last executing test programs: 30.090619116s ago: executing program 1 (id=7): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-generic\x00'}, 0x58) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) accept4(r0, 0x0, 0x0, 0x80800) r4 = syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2) writev(r4, &(0x7f00000002c0)=[{&(0x7f0000000080)="02", 0x1}], 0x20) ioctl$vim2m_VIDIOC_QBUF(0xffffffffffffffff, 0xc058565d, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x8, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "244cb303"}, 0x0, 0x1, {0x0}}) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) r5 = add_key$user(&(0x7f0000000200), &(0x7f0000000440), &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000080)={0x0, r5}, 0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={'blake2b-384-generic\x00'}}) 28.707514531s ago: executing program 1 (id=8): keyctl$set_reqkey_keyring(0xe, 0x4) syz_usb_connect(0x0, 0x24, &(0x7f0000004200)=ANY=[@ANYBLOB="12010000e2793b10d10501200008000000010902120001000000000904"], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) io_setup(0x30, 0x0) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"}) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000480)={'wlan0\x00'}) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) r3 = dup2(r0, r0) epoll_pwait(r3, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}, {}], 0x7, 0x5, &(0x7f0000000300)={[0x8001]}, 0x8) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, 0x0, 0x4040) syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000751c0110e60f00979ad1010203010902240001000000000904290202b48cbb0009050402"], 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000240)={0x3, 0x7}, 0x4) ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x4, r4}) ioctl$KVM_CAP_HYPERV_VP_INDEX(r6, 0x4068aea3, &(0x7f0000000040)) syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2) ioctl$DMA_BUF_IOCTL_SYNC(r6, 0xc0086202, 0x0) 26.159742136s ago: executing program 1 (id=13): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$media(0x0, 0x80000000, 0x40) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000980)=@mangle={'mangle\x00', 0x1f, 0x6, 0x530, 0x108, 0x320, 0x0, 0x108, 0x320, 0x530, 0x530, 0x530, 0x530, 0x530, 0x6, 0x0, {[{{@ipv6={@empty, @rand_addr=' \x01\x00', [0xffffff00, 0xffffff00, 0x0, 0xff000000], [0xffffff00, 0xffffff00, 0xff000000, 0xffffffff], 'veth0\x00', 'bond0\x00', {0xff}, {0xff}, 0x33, 0x40, 0x1, 0x9}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x4, 0x3, 0x1}, {0x1, 0x3}, {0xffffffffffffffff, 0x5, 0x5}, 0xd, 0x5}}}, {{@ipv6={@mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0xff, 0xff], [0xffffffff, 0xffffff00, 0x0, 0xff000000], 'veth1\x00', 'vlan1\x00', {0xff}, {0xff}, 0x8, 0xff, 0x4, 0x2c}, 0x0, 0xa8, 0xd0}, @HL={0x28, 'HL\x00', 0x0, {0x1, 0xd3}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @loopback}, @mcast1, [0xffffffff, 0xffffffff], [0xff, 0xffffffff, 0xffffffff, 0xff000000], 'syz_tun\x00', 'vcan0\x00', {}, {0xff}, 0x3b, 0xd8, 0x0, 0x1}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@mcast1, @ipv6=@remote, 0x38, 0x5, 0x6}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@mcast2, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x31, 0x13, 0x2}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @remote}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [0x0, 0xffffff00, 0xffffff00, 0xffffff00], [0x0, 0x0, 0xffffffff, 0xbf1e0847f47744e7], 'veth1_to_hsr\x00', 'veth1_to_bridge\x00', {0xff}, {}, 0x2b, 0xc, 0x7, 0x2d}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590) syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301) socketpair(0x23, 0x2, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000003c0)={@ifindex, r2, 0x32, 0x10}, 0x20) 23.945616285s ago: executing program 1 (id=16): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-generic\x00'}, 0x58) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) accept4(r0, 0x0, 0x0, 0x80800) r4 = syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2) writev(r4, &(0x7f00000002c0)=[{&(0x7f0000000080)="02", 0x1}], 0x20) ioctl$vim2m_VIDIOC_QBUF(0xffffffffffffffff, 0xc058565d, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x8, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "244cb303"}, 0x0, 0x1, {0x0}}) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) r5 = add_key$user(&(0x7f0000000200), &(0x7f0000000440), &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000080)={0x0, r5}, 0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={'blake2b-384-generic\x00'}}) 22.175534297s ago: executing program 1 (id=20): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in={{0x2, 0x4e24, @remote}}}, &(0x7f0000000040)=0x84) sendmmsg$inet_sctp(r0, &(0x7f00000032c0), 0x0, 0x0) pselect6(0x40, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x7}, &(0x7f00000000c0)={0x1f, 0x0, 0x8, 0x5, 0xfffffffffffffff8, 0x0, 0x4000000000}, 0x0, 0x0, 0x0) 21.168357445s ago: executing program 1 (id=22): openat(0xffffffffffffff9c, 0x0, 0x441, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x3) add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000000080)={0x0, "bc4c4244873398a4dbaf40fcee141d15bb69638f747e05bea3129ab81b02447352b404f793053d889e68b293719907746b342a8c2048fa4cda276a840c397fcd"}, 0x48, 0xfffffffffffffffe) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x6}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x3e, 0x2f0, &(0x7f0000000280)="$eJzs3E1rE1sYwPEnaZKm6W2SxeVe7gXpQTe6Gdq4F4O0IAYstRFfQJy2Ew0Zk5IZKhGxunIrfggXpcvuCtov0I07V27cdSO4sAtxJPOSpGlq35LGtv8flHPSc57knDlteM7AnM07b56UCpZW0G0Jx5WERES2RNISlkDIL8NuPSatXsql4W+fzt26e+9GNpebmFZqMjtzOaOUSo6+f/p8yO+2Nigb6QebXzNfNv7Z+G/z58zjoqWKlipXbKWr2cpnW581DTVftEqaUlOmoVuGKpYto+q1V7z2gllZWKgpvTw/klioGpal9HJNlYyasivKrtaU/kgvlpWmaWokIdhLfnl6Ws8eMniuy4NBj1SrWX1ARIZ2tOSX+zIgAADQV37+38j2w/WU/jD5f6Rj/r9yft0evr2a9PP/tVg9/xdpyf8fNt9rW/4fF5Ge5/87M6KTbbDtteP8vv+R8n+cEPX8P+H//7pe3V8Zcyvk/wAAAAAAAAAAAAAAAAAAAAAAnARbjpNyHCcVlMHPoIjE3SdIvNf9Hid6g/U/25oHd0SSIubrxfxi3iv9DusiYoohY5KSH+7fg69ej4lyO6m6tHwwl/z4pcX8gNuSLUjRjR+XlKTb4x1n8npuYlx5tsdHJdEan5GU/N05PtMeH62XMbl4oSVek5R8nJOKmDLvPxkXxL8YV+razVzb5w+5/QAAAAAAOA001dDYv7eeIqNpO9u9/bHX3thfd7w/4O2vxzru7yPyf6RfswYAAAAA4Gyxas9Kumka1VNXCWa436jgXONd+oQktFtTFyrBhx8gKtmjFYzu64qFDzLURmU0dsBF6VgJbhsZVcv+q0MfmTrMOzspkaNew3/fvvvevbW4shpvzrSrqxzba6bR4/n2AQAAAHCcmkl/8Jur/R0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABn0HEcxdfvOQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/il8BAAD//6b8BMI=") r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x91) pwrite64(r3, &(0x7f0000000140)='2', 0xfdef, 0xe7c) 12.239786703s ago: executing program 3 (id=38): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) creat(0x0, 0xc) 11.180268362s ago: executing program 3 (id=40): r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x20002) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) open(&(0x7f0000000040)='./file0\x00', 0x551083, 0x28) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) 9.244042796s ago: executing program 2 (id=45): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mount$cgroup(0x0, &(0x7f0000000600)='.\x00', &(0x7f0000000640), 0x2208010, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) lseek(0xffffffffffffffff, 0x10000000005, 0x0) 8.108384676s ago: executing program 2 (id=47): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000003c0)=ANY=[@ANYRES8=0x0, @ANYRESDEC], &(0x7f0000000380)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26}) read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020, 0x0, 0x0, 0x0}, 0x2020) r4 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) setsockopt$SO_BINDTODEVICE_wg(r4, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4) sendto$inet(r4, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) connect$pptp(0xffffffffffffffff, &(0x7f00000005c0)={0x18, 0x2, {0x1, @private=0xa010101}}, 0x1e) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = syz_io_uring_setup(0xd1, 0x0, &(0x7f0000000300)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000000)=0x103, 0x0, 0x4) syz_io_uring_submit(r6, r7, 0x0) io_uring_enter(r5, 0x163f, 0x9b86, 0x24, &(0x7f0000000440)={[0x1]}, 0x8) mount$overlay(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000340), 0x2001000, &(0x7f0000000600)={[{@verity_require}, {@xino_on}, {@uuid_auto}, {@verity_off}], [{@smackfsfloor={'smackfsfloor', 0x3d, '\x92\xf7P,\xdasO\xcc\xfewg7\xa6\x91\x10\x15\t\xe0\xacD(\x1c\x9a1\x04\x00\x00\x00F\xcd\x85&\x90\xf2\xf7c\xdb3v \xf8\xc5(\xbb\xad\xa9(~ypP\xc5yb\x13\xd6d\xc3\am\x0f\x17\x1f\xa3_\xb9\x93c\xf1\xdbeWy\x02q\x12\x7f\x18}\x90\xa6\x1a\xb8/3\\\x8e\x14V\xca\xb4\xbf\xd0[\x9f\xd6\x90\x9e6\x8a\x15\xeb\xc1\x12\x0f\xf1Rbl\x04\x11p\xa5\xf4\x8e\x90\t`\xcb\xca\x94\x15\xfc\x9d\x9e\x1b\xb4u\x9d*\xbd\x8d\xb1\xf6M\xc0}DN\xben\x04\xeb\xf1\x10A\x89Ki\xec\x91\xc9\xe8u\xb1\xc1\xd7\x1d\xe1\x7f\x02\xcc7\xba7\xe1\x06\xe2\xd2\x94\xe2#_\x8a\xefK{\xd0#\x16{o\xfd\xc9\xe7\xfb\xdd\xb6\xfa\xb1*\xec\xf3\x80e\xb0\x05\x00\x00\x003z\x05h\xbb0\xde\xd6\xa41o\x12\xdb\xff\x14\xef\xd5\xbb.\xcd\xb0U\x7f\xf7+/\x81@\xb6\xcc\x90b\x16n\xa8%\xcb]\xdc9\xa12A\xa5s0\xd6\x8e!\x17j\xa0\xf6\xa9\xa3\xc5\x03\\\xf5\x89\xd5\xfc|6q[\v\xed\xb9G\xbay\xc5\xd9sV]\x8b\xc9\x84\x93\x16\xf8\xd9\xed\xd1\xe3'}}, {@audit}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@subj_role={'subj_role', 0x3d, 'erspan0\x00'}}, {@uid_lt={'uid<', r3}}]}) 7.693646234s ago: executing program 0 (id=49): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000080000000000000004850000006d00"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x18) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port1\x00', 0x72, 0x11cfa, 0x0, 0x8000007, 0x3, 0x4, 0x1, 0x0, 0x6}) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x40505330, &(0x7f0000000140)={0x800100, 0xffffffff, 0x2, 0xe1db, 0x1101, 0xff}) close(r1) 7.439830538s ago: executing program 0 (id=50): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000540)=ANY=[@ANYRESHEX, @ANYRESHEX, @ANYRES32, @ANYRESHEX], 0x0, 0x8, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20000}, 0x94) syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000100)='./file0\x00', 0xa00000, &(0x7f0000000000)=ANY=[@ANYBLOB="00a717cf64394a00dc299b573660f498c4d99aac48af10923f703f53e58070c2bf4575228d0e471df7101ac03b8d48a1b0fc276e395f25b63e9a27cd2ab98888989eec154d97b4dbcf"], 0x1, 0xa16, &(0x7f0000000a80)="$eJzs3U2MW0cdAPCxd71JmpQ4JaFLGtqEQikf3W02S/iIoKmaC1FTcatUcYnStESkAZFK0KqHJCdutKrClQ9x6qUChEQvKOqJSyUaiUtPhQMHoiBV4lAKyVbrnfF6/7H17E12vV7/ftLseN6MPfO8z8/P772ZScDYqrf+zs9P11K6/Nbrx/710D+3LS55rF2i2fo72ZFqpJRqOT0ZXu/9iaX4xgevnOoW19Jc629Jp6eut5+7PaV0Ie1PV1Iz7b189bV35p48cfH4pQPvvnHk2tqsPQAAjJfvXjkyv+fvf71v10dv3n80bWkvL8fnzZzekY/7j+YD/3L8X08r07WO0GkqlJvMoR7KTXQp11lPI5Sb7FH/VHjdRo9yWyrqn+hY1m29YZSV7biZavWZFel6fWZm6Td5av2un6rNnDtz9rnzQ2oocMf954GU0n5BEMYxLOwc9h4IYEm8XniLC/HMwu1pv9pkf/Vff7ze/flwB6z39q/+0ar/txftcbhzNuvWVNarfI525HS8jhDvXxr0819eL16PaPTZzl7XEUbl+kKvdk6scztWq1f743axWX0rx+V9+HbI7/z8xP/pqPyPge4+dP5fEMY2LAx7BwRsWPG+uYWs5Mf7+mL+lor8rRX52yry76rI316RD+PsDy/+PL1aW/6dH3/TD3o+rJxnuzvHnxiwPfF85KD1x/t+B3W79cf7iWEj+9PJp09//dlnri7d/19rb/838/a+P6eb+bN1JRco5wvjefX2vf/NlfXUe5S7J7Tn7i7lW493ryxX2738OqljP3NLO6ZXPm9nr3L7VpZrhnLbctga2huPT+4KzyvHH2W/Wt6vybC+jbAeU6EdZb+yK8exHbAaZXvsdf9/2T6nU6P23Jmzpx/N6bKd/mWisWVx+cF1bjdw+/rt/zOdVvb/2dFe3qh37hd2Li+vde4XmmH5XI/lh3K6fM99f2Jba/nMqR+effZOrzyMufMvvfyDk2fPnv6xBx6M6YMPFzZEMzbYg2HvmYC1NvviCz+aPf/Sy4+ceeHk86efP33u0OHDh+bmDn/j0Pxs67h+tvPoHthMlr/0h90SAAAAAAAAAAAAoF8/OX7s6t/e/tp7S/3/l/v/lf7/5c7f0v//Z6H/f+wnX/rBl36Au7rkt8qEAVanQrlGDp8M7d0d6tkTnvepHLfn8cv9/0t1cVzX0p57w/I4fm8pF4YTuGW8lKkwBkmcL/CzOb6U498kGKLatu6Lc1w1vnXZ1sv4FMalGE3l/1a2hjKOSen/3Wtcp7L/37UObeTOW4/uhMNeR6C7fxv/WxDGNiwsmMUD2BiGPf9nOe9Z4nN//s7WxVCKXX985f4yjl8Kt2Ojzz+p/s01/2d7/ru+939hxrzm6ur97y+vvddRbdrbb/1x/cs40LsHq/+jXH9Zmy+k/upf+HWoP14Q6tP/Qv3lfGtj0PXft7r6/5/rL2/bww8uxdXv/1KLa/WV7Yjnjcv1v3jeuLgR1r+M7Tnw/3+VEzXezPXDOBuVeWYHNSrz//YS78P4ak6XHWG5zyHOdzJo+8v9FeV7YE94/VrF95v5f0fbN3Nc9Xko8/+W7bHZJV3vSDe6vLebdV8Do+p91/8EYWzDwsLC2p7QqjDUyhn6+z/s3wnDrn/Y73+VOP9vPIaP8//G/Dj/b8yP8//G/Di/XsyP8//G9zPO/xvz7w2vG+cHnq7I/3RF/t6K/Psq8vdV5H+mIv9ARf79FfkPVOTfU5H/YEX+5yryP1+R/1BF/sMV+V+syN/sSn+UcV1/GGexf57PP4yPcv2n1+d/d0U+MLp+8ebBJ575/feaS/3/p9rnQ8p1vKM53ci/nX+a0/G6d+pIL+a9ndP/CPkb/XwHjJM4fkb8fs/3RS7f/+j7HzaNcp+X43sYQ7XuI/b0O25Vr+N8RsuXcvzlHH8lx4/keCbHszk+mOO5dWofa+OJ3/3xyKu15d/7O0N+v/eTx/5AcZyoQ322J54fGPR+9jiO36But/5VdgcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYmnrr7/z8dC2ly2+9fuzpE2dmF5c81i7RbP2d7Eg12s9L6dEcT+T4V/nBjQ9eOdUZ31yMp1KqpblUS7X28vTU9XZN21NKF9L+dCU1097LV197Z+7JExePXzrw7htHrq3hWwAAAACb3scBAAD//9gsDdA=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00') preadv(r3, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0) 5.765756138s ago: executing program 0 (id=51): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r2 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x10, 0x2000000, 0x3a3}, &(0x7f00000001c0)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r1, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000010000"], 0x18}, 0x0, 0x24048011}) io_uring_enter(r2, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0) 5.572017792s ago: executing program 32 (id=22): openat(0xffffffffffffff9c, 0x0, 0x441, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x3) add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000000080)={0x0, "bc4c4244873398a4dbaf40fcee141d15bb69638f747e05bea3129ab81b02447352b404f793053d889e68b293719907746b342a8c2048fa4cda276a840c397fcd"}, 0x48, 0xfffffffffffffffe) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x6}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x3e, 0x2f0, &(0x7f0000000280)="$eJzs3E1rE1sYwPEnaZKm6W2SxeVe7gXpQTe6Gdq4F4O0IAYstRFfQJy2Ew0Zk5IZKhGxunIrfggXpcvuCtov0I07V27cdSO4sAtxJPOSpGlq35LGtv8flHPSc57knDlteM7AnM07b56UCpZW0G0Jx5WERES2RNISlkDIL8NuPSatXsql4W+fzt26e+9GNpebmFZqMjtzOaOUSo6+f/p8yO+2Nigb6QebXzNfNv7Z+G/z58zjoqWKlipXbKWr2cpnW581DTVftEqaUlOmoVuGKpYto+q1V7z2gllZWKgpvTw/klioGpal9HJNlYyasivKrtaU/kgvlpWmaWokIdhLfnl6Ws8eMniuy4NBj1SrWX1ARIZ2tOSX+zIgAADQV37+38j2w/WU/jD5f6Rj/r9yft0evr2a9PP/tVg9/xdpyf8fNt9rW/4fF5Ge5/87M6KTbbDtteP8vv+R8n+cEPX8P+H//7pe3V8Zcyvk/wAAAAAAAAAAAAAAAAAAAAAAnARbjpNyHCcVlMHPoIjE3SdIvNf9Hid6g/U/25oHd0SSIubrxfxi3iv9DusiYoohY5KSH+7fg69ej4lyO6m6tHwwl/z4pcX8gNuSLUjRjR+XlKTb4x1n8npuYlx5tsdHJdEan5GU/N05PtMeH62XMbl4oSVek5R8nJOKmDLvPxkXxL8YV+razVzb5w+5/QAAAAAAOA001dDYv7eeIqNpO9u9/bHX3thfd7w/4O2vxzru7yPyf6RfswYAAAAA4Gyxas9Kumka1VNXCWa436jgXONd+oQktFtTFyrBhx8gKtmjFYzu64qFDzLURmU0dsBF6VgJbhsZVcv+q0MfmTrMOzspkaNew3/fvvvevbW4shpvzrSrqxzba6bR4/n2AQAAAHCcmkl/8Jur/R0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABn0HEcxdfvOQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/il8BAAD//6b8BMI=") r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x91) pwrite64(r3, &(0x7f0000000140)='2', 0xfdef, 0xe7c) 5.549659322s ago: executing program 2 (id=53): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-generic\x00'}, 0x58) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) accept4(r0, 0x0, 0x0, 0x80800) r4 = syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2) writev(r4, &(0x7f00000002c0)=[{&(0x7f0000000080)="02", 0x1}], 0x20) ioctl$vim2m_VIDIOC_QBUF(0xffffffffffffffff, 0xc058565d, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x8, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "244cb303"}, 0x0, 0x1, {0x0}}) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) r5 = add_key(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f00000002c0)='4', 0xba, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000080)={r5, 0x0, r5}, 0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={'blake2b-384-generic\x00'}}) 4.710490367s ago: executing program 3 (id=54): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, 0x0, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) socket$kcm(0x10, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), r1) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r3, @ANYBLOB="01002abd7000fcdbdf250100000008000100", @ANYRES32=r4, @ANYBLOB="b400028038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000101000078000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000500030003000000080004"], 0xd0}, 0x1, 0x0, 0x0, 0x24004000}, 0x24044880) 3.728352994s ago: executing program 2 (id=55): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000340)={'syz_tun\x00', 0x101}) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b00000000010000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0) close(r2) lsetxattr$system_posix_acl(0x0, 0x0, &(0x7f0000000540)=ANY=[], 0x2c, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019640)=""/102392, 0x18ff8) socket(0x10, 0x3, 0x0) ioctl$SIOCAX25ADDUID(0xffffffffffffffff, 0x89e1, 0x0) request_key(&(0x7f0000000340)='asymmetric\x00', &(0x7f00000003c0)={'syz', 0x2}, &(0x7f0000000440)='/dev/cpu/#/msr\x00', 0x0) ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, 0xfffffffffffffffc) 3.42211641s ago: executing program 0 (id=56): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r1, 0x400448e2, 0x0) 3.300388812s ago: executing program 3 (id=57): getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x2000044, &(0x7f0000000380)={[{@max_batch_time={'max_batch_time', 0x3d, 0x8}}, {@jqfmt_vfsold}, {@nojournal_checksum}]}, 0x2, 0x503, &(0x7f0000000500)="$eJzs3U1sI1cdAPD/TD7spmmTQg+AKrqUwoJWayfeNqp6oZwqhCoheuSwDYkTRbHjKHZKE/aQPXJHohInOHHmwLkn7kgc4MalHJD4WIE2SByMPLY3zoc31m5s78a/nzSa92HP/70dzXvRs3ZeABPrRkQcRcRsRHwUEQud8qRzxHvto/W5hw/urR0/uLeWRLP54T+TrL5VFj3faXmxc818RPzw/YgfJ2eC/jGifnC4vVqplPc6RcVGdbdYPzi8vVVd3SxvlndKpZXllaV37rxdurK+vl79bbcln//h6Ns/bWXmOwW9/bhK7YAzj+K0TEfE94cRbAymOv2ZfZIvP9GXuEppRHwhIt7Inv+FmMru5mmnb9N3Rtg6AGAYms2FaC705gGA6y7N1sCStNBZC5iPNC0U2mt4r8ZcWqnVG7c2avs76+21ssWYSTe2KuWlzlrhYswkG1vT5eUs3c1XyqUz+TsR8UpE/Dz3QpYvrNUq6+P8wwcAJtiLZ+b//+Ta8z8AcM3lT5K5cbYDABid/LgbAACMnPkfACaP+R8AJo/5HwAmj/kfACaP+R8AJsoPPvigdTSPO++/Xv/4YH+79vHt9XJ9u1DdXyus1fZ2C5u12mb2zp7qZder1Gq7y2/F/ifFRrneKNYPDu9Wa/s7jbvZe73vlmdG0isA4HFeef2zPycRcfTuC9kRPe/7v3Sufm3YrQOGKR13A4CxmRp3A4CxOb/bFzAprMcDPVv03u8pzp9LnPXpQJdP7RsKz56bX36K9X/guWb9HybXk63/+1sergPr/zC5ms3Env8AMGGs8QPJJfW9v/8vNXsyg/3+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANfSfHYkaaGzF/h8pGmhEPFSRCzGTLKxVSkvRcTLEfGn3EyulV+OCPsGAcDzLP1b0tn/6+bCm/Nna2dz/81l54j4yS8//MUnq43G3nLEbPKvR+WNTzvlpXG0HwC4THee7s7jXQ8f3FvrHr2fv2xf0Kf19++2NxdtxT3uHO2a6ZjOzvlsrWHu30knf9KuqSuIf3Q/Ir50Uf+TbG1ksbPz6dn4rdgvjTR+eip+mtW1z61/iy9eQVtg0nzWGn/eu+j5S+NGdr74+c9nI9TT645/x+fGv/TR+DfVZ/y7MWiMt37/vXOFzYV23f2Ir0xHHHcv3jP+dOMnfeK/OWD8v7z21Tf61TV/FXEzLup/cipWsVHdLdYPDm9vVVc3y5vlnVJpZXll6Z07b5eK2Rp1sbtSfd4/3r31cr/4rf7P9Ymfv6T/3xiw/7/+30c/+tpj4n/r6xff/1cfE781J35zwPirc7/L96trxV/v0//L7v+tAeN//tfD9QE/CgCMQP3gcHu1UinvDTuRDj9ElkgijkbQnXYi95ufvT+qWENMxBVcJz/2Xpx0J56JZjzniXGPTMCwnTz0424JAAAAAAAAAAAAAADQzyj+O9G4+wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD19f8AAAD//3uF0Lw=") mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="02000000010000000000f400040000000000000020"], 0x1c, 0x0) mkdir(&(0x7f0000000240)='./file1/file1\x00', 0x0) 3.173845694s ago: executing program 0 (id=58): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000540), 0x400, 0x0) sendfile(r0, r1, 0x0, 0xfffe82) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$vim2m(0x0, 0x80, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() write$FUSE_INTERRUPT(0xffffffffffffffff, &(0x7f0000002140)={0x10, 0xffffffffffffffda}, 0x10) write$P9_RSTATu(r0, &(0x7f0000000340)={0x5e, 0x7d, 0x2, {{0x0, 0x43, 0xe14, 0x7, {0x20, 0x4, 0x2}, 0x40000, 0x0, 0x6, 0x1, 0x0, '', 0x2, '\xff\xff', 0x6, 'exfat\x00', 0x8, 'ip6tnl0\x00'}, 0x6, 'exfat\x00'}}, 0x5e) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = syz_init_net_socket$ax25(0x3, 0x3, 0xf0) setresuid(0x0, 0x0, 0x0) ioctl$SIOCAX25ADDUID(r5, 0x89e1, &(0x7f0000000140)={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}}) r6 = socket(0x840000000002, 0x3, 0xff) sendmmsg$inet(r6, &(0x7f0000000280)=[{{&(0x7f00000001c0)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000240)="00000000e5c06417e58f2aaa43f325e4ae709296", 0x14}], 0x1}}, {{&(0x7f0000000040)={0x2, 0x4e21, @remote}, 0x10, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000ffff930e9b8ccf9fd53f008606000000030000"], 0x18}}], 0x2, 0x20004086) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000480)={0x0, @in6={{0xa, 0x4e21, 0x4, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2}}, 0x7fffffff, 0x5000, 0x0, 0x0, 0x82, 0x10000, 0xc}, &(0x7f0000000100)=0x9c) 2.141536172s ago: executing program 3 (id=59): socket$tipc(0x1e, 0x5, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x0, 0x2, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x9}, 0x33) bpf$MAP_LOOKUP_ELEM(0x2, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x3, 0x1000002, 0x0, 0xff, "d4e9002b2c000000ff00"}) r1 = syz_open_pts(r0, 0x0) r2 = dup(r1) ioctl$TIOCSETD(r2, 0x5423, 0x0) dup3(r0, r2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) pipe(&(0x7f0000000440)) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r3 = open(&(0x7f0000000000)='.\x00', 0x800000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYRES32=r3], 0x0, 0x8, 0x28, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x94) ioctl$AUTOFS_IOC_PROTOSUBVER(r3, 0x40049366, &(0x7f0000000180)) 1.604165332s ago: executing program 0 (id=60): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, &(0x7f0000000480)="66baa000b0e1ee0f20d835200000000f22d866b8ce000f00d8c4e1bd72d3000f01bf6dcc61ac66baa100ed66ddc6c4c235aa0f9c0f01c4", 0x37}], 0x1, 0xdf, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, 0x0, 0x4000000) socket$netlink(0x10, 0x3, 0x18) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_open_dev$media(&(0x7f0000000cc0), 0x778c, 0x2000) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(0xffffffffffffffff, 0x3b71, &(0x7f0000000400)={0x20, 0x1, &(0x7f00000002c0)="f4f9c1b9ad595ca20c6e1301bf0541896382500fcfc1672050f3eca79f8b7f3da54a228627bd43312b58d4a736bb3c0a861d235f726e33494450b66d35183179a7417ed34c4fc8ba2c5dbfb1bbdc65e1e5ecec7a2e393b", 0x2, 0x6}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000580)=[@text16={0x10, 0x0}], 0x0, 0x54, 0x0, 0xffffffffffffffc6) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffff5, 0x0, 0xff, 0xff, 0x0, '\x00', 0x0, 0x7}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.11815399s ago: executing program 2 (id=61): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) ioctl$I2C_SLAVE_FORCE(r0, 0x706, 0x299) syz_open_dev$vim2m(0x0, 0x47b, 0x2) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) syz_mount_image$nilfs2(&(0x7f0000000380), &(0x7f0000000a40)='./file0\x00', 0x0, &(0x7f0000000200)={[{@order_relaxed}, {@errors_continue}, {@nodiscard}, {@nodiscard}, {@errors_remount_ro}, {@errors_remount_ro}]}, 0xf, 0xa02, &(0x7f0000001ec0)="$eJzs3U9sXEcdAOB5a68d16mzhgKmoYmBAqmgTrCtKrmkMZRrpN7KsQppiHBTlHBpVakpUsUNRap67IGqh1wQFeLSA1JEVUQvQZQ7CoVKVVGgFQipoNYo9sx6d+zH/rG99vp9n/Tz+L2ZfTPPu943fp6dCUBl1Va/Li7OFCG89PqLj/zkD698twghHG2WaLSUW9uqhxCKtsevuxUzPv7w2XObpUWYX/2atsPZ283HToYQrobZcCM0wsL7j829ubT08vWbj16efuH02zt0+gAAUCln3/jH7x94761vTP/nF0fOhPHm/tQ/b8TtydjvPxH793n/v2hJi5btZCwrNxIj//thJCs3mtUzWlJfPTtOvaTcWIf6Rlr2bXaeALAfrN/XK2pzbdu12tzc2nX/jlvjY8XcpYvLT1zZpYYCANvmXw+HEM4IIYQQokqxcmi3eyAAQNXl44U3uJqPLNia5tEOdFf/7aXa5o+HbTDo17/6h6v+V5/3jsP22a+vpnRe6fcojWPIxxGOZI/r9fe/lh1ntMd2lo0rHJbxhmXtzH+ue1VZ+3t9HndLWfvz8bB7VVn783G6e1VZ+8cH3I5+lbX/wIDb0a+y9k80v9uvV7jtcd/q1/V3iyNZfuv1M39PH5b3eACg3UfG/wkhhBCVi+d2uwMCAOw5+fw4K1HKz+fjyfPzeXjy/HxeoDx/vEP+gQ75AMBGC7+68PNrxfr/+bc6Hi6Nu7grppM9ticfrdFr/Vsd97TV+odl3BIA1fbUTxe/89aZpZG1+X/Xr2WfZPP/prl6r8XtNO7yYLbdnPt3tr2eWkm5gztxUgDA/5Wuv2Xz/94dt2dCvXji4vL5E3F7Kqa/G6+P39n/zQG3GwDoX7fz/8+E9vn/Dzb312ut/YJD6/uL1n5BI9s/X7J/IW5Px/T74xOr++fOPbX8ve0+eQCoqDe+dfC1D357Kazd/1///3e6/59u4zfiWLsPYoHUT0j3Bzbc/z/WXs9UWbkT7eUOlZU72V6ukZWrx8jn3cjHB05kj0vjFNK4h9TfSeMap8vak02QMZaVG41xd9aeqaw9G873RHt78nloUv2NbH8+7iGVmw4AsNGVp5/5wePLy+cv+8Y3vqngN8+FEDbL2u13JmCnHf/Rkz88fuXpZx68+OTjF85fOH9pYXH+1KmHFucXHzq+el//eOvdfQBgP1jv9O92SwAAAAAAAAAAAAAAgDKD+KTxbp8jANDu7w+HEM6ILEb2QBuEECk+2gNtEGKfxcpKvuIvAMBg9bre/lY1jxbn80/rHqT04IN/nL4Tqdjtpfb+kvWL2U6Dfv2rf7jqf/X57a2/ub5I1+9/tfYDzPZX761fnjzZWv+9o13Wn5//sf7q/3NW/9dCd/Wv/Cyrv8+pcd/J6r+ry/o3nP/J/ur/S6z/nrh97Mvd1t/+/Kf1dtJyOBPZ+UyW1P/Xevv5p7X9ej7/Az2cdIt34/kDQBXVdrsBOyT1ElI/OvVDWtfnCy3r7IWsfLf9/1p2nHy9vn6l46Z+0BfjdurupHUD8/UOe21/Wp9wKjtu0WW/tuz1Myz/VSpr/3Y9jzutrP35epB7VVn7xwbcjn6VtT//vdyrytrf559VA1fW/okBt2NYHY5p2fUwXX+mYl7abmTbk5s8F/u1bwEAw+7bp2/ef+3rozfy9fnTdT39GTgZ/6a+npXL+wsTWd+xyMp/KaY/jukrMf1NTN/Jjrez/20DgGp6z+f/hBBCiMpF1T//5/4CVVb113/Vz7/a7/6e/07S6yO/j5+Mdsivt+SPbJI/1uHx41l+/nwd6JB/T3bclSjlf6ZD/mc75H+uQ/5Mh/xDHfLv7ZB/uEP+FzrkH+mQf7RDPgDD6fMx9f4OANWRj/tz/QeA/S9NrOP6DwDV8amYll3/7+uQDwAMn0/H1PUdACqk2Hymx63O2wMMjzS/dPo9j8uBhPtj+pWYfjWmab2UPpdfAfaA//7713+7VqzP93c4y+92Pvmi1v7Ju3z9nwe6bE/++b1e57NvdFnPTtU/vcX6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABis2urXxcWZIoSXXn/xkX+e+tO7RQjhaLNEo6Xc2la9ZXu27TghvFaspR9/+Oy51vSTmBZhPhShaO4PZ283a5oMIVwNs+FGaISF9x+be3Np6eXrNx+9PP3C6bd38EcAAAAA+97/AgAA//87+jkE") r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f0000000100)=0x3) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000500)={0x0, @bt={0x8, 0x9, 0x1, 0x1, 0xd59f83, 0x19fa, 0x3b, 0x19ef, 0x3, 0x4, 0x2800, 0x9, 0x1, 0xba2, 0x0, 0x2a, {0xa, 0x20000a}, 0xce, 0x9}}) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) execve(&(0x7f00000190c0)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1c3425, 0x0) execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)=@known='trusted.overlay.opaque\x00', &(0x7f0000000240)=""/37, 0x25) execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={[&(0x7f0000000300)=' wO\xd5\xce\x82\x89r\xa0\r\xc4Z\x15\xfds\x17g\n\xee\x9f\a0\xc3\x80\xbf\x80j$\xe6Z\xde\xf1pc\x96\x8f\xb5\x9d\xe3\x11m\x88~\xe3\xc7\xe3\t\xab\xbb@\xd9\xf8\xa2N\x03\xcf\xe4\xd6\x0ew\x10\xc2\xaa\x84bC\xc8\xd0\xe07\xa1\rIa\xb1^\xc5WG\xccV\xd3\x91\x84x\x9d\x8eg\x84\xeb\x9e;\x8f\xa1\xa3\xcf]@\x82\xcf\x01$;\xd5\xc0\xa8\xc8r\x0e_\xac\xef\xf5\r\xd5Q\v\b#E\xcf@a\xa2\xaa#\x13S\x04\x12$\xcb\xbeV!\x1d\xc7\x84_\\ \xc7oh$\xc9\x06m']}) 834.820555ms ago: executing program 3 (id=62): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000001540)={'tunl0\x00', {0x2, 0x4e23, @local}}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000003400000000a140000001100010000000000000000000000000a000000"], 0x64}}, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f0000000040), 0xa, 0x0) r4 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000040), 0x100000001, 0x690180) dup3(r4, r5, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000200)='task\x00') lseek(r7, 0x4, 0x2) 0s ago: executing program 2 (id=63): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0) ioctl$COMEDI_INSNLIST(r0, 0x8010640b, &(0x7f0000000000)={0xfffffffffffffee6, 0x0}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.146' (ED25519) to the list of known hosts. [ 74.237891][ T5775] cgroup: Unknown subsys name 'net' [ 74.401000][ T5775] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 76.095113][ T5775] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 78.333317][ T5790] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 78.352622][ T5800] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 78.360822][ T5800] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 78.369283][ T5800] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 78.378402][ T5800] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 78.382713][ T5793] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 78.386654][ T5800] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 78.394573][ T5793] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 78.399848][ T5800] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 78.408012][ T5793] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 78.415194][ T5800] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 78.422702][ T5793] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 78.429172][ T5800] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 78.442915][ T5800] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 78.450171][ T5800] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 78.450390][ T5793] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 78.458529][ T5800] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 78.471713][ T5800] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 78.479184][ T5800] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 78.482320][ T5790] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.516236][ T5790] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 78.543022][ T5790] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 78.551127][ T5790] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 78.563185][ T5790] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 78.962457][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 79.111421][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 79.133860][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 79.235211][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 79.258400][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.265991][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.273825][ T5785] bridge_slave_0: entered allmulticast mode [ 79.281667][ T5785] bridge_slave_0: entered promiscuous mode [ 79.308061][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.315599][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.322868][ T5785] bridge_slave_1: entered allmulticast mode [ 79.329839][ T5785] bridge_slave_1: entered promiscuous mode [ 79.428312][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.438425][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.446965][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.454278][ T5786] bridge_slave_0: entered allmulticast mode [ 79.461302][ T5786] bridge_slave_0: entered promiscuous mode [ 79.489338][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.511038][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.518397][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.525912][ T5786] bridge_slave_1: entered allmulticast mode [ 79.533656][ T5786] bridge_slave_1: entered promiscuous mode [ 79.565952][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.573233][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.580486][ T5784] bridge_slave_0: entered allmulticast mode [ 79.588166][ T5784] bridge_slave_0: entered promiscuous mode [ 79.647468][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.654939][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.662212][ T5784] bridge_slave_1: entered allmulticast mode [ 79.669212][ T5784] bridge_slave_1: entered promiscuous mode [ 79.680553][ T5785] team0: Port device team_slave_0 added [ 79.689480][ T5785] team0: Port device team_slave_1 added [ 79.709141][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.716403][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.723678][ T5787] bridge_slave_0: entered allmulticast mode [ 79.730639][ T5787] bridge_slave_0: entered promiscuous mode [ 79.764602][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.774267][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.781405][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.788937][ T5787] bridge_slave_1: entered allmulticast mode [ 79.796020][ T5787] bridge_slave_1: entered promiscuous mode [ 79.841662][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.868276][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.880513][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.894444][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.904611][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.911578][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.937879][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.970436][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.016035][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.023130][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.049156][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.086696][ T5784] team0: Port device team_slave_0 added [ 80.096809][ T5784] team0: Port device team_slave_1 added [ 80.111903][ T5786] team0: Port device team_slave_0 added [ 80.121209][ T5787] team0: Port device team_slave_0 added [ 80.169847][ T5786] team0: Port device team_slave_1 added [ 80.195171][ T5787] team0: Port device team_slave_1 added [ 80.215224][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.222467][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.248707][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.299239][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.307125][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.333109][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.346216][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.353330][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.379318][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.391207][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.398511][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.424604][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.440095][ T5785] hsr_slave_0: entered promiscuous mode [ 80.446953][ T5785] hsr_slave_1: entered promiscuous mode [ 80.454724][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.461775][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.487858][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.500950][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.508062][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.535116][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.535440][ T5790] Bluetooth: hci2: command tx timeout [ 80.545788][ T50] Bluetooth: hci3: command tx timeout [ 80.582138][ T50] Bluetooth: hci1: command tx timeout [ 80.582502][ T5790] Bluetooth: hci0: command tx timeout [ 80.659779][ T5786] hsr_slave_0: entered promiscuous mode [ 80.666471][ T5786] hsr_slave_1: entered promiscuous mode [ 80.673075][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.680858][ T5786] Cannot create hsr debugfs directory [ 80.763088][ T5787] hsr_slave_0: entered promiscuous mode [ 80.769535][ T5787] hsr_slave_1: entered promiscuous mode [ 80.776752][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.784462][ T5787] Cannot create hsr debugfs directory [ 80.825720][ T5784] hsr_slave_0: entered promiscuous mode [ 80.834424][ T5784] hsr_slave_1: entered promiscuous mode [ 80.840943][ T5784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.848673][ T5784] Cannot create hsr debugfs directory [ 81.230255][ T5785] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 81.243917][ T5785] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 81.254979][ T5785] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 81.268269][ T5785] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 81.332649][ T5786] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 81.350091][ T5786] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 81.361699][ T5786] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 81.374579][ T5786] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 81.477806][ T5787] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 81.509723][ T5787] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 81.520784][ T5787] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 81.531366][ T5787] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 81.604670][ T5784] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 81.617254][ T5784] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 81.627968][ T5784] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 81.649398][ T5784] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 81.768836][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.828972][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.884912][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.900185][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.928880][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.967758][ T34] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.975158][ T34] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.013348][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.024833][ T34] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.032052][ T34] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.046314][ T34] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.053524][ T34] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.068060][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.100497][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.107731][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.121238][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.128475][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.176657][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.183963][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.235546][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.315398][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.322625][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.334043][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.341223][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.418717][ T5786] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 82.592061][ T5790] Bluetooth: hci3: command tx timeout [ 82.592171][ T50] Bluetooth: hci2: command tx timeout [ 82.606248][ T5784] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 82.663119][ T50] Bluetooth: hci1: command tx timeout [ 82.663640][ T5790] Bluetooth: hci0: command tx timeout [ 82.966486][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.081087][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.118763][ T5785] veth0_vlan: entered promiscuous mode [ 83.143375][ T5785] veth1_vlan: entered promiscuous mode [ 83.171257][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.194297][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.257586][ T5785] veth0_macvtap: entered promiscuous mode [ 83.290323][ T5786] veth0_vlan: entered promiscuous mode [ 83.323452][ T5784] veth0_vlan: entered promiscuous mode [ 83.333684][ T5785] veth1_macvtap: entered promiscuous mode [ 83.365883][ T5786] veth1_vlan: entered promiscuous mode [ 83.377332][ T5784] veth1_vlan: entered promiscuous mode [ 83.404555][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.430646][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.465565][ T5785] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.474834][ T5785] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.484041][ T5785] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.493006][ T5785] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.545938][ T5787] veth0_vlan: entered promiscuous mode [ 83.568405][ T5784] veth0_macvtap: entered promiscuous mode [ 83.604469][ T5784] veth1_macvtap: entered promiscuous mode [ 83.630783][ T5787] veth1_vlan: entered promiscuous mode [ 83.638523][ T5786] veth0_macvtap: entered promiscuous mode [ 83.701304][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.713595][ T3462] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.720445][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.721715][ T3462] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.740397][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.759978][ T5786] veth1_macvtap: entered promiscuous mode [ 83.824802][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.835853][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.847581][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.869220][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.879952][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.890002][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.900669][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.915538][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.930896][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.942542][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.953556][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.964674][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.976629][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.986723][ T5784] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.995598][ T5784] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.005572][ T5784] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.014781][ T5784] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.028158][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.039092][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.049251][ T5787] veth0_macvtap: entered promiscuous mode [ 84.070786][ T5786] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.079751][ T5786] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.089067][ T5786] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.099036][ T5786] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.126751][ T5787] veth1_macvtap: entered promiscuous mode [ 84.314619][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.330594][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.350901][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.365794][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.376302][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.387587][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.401526][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.557842][ T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.608590][ T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.663163][ T5790] Bluetooth: hci2: command tx timeout [ 84.665130][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.672180][ T5790] Bluetooth: hci3: command tx timeout [ 84.719744][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.764868][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.764993][ T50] Bluetooth: hci1: command tx timeout [ 84.775545][ T5790] Bluetooth: hci0: command tx timeout [ 84.788444][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.798450][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.809934][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.843351][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.138387][ T5787] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.148117][ T5787] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.180261][ T5787] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.203361][ T5787] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.272614][ T1081] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.280621][ T1081] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.369217][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.393582][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.405503][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.413225][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.421565][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.459657][ T5885] syz.1.6[5885]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 85.636703][ T5885] loop1: detected capacity change from 0 to 4096 [ 85.675667][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 85.697602][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 85.888907][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 85.902286][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.910590][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.944457][ T1081] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.977107][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 85.992384][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.007501][ T1081] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.125452][ T5885] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 86.419233][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.582888][ T1081] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.604478][ T1081] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.769869][ T1081] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.778443][ T5790] Bluetooth: hci3: command tx timeout [ 86.784574][ T5790] Bluetooth: hci2: command tx timeout [ 86.825313][ T5790] Bluetooth: hci0: command tx timeout [ 86.830856][ T50] Bluetooth: hci1: command tx timeout [ 86.863515][ T1081] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.050792][ T5911] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 88.332830][ T5911] loop3: detected capacity change from 0 to 32768 [ 88.358625][ T5911] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.4 (5911) [ 88.412288][ T5842] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 88.428454][ T5911] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 88.439000][ T5911] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 88.447724][ T5911] BTRFS info (device loop3): enabling auto defrag [ 88.454244][ T5911] BTRFS info (device loop3): doing ref verification [ 88.460860][ T5911] BTRFS info (device loop3): use no compression [ 88.467173][ T5911] BTRFS info (device loop3): force clearing of disk cache [ 88.474373][ T5911] BTRFS info (device loop3): setting nodatacow, compression disabled [ 88.482588][ T5911] BTRFS info (device loop3): disabling free space tree [ 88.615333][ T5842] usb 2-1: Using ep0 maxpacket: 16 [ 88.635712][ T5842] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 8.00 [ 88.645248][ T5911] BTRFS info (device loop3): enabling ssd optimizations [ 88.653969][ T5911] BTRFS info (device loop3): auto enabling async discard [ 88.663199][ T5842] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.678724][ T5842] usb 2-1: config 0 descriptor?? [ 88.688773][ T5911] BTRFS info (device loop3): rebuilding free space tree [ 88.732063][ T5842] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 88.743689][ T5842] usb 2-1: Detected FT4232H [ 88.755634][ T5911] BTRFS info (device loop3): disabling free space tree [ 88.763198][ T5911] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 88.773614][ T5911] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 89.039161][ T5931] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 89.051554][ T5931] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 89.652830][ T5842] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 89.661508][ T5842] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 89.711586][ T5842] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 89.746071][ T5842] usb 2-1: USB disconnect, device number 2 [ 89.771012][ T5787] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 89.798999][ T5842] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 89.854083][ T5842] ftdi_sio 2-1:0.0: device disconnected [ 92.209457][ T54] cfg80211: failed to load regulatory.db [ 92.399939][ T5950] loop3: detected capacity change from 0 to 512 [ 92.408185][ T5950] EXT4-fs: Ignoring removed bh option [ 92.427456][ T5950] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 92.522275][ T5950] EXT4-fs (loop3): 1 truncate cleaned up [ 92.529684][ T5950] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 94.475477][ T5971] loop0: detected capacity change from 0 to 2048 [ 94.575656][ T5971] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 94.600946][ T5797] udevd[5797]: incorrect nilfs2 checksum on /dev/loop0 [ 94.651426][ T5971] NILFS (loop0): mounting unchecked fs [ 94.904663][ T5978] loop2: detected capacity change from 0 to 4096 [ 95.157852][ T5978] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.315602][ T5971] NILFS (loop0): recovery complete [ 95.494793][ T5789] udevd[5789]: incorrect nilfs2 checksum on /dev/loop0 [ 95.514196][ T5980] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 95.834882][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.184435][ T5989] loop1: detected capacity change from 0 to 128 [ 96.192454][ T5989] ======================================================= [ 96.192454][ T5989] WARNING: The mand mount option has been deprecated and [ 96.192454][ T5989] and is ignored by this kernel. Remove the mand [ 96.192454][ T5989] option from the mount to silence this warning. [ 96.192454][ T5989] ======================================================= [ 96.227522][ C1] vkms_vblank_simulate: vblank timer overrun [ 97.232808][ T5994] syzkaller0: entered promiscuous mode [ 97.262154][ T5994] syzkaller0: entered allmulticast mode [ 98.566924][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.844687][ T6020] netlink: 64 bytes leftover after parsing attributes in process `syz.2.33'. [ 100.855190][ T6020] netlink: 'syz.2.33': attribute type 10 has an invalid length. [ 100.871295][ T6020] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 100.880207][ T6020] team0: Failed to send options change via netlink (err -105) [ 100.887799][ T6020] team0: Port device dummy0 added [ 104.574692][ T6036] loop0: detected capacity change from 0 to 32768 [ 104.622041][ T6036] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.37 (6036) [ 105.162293][ T6036] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 105.172616][ T6036] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 105.181320][ T6036] BTRFS info (device loop0): enabling auto defrag [ 105.187951][ T6036] BTRFS info (device loop0): doing ref verification [ 105.194657][ T6036] BTRFS info (device loop0): use no compression [ 105.200931][ T6036] BTRFS info (device loop0): force clearing of disk cache [ 105.208800][ T6036] BTRFS info (device loop0): setting nodatacow, compression disabled [ 105.216959][ T6036] BTRFS info (device loop0): disabling free space tree [ 105.394612][ T6036] BTRFS info (device loop0): enabling ssd optimizations [ 105.401688][ T6036] BTRFS info (device loop0): auto enabling async discard [ 105.418836][ T6036] BTRFS info (device loop0): rebuilding free space tree [ 105.444337][ T6036] BTRFS info (device loop0): disabling free space tree [ 105.451320][ T6036] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 105.461159][ T6036] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 105.517994][ T6068] hub 2-0:1.0: USB hub found [ 105.547240][ T6036] kvm: pic: level sensitive irq not supported [ 105.547409][ T6036] kvm: pic: non byte read [ 105.558403][ T6036] kvm: pic: non byte read [ 105.593534][ T6068] hub 2-0:1.0: 1 port detected [ 105.866732][ T5784] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 107.232873][ T6077] netlink: 64 bytes leftover after parsing attributes in process `syz.0.43'. [ 107.243613][ T6077] netlink: 'syz.0.43': attribute type 10 has an invalid length. [ 107.323500][ T6077] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 107.332565][ T6077] team0: Failed to send options change via netlink (err -105) [ 107.340071][ T6077] team0: Port device dummy0 added [ 107.979243][ T6085] loop0: detected capacity change from 0 to 256 [ 108.628569][ T6089] Zero length message leads to an empty skb [ 109.160632][ T6095] loop0: detected capacity change from 0 to 2048 [ 109.217930][ T6095] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 109.260982][ T6095] NILFS (loop0): mounting unchecked fs [ 109.271650][ T5803] udevd[5803]: incorrect nilfs2 checksum on /dev/loop0 [ 109.309665][ T6095] NILFS (loop0): recovery complete [ 109.347387][ T6096] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 112.806675][ T6110] netlink: 64 bytes leftover after parsing attributes in process `syz.3.54'. [ 113.168771][ T5790] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 113.179480][ T5790] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 113.187641][ T5790] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 113.206671][ T5790] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 113.225074][ T5790] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 113.237697][ T5790] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 113.264665][ T6119] loop3: detected capacity change from 0 to 512 [ 113.300332][ T6119] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 113.312051][ T6113] netlink: 'syz.2.55': attribute type 10 has an invalid length. [ 113.363798][ T6113] syz_tun: entered promiscuous mode [ 113.405577][ T6113] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 113.440407][ T6119] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 113.542268][ T6119] ext4 filesystem being mounted at /10/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 114.381311][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 114.953752][ T6114] chnl_net:caif_netlink_parms(): no params data found [ 115.123246][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.302490][ T50] Bluetooth: hci4: command tx timeout [ 115.318207][ T6114] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.349653][ T6114] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.373392][ T6146] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=55 (110 ns) > initial count (64 ns). Using initial count to start timer. [ 115.377966][ T6114] bridge_slave_0: entered allmulticast mode [ 115.428106][ T6114] bridge_slave_0: entered promiscuous mode [ 115.470573][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.506287][ T6147] kvm: pic: non byte write [ 115.537675][ T6149] loop2: detected capacity change from 0 to 2048 [ 115.552238][ T6149] NILFS (loop2): invalid segment: Magic number mismatch [ 115.559233][ T6149] NILFS (loop2): trying rollback from an earlier position [ 115.602560][ T6149] NILFS (loop2): recovery complete [ 115.631717][ T6150] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 115.693197][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.767396][ T6114] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.934172][ T6114] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.942505][ T6114] bridge_slave_1: entered allmulticast mode [ 115.949986][ T6114] bridge_slave_1: entered promiscuous mode [ 116.121265][ T6154] process 'syz.2.61' launched './file0' with NULL argv: empty string added [ 116.486924][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.538924][ T6158] ------------[ cut here ]------------ [ 116.544612][ T6158] WARNING: CPU: 1 PID: 6158 at mm/page_alloc.c:4433 __alloc_pages+0x2de/0x460 [ 116.553702][ T6158] Modules linked in: [ 116.557663][ T6158] CPU: 1 PID: 6158 Comm: syz.2.63 Not tainted 6.6.99-syzkaller #0 [ 116.566290][ T6158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 116.576749][ T6158] RIP: 0010:__alloc_pages+0x2de/0x460 [ 116.584028][ T6158] Code: 0c 25 28 00 00 00 48 3b 8c 24 a0 00 00 00 0f 85 a0 00 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 c6 05 43 1f 64 0c 01 <0f> 0b eb a5 a9 00 00 08 00 8b 74 24 0c 75 3e 44 89 f1 81 e1 7f ff [ 116.604560][ T6158] RSP: 0018:ffffc900032d79c0 EFLAGS: 00010246 [ 116.610860][ T6158] RAX: ffffc900032d7a00 RBX: 1ffff9200065af3c RCX: 0000000000000000 [ 116.618946][ T6158] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc900032d7a28 [ 116.627103][ T6158] RBP: ffffc900032d7ac0 R08: ffffc900032d7a27 R09: 0000000000000000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 116.635183][ T6158] R10: ffffc900032d7a00 R11: fffff5200065af45 R12: 000000000000001a [ 116.643284][ T6158] R13: 0000000000000000 R14: 0000000000040dc0 R15: dffffc0000000000 [ 116.651302][ T6158] FS: 00007f04d63ad6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 116.660674][ T6158] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 116.667445][ T6158] CR2: 0000001b2d61fffc CR3: 000000007681c000 CR4: 00000000003526e0 [ 116.675736][ T6159] netlink: 8 bytes leftover after parsing attributes in process `syz.3.62'. [ 116.685483][ T6158] Call Trace: [ 116.688797][ T6158] [ 116.691773][ T6158] ? zone_statistics+0x170/0x170 [ 116.696853][ T6158] ? __might_fault+0xaa/0x120 [ 116.701576][ T6158] ? __lock_acquire+0x7c80/0x7c80 [ 116.706817][ T6158] __kmalloc_large_node+0x8c/0x1e0 [ 116.712055][ T6158] ? comedi_unlocked_ioctl+0x9f0/0xf00 [ 116.717578][ T6158] __kmalloc+0x111/0x240 [ 116.721889][ T6158] comedi_unlocked_ioctl+0x9f0/0xf00 [ 116.727272][ T6158] ? tomoyo_path_number_perm+0x477/0x590 [ 116.733015][ T6158] ? comedi_poll+0x8c0/0x8c0 [ 116.737668][ T6158] ? tomoyo_path_number_perm+0x4dc/0x590 [ 116.743536][ T6158] ? tomoyo_path_number_perm+0x1ba/0x590 [ 116.749223][ T6158] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 116.754822][ T6158] ? __fget_files+0x28/0x4d0 [ 116.759475][ T6158] ? bpf_lsm_file_ioctl+0x9/0x10 [ 116.764483][ T6158] ? security_file_ioctl+0x80/0xa0 [ 116.769635][ T6158] ? comedi_poll+0x8c0/0x8c0 [ 116.774350][ T6158] __se_sys_ioctl+0xfd/0x170 [ 116.779915][ T6158] do_syscall_64+0x55/0xb0 [ 116.784562][ T6158] ? clear_bhb_loop+0x40/0x90 [ 116.789287][ T6158] ? clear_bhb_loop+0x40/0x90 [ 116.794171][ T6158] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 116.800120][ T6158] RIP: 0033:0x7f04d558e9a9 [ 116.804665][ T6158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 116.824491][ T6158] RSP: 002b:00007f04d63ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 116.833027][ T6158] RAX: ffffffffffffffda RBX: 00007f04d57b5fa0 RCX: 00007f04d558e9a9 [ 116.841052][ T6158] RDX: 0000200000000000 RSI: 000000008010640b RDI: 0000000000000003 [ 116.849172][ T6158] RBP: 00007f04d5610d69 R08: 0000000000000000 R09: 0000000000000000 [ 116.857255][ T6158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 116.865347][ T6158] R13: 0000000000000000 R14: 00007f04d57b5fa0 R15: 00007ffcdd829c38 [ 116.873451][ T6158] [ 116.876502][ T6158] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 116.883806][ T6158] CPU: 1 PID: 6158 Comm: syz.2.63 Not tainted 6.6.99-syzkaller #0 [ 116.891663][ T6158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 116.901743][ T6158] Call Trace: [ 116.905064][ T6158] [ 116.908025][ T6158] dump_stack_lvl+0x16c/0x230 [ 116.912744][ T6158] ? show_regs_print_info+0x20/0x20 [ 116.917982][ T6158] ? load_image+0x3b0/0x3b0 [ 116.922557][ T6158] panic+0x2c0/0x710 [ 116.926589][ T6158] ? bpf_jit_dump+0xd0/0xd0 [ 116.931165][ T6158] __warn+0x2e0/0x470 [ 116.935199][ T6158] ? __alloc_pages+0x2de/0x460 [ 116.940044][ T6158] ? __alloc_pages+0x2de/0x460 [ 116.944858][ T6158] report_bug+0x2be/0x4f0 [ 116.949242][ T6158] ? __alloc_pages+0x2de/0x460 [ 116.954079][ T6158] ? __alloc_pages+0x2de/0x460 [ 116.958900][ T6158] ? __alloc_pages+0x2e0/0x460 [ 116.963712][ T6158] handle_bug+0xcf/0x120 [ 116.967995][ T6158] exc_invalid_op+0x1a/0x50 [ 116.972546][ T6158] asm_exc_invalid_op+0x1a/0x20 [ 116.977445][ T6158] RIP: 0010:__alloc_pages+0x2de/0x460 [ 116.982867][ T6158] Code: 0c 25 28 00 00 00 48 3b 8c 24 a0 00 00 00 0f 85 a0 00 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 c6 05 43 1f 64 0c 01 <0f> 0b eb a5 a9 00 00 08 00 8b 74 24 0c 75 3e 44 89 f1 81 e1 7f ff [ 117.002527][ T6158] RSP: 0018:ffffc900032d79c0 EFLAGS: 00010246 [ 117.008629][ T6158] RAX: ffffc900032d7a00 RBX: 1ffff9200065af3c RCX: 0000000000000000 [ 117.016628][ T6158] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc900032d7a28 [ 117.024630][ T6158] RBP: ffffc900032d7ac0 R08: ffffc900032d7a27 R09: 0000000000000000 [ 117.032630][ T6158] R10: ffffc900032d7a00 R11: fffff5200065af45 R12: 000000000000001a [ 117.040628][ T6158] R13: 0000000000000000 R14: 0000000000040dc0 R15: dffffc0000000000 [ 117.048661][ T6158] ? zone_statistics+0x170/0x170 [ 117.053659][ T6158] ? __might_fault+0xaa/0x120 [ 117.058363][ T6158] ? __lock_acquire+0x7c80/0x7c80 [ 117.063423][ T6158] __kmalloc_large_node+0x8c/0x1e0 [ 117.068585][ T6158] ? comedi_unlocked_ioctl+0x9f0/0xf00 [ 117.074121][ T6158] __kmalloc+0x111/0x240 [ 117.078444][ T6158] comedi_unlocked_ioctl+0x9f0/0xf00 [ 117.083777][ T6158] ? tomoyo_path_number_perm+0x477/0x590 [ 117.089452][ T6158] ? comedi_poll+0x8c0/0x8c0 [ 117.094091][ T6158] ? tomoyo_path_number_perm+0x4dc/0x590 [ 117.099781][ T6158] ? tomoyo_path_number_perm+0x1ba/0x590 [ 117.105467][ T6158] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 117.111016][ T6158] ? __fget_files+0x28/0x4d0 [ 117.115664][ T6158] ? bpf_lsm_file_ioctl+0x9/0x10 [ 117.120629][ T6158] ? security_file_ioctl+0x80/0xa0 [ 117.125785][ T6158] ? comedi_poll+0x8c0/0x8c0 [ 117.130441][ T6158] __se_sys_ioctl+0xfd/0x170 [ 117.135052][ T6158] do_syscall_64+0x55/0xb0 [ 117.139480][ T6158] ? clear_bhb_loop+0x40/0x90 [ 117.144173][ T6158] ? clear_bhb_loop+0x40/0x90 [ 117.148853][ T6158] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 117.154756][ T6158] RIP: 0033:0x7f04d558e9a9 [ 117.159181][ T6158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.178801][ T6158] RSP: 002b:00007f04d63ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 117.187233][ T6158] RAX: ffffffffffffffda RBX: 00007f04d57b5fa0 RCX: 00007f04d558e9a9 [ 117.195220][ T6158] RDX: 0000200000000000 RSI: 000000008010640b RDI: 0000000000000003 [ 117.203207][ T6158] RBP: 00007f04d5610d69 R08: 0000000000000000 R09: 0000000000000000 [ 117.211194][ T6158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 117.219193][ T6158] R13: 0000000000000000 R14: 00007f04d57b5fa0 R15: 00007ffcdd829c38 [ 117.227187][ T6158] [ 117.230539][ T6158] Kernel Offset: disabled [ 117.234927][ T6158] Rebooting in 86400 seconds..