last executing test programs: 11.321101557s ago: executing program 2 (id=418): openat$tun(0xffffffffffffff9c, 0x0, 0x622681, 0x0) bind$packet(0xffffffffffffffff, 0x0, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x10000, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x8, 0x10, 0x100000002, 0x0, 0xfff, 0xffffffffffffb473, 0xffffffffffffffff}, {0x1000000000, 0x2000000000000000, 0x2, 0xffffffffffffffff}, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x3}}, 0xb8}}, 0x4004) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2, 0xfffffffffffffffb}, {0x0, 0x40000000000000, 0x200000000000000}, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x4000015}, 0x2c000010) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xc4, 0x1b, 0x1, 0xfffffffe, 0x400000, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x4, 0xfffffffffffffffb, 0x0, 0xfffffffffffffffb}, {0x0, 0x0, 0x200000000000000}}, [@mark={0xc, 0x15, {0x35075a, 0xc0}}]}, 0xc4}, 0x1, 0x0, 0x0, 0x40100}, 0x2c000010) 11.320927887s ago: executing program 3 (id=419): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0xfffffffffffffdb1, &(0x7f0000000280)=0x6) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000025300)=""/102392, 0x18ff8) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x6040000}) 10.756310212s ago: executing program 2 (id=421): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x3d6d9000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfff}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) syz_open_dev$video(0x0, 0x100000000, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x6, 0x7, 0xcf, 0x7fff8000}]}) r4 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000) r5 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r5, 0x40146f2c, &(0x7f0000000100)={0x2, 0x1, 0x3, 0x14, 0x4}) ioctl$DVB_DEMUX_DMX_SET_FILTER(r4, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"2a71f0d3fe13be00", "3d0e00000000003efe56890a5b857206", "47eb0b4a89ffff000000000000c94742"}, 0x4, 0x4}) close_range(r3, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/devices.allow\x00', 0x189002, 0x40) write$cgroup_devices(r6, &(0x7f00000001c0)=ANY=[], 0x11) r7 = openat$tun(0xffffffffffffff9c, 0x0, 0x41, 0x0) close(r7) 10.626573985s ago: executing program 0 (id=422): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0x10000000005) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x400000000001, 0x0, 0x1, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f000001a400)=""/102384, 0x18ff0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) connect$inet(r3, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@private0, @in=@private=0xa010101, 0x4e20, 0x4, 0x4e24, 0x0, 0x2, 0x0, 0x0, 0x1d, 0x0, 0xffffffffffffffff}, {0x10000, 0x4, 0x9, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x7, 0x0, 0xfffffffffffffffc, 0xff}, 0x1, 0x0, 0x1, 0x0, 0x3}, {{@in=@dev={0xac, 0x14, 0x14, 0x3c}, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e}}, 0xe8) 9.223078085s ago: executing program 0 (id=423): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x3d6d9000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfff}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) syz_open_dev$video(0x0, 0x100000000, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r4 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000) r5 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r5, 0x40146f2c, &(0x7f0000000100)={0x2, 0x1, 0x3, 0x14, 0x4}) ioctl$DVB_DEMUX_DMX_SET_FILTER(r4, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"2a71f0d3fe13be00", "3d0e00000000003efe56890a5b857206", "47eb0b4a89ffff000000000000c94742"}, 0x4, 0x4}) close_range(r3, 0xffffffffffffffff, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/devices.allow\x00', 0x189002, 0x40) write$cgroup_devices(r6, &(0x7f00000001c0)=ANY=[], 0x11) r7 = openat$tun(0xffffffffffffff9c, 0x0, 0x41, 0x0) close(r7) 8.990441531s ago: executing program 3 (id=424): openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) socket$netlink(0x10, 0x3, 0x4) syz_open_procfs(0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = shmget(0x2, 0x1000, 0x1, &(0x7f0000935000/0x1000)=nil) shmctl$IPC_INFO(r3, 0x3, &(0x7f00000000c0)=""/17) r4 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) sendfile(r4, r1, 0x0, 0x41) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x46) 7.888351492s ago: executing program 3 (id=425): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000400008500000061000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b705000008000000850000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE(0xa, &(0x7f0000000080)={r2, 0xffffffffffffffff, 0x34, 0x0, @val=@iter={&(0x7f0000000000), 0x10}}, 0x20) 7.818228353s ago: executing program 3 (id=426): r0 = socket(0x40000000015, 0x5, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x3, 0x0) pselect6(0x40, &(0x7f0000000040)={0x8, 0x0, 0x2, 0x2, 0x400004, 0x7, 0x8000000000000001, 0x6}, 0xfffffffffffffffe, 0x0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r3, 0x0) capset(&(0x7f0000000040)={0x19980330}, 0x0) preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 7.029699485s ago: executing program 1 (id=427): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003200)=@newsa={0x15c, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {0x800, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0x7}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @lifetime_val={0x24, 0x9, {0xf, 0xedcb, 0x9, 0x100}}]}, 0x15c}, 0x1, 0x0, 0x0, 0x8801}, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)=ANY=[], 0x48) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000940)=@newsa={0x138, 0x1a, 0x803, 0xfffffffe, 0x100, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@loopback, 0x1, 0x717, 0xe23, 0x5, 0xa, 0x0, 0x20, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, {0xfe, 0x1000000000000192, 0x8000000009ba3, 0x10001, 0x8251c, 0x5, 0xfffffffffffffffc, 0x4}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffe, 0x3f9}, 0x7e, 0x3505, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x844) 6.920561618s ago: executing program 2 (id=428): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newqdisc={0x34, 0x24, 0xf0b, 0x70bd2e, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x8004001}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x1c, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 6.784240142s ago: executing program 1 (id=429): openat$tun(0xffffffffffffff9c, 0x0, 0x622681, 0x0) bind$packet(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, &(0x7f0000000740)={0x0, 0x1, [0x51f, 0x157, 0x49b, 0xd5]}) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x10000, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x8, 0x10, 0x100000002, 0x0, 0xfff, 0xffffffffffffb473, 0xffffffffffffffff}, {0x1000000000, 0x2000000000000000, 0x2, 0xffffffffffffffff}, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x3}}, 0xb8}}, 0x4004) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2, 0xfffffffffffffffb}, {0x0, 0x40000000000000, 0x200000000000000}, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x4000015}, 0x2c000010) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xc4, 0x1b, 0x1, 0xfffffffe, 0x400000, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x4, 0xfffffffffffffffb, 0x0, 0xfffffffffffffffb}, {0x0, 0x0, 0x200000000000000}}, [@mark={0xc, 0x15, {0x35075a, 0xc0}}]}, 0xc4}, 0x1, 0x0, 0x0, 0x40100}, 0x2c000010) 6.690620855s ago: executing program 1 (id=430): prctl$PR_SET_SECUREBITS(0x1c, 0x15) setuid(0xee00) r0 = syz_clone(0x800000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000200)='.\x00', &(0x7f0000000000)='proc\x00', 0x101c050, 0x0) r2 = syz_open_procfs(r0, 0x0) readlinkat(r2, &(0x7f0000000100)='./mnt\x00', &(0x7f0000000440)=""/163, 0xa3) 6.547518438s ago: executing program 2 (id=431): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0x10000000005) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x400000000001, 0x0, 0x1, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f000001a400)=""/102384, 0x18ff0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b80)={0x1d, 0x2, 0x0, &(0x7f0000000680)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x35, '\x00', 0x0, 0x2a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) connect$inet(r3, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@private0, @in=@private=0xa010101, 0x4e20, 0x4, 0x4e24, 0x0, 0x2, 0x0, 0x0, 0x1d, 0x0, 0xffffffffffffffff}, {0x10000, 0x4, 0x9, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x7, 0x0, 0xfffffffffffffffc, 0xff}, 0x1, 0x0, 0x1, 0x0, 0x3}, {{@in=@dev={0xac, 0x14, 0x14, 0x3c}, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e}}, 0xe8) 5.351133082s ago: executing program 0 (id=432): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0xfffffffffffffdb1, &(0x7f0000000280)=0x6) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000025300)=""/102392, 0x18ff8) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x6040000}) 5.350501311s ago: executing program 2 (id=433): syz_open_dev$vim2m(&(0x7f0000000200), 0x7ff, 0x2) r0 = socket(0x840000000002, 0x3, 0xff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$inet(r0, &(0x7f0000000900)={&(0x7f00000006c0)={0x2, 0x4e23, @local}, 0x10, &(0x7f00000007c0)=[{&(0x7f0000000940)="974501000000000001008cc5595c4a9b8f52ac8e5c7fe70a3326491f", 0x1c}], 0x1, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x81}}}}], 0x20}, 0x400c804) 5.215725796s ago: executing program 3 (id=434): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000400008500000061000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b705000008000000850000006900"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE(0xa, &(0x7f0000000080)={r2, 0xffffffffffffffff, 0x34, 0x0, @val=@iter={&(0x7f0000000000), 0x10}}, 0x20) 5.073800199s ago: executing program 1 (id=435): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6(0xa, 0x3, 0x7) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x120) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1d0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]}) linkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file2\x00', 0x1000) openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0/file2/../file0\x00', 0x2028, 0x150) 4.68704219s ago: executing program 3 (id=436): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x3d6d9000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfff}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) syz_open_dev$video(0x0, 0x100000000, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x6, 0x7, 0xcf, 0x7fff8000}]}) r4 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000) r5 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r5, 0x40146f2c, &(0x7f0000000100)={0x2, 0x1, 0x3, 0x14, 0x4}) ioctl$DVB_DEMUX_DMX_SET_FILTER(r4, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"2a71f0d3fe13be00", "3d0e00000000003efe56890a5b857206", "47eb0b4a89ffff000000000000c94742"}, 0x4, 0x4}) close_range(r3, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/devices.allow\x00', 0x189002, 0x40) write$cgroup_devices(r6, &(0x7f00000001c0)=ANY=[], 0x11) r7 = openat$tun(0xffffffffffffff9c, 0x0, 0x41, 0x0) close(r7) 4.264289972s ago: executing program 0 (id=437): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) fcntl$dupfd(0xffffffffffffffff, 0x2, 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) fsmount(0xffffffffffffffff, 0x0, 0x8) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f) write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) syz_usb_connect(0x0, 0x24, 0x0, 0x0) openat$comedi(0xffffffffffffff9c, 0x0, 0x2, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, 0x0, 0x0) mount(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x0, &(0x7f0000000280)='\x02\x00\x00\x00\x04\xb0\xfe\x98\x9a!s\x91]\xab\xc9\xa2IV\xb6-\xbfS\x16 \x04\r\xcd\xdb\x9a\xd4\xaf\r\x11\xa0\xd7\xd7\xb6\x9bz\x99\xaf\xfd\x87fN\xad\x90U\xb4A\xdf\xabB\xbba\x7f\xb8\x96\x1a\xe7\xc1\xab\x16\x02\x00\xfaC\x93\xc0S\xaf\f\x1a\fEik\x86\x15\xab\x909\xf8i\xc0\xa7\xa9\xb1\xbe\xc7\x1d\xe0\x18\xd2\xbaG|\xd5fC\x8d\t\x00/I\x8b\xbf\x94\xf4\x96[us\x96\x90\x8d\x9d\xfb\xdc\x7f0&\xab\x17@)\xf1\xc3Q\xb2M :\xaa\x99G\xdd\xa9E6A]@>\f\xb1n\x1a\x8c\xc6e7{@\x90\x8fz\xfcf\x88\x15A\x0e\xbf\xb8\xff\xa8\xb9\xab\x83>\xf9I0\xdd\x93#\x1e\x00\xed#\xc9\xd0Uk\xa6b\xa6/\x15\x92\xc6,p\xc9\xce\xe1\xc3\xd5\x89Lw\x17\x16\x18\xddh\xc8\x81w\x1e\x7f\xc7\x16\xe5\x96\x03\t\xc3\x94\xc7\xeb\xd6.\xfa\xb3\xe0\x1f\xa9\x19\xfaS\x1f[T\x1e\xc5nX\x84\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=0\xc3\xbc\xfd\xce~\xe3\xcaO\"\xbb\xd1\x15\xf2y\xb91\x1d\xab\xeaO\x19\rH4\xc2\xe4\x922~K^K`55\xb7\xd1\n\xba\xb7,\xdb\xc2\x86\xc30bnc\x06\x06q\xe9\x97\fHA<\x94`\xf7H?\x86\xb8C9\b\x18vFWRdNee\xf1A\x06\x8f\x97\x99\xa5A\xfa\x94IfB\xa9\xf5\xd8\x83\xc5\b\x0eL\\Z\x80](f6D\x1a\xf7si\xa4l\xa8\x0f\xcc\xa1\xef\x1bCq\x0e\xf87\xfc\xce\x96cm\x83\x05S\x01Zj`dP:d\xba\x02\x14\xaa\x051\xd7\x87\x1b\xcb\xa2.\x89\x16CRx\x9b\x04\x1f\x8fA\t<\x99/\'tk\xcb\xd7|\x0f\xc9m\x95\x9a\n\v&\xca\xcd\x11\xec\xfd\x17a$.\xe9\x14\x8f\n\x15\x8d\rJ\x99\x8a\x87\x81\xc4S\x85L\xe5w\xa1\xbf\x91Q&6\x8e\xd1\x02\x19K\xd3\xab\xe5\xdc\xac\x05\x8dQ\xf4\x1aa\x86\xbc6\\\x06\xdf\x84\x00+F|\xa6\xc4\xab\x00G\xd0\x14N+\xf9\x84i?C\x81\x8eu\xd3\xcbg\xb7\a\xd9\x9a*\x17>\xac\x9d\x9d\xf6\t\xd8b\x19\x8a\x1e&\xde\x87-%\xf3\x8a2L\x1cQ2\f\x94\xf7\xf9\xadI\xedU\xabr\xe2\xe1\xc2{\b\xa8\xc2\n4\x0f\'\xed\xcc\xd7qG\xa7p\x8ct\xe3/l\v\x93\x8a\x95R\xd6\x19L\x85\x80\x18\x15\xcezn\xa8,i\xf1\x91@\xc0\xb1\a\xfd\xec\x95>\b(\xfa~O\xfd\xe2\a6b\x97\xc6$?;\x8eJ/P\x9d\x17\xaaU\xc4\b') r2 = socket(0x10, 0x3, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000000)=0x639) readv(0xffffffffffffffff, &(0x7f0000000180)=[{0x0}, {0x0}], 0x2) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'ipvlan1\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newqdisc={0x90, 0x24, 0xf0b, 0x70bc26, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffab}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3dc, 0x0, 0x7], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}, @TCA_RATE={0x6, 0x5, {0xfa, 0x3}}]}, 0x90}, 0x1, 0x0, 0x0, 0x2004c084}, 0x20000080) 1.127447779s ago: executing program 0 (id=438): openat$tun(0xffffffffffffff9c, 0x0, 0x622681, 0x0) syz_emit_ethernet(0x0, 0x0, &(0x7f0000000740)={0x0, 0x1, [0x51f, 0x157, 0x49b, 0xd5]}) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x10000, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x8, 0x10, 0x100000002, 0x0, 0xfff, 0xffffffffffffb473, 0xffffffffffffffff}, {0x1000000000, 0x2000000000000000, 0x2, 0xffffffffffffffff}, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x3}}, 0xb8}}, 0x4004) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2, 0xfffffffffffffffb}, {0x0, 0x40000000000000, 0x200000000000000}, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x4000015}, 0x2c000010) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xc4, 0x1b, 0x1, 0xfffffffe, 0x400000, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x4, 0xfffffffffffffffb, 0x0, 0xfffffffffffffffb}, {0x0, 0x0, 0x200000000000000}}, [@mark={0xc, 0x15, {0x35075a, 0xc0}}]}, 0xc4}, 0x1, 0x0, 0x0, 0x40100}, 0x2c000010) 1.099638569s ago: executing program 2 (id=439): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newqdisc={0x34, 0x24, 0xf0b, 0x70bd2e, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x8004001}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x1c, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 1.09671625s ago: executing program 1 (id=440): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x3d6d9000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfff}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) syz_open_dev$video(0x0, 0x100000000, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x0, 0x0}) r4 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000) r5 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r5, 0x40146f2c, &(0x7f0000000100)={0x2, 0x1, 0x3, 0x14, 0x4}) ioctl$DVB_DEMUX_DMX_SET_FILTER(r4, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"2a71f0d3fe13be00", "3d0e00000000003efe56890a5b857206", "47eb0b4a89ffff000000000000c94742"}, 0x4, 0x4}) close_range(r3, 0xffffffffffffffff, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/devices.allow\x00', 0x189002, 0x40) write$cgroup_devices(r6, &(0x7f00000001c0)=ANY=[], 0x11) r7 = openat$tun(0xffffffffffffff9c, 0x0, 0x41, 0x0) close(r7) 1.06767097s ago: executing program 0 (id=441): syz_open_dev$dri(0x0, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x8000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sg(0x0, 0xfffffffffffffffa, 0x1c400) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) socket$nl_generic(0x10, 0x3, 0x10) execve(0x0, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000140)=0x8, 0x4) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) 0s ago: executing program 1 (id=442): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0x10000000005) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x400000000001, 0x0, 0x1, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f000001a400)=""/102384, 0x18ff0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b80)={0x1d, 0x2, 0x0, &(0x7f0000000680)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x35, '\x00', 0x0, 0x2a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) connect$inet(r3, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@private0, @in=@private=0xa010101, 0x4e20, 0x4, 0x4e24, 0x0, 0x2, 0x0, 0x0, 0x1d, 0x0, 0xffffffffffffffff}, {0x10000, 0x4, 0x9, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x7, 0x0, 0xfffffffffffffffc, 0xff}, 0x1, 0x0, 0x1, 0x0, 0x3}, {{@in=@dev={0xac, 0x14, 0x14, 0x3c}, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e}}, 0xe8) kernel console output (not intermixed with test programs): no interfaces have a carrier [ 56.519516][ T5433] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.536244][ T5433] eql: remember to turn off Van-Jacobson compression on your slave devices Starting crond: OK Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.172' (ED25519) to the list of known hosts. syzkaller login: [ 79.689876][ T5755] cgroup: Unknown subsys name 'net' [ 79.857612][ T5755] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 81.238789][ T5755] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 82.532696][ T5769] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 82.541874][ T5769] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 82.571156][ T5769] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 82.581566][ T5769] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 82.589893][ T5769] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 82.597964][ T5769] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 82.631966][ T5769] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 82.644090][ T5769] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 82.653651][ T5769] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 82.662720][ T5769] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 82.681967][ T5769] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 82.691706][ T5769] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 82.749077][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 82.759424][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 82.770999][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 82.781645][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 82.791782][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 82.800806][ T51] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 82.810667][ T5777] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 82.811578][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 82.828654][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 82.849057][ T5084] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 82.861346][ T5084] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 82.873227][ T5084] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 83.134263][ T5767] chnl_net:caif_netlink_parms(): no params data found [ 83.317256][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 83.416152][ T5767] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.425588][ T5767] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.435356][ T5767] bridge_slave_0: entered allmulticast mode [ 83.443684][ T5767] bridge_slave_0: entered promiscuous mode [ 83.460226][ T5767] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.470867][ T5767] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.482449][ T5767] bridge_slave_1: entered allmulticast mode [ 83.492145][ T5767] bridge_slave_1: entered promiscuous mode [ 83.523765][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 83.576416][ T5767] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.588175][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.598532][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.609173][ T5770] bridge_slave_0: entered allmulticast mode [ 83.618995][ T5770] bridge_slave_0: entered promiscuous mode [ 83.634816][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.646610][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.657112][ T5770] bridge_slave_1: entered allmulticast mode [ 83.667360][ T5770] bridge_slave_1: entered promiscuous mode [ 83.686216][ T5773] chnl_net:caif_netlink_parms(): no params data found [ 83.707837][ T5767] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.776950][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.819823][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.855829][ T5767] team0: Port device team_slave_0 added [ 83.897405][ T5767] team0: Port device team_slave_1 added [ 83.916954][ T5770] team0: Port device team_slave_0 added [ 83.930160][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.940541][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.949133][ T5772] bridge_slave_0: entered allmulticast mode [ 83.958564][ T5772] bridge_slave_0: entered promiscuous mode [ 83.979205][ T5770] team0: Port device team_slave_1 added [ 84.003420][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.012401][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.019857][ T5772] bridge_slave_1: entered allmulticast mode [ 84.027577][ T5772] bridge_slave_1: entered promiscuous mode [ 84.095361][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.104872][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.137761][ T5767] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.158989][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.170116][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.213413][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.249611][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.266007][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.279120][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.315277][ T5767] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.329953][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.341366][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.384278][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.411859][ T5773] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.424694][ T5773] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.434596][ T5773] bridge_slave_0: entered allmulticast mode [ 84.443282][ T5773] bridge_slave_0: entered promiscuous mode [ 84.459479][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.492054][ T5773] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.506077][ T5773] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.517151][ T5773] bridge_slave_1: entered allmulticast mode [ 84.526520][ T5773] bridge_slave_1: entered promiscuous mode [ 84.587391][ T5767] hsr_slave_0: entered promiscuous mode [ 84.597341][ T5767] hsr_slave_1: entered promiscuous mode [ 84.631608][ T5084] Bluetooth: hci0: command tx timeout [ 84.651218][ T5773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.668319][ T5772] team0: Port device team_slave_0 added [ 84.680956][ T5772] team0: Port device team_slave_1 added [ 84.717168][ T5773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.744489][ T5770] hsr_slave_0: entered promiscuous mode [ 84.753554][ T5770] hsr_slave_1: entered promiscuous mode [ 84.763542][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 84.776968][ T5770] Cannot create hsr debugfs directory [ 84.790700][ T5084] Bluetooth: hci1: command tx timeout [ 84.855432][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.864763][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.901398][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.951031][ T5084] Bluetooth: hci3: command tx timeout [ 84.951045][ T51] Bluetooth: hci2: command tx timeout [ 84.967573][ T5773] team0: Port device team_slave_0 added [ 84.977021][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.986924][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.021684][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.046960][ T5773] team0: Port device team_slave_1 added [ 85.120849][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.132010][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.164458][ T5773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.211809][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.224161][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.257049][ T5773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.336757][ T5772] hsr_slave_0: entered promiscuous mode [ 85.346524][ T5772] hsr_slave_1: entered promiscuous mode [ 85.362783][ T5772] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 85.372984][ T5772] Cannot create hsr debugfs directory [ 85.525696][ T5773] hsr_slave_0: entered promiscuous mode [ 85.532772][ T5773] hsr_slave_1: entered promiscuous mode [ 85.540715][ T5773] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 85.549968][ T5773] Cannot create hsr debugfs directory [ 85.657415][ T5767] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 85.679528][ T5767] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 85.692150][ T5767] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 85.719318][ T5767] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 85.822264][ T5770] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 85.833756][ T5770] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 85.851751][ T5770] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 85.864012][ T5770] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 85.971912][ T5772] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 85.991772][ T5772] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 86.005123][ T5772] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 86.033602][ T5772] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 86.174835][ T5773] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 86.194301][ T5773] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 86.220287][ T5773] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 86.234675][ T5773] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 86.314725][ T5767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.396860][ T5767] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.418552][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.464120][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.472725][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.503134][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.511446][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.544479][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.567685][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.583889][ T4030] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.591683][ T4030] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.634147][ T4030] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.642886][ T4030] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.710878][ T5084] Bluetooth: hci0: command tx timeout [ 86.739668][ T5773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.753972][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.802551][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.810007][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.846365][ T5773] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.868104][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.875853][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.881059][ T5084] Bluetooth: hci1: command tx timeout [ 86.939381][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.946864][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.019689][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.027210][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.035137][ T5084] Bluetooth: hci2: command tx timeout [ 87.043235][ T5084] Bluetooth: hci3: command tx timeout [ 87.194631][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.235884][ T5767] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.409047][ T5770] veth0_vlan: entered promiscuous mode [ 87.432958][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.467768][ T5767] veth0_vlan: entered promiscuous mode [ 87.492977][ T5770] veth1_vlan: entered promiscuous mode [ 87.522851][ T5767] veth1_vlan: entered promiscuous mode [ 87.648049][ T5770] veth0_macvtap: entered promiscuous mode [ 87.658298][ T5773] veth0_vlan: entered promiscuous mode [ 87.680123][ T5767] veth0_macvtap: entered promiscuous mode [ 87.703774][ T5770] veth1_macvtap: entered promiscuous mode [ 87.724831][ T5767] veth1_macvtap: entered promiscuous mode [ 87.737653][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.756857][ T5773] veth1_vlan: entered promiscuous mode [ 87.817982][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.845187][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.859108][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.871971][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.914256][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.942129][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.954713][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.969369][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.988474][ T5770] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.007564][ T5770] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.018822][ T5770] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.034875][ T5770] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.070119][ T5767] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.088243][ T5767] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.099564][ T5767] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.113277][ T5767] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.185617][ T5773] veth0_macvtap: entered promiscuous mode [ 88.210100][ T5772] veth0_vlan: entered promiscuous mode [ 88.228390][ T5773] veth1_macvtap: entered promiscuous mode [ 88.303620][ T5772] veth1_vlan: entered promiscuous mode [ 88.347244][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.362850][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.375927][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.387977][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.402232][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.473297][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.473912][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.484658][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.505007][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.515893][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.523349][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.530784][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.557996][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.569153][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.586288][ T5773] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.598922][ T5773] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.608593][ T5773] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.617868][ T5773] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.664724][ T5772] veth0_macvtap: entered promiscuous mode [ 88.693886][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.694610][ T5772] veth1_macvtap: entered promiscuous mode [ 88.706723][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.731478][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.740139][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.751717][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.752163][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.770462][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.781320][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.791713][ T51] Bluetooth: hci0: command tx timeout [ 88.798000][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.808745][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.822355][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.899413][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.925547][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.936889][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.948157][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.958688][ T51] Bluetooth: hci1: command tx timeout [ 88.964973][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.976284][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.003075][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.039311][ T5772] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.054521][ T5772] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.064419][ T5772] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.074798][ T5772] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.115408][ T51] Bluetooth: hci3: command tx timeout [ 89.117419][ T5084] Bluetooth: hci2: command tx timeout [ 89.136994][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.147510][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.257149][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.286285][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.392053][ T5834] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 89.457566][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.493210][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.637112][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.653254][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.764905][ T5842] syz.0.6[5842]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 89.920521][ T5844] binder: BINDER_SET_CONTEXT_MGR already set [ 89.927829][ T5844] binder: 5839:5844 ioctl 4018620d 200000004a80 returned -16 [ 91.299570][ T5849] syz.2.3 (5849): drop_caches: 2 [ 91.321509][ T5084] Bluetooth: hci0: command tx timeout [ 91.327085][ T5084] Bluetooth: hci1: command tx timeout [ 91.334463][ T5084] Bluetooth: hci3: command tx timeout [ 91.340838][ T5084] Bluetooth: hci2: command tx timeout [ 91.630827][ T5827] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 92.012132][ T5827] usb 4-1: Using ep0 maxpacket: 32 [ 92.032079][ T5827] usb 4-1: config 2 has an invalid interface number: 88 but max is 0 [ 92.079896][ T5827] usb 4-1: config 2 has no interface number 0 [ 92.237044][ T5827] usb 4-1: config 2 interface 88 has no altsetting 0 [ 92.448062][ T5827] usb 4-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e [ 92.463008][ T5827] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.533872][ T5827] usb 4-1: Product: syz [ 92.550988][ T5827] usb 4-1: Manufacturer: syz [ 92.554615][ T8] cfg80211: failed to load regulatory.db [ 92.577500][ T5827] usb 4-1: SerialNumber: syz [ 92.793926][ T5875] netlink: 16 bytes leftover after parsing attributes in process `syz.0.17'. [ 92.983278][ T5878] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 92.992397][ T5878] batadv_slave_0: entered promiscuous mode [ 93.054453][ T5880] binder: BINDER_SET_CONTEXT_MGR already set [ 93.062683][ T5880] binder: 5872:5880 ioctl 4018620d 200000004a80 returned -16 [ 93.683262][ T5827] asix 4-1:2.88 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 93.696454][ T5827] asix: probe of 4-1:2.88 failed with error -71 [ 93.728010][ T5878] syz.0.17 (5878) used greatest stack depth: 20776 bytes left [ 93.740908][ T5827] usb 4-1: USB disconnect, device number 2 [ 94.024373][ T5888] ======================================================= [ 94.024373][ T5888] WARNING: The mand mount option has been deprecated and [ 94.024373][ T5888] and is ignored by this kernel. Remove the mand [ 94.024373][ T5888] option from the mount to silence this warning. [ 94.024373][ T5888] ======================================================= [ 94.170105][ T5895] netlink: 124 bytes leftover after parsing attributes in process `syz.2.23'. [ 94.536154][ T5904] binder_alloc: 5903: binder_alloc_buf, no vma [ 96.206603][ T5941] loop3: detected capacity change from 0 to 16 [ 96.502710][ T5942] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 96.782766][ T51] block nbd1: Receive control failed (result -32) [ 96.795983][ T5938] block nbd1: shutting down sockets [ 96.969620][ T5953] sch_tbf: burst 4 is lower than device lo mtu (65550) ! [ 97.461360][ T5968] Bluetooth: MGMT ver 1.22 [ 97.783811][ T5981] loop2: detected capacity change from 0 to 16 [ 98.081017][ T5982] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 98.439004][ T5757] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 98.606783][ T5993] netlink: 12 bytes leftover after parsing attributes in process `syz.2.56'. [ 99.331131][ T5757] usb 1-1: no configurations [ 99.336516][ T5757] usb 1-1: can't read configurations, error -22 [ 99.500827][ T5999] syz.2.60 uses obsolete (PF_INET,SOCK_PACKET) [ 99.513806][ T5757] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 99.712914][ T5757] usb 1-1: no configurations [ 99.724582][ T5757] usb 1-1: can't read configurations, error -22 [ 99.799867][ T5757] usb usb1-port1: attempt power cycle [ 100.162380][ T6013] loop2: detected capacity change from 0 to 16 [ 101.209615][ T5974] orangefs_mount: mount request failed with -4 [ 101.282046][ T5757] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 101.291457][ T6012] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 101.721735][ T5757] usb 1-1: device descriptor read/8, error -71 [ 101.990262][ T6025] netlink: 12 bytes leftover after parsing attributes in process `syz.3.69'. [ 104.638137][ T6048] loop0: detected capacity change from 0 to 16 [ 105.572563][ T6045] sched: RT throttling activated [ 105.787935][ T6047] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 108.859693][ T6091] netlink: 8 bytes leftover after parsing attributes in process `syz.2.91'. [ 109.076740][ T6088] netlink: 8 bytes leftover after parsing attributes in process `syz.2.91'. [ 109.594739][ T6100] loop0: detected capacity change from 0 to 16 [ 110.437103][ T6100] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 112.390921][ T5827] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 112.930713][ T5827] usb 2-1: Using ep0 maxpacket: 32 [ 113.117255][ T5827] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 113.184651][ T5827] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 113.255905][ T5827] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 113.320330][ T5827] usb 2-1: Product: syz [ 113.349175][ T5827] usb 2-1: Manufacturer: syz [ 113.376271][ T5827] usb 2-1: SerialNumber: syz [ 113.389989][ T5827] usb 2-1: config 0 descriptor?? [ 113.411631][ T6120] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 113.439251][ T5827] hub 2-1:0.0: bad descriptor, ignoring hub [ 113.455380][ T5827] hub: probe of 2-1:0.0 failed with error -5 [ 115.212643][ T6120] usb 2-1: reset high-speed USB device number 2 using dummy_hcd [ 115.395379][ T6120] usb 2-1: device reset changed ep0 maxpacket size! [ 115.562469][ T5827] usb 2-1: USB disconnect, device number 2 [ 122.092874][ T6235] binder: BINDER_SET_CONTEXT_MGR already set [ 122.109555][ T6235] binder: 6234:6235 ioctl 4018620d 200000004a80 returned -16 [ 123.607159][ T6250] loop0: detected capacity change from 0 to 16 [ 123.649851][ T6250] erofs: (device loop0): mounted with root inode @ nid 36. [ 123.688034][ T6250] syz.0.137: attempt to access beyond end of device [ 123.688034][ T6250] loop0: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 123.752703][ T6250] syz.0.137: attempt to access beyond end of device [ 123.752703][ T6250] loop0: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 123.790459][ T6250] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 123.832487][ T6250] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 123.847237][ T6250] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 123.873671][ T28] audit: type=1800 audit(1777402308.879:2): pid=6250 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.137" name="file2" dev="loop0" ino=89 res=0 errno=0 [ 124.258797][ T6250] syz.0.137 (6250) used greatest stack depth: 19016 bytes left [ 126.495359][ T9] libceph: connect (1)[c::]:6789 error -101 [ 126.515047][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 126.544276][ T9] libceph: connect (1)[c::]:6789 error -101 [ 126.555995][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 126.589255][ T6273] ceph: No mds server is up or the cluster is laggy [ 133.570654][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.577891][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.682043][ T6353] netlink: 4 bytes leftover after parsing attributes in process `syz.0.165'. [ 134.868137][ T6367] trusted_key: syz.0.168 sent an empty control message without MSG_MORE. [ 137.760943][ T6396] netlink: 'syz.3.179': attribute type 24 has an invalid length. [ 140.207726][ T6422] netlink: 4 bytes leftover after parsing attributes in process `syz.1.186'. [ 141.434198][ T6447] loop1: detected capacity change from 0 to 16 [ 142.256060][ T6439] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 142.260954][ T5762] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 142.523930][ T6455] netlink: 16 bytes leftover after parsing attributes in process `syz.0.195'. [ 143.288710][ T28] audit: type=1326 audit(1777402328.359:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab939cdd9 code=0x7ffc0000 [ 143.530938][ T28] audit: type=1326 audit(1777402328.399:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab939cdd9 code=0x7ffc0000 [ 143.974890][ T28] audit: type=1326 audit(1777402328.419:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab939cdd9 code=0x7ffc0000 [ 143.997884][ C0] vkms_vblank_simulate: vblank timer overrun [ 144.001073][ T6475] netlink: 'syz.3.202': attribute type 24 has an invalid length. [ 144.054298][ T28] audit: type=1326 audit(1777402328.429:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcab935d60e code=0x7ffc0000 [ 144.197887][ T28] audit: type=1326 audit(1777402328.429:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcab935d60e code=0x7ffc0000 [ 144.280377][ T28] audit: type=1326 audit(1777402328.429:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab939cdd9 code=0x7ffc0000 [ 144.362302][ T28] audit: type=1326 audit(1777402328.429:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab939cdd9 code=0x7ffc0000 [ 144.444624][ T28] audit: type=1326 audit(1777402328.429:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab939cdd9 code=0x7ffc0000 [ 144.508429][ T28] audit: type=1326 audit(1777402328.459:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab939cdd9 code=0x7ffc0000 [ 144.534898][ C0] vkms_vblank_simulate: vblank timer overrun [ 144.591618][ T28] audit: type=1326 audit(1777402328.459:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=217 compat=0 ip=0x7fcab939cdd9 code=0x7ffc0000 [ 144.614788][ C0] vkms_vblank_simulate: vblank timer overrun [ 144.887538][ T6494] loop3: detected capacity change from 0 to 16 [ 146.883955][ T6493] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 147.218517][ T6500] netlink: 16 bytes leftover after parsing attributes in process `syz.2.209'. [ 148.005516][ T6500] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 148.017345][ T6500] batadv_slave_0: entered promiscuous mode [ 149.080962][ T6518] netlink: 'syz.3.213': attribute type 25 has an invalid length. [ 151.604215][ T6556] netlink: 12 bytes leftover after parsing attributes in process `syz.1.226'. [ 151.665213][ T6556] vlan2: entered promiscuous mode [ 151.676799][ T6556] gretap0: entered promiscuous mode [ 153.891550][ T6569] netlink: 'syz.1.229': attribute type 25 has an invalid length. [ 154.102249][ T6578] netlink: 4 bytes leftover after parsing attributes in process `syz.1.233'. [ 157.149549][ T6607] netlink: 4 bytes leftover after parsing attributes in process `syz.2.242'. [ 157.725008][ T6604] syz.3.240 (6604): drop_caches: 2 [ 160.668412][ T6641] loop3: detected capacity change from 0 to 16 [ 160.781805][ T6641] erofs: (device loop3): mounted with root inode @ nid 36. [ 160.800236][ T6641] syz.3.251: attempt to access beyond end of device [ 160.800236][ T6641] loop3: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 160.838028][ T6641] syz.3.251: attempt to access beyond end of device [ 160.838028][ T6641] loop3: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 160.854038][ T6641] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 160.911421][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 160.911455][ T28] audit: type=1800 audit(1777402345.949:18): pid=6641 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.251" name="file2" dev="loop3" ino=89 res=0 errno=0 [ 160.949415][ T6643] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 160.961109][ T6643] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 161.333109][ T6645] netlink: 4 bytes leftover after parsing attributes in process `syz.2.253'. [ 165.443699][ T6685] loop1: detected capacity change from 0 to 16 [ 166.292626][ T6685] erofs: (device loop1): mounted with root inode @ nid 36. [ 166.313599][ T6684] syz.1.263: attempt to access beyond end of device [ 166.313599][ T6684] loop1: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 166.343240][ T6684] syz.1.263: attempt to access beyond end of device [ 166.343240][ T6684] loop1: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 166.361894][ T6684] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 166.378774][ T28] audit: type=1800 audit(1777402351.459:19): pid=6684 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.263" name="file2" dev="loop1" ino=89 res=0 errno=0 [ 166.453386][ T6685] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 166.465928][ T6685] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 167.871706][ T6707] process 'syz.1.268' launched './file0' with NULL argv: empty string added [ 171.498937][ T6746] loop0: detected capacity change from 0 to 8192 [ 171.882816][ T6749] ./file0: Can't lookup blockdev [ 173.387818][ T6746] loop0: p1 p2 p4[EZD] [ 173.473049][ T6746] loop0: p4 start 201326592 is beyond EOD, truncated [ 175.005805][ T5762] udevd[5762]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 175.023451][ T5760] udevd[5760]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 175.190955][ T6756] netlink: 16 bytes leftover after parsing attributes in process `syz.3.284'. [ 175.221859][ T6756] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 175.462667][ T6756] batadv_slave_0: entered promiscuous mode [ 177.221396][ T6794] netlink: 16 bytes leftover after parsing attributes in process `syz.3.296'. [ 180.755289][ T6824] netlink: 16 bytes leftover after parsing attributes in process `syz.2.306'. [ 183.945705][ T6847] netlink: 'syz.0.316': attribute type 25 has an invalid length. [ 184.180502][ T6852] netlink: 16 bytes leftover after parsing attributes in process `syz.2.318'. [ 189.427930][ T6896] netlink: 16 bytes leftover after parsing attributes in process `syz.2.329'. [ 189.991017][ T6910] netlink: 4 bytes leftover after parsing attributes in process `syz.0.333'. [ 192.858692][ T6927] netlink: 16 bytes leftover after parsing attributes in process `syz.2.339'. [ 194.954907][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.961686][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.276522][ T6955] netlink: 16 bytes leftover after parsing attributes in process `syz.1.349'. [ 196.078141][ T6960] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 196.147546][ T6960] batadv_slave_0: entered promiscuous mode [ 200.273812][ T6999] netlink: 16 bytes leftover after parsing attributes in process `syz.0.360'. [ 202.654080][ T7028] Bluetooth: hci0: invalid len left 7, exp >= 43 [ 207.839704][ T7045] Bluetooth: hci0: command 0x0406 tx timeout [ 207.851709][ T7045] Bluetooth: hci1: command 0x0406 tx timeout [ 207.858149][ T7045] Bluetooth: hci3: command 0x0406 tx timeout [ 207.864596][ T7045] Bluetooth: hci2: command 0x0406 tx timeout [ 211.832402][ T7078] netlink: 4 bytes leftover after parsing attributes in process `syz.0.384'. [ 212.886204][ T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 213.240476][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 213.290046][ T9] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 213.327942][ T9] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice= 0.03 [ 213.553533][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.566285][ T9] usb 2-1: config 0 descriptor?? [ 215.049867][ T5805] usb 2-1: USB disconnect, device number 4 [ 215.923119][ T7123] tmpfs: Bad value for 'mpol' [ 215.923843][ T7122] netlink: 4 bytes leftover after parsing attributes in process `syz.2.395'. [ 218.851358][ T7142] Zero length message leads to an empty skb [ 219.510591][ T7150] netlink: 4 bytes leftover after parsing attributes in process `syz.3.408'. [ 220.057904][ T7163] netlink: 12 bytes leftover after parsing attributes in process `syz.2.404'. [ 222.411889][ T7185] netlink: 4 bytes leftover after parsing attributes in process `syz.2.418'. [ 226.609081][ T7210] capability: warning: `syz.3.426' uses 32-bit capabilities (legacy support in use) [ 226.800455][ T7221] netlink: 4 bytes leftover after parsing attributes in process `syz.1.429'. [ 232.444139][ T7256] netlink: 4 bytes leftover after parsing attributes in process `syz.0.438'. [ 234.010675][ C0] ------------[ cut here ]------------ [ 234.016555][ C0] WARNING: CPU: 0 PID: 7268 at net/mac80211/tx.c:5033 __ieee80211_beacon_get+0x1233/0x1600 [ 234.026917][ C0] Modules linked in: [ 234.031260][ C0] CPU: 0 PID: 7268 Comm: syz.1.442 Not tainted syzkaller #0 [ 234.039269][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 234.050455][ C0] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600 [ 234.057092][ C0] Code: 24 4c 89 e7 e8 fe 69 c0 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 f9 a7 82 f7 0f 0b e9 f6 f7 ff ff e8 ed a7 82 f7 <0f> 0b e9 48 fb ff ff e8 e1 a7 82 f7 48 c7 c7 60 89 64 8e 4c 89 e6 [ 234.078153][ C0] RSP: 0018:ffffc90000007a18 EFLAGS: 00010246 [ 234.085249][ C0] RAX: ffffffff8a047a13 RBX: ffffffff8a046816 RCX: ffff88802097bc00 [ 234.094050][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 234.103192][ C0] RBP: 0000000000000000 R08: ffff88802097bc00 R09: 0000000000000003 [ 234.111789][ C0] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88805d4ca3c0 [ 234.120438][ C0] R13: dffffc0000000000 R14: ffff88805d4ca8b0 R15: ffff88805d975424 [ 234.128782][ C0] FS: 00007fa04f1f66c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 234.138092][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 234.145926][ C0] CR2: 000055558ddb54a0 CR3: 000000005e210000 CR4: 00000000003506f0 [ 234.155241][ C0] Call Trace: [ 234.158955][ C0] [ 234.162037][ C0] ? __ieee80211_beacon_get+0x36/0x1600 [ 234.168430][ C0] ieee80211_beacon_get_tim+0xbf/0x580 [ 234.174752][ C0] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 234.181952][ C0] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 234.187912][ C0] __iterate_interfaces+0x243/0x500 [ 234.193288][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 234.199898][ C0] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 234.209068][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 234.215657][ C0] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 234.223019][ C0] mac80211_hwsim_beacon+0xbb/0x1b0 [ 234.229554][ C0] __hrtimer_run_queues+0x520/0xc40 [ 234.235458][ C0] ? ktime_get_update_offsets_now+0x99/0x3f0 [ 234.242214][ C0] ? hw_scan_work+0xf60/0xf60 [ 234.247909][ C0] ? hrtimer_interrupt+0x9c0/0x9c0 [ 234.254395][ C0] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 234.262509][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 234.268619][ C0] handle_softirqs+0x280/0x820 [ 234.275879][ C0] ? __irq_exit_rcu+0xd3/0x190 [ 234.281543][ C0] ? do_softirq+0x1a0/0x1a0 [ 234.286965][ C0] __irq_exit_rcu+0xd3/0x190 [ 234.293244][ C0] ? irq_exit_rcu+0x20/0x20 [ 234.298177][ C0] irq_exit_rcu+0x9/0x20 [ 234.304025][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 234.311964][ C0] [ 234.315481][ C0] [ 234.319775][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 234.327445][ C0] RIP: 0010:lock_acquire+0x208/0x420 [ 234.334419][ C0] Code: f7 84 24 80 00 00 00 00 02 00 00 43 c6 44 3c 04 f8 0f 85 f0 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 04 3c 00 00 00 00 43 c7 44 3c 08 00 00 00 00 65 48 8b 04 25 [ 234.357848][ C0] RSP: 0018:ffffc9000be1ee00 EFLAGS: 00000206 [ 234.366580][ C0] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 3f163705cd768100 [ 234.376796][ C0] RDX: 0000000000000000 RSI: ffffffff8acadb60 RDI: ffffffff8b1c8fe0 [ 234.388442][ C0] RBP: ffffc9000be1ef08 R08: dffffc0000000000 R09: 1ffffffff2238ca0 [ 234.398924][ C0] R10: dffffc0000000000 R11: fffffbfff2238ca1 R12: 1ffff920017c3dcc [ 234.409527][ C0] R13: ffffffff8d1320e0 R14: 0000000000000246 R15: dffffc0000000000 [ 234.419545][ C0] ? verify_lock_unused+0x140/0x140 [ 234.426583][ C0] ? read_lock_is_recursive+0x20/0x20 [ 234.433641][ C0] ? verify_lock_unused+0x140/0x140 [ 234.440531][ C0] ? mark_lock+0x94/0x320 [ 234.447710][ C0] ? filemap_get_entry+0xce/0x3f0 [ 234.453698][ C0] filemap_get_entry+0xea/0x3f0 [ 234.459451][ C0] ? filemap_get_entry+0xce/0x3f0 [ 234.466965][ C0] ? page_cache_prev_miss+0x390/0x390 [ 234.473895][ C0] shmem_get_folio_gfp+0x2a5/0x2aa0 [ 234.479639][ C0] shmem_write_begin+0xf2/0x420 [ 234.485901][ C0] generic_perform_write+0x2fe/0x5c0 [ 234.492238][ C0] ? generic_file_direct_write+0x3e0/0x3e0 [ 234.499284][ C0] ? down_write+0x16e/0x200 [ 234.504999][ C0] ? file_update_time+0x98/0x1a0 [ 234.510517][ C0] shmem_file_write_iter+0xfb/0x120 [ 234.517688][ C0] __kernel_write_iter+0x28c/0x690 [ 234.523583][ C0] ? vfs_read+0x970/0x970 [ 234.528626][ C0] ? get_dump_page+0x156/0x200 [ 234.536573][ C0] ? __asan_memset+0x22/0x40 [ 234.541784][ C0] ? iov_iter_bvec+0xd4/0x1b0 [ 234.547445][ C0] dump_user_range+0x420/0x860 [ 234.552455][ C0] ? dump_skip+0x40/0x40 [ 234.556892][ C0] ? dump_emit+0x78/0xe0 [ 234.561624][ C0] ? dump_emit+0xa6/0xe0 [ 234.566076][ C0] ? elf_core_dump+0x2bae/0x3770 [ 234.571162][ C0] elf_core_dump+0x31d0/0x3770 [ 234.575965][ C0] ? load_elf_binary+0x2860/0x2860 [ 234.581396][ C0] ? dump_vma_snapshot+0xbe8/0x1090 [ 234.586916][ C0] ? verify_lock_unused+0x140/0x140 [ 234.592286][ C0] ? mas_next_slot+0x94f/0x980 [ 234.597880][ C0] ? rcu_read_lock_any_held+0xb4/0x140 [ 234.603517][ C0] ? 0xffffffffff600000 [ 234.608208][ C0] do_coredump+0x17cc/0x24d0 [ 234.613742][ C0] ? nfs_stat_to_errno+0x1a0/0x1a0 [ 234.619849][ C0] ? lock_chain_count+0x20/0x20 [ 234.625106][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 234.630725][ C0] ? lockdep_hardirqs_on+0x98/0x150 [ 234.636018][ C0] get_signal+0x1133/0x13f0 [ 234.640795][ C0] arch_do_signal_or_restart+0xc2/0x800 [ 234.647618][ C0] ? get_sigframe_size+0x20/0x20 [ 234.652709][ C0] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 234.658918][ C0] ? exit_to_user_mode_loop+0x3b/0x110 [ 234.664712][ C0] exit_to_user_mode_loop+0x70/0x110 [ 234.670498][ C0] exit_to_user_mode_prepare+0xee/0x180 [ 234.676963][ C0] irqentry_exit_to_user_mode+0x9/0x30 [ 234.682585][ C0] exc_page_fault+0x8c/0x100 [ 234.687563][ C0] asm_exc_page_fault+0x26/0x30 [ 234.692652][ C0] RIP: 0033:0x7fa050f9cde1 [ 234.698240][ C0] Code: 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 234.719679][ C0] RSP: 002b:fffffffffffffe70 EFLAGS: 00010217 [ 234.726934][ C0] RAX: 0000000000000000 RBX: 00007fa051216090 RCX: 00007fa050f9cdd9 [ 234.736042][ C0] RDX: 0000000000000000 RSI: fffffffffffffe70 RDI: 0000000000008000 [ 234.745382][ C0] RBP: 00007fa051032d69 R08: 0000000000000000 R09: 0000000000000000 [ 234.754661][ C0] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 234.764253][ C0] R13: 00007fa051216128 R14: 00007fa051216090 R15: 00007ffdf1fcc558 [ 234.772598][ C0] [ 234.775940][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 234.783648][ C0] CPU: 0 PID: 7268 Comm: syz.1.442 Not tainted syzkaller #0 [ 234.791367][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 234.802191][ C0] Call Trace: [ 234.806240][ C0] [ 234.810187][ C0] dump_stack_lvl+0x18c/0x250 [ 234.815675][ C0] ? show_regs_print_info+0x20/0x20 [ 234.821261][ C0] ? load_image+0x420/0x420 [ 234.826942][ C0] panic+0x2dc/0x730 [ 234.831589][ C0] ? bpf_jit_dump+0xd0/0xd0 [ 234.836735][ C0] __warn+0x2e0/0x470 [ 234.841312][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 234.848016][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 234.855302][ C0] report_bug+0x2be/0x4f0 [ 234.860904][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 234.867816][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 234.875257][ C0] ? __ieee80211_beacon_get+0x1235/0x1600 [ 234.882223][ C0] handle_bug+0xcf/0x120 [ 234.887251][ C0] exc_invalid_op+0x1a/0x50 [ 234.892360][ C0] asm_exc_invalid_op+0x1a/0x20 [ 234.897413][ C0] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600 [ 234.904274][ C0] Code: 24 4c 89 e7 e8 fe 69 c0 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 f9 a7 82 f7 0f 0b e9 f6 f7 ff ff e8 ed a7 82 f7 <0f> 0b e9 48 fb ff ff e8 e1 a7 82 f7 48 c7 c7 60 89 64 8e 4c 89 e6 [ 234.925548][ C0] RSP: 0018:ffffc90000007a18 EFLAGS: 00010246 [ 234.932248][ C0] RAX: ffffffff8a047a13 RBX: ffffffff8a046816 RCX: ffff88802097bc00 [ 234.941022][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 234.949076][ C0] RBP: 0000000000000000 R08: ffff88802097bc00 R09: 0000000000000003 [ 234.957374][ C0] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88805d4ca3c0 [ 234.965518][ C0] R13: dffffc0000000000 R14: ffff88805d4ca8b0 R15: ffff88805d975424 [ 234.973658][ C0] ? __ieee80211_beacon_get+0x36/0x1600 [ 234.979423][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 234.985396][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 234.991202][ C0] ? __ieee80211_beacon_get+0x36/0x1600 [ 234.996871][ C0] ieee80211_beacon_get_tim+0xbf/0x580 [ 235.002533][ C0] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 235.009564][ C0] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 235.015504][ C0] __iterate_interfaces+0x243/0x500 [ 235.020740][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 235.027347][ C0] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 235.035141][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 235.041574][ C0] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 235.049165][ C0] mac80211_hwsim_beacon+0xbb/0x1b0 [ 235.054624][ C0] __hrtimer_run_queues+0x520/0xc40 [ 235.060188][ C0] ? ktime_get_update_offsets_now+0x99/0x3f0 [ 235.066552][ C0] ? hw_scan_work+0xf60/0xf60 [ 235.071961][ C0] ? hrtimer_interrupt+0x9c0/0x9c0 [ 235.077372][ C0] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 235.083812][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 235.089554][ C0] handle_softirqs+0x280/0x820 [ 235.094441][ C0] ? __irq_exit_rcu+0xd3/0x190 [ 235.099425][ C0] ? do_softirq+0x1a0/0x1a0 [ 235.104076][ C0] __irq_exit_rcu+0xd3/0x190 [ 235.108884][ C0] ? irq_exit_rcu+0x20/0x20 [ 235.113504][ C0] irq_exit_rcu+0x9/0x20 [ 235.117935][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 235.123713][ C0] [ 235.127002][ C0] [ 235.130050][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 235.136128][ C0] RIP: 0010:lock_acquire+0x208/0x420 [ 235.141981][ C0] Code: f7 84 24 80 00 00 00 00 02 00 00 43 c6 44 3c 04 f8 0f 85 f0 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 04 3c 00 00 00 00 43 c7 44 3c 08 00 00 00 00 65 48 8b 04 25 [ 235.162150][ C0] RSP: 0018:ffffc9000be1ee00 EFLAGS: 00000206 [ 235.168762][ C0] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 3f163705cd768100 [ 235.178656][ C0] RDX: 0000000000000000 RSI: ffffffff8acadb60 RDI: ffffffff8b1c8fe0 [ 235.190806][ C0] RBP: ffffc9000be1ef08 R08: dffffc0000000000 R09: 1ffffffff2238ca0 [ 235.200306][ C0] R10: dffffc0000000000 R11: fffffbfff2238ca1 R12: 1ffff920017c3dcc [ 235.208653][ C0] R13: ffffffff8d1320e0 R14: 0000000000000246 R15: dffffc0000000000 [ 235.217193][ C0] ? verify_lock_unused+0x140/0x140 [ 235.222648][ C0] ? read_lock_is_recursive+0x20/0x20 [ 235.228066][ C0] ? verify_lock_unused+0x140/0x140 [ 235.233549][ C0] ? mark_lock+0x94/0x320 [ 235.238292][ C0] ? filemap_get_entry+0xce/0x3f0 [ 235.244643][ C0] filemap_get_entry+0xea/0x3f0 [ 235.249654][ C0] ? filemap_get_entry+0xce/0x3f0 [ 235.255649][ C0] ? page_cache_prev_miss+0x390/0x390 [ 235.261377][ C0] shmem_get_folio_gfp+0x2a5/0x2aa0 [ 235.267203][ C0] shmem_write_begin+0xf2/0x420 [ 235.272788][ C0] generic_perform_write+0x2fe/0x5c0 [ 235.278366][ C0] ? generic_file_direct_write+0x3e0/0x3e0 [ 235.284547][ C0] ? down_write+0x16e/0x200 [ 235.289257][ C0] ? file_update_time+0x98/0x1a0 [ 235.294671][ C0] shmem_file_write_iter+0xfb/0x120 [ 235.300171][ C0] __kernel_write_iter+0x28c/0x690 [ 235.305385][ C0] ? vfs_read+0x970/0x970 [ 235.309974][ C0] ? get_dump_page+0x156/0x200 [ 235.314775][ C0] ? __asan_memset+0x22/0x40 [ 235.319819][ C0] ? iov_iter_bvec+0xd4/0x1b0 [ 235.324725][ C0] dump_user_range+0x420/0x860 [ 235.330694][ C0] ? dump_skip+0x40/0x40 [ 235.336424][ C0] ? dump_emit+0x78/0xe0 [ 235.340979][ C0] ? dump_emit+0xa6/0xe0 [ 235.345509][ C0] ? elf_core_dump+0x2bae/0x3770 [ 235.351359][ C0] elf_core_dump+0x31d0/0x3770 [ 235.356538][ C0] ? load_elf_binary+0x2860/0x2860 [ 235.362022][ C0] ? dump_vma_snapshot+0xbe8/0x1090 [ 235.367978][ C0] ? verify_lock_unused+0x140/0x140 [ 235.373549][ C0] ? mas_next_slot+0x94f/0x980 [ 235.378992][ C0] ? rcu_read_lock_any_held+0xb4/0x140 [ 235.384834][ C0] ? 0xffffffffff600000 [ 235.389589][ C0] do_coredump+0x17cc/0x24d0 [ 235.395017][ C0] ? nfs_stat_to_errno+0x1a0/0x1a0 [ 235.400515][ C0] ? lock_chain_count+0x20/0x20 [ 235.406128][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 235.411499][ C0] ? lockdep_hardirqs_on+0x98/0x150 [ 235.416995][ C0] get_signal+0x1133/0x13f0 [ 235.421659][ C0] arch_do_signal_or_restart+0xc2/0x800 [ 235.427473][ C0] ? get_sigframe_size+0x20/0x20 [ 235.432544][ C0] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 235.439551][ C0] ? exit_to_user_mode_loop+0x3b/0x110 [ 235.445350][ C0] exit_to_user_mode_loop+0x70/0x110 [ 235.450731][ C0] exit_to_user_mode_prepare+0xee/0x180 [ 235.456499][ C0] irqentry_exit_to_user_mode+0x9/0x30 [ 235.462253][ C0] exc_page_fault+0x8c/0x100 [ 235.466968][ C0] asm_exc_page_fault+0x26/0x30 [ 235.471996][ C0] RIP: 0033:0x7fa050f9cde1 [ 235.477119][ C0] Code: 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 235.497548][ C0] RSP: 002b:fffffffffffffe70 EFLAGS: 00010217 [ 235.503983][ C0] RAX: 0000000000000000 RBX: 00007fa051216090 RCX: 00007fa050f9cdd9 [ 235.512328][ C0] RDX: 0000000000000000 RSI: fffffffffffffe70 RDI: 0000000000008000 [ 235.520394][ C0] RBP: 00007fa051032d69 R08: 0000000000000000 R09: 0000000000000000 [ 235.528660][ C0] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 235.537104][ C0] R13: 00007fa051216128 R14: 00007fa051216090 R15: 00007ffdf1fcc558 [ 235.545552][ C0] [ 235.549526][ C0] Kernel Offset: disabled [ 235.553898][ C0] Rebooting in 86400 seconds..