last executing test programs: 10.892046255s ago: executing program 0 (id=21): creat(&(0x7f00000001c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000002380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}}) read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f00000000c0)='./file0\x00', 0x129282, 0x0) write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0xffffffff90809082, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x2}}, 0x50) read$FUSE(r0, &(0x7f00000024c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r2}, 0x10) 10.696504101s ago: executing program 2 (id=22): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xffffffffffffffff}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0) ioctl$DRM_IOCTL_CONTROL(0xffffffffffffffff, 0x40086414, &(0x7f0000000700)={0x0, 0xb0c2}) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdir(0x0, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_cipso(0x0, 0xffffffffffffffff) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000500)={0x34, 0x0, 0x8, 0x301, 0x0, 0x0, {0x3, 0x0, 0x4}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6003}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @icmp}]}, 0x34}, 0x1, 0x0, 0x0, 0xc0}, 0x4000) 10.342027354s ago: executing program 3 (id=24): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_pressure(r0, &(0x7f0000000140)='cpu.pressure\x00', 0x2, 0x0) write$cgroup_pressure(r1, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xff}, 0x2f) 9.247413288s ago: executing program 4 (id=26): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, 0x21}, 0x94) r1 = socket(0x15, 0x5, 0x0) bind$inet6(r1, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'dummy0\x00', 0x0}) r3 = gettid() r4 = socket(0x10, 0x803, 0x0) r5 = socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$inet6_mtu(r5, 0x29, 0x17, &(0x7f0000000040), &(0x7f0000000100)=0x4) getsockopt$bt_hci(r5, 0x84, 0x74, 0x0, &(0x7f0000000000)=0x43) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x403, 0xfffffff9, 0x25dfdbfe, {0x0, 0x0, 0x74, r2, 0x19c04, 0x55007}, [@IFLA_NET_NS_PID={0x8, 0x13, r3}, @IFLA_IFNAME={0x14, 0x3, 'veth0_virt_wifi\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4802}, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) 9.045086424s ago: executing program 3 (id=27): syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a010101000000008903ce0702000000000000", @ANYRES32=0x41424344], 0x0) sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0xfffffffffffffe61, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="34000000130a03000000000000000000020000000900020073797a31000000000000010073797a30000079c297ccd8950d000000000000001e"], 0x34}}, 0x20048050) r0 = add_key$user(0x0, &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000080)="bc5d", 0x2, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0xa0141, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 8.905648312s ago: executing program 0 (id=28): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) socket$alg(0x26, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdirat(0xffffffffffffffff, 0x0, 0x151) openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/cgroups\x00', 0x0, 0x0) syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0xa927, 0x2, 0x4}, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$NLBL_MGMT_C_PROTOCOLS(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x8841) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1400000039000103", @ANYRES64, @ANYRES8=r1], 0x14}, 0x1, 0x0, 0x0, 0x400c092}, 0x0) 8.854352245s ago: executing program 1 (id=29): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000080)}) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0xc, 0x874fd42a7836ef66, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 7.437533135s ago: executing program 2 (id=30): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x2}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r1, 0x29, 0x37, &(0x7f0000000040)={0x2b}, 0x8) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x2c, r2, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008802}, 0x30) 6.937593251s ago: executing program 4 (id=31): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') r0 = socket$inet(0x2, 0x3, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000005f00)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd0600ffdbdb252100000008000300", @ANYRES32=r3, @ANYBLOB="0600eb00000800000400ec000a00060008021100000100000600f7"], 0x44}, 0x1, 0x0, 0x0, 0x4048020}, 0x20000) 6.825426951s ago: executing program 1 (id=32): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f00000001c0)=0x7, 0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000002780)=ANY=[], 0xfb5) 6.63877173s ago: executing program 0 (id=33): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) write$6lowpan_enable(r1, 0x0, 0x0) 6.454507632s ago: executing program 3 (id=34): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000ff4ae0086d04dd08f4ff080203010902120001000000000904"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/4\x00') 6.421722845s ago: executing program 2 (id=35): r0 = socket(0xa, 0x3, 0xff) setsockopt$inet6_int(r0, 0x29, 0x5, &(0x7f00000000c0)=0x85, 0x4) syz_emit_ethernet(0x4e, &(0x7f00000020c0)=ANY=[], 0x0) r1 = shmget$private(0x0, 0x2000, 0x1000, &(0x7f0000ffd000/0x2000)=nil) shmat(r1, &(0x7f0000ff9000/0x4000)=nil, 0x4000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x6, 0x2) ioctl$vim2m_VIDIOC_TRY_FMT(r3, 0xc0d05640, 0x0) r4 = dup(r2) r5 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r6, 0x0, 0x800) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) r7 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x5a93, 0x10100, 0xfffffffd, 0x307, 0x0, r4}, &(0x7f0000000180)=0x0, &(0x7f0000000300)=0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r7, 0x708, 0x41e3, 0x0, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x44, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x44}}, 0x2) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, &(0x7f0000000780)={&(0x7f00000001c0), 0xc, &(0x7f0000000280)={&(0x7f0000000600)={0x60, 0x4, 0x8, 0x302, 0x0, 0x0, {0xa}, [@CTA_TIMEOUT_DATA={0x4c, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x70000}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x4}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x80}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xffff}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x8081}, 0x40) getsockopt$sock_buf(r10, 0x1, 0x3d, &(0x7f0000000340)=""/196, &(0x7f0000000140)=0xc4) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x5c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) 6.068850118s ago: executing program 4 (id=36): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000180)={&(0x7f00007fd000/0x800000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000fa4000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f000090e000/0x1000)=nil, &(0x7f0000e0d000/0x2000)=nil, &(0x7f0000c20000/0x4000)=nil, &(0x7f0000819000/0x2000)=nil, &(0x7f000094d000/0x4000)=nil, &(0x7f000089e000/0x4000)=nil, &(0x7f0000ac7000/0x4000)=nil, 0x0}, 0x68) ioprio_set$pid(0x1, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r0 = syz_io_uring_setup(0x24fe, &(0x7f0000000580)={0x0, 0xf36e, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='='], 0x38}}, 0x80) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x100000d, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FALLOCATE={0x11, 0x10, 0x0, @fd_index=0x8, 0xfff, 0x0, 0x6, 0x0, 0x1}) io_uring_enter(r0, 0x206686, 0x2936, 0x28, 0x0, 0x0) 5.960759196s ago: executing program 0 (id=37): unshare(0x26020480) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) socket$alg(0x26, 0x5, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000080)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f00000000c0)={@hyper}) r3 = syz_io_uring_setup(0x10e, &(0x7f00000000c0)={0x0, 0x4884, 0x0, 0xffffffff}, &(0x7f00000001c0)=0x0, &(0x7f0000000300)=0x0) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r1, 0x0, 0x0, 0x0, 0x80000}) io_uring_enter(r3, 0x47f5, 0x0, 0x0, 0x0, 0x0) 5.673770885s ago: executing program 1 (id=38): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]}) close_range(r0, 0xffffffffffffffff, 0x0) 4.953147585s ago: executing program 1 (id=39): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000340)={0x28, 0x5, r1, 0x0, &(0x7f00000003c0)='a', 0x1, 0x100000001}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000200)={0x28, 0x5, r1, 0x0, &(0x7f0000000a40)="7f", 0x1, 0x4}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000002c0)={0x28, 0x6, r1, 0x0, &(0x7f0000ae0000/0x2000)=nil, 0x2000, 0x7}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x2, r1, 0x0, &(0x7f0000000380)="ee", 0x1, 0x5}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f00000001c0)={0x28, 0x4, r1, 0x0, &(0x7f00000004c0)="87", 0x1, 0x304f601a}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000280)={0x28, 0x4, r1, 0x0, &(0x7f0000000400), 0x0, 0x8000000000000001}) 4.839518502s ago: executing program 4 (id=40): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x4}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='br_fdb_add\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c000100000000000000000007000000", @ANYRES32=r7, @ANYBLOB="4000aa000a0002"], 0x28}}, 0x0) 4.577916964s ago: executing program 2 (id=41): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) close(0x3) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/60, 0xeeee0000}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, 0x0) 4.30119731s ago: executing program 0 (id=42): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000080)}) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0xc, 0x874fd42a7836ef66, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 3.767126643s ago: executing program 1 (id=43): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000004c0), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000080)=0x8000) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd', @ANYRESHEX=r2, @ANYRESDEC=0x0, @ANYRESDEC=0x0]) read$FUSE(r2, 0x0, 0x0) mkdir(0x0, 0x0) syz_fuse_handle_req(r2, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) set_mempolicy(0x3, 0x0, 0x8) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = open(0x0, 0x80, 0x1ac) renameat2(r3, 0x0, r3, &(0x7f0000000540)='./cgroup\x00', 0x2) read$dsp(r1, &(0x7f0000003200)=""/4096, 0x1000) write$dsp(r0, 0x0, 0x0) 3.231461129s ago: executing program 3 (id=44): syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a010101000000008903ce0702000000000000", @ANYRES32=0x41424344], 0x0) sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0xfffffffffffffe61, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="34000000130a03000000000000000000020000000900020073797a31000000000000010073797a30000079c297ccd8950d000000000000001e"], 0x34}}, 0x20048050) r0 = add_key$user(&(0x7f00000001c0), 0x0, &(0x7f0000000080)="bc5d", 0x2, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0xa0141, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 2.788775s ago: executing program 2 (id=45): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x2}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r1, 0x29, 0x37, &(0x7f0000000040)={0x2b}, 0x8) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x2c, r2, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008802}, 0x30) 2.358516066s ago: executing program 0 (id=46): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000780)=ANY=[@ANYBLOB="12010000cf8bed20d90f25004029000000010902120001000000000904"], 0x0) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000100000001000013040000000200000088060000ff0f0000002e2e"], 0x0, 0x35, 0x0, 0x1}, 0x28) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x4fa, &(0x7f0000000cc0)=""/4096, 0x40f00, 0x5, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0x2, 0x4, 0x9}, 0x1, 0x0, 0x0, 0x64, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)={0x14, 0x35, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="201109"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_PEC(r3, 0x708, 0x7) ioctl$I2C_SMBUS(r3, 0x720, &(0x7f0000000080)={0x1, 0x7, 0x3, &(0x7f0000000040)={0x1c, "b020dcf7df12eff7e9c3fe81d507fe9f43779d424d92f1b25b5d42f5eb6e4bbe70"}}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_EXPRESSIONS={0x2c, 0x12, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}, {0x14, 0x1, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x130}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x84}, 0x1, 0x0, 0x0, 0x4044050}, 0x40) mkdir(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) r6 = syz_io_uring_setup(0x49b, &(0x7f0000000180)={0x0, 0x4885, 0x400, 0x3, 0x192}, &(0x7f0000000100)=0x0, &(0x7f0000000340)=0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r6, 0x16, 0x0, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r5, 0x0, 0x0, 0x0, 0x40002202, 0x1, {0x1}}) io_uring_enter(r6, 0x3516, 0x0, 0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'veth1_to_bridge\x00'}) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$can_j1939(0x1d, 0x2, 0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) r9 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r9, &(0x7f0000001a40)=""/102392, 0x18ff8) 1.333698737s ago: executing program 3 (id=47): r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) ioctl$VIDIOC_S_FMT(r0, 0xc0d05604, &(0x7f0000000180)={0x9, @vbi={0x4, 0xfffff631, 0xc, 0x30323953, [0x8, 0x9cb], [0xc, 0x5], 0x108}}) 1.05725386s ago: executing program 2 (id=48): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f00000001c0)=0x7, 0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000002780)=ANY=[], 0xfb5) 803.576461ms ago: executing program 4 (id=49): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]}) close_range(r0, 0xffffffffffffffff, 0x0) 669.895476ms ago: executing program 1 (id=50): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000180)={&(0x7f00007fd000/0x800000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000fa4000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f000090e000/0x1000)=nil, &(0x7f0000e0d000/0x2000)=nil, &(0x7f0000c20000/0x4000)=nil, &(0x7f0000819000/0x2000)=nil, &(0x7f000094d000/0x4000)=nil, &(0x7f000089e000/0x4000)=nil, &(0x7f0000ac7000/0x4000)=nil, 0x0}, 0x68) ioprio_set$pid(0x1, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r0 = syz_io_uring_setup(0x24fe, &(0x7f0000000580)={0x0, 0xf36e, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='='], 0x38}}, 0x80) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x100000d, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FALLOCATE={0x11, 0x10, 0x0, @fd_index=0x8, 0xfff, 0x0, 0x6, 0x0, 0x1}) io_uring_enter(r0, 0x206686, 0x2936, 0x28, 0x0, 0x0) 240.514684ms ago: executing program 3 (id=51): r0 = socket(0xa, 0x3, 0xff) setsockopt$inet6_int(r0, 0x29, 0x5, &(0x7f00000000c0)=0x85, 0x4) syz_emit_ethernet(0x4e, &(0x7f00000020c0)=ANY=[], 0x0) r1 = shmget$private(0x0, 0x2000, 0x1000, &(0x7f0000ffd000/0x2000)=nil) shmat(r1, &(0x7f0000ff9000/0x4000)=nil, 0x4000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x6, 0x2) ioctl$vim2m_VIDIOC_TRY_FMT(r3, 0xc0d05640, 0x0) r4 = dup(r2) r5 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r6, 0x0, 0x800) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) r7 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x5a93, 0x10100, 0xfffffffd, 0x307, 0x0, r4}, &(0x7f0000000180)=0x0, &(0x7f0000000300)=0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r7, 0x708, 0x41e3, 0x0, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x44, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x44}}, 0x2) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, &(0x7f0000000780)={&(0x7f00000001c0), 0xc, &(0x7f0000000280)={&(0x7f0000000600)={0x60, 0x4, 0x8, 0x302, 0x0, 0x0, {0xa}, [@CTA_TIMEOUT_DATA={0x4c, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x70000}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x4}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x80}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xffff}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x8081}, 0x40) getsockopt$sock_buf(r10, 0x1, 0x3d, &(0x7f0000000340)=""/196, &(0x7f0000000140)=0xc4) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x5c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) 0s ago: executing program 4 (id=52): unshare(0x26020480) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) socket$alg(0x26, 0x5, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000080)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f00000000c0)={@hyper}) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r1, 0x0, 0x0, 0x0, 0x80000}) io_uring_enter(0xffffffffffffffff, 0x47f5, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.37' (ED25519) to the list of known hosts. [ 190.990954][ T5776] cgroup: Unknown subsys name 'net' [ 191.117937][ T5776] cgroup: Unknown subsys name 'cpuset' [ 191.134319][ T5776] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 197.405067][ T5776] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 202.370019][ T5799] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 202.379024][ T5799] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 202.384537][ T5802] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 202.388126][ T5799] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 202.402484][ T5802] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 202.405475][ T5799] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 202.418909][ T5802] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 202.420318][ T5799] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 202.438950][ T5802] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 202.447041][ T5799] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 202.468206][ T5799] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 202.477294][ T5091] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 202.490409][ T50] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 202.527795][ T5091] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 202.541737][ T5091] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 202.553651][ T5802] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 202.563299][ T5802] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 202.578076][ T5796] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 202.605592][ T5796] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 202.629665][ T5802] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 202.675467][ T5802] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 202.704147][ T50] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 202.719580][ T5802] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 202.825646][ T5802] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 202.864925][ T5802] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 204.284152][ T5797] chnl_net:caif_netlink_parms(): no params data found [ 204.537266][ T5796] Bluetooth: hci1: command tx timeout [ 204.542924][ T5796] Bluetooth: hci0: command tx timeout [ 204.620775][ T5802] Bluetooth: hci2: command tx timeout [ 204.827857][ T5802] Bluetooth: hci3: command tx timeout [ 204.937345][ T5802] Bluetooth: hci4: command tx timeout [ 205.080039][ T5794] chnl_net:caif_netlink_parms(): no params data found [ 205.424986][ T5804] chnl_net:caif_netlink_parms(): no params data found [ 205.489808][ T5792] chnl_net:caif_netlink_parms(): no params data found [ 205.569368][ T5797] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.581305][ T5797] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.589164][ T5797] bridge_slave_0: entered allmulticast mode [ 205.599623][ T5797] bridge_slave_0: entered promiscuous mode [ 205.721476][ T5807] chnl_net:caif_netlink_parms(): no params data found [ 205.742910][ T5797] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.752667][ T5797] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.760570][ T5797] bridge_slave_1: entered allmulticast mode [ 205.770500][ T5797] bridge_slave_1: entered promiscuous mode [ 206.056370][ T5797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 206.207354][ T5797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 206.220195][ T5794] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.232984][ T5794] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.241224][ T5794] bridge_slave_0: entered allmulticast mode [ 206.251105][ T5794] bridge_slave_0: entered promiscuous mode [ 206.364162][ T5794] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.371951][ T5794] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.379812][ T5794] bridge_slave_1: entered allmulticast mode [ 206.389756][ T5794] bridge_slave_1: entered promiscuous mode [ 206.550667][ T5797] team0: Port device team_slave_0 added [ 206.619359][ T5802] Bluetooth: hci0: command tx timeout [ 206.624998][ T5802] Bluetooth: hci1: command tx timeout [ 206.672518][ T5797] team0: Port device team_slave_1 added [ 206.697008][ T5796] Bluetooth: hci2: command tx timeout [ 206.765502][ T5804] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.774279][ T5804] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.782217][ T5804] bridge_slave_0: entered allmulticast mode [ 206.791977][ T5804] bridge_slave_0: entered promiscuous mode [ 206.858598][ T5796] Bluetooth: hci3: command tx timeout [ 206.894827][ T5794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 206.904831][ T5804] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.913784][ T5804] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.922996][ T5804] bridge_slave_1: entered allmulticast mode [ 206.931972][ T5804] bridge_slave_1: entered promiscuous mode [ 207.011996][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.019802][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.027712][ T5792] bridge_slave_0: entered allmulticast mode [ 207.029554][ T5796] Bluetooth: hci4: command tx timeout [ 207.038733][ T5792] bridge_slave_0: entered promiscuous mode [ 207.064770][ T5794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.074622][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.082252][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.090043][ T5792] bridge_slave_1: entered allmulticast mode [ 207.099879][ T5792] bridge_slave_1: entered promiscuous mode [ 207.180139][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 207.188147][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 207.215734][ T5797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 207.334812][ T5807] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.342541][ T5807] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.350396][ T5807] bridge_slave_0: entered allmulticast mode [ 207.360481][ T5807] bridge_slave_0: entered promiscuous mode [ 207.374611][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 207.381979][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 207.408572][ T5797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 207.495498][ T5804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.518424][ T5807] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.525998][ T5807] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.533960][ T5807] bridge_slave_1: entered allmulticast mode [ 207.542777][ T5807] bridge_slave_1: entered promiscuous mode [ 207.614688][ T5794] team0: Port device team_slave_0 added [ 207.632111][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.651174][ T5804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.753225][ T5804] team0: Port device team_slave_0 added [ 207.798788][ T5794] team0: Port device team_slave_1 added [ 207.817062][ T5807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.835902][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.858087][ T5807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.916211][ T5804] team0: Port device team_slave_1 added [ 208.108701][ T5807] team0: Port device team_slave_0 added [ 208.280128][ T5807] team0: Port device team_slave_1 added [ 208.290970][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.300437][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 208.326745][ T5804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.340827][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.348224][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 208.374516][ T5794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.389265][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 208.396393][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 208.422668][ T5804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 208.436993][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 208.444136][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 208.471506][ T5794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 208.495074][ T5792] team0: Port device team_slave_0 added [ 208.535271][ T5797] hsr_slave_0: entered promiscuous mode [ 208.545839][ T5797] hsr_slave_1: entered promiscuous mode [ 208.564152][ T5792] team0: Port device team_slave_1 added [ 208.703150][ T5796] Bluetooth: hci1: command tx timeout [ 208.709007][ T5802] Bluetooth: hci0: command tx timeout [ 208.776430][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.783763][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 208.810342][ T5807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.817985][ T5796] Bluetooth: hci2: command tx timeout [ 208.951659][ T5796] Bluetooth: hci3: command tx timeout [ 208.963142][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 208.970545][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 208.997018][ T5807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.081575][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.088902][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.097005][ T5796] Bluetooth: hci4: command tx timeout [ 209.115245][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.135780][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.143261][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.169530][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.301298][ T5794] hsr_slave_0: entered promiscuous mode [ 209.311483][ T5794] hsr_slave_1: entered promiscuous mode [ 209.320218][ T5794] debugfs: 'hsr0' already exists in 'hsr' [ 209.326128][ T5794] Cannot create hsr debugfs directory [ 209.347759][ T5804] hsr_slave_0: entered promiscuous mode [ 209.358206][ T5804] hsr_slave_1: entered promiscuous mode [ 209.368316][ T5804] debugfs: 'hsr0' already exists in 'hsr' [ 209.374227][ T5804] Cannot create hsr debugfs directory [ 209.697848][ T5807] hsr_slave_0: entered promiscuous mode [ 209.707332][ T5807] hsr_slave_1: entered promiscuous mode [ 209.715362][ T5807] debugfs: 'hsr0' already exists in 'hsr' [ 209.721518][ T5807] Cannot create hsr debugfs directory [ 209.930048][ T5792] hsr_slave_0: entered promiscuous mode [ 209.939666][ T5792] hsr_slave_1: entered promiscuous mode [ 209.948316][ T5792] debugfs: 'hsr0' already exists in 'hsr' [ 209.954278][ T5792] Cannot create hsr debugfs directory [ 210.777205][ T5796] Bluetooth: hci1: command tx timeout [ 210.782930][ T5802] Bluetooth: hci0: command tx timeout [ 210.857481][ T5796] Bluetooth: hci2: command tx timeout [ 211.026506][ T5796] Bluetooth: hci3: command tx timeout [ 211.110454][ T5797] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 211.130660][ T5797] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 211.177096][ T5796] Bluetooth: hci4: command tx timeout [ 211.191556][ T5797] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 211.236463][ T5797] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 211.459890][ T5794] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 211.485098][ T5794] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 211.525108][ T5794] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 211.561576][ T5804] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 211.592397][ T5794] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 211.635828][ T5804] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 211.703700][ T5804] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 211.774323][ T5804] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 211.904106][ T5807] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 211.966897][ T5807] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 212.017047][ T5807] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 212.062335][ T5807] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 212.115042][ T5792] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 212.148377][ T5792] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 212.279281][ T5792] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 212.352844][ T5792] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 212.670444][ T5797] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.912840][ T5797] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.024298][ T3785] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.031955][ T3785] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.182560][ T4152] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.190446][ T4152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.275519][ T5794] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.381880][ T5804] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.459679][ T5807] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.552491][ T5794] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.718563][ T5804] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.735446][ T4400] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.743053][ T4400] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.794643][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.834219][ T4400] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.841865][ T4400] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.858233][ T4400] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.865985][ T4400] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.883467][ T5807] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.950320][ T4400] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.957952][ T4400] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.038286][ T4400] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.045848][ T4400] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.062220][ T4400] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.069852][ T4400] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.273343][ T5792] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.415206][ T5807] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 214.426063][ T5807] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 214.533721][ T4400] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.541347][ T4400] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.590170][ T4400] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.597820][ T4400] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.536649][ T5797] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 216.470455][ T5807] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 216.544984][ T5794] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 216.749860][ T5804] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 216.999250][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.171352][ T5807] veth0_vlan: entered promiscuous mode [ 217.189099][ T5794] veth0_vlan: entered promiscuous mode [ 217.345514][ T5794] veth1_vlan: entered promiscuous mode [ 217.387252][ T5807] veth1_vlan: entered promiscuous mode [ 217.529575][ T5804] veth0_vlan: entered promiscuous mode [ 217.650252][ T5804] veth1_vlan: entered promiscuous mode [ 217.726136][ T5807] veth0_macvtap: entered promiscuous mode [ 217.803007][ T5794] veth0_macvtap: entered promiscuous mode [ 217.844710][ T5807] veth1_macvtap: entered promiscuous mode [ 217.877383][ T5792] veth0_vlan: entered promiscuous mode [ 217.928632][ T5794] veth1_macvtap: entered promiscuous mode [ 217.992079][ T5792] veth1_vlan: entered promiscuous mode [ 218.054768][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 218.134782][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 218.183999][ T5804] veth0_macvtap: entered promiscuous mode [ 218.234102][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 218.265497][ T4152] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.302529][ T5804] veth1_macvtap: entered promiscuous mode [ 218.319018][ T4152] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.359571][ T4152] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.382250][ T4152] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.443904][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 218.486512][ T5792] veth0_macvtap: entered promiscuous mode [ 218.518360][ T4152] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.567164][ T5797] veth0_vlan: entered promiscuous mode [ 218.581197][ T5792] veth1_macvtap: entered promiscuous mode [ 218.619185][ T4152] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.642795][ T4152] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.659379][ T4152] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.693464][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 218.769998][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 218.808339][ T5797] veth1_vlan: entered promiscuous mode [ 218.861218][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 218.921593][ T58] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.962505][ T58] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.990452][ T58] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.028915][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 219.045205][ T58] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.119855][ T3567] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.160159][ T3567] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.191929][ T3567] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.238320][ T3567] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.308439][ T5797] veth0_macvtap: entered promiscuous mode [ 219.387908][ T5797] veth1_macvtap: entered promiscuous mode [ 219.597190][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 219.660781][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 219.787596][ T3704] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.797507][ T3610] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.820097][ T1131] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.907319][ T1131] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.936547][ T3785] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.946083][ T3785] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.005660][ T3567] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.014149][ T3567] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.133831][ T4152] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.142620][ T4152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.170601][ T3704] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.180902][ T3704] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.480433][ T5807] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 225.725267][ T3567] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.734996][ T3567] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.856443][ T3785] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.864684][ T3785] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 226.168956][ T3785] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 226.180281][ T3785] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 226.347911][ T3785] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 226.356096][ T3785] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 226.576459][ T5796] Bluetooth: hci4: unexpected Set CIG Parameters response data [ 226.641494][ T137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 226.650415][ T137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 226.896908][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 227.102175][ T11] usb 2-1: new low-speed USB device number 2 using dummy_hcd [ 227.141599][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 227.297936][ T11] usb 2-1: device descriptor read/64, error -71 [ 227.480963][ T4400] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 227.489420][ T4400] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 227.544119][ T0] NOHZ tick-stop error: local softirq work is pending, handler #41!!! [ 227.617997][ T11] usb 2-1: new low-speed USB device number 3 using dummy_hcd [ 227.754218][ T0] NOHZ tick-stop error: local softirq work is pending, handler #41!!! [ 227.841996][ T11] usb 2-1: device descriptor read/64, error -71 [ 227.983415][ T11] usb usb2-port1: attempt power cycle [ 228.401683][ T0] NOHZ tick-stop error: local softirq work is pending, handler #41!!! [ 228.477308][ T11] usb 2-1: new low-speed USB device number 4 using dummy_hcd [ 228.554815][ T11] usb 2-1: device descriptor read/8, error -71 [ 228.638323][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 228.698685][ C1] hrtimer: interrupt took 2079140 ns [ 228.945251][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 229.057154][ T11] usb 2-1: new low-speed USB device number 5 using dummy_hcd [ 229.113298][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 229.149261][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 229.941658][ T5990] syz_tun: entered allmulticast mode [ 229.995163][ T11] usb 2-1: device descriptor read/8, error -71 [ 230.021404][ T5990] pimreg: entered allmulticast mode [ 230.147480][ T11] usb usb2-port1: unable to enumerate USB device [ 230.160415][ T5989] syz_tun: left allmulticast mode [ 230.166170][ T5989] pimreg: left allmulticast mode [ 230.175595][ T5992] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 230.628857][ T5796] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 230.637834][ T5796] Bluetooth: hci4: Injecting HCI hardware error event [ 230.645340][ T5796] Bluetooth: hci4: hardware error 0x00 [ 230.885580][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 232.777028][ T5796] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 234.998402][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 235.005078][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 237.057860][ T11] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 237.529084][ T11] usb 3-1: device descriptor read/all, error -71 [ 237.865253][ T5424] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 238.345429][ T5424] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 238.355193][ T5424] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.373691][ T5424] usb 4-1: Product: syz [ 238.378612][ T5424] usb 4-1: Manufacturer: syz [ 238.383700][ T5424] usb 4-1: SerialNumber: syz [ 238.818752][ T5424] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 239.099255][ T5796] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 239.108584][ T5796] Bluetooth: hci1: Injecting HCI hardware error event [ 239.122012][ T5802] Bluetooth: hci1: hardware error 0x00 [ 239.174636][ T11] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 239.823269][ C0] usb 4-1: ath: unknown panic pattern! [ 240.327195][ T5424] usb 4-1: USB disconnect, device number 2 [ 240.394686][ T11] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 240.402769][ T11] ath9k_htc: Failed to initialize the device [ 240.462431][ T5424] usb 4-1: ath9k_htc: USB layer deinitialized [ 241.178521][ T5802] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 247.909314][ T6073] netlink: 8 bytes leftover after parsing attributes in process `syz.4.31'. [ 248.116139][ T6077] syz.1.32 uses obsolete (PF_INET,SOCK_PACKET) [ 248.636217][ T5919] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 248.851244][ T5919] usb 4-1: Using ep0 maxpacket: 8 [ 248.917353][ T5919] usb 4-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 248.927068][ T5919] usb 4-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 248.935234][ T5919] usb 4-1: Product: syz [ 248.970126][ T5919] usb 4-1: Manufacturer: syz [ 248.974978][ T5919] usb 4-1: SerialNumber: syz [ 249.123407][ T5919] usb 4-1: config 0 descriptor?? [ 249.140908][ T5919] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 249.718247][ T5919] gspca_zc3xx: reg_r err -71 [ 249.723392][ T5919] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 249.788842][ T5919] usb 4-1: USB disconnect, device number 3 [ 251.106081][ T6111] bridge: RTM_NEWNEIGH with invalid ether address [ 253.346445][ T5424] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 253.628591][ T5424] usb 1-1: Using ep0 maxpacket: 32 [ 253.694286][ T5424] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 253.704039][ T5424] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 253.791244][ T5424] usb 1-1: config 0 descriptor?? [ 254.169631][ T5424] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 254.201688][ T5424] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 254.242478][ T5424] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 254.250870][ T5424] usb 1-1: media controller created [ 254.398623][ T5424] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 254.423281][ T6124] ===================================================== [ 254.430683][ T6124] BUG: KMSAN: uninit-value in __i2c_smbus_xfer+0x23e7/0x2f60 [ 254.444721][ T6124] __i2c_smbus_xfer+0x23e7/0x2f60 [ 254.452137][ T6124] i2c_smbus_xfer+0x31d/0x4d0 [ 254.457623][ T6124] i2cdev_ioctl_smbus+0x4a1/0x660 [ 254.462857][ T6124] i2cdev_ioctl+0xa14/0xf40 [ 254.467783][ T6124] __se_sys_ioctl+0x23c/0x400 [ 254.472682][ T6124] __x64_sys_ioctl+0x97/0xe0 [ 254.477823][ T6124] x64_sys_call+0x1cbc/0x3e30 [ 254.482724][ T6124] do_syscall_64+0xd9/0xfa0 [ 254.487577][ T6124] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.493671][ T6124] [ 254.496092][ T6124] Local variable prog created at: [ 254.501440][ T6124] bpf_prog_load+0x96/0x3040 [ 254.506221][ T6124] __sys_bpf+0x7df/0xeb0 [ 254.512301][ T6124] [ 254.514775][ T6124] CPU: 0 UID: 0 PID: 6124 Comm: syz.0.46 Not tainted syzkaller #0 PREEMPT(none) [ 254.524531][ T6124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 254.534875][ T6124] ===================================================== [ 254.549048][ T6124] Disabling lock debugging due to kernel taint [ 254.555371][ T6124] Kernel panic - not syncing: kmsan.panic set ... [ 254.561964][ T6124] CPU: 0 UID: 0 PID: 6124 Comm: syz.0.46 Tainted: G B syzkaller #0 PREEMPT(none) [ 254.572904][ T6124] Tainted: [B]=BAD_PAGE [ 254.577185][ T6124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 254.587418][ T6124] Call Trace: [ 254.590813][ T6124] [ 254.593858][ T6124] __dump_stack+0x26/0x30 [ 254.598378][ T6124] dump_stack_lvl+0x53/0x270 [ 254.603155][ T6124] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 254.609160][ T6124] dump_stack+0x1e/0x25 [ 254.613521][ T6124] vpanic+0x435/0xd30 [ 254.617719][ T6124] panic+0x15d/0x160 [ 254.621860][ T6124] kmsan_report+0x31c/0x320 [ 254.626540][ T6124] ? __msan_warning+0x1b/0x30 [ 254.631376][ T6124] ? __i2c_smbus_xfer+0x23e7/0x2f60 [ 254.636795][ T6124] ? i2c_smbus_xfer+0x31d/0x4d0 [ 254.641827][ T6124] ? i2cdev_ioctl_smbus+0x4a1/0x660 [ 254.647202][ T6124] ? i2cdev_ioctl+0xa14/0xf40 [ 254.652105][ T6124] ? __se_sys_ioctl+0x23c/0x400 [ 254.657141][ T6124] ? __x64_sys_ioctl+0x97/0xe0 [ 254.662087][ T6124] ? x64_sys_call+0x1cbc/0x3e30 [ 254.667125][ T6124] ? do_syscall_64+0xd9/0xfa0 [ 254.671998][ T6124] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.678251][ T6124] ? az6027_i2c_xfer+0x2bdf/0x2c40 [ 254.683547][ T6124] ? kmsan_get_metadata+0xfb/0x160 [ 254.688847][ T6124] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 254.695422][ T6124] ? kmsan_get_metadata+0xfb/0x160 [ 254.700753][ T6124] ? kmsan_get_metadata+0xfb/0x160 [ 254.706059][ T6124] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 254.712056][ T6124] ? i2c_smbus_msg_pec+0x678/0x6c0 [ 254.717384][ T6124] __msan_warning+0x1b/0x30 [ 254.722042][ T6124] __i2c_smbus_xfer+0x23e7/0x2f60 [ 254.727280][ T6124] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 254.733575][ T6124] ? rt_mutex_lock+0x3e/0x70 [ 254.738310][ T6124] ? __pfx_i2c_adapter_lock_bus+0x10/0x10 [ 254.744238][ T6124] i2c_smbus_xfer+0x31d/0x4d0 [ 254.749172][ T6124] i2cdev_ioctl_smbus+0x4a1/0x660 [ 254.754386][ T6124] i2cdev_ioctl+0xa14/0xf40 [ 254.759108][ T6124] ? __pfx_kmsan_get_shadow_origin_ptr+0x7/0x10 [ 254.765539][ T6124] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 254.770777][ T6124] __se_sys_ioctl+0x23c/0x400 [ 254.775663][ T6124] __x64_sys_ioctl+0x97/0xe0 [ 254.780452][ T6124] x64_sys_call+0x1cbc/0x3e30 [ 254.785589][ T6124] do_syscall_64+0xd9/0xfa0 [ 254.790298][ T6124] ? irqentry_exit+0x16/0x60 [ 254.795068][ T6124] ? clear_bhb_loop+0x40/0x90 [ 254.799912][ T6124] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.805971][ T6124] RIP: 0033:0x7ff90c58eec9 [ 254.810523][ T6124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.830290][ T6124] RSP: 002b:00007ff90d503038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 254.838877][ T6124] RAX: ffffffffffffffda RBX: 00007ff90c7e5fa0 RCX: 00007ff90c58eec9 [ 254.846983][ T6124] RDX: 0000200000000080 RSI: 0000000000000720 RDI: 0000000000000005 [ 254.855089][ T6124] RBP: 00007ff90c611f91 R08: 0000000000000000 R09: 0000000000000000 [ 254.863185][ T6124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 254.871284][ T6124] R13: 00007ff90c7e6038 R14: 00007ff90c7e5fa0 R15: 00007ffd49e69b18 [ 254.879426][ T6124] [ 254.882930][ T6124] Kernel Offset: disabled [ 254.887330][ T6124] Rebooting in 86400 seconds..