last executing test programs: 11.816987598s ago: executing program 3 (id=4): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4001af84, 0x0) 11.329645966s ago: executing program 2 (id=3): r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100024286bd10b00d815522f90102030109021200019ddb10010904"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x1e, 0x0, &(0x7f0000000440)={0x0, 0x3, 0x2, @lang_id={0x0, 0x3, 0x41a}}, 0x0, 0x0}, 0x0) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000240)={0x40, 0xe}, 0x0, 0x0}) 10.669116614s ago: executing program 3 (id=6): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000000)={@remote, @multicast1, 0x4, "d30f388c52647612d91de4353d68b0fa00", 0x0, 0x0, 0x4000000, 0x8}, 0x3c) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000280)={@broadcast, @multicast1, 0x0, "7ea97ddb2ac127ffa5b7216fe75ebaa2855a422a8bf8ec7caf003751804500", 0x0, 0x0, 0x4, 0xfffffffe}, 0x3c) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000200)={@empty, @private, 0x0, "606b177019716ea6ff1f4d7ed79c31e2e0f1da00000000230000002000", 0x1, 0x0, 0x3, 0x8}, 0x3c) setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f00000003c0)=0xa, 0x4) 9.631720965s ago: executing program 3 (id=7): socket$packet(0x11, 0x3, 0x300) socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) timerfd_create(0x8, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x40505330, 0x0) r2 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x82002) ioctl$CEC_S_MODE(r2, 0x40046109, 0x0) close(r2) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2) mmap(&(0x7f00000bb000/0x14000)=nil, 0x14000, 0x2, 0x31, 0xffffffffffffffff, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) syz_open_dev$usbmon(0x0, 0x7, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=@newlink={0x34, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @lowpan={{0xb}, {0x4}}}]}, 0x34}}, 0x0) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000480)={0x2020}, 0x2020) 7.893094929s ago: executing program 2 (id=8): r0 = syz_open_dev$loop(&(0x7f0000000000), 0xb, 0x8280) ioctl$LOOP_CLR_FD(r0, 0x4c01) 7.242647432s ago: executing program 0 (id=1): r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a000008048002000905", @ANYRES64], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r1, 0x0, 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r2, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r0) 6.59066144s ago: executing program 1 (id=2): socket$kcm(0x29, 0x5, 0x0) r0 = landlock_create_ruleset(&(0x7f0000000080)={0xd60b, 0x2}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = syz_io_uring_setup(0x1238, &(0x7f0000000380)={0x0, 0x80fd, 0x80, 0x2, 0xab9}, &(0x7f0000000040)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffff4, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r1, 0x80, &(0x7f0000000080)=@l2tp={0x2, 0x0, @local, 0x3}}) io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) dup2(r5, r1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) 6.256817545s ago: executing program 2 (id=9): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_procfs(0x0, 0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_MOD(r4, 0x3, r3, &(0x7f0000000c40)={0x20002012}) r5 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r5, 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x40400d5) sendmsg$tipc(r5, 0x0, 0x0) setsockopt$TIPC_GROUP_LEAVE(0xffffffffffffffff, 0x10f, 0x88) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000002200)='/proc/diskstats\x00', 0x0, 0x0) read$FUSE(r6, &(0x7f0000000180)={0x2020}, 0x2024) 5.534962925s ago: executing program 4 (id=5): r0 = syz_open_dev$video(&(0x7f0000000000), 0x40000000000101, 0xab02) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000100)={0x9, @pix={0x3, 0x4, 0x31303453, 0x2, 0x1000003, 0x4, 0x2, 0x3, 0x1, 0x1, 0x3, 0x7}}) 4.345914043s ago: executing program 4 (id=10): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) timer_create(0x7, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x4}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) sendmmsg$inet(r0, &(0x7f0000001c00)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, 0x0}}], 0x1, 0x20008000) getsockopt$IP_VS_SO_GET_TIMEOUT(r0, 0x0, 0x486, 0x0, 0x0) 3.78355854s ago: executing program 0 (id=11): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x108) mkdirat(0xffffffffffffff9c, &(0x7f0000000300)='./file2\x00', 0x48) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) chdir(&(0x7f0000000000)='./file0\x00') sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000001, 0xb0e461948fbced1f, 0xffffffffffffffff, 0x8000000) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x4000, 0xa00}]) 2.780671344s ago: executing program 0 (id=12): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r3 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, 0x0) 2.16427827s ago: executing program 4 (id=13): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, 0x0, 0x40) 1.089535668s ago: executing program 4 (id=14): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_open_dev$video4linux(&(0x7f0000000040), 0x7fff, 0x48b03) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r2, 0x80085665, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000dc0)={0x38, 0x5, 0x8, 0x9, 0x0, 0x9, 0x0, 0xaa, 0xfa11, 0xffffffff}, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000001000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff000000004e04010000000000d3400202010000004704000001ed00007b130000000000001d440200000000007a0a00fe00ffffffc3030000e1000000b5000000000000009500000000000000023bc065b7a379d17cf9333379fc9e94af69912435f1a864a710aad58db6a6c3692e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c5181554a090f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5be14ecf7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e347a8ad880d2cd829b847400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c35b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af8612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5e69048ddff6da409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03fb8a63e089679216da18ec0ae564162a27afea62d84f3a10746443d64364f50000e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc286463a2b1e992894269f478341d02d0f5ad4bcb524a5a17f48a7382f13d000000225d85ae49cee383dc5049076b98fb6853ab39e415140200000020cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d710b651f898ba749e40bc6980fe78683ac5c0c31030699ddd71063be9261b2e1aab1675b34a22048516d6aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe0e669e5e20100005353193f82ade69d0540059fe6c7fe7cd8697502c7596566d6740300da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc02290beaeb883418f562ae00003ea96d10f172c0374d6eed82641687f3b3a70bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24c87afce829ba0f85da6d8a8f18ea40ab959f6074ab2a4009b9e5f07ab5138aa6e3d37fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0cbe02b6e4114f244a9bf93f04beb72f0861f7580e6b0b384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a9b702cc1b6912a1e717d29135753208160fb04c98375b9cdbae2ed9dc7358f0ebadde0b728fe26e37037f27feeb741680f6f2f9a6a8346962a350845ffa0d829e4f79ad7d87906943408e6df3adbfd03aac93df8866fb010aecfed9092ca4d0f3e1116a0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a530600d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91114a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe92c7719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b1dba94a6ea80c33ead5722c3293986e02c8e0a6dda1eca493f14795bd068826fe8df15efaaeea831555877f958a19e499666a38d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a8784d0899ed888141e2fae6691d1aee1da02ba516467df3e7d1daac19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa57d2c93f49c47944fec01a8aa7749f3187e9efb00000000e0884160b765b07ec9ba020362310223c81e48d6d3b6e5b50d45248efe43a409773e3ed01cd663f3aaab9e1c0000f43b64bb54e5b30be3399e3dd1eb1cfd1935a323023fe5792879833c7eb356b95cfb135045b1d8f7da2fa5bfedef411d0791523a9e64c884e9dfed9cd413afe66bd8ee831cdb34726fe0434fbf44c7b33a853330bcaf37ba4e36705807468b37d32087e599165f1bce015145444ef5967b443222f46173cc876015b2d1874be9846f7c1653c02d2ef9a75fdc45820c69bbe1cb575f9aa21aa9d3d58bd5e5fe026142a72e24049b8400c4a28b2d5db8d5f53cb354fba19975fb0b3739baae51cb4b034993ef1463dcdba2da419b320420efdd091d7f6e83c8ac2ccc6c9392a42a33907421ab847c9590c213eda9a7e1db598a23e75a3c0933fc803ca994a86476b995c37c445f68fd99fb4d335ff00d15bc4630c993fffffe000000000000a236a791bcb6eff8d488041db6b8f2c158c2c3f4baacd0c8cc7eb1fd7fba93237e598771cf6f281aa72139"], &(0x7f00000001c0)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) close(r3) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x2) ioctl$SNDRV_TIMER_IOCTL_INFO(r4, 0x80e85411, &(0x7f0000000400)) r5 = getpid() r6 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$bt_hci(r6, 0x84, 0xd, &(0x7f0000003140)=""/4111, &(0x7f0000000000)=0x4) sched_setattr(r5, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c0007801800018014000240"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) sendmsg$IPSET_CMD_DESTROY(r7, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0000000306010400000000000000000200e704050001000700000030692b5aebac0cd17186e7779be9ab9e218cc6ca0af0bd83226a6865a9f66727"], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x20000080) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f00000001c0)={0x1, 0x0, [{0x8f}]}) r11 = socket$nl_generic(0x10, 0x3, 0x10) lsetxattr$security_evm(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000980), &(0x7f00000009c0)=@sha1={0x1, "fead377ca02a28d4d179e1133a58ac42d511b6f3"}, 0x15, 0x0) ioctl$BTRFS_IOC_SET_FEATURES(r9, 0x40309439, &(0x7f0000000100)={0x2, 0x2, 0x4}) r12 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) write$FUSE_DIRENT(r7, &(0x7f0000000a40)={0x80, 0x0, 0x0, [{0x0, 0x7fffffff, 0xb, 0x80000001, '/dev/ttyS3\x00'}, {0x1, 0xffffffffffffffff, 0xb, 0x7, '/dev/ttyS3\x00'}, {0x0, 0x7fffffff, 0x4, 0x7, 'GPL\x00'}]}, 0x80) sendmsg$L2TP_CMD_TUNNEL_CREATE(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x3c, r12, 0x917, 0x70bd24, 0x0, {0x1, 0x0, 0xffff}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_FD={0x8}]}, 0x3c}, 0x1, 0x620b}, 0x0) 578.769546ms ago: executing program 2 (id=15): r0 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000) ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"2ac78e02ff04856af9fb71f0d3fe13be", "3dfab043e15fad27a639f105b5e9f977", "47ebaf8a0eb3400000000100000065cc"}, 0x6}) preadv(r0, &(0x7f0000000480)=[{&(0x7f0000000000)=""/10, 0xa}], 0x1, 0x1, 0xd) 374.257869ms ago: executing program 1 (id=16): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@local}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x8}) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000240)={@local}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) 0s ago: executing program 3 (id=17): r0 = syz_open_dev$loop(&(0x7f0000000100), 0xfffffffffffffff7, 0x2001) ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000500)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.13' (ED25519) to the list of known hosts. [ 190.167165][ T5754] cgroup: Unknown subsys name 'net' [ 190.301295][ T5754] cgroup: Unknown subsys name 'cpuset' [ 190.317176][ T5754] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 197.335937][ T5754] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 203.306180][ T5772] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 203.336145][ T5772] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 203.345784][ T5772] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 203.360036][ T5772] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 203.386613][ T5777] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 203.411754][ T5070] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 203.422328][ T5070] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 203.447630][ T49] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 203.472767][ T5780] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 203.476355][ T49] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 203.491411][ T5780] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 203.506433][ T5780] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 203.506491][ T49] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 203.526528][ T5780] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 203.527209][ T49] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 203.595803][ T5777] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 203.616330][ T5777] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 203.621892][ T5780] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 203.632177][ T5777] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 203.636256][ T5780] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 203.649585][ T5780] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 203.662149][ T5780] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 203.678497][ T5780] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 203.688430][ T5780] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 203.718864][ T5780] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 204.137172][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 204.144008][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 205.118696][ T5778] chnl_net:caif_netlink_parms(): no params data found [ 205.455287][ T49] Bluetooth: hci0: command tx timeout [ 205.536226][ T5782] chnl_net:caif_netlink_parms(): no params data found [ 205.615386][ T49] Bluetooth: hci2: command tx timeout [ 205.615440][ T5772] Bluetooth: hci1: command tx timeout [ 205.775353][ T49] Bluetooth: hci4: command tx timeout [ 205.775805][ T5772] Bluetooth: hci3: command tx timeout [ 206.240419][ T5778] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.256886][ T5778] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.264591][ T5778] bridge_slave_0: entered allmulticast mode [ 206.279214][ T5778] bridge_slave_0: entered promiscuous mode [ 206.308266][ T5773] chnl_net:caif_netlink_parms(): no params data found [ 206.338482][ T5778] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.347444][ T5778] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.356673][ T5778] bridge_slave_1: entered allmulticast mode [ 206.367920][ T5778] bridge_slave_1: entered promiscuous mode [ 206.382956][ T5775] chnl_net:caif_netlink_parms(): no params data found [ 206.557450][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 206.776847][ T5778] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 206.811071][ T5778] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.067977][ T5782] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.079160][ T5782] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.094177][ T5782] bridge_slave_0: entered allmulticast mode [ 207.110467][ T5782] bridge_slave_0: entered promiscuous mode [ 207.144312][ T5778] team0: Port device team_slave_0 added [ 207.152956][ T5782] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.195674][ T5782] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.203403][ T5782] bridge_slave_1: entered allmulticast mode [ 207.248864][ T5782] bridge_slave_1: entered promiscuous mode [ 207.314662][ T5778] team0: Port device team_slave_1 added [ 207.535236][ T5772] Bluetooth: hci0: command tx timeout [ 207.640439][ T5782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.695435][ T5772] Bluetooth: hci2: command tx timeout [ 207.705221][ T5772] Bluetooth: hci1: command tx timeout [ 207.739308][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 207.747059][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 207.773780][ T5778] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 207.794269][ T5782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.833321][ T5773] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.841347][ T5773] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.849208][ T5773] bridge_slave_0: entered allmulticast mode [ 207.855572][ T5772] Bluetooth: hci3: command tx timeout [ 207.859225][ T5773] bridge_slave_0: entered promiscuous mode [ 207.865324][ T5772] Bluetooth: hci4: command tx timeout [ 207.875699][ T5775] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.883037][ T5775] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.891504][ T5775] bridge_slave_0: entered allmulticast mode [ 207.900842][ T5775] bridge_slave_0: entered promiscuous mode [ 207.914819][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 207.922207][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 207.950216][ T5778] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 207.988436][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.996358][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.003844][ T5770] bridge_slave_0: entered allmulticast mode [ 208.013640][ T5770] bridge_slave_0: entered promiscuous mode [ 208.025431][ T5773] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.032991][ T5773] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.040768][ T5773] bridge_slave_1: entered allmulticast mode [ 208.049625][ T5773] bridge_slave_1: entered promiscuous mode [ 208.060621][ T5775] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.068577][ T5775] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.076691][ T5775] bridge_slave_1: entered allmulticast mode [ 208.085740][ T5775] bridge_slave_1: entered promiscuous mode [ 208.144115][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.152375][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.160671][ T5770] bridge_slave_1: entered allmulticast mode [ 208.169162][ T5770] bridge_slave_1: entered promiscuous mode [ 208.276241][ T5782] team0: Port device team_slave_0 added [ 208.372552][ T5775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.389216][ T5782] team0: Port device team_slave_1 added [ 208.436500][ T5773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.482164][ T5775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.528573][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.547709][ T5773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.573061][ T5778] hsr_slave_0: entered promiscuous mode [ 208.582227][ T5778] hsr_slave_1: entered promiscuous mode [ 208.656454][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.766660][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.773802][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 208.801636][ T5782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.851659][ T5773] team0: Port device team_slave_0 added [ 208.866969][ T5775] team0: Port device team_slave_0 added [ 208.875883][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 208.883018][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 208.909581][ T5782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 208.983710][ T5773] team0: Port device team_slave_1 added [ 208.998367][ T5775] team0: Port device team_slave_1 added [ 209.032572][ T5770] team0: Port device team_slave_0 added [ 209.153172][ T5770] team0: Port device team_slave_1 added [ 209.222149][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.229646][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.256466][ T5773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.271347][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.279714][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.307130][ T5775] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.396344][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.403468][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.430837][ T5773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.463886][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.471721][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.498287][ T5775] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.615971][ T5772] Bluetooth: hci0: command tx timeout [ 209.626377][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.633495][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.660854][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.704253][ T5782] hsr_slave_0: entered promiscuous mode [ 209.713282][ T5782] hsr_slave_1: entered promiscuous mode [ 209.722047][ T5782] debugfs: 'hsr0' already exists in 'hsr' [ 209.728075][ T5782] Cannot create hsr debugfs directory [ 209.747284][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.754548][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.781599][ T5772] Bluetooth: hci1: command tx timeout [ 209.781775][ T49] Bluetooth: hci2: command tx timeout [ 209.787913][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.935368][ T49] Bluetooth: hci4: command tx timeout [ 209.935445][ T5772] Bluetooth: hci3: command tx timeout [ 210.102091][ T5773] hsr_slave_0: entered promiscuous mode [ 210.111157][ T5773] hsr_slave_1: entered promiscuous mode [ 210.120511][ T5773] debugfs: 'hsr0' already exists in 'hsr' [ 210.126613][ T5773] Cannot create hsr debugfs directory [ 210.175768][ T5775] hsr_slave_0: entered promiscuous mode [ 210.184837][ T5775] hsr_slave_1: entered promiscuous mode [ 210.193268][ T5775] debugfs: 'hsr0' already exists in 'hsr' [ 210.199293][ T5775] Cannot create hsr debugfs directory [ 210.342433][ T5770] hsr_slave_0: entered promiscuous mode [ 210.351405][ T5770] hsr_slave_1: entered promiscuous mode [ 210.360294][ T5770] debugfs: 'hsr0' already exists in 'hsr' [ 210.366438][ T5770] Cannot create hsr debugfs directory [ 211.469896][ T5778] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 211.491357][ T5778] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 211.587215][ T5778] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 211.652351][ T5778] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 211.695750][ T49] Bluetooth: hci0: command tx timeout [ 211.843574][ T5782] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 211.856049][ T49] Bluetooth: hci2: command tx timeout [ 211.856128][ T5772] Bluetooth: hci1: command tx timeout [ 211.875396][ T5782] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 211.903242][ T5782] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 211.922851][ T5782] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 212.015985][ T49] Bluetooth: hci4: command tx timeout [ 212.017196][ T5772] Bluetooth: hci3: command tx timeout [ 212.349828][ T5775] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 212.385229][ T5775] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 212.426911][ T5775] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 212.484220][ T5775] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 212.792768][ T5773] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 212.822405][ T5773] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 212.876486][ T5773] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 212.907665][ T5773] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 213.095698][ T5778] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.152789][ T5782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.263086][ T5770] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 213.327211][ T5770] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 213.362904][ T5770] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 213.411587][ T5770] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 213.499458][ T5778] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.550598][ T5782] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.602080][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.609753][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.667378][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.674751][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.798124][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.805801][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.826149][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.833525][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.249097][ T5775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.383777][ T5775] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.580014][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.587674][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.752173][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.760462][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.831523][ T5773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 215.054279][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 215.107669][ T5773] 8021q: adding VLAN 0 to HW filter on device team0 [ 215.250367][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.258129][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.432912][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 215.453867][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.461556][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.602568][ T34] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.610375][ T34] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.691054][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.698546][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.922045][ T5778] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 215.960805][ T5782] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 216.862380][ T5782] veth0_vlan: entered promiscuous mode [ 217.072218][ T5778] veth0_vlan: entered promiscuous mode [ 217.095097][ T5782] veth1_vlan: entered promiscuous mode [ 217.263545][ T5775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.307915][ T5778] veth1_vlan: entered promiscuous mode [ 217.774904][ T5782] veth0_macvtap: entered promiscuous mode [ 217.870316][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.884528][ T5782] veth1_macvtap: entered promiscuous mode [ 217.943631][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.994197][ T5778] veth0_macvtap: entered promiscuous mode [ 218.116186][ T5778] veth1_macvtap: entered promiscuous mode [ 218.198328][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 218.287394][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 218.467296][ T34] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.491016][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 218.520011][ T34] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.587303][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 218.600604][ T34] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.615905][ T34] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.832139][ T34] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.842365][ T34] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.915941][ T34] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.925471][ T34] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.948691][ T5770] veth0_vlan: entered promiscuous mode [ 219.006599][ T5773] veth0_vlan: entered promiscuous mode [ 219.147123][ T5770] veth1_vlan: entered promiscuous mode [ 219.366425][ T5773] veth1_vlan: entered promiscuous mode [ 219.468200][ T5775] veth0_vlan: entered promiscuous mode [ 219.621455][ T5775] veth1_vlan: entered promiscuous mode [ 219.820854][ T5770] veth0_macvtap: entered promiscuous mode [ 219.946781][ T5770] veth1_macvtap: entered promiscuous mode [ 220.149365][ T5773] veth0_macvtap: entered promiscuous mode [ 220.282986][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.364516][ T5773] veth1_macvtap: entered promiscuous mode [ 220.388814][ T5775] veth0_macvtap: entered promiscuous mode [ 220.427842][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 220.603567][ T4103] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.639025][ T5775] veth1_macvtap: entered promiscuous mode [ 220.674354][ T4103] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.705747][ T4103] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.727877][ T4103] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.772433][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.903545][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 221.067479][ T34] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.089673][ T34] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.152764][ T34] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.185968][ T34] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.337166][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 221.418890][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 221.542653][ T127] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.591264][ T127] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.638360][ T127] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.667351][ T127] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.502931][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.541081][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.929765][ T127] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.970245][ T127] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.339913][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.374908][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.534002][ T5782] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 225.660560][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.708761][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 227.326262][ T5094] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 227.517199][ T5094] usb 3-1: Using ep0 maxpacket: 16 [ 227.565921][ T5094] usb 3-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22 [ 227.577402][ T5094] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.587147][ T5094] usb 3-1: Product: syz [ 227.591863][ T5094] usb 3-1: Manufacturer: syz [ 227.603335][ T5094] usb 3-1: SerialNumber: syz [ 228.102692][ T5094] usb 3-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state [ 228.229808][ T5094] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 228.257205][ T5094] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0) [ 228.273280][ T5094] usb 3-1: media controller created [ 228.513773][ T5094] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 228.691013][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.716887][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 229.020894][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 229.250738][ T1149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 229.284675][ T1149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 229.532713][ T5094] dvb_usb_gl861 3-1:157.0: probe with driver dvb_usb_gl861 failed with error -5 [ 229.611182][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 229.655140][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 229.799510][ T5094] usb 3-1: USB disconnect, device number 2 [ 230.058614][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 230.125237][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 230.741219][ T138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 230.802758][ T138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 231.280880][ T127] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 231.369432][ T127] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 231.596988][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 231.626571][ T5843] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 231.813356][ T5843] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 231.835685][ T5843] usb 1-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 231.893995][ T5843] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 231.943807][ T5843] usb 1-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 231.989435][ T5843] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 232.068794][ T5843] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 232.143352][ T5843] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 232.175658][ T5843] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 232.183932][ T5843] usb 1-1: Product: syz [ 232.245660][ T5843] usb 1-1: Manufacturer: syz [ 232.317033][ T5971] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 232.401685][ T5843] cdc_wdm 1-1:1.0: skipping garbage [ 232.455237][ T5843] cdc_wdm 1-1:1.0: skipping garbage [ 232.499388][ T5843] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 232.529251][ T5843] cdc_wdm 1-1:1.0: Unknown control protocol [ 232.867559][ C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 232.874524][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 232.881860][ C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 232.888782][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 232.896542][ C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 232.903375][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 232.915272][ C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 232.922294][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 232.940837][ C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 232.947879][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 232.949062][ T10] usb 1-1: USB disconnect, device number 2 [ 232.954391][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 233.028745][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 233.217575][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 233.981834][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 234.768340][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 234.822255][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 235.693692][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 235.694841][ T5988] random: crng reseeded on system resumption [ 235.998417][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 236.307354][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 237.844847][ T5995] sctp: [Deprecated]: syz.4.14 (pid 5995) Use of int in maxseg socket option. [ 237.844847][ T5995] Use struct sctp_assoc_value instead [ 237.937991][ T5998] ===================================================== [ 237.949087][ T5998] BUG: KMSAN: uninit-value in dvb_demux_read+0x580/0xa40 [ 237.957866][ T5998] dvb_demux_read+0x580/0xa40 [ 237.962666][ T5998] vfs_readv+0x931/0xf30 [ 237.967153][ T5998] __ia32_compat_sys_preadv+0x2da/0x540 [ 237.972828][ T5998] ia32_sys_call+0x3e87/0x4360 [ 237.977934][ T5998] __do_fast_syscall_32+0x17f/0x3f0 [ 237.983267][ T5998] do_fast_syscall_32+0x37/0x80 [ 237.988365][ T5998] do_SYSENTER_32+0x1f/0x30 [ 237.993003][ T5998] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 237.999654][ T5998] [ 238.002058][ T5998] Uninit was created at: [ 238.006577][ T5998] __alloc_frozen_pages_noprof+0x6f7/0x1020 [ 238.012583][ T5998] alloc_pages_mpol+0x328/0x860 [ 238.044667][ T5998] alloc_pages_noprof+0x101/0x280 [ 238.055979][ T5998] __vmalloc_node_range_noprof+0xa97/0x2d80 [ 238.062011][ T5998] __vmalloc_noprof+0x128/0x1f0 [ 238.068179][ T5998] vmalloc_array_noprof+0x48/0x80 [ 238.073324][ T5998] dvb_dmxdev_init+0xd8/0x680 [ 238.078224][ T5998] vidtv_bridge_probe+0x1bfd/0x2690 [ 238.083578][ T5998] platform_probe+0x213/0x370 [ 238.088509][ T5998] really_probe+0x4d5/0xe40 [ 238.093122][ T5998] __driver_probe_device+0x25e/0x370 [ 238.099147][ T5998] driver_probe_device+0x70/0x8f0 [ 238.104300][ T5998] __driver_attach+0x859/0xad0 [ 238.109311][ T5998] bus_for_each_dev+0x33b/0x580 [ 238.114305][ T5998] driver_attach+0x51/0x70 [ 238.118914][ T5998] bus_add_driver+0x54f/0xdb0 [ 238.123712][ T5998] driver_register+0x42e/0x6a0 [ 238.128761][ T5998] __platform_driver_register+0x65/0x80 [ 238.134441][ T5998] vidtv_bridge_init+0x73/0x100 [ 238.139511][ T5998] do_one_initcall+0x237/0xbb0 [ 238.149896][ T5998] do_initcall_level+0x157/0x350 [ 238.157022][ T5998] do_initcalls+0x176/0x310 [ 238.161739][ T5998] do_basic_setup+0x1d/0x30 [ 238.166542][ T5998] kernel_init_freeable+0x213/0x460 [ 238.171839][ T5998] kernel_init+0x2f/0x5e0 [ 238.176371][ T5998] ret_from_fork+0x20f/0x910 [ 238.181063][ T5998] ret_from_fork_asm+0x1a/0x30 [ 238.186583][ T5998] [ 238.188996][ T5998] CPU: 1 UID: 0 PID: 5998 Comm: syz.2.15 Not tainted syzkaller #0 PREEMPT(full) [ 238.198465][ T5998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 238.208795][ T5998] ===================================================== [ 238.216100][ T5998] Disabling lock debugging due to kernel taint [ 238.347480][ T5998] Kernel panic - not syncing: kmsan.panic set ... [ 238.354123][ T5998] CPU: 0 UID: 0 PID: 5998 Comm: syz.2.15 Tainted: G B syzkaller #0 PREEMPT(full) [ 238.365040][ T5998] Tainted: [B]=BAD_PAGE [ 238.369306][ T5998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 238.379511][ T5998] Call Trace: [ 238.382905][ T5998] [ 238.385940][ T5998] __dump_stack+0x26/0x30 [ 238.390499][ T5998] dump_stack_lvl+0x50/0x1c0 [ 238.395288][ T5998] ? dump_stack+0x12/0x25 [ 238.399839][ T5998] dump_stack+0x1e/0x25 [ 238.404219][ T5998] vpanic+0x7b4/0x1430 [ 238.408539][ T5998] panic+0x15d/0x160 [ 238.412724][ T5998] kmsan_report+0x31a/0x320 [ 238.417458][ T5998] ? __msan_warning+0x1b/0x30 [ 238.422393][ T5998] ? dvb_demux_read+0x580/0xa40 [ 238.427470][ T5998] ? vfs_readv+0x931/0xf30 [ 238.432122][ T5998] ? __ia32_compat_sys_preadv+0x2da/0x540 [ 238.438084][ T5998] ? ia32_sys_call+0x3e87/0x4360 [ 238.443189][ T5998] ? __do_fast_syscall_32+0x17f/0x3f0 [ 238.448804][ T5998] ? do_fast_syscall_32+0x37/0x80 [ 238.454061][ T5998] ? do_SYSENTER_32+0x1f/0x30 [ 238.459171][ T5998] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 238.465936][ T5998] ? __rcu_read_unlock+0x6c/0xd0 [ 238.471134][ T5998] ? aa_file_perm+0x417/0x27c0 [ 238.476145][ T5998] ? aa_file_perm+0x532/0x27c0 [ 238.481151][ T5998] ? stack_depot_save_flags+0x35/0x790 [ 238.486847][ T5998] ? kmsan_get_metadata+0xf1/0x160 [ 238.492197][ T5998] ? kmsan_get_metadata+0xf1/0x160 [ 238.497556][ T5998] ? kmsan_get_metadata+0xf1/0x160 [ 238.502903][ T5998] ? kmsan_get_metadata+0x146/0x160 [ 238.508342][ T5998] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 238.514924][ T5998] ? __pfx_dvb_demux_read+0x10/0x10 [ 238.520351][ T5998] ? kmsan_get_metadata+0x146/0x160 [ 238.525804][ T5998] __msan_warning+0x1b/0x30 [ 238.530509][ T5998] dvb_demux_read+0x580/0xa40 [ 238.535416][ T5998] ? __pfx_dvb_demux_read+0x10/0x10 [ 238.540852][ T5998] vfs_readv+0x931/0xf30 [ 238.546471][ T5998] ? kmsan_get_metadata+0xf1/0x160 [ 238.551813][ T5998] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 238.557861][ T5998] __ia32_compat_sys_preadv+0x2da/0x540 [ 238.563676][ T5998] ia32_sys_call+0x3e87/0x4360 [ 238.568622][ T5998] __do_fast_syscall_32+0x17f/0x3f0 [ 238.574080][ T5998] do_fast_syscall_32+0x37/0x80 [ 238.579169][ T5998] do_SYSENTER_32+0x1f/0x30 [ 238.583911][ T5998] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 238.590471][ T5998] RIP: 0023:0xf704ef6c [ 238.594690][ T5998] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad [ 238.614582][ T5998] RSP: 002b:00000000f543d50c EFLAGS: 00000206 ORIG_RAX: 000000000000014d [ 238.623195][ T5998] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000480 [ 238.631526][ T5998] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 000000000000000d [ 238.639628][ T5998] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 238.647735][ T5998] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 238.655925][ T5998] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 238.664086][ T5998] [ 238.667778][ T5998] Kernel Offset: disabled [ 238.672166][ T5998] Rebooting in 86400 seconds..