc4feecffa894eb23c1a072f36aa75094aa03b2c8d5efba7914acfe364d1bcae740b69cfd0122fc806f783bec4e695fedbd9dcf89a3c32fc4c7c77fb9608aa337226dca3081660c5aa090ad25290f9b39e6f63ce0dd9c974f79e4e6027bd54751aaa3d17097eeab17531146f5747c6e9547137f936493a88d3d883f4f60300cb221be3e3e8c5c766f124b90ed700c4160b4b1214544da4be68a5cd76674b0411077f13695b2b9977f3fb8cb4b1546a1455dfd622df52c4f9016b3dde4279d89aea3e1a013521947b45efa720140d99fb0d", 0x50d}], 0x1}}], 0x2, 0xc044) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'dummy0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c0000001000fbff27bd7002fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="14100400040004001c00128009000100766c616e000000000c000280060001000400000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r4], 0x4c}, 0x1, 0x0, 0x0, 0x28001}, 0x8000002) write$binfmt_misc(r0, 0x0, 0x0) 429.315662ms ago: executing program 1 (id=131): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1) 283.972345ms ago: executing program 1 (id=132): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000404c05f20dafd60000000109022400010000000009040000010300010009210101000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="000657"], 0x0, 0x0, 0x0, 0x0}, 0x0) socket$nl_audit(0x10, 0x3, 0x9) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000007c0)={0x2c, 0x0, 0x0, 0x0, &(0x7f00000006c0), 0x0}) 247.213885ms ago: executing program 3 (id=133): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, 0x0, 0x0) newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x100) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000003280), 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r5 = fsopen(&(0x7f0000000000)='virtiofs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) 141.588318ms ago: executing program 2 (id=134): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="f800000016008502000000000000000020010000000000000000000000000002a600000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032"], 0xf8}}, 0x0) sendmsg$nl_xfrm(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}}, 0x0) 0s ago: executing program 0 (id=135): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.time\x00', 0x26e1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$rxrpc(0x21, 0x2, 0xa) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r6, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r7, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c"], 0x3c}}, 0x0) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001a80)={0x18, 0x2, &(0x7f0000000200)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x1ff00, 0x0, 0x0, 0x0, 0x8}], &(0x7f00000004c0)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r9}, 0x10) openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) socket$nl_route(0x10, 0x3, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.56' (ED25519) to the list of known hosts. [ 89.068733][ T5777] cgroup: Unknown subsys name 'net' [ 89.207154][ T5777] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 91.095311][ T5777] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 93.327690][ T5796] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 93.336091][ T5799] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 93.336412][ T5796] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 93.345412][ T5799] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 93.353857][ T5796] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 93.359310][ T5799] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 93.375129][ T5799] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 93.377501][ T5802] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 93.383988][ T5799] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 93.397692][ T5799] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 93.398345][ T5802] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 93.412428][ T5802] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 93.421054][ T5802] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 93.430775][ T5802] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 93.438826][ T5802] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 93.446194][ T5802] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 93.449643][ T5800] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 93.454941][ T5802] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 93.463368][ T5104] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 93.468201][ T5802] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 93.475527][ T5104] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 93.492717][ T5802] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 93.500043][ T5792] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 93.529461][ T5798] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 94.125796][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 94.144968][ T5789] chnl_net:caif_netlink_parms(): no params data found [ 94.195991][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 94.312921][ T5790] chnl_net:caif_netlink_parms(): no params data found [ 94.458456][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.465625][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.476025][ T5787] bridge_slave_0: entered allmulticast mode [ 94.483564][ T5787] bridge_slave_0: entered promiscuous mode [ 94.498037][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.505308][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.512602][ T5788] bridge_slave_0: entered allmulticast mode [ 94.520421][ T5788] bridge_slave_0: entered promiscuous mode [ 94.528384][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.535614][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.543455][ T5789] bridge_slave_0: entered allmulticast mode [ 94.550963][ T5789] bridge_slave_0: entered promiscuous mode [ 94.560635][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.567966][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.575190][ T5787] bridge_slave_1: entered allmulticast mode [ 94.582515][ T5787] bridge_slave_1: entered promiscuous mode [ 94.595237][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.602858][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.610169][ T5788] bridge_slave_1: entered allmulticast mode [ 94.617459][ T5788] bridge_slave_1: entered promiscuous mode [ 94.624553][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.632098][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.639833][ T5789] bridge_slave_1: entered allmulticast mode [ 94.647460][ T5789] bridge_slave_1: entered promiscuous mode [ 94.734193][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.741725][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.749927][ T5790] bridge_slave_0: entered allmulticast mode [ 94.757347][ T5790] bridge_slave_0: entered promiscuous mode [ 94.766440][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.774133][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.781676][ T5790] bridge_slave_1: entered allmulticast mode [ 94.789022][ T5790] bridge_slave_1: entered promiscuous mode [ 94.828692][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.855433][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.869247][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.882172][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.895384][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.907344][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.994924][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.009836][ T5788] team0: Port device team_slave_0 added [ 95.019959][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.045335][ T5787] team0: Port device team_slave_0 added [ 95.062352][ T5788] team0: Port device team_slave_1 added [ 95.095222][ T5789] team0: Port device team_slave_0 added [ 95.106029][ T5789] team0: Port device team_slave_1 added [ 95.113887][ T5787] team0: Port device team_slave_1 added [ 95.183226][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.190806][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.217116][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.231961][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.239821][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.266149][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.282321][ T5790] team0: Port device team_slave_0 added [ 95.296449][ T5790] team0: Port device team_slave_1 added [ 95.315504][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.322642][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.349348][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.405471][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.412625][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.439094][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.451493][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.458842][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.485128][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.508081][ T5798] Bluetooth: hci0: command tx timeout [ 95.508100][ T50] Bluetooth: hci1: command tx timeout [ 95.515531][ T5788] hsr_slave_0: entered promiscuous mode [ 95.526645][ T5788] hsr_slave_1: entered promiscuous mode [ 95.549818][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.556855][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.583316][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.591512][ T5798] Bluetooth: hci3: command tx timeout [ 95.601239][ T50] Bluetooth: hci2: command tx timeout [ 95.624069][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.631265][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.658486][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.712354][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.719731][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.746582][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.769696][ T5789] hsr_slave_0: entered promiscuous mode [ 95.776320][ T5789] hsr_slave_1: entered promiscuous mode [ 95.783302][ T5789] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 95.792469][ T5789] Cannot create hsr debugfs directory [ 95.852587][ T5787] hsr_slave_0: entered promiscuous mode [ 95.859544][ T5787] hsr_slave_1: entered promiscuous mode [ 95.865846][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 95.874638][ T5787] Cannot create hsr debugfs directory [ 95.991034][ T5790] hsr_slave_0: entered promiscuous mode [ 95.998721][ T5790] hsr_slave_1: entered promiscuous mode [ 96.005131][ T5790] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 96.012859][ T5790] Cannot create hsr debugfs directory [ 96.403343][ T5788] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 96.416555][ T5788] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 96.432459][ T5788] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 96.442938][ T5788] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 96.524786][ T5787] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 96.535727][ T5787] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 96.550639][ T5787] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 96.562708][ T5787] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 96.711568][ T5790] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 96.724467][ T5790] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 96.736418][ T5790] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 96.752457][ T5790] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 96.873504][ T5789] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 96.885149][ T5789] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 96.895911][ T5789] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 96.917975][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.927532][ T5789] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 96.986331][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.050811][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.058317][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.113977][ T1117] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.121221][ T1117] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.141226][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.182887][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.236732][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.279449][ T1117] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.286627][ T1117] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.298278][ T1117] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.305490][ T1117] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.323840][ T5790] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.369291][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.378765][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.386660][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.409078][ T2919] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.416359][ T2919] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.543838][ T5789] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.589292][ T50] Bluetooth: hci1: command tx timeout [ 97.589303][ T5798] Bluetooth: hci0: command tx timeout [ 97.622839][ T2919] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.630118][ T2919] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.645631][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.652878][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.668806][ T5798] Bluetooth: hci2: command tx timeout [ 97.668819][ T50] Bluetooth: hci3: command tx timeout [ 97.685922][ T5790] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 97.930775][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.083934][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.104848][ T5788] veth0_vlan: entered promiscuous mode [ 98.146543][ T5788] veth1_vlan: entered promiscuous mode [ 98.235368][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.255844][ T5788] veth0_macvtap: entered promiscuous mode [ 98.286322][ T5787] veth0_vlan: entered promiscuous mode [ 98.314375][ T5788] veth1_macvtap: entered promiscuous mode [ 98.341087][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.359302][ T5787] veth1_vlan: entered promiscuous mode [ 98.393848][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.422115][ T5790] veth0_vlan: entered promiscuous mode [ 98.443119][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.490121][ T5788] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.499250][ T5788] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.509851][ T5788] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.518892][ T5788] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.540405][ T5787] veth0_macvtap: entered promiscuous mode [ 98.554799][ T5790] veth1_vlan: entered promiscuous mode [ 98.582856][ T5787] veth1_macvtap: entered promiscuous mode [ 98.601606][ T5789] veth0_vlan: entered promiscuous mode [ 98.654135][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.671606][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.688257][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.702250][ T5789] veth1_vlan: entered promiscuous mode [ 98.729453][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.740780][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.753731][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.768040][ T5787] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.776794][ T5787] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.785668][ T5787] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.797519][ T5787] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.843269][ T5790] veth0_macvtap: entered promiscuous mode [ 98.856630][ T5790] veth1_macvtap: entered promiscuous mode [ 98.874483][ T2947] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.892185][ T2947] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.955057][ T2919] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.963550][ T2919] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.031998][ T5789] veth0_macvtap: entered promiscuous mode [ 99.046447][ T5789] veth1_macvtap: entered promiscuous mode [ 99.071559][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.082750][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.095338][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.105963][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.119085][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.161531][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.172878][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.183346][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.194760][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.206548][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.224666][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.245188][ T5790] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.259011][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.268971][ T5790] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.279581][ T5790] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.314365][ T5790] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.335476][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.348961][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.364055][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.375038][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.385511][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.396561][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.409458][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.449903][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.462108][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.472353][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.483018][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.495234][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.506381][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.526138][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.550324][ T5884] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.585557][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.600930][ T5789] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.609596][ T785] cfg80211: failed to load regulatory.db [ 99.623168][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.625405][ T5789] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.645619][ T5789] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.655730][ T5789] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.671420][ T5798] Bluetooth: hci1: command tx timeout [ 99.679750][ T5798] Bluetooth: hci0: command tx timeout [ 99.748416][ T50] Bluetooth: hci3: command tx timeout [ 99.749184][ T5798] Bluetooth: hci2: command tx timeout [ 99.875854][ T2933] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.915115][ T2933] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.985694][ T2947] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.006145][ T2947] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.056682][ T2947] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.092283][ T2947] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.195763][ T2933] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.232452][ T2933] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.788009][ T5905] syz.1.9[5905]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 100.818488][ T5906] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.842420][ T5905] loop1: detected capacity change from 0 to 128 [ 100.848999][ T5909] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.885571][ T5905] EXT4-fs: Ignoring removed nobh option [ 100.989032][ T5905] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 101.065268][ T5905] ext4 filesystem being mounted at /2/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 101.627216][ T5925] loop0: detected capacity change from 0 to 256 [ 101.747402][ T5798] Bluetooth: hci0: command tx timeout [ 101.753075][ T5798] Bluetooth: hci1: command tx timeout [ 101.827117][ T50] Bluetooth: hci3: command tx timeout [ 101.838738][ T50] Bluetooth: hci2: command tx timeout [ 102.452647][ T5787] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 102.943153][ T5946] netlink: 'syz.0.22': attribute type 3 has an invalid length. [ 102.953163][ T5946] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.22'. [ 103.036592][ T5949] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.304817][ T5955] loop1: detected capacity change from 0 to 128 [ 103.351140][ T5955] EXT4-fs: Ignoring removed nobh option [ 103.418574][ T5955] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 103.699807][ T5966] loop3: detected capacity change from 0 to 256 [ 103.987884][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 103.999464][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 104.303439][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 104.313379][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 104.388156][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 104.396458][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 104.405747][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 104.416288][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 104.452207][ T5959] netlink: 20 bytes leftover after parsing attributes in process `syz.0.22'. [ 104.484986][ T5955] ext4 filesystem being mounted at /6/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 104.671811][ T0] NOHZ tick-stop error: local softirq work is pending, handler #0a!!! [ 105.668709][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 105.923217][ T5787] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 106.098085][ T5970] 8021q: adding VLAN 0 to HW filter on device bond1 [ 108.788804][ T5993] loop1: detected capacity change from 0 to 256 [ 110.093150][ T5991] sched: RT throttling activated [ 111.332538][ T6002] pim6reg: entered allmulticast mode [ 111.818141][ T6007] 8021q: adding VLAN 0 to HW filter on device bond1 [ 113.337605][ T6028] loop0: detected capacity change from 0 to 256 [ 115.485449][ T6045] 8021q: adding VLAN 0 to HW filter on device bond2 [ 116.532718][ T6053] loop3: detected capacity change from 0 to 128 [ 116.576839][ T6053] EXT4-fs: Ignoring removed nobh option [ 116.803239][ T6053] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 116.857402][ T6053] ext4 filesystem being mounted at /24/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 117.853029][ T6068] loop0: detected capacity change from 0 to 256 [ 118.482289][ T6077] pim6reg: entered allmulticast mode [ 119.412787][ T6088] loop1: detected capacity change from 0 to 512 [ 120.448723][ T6088] EXT4-fs (loop1): orphan cleanup on readonly fs [ 120.486038][ T6088] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0 [ 120.497531][ T6088] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 120.507245][ T6088] EXT4-fs error (device loop1): ext4_acquire_dquot:6940: comm syz.1.69: Failed to acquire dquot type 1 [ 120.558201][ T6088] EXT4-fs (loop1): 1 truncate cleaned up [ 121.100287][ T6088] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 121.395061][ T6088] EXT4-fs error (device loop1): ext4_lookup:1862: inode #2: comm syz.1.69: deleted inode referenced: 12 [ 121.517560][ T6092] EXT4-fs error (device loop1): ext4_lookup:1862: inode #2: comm syz.1.69: deleted inode referenced: 12 [ 121.763779][ T6088] syz.1.69 (6088) used greatest stack depth: 16592 bytes left [ 122.450373][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.670981][ T5788] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 124.605394][ T6113] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 125.921796][ T6127] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 127.337871][ T6120] loop1: detected capacity change from 0 to 40427 [ 127.398475][ T6120] F2FS-fs (loop1): heap/no_heap options were deprecated [ 127.443428][ T6120] F2FS-fs (loop1): invalid crc value [ 127.642458][ T6120] F2FS-fs (loop1): Found nat_bits in checkpoint [ 127.845040][ T6150] overlayfs: missing 'lowerdir' [ 129.989054][ T6173] team0: Port device vlan2 added [ 131.378760][ T5880] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 131.796378][ T6196] overlayfs: missing 'lowerdir' [ 132.834799][ T6202] IPVS: sync thread started: state = BACKUP, mcast_ifn = geneve0, syncid = 10804, id = 0 [ 134.647099][ T5844] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 134.879060][ T5844] usb 4-1: config 0 has an invalid interface number: 11 but max is 0 [ 134.891206][ T5844] usb 4-1: config 0 has no interface number 0 [ 134.928353][ T5844] usb 4-1: config 0 interface 11 has no altsetting 0 [ 134.935613][ T5844] usb 4-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 134.952075][ T5844] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.088768][ T5844] usb 4-1: config 0 descriptor?? [ 135.131185][ T5844] keyspan 4-1:0.11: Keyspan 2 port adapter converter detected [ 135.170623][ T5844] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 87 [ 135.202728][ T5844] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 7 [ 135.246068][ T5844] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 81 [ 135.313661][ T5844] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 82 [ 135.328016][ T5880] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 135.336548][ T5880] usb 3-1: can't read configurations, error -71 [ 135.346925][ T6219] Zero length message leads to an empty skb [ 135.449745][ T5844] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 1 [ 135.456911][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 135.467706][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.479009][ T5844] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 2 [ 135.487586][ T5844] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 85 [ 135.572355][ T5844] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 5 [ 135.697639][ T5844] usb 4-1: Keyspan 2 port adapter converter now attached to ttyUSB0 [ 135.787700][ T5844] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 83 [ 135.795631][ T5844] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 84 [ 135.841802][ T5844] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 3 [ 135.866174][ T5844] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 4 [ 135.957125][ T5844] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 86 [ 136.007739][ T5844] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 6 [ 136.030506][ T5844] usb 4-1: Keyspan 2 port adapter converter now attached to ttyUSB1 [ 136.166864][ T6224] syz.2.108(6224): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 136.193626][ T5844] usb 4-1: USB disconnect, device number 2 [ 136.256205][ T5844] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0 [ 136.298996][ T5844] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1 [ 136.337956][ T5844] keyspan 4-1:0.11: device disconnected [ 136.967408][ T5880] usb 2-1: new low-speed USB device number 2 using dummy_hcd [ 137.140677][ T5880] usb 2-1: device descriptor read/64, error -71 [ 137.457127][ T5880] usb 2-1: new low-speed USB device number 3 using dummy_hcd [ 138.468265][ T5880] usb 2-1: device descriptor read/64, error -71 [ 138.627560][ T5880] usb usb2-port1: attempt power cycle [ 139.048907][ T5880] usb 2-1: new low-speed USB device number 4 using dummy_hcd [ 139.097739][ T5880] usb 2-1: device descriptor read/8, error -71 [ 139.367287][ T5880] usb 2-1: new low-speed USB device number 5 using dummy_hcd [ 139.411476][ T5880] usb 2-1: device descriptor read/8, error -71 [ 139.577924][ T5880] usb usb2-port1: unable to enumerate USB device [ 140.054700][ T6267] team0: Port device vlan2 added [ 142.324988][ T6287] IPVS: sync thread started: state = BACKUP, mcast_ifn = geneve0, syncid = 10804, id = 0 [ 143.149667][ T6305] ================================================================== [ 143.157848][ T6305] BUG: KASAN: slab-use-after-free in xfrm_alloc_spi+0x598/0x11f0 [ 143.165644][ T6305] Read of size 4 at addr ffff88805c9ec0a0 by task syz.2.134/6305 [ 143.173421][ T6305] [ 143.175792][ T6305] CPU: 0 PID: 6305 Comm: syz.2.134 Not tainted syzkaller #0 [ 143.183185][ T6305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 143.193263][ T6305] Call Trace: [ 143.196618][ T6305] [ 143.199584][ T6305] dump_stack_lvl+0x16c/0x230 [ 143.204374][ T6305] ? __lock_acquire+0x7c80/0x7c80 [ 143.209421][ T6305] ? show_regs_print_info+0x20/0x20 [ 143.214644][ T6305] ? load_image+0x3b0/0x3b0 [ 143.219175][ T6305] ? __virt_addr_valid+0x469/0x540 [ 143.224320][ T6305] print_report+0xac/0x220 [ 143.228755][ T6305] ? xfrm_alloc_spi+0x598/0x11f0 [ 143.233728][ T6305] kasan_report+0x117/0x150 [ 143.238259][ T6305] ? xfrm_alloc_spi+0x598/0x11f0 [ 143.243247][ T6305] xfrm_alloc_spi+0x598/0x11f0 [ 143.248035][ T6305] ? xfrm_alloc_spi+0x2a1/0x11f0 [ 143.252985][ T6305] ? verify_spi_info+0x120/0x120 [ 143.257946][ T6305] ? xfrm_find_acq+0x79/0x90 [ 143.262631][ T6305] xfrm_alloc_userspi+0x5d1/0xa90 [ 143.267726][ T6305] ? end_current_label_crit_section+0x170/0x170 [ 143.273994][ T6305] ? apparmor_capable+0x137/0x1a0 [ 143.279049][ T6305] ? xfrm_dump_policy_done+0x90/0x90 [ 143.284359][ T6305] ? __nla_parse+0x40/0x50 [ 143.288813][ T6305] xfrm_user_rcv_msg+0x596/0x870 [ 143.293790][ T6305] ? lockdep_hardirqs_on+0x98/0x150 [ 143.299010][ T6305] ? xfrm_netlink_rcv+0x90/0x90 [ 143.303871][ T6305] ? __local_bh_enable_ip+0x12e/0x1c0 [ 143.309281][ T6305] ? __dev_queue_xmit+0x245/0x35a0 [ 143.314430][ T6305] ? __mutex_trylock_common+0x153/0x250 [ 143.320004][ T6305] netlink_rcv_skb+0x216/0x480 [ 143.324820][ T6305] ? xfrm_netlink_rcv+0x90/0x90 [ 143.329718][ T6305] ? netlink_ack+0x1110/0x1110 [ 143.334529][ T6305] ? netlink_deliver_tap+0x2e/0x1b0 [ 143.339748][ T6305] ? __lock_acquire+0x7c80/0x7c80 [ 143.344814][ T6305] xfrm_netlink_rcv+0x79/0x90 [ 143.349528][ T6305] netlink_unicast+0x751/0x8d0 [ 143.354315][ T6305] netlink_sendmsg+0x8c1/0xbe0 [ 143.359117][ T6305] ? netlink_getsockopt+0x580/0x580 [ 143.364390][ T6305] ? aa_sock_msg_perm+0x94/0x150 [ 143.369349][ T6305] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 143.374659][ T6305] ? security_socket_sendmsg+0x80/0xa0 [ 143.380144][ T6305] ? netlink_getsockopt+0x580/0x580 [ 143.385436][ T6305] ____sys_sendmsg+0x5bf/0x950 [ 143.390229][ T6305] ? __asan_memset+0x22/0x40 [ 143.394838][ T6305] ? __sys_sendmsg_sock+0x30/0x30 [ 143.399878][ T6305] ? __import_iovec+0x5f2/0x860 [ 143.404750][ T6305] ? import_iovec+0x73/0xa0 [ 143.409270][ T6305] ___sys_sendmsg+0x220/0x290 [ 143.413992][ T6305] ? __sys_sendmsg+0x270/0x270 [ 143.418795][ T6305] __se_sys_sendmsg+0x1a5/0x270 [ 143.423750][ T6305] ? __x64_sys_sendmsg+0x80/0x80 [ 143.428743][ T6305] ? lockdep_hardirqs_on+0x98/0x150 [ 143.433967][ T6305] do_syscall_64+0x55/0xb0 [ 143.438419][ T6305] ? clear_bhb_loop+0x40/0x90 [ 143.443121][ T6305] ? clear_bhb_loop+0x40/0x90 [ 143.447824][ T6305] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 143.453756][ T6305] RIP: 0033:0x7f73a738eec9 [ 143.458193][ T6305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 143.477824][ T6305] RSP: 002b:00007f73a55f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 143.486258][ T6305] RAX: ffffffffffffffda RBX: 00007f73a75e6090 RCX: 00007f73a738eec9 [ 143.494253][ T6305] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000005 [ 143.502261][ T6305] RBP: 00007f73a7411f91 R08: 0000000000000000 R09: 0000000000000000 [ 143.510267][ T6305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 143.518270][ T6305] R13: 00007f73a75e6128 R14: 00007f73a75e6090 R15: 00007ffe8c712b78 [ 143.526304][ T6305] [ 143.529335][ T6305] [ 143.531671][ T6305] Allocated by task 5923: [ 143.536003][ T6305] kasan_set_track+0x4e/0x70 [ 143.540605][ T6305] __kasan_slab_alloc+0x6c/0x80 [ 143.545468][ T6305] slab_post_alloc_hook+0x6e/0x4d0 [ 143.550635][ T6305] kmem_cache_alloc+0x11e/0x2e0 [ 143.555507][ T6305] xfrm_state_alloc+0x22/0x2a0 [ 143.560305][ T6305] __find_acq_core+0x7d8/0x19d0 [ 143.565299][ T6305] xfrm_find_acq+0x6a/0x90 [ 143.569845][ T6305] xfrm_alloc_userspi+0x57a/0xa90 [ 143.574895][ T6305] xfrm_user_rcv_msg+0x596/0x870 [ 143.579848][ T6305] netlink_rcv_skb+0x216/0x480 [ 143.584639][ T6305] xfrm_netlink_rcv+0x79/0x90 [ 143.589433][ T6305] netlink_unicast+0x751/0x8d0 [ 143.594215][ T6305] netlink_sendmsg+0x8c1/0xbe0 [ 143.598997][ T6305] ____sys_sendmsg+0x5bf/0x950 [ 143.603778][ T6305] ___sys_sendmsg+0x220/0x290 [ 143.608467][ T6305] __se_sys_sendmsg+0x1a5/0x270 [ 143.613336][ T6305] do_syscall_64+0x55/0xb0 [ 143.617777][ T6305] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 143.623699][ T6305] [ 143.626028][ T6305] Freed by task 27: [ 143.629836][ T6305] kasan_set_track+0x4e/0x70 [ 143.634437][ T6305] kasan_save_free_info+0x2e/0x50 [ 143.639468][ T6305] ____kasan_slab_free+0x126/0x1e0 [ 143.644604][ T6305] slab_free_freelist_hook+0x130/0x1b0 [ 143.650072][ T6305] kmem_cache_free+0xf8/0x280 [ 143.654766][ T6305] xfrm_state_gc_task+0x10a/0x160 [ 143.659798][ T6305] process_scheduled_works+0xa45/0x15b0 [ 143.665347][ T6305] worker_thread+0xa55/0xfc0 [ 143.669942][ T6305] kthread+0x2fa/0x390 [ 143.674143][ T6305] ret_from_fork+0x48/0x80 [ 143.678625][ T6305] ret_from_fork_asm+0x11/0x20 [ 143.683426][ T6305] [ 143.685762][ T6305] The buggy address belongs to the object at ffff88805c9ec000 [ 143.685762][ T6305] which belongs to the cache xfrm_state of size 848 [ 143.699741][ T6305] The buggy address is located 160 bytes inside of [ 143.699741][ T6305] freed 848-byte region [ffff88805c9ec000, ffff88805c9ec350) [ 143.713608][ T6305] [ 143.715942][ T6305] The buggy address belongs to the physical page: [ 143.722378][ T6305] page:ffffea0001727b00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5c9ec [ 143.732609][ T6305] head:ffffea0001727b00 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 143.741547][ T6305] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 143.749692][ T6305] page_type: 0xffffffff() [ 143.754049][ T6305] raw: 00fff00000000840 ffff8880182f5dc0 dead000000000122 0000000000000000 [ 143.762733][ T6305] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 143.771324][ T6305] page dumped because: kasan: bad access detected [ 143.777760][ T6305] page_owner tracks the page as allocated [ 143.783481][ T6305] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 5923, tgid 5920 (syz.2.16), ts 101918285171, free_ts 34186566088 [ 143.803904][ T6305] post_alloc_hook+0x1cd/0x210 [ 143.808703][ T6305] get_page_from_freelist+0x195c/0x19f0 [ 143.814324][ T6305] __alloc_pages+0x1e3/0x460 [ 143.819084][ T6305] alloc_slab_page+0x5d/0x170 [ 143.823781][ T6305] new_slab+0x87/0x2e0 [ 143.827865][ T6305] ___slab_alloc+0xc6d/0x1300 [ 143.832556][ T6305] kmem_cache_alloc+0x1b7/0x2e0 [ 143.837423][ T6305] xfrm_state_alloc+0x22/0x2a0 [ 143.842194][ T6305] __find_acq_core+0x7d8/0x19d0 [ 143.847059][ T6305] xfrm_find_acq+0x6a/0x90 [ 143.851495][ T6305] xfrm_alloc_userspi+0x57a/0xa90 [ 143.856521][ T6305] xfrm_user_rcv_msg+0x596/0x870 [ 143.861462][ T6305] netlink_rcv_skb+0x216/0x480 [ 143.866239][ T6305] xfrm_netlink_rcv+0x79/0x90 [ 143.870917][ T6305] netlink_unicast+0x751/0x8d0 [ 143.875723][ T6305] netlink_sendmsg+0x8c1/0xbe0 [ 143.880515][ T6305] page last free stack trace: [ 143.885192][ T6305] free_unref_page_prepare+0x7ce/0x8e0 [ 143.890671][ T6305] free_unref_page+0x32/0x2e0 [ 143.895361][ T6305] free_contig_range+0xa1/0x160 [ 143.900314][ T6305] destroy_args+0x80/0x850 [ 143.904730][ T6305] debug_vm_pgtable+0x3cc/0x410 [ 143.909581][ T6305] do_one_initcall+0x1fd/0x750 [ 143.914351][ T6305] do_initcall_level+0x137/0x1f0 [ 143.919313][ T6305] do_initcalls+0x69/0xd0 [ 143.923647][ T6305] kernel_init_freeable+0x3d2/0x570 [ 143.929026][ T6305] kernel_init+0x1d/0x1c0 [ 143.933360][ T6305] ret_from_fork+0x48/0x80 [ 143.937788][ T6305] ret_from_fork_asm+0x11/0x20 [ 143.942560][ T6305] [ 143.944881][ T6305] Memory state around the buggy address: [ 143.950587][ T6305] ffff88805c9ebf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 143.958650][ T6305] ffff88805c9ec000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 143.966710][ T6305] >ffff88805c9ec080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 143.974854][ T6305] ^ [ 143.979972][ T6305] ffff88805c9ec100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 143.988083][ T6305] ffff88805c9ec180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 143.996166][ T6305] ================================================================== [ 144.004442][ T6305] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 144.011640][ T6305] CPU: 0 PID: 6305 Comm: syz.2.134 Not tainted syzkaller #0 [ 144.018927][ T6305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 144.029067][ T6305] Call Trace: [ 144.032384][ T6305] [ 144.035667][ T6305] dump_stack_lvl+0x16c/0x230 [ 144.040454][ T6305] ? show_regs_print_info+0x20/0x20 [ 144.045662][ T6305] ? load_image+0x3b0/0x3b0 [ 144.050272][ T6305] panic+0x2c0/0x710 [ 144.054197][ T6305] ? bpf_jit_dump+0xd0/0xd0 [ 144.058712][ T6305] ? _raw_spin_unlock_irqrestore+0xa9/0x110 [ 144.064610][ T6305] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 144.070505][ T6305] ? _raw_spin_unlock+0x40/0x40 [ 144.075459][ T6305] ? print_memory_metadata+0x314/0x400 [ 144.080926][ T6305] ? xfrm_alloc_spi+0x598/0x11f0 [ 144.085888][ T6305] check_panic_on_warn+0x84/0xa0 [ 144.090858][ T6305] ? xfrm_alloc_spi+0x598/0x11f0 [ 144.095797][ T6305] end_report+0x6f/0x140 [ 144.100047][ T6305] kasan_report+0x128/0x150 [ 144.104559][ T6305] ? xfrm_alloc_spi+0x598/0x11f0 [ 144.109501][ T6305] xfrm_alloc_spi+0x598/0x11f0 [ 144.114277][ T6305] ? xfrm_alloc_spi+0x2a1/0x11f0 [ 144.119219][ T6305] ? verify_spi_info+0x120/0x120 [ 144.124158][ T6305] ? xfrm_find_acq+0x79/0x90 [ 144.128756][ T6305] xfrm_alloc_userspi+0x5d1/0xa90 [ 144.133779][ T6305] ? end_current_label_crit_section+0x170/0x170 [ 144.140033][ T6305] ? apparmor_capable+0x137/0x1a0 [ 144.145064][ T6305] ? xfrm_dump_policy_done+0x90/0x90 [ 144.150356][ T6305] ? __nla_parse+0x40/0x50 [ 144.154776][ T6305] xfrm_user_rcv_msg+0x596/0x870 [ 144.159717][ T6305] ? lockdep_hardirqs_on+0x98/0x150 [ 144.164974][ T6305] ? xfrm_netlink_rcv+0x90/0x90 [ 144.169847][ T6305] ? __local_bh_enable_ip+0x12e/0x1c0 [ 144.175236][ T6305] ? __dev_queue_xmit+0x245/0x35a0 [ 144.180354][ T6305] ? __mutex_trylock_common+0x153/0x250 [ 144.185915][ T6305] netlink_rcv_skb+0x216/0x480 [ 144.190686][ T6305] ? xfrm_netlink_rcv+0x90/0x90 [ 144.195561][ T6305] ? netlink_ack+0x1110/0x1110 [ 144.200376][ T6305] ? netlink_deliver_tap+0x2e/0x1b0 [ 144.205584][ T6305] ? __lock_acquire+0x7c80/0x7c80 [ 144.210696][ T6305] xfrm_netlink_rcv+0x79/0x90 [ 144.215378][ T6305] netlink_unicast+0x751/0x8d0 [ 144.220155][ T6305] netlink_sendmsg+0x8c1/0xbe0 [ 144.224935][ T6305] ? netlink_getsockopt+0x580/0x580 [ 144.230140][ T6305] ? aa_sock_msg_perm+0x94/0x150 [ 144.235088][ T6305] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 144.240385][ T6305] ? security_socket_sendmsg+0x80/0xa0 [ 144.245936][ T6305] ? netlink_getsockopt+0x580/0x580 [ 144.251144][ T6305] ____sys_sendmsg+0x5bf/0x950 [ 144.255922][ T6305] ? __asan_memset+0x22/0x40 [ 144.260628][ T6305] ? __sys_sendmsg_sock+0x30/0x30 [ 144.265693][ T6305] ? __import_iovec+0x5f2/0x860 [ 144.270567][ T6305] ? import_iovec+0x73/0xa0 [ 144.275080][ T6305] ___sys_sendmsg+0x220/0x290 [ 144.279772][ T6305] ? __sys_sendmsg+0x270/0x270 [ 144.284587][ T6305] __se_sys_sendmsg+0x1a5/0x270 [ 144.289447][ T6305] ? __x64_sys_sendmsg+0x80/0x80 [ 144.294396][ T6305] ? lockdep_hardirqs_on+0x98/0x150 [ 144.299609][ T6305] do_syscall_64+0x55/0xb0 [ 144.304033][ T6305] ? clear_bhb_loop+0x40/0x90 [ 144.308711][ T6305] ? clear_bhb_loop+0x40/0x90 [ 144.313390][ T6305] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 144.319323][ T6305] RIP: 0033:0x7f73a738eec9 [ 144.323740][ T6305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.343362][ T6305] RSP: 002b:00007f73a55f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 144.351794][ T6305] RAX: ffffffffffffffda RBX: 00007f73a75e6090 RCX: 00007f73a738eec9 [ 144.359771][ T6305] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000005 [ 144.367771][ T6305] RBP: 00007f73a7411f91 R08: 0000000000000000 R09: 0000000000000000 [ 144.375755][ T6305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 144.383754][ T6305] R13: 00007f73a75e6128 R14: 00007f73a75e6090 R15: 00007ffe8c712b78 [ 144.391744][ T6305] [ 144.395064][ T6305] Kernel Offset: disabled [ 144.399395][ T6305] Rebooting in 86400 seconds..