last executing test programs: 9.505199239s ago: executing program 2 (id=172): pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) dup(r0) socket$kcm(0x29, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prlimit64(r2, 0x9, &(0x7f0000000340)={0x7021eb21, 0x7ea9f495}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r4, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x20000811) 9.14307956s ago: executing program 1 (id=173): creat(&(0x7f0000000000)='./file1\x00', 0x5c) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32, 0x0, 0x3}, 0x9c) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x7, 0xe, &(0x7f0000001500)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(0xffffffffffffffff, 0x50009405, &(0x7f0000000440)) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x6, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0xd, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="af", 0x34000}], 0x1}}], 0x1, 0x0) 7.525886452s ago: executing program 2 (id=178): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_usb_connect(0x5, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe"], 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x7, 0xf, 0xfb, '\x00', 0x3b}) 5.069923091s ago: executing program 4 (id=187): landlock_restrict_self(0xffffffffffffffff, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000325bd7000fbdbdf25050000000c00098008000200010000000c0002800800010000000002"], 0x2c}}, 0x4004) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0xa0, 0x30, 0x51b, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_skbmod={0x5c, 0x1, 0x0, 0x0, {{0xb}, {0x30, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x6}]}, {0x4, 0x14}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x6}}}, @m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0xa0}}, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180100002e00010000000000fcdbdf250801f2800c00180008ac0f0000000000140001"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0) 5.064185049s ago: executing program 0 (id=188): pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) dup(r0) socket$kcm(0x29, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prlimit64(r2, 0x9, &(0x7f0000000340)={0x7021eb21, 0x7ea9f495}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r4, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x20000811) 4.977259072s ago: executing program 2 (id=189): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb3d68000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(0xffffffffffffffff, 0xc0505350, 0x0) r3 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r3, &(0x7f0000000000), 0x10) setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, &(0x7f00000000c0), 0xf00) setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, 0x0, 0x0) 4.710694072s ago: executing program 1 (id=190): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000140)='tasks\x00', 0x2, 0x0) mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0) semget$private(0x0, 0x3, 0x555) r3 = semget$private(0x0, 0x0, 0x587) semop(r3, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$IOMMU_HWPT_ALLOC$TEST(0xffffffffffffffff, 0x3b89, &(0x7f00000002c0)={0x28, 0x3, 0x0, 0x0, 0x0, 0x0, 0xdead, 0x0, 0x0}) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='nfsd\x00', 0x10, 0x0) io_uring_enter(0xffffffffffffffff, 0x2d3e, 0x0, 0x0, 0x0, 0x0) ioctl$BLKTRACESTART(r2, 0x1274, 0x0) write$cgroup_pid(r1, &(0x7f0000000100), 0x12) 4.505984536s ago: executing program 4 (id=191): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000600)=@newlink={0x60, 0x10, 0x503, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20208}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x28, 0x2, 0x0, 0x1, [@IFLA_VLAN_EGRESS_QOS={0x1c, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x200, 0x8}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x200, 0xfffff7a7}}]}, @IFLA_VLAN_ID={0x6, 0x1, 0x4}]}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x60}, 0x1, 0x0, 0x0, 0x4010}, 0x0) 3.945563536s ago: executing program 0 (id=192): r0 = open_tree(0xffffffffffffff9c, 0x0, 0x89901) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @loopback}}, {{0xa, 0x4e22, 0x0, @private2}}}, 0x108) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001300)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000003c0)='net/mcfilter6\x00') preadv(r2, &(0x7f00000000c0)=[{&(0x7f0000000580)=""/128, 0x80}], 0x1, 0x5f, 0x0) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000200)='\x00', 0x81c01) move_mount(r3, 0x0, r0, 0x0, 0x46) add_key$user(0x0, &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd) 3.847113684s ago: executing program 2 (id=193): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a) io_setup(0x7, &(0x7f00000001c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000300)="87992d800d80", 0x6, 0x4}]) syz_io_uring_submit(0x0, 0x0, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(0xffffffffffffffff, 0x7a98, 0x0, 0x0, 0x0, 0x0) 3.578887402s ago: executing program 4 (id=194): r0 = syz_io_uring_setup(0x24fe, &(0x7f0000000300)={0x0, 0xf36e, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000004c0)=""/124, 0x7c}], 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FALLOCATE={0x11, 0x10, 0x0, @fd_index=0x8, 0xfff, 0x0, 0x6, 0x0, 0x1}) io_uring_enter(r0, 0x2d3e, 0x2936, 0x0, 0x0, 0x0) 3.577536057s ago: executing program 3 (id=195): capset(&(0x7f00000004c0)={0x20080522}, &(0x7f0000000500)={0x0, 0x2000, 0x0, 0x0, 0x0, 0x3cd}) r0 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x12b001) ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, 0x0) ioctl$CEC_TRANSMIT(r0, 0xc0386105, &(0x7f00000003c0)={0x0, 0xffffffffffffffff, 0x6, 0x6, 0xe30, 0x3ff, "c2a0da871813beebb98f6cd3bde10363", 0x8, 0x9, 0x9, 0x2, 0x0, 0x0, 0xfc}) 2.673789991s ago: executing program 1 (id=196): socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x4) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, 0x0}, 0x71) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) signalfd4(0xffffffffffffffff, &(0x7f00000000c0)={[0x6]}, 0x8, 0x800) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f91524fc60", 0x14}], 0x1}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[], 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="54000000090601080000000000000000050000000900020073797a310000000005000100070000002c000780060004404e21000005000700e30000000c00018008000140850101010c00028008000140"], 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) 2.610328848s ago: executing program 3 (id=197): r0 = epoll_create1(0x0) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000140), 0x22400, 0x0) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000100)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000000)={0x5, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f0000000180)={"2486910284ed923431d4c5d5fbf514fd00", r4, 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_INC(r1, 0x40045701, &(0x7f0000000200)=0x400a45) ioctl$SW_SYNC_IOC_INC(r2, 0x40045701, &(0x7f00000002c0)=0x3) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r5, &(0x7f0000000300)={0x40000001}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 2.609818195s ago: executing program 4 (id=198): r0 = socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r1}, 0x18) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=r2, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028008000200ac1414"], 0x44}, 0x1, 0x2}, 0x0) 2.445702297s ago: executing program 0 (id=199): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x1fc, 0x19, 0x1, 0x2, 0x0, {{@in6=@private2, @in6=@empty, 0x0, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0xc}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, [@tmpl={0x144, 0x5, [{{@in6=@empty, 0x0, 0x32}, 0x0, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x1}, {{@in6=@private2, 0x0, 0x32}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @remote}, 0x0, 0x0, 0x3}, {{@in6=@loopback, 0x0, 0x3c}, 0x2, @in6=@empty, 0x0, 0x1, 0x3, 0x40}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in=@dev, 0x3500, 0x0, 0x0, 0x0, 0x3eb}, {{@in=@multicast1, 0x0, 0x3c}, 0x2, @in=@local, 0xffffffff, 0x4, 0x2}]}]}, 0x1fc}}, 0x0) 2.371021988s ago: executing program 2 (id=200): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) open_tree(0xffffffffffffff9c, 0x0, 0x89901) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8) r4 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001300)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r4, 0xc0045516, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') preadv(r5, 0x0, 0x0, 0x5f, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, r7, 0x303, 0x70bd29, 0x25dfdbff, {0x3d}}, 0x14}}, 0x0) r8 = open_tree(0xffffffffffffff9c, &(0x7f0000000200)='\x00', 0x81c01) move_mount(r8, 0x0, r4, 0x0, 0x70) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) add_key$user(&(0x7f00000002c0), 0x0, &(0x7f0000000280)="d25a9850a9d77f1068", 0x9, 0xfffffffffffffffe) 2.370719559s ago: executing program 3 (id=201): landlock_restrict_self(0xffffffffffffffff, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000325bd7000fbdbdf25050000000c00098008000200010000000c0002800800010000000002"], 0x2c}}, 0x4004) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0xa0, 0x30, 0x51b, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_skbmod={0x5c, 0x1, 0x0, 0x0, {{0xb}, {0x30, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x6}]}, {0x4, 0x14}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x6}}}, @m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0xa0}}, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180100002e00010000000000fcdbdf250801f2800c00180008ac0f0000000000140001"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0) 2.370162969s ago: executing program 1 (id=202): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) r4 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000200)={r4, r4, r4}, 0x0, 0x0, 0x0) 2.153713839s ago: executing program 4 (id=203): syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8005b}) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_mptcp_buf(r5, 0x11c, 0x3, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x88fe) sendto$inet6(r0, 0x0, 0x0, 0x20004041, 0x0, 0x0) 2.153344951s ago: executing program 0 (id=204): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000600)=@newlink={0x60, 0x10, 0x503, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20208}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x28, 0x2, 0x0, 0x1, [@IFLA_VLAN_EGRESS_QOS={0x1c, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x200, 0x8}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x200, 0xfffff7a7}}]}, @IFLA_VLAN_ID={0x6, 0x1, 0x4}]}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x60}, 0x1, 0x0, 0x0, 0x4010}, 0x0) 1.697725936s ago: executing program 3 (id=205): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0}, 0x18) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f00000001c0)=0x1c, 0x4) readv(r0, &(0x7f0000000ac0)=[{&(0x7f00000002c0)=""/47, 0x2f}], 0x1) sendmmsg$inet(r0, &(0x7f0000002340)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)='L', 0x1}], 0x1}}], 0x1, 0x8010) 1.189250152s ago: executing program 1 (id=206): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r1}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r2, &(0x7f00000002c0), &(0x7f0000000300)=@tcp6=r0, 0x1}, 0x20) 511.996737ms ago: executing program 4 (id=207): socketpair$unix(0x1, 0x3, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x88d, &(0x7f00000005c0)={0x0, 0x1423, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x11, 0x0, @fd, 0x0, 0x0, 0x0, {0x40}}) io_uring_enter(r2, 0x75fa, 0xe475, 0x0, 0x0, 0x0) 202.480697ms ago: executing program 0 (id=208): r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000000c80)={&(0x7f0000000980)=@id, 0x10, 0x0}, 0x0) connect$tipc(r0, &(0x7f00000000c0)=@id={0x1e, 0x3, 0x0, {0x4e23, 0x3}}, 0x10) 201.701ms ago: executing program 3 (id=209): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) capset(0x0, &(0x7f0000000080)={0x200000, 0x200000}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10, @void, @value}, 0x94) ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5393, &(0x7f0000000000)) 84.550254ms ago: executing program 2 (id=210): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a) io_setup(0x7, &(0x7f00000001c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000300)="87992d800d80", 0x6, 0x4}]) syz_io_uring_submit(0x0, 0x0, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(0xffffffffffffffff, 0x7a98, 0x0, 0x0, 0x0, 0x0) 771.747µs ago: executing program 1 (id=211): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000003d0007010000000000000000047c000004001280140001202a00", @ANYRES32=0x0, @ANYBLOB='\b'], 0x2c}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000040)={0x0, &(0x7f00000006c0)=[@code={0x1, 0x4b, {"c40119de72800f07423b7104f3440fc7b1d0f05b000fc71cb6c442e59cf7c403a5688cd8240af532056445801d0068000000410f07c4c10d143e"}}, @uexit={0x0, 0x18}, @code={0x1, 0x77, {"0f20c035000000400f22c0c7442400bb000000c74424021bc78661c7442406000000000f011c24660fd9620866400fc7b2c44260e666b849000f00d0c4c37d39078943c10cbc9366ba4200b800000000ef66baf80cb8e26d9a89ef66bafc0c66ed26410f01cf"}}, @code={0x1, 0x61, {"410f01df0f67e0c74424004f190000c744240200000000c7442406000000000f0114248f2800a355f35fb93c020000b819f8c5aaba903f2f100f300f2360674e0fc7180f23e066400f3882302e0f01ca"}}], 0x13b}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000000c0)={[{0x0, 0x800, 0x0, 0x0, 0x0, 0xa5, 0xfd, 0x9, 0xa9, 0x4, 0x0, 0x2, 0x40000000}, {0x8, 0x4005, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x6, 0xff, 0x0, 0x2, 0x6}, {0x3fe, 0x4, 0x0, 0x5e, 0x0, 0x0, 0xb3, 0x0, 0x3, 0xfe, 0x80, 0xf6, 0x7}], 0x5}) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66ba4300b006ee0f01c40f009b27000000b9800000c00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a000000328fe858b660002fb90d090000b800680000ba000000000f30", 0x5a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 509.475µs ago: executing program 0 (id=212): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = socket(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, 0x0, &(0x7f00000000c0)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) clock_adjtime(0x0, &(0x7f0000000480)={0xd54, 0x0, 0x660e4fe0000000, 0x3, 0x0, 0x0, 0x0, 0x0, 0xb, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) r4 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0) close(r4) shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil) socket(0x840000000002, 0x3, 0x100) socket$packet(0x11, 0x2, 0x300) statx(0xffffffffffffff9c, 0x0, 0x6000, 0x200, 0x0) 0s ago: executing program 3 (id=213): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000340)={@val={0x8, 0x800}, @val={0x2, 0x3, 0x9, 0x68, 0x8000, 0x9}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0x0, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @local}, {0x4f20, 0x4e22, 0x6a, 0x0, @gue={{0x1, 0x0, 0x3, 0x2, 0x0, @void}, "6279cb22459ff50866ff829694a603d3c443eead410baf7b35c112fa15932138ee8f6a6d2afdde33d5a4ff97f976b3ac6d8c10e10601a959b4bf18b7d52cd3b5a4c19759c5eb55c033fbf5a6b311de39874510aa6af127d5df17d78aef01"}}}}, 0x8c) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.109' (ED25519) to the list of known hosts. [ 74.062794][ T5815] cgroup: Unknown subsys name 'net' [ 74.171128][ T5815] cgroup: Unknown subsys name 'cpuset' [ 74.180842][ T5815] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 75.581697][ T5815] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 78.289065][ T5833] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 78.292744][ T5828] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 78.310079][ T5843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 78.310768][ T5844] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 78.318194][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 78.325311][ T5844] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 78.332529][ T5843] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 78.340266][ T5844] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 78.353891][ T5843] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 78.354256][ T5844] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 78.361753][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 78.369403][ T5844] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 78.377805][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 78.389731][ T5845] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 78.398496][ T5845] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 78.406663][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 78.414050][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 78.423422][ T5843] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 78.430983][ T5845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 78.434186][ T5843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 78.440250][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 78.447467][ T5843] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 78.453463][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.466682][ T5835] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 78.489339][ T5146] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 79.145000][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 79.224764][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 79.272312][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 79.362536][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 79.391795][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 79.434220][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.443837][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.451501][ T5826] bridge_slave_0: entered allmulticast mode [ 79.459874][ T5826] bridge_slave_0: entered promiscuous mode [ 79.475519][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.483039][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.490416][ T5826] bridge_slave_1: entered allmulticast mode [ 79.497395][ T5826] bridge_slave_1: entered promiscuous mode [ 79.621746][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.629449][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.636627][ T5834] bridge_slave_0: entered allmulticast mode [ 79.643899][ T5834] bridge_slave_0: entered promiscuous mode [ 79.659442][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.703404][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.710825][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.718763][ T5834] bridge_slave_1: entered allmulticast mode [ 79.725790][ T5834] bridge_slave_1: entered promiscuous mode [ 79.740691][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.750154][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.757292][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.764594][ T5825] bridge_slave_0: entered allmulticast mode [ 79.771692][ T5825] bridge_slave_0: entered promiscuous mode [ 79.852880][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.860151][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.867470][ T5825] bridge_slave_1: entered allmulticast mode [ 79.875520][ T5825] bridge_slave_1: entered promiscuous mode [ 79.917191][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.924493][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.932117][ T5831] bridge_slave_0: entered allmulticast mode [ 79.940730][ T5831] bridge_slave_0: entered promiscuous mode [ 79.951113][ T5826] team0: Port device team_slave_0 added [ 79.970902][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.978322][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.985578][ T5836] bridge_slave_0: entered allmulticast mode [ 79.992933][ T5836] bridge_slave_0: entered promiscuous mode [ 80.002751][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.012883][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.020235][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.028582][ T5831] bridge_slave_1: entered allmulticast mode [ 80.035569][ T5831] bridge_slave_1: entered promiscuous mode [ 80.046850][ T5826] team0: Port device team_slave_1 added [ 80.055610][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.068958][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.078519][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.085785][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.093482][ T5836] bridge_slave_1: entered allmulticast mode [ 80.100686][ T5836] bridge_slave_1: entered promiscuous mode [ 80.110288][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.246810][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.254097][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.284589][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.300221][ T5825] team0: Port device team_slave_0 added [ 80.308903][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.320704][ T5834] team0: Port device team_slave_0 added [ 80.330735][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.342902][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.353320][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.360575][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.387032][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.400003][ T5825] team0: Port device team_slave_1 added [ 80.415672][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.427024][ T5834] team0: Port device team_slave_1 added [ 80.476663][ T5831] team0: Port device team_slave_0 added [ 80.518254][ T5146] Bluetooth: hci3: command tx timeout [ 80.518355][ T5833] Bluetooth: hci1: command tx timeout [ 80.523784][ T5835] Bluetooth: hci0: command tx timeout [ 80.529350][ T5828] Bluetooth: hci4: command tx timeout [ 80.545723][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.552807][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.579233][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.593860][ T5831] team0: Port device team_slave_1 added [ 80.598512][ T5835] Bluetooth: hci2: command tx timeout [ 80.639419][ T5836] team0: Port device team_slave_0 added [ 80.658185][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.665271][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.692154][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.716625][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.724027][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.750531][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.762429][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.769620][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.795665][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.809760][ T5836] team0: Port device team_slave_1 added [ 80.833550][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.840593][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.866890][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.886788][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.894006][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.920627][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.963455][ T5826] hsr_slave_0: entered promiscuous mode [ 80.970661][ T5826] hsr_slave_1: entered promiscuous mode [ 81.001408][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.009023][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.035433][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.048814][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.055807][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.081934][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.188302][ T5834] hsr_slave_0: entered promiscuous mode [ 81.195382][ T5834] hsr_slave_1: entered promiscuous mode [ 81.202076][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 81.210190][ T5834] Cannot create hsr debugfs directory [ 81.234461][ T5831] hsr_slave_0: entered promiscuous mode [ 81.241644][ T5831] hsr_slave_1: entered promiscuous mode [ 81.248067][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 81.255620][ T5831] Cannot create hsr debugfs directory [ 81.335200][ T5836] hsr_slave_0: entered promiscuous mode [ 81.342044][ T5836] hsr_slave_1: entered promiscuous mode [ 81.348949][ T5836] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 81.356625][ T5836] Cannot create hsr debugfs directory [ 81.411797][ T5825] hsr_slave_0: entered promiscuous mode [ 81.420246][ T5825] hsr_slave_1: entered promiscuous mode [ 81.426263][ T5825] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 81.433905][ T5825] Cannot create hsr debugfs directory [ 82.069625][ T5826] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 82.094457][ T5826] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.114696][ T5826] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.134441][ T5826] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 82.182899][ T5836] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 82.203263][ T5836] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 82.213966][ T5836] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 82.240412][ T5836] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 82.299917][ T5831] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 82.314861][ T5831] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 82.350293][ T5831] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 82.380544][ T5831] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 82.475568][ T5825] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 82.486794][ T5825] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 82.512456][ T5825] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 82.540714][ T5825] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 82.598742][ T5835] Bluetooth: hci1: command tx timeout [ 82.598748][ T5146] Bluetooth: hci4: command tx timeout [ 82.607697][ T5146] Bluetooth: hci0: command tx timeout [ 82.609586][ T5833] Bluetooth: hci3: command tx timeout [ 82.638058][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.652395][ T5834] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 82.663509][ T5834] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 82.674690][ T5834] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 82.682105][ T5835] Bluetooth: hci2: command tx timeout [ 82.710085][ T5834] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 82.745464][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.803755][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.811027][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.825244][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.858540][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.865732][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.896893][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.945392][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.956851][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.979421][ T66] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.986552][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.014516][ T66] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.021740][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.060159][ T3439] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.067330][ T3439] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.096245][ T3439] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.103398][ T3439] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.172216][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.273885][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.311971][ T5836] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 83.345308][ T3439] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.352535][ T3439] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.365134][ T3439] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.372371][ T3439] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.492928][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.543869][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.600988][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.642476][ T1157] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.649680][ T1157] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.666035][ T1157] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.673271][ T1157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.704108][ T5825] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 83.792097][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.806373][ T5826] veth0_vlan: entered promiscuous mode [ 83.872881][ T5826] veth1_vlan: entered promiscuous mode [ 83.973998][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.991262][ T5826] veth0_macvtap: entered promiscuous mode [ 84.040748][ T5826] veth1_macvtap: entered promiscuous mode [ 84.069603][ T5836] veth0_vlan: entered promiscuous mode [ 84.116446][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.151252][ T5836] veth1_vlan: entered promiscuous mode [ 84.205524][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.235601][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.249010][ T5826] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.259480][ T5826] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.268799][ T5826] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.281817][ T5826] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.320733][ T5836] veth0_macvtap: entered promiscuous mode [ 84.354394][ T5836] veth1_macvtap: entered promiscuous mode [ 84.494271][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.540200][ T5825] veth0_vlan: entered promiscuous mode [ 84.592270][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.617917][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.626564][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.641437][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.653084][ T5836] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.662440][ T5836] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.672036][ T5836] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.677759][ T5835] Bluetooth: hci1: command tx timeout [ 84.682393][ T5836] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.686207][ T5835] Bluetooth: hci3: command tx timeout [ 84.700752][ T5833] Bluetooth: hci0: command tx timeout [ 84.700784][ T5146] Bluetooth: hci4: command tx timeout [ 84.719912][ T5825] veth1_vlan: entered promiscuous mode [ 84.758756][ T5146] Bluetooth: hci2: command tx timeout [ 84.771031][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.783095][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.894193][ T5825] veth0_macvtap: entered promiscuous mode [ 84.909674][ T5825] veth1_macvtap: entered promiscuous mode [ 84.921796][ T5826] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 84.923345][ T5834] veth0_vlan: entered promiscuous mode [ 84.943872][ T5831] veth0_vlan: entered promiscuous mode [ 84.982888][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.044009][ T5834] veth1_vlan: entered promiscuous mode [ 85.071353][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.097030][ T5831] veth1_vlan: entered promiscuous mode [ 85.106598][ T1157] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.115334][ T1157] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.148072][ T5834] veth0_macvtap: entered promiscuous mode [ 85.159134][ T5834] veth1_macvtap: entered promiscuous mode [ 85.184471][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.197263][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.214534][ T5834] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.223680][ T5834] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.232832][ T5834] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.242675][ T5834] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.337837][ T5825] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.346682][ T5825] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.355780][ T5825] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.364670][ T5825] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.444462][ T5951] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 85.993262][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.015389][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.070670][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.099983][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.176000][ T1006] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.187443][ T1006] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.260126][ T5831] veth0_macvtap: entered promiscuous mode [ 86.292688][ T5831] veth1_macvtap: entered promiscuous mode [ 86.442883][ T1157] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.466199][ T1157] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.482914][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.589971][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.615521][ T5831] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.628940][ T5831] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.643426][ T5831] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.652996][ T5831] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.666519][ T5963] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3'. [ 86.744072][ T5963] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.843574][ T5963] bridge_slave_1 (unregistering): left allmulticast mode [ 86.851120][ T5963] bridge_slave_1 (unregistering): left promiscuous mode [ 86.861362][ T5963] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.916775][ T5146] Bluetooth: hci3: command tx timeout [ 86.923202][ T5146] Bluetooth: hci0: command tx timeout [ 86.924820][ T5835] Bluetooth: hci4: command tx timeout [ 86.929396][ T5146] Bluetooth: hci1: command tx timeout [ 86.934608][ T5828] Bluetooth: hci2: command tx timeout [ 86.942793][ T24] cfg80211: failed to load regulatory.db [ 86.975451][ T3557] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.042482][ T5972] netlink: 20 bytes leftover after parsing attributes in process `syz.0.9'. [ 87.706106][ T3557] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.238171][ T30] audit: type=1800 audit(1750042838.560:2): pid=5985 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.13" name="bus" dev="tmpfs" ino=33 res=0 errno=0 [ 89.584693][ T1157] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.614688][ T1157] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.787794][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.817978][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 89.826791][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 89.838426][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.920418][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 89.940007][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 89.960866][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 90.011585][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 90.117990][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 90.216395][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 90.731172][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 90.797780][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 90.915914][ T6009] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 92.539728][ T6017] nbd3: detected capacity change from 0 to 1073741828 [ 92.724332][ T6029] capability: warning: `syz.4.24' uses deprecated v2 capabilities in a way that may be insecure [ 93.138696][ T5879] block nbd3: Send control failed (result -89) [ 93.157875][ T5879] block nbd3: Request send failed, requeueing [ 93.165300][ T5835] block nbd3: Receive control failed (result -32) [ 93.181654][ T6003] block nbd3: Dead connection, failed to find a fallback [ 93.190851][ T6003] block nbd3: shutting down sockets [ 93.196475][ T6003] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 93.206197][ T6003] Buffer I/O error on dev nbd3, logical block 0, async page read [ 93.214532][ T5879] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 93.232640][ T5879] Buffer I/O error on dev nbd3, logical block 0, async page read [ 93.241921][ T5879] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 93.251493][ T5879] Buffer I/O error on dev nbd3, logical block 0, async page read [ 93.259616][ T5879] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 93.269030][ T5879] Buffer I/O error on dev nbd3, logical block 0, async page read [ 93.276994][ T5879] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 93.286132][ T5879] Buffer I/O error on dev nbd3, logical block 0, async page read [ 93.297101][ T5879] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 93.307730][ T5879] Buffer I/O error on dev nbd3, logical block 0, async page read [ 93.323040][ T5879] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 93.357734][ T5879] Buffer I/O error on dev nbd3, logical block 0, async page read [ 93.366475][ T5879] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 93.438636][ T5879] Buffer I/O error on dev nbd3, logical block 0, async page read [ 93.447112][ T5879] ldm_validate_partition_table(): Disk read failed. [ 93.454288][ T5879] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 93.463662][ T5879] Buffer I/O error on dev nbd3, logical block 0, async page read [ 93.567175][ T5879] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 93.645080][ T5879] Buffer I/O error on dev nbd3, logical block 0, async page read [ 93.674520][ T6024] syz.0.23 (6024): drop_caches: 2 [ 93.696626][ T5879] Dev nbd3: unable to read RDB block 0 [ 93.713090][ T5879] nbd3: unable to read partition table [ 94.831608][ T5879] ldm_validate_partition_table(): Disk read failed. [ 94.895019][ T5879] Dev nbd3: unable to read RDB block 0 [ 94.948294][ T5879] nbd3: unable to read partition table [ 97.287159][ T6077] netlink: 28 bytes leftover after parsing attributes in process `syz.1.36'. [ 97.730906][ T6075] netlink: 'syz.4.37': attribute type 1 has an invalid length. [ 97.747249][ T6075] netlink: 172 bytes leftover after parsing attributes in process `syz.4.37'. [ 99.000925][ T6091] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 99.012834][ T6091] xt_SECMARK: unable to map security context 'system_u:object_r:dbusd_etc_t:s0' [ 101.484751][ T6116] tc_dump_action: action bad kind [ 102.001112][ T6122] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 102.488659][ T6131] syz.4.55 (6131) used obsolete PPPIOCDETACH ioctl [ 104.780802][ T6159] netlink: 'syz.1.64': attribute type 1 has an invalid length. [ 104.797642][ T6159] netlink: 12 bytes leftover after parsing attributes in process `syz.1.64'. [ 105.538081][ T48] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 105.820431][ T48] usb 1-1: config 1 interface 0 has no altsetting 0 [ 105.850362][ T48] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 105.870127][ T48] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.908342][ T48] usb 1-1: Product: syz [ 105.936358][ T48] usb 1-1: Manufacturer: syz [ 106.007868][ T48] usb 1-1: SerialNumber: syz [ 107.003964][ T6178] trusted_key: syz.2.70 sent an empty control message without MSG_MORE. [ 107.268961][ T48] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 107.799062][ T6189] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 107.818027][ T6189] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 108.229896][ T6199] fuse: Bad value for 'fd' [ 108.399801][ T6199] orangefs_mount: mount request failed with -4 [ 108.965188][ T5953] usb 1-1: USB disconnect, device number 2 [ 109.148018][ T5953] usblp0: removed [ 109.620640][ T6212] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 109.629547][ T6212] batadv_slave_0: entered promiscuous mode [ 112.851137][ T6244] netlink: 300 bytes leftover after parsing attributes in process `syz.4.87'. [ 113.287662][ T10] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 113.463626][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 113.489495][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 113.506262][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 113.518646][ T10] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 113.528043][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.540391][ T10] usb 3-1: config 0 descriptor?? [ 113.983541][ T10] appleir 0003:05AC:8241.0001: unknown main item tag 0x0 [ 114.014875][ T10] appleir 0003:05AC:8241.0001: unknown main item tag 0x0 [ 114.031042][ T10] appleir 0003:05AC:8241.0001: unknown main item tag 0x0 [ 114.047738][ T10] appleir 0003:05AC:8241.0001: unknown main item tag 0x0 [ 114.055462][ T10] appleir 0003:05AC:8241.0001: unknown main item tag 0x0 [ 114.073308][ T10] appleir 0003:05AC:8241.0001: No inputs registered, leaving [ 114.187712][ T10] appleir 0003:05AC:8241.0001: hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.2-1/input0 [ 114.188415][ T6254] fuse: Bad value for 'fd' [ 114.250664][ T10] usb 3-1: USB disconnect, device number 2 [ 114.491674][ T6255] fido_id[6255]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 114.591036][ T6260] process 'syz.4.92' launched './file0' with NULL argv: empty string added [ 115.118934][ T6254] orangefs_mount: mount request failed with -4 [ 115.640190][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 115.797685][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 115.821930][ T9] usb 5-1: config 0 has an invalid interface number: 137 but max is 4 [ 115.852649][ T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 5 [ 115.880870][ T9] usb 5-1: config 0 has no interface number 0 [ 115.900827][ T9] usb 5-1: New USB device found, idVendor=05f9, idProduct=fbff, bcdDevice=b9.11 [ 115.925696][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.946491][ T9] usb 5-1: Product: syz [ 115.956350][ T9] usb 5-1: Manufacturer: syz [ 115.970625][ T9] usb 5-1: SerialNumber: syz [ 115.990023][ T9] usb 5-1: config 0 descriptor?? [ 116.205981][ T10] usb 5-1: USB disconnect, device number 2 [ 117.457818][ T10] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 117.658728][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 117.695094][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7 [ 117.746799][ T10] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 117.787478][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.814719][ T10] usb 1-1: Product: syz [ 117.824846][ T10] usb 1-1: Manufacturer: syz [ 117.835722][ T10] usb 1-1: SerialNumber: syz [ 117.856370][ T10] usb 1-1: config 0 descriptor?? [ 117.895142][ T6292] netlink: 300 bytes leftover after parsing attributes in process `syz.4.101'. [ 119.999322][ T10] usb 1-1: USB disconnect, device number 3 [ 121.490069][ T6319] udevd[6319]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 122.417299][ T6330] syzkaller1: entered promiscuous mode [ 122.440128][ T6330] syzkaller1: entered allmulticast mode [ 122.665630][ T6334] fuse: Bad value for 'fd' [ 122.907954][ T6334] orangefs_mount: mount request failed with -4 [ 125.443734][ T5887] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 127.910875][ T5887] usb 3-1: device not accepting address 3, error -71 [ 131.029683][ T6396] netlink: 'syz.3.132': attribute type 1 has an invalid length. [ 131.098400][ T6396] netlink: 228 bytes leftover after parsing attributes in process `syz.3.132'. [ 132.105442][ T5887] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 132.499559][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 132.551611][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7 [ 132.566361][ T6419] syz_tun: entered allmulticast mode [ 132.592666][ T5887] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 132.627178][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.656075][ T5887] usb 3-1: Product: syz [ 132.666202][ T5887] usb 3-1: Manufacturer: syz [ 132.671428][ T5887] usb 3-1: SerialNumber: syz [ 132.700802][ T5887] usb 3-1: config 0 descriptor?? [ 132.761495][ T6419] dvmrp1: entered allmulticast mode [ 132.926288][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.933083][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.537026][ T6417] syz_tun: left allmulticast mode [ 133.546123][ T6398] fuse: Bad value for 'fd' [ 134.002834][ T6428] orangefs_mount: mount request failed with -4 [ 135.308755][ T5887] usb 3-1: USB disconnect, device number 5 [ 135.428657][ T6446] netlink: 'syz.3.147': attribute type 1 has an invalid length. [ 135.442266][ T6319] udevd[6319]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 135.483371][ T6446] netlink: 184 bytes leftover after parsing attributes in process `syz.3.147'. [ 135.505546][ T6446] netlink: 'syz.3.147': attribute type 1 has an invalid length. [ 136.342015][ T6455] ======================================================= [ 136.342015][ T6455] WARNING: The mand mount option has been deprecated and [ 136.342015][ T6455] and is ignored by this kernel. Remove the mand [ 136.342015][ T6455] option from the mount to silence this warning. [ 136.342015][ T6455] ======================================================= [ 136.413504][ T6455] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 136.428053][ T6455] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 136.456384][ T6455] overlayfs: conflicting lowerdir path [ 138.389790][ T6470] mmap: syz.1.156 (6470) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 139.457720][ T5953] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 139.506953][ T6492] netlink: 'syz.0.162': attribute type 1 has an invalid length. [ 139.542831][ T6492] netlink: 184 bytes leftover after parsing attributes in process `syz.0.162'. [ 139.593081][ T6492] netlink: 'syz.0.162': attribute type 1 has an invalid length. [ 139.660014][ T5953] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 139.813584][ T5953] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7 [ 139.829702][ T5953] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 139.839218][ T5953] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.847849][ T5953] usb 3-1: Product: syz [ 139.852044][ T5953] usb 3-1: Manufacturer: syz [ 139.861763][ T5953] usb 3-1: SerialNumber: syz [ 139.903628][ T5953] usb 3-1: config 0 descriptor?? [ 140.245484][ T6506] netlink: 104 bytes leftover after parsing attributes in process `syz.0.165'. [ 140.523751][ T6498] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 140.530942][ T6498] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 140.894320][ T6498] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 140.903300][ T6498] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 141.029698][ T6498] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 141.035713][ T6498] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 141.074719][ T6498] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 141.080915][ T6498] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 141.093184][ T6498] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 141.099277][ T6498] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 142.109923][ T5953] usb 3-1: USB disconnect, device number 6 [ 143.172586][ T6319] udevd[6319]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 143.940698][ T6547] netlink: 'syz.4.175': attribute type 1 has an invalid length. [ 143.984167][ T6547] netlink: 184 bytes leftover after parsing attributes in process `syz.4.175'. [ 144.014560][ T6547] netlink: 'syz.4.175': attribute type 1 has an invalid length. [ 145.071413][ T6557] loop6: detected capacity change from 0 to 63 [ 145.139423][ T6058] buffer_io_error: 23 callbacks suppressed [ 145.139442][ T6058] Buffer I/O error on dev loop6, logical block 0, async page read [ 145.188020][ T6058] Buffer I/O error on dev loop6, logical block 0, async page read [ 145.217403][ T6058] Buffer I/O error on dev loop6, logical block 0, async page read [ 145.258119][ T6058] Buffer I/O error on dev loop6, logical block 0, async page read [ 145.266689][ T6058] Buffer I/O error on dev loop6, logical block 0, async page read [ 145.297581][ T9] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 145.305917][ T6058] Buffer I/O error on dev loop6, logical block 0, async page read [ 145.368244][ T6058] Buffer I/O error on dev loop6, logical block 3, async page read [ 145.507597][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 145.520282][ T9] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 145.557576][ T9] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 145.582556][ T6569] syz.0.181 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 145.601670][ T9] usb 3-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 145.736806][ T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 145.746086][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.117844][ T5952] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 146.622722][ T5952] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 146.661303][ T5952] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7 [ 146.673363][ T9] usb 3-1: USB disconnect, device number 7 [ 146.722184][ T5952] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 146.760726][ T5952] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.797845][ T5952] usb 4-1: Product: syz [ 146.813943][ T5952] usb 4-1: Manufacturer: syz [ 146.833621][ T5952] usb 4-1: SerialNumber: syz [ 146.849197][ T5952] usb 4-1: config 0 descriptor?? [ 149.066231][ T5952] usb 4-1: USB disconnect, device number 2 [ 149.840547][ T6316] udevd[6316]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 149.899090][ T6635] netlink: 8 bytes leftover after parsing attributes in process `syz.4.198'. [ 257.487510][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 257.494578][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P6671/1:b..l [ 257.502825][ C0] rcu: (detected by 0, t=10502 jiffies, g=13473, q=340 ncpus=2) [ 257.510559][ C0] task:syz.4.207 state:R running task stack:26760 pid:6671 tgid:6661 ppid:5831 task_flags:0x400040 flags:0x00004004 [ 257.524662][ C0] Call Trace: [ 257.527961][ C0] [ 257.530901][ C0] __schedule+0x16a2/0x4cb0 [ 257.535453][ C0] ? preempt_schedule_irq+0xb5/0x150 [ 257.540761][ C0] ? __pfx___schedule+0x10/0x10 [ 257.545638][ C0] ? preempt_schedule_irq+0xaa/0x150 [ 257.550941][ C0] preempt_schedule_irq+0xb5/0x150 [ 257.556067][ C0] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 257.561817][ C0] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 257.567640][ C0] irqentry_exit+0x6f/0x90 [ 257.572075][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 257.578066][ C0] RIP: 0010:lock_release+0x25/0x3e0 [ 257.583276][ C0] Code: 90 90 90 90 90 f3 0f 1e fa 55 41 57 41 56 41 55 41 54 53 48 83 ec 30 49 89 f5 49 89 fe 65 48 8b 05 50 6e fb 10 48 89 44 24 28 <0f> 1f 44 00 00 65 8b 05 53 6e fb 10 83 f8 08 0f 83 9a 02 00 00 89 [ 257.602889][ C0] RSP: 0018:ffffc9000c06f410 EFLAGS: 00000282 [ 257.608965][ C0] RAX: fdaea370d23ac900 RBX: ffffffff90651d01 RCX: fdaea370d23ac900 [ 257.616941][ C0] RDX: ffffc9000c06f501 RSI: ffffffff81729af5 RDI: ffffffff8e13ed60 [ 257.624915][ C0] RBP: dffffc0000000000 R08: ffffc9000c06fee0 R09: 0000000000000000 [ 257.632892][ C0] R10: ffffc9000c06f598 R11: fffff5200180deb5 R12: ffffc9000c06fef0 [ 257.640872][ C0] R13: ffffffff81729af5 R14: ffffffff8e13ed60 R15: ffffffff81729af5 [ 257.648848][ C0] ? unwind_next_frame+0xa5/0x2390 [ 257.653976][ C0] ? unwind_next_frame+0xa5/0x2390 [ 257.659103][ C0] ? unwind_next_frame+0xa5/0x2390 [ 257.664237][ C0] ? deref_stack_reg+0x19f/0x230 [ 257.669192][ C0] ? unwind_next_frame+0xa5/0x2390 [ 257.674314][ C0] unwind_next_frame+0x19a9/0x2390 [ 257.679443][ C0] ? unwind_next_frame+0xa5/0x2390 [ 257.684570][ C0] ? __se_sys_io_uring_enter+0x2df/0x2b20 [ 257.690303][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 257.696463][ C0] arch_stack_walk+0x11c/0x150 [ 257.701250][ C0] ? do_syscall_64+0xfa/0x3b0 [ 257.705945][ C0] stack_trace_save+0x9c/0xe0 [ 257.710630][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 257.716020][ C0] kasan_save_track+0x3e/0x80 [ 257.720704][ C0] ? kasan_save_track+0x3e/0x80 [ 257.725558][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 257.730587][ C0] ? kmem_cache_alloc_bulk_noprof+0x4e0/0x790 [ 257.736664][ C0] ? __io_alloc_req_refill+0x9d/0x280 [ 257.742048][ C0] ? io_submit_sqes+0xc31/0x1c50 [ 257.746991][ C0] ? __se_sys_io_uring_enter+0x2df/0x2b20 [ 257.752775][ C0] __kasan_slab_alloc+0x6c/0x80 [ 257.757638][ C0] kmem_cache_alloc_bulk_noprof+0x4e0/0x790 [ 257.763548][ C0] ? kmem_cache_alloc_bulk_noprof+0xfa/0x790 [ 257.769547][ C0] __io_alloc_req_refill+0x9d/0x280 [ 257.774760][ C0] ? __pfx___io_alloc_req_refill+0x10/0x10 [ 257.780585][ C0] ? __sanitizer_cov_trace_pc+0x46/0x70 [ 257.786153][ C0] io_submit_sqes+0xc31/0x1c50 [ 257.790959][ C0] __se_sys_io_uring_enter+0x2df/0x2b20 [ 257.796523][ C0] ? __pfx_futex_wait+0x10/0x10 [ 257.801393][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 257.807298][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 257.813643][ C0] ? __pfx___se_sys_io_uring_enter+0x10/0x10 [ 257.819628][ C0] ? do_futex+0x333/0x420 [ 257.823967][ C0] ? __pfx_do_futex+0x10/0x10 [ 257.828655][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 257.833865][ C0] ? do_timer_settime+0x48d/0x4b0 [ 257.838905][ C0] ? __se_sys_futex+0x36f/0x400 [ 257.843763][ C0] ? __pfx___x64_sys_timer_settime+0x10/0x10 [ 257.849758][ C0] ? rcu_is_watching+0x15/0xb0 [ 257.854541][ C0] ? __x64_sys_io_uring_enter+0x21/0xf0 [ 257.860097][ C0] do_syscall_64+0xfa/0x3b0 [ 257.864621][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 257.869832][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.875903][ C0] ? clear_bhb_loop+0x60/0xb0 [ 257.880590][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.886486][ C0] RIP: 0033:0x7f3b7158e929 [ 257.890917][ C0] RSP: 002b:00007f3b7239d038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 257.899337][ C0] RAX: ffffffffffffffda RBX: 00007f3b717b6160 RCX: 00007f3b7158e929 [ 257.907314][ C0] RDX: 000000000000e475 RSI: 00000000000075fa RDI: 0000000000000005 [ 257.915299][ C0] RBP: 00007f3b71610b39 R08: 0000000000000000 R09: 0000000000000000 [ 257.923282][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 257.931255][ C0] R13: 0000000000000000 R14: 00007f3b717b6160 R15: 00007ffefd0da228 [ 257.939247][ C0] [ 257.942270][ C0] rcu: rcu_preempt kthread timer wakeup didn't happen for 10501 jiffies! g13473 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 [ 257.954594][ C0] rcu: Possible timer handling issue on cpu=1 timer-softirq=10116 [ 257.962486][ C0] rcu: rcu_preempt kthread starved for 10502 jiffies! g13473 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1 [ 257.973946][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 257.983925][ C0] rcu: RCU grace-period kthread stack dump: [ 257.989812][ C0] task:rcu_preempt state:I stack:27128 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 258.001755][ C0] Call Trace: [ 258.005038][ C0] [ 258.007980][ C0] __schedule+0x16a2/0x4cb0 [ 258.012517][ C0] ? schedule+0x165/0x360 [ 258.016865][ C0] ? __pfx___schedule+0x10/0x10 [ 258.021743][ C0] ? schedule+0x91/0x360 [ 258.025999][ C0] schedule+0x165/0x360 [ 258.030177][ C0] schedule_timeout+0x12b/0x270 [ 258.035056][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 258.040462][ C0] ? __pfx_process_timeout+0x10/0x10 [ 258.045784][ C0] ? prepare_to_swait_event+0x341/0x380 [ 258.051345][ C0] rcu_gp_fqs_loop+0x301/0x1540 [ 258.056230][ C0] ? __pfx_rcu_gp_init+0x10/0x10 [ 258.061181][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 258.066399][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 258.071700][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 258.076953][ C0] rcu_gp_kthread+0x99/0x390 [ 258.081560][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 258.086771][ C0] ? __kthread_parkme+0x7b/0x200 [ 258.091726][ C0] ? __kthread_parkme+0x1a1/0x200 [ 258.096772][ C0] kthread+0x70e/0x8a0 [ 258.100856][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 258.106089][ C0] ? __pfx_kthread+0x10/0x10 [ 258.110687][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 258.115898][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 258.121126][ C0] ? __pfx_kthread+0x10/0x10 [ 258.125726][ C0] ret_from_fork+0x3fc/0x770 [ 258.130331][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 258.135470][ C0] ? __switch_to_asm+0x39/0x70 [ 258.140331][ C0] ? __switch_to_asm+0x33/0x70 [ 258.145103][ C0] ? __pfx_kthread+0x10/0x10 [ 258.149703][ C0] ret_from_fork_asm+0x1a/0x30 [ 258.154489][ C0] [ 258.157520][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 258.163873][ C0] Sending NMI from CPU 0 to CPUs 1: [ 258.169116][ C1] NMI backtrace for cpu 1 [ 258.169146][ C1] CPU: 1 UID: 0 PID: 6678 Comm: syz.0.212 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) [ 258.169166][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 258.169177][ C1] RIP: 0010:advance_sched+0x3c3/0xc90 [ 258.169203][ C1] Code: 00 00 00 48 89 1c 24 31 db 4c 8b 6c 24 18 4d 85 ff 0f 85 90 fe ff ff e8 bb 74 41 f8 e9 28 08 00 00 e8 b1 74 41 f8 4c 8b 3c 24 <4c> 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 [ 258.169216][ C1] RSP: 0018:ffffc90000a08c70 EFLAGS: 00000006 [ 258.169231][ C1] RAX: ffffffff897ee68f RBX: 0000000000000000 RCX: ffff888026af5a00 [ 258.169242][ C1] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 18521e1630878407 [ 258.169253][ C1] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000004 [ 258.169263][ C1] R10: dffffc0000000000 R11: fffff5200014117c R12: ffff888057636d10 [ 258.169275][ C1] R13: ffff88807bae0000 R14: 18521e1630878407 R15: ffff888057636c00 [ 258.169287][ C1] FS: 00007f71abfab6c0(0000) GS:ffff888125d85000(0000) knlGS:0000000000000000 [ 258.169301][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 258.169312][ C1] CR2: 000000110c34416c CR3: 00000000784b2000 CR4: 00000000003526f0 [ 258.169326][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 258.169335][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 258.169345][ C1] Call Trace: [ 258.169353][ C1] [ 258.169370][ C1] ? __pfx_advance_sched+0x10/0x10 [ 258.169405][ C1] __hrtimer_run_queues+0x529/0xc60 [ 258.169464][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 258.169495][ C1] ? read_tsc+0x9/0x20 [ 258.169518][ C1] hrtimer_interrupt+0x45b/0xaa0 [ 258.169558][ C1] __sysvec_apic_timer_interrupt+0x10b/0x410 [ 258.169584][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 258.169676][ C1] [ 258.169682][ C1] [ 258.169689][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 258.169707][ C1] RIP: 0010:filemap_map_pages+0x1010/0x1740 [ 258.169727][ C1] Code: 84 db 74 0f e8 e1 f5 c7 ff 4c 89 e7 e8 09 cb 02 00 eb 05 e8 d2 f5 c7 ff 48 8b 74 24 30 44 8b 74 24 5c 8b 44 24 20 09 44 24 04 <48> 8d bc 24 20 01 00 00 48 8b 94 24 98 00 00 00 e8 2b 07 00 00 48 [ 258.169740][ C1] RSP: 0018:ffffc9000f3275e0 EFLAGS: 00000246 [ 258.169754][ C1] RAX: 0000000000000000 RBX: ffffea0001c08d00 RCX: 0000000000080000 [ 258.169765][ C1] RDX: ffffc90004832000 RSI: ffff8880315af930 RDI: 0000000000005d88 [ 258.169776][ C1] RBP: ffffc9000f3277b0 R08: ffffea0001c08d77 R09: 1ffffd40003811ae [ 258.169788][ C1] R10: dffffc0000000000 R11: fffff940003811af R12: ffffea0001c08d40 [ 258.169800][ C1] R13: dffffc0000000000 R14: 0000000000000003 R15: 0000000000001001 [ 258.169826][ C1] ? filemap_map_pages+0x14b/0x1740 [ 258.169847][ C1] ? __pfx_filemap_map_pages+0x10/0x10 [ 258.169870][ C1] ? __handle_mm_fault+0x296f/0x5620 [ 258.169887][ C1] ? __handle_mm_fault+0x296f/0x5620 [ 258.169905][ C1] __handle_mm_fault+0x368a/0x5620 [ 258.169931][ C1] ? __pfx___handle_mm_fault+0x10/0x10 [ 258.169954][ C1] ? follow_page_pte+0x8d6/0x14b0 [ 258.169976][ C1] handle_mm_fault+0x2d5/0x7f0 [ 258.169993][ C1] ? vma_is_secretmem+0xd/0x50 [ 258.170016][ C1] __get_user_pages+0x1af4/0x30b0 [ 258.170037][ C1] ? mt_find+0x15c/0x5f0 [ 258.170069][ C1] ? __pfx___get_user_pages+0x10/0x10 [ 258.170095][ C1] populate_vma_page_range+0x26b/0x340 [ 258.170112][ C1] ? __pfx_populate_vma_page_range+0x10/0x10 [ 258.170127][ C1] ? userfaultfd_unmap_complete+0x278/0x2d0 [ 258.170147][ C1] ? down_read+0x1ad/0x2e0 [ 258.170163][ C1] __mm_populate+0x24c/0x380 [ 258.170179][ C1] ? __pfx___mm_populate+0x10/0x10 [ 258.170196][ C1] ? up_write+0x1c4/0x420 [ 258.170212][ C1] vm_mmap_pgoff+0x3f0/0x4c0 [ 258.170230][ C1] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 258.170247][ C1] ? __secure_computing+0xe2/0x2a0 [ 258.170269][ C1] ? ksys_mmap_pgoff+0xf4/0x760 [ 258.170287][ C1] ? __x64_sys_mmap+0x7f/0x140 [ 258.170309][ C1] do_syscall_64+0xfa/0x3b0 [ 258.170331][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 258.170353][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.170368][ C1] ? clear_bhb_loop+0x60/0xb0 [ 258.170386][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.170401][ C1] RIP: 0033:0x7f71ab18e929 [ 258.170416][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 258.170429][ C1] RSP: 002b:00007f71abfab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 258.170444][ C1] RAX: ffffffffffffffda RBX: 00007f71ab3b5fa0 RCX: 00007f71ab18e929 [ 258.170456][ C1] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000200000000000 [ 258.170467][ C1] RBP: 00007f71ab210b39 R08: ffffffffffffffff R09: 0000000000000000 [ 258.170478][ C1] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000 [ 258.170487][ C1] R13: 0000000000000000 R14: 00007f71ab3b5fa0 R15: 00007ffe403a0868 [ 258.170505][ C1]