last executing test programs: 2m41.483489111s ago: executing program 2 (id=241): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) fcntl$getown(r0, 0x9) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) r2 = syz_open_dev$dri(0x0, 0x0, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r4 = dup(r3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x2f126000) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) 2m39.380805024s ago: executing program 2 (id=245): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x5, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4012}, 0x20000010) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x8, 0x7}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x100c}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) 2m38.871430533s ago: executing program 2 (id=250): timer_create(0x7d012b4cafbe7efb, 0x0, 0x0) openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x110, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r0, 0x0, 0x0) socket$kcm(0x2, 0x0, 0x106) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x200}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x29) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', r1}, 0x10) r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='./file1\x00', r2, &(0x7f0000000100)='./file0\x00') ioctl$AUTOFS_IOC_PROTOSUBVER(0xffffffffffffffff, 0x40049366, &(0x7f0000000180)) ioctl$AUTOFS_IOC_READY(r2, 0x9360, 0x800000000000001) 2m37.515777052s ago: executing program 2 (id=253): r0 = socket$nl_generic(0x10, 0x3, 0x10) fsetxattr$security_ima(r0, 0x0, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ipv6_route\x00') preadv2(r4, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x80000000, 0x1) 2m35.458482909s ago: executing program 2 (id=258): pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0xc, 0x12, r0, 0x10000000) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000300)={0x0, 0x0, 0x80000, 0x0, 0xffffffffffffffff}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_clone(0x8060200, 0x0, 0x0, 0x0, 0x0, 0x0) socket$l2tp(0x2, 0x2, 0x73) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) read$msr(0xffffffffffffffff, &(0x7f0000001a40)=""/102392, 0x18ff8) socket$nl_generic(0x10, 0x3, 0x10) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r0, 0x0) pipe2$watch_queue(0x0, 0x80) socket$packet(0x11, 0x3, 0x300) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NODE_ADDR(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x24, r4, 0x1, 0x709d23, 0x25dfdbff, {{}, {}, {0x8, 0x11, 0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x40804}, 0x0) r5 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, 0x0, 0x0) socket$tipc(0x1e, 0x5, 0x0) getsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f0000000180)={@rand_addr, @initdev, 0x0}, &(0x7f0000000200)=0xc) getsockopt$PNPIPE_IFINDEX(r0, 0x113, 0x2, &(0x7f0000000240), &(0x7f0000000340)=0x4) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=@delneigh={0x68, 0x1d, 0x100, 0x70bd2d, 0x25dfdbfe, {0x1c, 0x0, 0x0, r6, 0x10, 0x22, 0x5}, [@NDA_LLADDR={0xa, 0x2, @multicast}, @NDA_PORT={0x6, 0x6, 0x4e22}, @NDA_VNI={0x8, 0x7, 0x10}, @NDA_CACHEINFO={0x14, 0x3, {0x5, 0xffffffff, 0x9}}, @NDA_CACHEINFO={0x14, 0x3, {0x80000000, 0x4, 0x5, 0xe}}, @NDA_LINK_NETNSID={0x8, 0xa, 0x2}]}, 0x68}, 0x1, 0x0, 0x0, 0x40d0}, 0x20000000) 2m33.377402146s ago: executing program 2 (id=261): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0) r3 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r3, &(0x7f0000000000), 0x10) setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, &(0x7f0000000540)=[{{0x1, 0x1, 0x0, 0x1}, {0x4, 0x0, 0x1}}, {{0x3, 0x1}, {0x0, 0x0, 0x1}}], 0x10) setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, 0x0, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)={0x2c, r1, 0x5, 0x70bd27, 0x8, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random="ef"}, @NL80211_ATTR_WIPHY_FREQ_HINT={0x8}]}, 0x2c}}, 0x480c0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8) r8 = socket(0x10, 0x3, 0x0) write(r8, &(0x7f0000000000)="240000001a005f0414f9f407000904000a000000000000000000000004001e0001000000", 0x24) 2m17.479681612s ago: executing program 32 (id=261): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0) r3 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r3, &(0x7f0000000000), 0x10) setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, &(0x7f0000000540)=[{{0x1, 0x1, 0x0, 0x1}, {0x4, 0x0, 0x1}}, {{0x3, 0x1}, {0x0, 0x0, 0x1}}], 0x10) setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, 0x0, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)={0x2c, r1, 0x5, 0x70bd27, 0x8, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random="ef"}, @NL80211_ATTR_WIPHY_FREQ_HINT={0x8}]}, 0x2c}}, 0x480c0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8) r8 = socket(0x10, 0x3, 0x0) write(r8, &(0x7f0000000000)="240000001a005f0414f9f407000904000a000000000000000000000004001e0001000000", 0x24) 17.75850532s ago: executing program 1 (id=557): socket$packet(0x11, 0x2, 0x300) shmctl$SHM_INFO(0x0, 0xe, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) socket$inet(0x2, 0x3, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = shmget(0x0, 0x2000, 0x2, &(0x7f0000ffc000/0x2000)=nil) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x5) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_getaddrlabel={0x38, 0x1a, 0x1, 0x0, 0x0, {0xa, 0x0, 0x80}, [@IFAL_LABEL={0x8}, @IFAL_ADDRESS={0x14, 0x1, @private0}]}, 0x38}}, 0x0) shmctl$SHM_UNLOCK(r0, 0xc) syz_emit_ethernet(0x16, &(0x7f0000000880)={@broadcast, @empty, @val={@val={0x88a8, 0x0, 0x1, 0x4}, {0x8100, 0x4, 0x0, 0x3}}, {@generic={0x9300}}}, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000003680), r6) 17.738326539s ago: executing program 5 (id=558): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$kcm(0xa, 0x6, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0xa, &(0x7f0000000000)=r2, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = dup(0xffffffffffffffff) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r3}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) r7 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r4, 0x2ded, 0x4000, 0x0, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r8 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000040)={'vxcan0\x00', 0x0}) bind$can_j1939(r8, &(0x7f0000000080)={0x1d, r9, 0x2, {0x1, 0x0, 0x5}}, 0x18) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f00000002c0), r8) r10 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x16b601, 0x0) write$sequencer(r10, &(0x7f0000000240)=ANY=[@ANYBLOB="0293"], 0x9) ioctl$SNDCTL_SEQ_SYNC(r10, 0x5101) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000c00)=@raw={'raw\x00', 0x3c1, 0x3, 0x3c0, 0x188, 0x4c, 0x1a, 0x0, 0x73, 0x2f0, 0x258, 0x258, 0x2f0, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @mcast2, [], [], 'wg2\x00', 'macvlan1\x00'}, 0x0, 0x128, 0x188, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'syz1\x00'}}, @common=@unspec=@statistic={{0x38}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast2, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff}}}, {{@uncond, 0x0, 0x100, 0x168, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@srh={{0x30}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf3893b573a807d00}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x420) 16.072995441s ago: executing program 1 (id=560): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[@ANYBLOB="4c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="05220000000000002c0012800b00010069703667726500001c000280060010004e2300000800040009000000060011004e"], 0x4c}, 0x1, 0xba01}, 0x0) r1 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) r3 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)='%(,c\xbe\xfbL:', 0x0) r4 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$sock_SIOCINQ(r4, 0x541b, 0x0) fsopen(&(0x7f0000000040)='afs\x00', 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) fanotify_mark(0xffffffffffffffff, 0x105, 0x5000003a, r1, 0x0) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat(0xffffffffffffff9c, 0x0, 0x4042, 0x92) ioctl$USBDEVFS_REAPURBNDELAY(0xffffffffffffffff, 0x4004550d, 0x0) io_uring_setup(0x177d, &(0x7f00000000c0)={0x0, 0x572e, 0x8000, 0x1000002, 0xfffffffe}) 15.028694466s ago: executing program 5 (id=563): mkdirat(0xffffffffffffff9c, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mkdir(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, 0x0) mount(&(0x7f0000000280)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='xfs\x00', 0x8000, 0x0) fcntl$dupfd(r2, 0x406, 0xffffffffffffffff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r4 = openat$cgroup_devices(r3, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r4, &(0x7f00000001c0)={'c', ' *:* ', 'rwm\x00'}, 0xa) r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r5, 0x4008af00, &(0x7f0000000140)=0x200000000) write$vhost_msg_v2(r5, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000440)=""/220, 0xfffffffffffffee1, 0x0, 0x2, 0x2}}, 0x48) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') r6 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r6, 0x0, 0x12, 0x0, 0x0) mlock(&(0x7f0000002000/0x2000)=nil, 0x2000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 13.210936632s ago: executing program 5 (id=565): mkdirat(0xffffffffffffff9c, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mkdir(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fcntl$dupfd(r2, 0x406, 0xffffffffffffffff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) openat$cgroup_devices(r3, 0x0, 0x2, 0x0) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000140)=0x200000000) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x12, 0x0, 0x0) mlock(&(0x7f0000002000/0x2000)=nil, 0x2000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) read$FUSE(r4, &(0x7f0000000640)={0x2020}, 0x2020) 12.565613207s ago: executing program 1 (id=569): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x10) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf4fffff7, 0x12, r1, 0x0) write$tun(0xffffffffffffffff, &(0x7f0000000640)=ANY=[@ANYBLOB="0103ffff0900fffe0cff4517002c4068000009119078ac1414bbe00000024e204e21001890780400000026d08d7b04000000000000005931e1cc0fa53efb1b130d0ba59856dd1865c16abd8f7e6b783c88110a22caf84e17e4e81fe29d6830589375fa27977cf53c2271721186bc882a95c5a97c248f8bbfc19313befc0d04bf147fa9d6ee548bdd81fc530fee276cd10abb31bf55e32eca9521f4d7d0c7a3528bc519a340b5bec662ed138988d2718b964b917e5581118ed2543fed51122cf266611ca03865d9f30ab08ca99c43a907a1b6f32eb242479ee8ef9c044157569780099973e61e00e4b74ea49ba5c90a085f"], 0x36) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, 0x0, 0x0) write(r3, &(0x7f0000000340)="41000000010001", 0x7) 12.310477868s ago: executing program 1 (id=570): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00", 0xffffffffffffffff}) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x2, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fffffff}, {0x6, 0x7, 0x9}]}) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x4, r4}) r7 = gettid() syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/time_for_children\x00') socket$inet6_sctp(0xa, 0x5, 0x84) socket$rds(0x15, 0x5, 0x0) socket$isdn(0x22, 0x2, 0x25) socket$isdn(0x22, 0x2, 0x24) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x20) timer_create(0x3, &(0x7f000049efa0)={0x0, 0x14, 0x4, @tid=r7}, &(0x7f0000044000)=0x0) r9 = syz_open_dev$usbfs(&(0x7f0000000340), 0x2000800000001f9, 0x190002) r10 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)={0x34, 0x3d, 0x107, 0x0, 0x0, {0x3, 0x7c}, [@nested={0x4, 0x145}, @nested={0x1c, 0x9, 0x0, 0x1, [@nested={0x18, 0x1e, 0x0, 0x1, [@nested={0x11, 0x13b, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @ipv4=@local}, @generic="9a19a13bbc"]}]}]}]}, 0x34}}, 0x4040040) r11 = dup(r9) ioctl$USBDEVFS_CONTROL(r11, 0xc0185500, &(0x7f0000000300)={0x20, 0xc, 0xd9bf, 0xf, 0x0, 0x2, 0x0}) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f00000000c0)={"1c9b63f10439cc8153e1e65aa400000000020000ec6e00", r3}) timer_delete(r8) timer_getoverrun(r8) ioctl$DMA_BUF_SET_NAME_A(r6, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f0000000080)=0x2) 11.526511182s ago: executing program 5 (id=571): socket$kcm(0x23, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$kcm(0xa, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x8000) sendmsg$sock(r3, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) r4 = syz_open_dev$vim2m(&(0x7f0000000040), 0x10001, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f0000000300)={0x10, 0x1, 0x0, "8a3d766d74ba833ab5d3c3777f865a1bd09a6f8b03b234e75464982aed2122e7", 0x47524247}) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x28, 0x1411, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x4b, 0x13}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x3}]}, 0x28}}, 0x40) 11.51198029s ago: executing program 4 (id=572): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d75a3d0000b110000000000000000000000000000000000ff0200000000000000000000000000014f1c4e20"], 0xd6) 11.27726056s ago: executing program 0 (id=574): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) symlink(0x0, &(0x7f0000000040)='./file0\x00') mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_ADDRFORM(r3, 0x3a, 0x1, &(0x7f00000000c0), 0x4) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_int(r5, 0x6, 0x4, &(0x7f0000000180)=0x1, 0x4) getsockopt$inet6_tcp_int(r5, 0x6, 0x4, 0x0, &(0x7f0000000040)) close_range(r4, 0xffffffffffffffff, 0x2) r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0) write$vga_arbiter(r6, 0x0, 0xc) socket$inet6_tcp(0xa, 0x1, 0x0) 10.201739661s ago: executing program 1 (id=576): mknodat(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r3 = dup2(r2, r2) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000480)={'\x00', 0x40, 0xa, 0x401, 0x40000004, 0x10}) unlinkat(r2, 0x0, 0x200) ioctl$BLKTRACESETUP(r3, 0x1276, 0x0) 10.160568809s ago: executing program 4 (id=577): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000180)={'vxcan0\x00'}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, 0x0, 0x0) r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, &(0x7f00000001c0)='sou\x01ce', 0x0) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendto$packet(r5, &(0x7f00000003c0)="0b036800e0ff64000200475400f6a13bb100000008", 0x15, 0x0, &(0x7f0000000140), 0x14) r6 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_inet_SIOCSARP(r6, 0x8955, 0x0) listen(0xffffffffffffffff, 0x73) gettid() fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) 10.15985423s ago: executing program 5 (id=578): mkdir(&(0x7f0000000080)='./file0\x00', 0x0) socket$inet_udp(0x2, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x4000, 0x65) ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x20000000008) r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) ioctl$BLKTRACESTART(r3, 0x1274, 0x0) ioctl$SG_BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000001c0)={'ip6_vti0\x00', &(0x7f0000000080)={'syztnl2\x00', 0x0, 0x0, 0xfd, 0x5, 0x1, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @loopback={0x0, 0x460c6}, 0x7801, 0x0, 0x1}}) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}}) 10.089945956s ago: executing program 3 (id=579): socket$l2tp(0x2, 0x2, 0x73) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x2, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_PARM(r3, 0xc0cc5615, &(0x7f0000000040)={0x8, @output={0x0, 0x1, {0xffffffff}, 0x3, 0xd}}) 7.708399116s ago: executing program 5 (id=580): socket$key(0xf, 0x3, 0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) name_to_handle_at(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1800) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) r2 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1d, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, r2, 0x1, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x17, 0x4, &(0x7f0000000480)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xbb}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$inet6(0xa, 0x5, 0xffffffff) r3 = socket(0x2, 0xa, 0xff) clock_adjtime(0x0, &(0x7f0000000100)={0x5f0827ee, 0x0, 0x0, 0x4, 0x0, 0x0, 0x9, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000100)=0x820, 0x4) openat$ptmx(0xffffffffffffff9c, 0x0, 0x200080, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x244041, 0x100) 7.658405117s ago: executing program 0 (id=581): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) symlink(0x0, &(0x7f0000000040)='./file0\x00') mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_SET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x58, r4, 0x1, 0x70bd2c, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20004859}, 0x4000) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_ADDRFORM(r5, 0x3a, 0x1, &(0x7f00000000c0), 0x4) syz_emit_ethernet(0x66, &(0x7f00000068c0)={@link_local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\a\x00', 0x30, 0x3a, 0x0, @local, @mcast2, {[], @dest_unreach={0x1, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "0100", 0x0, 0x0, 0x0, @mcast2, @loopback}}}}}}}, 0x0) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x4, 0x0, &(0x7f0000000040)) close_range(r6, 0xffffffffffffffff, 0x2) r7 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0) write$vga_arbiter(r7, &(0x7f0000000280)=ANY=[@ANYBLOB='trylock mem@'], 0xc) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x36}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r8, 0x6, 0xe, &(0x7f0000000340)={@in={{0x2, 0x4e1d, @local}}, 0x0, 0x0, 0x35, 0x0, "317f83735b4bb1eadc74dde27798c831eec04c24eeec7ff3d3137a508003d2d5c89ab0220cefebd4687636457b9822766c1bfea4e01ff23c6a4caeaf049a572a9774d3b882eb3b4a66c5ec48c29f065d"}, 0xd8) 6.723714502s ago: executing program 1 (id=582): mkdirat(0xffffffffffffff9c, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mkdir(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fcntl$dupfd(r2, 0x406, 0xffffffffffffffff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) openat$cgroup_devices(r3, 0x0, 0x2, 0x0) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000140)=0x200000000) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x12, 0x0, 0x0) mlock(&(0x7f0000002000/0x2000)=nil, 0x2000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) read$FUSE(r4, &(0x7f0000000640)={0x2020}, 0x2020) 6.722491909s ago: executing program 3 (id=583): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000140)={{}, 'port0\x00', 0x0, 0x1419, 0x0, 0x0, 0x0, 0x0, 0xffffffff}) unshare(0x2040400) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000010850000006d00000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000240)='kfree\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000100)=0x3) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) write$bt_hci(r2, &(0x7f0000000100)=ANY=[], 0x6) 6.172626171s ago: executing program 4 (id=584): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0}, 0x18) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RGETLOCK(r2, &(0x7f0000001440)=ANY=[], 0xffffff6a) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) tee(r1, r3, 0xfffffffffffffc01, 0x0) tee(r1, r3, 0x60000000000, 0x7) 6.100310091s ago: executing program 3 (id=585): mknod(&(0x7f0000000480)='./file0\x00', 0x8000, 0x6262768b) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x80) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) setreuid(0x0, 0x0) setresuid(0xee01, 0x0, 0x0) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x12, 0x0, &(0x7f00000001c0)) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001a00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000001a40)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_LEAVE_OCB(r3, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001a80)={0x1c, r4, 0x1, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) syz_emit_vhci(0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xebac6000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x1}, 0x8, 0x10, &(0x7f00000000c0), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000080)) r9 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0) mount(&(0x7f00000004c0)=@nullb, &(0x7f0000000500)='./file0\x00', &(0x7f0000000540)='nilfs2\x00', 0x400, 0x0) 4.934561829s ago: executing program 3 (id=586): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00", 0xffffffffffffffff}) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x2, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fffffff}, {0x6, 0x7, 0x9}]}) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x4, r4}) r7 = gettid() syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/time_for_children\x00') socket$inet6_sctp(0xa, 0x5, 0x84) socket$rds(0x15, 0x5, 0x0) socket$isdn(0x22, 0x2, 0x25) socket$isdn(0x22, 0x2, 0x24) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x20) timer_create(0x3, &(0x7f000049efa0)={0x0, 0x14, 0x4, @tid=r7}, &(0x7f0000044000)=0x0) r9 = syz_open_dev$usbfs(&(0x7f0000000340), 0x2000800000001f9, 0x190002) r10 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)={0x34, 0x3d, 0x107, 0x0, 0x0, {0x3, 0x7c}, [@nested={0x4, 0x145}, @nested={0x1c, 0x9, 0x0, 0x1, [@nested={0x18, 0x1e, 0x0, 0x1, [@nested={0x11, 0x13b, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @ipv4=@local}, @generic="9a19a13bbc"]}]}]}]}, 0x34}}, 0x4040040) r11 = dup(r9) ioctl$USBDEVFS_CONTROL(r11, 0xc0185500, &(0x7f0000000300)={0x20, 0xc, 0xd9bf, 0xf, 0x0, 0x2, 0x0}) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f00000000c0)={"1c9b63f10439cc8153e1e65aa400000000020000ec6e00", r3}) timer_delete(r8) timer_getoverrun(r8) ioctl$DMA_BUF_SET_NAME_A(r6, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f0000000080)=0x2) 4.917324516s ago: executing program 0 (id=587): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b7000000ff000003bfa30000000000000703000000feffff620af0fff8ffffff71a4f0ff0000000015040200000000001d400200000000004704000001ed000062030000000000001d440000000000007a0a00fe00ffffffdb03000050000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa5b4e377184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7592566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6cb5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a00"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 4.674536896s ago: executing program 4 (id=588): syz_open_dev$loop(&(0x7f00000005c0), 0x9, 0x12d600) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, 0x0, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x810, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, 0x0) r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000b00)={0x4, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000f40)={0x101, "7bb9595931028deda525e19bdeffafde2500f6d15c9e31df9454310ad7c18e65", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r6, 0xc0303e03, &(0x7f0000000780)={"10628c1965c61e00", r7}) r8 = syz_open_dev$dri(&(0x7f0000000180), 0x3ffffffffffffffd, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r8, 0xc02064b2, &(0x7f0000000100)={0x80002, 0x1, 0x6}) r9 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f00000004c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r9, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r10, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r9, 0xc06864ce, &(0x7f0000000440)={r11, 0x0, 0x0, 0x0, 0x0, [0x0]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r8, 0xc00c642d, &(0x7f0000000200)={r12}) 4.507895745s ago: executing program 0 (id=589): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4012}, 0x20000010) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r3, {0x8, 0x7}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x100c}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) 3.561246039s ago: executing program 4 (id=590): mkdir(&(0x7f0000000080)='./file0\x00', 0x0) socket$inet_udp(0x2, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x4000, 0x65) ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x20000000008) r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) ioctl$BLKTRACESTART(r3, 0x1274, 0x0) ioctl$SG_BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000001c0)={'ip6_vti0\x00', &(0x7f0000000080)={'syztnl2\x00', 0x0, 0x0, 0xfd, 0x5, 0x1, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @loopback={0x0, 0x460c6}, 0x7801, 0x0, 0x1}}) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}}) 3.382430927s ago: executing program 3 (id=591): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6(0xa, 0x80002, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c) 1.291651926s ago: executing program 0 (id=592): r0 = creat(0x0, 0xecf86c37d53049cc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b4b, 0x0) fstatfs(0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) futex(0x0, 0x83, 0x1, 0x0, 0x0, 0x1) close(r0) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') pread64(r4, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a) 1.198589589s ago: executing program 3 (id=593): socket$l2tp(0x2, 0x2, 0x73) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_PARM(r3, 0xc0cc5615, &(0x7f0000000040)={0x8, @output={0x0, 0x1, {0xffffffff}, 0x3, 0xd}}) 946.015588ms ago: executing program 4 (id=594): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000140)={{}, 'port0\x00', 0x0, 0x1419, 0x0, 0x0, 0x0, 0x0, 0xffffffff}) unshare(0x2040400) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000010850000006d00000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000240)='kfree\x00', r1}, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x38, 0x1403, 0x1, 0x70bd2c, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x810) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000100)=0x3) io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, &(0x7f0000000280)={0x3, r1, 0x1, {0x7fffffff, 0xffffffff}, 0x8}, 0x1) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r4, 0x400448ca, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) r5 = socket$rds(0x15, 0x5, 0x0) setsockopt$RDS_FREE_MR(r5, 0x114, 0x2, 0x0, 0x0) bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) write$bt_hci(r4, &(0x7f0000000100)=ANY=[], 0x6) socket$packet(0x11, 0x3, 0x300) 0s ago: executing program 0 (id=595): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000140)={{}, 'port0\x00', 0x0, 0x1419, 0x0, 0x0, 0x0, 0x0, 0xffffffff}) unshare(0x2040400) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000010850000006d00000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000240)='kfree\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000100)=0x3) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) write$bt_hci(r2, &(0x7f0000000100)=ANY=[], 0x6) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.23' (ED25519) to the list of known hosts. [ 83.618905][ T5820] cgroup: Unknown subsys name 'net' [ 83.771931][ T5820] cgroup: Unknown subsys name 'cpuset' [ 83.782229][ T5820] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 85.397976][ T5820] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 88.098958][ T5837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.107122][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.118379][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.130637][ T5842] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.148629][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.155771][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.160887][ T5839] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.171847][ T5839] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.187110][ T5842] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.197612][ T5839] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.207927][ T5839] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.213574][ T5847] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.223111][ T5847] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.230323][ T5839] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.232377][ T5847] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.245536][ T5842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.254393][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.257708][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.263391][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.272070][ T5848] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 88.292350][ T5154] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.305792][ T55] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 88.320781][ T5838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 88.334761][ T5838] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 88.347867][ T5838] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.837855][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 89.029315][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 89.116683][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 89.165472][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.172860][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.180479][ T5832] bridge_slave_0: entered allmulticast mode [ 89.188434][ T5832] bridge_slave_0: entered promiscuous mode [ 89.271671][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.278977][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.286157][ T5832] bridge_slave_1: entered allmulticast mode [ 89.294782][ T5832] bridge_slave_1: entered promiscuous mode [ 89.302354][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 89.425566][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.467026][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.474237][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.481563][ T5834] bridge_slave_0: entered allmulticast mode [ 89.489201][ T5834] bridge_slave_0: entered promiscuous mode [ 89.512592][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.543317][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 89.573165][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.580643][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.588221][ T5834] bridge_slave_1: entered allmulticast mode [ 89.595432][ T5834] bridge_slave_1: entered promiscuous mode [ 89.618127][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.625249][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.632536][ T5831] bridge_slave_0: entered allmulticast mode [ 89.639928][ T5831] bridge_slave_0: entered promiscuous mode [ 89.648361][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.655492][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.662777][ T5831] bridge_slave_1: entered allmulticast mode [ 89.670319][ T5831] bridge_slave_1: entered promiscuous mode [ 89.740469][ T5832] team0: Port device team_slave_0 added [ 89.775125][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.789425][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.815781][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.829577][ T5832] team0: Port device team_slave_1 added [ 89.882141][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.945664][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.953343][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.961005][ T5844] bridge_slave_0: entered allmulticast mode [ 89.968438][ T5844] bridge_slave_0: entered promiscuous mode [ 90.004674][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.011741][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.038748][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.063268][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.070613][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.078228][ T5844] bridge_slave_1: entered allmulticast mode [ 90.085379][ T5844] bridge_slave_1: entered promiscuous mode [ 90.095302][ T5834] team0: Port device team_slave_0 added [ 90.104381][ T5834] team0: Port device team_slave_1 added [ 90.113124][ T5831] team0: Port device team_slave_0 added [ 90.119852][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.127266][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.153285][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.179194][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.186474][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.193731][ T5843] bridge_slave_0: entered allmulticast mode [ 90.201090][ T5843] bridge_slave_0: entered promiscuous mode [ 90.238202][ T5831] team0: Port device team_slave_1 added [ 90.253112][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.260458][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.267993][ T5843] bridge_slave_1: entered allmulticast mode [ 90.276208][ T5843] bridge_slave_1: entered promiscuous mode [ 90.312799][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.337760][ T5838] Bluetooth: hci1: command tx timeout [ 90.343512][ T5838] Bluetooth: hci0: command tx timeout [ 90.349064][ T55] Bluetooth: hci3: command tx timeout [ 90.354867][ T5847] Bluetooth: hci2: command tx timeout [ 90.392687][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.415953][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.423306][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.423331][ T5847] Bluetooth: hci4: command tx timeout [ 90.449291][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.484015][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.510400][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.517554][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.543768][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.561809][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.569487][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.595757][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.608994][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.615996][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.642330][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.658945][ T5832] hsr_slave_0: entered promiscuous mode [ 90.665320][ T5832] hsr_slave_1: entered promiscuous mode [ 90.675156][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.687481][ T5844] team0: Port device team_slave_0 added [ 90.696615][ T5844] team0: Port device team_slave_1 added [ 90.815328][ T5843] team0: Port device team_slave_0 added [ 90.826416][ T5843] team0: Port device team_slave_1 added [ 90.833149][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.841314][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.867286][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.880665][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.887790][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.913763][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.950434][ T5834] hsr_slave_0: entered promiscuous mode [ 90.957183][ T5834] hsr_slave_1: entered promiscuous mode [ 90.963545][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.972342][ T5834] Cannot create hsr debugfs directory [ 91.055876][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.064661][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.091334][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.134486][ T5831] hsr_slave_0: entered promiscuous mode [ 91.141163][ T5831] hsr_slave_1: entered promiscuous mode [ 91.147810][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.155472][ T5831] Cannot create hsr debugfs directory [ 91.163183][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.170457][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.196457][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.263558][ T5844] hsr_slave_0: entered promiscuous mode [ 91.270144][ T5844] hsr_slave_1: entered promiscuous mode [ 91.276454][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.285460][ T5844] Cannot create hsr debugfs directory [ 91.411523][ T5843] hsr_slave_0: entered promiscuous mode [ 91.418985][ T5843] hsr_slave_1: entered promiscuous mode [ 91.425971][ T5843] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.433988][ T5843] Cannot create hsr debugfs directory [ 91.852947][ T5832] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 91.863943][ T975] cfg80211: failed to load regulatory.db [ 91.906878][ T5832] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 91.946238][ T5832] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 91.975575][ T5832] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 92.029266][ T5834] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.060444][ T5834] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.082115][ T5834] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.105108][ T5834] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.178030][ T5831] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.188740][ T5831] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.201952][ T5831] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 92.213130][ T5831] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 92.329502][ T5844] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.363565][ T5844] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.376046][ T5844] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.402870][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.411070][ T5844] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.419680][ T5847] Bluetooth: hci2: command tx timeout [ 92.419721][ T5838] Bluetooth: hci1: command tx timeout [ 92.425101][ T5847] Bluetooth: hci0: command tx timeout [ 92.430517][ T55] Bluetooth: hci3: command tx timeout [ 92.485613][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.498906][ T5847] Bluetooth: hci4: command tx timeout [ 92.556648][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.563879][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.574988][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.582346][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.598457][ T5843] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 92.614118][ T5843] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 92.649463][ T5843] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 92.666094][ T5843] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 92.774385][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.809773][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.875546][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.924477][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.944180][ T1165] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.951368][ T1165] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.992345][ T1165] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.999583][ T1165] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.011224][ T1165] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.018469][ T1165] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.049633][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.075923][ T1165] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.083124][ T1165] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.177234][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.199472][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.235359][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.261294][ T1165] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.268521][ T1165] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.315893][ T1165] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.323143][ T1165] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.341308][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.446198][ T1165] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.453462][ T1165] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.472825][ T1165] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.480041][ T1165] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.500419][ T5844] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 93.821251][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.884644][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.015622][ T5832] veth0_vlan: entered promiscuous mode [ 94.059192][ T5834] veth0_vlan: entered promiscuous mode [ 94.078668][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.100186][ T5832] veth1_vlan: entered promiscuous mode [ 94.121130][ T5834] veth1_vlan: entered promiscuous mode [ 94.135003][ T5831] veth0_vlan: entered promiscuous mode [ 94.157804][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.185075][ T5831] veth1_vlan: entered promiscuous mode [ 94.255147][ T5834] veth0_macvtap: entered promiscuous mode [ 94.291396][ T5834] veth1_macvtap: entered promiscuous mode [ 94.316551][ T5843] veth0_vlan: entered promiscuous mode [ 94.324815][ T5832] veth0_macvtap: entered promiscuous mode [ 94.336338][ T5832] veth1_macvtap: entered promiscuous mode [ 94.360056][ T5831] veth0_macvtap: entered promiscuous mode [ 94.371309][ T5831] veth1_macvtap: entered promiscuous mode [ 94.402207][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.410194][ T5844] veth0_vlan: entered promiscuous mode [ 94.424164][ T5843] veth1_vlan: entered promiscuous mode [ 94.439666][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.450536][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.462115][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.474072][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.485854][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.499415][ T5847] Bluetooth: hci0: command tx timeout [ 94.499508][ T55] Bluetooth: hci2: command tx timeout [ 94.504896][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.510291][ T5838] Bluetooth: hci3: command tx timeout [ 94.510397][ T5848] Bluetooth: hci1: command tx timeout [ 94.527535][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.544832][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.564395][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.573542][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.584324][ T5848] Bluetooth: hci4: command tx timeout [ 94.590831][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.603196][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.614753][ T5834] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.623929][ T5834] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.632934][ T5834] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.642004][ T5834] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.678049][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.690103][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.700436][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.711217][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.722438][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.730392][ T5844] veth1_vlan: entered promiscuous mode [ 94.752935][ T5831] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.762522][ T5831] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.771430][ T5831] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.780474][ T5831] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.804372][ T5832] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.813293][ T5832] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.824012][ T5832] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.833728][ T5832] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.873442][ T5843] veth0_macvtap: entered promiscuous mode [ 94.924718][ T5843] veth1_macvtap: entered promiscuous mode [ 94.939366][ T5844] veth0_macvtap: entered promiscuous mode [ 94.983573][ T5844] veth1_macvtap: entered promiscuous mode [ 95.036402][ T1098] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.045071][ T1098] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.056174][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.077086][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.087319][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.098082][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.109137][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.119641][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.132172][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.158633][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.169695][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.179619][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.190187][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.200066][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.210591][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.222994][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.232695][ T1098] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.241906][ T1098] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.270738][ T5843] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.285831][ T5843] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.294816][ T5843] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.304237][ T5843] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.327264][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.337838][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.348475][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.359608][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.369605][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.380721][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.390705][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.401254][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.413819][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.440853][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.451660][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.462991][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.473504][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.483448][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.493944][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.503823][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.514356][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.525802][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.548666][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.556587][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.599278][ T5844] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.608286][ T5844] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.617912][ T5844] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.627647][ T5844] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.640989][ T2993] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.661236][ T2993] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.685141][ T2993] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.694721][ T2993] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.841839][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.849857][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.867329][ T5834] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 95.916084][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.938176][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.050158][ T1098] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.071799][ T1098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.481594][ T1165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.553393][ T1165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.578165][ T55] Bluetooth: hci2: command tx timeout [ 96.583762][ T55] Bluetooth: hci3: command tx timeout [ 96.589684][ T5847] Bluetooth: hci0: command tx timeout [ 96.590381][ T5848] Bluetooth: hci1: command tx timeout [ 96.657282][ T5848] Bluetooth: hci4: command tx timeout [ 96.822040][ T5933] Bluetooth: MGMT ver 1.23 [ 96.828255][ T5930] team_slave_0: entered promiscuous mode [ 96.834026][ T5930] team_slave_1: entered promiscuous mode [ 96.868288][ T5930] macsec1: entered promiscuous mode [ 96.874048][ T5930] team0: entered promiscuous mode [ 96.908792][ T5930] team0: left promiscuous mode [ 96.916096][ T5930] team_slave_0: left promiscuous mode [ 96.921682][ T5930] team_slave_1: left promiscuous mode [ 96.983007][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.042278][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.257631][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!! [ 97.328108][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.359372][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 97.564134][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 97.666541][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 97.769055][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 98.017623][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 98.049483][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.058464][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.738963][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 101.326724][ T5977] syz.4.17 uses obsolete (PF_INET,SOCK_PACKET) [ 101.392275][ T5977] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 102.322351][ T5988] netlink: 132 bytes leftover after parsing attributes in process `syz.1.21'. [ 103.082341][ T6000] batman_adv: batadv0: Adding interface: dummy0 [ 103.179538][ T5995] netlink: 16 bytes leftover after parsing attributes in process `syz.2.24'. [ 103.214770][ T6000] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.267354][ T6000] batman_adv: batadv0: Interface activated: dummy0 [ 103.307904][ T6002] batadv0: mtu less than device minimum [ 103.317752][ T6002] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 103.329355][ T6002] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 103.340850][ T6002] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 103.352290][ T6002] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 103.363710][ T6002] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 103.375118][ T6002] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 103.387208][ T6002] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 103.399176][ T6002] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 103.410675][ T6002] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 105.643882][ T5916] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 105.701839][ T6034] netlink: 132 bytes leftover after parsing attributes in process `syz.4.35'. [ 105.909554][ T5916] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 105.966757][ T5916] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 106.109870][ T30] audit: type=1800 audit(1744332501.220:2): pid=6040 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.36" name="bus" dev="tmpfs" ino=2 res=0 errno=0 [ 106.137052][ T5916] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 106.146150][ T5916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.229369][ T5916] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 106.253151][ T5916] usb 2-1: invalid MIDI out EP 0 [ 106.424505][ T5916] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 106.541323][ T5916] usb 2-1: USB disconnect, device number 2 [ 106.777213][ T5915] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 106.824681][ T6047] udevd[6047]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 106.977139][ T5915] usb 1-1: Using ep0 maxpacket: 16 [ 107.009540][ T5915] usb 1-1: config 0 interface 0 has no altsetting 0 [ 107.016370][ T5915] usb 1-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 107.046437][ T5915] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.548199][ T5915] usb 1-1: config 0 descriptor?? [ 108.045875][ T5915] input: HID 0458:5013 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5013.0001/input/input5 [ 108.203659][ T6044] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 109.364126][ T6044] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 109.400535][ T5915] input: HID 0458:5013 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5013.0001/input/input6 [ 109.667947][ T5915] kye 0003:0458:5013.0001: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0458:5013] on usb-dummy_hcd.0-1/input0 [ 109.734157][ T6072] netlink: 132 bytes leftover after parsing attributes in process `syz.4.46'. [ 109.746510][ T5915] usb 1-1: USB disconnect, device number 2 [ 110.348330][ T6080] Zero length message leads to an empty skb [ 110.706872][ T6090] ip6t_srh: unknown srh invflags 7D00 [ 112.353722][ T2152] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 112.789077][ T2152] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 112.912985][ T6117] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 113.618475][ T5848] Bluetooth: hci4: command tx timeout [ 114.032893][ T6124] batman_adv: batadv0: Adding interface: dummy0 [ 114.079470][ T6124] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 114.157373][ T6124] batman_adv: batadv0: Interface activated: dummy0 [ 114.249488][ T6129] ptrace attach of "./syz-executor exec"[5834] was attempted by ""[6129] [ 115.051182][ T6127] net_ratelimit: 10 callbacks suppressed [ 115.051203][ T6127] batadv0: mtu less than device minimum [ 115.113611][ T6127] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 115.125748][ T6127] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 115.137968][ T6127] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 115.149930][ T6127] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 115.161938][ T6127] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 115.173976][ T6127] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 115.186065][ T6127] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 115.198106][ T6127] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 115.210095][ T6127] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 116.447109][ T6143] ip6t_srh: unknown srh invflags 7D00 [ 118.595384][ T5884] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 118.657986][ T5884] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 120.894299][ T6187] netlink: 'syz.0.79': attribute type 10 has an invalid length. [ 120.995212][ T6189] ip6t_srh: unknown srh invflags 7D00 [ 121.016374][ T6187] netlink: 40 bytes leftover after parsing attributes in process `syz.0.79'. [ 121.067147][ T6187] batadv0: entered promiscuous mode [ 121.072469][ T6187] batadv0: entered allmulticast mode [ 121.241396][ T6187] bridge0: port 3(batadv0) entered blocking state [ 121.263959][ T6187] bridge0: port 3(batadv0) entered disabled state [ 121.444916][ T6187] net_ratelimit: 10 callbacks suppressed [ 121.444938][ T6187] batman_adv: batadv0: Local translation table size (116) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:2a [ 121.583909][ T6187] bridge0: port 3(batadv0) entered blocking state [ 121.590768][ T6187] bridge0: port 3(batadv0) entered forwarding state [ 121.669234][ T6200] netlink: 8 bytes leftover after parsing attributes in process `syz.1.84'. [ 121.920942][ T53] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 121.930532][ T53] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 122.838131][ T975] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 123.308187][ T975] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 124.337517][ T6232] tipc: Started in network mode [ 124.344320][ T6232] tipc: Node identity 6, cluster identity 4711 [ 124.351200][ T6232] tipc: Node number set to 6 [ 124.831896][ T6239] ip6t_srh: unknown srh invflags 7D00 [ 125.147389][ C1] batman_adv: batadv0: Local translation table size (68) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 125.237882][ T6242] netlink: 8 bytes leftover after parsing attributes in process `syz.0.96'. [ 125.785962][ C0] batman_adv: batadv0: Local translation table size (68) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:1c [ 126.417983][ C1] batman_adv: batadv0: Local translation table size (68) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:1b [ 129.217031][ T5848] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 129.223466][ T5847] Bluetooth: hci0: command 0x0401 tx timeout [ 130.135724][ T6291] delete_channel: no stack [ 130.142607][ T6291] netlink: 'syz.2.114': attribute type 9 has an invalid length. [ 130.948528][ T6290] delete_channel: no stack [ 131.461890][ T5848] Bluetooth: hci0: command 0x0401 tx timeout [ 131.476980][ T5847] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 132.958822][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.965477][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.167139][ T6316] syz.2.121 (6316) used greatest stack depth: 18344 bytes left [ 134.547930][ T6339] delete_channel: no stack [ 134.578939][ T6339] netlink: 'syz.1.131': attribute type 9 has an invalid length. [ 135.329162][ T6337] delete_channel: no stack [ 135.456981][ T5848] Bluetooth: hci0: command 0x0401 tx timeout [ 135.463214][ T5847] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 138.927120][ T5848] Bluetooth: hci0: command 0x0401 tx timeout [ 138.934303][ T5847] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 140.294253][ T6385] tipc: Started in network mode [ 140.304017][ T6385] tipc: Node identity 6, cluster identity 4711 [ 140.718321][ T6385] tipc: Node number set to 6 [ 144.606994][ T5848] Bluetooth: hci0: command 0x0401 tx timeout [ 144.613467][ T5847] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 146.085932][ T6434] tipc: Started in network mode [ 146.092054][ T6434] tipc: Node identity 6, cluster identity 4711 [ 146.099088][ T6434] tipc: Node number set to 6 [ 147.132436][ T6431] delete_channel: no stack [ 149.505789][ T5847] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 149.547340][ T5847] Bluetooth: hci0: command 0x0401 tx timeout [ 149.577213][ T6465] netlink: 8 bytes leftover after parsing attributes in process `syz.1.172'. [ 152.438118][ T6496] lo speed is unknown, defaulting to 1000 [ 152.444829][ T6496] lo speed is unknown, defaulting to 1000 [ 152.477999][ T6497] evm: overlay not supported [ 152.492717][ T6496] lo speed is unknown, defaulting to 1000 [ 152.507969][ T6496] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 152.533790][ T6496] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 152.547912][ T6499] Cannot find map_set index 0 as target [ 153.133525][ T6496] lo speed is unknown, defaulting to 1000 [ 153.269164][ T6496] lo speed is unknown, defaulting to 1000 [ 153.327156][ T6496] lo speed is unknown, defaulting to 1000 [ 153.363079][ T6496] lo speed is unknown, defaulting to 1000 [ 153.600801][ T6496] lo speed is unknown, defaulting to 1000 [ 153.633226][ T6508] netlink: 8 bytes leftover after parsing attributes in process `syz.1.184'. [ 153.777818][ T5847] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 153.785153][ T5848] Bluetooth: hci0: command 0x0401 tx timeout [ 155.227103][ C1] batman_adv: batadv0: Local translation table size (68) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 155.537679][ T6527] mkiss: ax0: crc mode is auto. [ 158.349236][ T6555] siw: device registration error -23 [ 158.427038][ C0] batman_adv: batadv0: Local translation table size (68) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:1c [ 160.977961][ C1] batman_adv: batadv0: Local translation table size (68) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:1b [ 163.450459][ T6594] lo speed is unknown, defaulting to 1000 [ 163.831609][ T6600] siw: device registration error -23 [ 166.441370][ T6614] mkiss: ax0: crc mode is auto. [ 166.537099][ T6604] delete_channel: no stack [ 168.391354][ T6630] netlink: 16 bytes leftover after parsing attributes in process `syz.2.219'. [ 168.911980][ T6640] netlink: 12 bytes leftover after parsing attributes in process `syz.2.225'. [ 171.380617][ T6652] delete_channel: no stack [ 172.253370][ T6667] process 'syz.1.231' launched './file0' with NULL argv: empty string added [ 172.308811][ T6672] netlink: 48 bytes leftover after parsing attributes in process `syz.3.234'. [ 172.482813][ T6674] ip6gre1: entered allmulticast mode [ 176.900287][ T6695] delete_channel: no stack [ 178.055546][ T6715] netlink: 248 bytes leftover after parsing attributes in process `syz.1.248'. [ 178.065888][ T6715] unsupported nlmsg_type 40 [ 178.488267][ T6712] siw: device registration error -23 [ 182.860517][ T6746] delete_channel: no stack [ 184.087423][ T6762] netlink: 'syz.2.261': attribute type 30 has an invalid length. [ 184.128621][ T6764] netlink: 16 bytes leftover after parsing attributes in process `syz.1.263'. [ 187.817831][ T6791] delete_channel: no stack [ 187.894895][ T6801] bridge0: port 3(netdevsim2) entered blocking state [ 187.902301][ T6801] bridge0: port 3(netdevsim2) entered disabled state [ 187.910312][ T6801] netdevsim netdevsim3 netdevsim2: entered allmulticast mode [ 187.927748][ T6801] netdevsim netdevsim3 netdevsim2: entered promiscuous mode [ 187.937432][ T6801] bridge0: port 3(netdevsim2) entered blocking state [ 187.944617][ T6801] bridge0: port 3(netdevsim2) entered forwarding state [ 188.024323][ T6804] netlink: 32 bytes leftover after parsing attributes in process `syz.0.274'. [ 190.404753][ T5884] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 190.424004][ T5884] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 192.744225][ T6838] netlink: 16 bytes leftover after parsing attributes in process `syz.0.281'. [ 193.749851][ T6841] delete_channel: no stack [ 194.621385][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.627994][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.654465][ T6849] lo speed is unknown, defaulting to 1000 [ 194.861143][ T6853] siw: device registration error -23 [ 195.688933][ T6857] netlink: 32 bytes leftover after parsing attributes in process `syz.1.288'. [ 200.716956][ T6878] mkiss: ax0: crc mode is auto. [ 201.344979][ T5847] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 201.355304][ T5847] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 201.372820][ T5847] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 201.384732][ T5847] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 201.393134][ T5847] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 201.525706][ T5954] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 202.559929][ T6887] lo speed is unknown, defaulting to 1000 [ 202.993550][ T5954] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.359984][ T6902] netlink: 32 bytes leftover after parsing attributes in process `syz.1.300'. [ 203.459845][ T5847] Bluetooth: hci0: command tx timeout [ 205.536857][ T5847] Bluetooth: hci0: command tx timeout [ 206.041200][ T5954] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.625228][ T5847] Bluetooth: hci0: command tx timeout [ 207.650131][ T5954] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.127257][ T6928] batman_adv: batadv0: Local translation table size (68) exceeds maximum packet size (-320); Ignoring new local tt entry: 80:00:00:00:00:85 [ 209.697434][ T5154] Bluetooth: hci0: command tx timeout [ 209.789518][ T6940] netlink: 32 bytes leftover after parsing attributes in process `syz.1.312'. [ 211.803367][ T6887] chnl_net:caif_netlink_parms(): no params data found [ 211.806843][ T5154] Bluetooth: hci1: command 0x0406 tx timeout [ 211.816243][ T5154] Bluetooth: hci2: command 0x0406 tx timeout [ 211.824084][ T5838] Bluetooth: hci3: command 0x0406 tx timeout [ 212.479729][ T5954] bridge_slave_1: left allmulticast mode [ 212.485719][ T5954] bridge_slave_1: left promiscuous mode [ 212.500697][ T5954] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.189604][ T5954] bridge_slave_0: left allmulticast mode [ 214.666171][ T5954] bridge_slave_0: left promiscuous mode [ 214.673252][ T5954] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.561275][ T5954] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 217.573380][ T5954] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 217.585549][ T5954] bond0 (unregistering): Released all slaves [ 218.000985][ T6998] netlink: 32 bytes leftover after parsing attributes in process `syz.1.324'. [ 218.733779][ T5954] tipc: Left network mode [ 219.859699][ C1] batman_adv: batadv0: Local translation table size (68) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 224.985122][ C0] batman_adv: batadv0: Local translation table size (68) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:1c [ 225.313214][ T6887] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.423312][ T6887] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.541501][ T6887] bridge_slave_0: entered allmulticast mode [ 225.770226][ T6887] bridge_slave_0: entered promiscuous mode [ 226.036621][ T6887] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.071766][ T7046] batman_adv: batadv0: Local translation table size (68) exceeds maximum packet size (-320); Ignoring new local tt entry: 80:00:00:00:00:85 [ 226.088660][ T6887] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.095983][ T6887] bridge_slave_1: entered allmulticast mode [ 226.192678][ T6887] bridge_slave_1: entered promiscuous mode [ 228.913318][ T7062] bridge0: port 3(netdevsim2) entered blocking state [ 228.922976][ T7062] bridge0: port 3(netdevsim2) entered disabled state [ 228.929925][ T7062] netdevsim netdevsim1 netdevsim2: entered allmulticast mode [ 228.939174][ T7062] netdevsim netdevsim1 netdevsim2: entered promiscuous mode [ 228.950149][ T7062] bridge0: port 3(netdevsim2) entered blocking state [ 228.956987][ T7062] bridge0: port 3(netdevsim2) entered forwarding state [ 229.629364][ T6887] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 230.108493][ C1] batman_adv: batadv0: Local translation table size (68) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:1b [ 230.626855][ T5954] hsr_slave_0: left promiscuous mode [ 230.682338][ T5954] hsr_slave_1: left promiscuous mode [ 230.908729][ T5954] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 230.984986][ T5954] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 231.202834][ T5954] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 231.235535][ T5954] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 232.196772][ T5954] veth1_macvtap: left promiscuous mode [ 232.237888][ T5954] veth0_macvtap: left promiscuous mode [ 232.255431][ T5954] veth1_vlan: left promiscuous mode [ 232.287210][ T5954] veth0_vlan: left promiscuous mode [ 234.366152][ T5954] team0 (unregistering): Port device team_slave_1 removed [ 234.532366][ T5954] team0 (unregistering): Port device team_slave_0 removed [ 236.546491][ T6887] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 237.258431][ T7111] tipc: Started in network mode [ 237.263421][ T7111] tipc: Node identity 6, cluster identity 4711 [ 237.391930][ T55] Bluetooth: hci4: command 0x0406 tx timeout [ 237.499652][ T7111] tipc: Node number set to 6 [ 237.507529][ T7126] bridge0: port 4(netdevsim2) entered blocking state [ 237.514326][ T7126] bridge0: port 4(netdevsim2) entered disabled state [ 237.521364][ T7126] netdevsim netdevsim0 netdevsim2: entered allmulticast mode [ 237.535400][ T7126] netdevsim netdevsim0 netdevsim2: entered promiscuous mode [ 237.543878][ T7126] bridge0: port 4(netdevsim2) entered blocking state [ 237.550797][ T7126] bridge0: port 4(netdevsim2) entered forwarding state [ 238.405217][ T6887] team0: Port device team_slave_0 added [ 238.668740][ T6887] team0: Port device team_slave_1 added [ 239.521423][ T6887] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 239.605804][ T6887] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.676779][ T6887] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 239.737133][ T6887] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 239.744392][ T6887] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.773217][ T6887] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 240.369681][ T7153] mkiss: ax0: crc mode is auto. [ 242.363115][ T6887] hsr_slave_0: entered promiscuous mode [ 242.387445][ T6887] hsr_slave_1: entered promiscuous mode [ 242.618320][ T6887] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 242.626046][ T6887] Cannot create hsr debugfs directory [ 246.615532][ T6887] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 247.172571][ T6887] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 247.783805][ T6887] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 248.157080][ T6887] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 249.112479][ T6887] 8021q: adding VLAN 0 to HW filter on device bond0 [ 249.449824][ T6887] 8021q: adding VLAN 0 to HW filter on device team0 [ 249.819843][ T1165] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.827091][ T1165] bridge0: port 1(bridge_slave_0) entered forwarding state [ 249.940630][ T1165] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.947883][ T1165] bridge0: port 2(bridge_slave_1) entered forwarding state [ 253.115148][ T6887] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 253.848633][ T7322] bridge0: port 3(netdevsim2) entered blocking state [ 253.855960][ T7322] bridge0: port 3(netdevsim2) entered disabled state [ 253.863804][ T7322] netdevsim netdevsim4 netdevsim2: entered allmulticast mode [ 253.880237][ T7322] netdevsim netdevsim4 netdevsim2: entered promiscuous mode [ 253.890413][ T7322] bridge0: port 3(netdevsim2) entered blocking state [ 253.897272][ T7322] bridge0: port 3(netdevsim2) entered forwarding state [ 255.699662][ T6887] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 255.707404][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.717148][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 260.913585][ T7396] delete_channel: no stack [ 261.219385][ T7409] mkiss: ax0: crc mode is auto. [ 264.557214][ T7433] team_slave_0: entered promiscuous mode [ 264.562967][ T7433] team_slave_1: entered promiscuous mode [ 265.467223][ T7433] macsec1: entered promiscuous mode [ 265.478341][ T7433] team0: entered promiscuous mode [ 265.817713][ T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 266.079681][ T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 266.091694][ T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 266.110971][ T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 266.124265][ T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 266.745205][ T7450] lo speed is unknown, defaulting to 1000 [ 268.049144][ T7478] netlink: 16 bytes leftover after parsing attributes in process `syz.1.427'. [ 268.577940][ T5847] Bluetooth: hci0: command tx timeout [ 268.779078][ T7472] bridge0: port 3(netdevsim2) entered disabled state [ 268.786065][ T7472] bridge0: port 2(bridge_slave_1) entered disabled state [ 268.794959][ T7472] bridge0: port 1(bridge_slave_0) entered disabled state [ 269.065591][ T7472] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 269.107491][ T7472] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 269.385558][ T7472] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 269.413435][ T7472] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 269.442200][ T7472] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 269.461586][ T7472] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 269.607874][ T7472] team0: left promiscuous mode [ 269.618426][ T7472] team_slave_0: left promiscuous mode [ 269.634320][ T7472] team_slave_1: left promiscuous mode [ 269.640854][ T7472] macsec1: left promiscuous mode [ 270.186206][ T7450] chnl_net:caif_netlink_parms(): no params data found [ 270.874124][ T5847] Bluetooth: hci0: command tx timeout [ 272.495455][ T7450] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.513724][ T7536] ptrace attach of "./syz-executor exec"[5832] was attempted by "./syz-executor exec"[7536] [ 272.548791][ T7450] bridge0: port 1(bridge_slave_0) entered disabled state [ 272.601778][ T7450] bridge_slave_0: entered allmulticast mode [ 272.654845][ T7450] bridge_slave_0: entered promiscuous mode [ 272.696362][ T7450] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.891083][ T7450] bridge0: port 2(bridge_slave_1) entered disabled state [ 272.898802][ T5847] Bluetooth: hci0: command tx timeout [ 272.904517][ T7450] bridge_slave_1: entered allmulticast mode [ 272.912353][ T7450] bridge_slave_1: entered promiscuous mode [ 272.990464][ T7542] netlink: 104 bytes leftover after parsing attributes in process `syz.0.442'. [ 273.920503][ T7450] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 274.661021][ T7450] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 275.004857][ T5847] Bluetooth: hci0: command tx timeout [ 275.196592][ T7450] team0: Port device team_slave_0 added [ 275.952085][ T7450] team0: Port device team_slave_1 added [ 276.250577][ T7450] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 276.276792][ T7450] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 276.348963][ T7450] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 276.380557][ T7450] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 276.418245][ T7450] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 276.509099][ T7450] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 276.923347][ T7450] hsr_slave_0: entered promiscuous mode [ 276.972956][ T7450] hsr_slave_1: entered promiscuous mode [ 276.990879][ T7450] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 277.836818][ T7450] Cannot create hsr debugfs directory [ 278.379881][ T7596] tipc: New replicast peer: 255.255.255.255 [ 279.143693][ T7596] tipc: Enabled bearer , priority 10 [ 279.239844][ T7598] netlink: 12 bytes leftover after parsing attributes in process `syz.1.454'. [ 279.419100][ T7598] tipc: Disabling bearer [ 280.385300][ T7600] delete_channel: no stack [ 280.982091][ T7624] ptrace attach of "./syz-executor exec"[5844] was attempted by "./syz-executor exec"[7624] [ 283.172069][ T7655] ip6gre1: entered allmulticast mode [ 287.007617][ T7675] delete_channel: no stack [ 288.143174][ T7450] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 288.921810][ T7450] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 289.243326][ T7450] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 289.859203][ T7450] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 289.979545][ T7709] syz.0.476: attempt to access beyond end of device [ 289.979545][ T7709] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 290.491446][ T7450] 8021q: adding VLAN 0 to HW filter on device bond0 [ 290.795956][ T7728] mkiss: ax0: crc mode is auto. [ 290.815907][ T7450] 8021q: adding VLAN 0 to HW filter on device team0 [ 291.586275][ T975] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 291.594679][ T1087] bridge0: port 1(bridge_slave_0) entered blocking state [ 291.601884][ T1087] bridge0: port 1(bridge_slave_0) entered forwarding state [ 291.681566][ T1087] bridge0: port 2(bridge_slave_1) entered blocking state [ 291.688814][ T1087] bridge0: port 2(bridge_slave_1) entered forwarding state [ 291.784355][ T975] usb 5-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 291.818863][ T975] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.907393][ T975] usb 5-1: config 0 descriptor?? [ 291.992017][ T975] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 293.871234][ T7761] mkiss: ax0: crc mode is auto. [ 294.201625][ T975] gp8psk: usb in 128 operation failed. [ 294.746507][ T975] gp8psk: usb in 137 operation failed. [ 294.753892][ T975] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 294.827570][ T975] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 294.875498][ T7450] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 294.908130][ T975] usb 5-1: USB disconnect, device number 2 [ 296.415890][ T7790] mkiss: ax0: crc mode is auto. [ 298.157099][ T7821] netlink: 16 bytes leftover after parsing attributes in process `syz.4.500'. [ 298.315950][ T7816] lo speed is unknown, defaulting to 1000 [ 298.448692][ T7822] mkiss: ax0: crc mode is auto. [ 299.438781][ T7450] veth0_vlan: entered promiscuous mode [ 299.570524][ T7450] veth1_vlan: entered promiscuous mode [ 299.944735][ T7450] veth0_macvtap: entered promiscuous mode [ 300.093934][ T7450] veth1_macvtap: entered promiscuous mode [ 300.934192][ T7450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 300.974322][ T7450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 301.006164][ T7450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 301.024252][ T7450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 301.038664][ T7450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 301.087289][ T7848] syz.0.506 (7848) used greatest stack depth: 17648 bytes left [ 301.924566][ T7450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 301.952201][ T7450] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 302.037948][ T7450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 302.049545][ T7450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.094310][ T7450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 302.126962][ T7450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.170219][ T7450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 302.181444][ T7862] netlink: 40 bytes leftover after parsing attributes in process `syz.0.511'. [ 302.216801][ T7450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.454962][ T7450] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 302.496271][ T7450] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.519678][ T7450] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.529485][ T7450] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 303.276478][ T7450] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 304.078051][ T7174] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 304.156960][ T7174] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 304.267214][ T7878] delete_channel: no stack [ 304.383734][ T2993] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 304.422442][ T2993] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 305.715329][ T10] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 305.757580][ T10] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz1] on syz0 [ 308.477462][ T7938] delete_channel: no stack [ 309.289400][ T7923] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 309.367762][ T7958] capability: warning: `syz.1.524' uses 32-bit capabilities (legacy support in use) [ 310.256763][ T5884] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 310.270872][ T5884] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz1] on syz0 [ 310.471697][ T7971] netlink: 20 bytes leftover after parsing attributes in process `syz.0.531'. [ 311.233516][ T7978] bridge0: port 3(netdevsim2) entered blocking state [ 311.241074][ T7978] bridge0: port 3(netdevsim2) entered disabled state [ 311.249027][ T7978] netdevsim netdevsim5 netdevsim2: entered allmulticast mode [ 311.266205][ T7978] netdevsim netdevsim5 netdevsim2: entered promiscuous mode [ 311.277418][ T7978] bridge0: port 3(netdevsim2) entered blocking state [ 311.284269][ T7978] bridge0: port 3(netdevsim2) entered forwarding state [ 312.295958][ T7992] ptrace attach of "./syz-executor exec"[5843] was attempted by "./syz-executor exec"[7992] [ 312.313297][ T7992] Bluetooth: MGMT ver 1.23 [ 313.103983][ T7995] delete_channel: no stack [ 314.343240][ T5847] Bluetooth: hci0: command tx timeout [ 314.433257][ T5915] libceph: connect (1)[c::]:6789 error -101 [ 314.457991][ T5915] libceph: mon0 (1)[c::]:6789 connect error [ 315.428234][ T5884] libceph: connect (1)[c::]:6789 error -101 [ 315.455038][ T8015] ceph: No mds server is up or the cluster is laggy [ 315.485221][ T5884] libceph: mon0 (1)[c::]:6789 connect error [ 315.501523][ T5915] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 316.052974][ T5884] libceph: connect (1)[c::]:6789 error -101 [ 316.062882][ T5915] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.00 Device [syz1] on syz0 [ 316.079662][ T5884] libceph: mon0 (1)[c::]:6789 connect error [ 316.558367][ T8036] xt_CT: You must specify a L4 protocol and not use inversions on it [ 317.218234][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.248843][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.556394][ T8053] delete_channel: no stack [ 320.985715][ T8073] ip6t_srh: unknown srh invflags 7D00 [ 321.265153][ T5915] libceph: connect (1)[c::]:6789 error -101 [ 321.271472][ T5915] libceph: mon0 (1)[c::]:6789 connect error [ 321.286540][ T8078] ip6gre1: entered allmulticast mode [ 321.291527][ T5916] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 321.542672][ T975] libceph: connect (1)[c::]:6789 error -101 [ 321.554213][ T975] libceph: mon0 (1)[c::]:6789 connect error [ 322.001092][ T5916] hid-generic 0000:0000:0000.0009: hidraw0: HID v0.00 Device [syz1] on syz0 [ 322.018126][ T8076] ceph: No mds server is up or the cluster is laggy [ 322.770539][ T975] libceph: connect (1)[c::]:6789 error -101 [ 322.776830][ T975] libceph: mon0 (1)[c::]:6789 connect error [ 322.827741][ T8092] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nbd5": -EINTR [ 324.868576][ T8118] netlink: 'syz.1.570': attribute type 9 has an invalid length. [ 325.873534][ T8117] delete_channel: no stack [ 325.897759][ T8117] delete_channel: no stack [ 329.640296][ T5916] libceph: connect (1)[c::]:6789 error -101 [ 329.657470][ T5916] libceph: mon0 (1)[c::]:6789 connect error [ 329.890326][ T8139] ceph: No mds server is up or the cluster is laggy [ 329.937832][ T5916] libceph: connect (1)[c::]:6789 error -101 [ 329.949957][ T5916] libceph: mon0 (1)[c::]:6789 connect error [ 330.594865][ T8174] netlink: 20 bytes leftover after parsing attributes in process `syz.3.585'. [ 330.686548][ T8175] NILFS (nullb0): couldn't find nilfs on the device [ 331.654800][ T8182] netlink: 'syz.3.586': attribute type 9 has an invalid length. [ 332.707764][ T8181] delete_channel: no stack [ 332.737244][ T8181] delete_channel: no stack [ 336.620637][ T8219] ================================================================== [ 336.628741][ T8219] BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x31/0x190 [ 336.637859][ T8219] Read of size 8 at addr ffff8880288fe708 by task syz.0.595/8219 [ 336.645585][ T8219] [ 336.647921][ T8219] CPU: 1 UID: 0 PID: 8219 Comm: syz.0.595 Not tainted 6.15.0-rc1-next-20250410-syzkaller #0 PREEMPT(full) [ 336.647940][ T8219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 336.647949][ T8219] Call Trace: [ 336.647956][ T8219] [ 336.647963][ T8219] dump_stack_lvl+0x241/0x360 [ 336.647990][ T8219] ? __pfx_dump_stack_lvl+0x10/0x10 [ 336.648011][ T8219] ? rcu_is_watching+0x15/0xb0 [ 336.648029][ T8219] ? __virt_addr_valid+0x183/0x530 [ 336.648048][ T8219] ? lock_release+0x4e/0x3e0 [ 336.648062][ T8219] ? __virt_addr_valid+0x183/0x530 [ 336.648080][ T8219] ? __virt_addr_valid+0x183/0x530 [ 336.648100][ T8219] print_report+0x16e/0x5b0 [ 336.648118][ T8219] ? __virt_addr_valid+0x183/0x530 [ 336.648135][ T8219] ? __virt_addr_valid+0x183/0x530 [ 336.648153][ T8219] ? __virt_addr_valid+0x45f/0x530 [ 336.648175][ T8219] ? __phys_addr+0xba/0x170 [ 336.648194][ T8219] ? __list_del_entry_valid_or_report+0x31/0x190 [ 336.648214][ T8219] kasan_report+0x143/0x180 [ 336.648233][ T8219] ? __list_del_entry_valid_or_report+0x31/0x190 [ 336.648255][ T8219] __list_del_entry_valid_or_report+0x31/0x190 [ 336.648276][ T8219] mgmt_pending_remove+0x26/0x1a0 [ 336.648293][ T8219] mgmt_pending_foreach+0xd1/0x130 [ 336.648308][ T8219] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 336.648326][ T8219] mgmt_index_removed+0x135/0x3a0 [ 336.648344][ T8219] ? __pfx_mgmt_index_removed+0x10/0x10 [ 336.648361][ T8219] ? hci_sock_bind+0xd16/0x12d0 [ 336.648378][ T8219] ? mgmt_index_removed+0x15/0x3a0 [ 336.648396][ T8219] hci_sock_bind+0xd74/0x12d0 [ 336.648415][ T8219] ? __pfx_hci_sock_bind+0x10/0x10 [ 336.648431][ T8219] ? apparmor_socket_bind+0x100/0x1e0 [ 336.648456][ T8219] __sys_bind+0x1de/0x290 [ 336.648472][ T8219] ? __pfx___sys_bind+0x10/0x10 [ 336.648496][ T8219] __x64_sys_bind+0x7a/0x90 [ 336.648512][ T8219] do_syscall_64+0xf3/0x230 [ 336.648529][ T8219] ? clear_bhb_loop+0x45/0xa0 [ 336.648546][ T8219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.648564][ T8219] RIP: 0033:0x7fee4858d169 [ 336.648580][ T8219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 336.648592][ T8219] RSP: 002b:00007fee463d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 336.648614][ T8219] RAX: ffffffffffffffda RBX: 00007fee487a6080 RCX: 00007fee4858d169 [ 336.648625][ T8219] RDX: 0000000000000006 RSI: 0000200000000040 RDI: 0000000000000004 [ 336.648634][ T8219] RBP: 00007fee4860e990 R08: 0000000000000000 R09: 0000000000000000 [ 336.648662][ T8219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 336.648671][ T8219] R13: 0000000000000000 R14: 00007fee487a6080 R15: 00007ffe7e9e99f8 [ 336.648688][ T8219] [ 336.648693][ T8219] [ 336.915609][ T8219] Allocated by task 7992: [ 336.919956][ T8219] kasan_save_track+0x3f/0x80 [ 336.924639][ T8219] __kasan_kmalloc+0x9d/0xb0 [ 336.929243][ T8219] __kmalloc_cache_noprof+0x236/0x370 [ 336.934621][ T8219] mgmt_pending_new+0x65/0x250 [ 336.939391][ T8219] mgmt_pending_add+0x36/0x120 [ 336.944156][ T8219] set_link_security+0x61e/0x860 [ 336.949109][ T8219] hci_mgmt_cmd+0xa2e/0xf20 [ 336.953634][ T8219] hci_sock_sendmsg+0x7b8/0x11f0 [ 336.958579][ T8219] __sock_sendmsg+0x221/0x270 [ 336.963269][ T8219] sock_write_iter+0x2d9/0x3f0 [ 336.968070][ T8219] vfs_write+0x70f/0xd10 [ 336.972316][ T8219] ksys_write+0x19d/0x2d0 [ 336.976754][ T8219] do_syscall_64+0xf3/0x230 [ 336.981306][ T8219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.987204][ T8219] [ 336.989526][ T8219] Freed by task 8218: [ 336.993503][ T8219] kasan_save_track+0x3f/0x80 [ 336.998182][ T8219] kasan_save_free_info+0x40/0x50 [ 337.003213][ T8219] __kasan_slab_free+0x59/0x70 [ 337.007980][ T8219] kfree+0x198/0x430 [ 337.011883][ T8219] mgmt_pending_foreach+0xd1/0x130 [ 337.017015][ T8219] __mgmt_power_off+0x18b/0x440 [ 337.021876][ T8219] hci_dev_close_sync+0x701/0x1260 [ 337.027007][ T8219] hci_dev_close+0x112/0x210 [ 337.031681][ T8219] sock_do_ioctl+0x15a/0x490 [ 337.036277][ T8219] sock_ioctl+0x644/0x900 [ 337.040650][ T8219] __se_sys_ioctl+0xf1/0x160 [ 337.045262][ T8219] do_syscall_64+0xf3/0x230 [ 337.049776][ T8219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 337.055681][ T8219] [ 337.058001][ T8219] The buggy address belongs to the object at ffff8880288fe700 [ 337.058001][ T8219] which belongs to the cache kmalloc-96 of size 96 [ 337.072142][ T8219] The buggy address is located 8 bytes inside of [ 337.072142][ T8219] freed 96-byte region [ffff8880288fe700, ffff8880288fe760) [ 337.085712][ T8219] [ 337.088078][ T8219] The buggy address belongs to the physical page: [ 337.094483][ T8219] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x288fe [ 337.103239][ T8219] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 337.110370][ T8219] page_type: f5(slab) [ 337.114381][ T8219] raw: 00fff00000000000 ffff88801b041280 ffffea0000a74680 dead000000000002 [ 337.122975][ T8219] raw: 0000000000000000 0000000000200020 00000000f5000000 0000000000000000 [ 337.131559][ T8219] page dumped because: kasan: bad access detected [ 337.137973][ T8219] page_owner tracks the page as allocated [ 337.143680][ T8219] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6683, tgid 6681 (syz.3.238), ts 174364983082, free_ts 173437363863 [ 337.162881][ T8219] post_alloc_hook+0x1f4/0x240 [ 337.167650][ T8219] get_page_from_freelist+0x349b/0x3630 [ 337.173191][ T8219] __alloc_frozen_pages_noprof+0x211/0x5b0 [ 337.178996][ T8219] alloc_pages_mpol+0x339/0x690 [ 337.183868][ T8219] allocate_slab+0x8f/0x3a0 [ 337.188384][ T8219] ___slab_alloc+0xc3b/0x1500 [ 337.193081][ T8219] __slab_alloc+0x58/0xa0 [ 337.197434][ T8219] __kmalloc_noprof+0x2ea/0x4d0 [ 337.202304][ T8219] cfg80211_inform_single_bss_data+0xb46/0x1ed0 [ 337.208544][ T8219] cfg80211_inform_bss_data+0x3c5/0x5860 [ 337.214191][ T8219] cfg80211_inform_bss_frame_data+0x3c5/0x720 [ 337.220254][ T8219] ieee80211_bss_info_update+0x8ac/0xbc0 [ 337.225892][ T8219] ieee80211_scan_rx+0x526/0x9c0 [ 337.230825][ T8219] ieee80211_rx_list+0x28cd/0x3490 [ 337.235951][ T8219] ieee80211_rx_napi+0x187/0x3c0 [ 337.240890][ T8219] ieee80211_handle_queued_frames+0xe7/0x1e0 [ 337.246900][ T8219] page last free pid 6673 tgid 6673 stack trace: [ 337.253233][ T8219] __free_frozen_pages+0xde8/0x10a0 [ 337.258464][ T8219] __tlb_remove_table+0x36b/0x460 [ 337.263480][ T8219] tlb_remove_table_rcu+0x79/0xf0 [ 337.268501][ T8219] rcu_core+0xaac/0x17a0 [ 337.272737][ T8219] handle_softirqs+0x2d6/0x9b0 [ 337.277593][ T8219] __irq_exit_rcu+0xfb/0x220 [ 337.282194][ T8219] irq_exit_rcu+0x9/0x30 [ 337.286468][ T8219] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 337.292106][ T8219] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 337.298086][ T8219] [ 337.300405][ T8219] Memory state around the buggy address: [ 337.306042][ T8219] ffff8880288fe600: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 337.314111][ T8219] ffff8880288fe680: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 337.322189][ T8219] >ffff8880288fe700: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 337.330240][ T8219] ^ [ 337.334572][ T8219] ffff8880288fe780: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 337.342722][ T8219] ffff8880288fe800: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 337.350768][ T8219] ================================================================== [ 337.358912][ C1] vkms_vblank_simulate: vblank timer overrun [ 337.626950][ C1] batman_adv: batadv0: Local translation table size (68) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 337.756577][ T8219] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 337.763867][ T8219] CPU: 0 UID: 0 PID: 8219 Comm: syz.0.595 Not tainted 6.15.0-rc1-next-20250410-syzkaller #0 PREEMPT(full) [ 337.775264][ T8219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 337.785599][ T8219] Call Trace: [ 337.788880][ T8219] [ 337.791805][ T8219] dump_stack_lvl+0x241/0x360 [ 337.796510][ T8219] ? __pfx_dump_stack_lvl+0x10/0x10 [ 337.801747][ T8219] ? __pfx__printk+0x10/0x10 [ 337.806383][ T8219] ? vscnprintf+0x5d/0x90 [ 337.810757][ T8219] panic+0x349/0x880 [ 337.814700][ T8219] ? check_panic_on_warn+0x21/0xb0 [ 337.819853][ T8219] ? __pfx_panic+0x10/0x10 [ 337.824282][ T8219] ? _raw_spin_unlock_irqrestore+0x134/0x140 [ 337.830351][ T8219] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 337.836691][ T8219] ? print_report+0x519/0x5b0 [ 337.841380][ T8219] check_panic_on_warn+0x86/0xb0 [ 337.846324][ T8219] ? __list_del_entry_valid_or_report+0x31/0x190 [ 337.852682][ T8219] end_report+0x77/0x160 [ 337.856940][ T8219] kasan_report+0x154/0x180 [ 337.861464][ T8219] ? __list_del_entry_valid_or_report+0x31/0x190 [ 337.867804][ T8219] __list_del_entry_valid_or_report+0x31/0x190 [ 337.873968][ T8219] mgmt_pending_remove+0x26/0x1a0 [ 337.879023][ T8219] mgmt_pending_foreach+0xd1/0x130 [ 337.884236][ T8219] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 337.889614][ T8219] mgmt_index_removed+0x135/0x3a0 [ 337.894652][ T8219] ? __pfx_mgmt_index_removed+0x10/0x10 [ 337.900208][ T8219] ? hci_sock_bind+0xd16/0x12d0 [ 337.905070][ T8219] ? mgmt_index_removed+0x15/0x3a0 [ 337.910199][ T8219] hci_sock_bind+0xd74/0x12d0 [ 337.914892][ T8219] ? __pfx_hci_sock_bind+0x10/0x10 [ 337.920022][ T8219] ? apparmor_socket_bind+0x100/0x1e0 [ 337.925418][ T8219] __sys_bind+0x1de/0x290 [ 337.929760][ T8219] ? __pfx___sys_bind+0x10/0x10 [ 337.934632][ T8219] __x64_sys_bind+0x7a/0x90 [ 337.939142][ T8219] do_syscall_64+0xf3/0x230 [ 337.943655][ T8219] ? clear_bhb_loop+0x45/0xa0 [ 337.948345][ T8219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 337.954245][ T8219] RIP: 0033:0x7fee4858d169 [ 337.958667][ T8219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 337.978277][ T8219] RSP: 002b:00007fee463d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 337.986706][ T8219] RAX: ffffffffffffffda RBX: 00007fee487a6080 RCX: 00007fee4858d169 [ 337.994683][ T8219] RDX: 0000000000000006 RSI: 0000200000000040 RDI: 0000000000000004 [ 338.002663][ T8219] RBP: 00007fee4860e990 R08: 0000000000000000 R09: 0000000000000000 [ 338.010649][ T8219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 338.018627][ T8219] R13: 0000000000000000 R14: 00007fee487a6080 R15: 00007ffe7e9e99f8 [ 338.026623][ T8219] [ 338.030072][ T8219] Kernel Offset: disabled [ 338.034404][ T8219] Rebooting in 86400 seconds..