last executing test programs: 20.097241094s ago: executing program 2 (id=60): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller1\x00', 0x2}) socket$kcm(0x2, 0xa, 0x2) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}}) write$tun(r0, &(0x7f0000000100)={@val={0x0, 0x888e}, @void, @eth={@empty, @broadcast, @val={@void, {0x8100, 0x0, 0x0, 0x20}}, {@x25={0x805, {0x2, 0xb, 0xb}}}}}, 0x19) 18.957338172s ago: executing program 2 (id=64): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x8) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r3, &(0x7f00000047c0)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="180000005f000106"], 0x18}], 0x1}, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, 0x0, 0x0) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001500010300"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) readv(r5, 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x6, 0x0, 0x0) sendmsg$nl_route(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="240000002100df4c2abd70c6270000220000e900104e88cb7634ce58ea220000"], 0x24}, 0x1, 0x0, 0x0, 0x24000014}, 0x0) r7 = syz_open_dev$vim2m(&(0x7f0000000100), 0xa7e, 0x2) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080) ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r7, 0x40045612, &(0x7f0000000000)=0x1) r9 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002) ioctl$FE_GET_EVENT(r9, 0x80286f4e, &(0x7f00000000c0)) ioctl$FE_SET_FRONTEND(r9, 0x40246f4c, &(0x7f0000000080)={0x30a32c0, 0x1, @qam={0x2, 0x1c, 0xa}}) 13.146463258s ago: executing program 3 (id=73): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x38, r1, 0x1, 0x10, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @empty}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @remote}]}, 0x38}, 0x1, 0x0, 0x0, 0x24000025}, 0x10) 12.217406198s ago: executing program 3 (id=74): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller1\x00', 0x2}) socket$kcm(0x2, 0xa, 0x2) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}}) write$tun(r0, &(0x7f0000000100)={@val={0x0, 0x888e}, @void, @eth={@empty, @broadcast, @val={@void, {0x8100, 0x0, 0x0, 0x20}}, {@x25={0x805, {0x2, 0xb, 0xb}}}}}, 0x19) 10.900852009s ago: executing program 3 (id=77): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) syz_emit_ethernet(0x2e, &(0x7f0000000100)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @remote, @remote}, {0x0, 0x4e21, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) r3 = socket(0x10, 0x803, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000100)={'ip6gre0\x00', &(0x7f0000000340)={'ip6tnl0\x00', 0x0, 0x4, 0x0, 0x5, 0x10, 0x4c, @local, @loopback, 0x80, 0x40, 0x1f, 0x6}}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)=0x0) timer_settime(r5, 0x1, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2082) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000200)=0xc) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1d0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) 10.121908087s ago: executing program 1 (id=78): r0 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000080)=0xc) mount$bpf(0x0, &(0x7f0000000100)='./cgroup\x00', &(0x7f0000000140), 0x10404, &(0x7f0000000580)={[{@uid={'uid', 0x3d, r1}}]}) 9.04461519s ago: executing program 1 (id=79): r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a0000080480020009", @ANYBLOB="f7", @ANYRESOCT], 0x0) syz_usb_disconnect(r0) r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x200) syz_usb_disconnect(r1) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[], 0x0) ioctl$EVIOCRMFF(r1, 0x4004550d, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 8.624059915s ago: executing program 2 (id=80): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000042c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x90, 0x6, 0xa, 0x403, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x50, 0x4, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x24, 0x3, "7339f2f304fdd672bad09dfb040000000001000001f9580dabf95ddc91967c20"}, @NFTA_TARGET_REV={0x8}, @NFTA_TARGET_NAME={0xc, 0x1, 'RATEEST\x00'}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x20008040) 8.484284614s ago: executing program 0 (id=82): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000040)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000180)=[0x0], 0x1}) r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000280)=[0x0], &(0x7f00000000c0), 0x1, r1}) ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r0, 0xc01864ba, &(0x7f0000000300)={0x8, 0x0, r3}) 8.158229002s ago: executing program 3 (id=83): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000dc0)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="000002000000f46c5131eb345cdf474c9cf883bf7d102ce8dfe3a7c52f9485ad68719f99f5f8aa"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 7.608887831s ago: executing program 0 (id=85): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000400)=ANY=[@ANYBLOB='L\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000ffdbdf253b00000008000300", @ANYRES32=r1, @ANYBLOB="2e003300d0000000ffffffffffff08021100000050505050505020000004250301640f3e0101760600fd"], 0x4c}, 0x1, 0x0, 0x0, 0x20028805}, 0x24000846) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x4008032, 0xffffffffffffffff, 0x0) 7.605441733s ago: executing program 2 (id=86): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="0000000000004a641c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff0000000001000000000000d7", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800a000100767863616e0000000400028008000a00", @ANYRES32=r3], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socket(0x1, 0x803, 0x0) sendmsg$nl_route(r4, 0x0, 0x8000) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket(0x10, 0x803, 0x8) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x60, &(0x7f0000000300)={&(0x7f0000000900)=ANY=[@ANYBLOB="5c00000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800b0001006772657461700000240002800800070064010100060003001008000008001500700f0d0008000700ac1414bb08000a00", @ANYRES32=r9], 0x5c}}, 0x40) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r10}, @IFLA_MASTER={0x8, 0xa, r10}]}, 0x4c}}, 0x884) bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x42, 0x800000, 0x8, 0x7}) write$bt_hci(r0, &(0x7f0000000080)=ANY=[], 0x6) 5.909404179s ago: executing program 4 (id=88): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x0, r0}) 5.705997337s ago: executing program 0 (id=89): socket$nl_route(0x10, 0x3, 0x0) mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) fcntl$lock(0xffffffffffffffff, 0x410, 0x0) mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000) r2 = userfaultfd(0x1) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000240)={0xaa, 0x10c}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000340)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x2}) ioctl$UFFDIO_ZEROPAGE(r2, 0xc020aa04, &(0x7f0000000140)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}, 0x1}) mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf) 4.926281767s ago: executing program 2 (id=90): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120100009f187620ef170372362e010203010902240001000010000904bc00029e8833000905020200020200000905820220"], 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000029c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="200302"], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000002640)={0x24, &(0x7f0000000500)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000a80)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)={0x40, 0xb, 0x2, "31fb"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000040)=ANY=[@ANYBLOB="002202000000f610"], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f00000000c0)=ANY=[@ANYBLOB="400ff3"], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 4.798740942s ago: executing program 3 (id=91): getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) syz_open_dev$tty1(0xc, 0x4, 0x2) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x15) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$GTP_CMD_GETPDP(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x2c, r6, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_O_TEI={0x8, 0x9, 0x2}, @GTPA_PEER_ADDRESS={0x8, 0x4, @multicast2}]}, 0x2c}}, 0xc0) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@cred={{0x1c}}, @cred={{0x1c}}], 0x40}, 0x20) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000230001000900000001000000", @ANYRES32, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) mount_setattr(0xffffffffffffffff, 0x0, 0x8000, &(0x7f0000000e40)={0x0, 0x80009, 0x80000}, 0x20) msgsnd(0xffffffffffffffff, &(0x7f0000000300)={0x3}, 0x8, 0x800) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x5, 0x6, 0xfffa}, 0x1d, [0x6, 0xcb5a, 0xfffffff3, 0x9, 0x7f, 0x2, 0x1, 0x7f, 0x6, 0xfffffff9, 0xfffffff2, 0x5f, 0xa, 0x3, 0xffff2d37, 0x1dd2, 0x406, 0x7, 0xfffffffe, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xfffffbff, 0xfffffffe, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x9, 0x403, 0x7fff, 0x4c74, 0x8f00, 0x642, 0x1, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0xffffff80, 0x2, 0x3c, 0x91, 0x6, 0xfffffffd, 0x3, 0x1005, 0x4, 0x8, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x8, 0x12f, 0x8000, 0x10, 0x8, 0x129432e2, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffe, 0x7, 0x0, 0x7, 0xab7, 0x2f, 0xe, 0x312, 0x5, 0xea4, 0xa, 0x4, 0x4000, 0x8000, 0x9, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0x1005, 0x7ff, 0x5f31, 0x4, 0x0, 0x6, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x7f, 0x0, 0x7, 0x8000, 0xffff, 0x1a76, 0x7f, 0x9, 0x5, 0x10003, 0x4, 0x1, 0x7, 0xb, 0x9, 0x48c93690, 0x3, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7ffffffd, 0x8d2, 0x9, 0x1, 0x7fff, 0x2, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x5, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2, 0x0, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0x54fe12d6, 0xbf, 0x200, 0x3, 0x400002, 0xfffdfff9, 0x0, 0x6, 0x5, 0x0, 0x6, 0xf, 0x120000, 0x13, 0x6, 0x9, 0x4, 0x10000003], [0x9, 0xbb2f, 0x3, 0x7, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x8ad, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x7fff, 0x8bb, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x5, 0xffffffff, 0x7ffffffe, 0x5, 0x8, 0x6, 0x3, 0x3, 0xffff, 0x7, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x9, 0x1, 0x6c1b, 0xffffffff, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c) syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01) syz_open_dev$tty1(0xc, 0x4, 0x1) 4.787486848s ago: executing program 4 (id=92): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x6]}, 0x8) move_mount(r1, 0x0, r1, 0x0, 0x76) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) r2 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd25, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x1a, 0x0, 0x0, 0x401, 0x8001, 0x401400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40}, 0x44080) sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xd0f, 0x70bd2c, 0x25dfdbfb, {0x60, 0x0, 0x0, r4, {0x0, 0x7}, {0xffe0, 0xa}, {0x1, 0xe}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x1c, 0x2, [@TCA_CODEL_INTERVAL={0x8, 0x3, 0x7d}, @TCA_CODEL_TARGET={0x8, 0x1, 0x8}, @TCA_CODEL_CE_THRESHOLD={0x8, 0x5, 0x2}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x55}, 0xc810) sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0) 4.478655015s ago: executing program 0 (id=93): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) syz_emit_ethernet(0x2e, &(0x7f0000000100)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @remote, @remote}, {0x0, 0x4e21, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) r3 = socket(0x10, 0x803, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000100)={'ip6gre0\x00', &(0x7f0000000340)={'ip6tnl0\x00', 0x0, 0x4, 0x0, 0x5, 0x10, 0x4c, @local, @loopback, 0x80, 0x40, 0x1f, 0x6}}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)=0x0) timer_settime(r5, 0x1, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2082) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000200)=0xc) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1d0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) 3.812339388s ago: executing program 1 (id=94): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[], 0xfc}}, 0x0) r1 = socket$kcm(0xf, 0x3, 0x2) sendmsg$inet(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) r2 = socket(0xa, 0x3, 0xff) sendmsg$inet6(r2, &(0x7f0000000080)={&(0x7f0000000140)={0xa, 0xa, 0x4, @mcast2}, 0x1c, 0x0}, 0x922bac8556bdad8e) 3.287930989s ago: executing program 4 (id=95): r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f00000000c0), 0x4) sendmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000000100)=@phonet={0x23, 0x0, 0x0, 0x14}, 0x80, &(0x7f00000018c0)=[{&(0x7f0000000700)="e554bb04af32f00bd876", 0xa}], 0x1}, 0x20000800) 2.497213466s ago: executing program 1 (id=96): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000042c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x90, 0x6, 0xa, 0x403, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x50, 0x4, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x24, 0x3, "7339f2f304fdd672bad09dfb040000000001000001f9580dabf95ddc91967c20"}, @NFTA_TARGET_REV={0x8}, @NFTA_TARGET_NAME={0xc, 0x1, 'RATEEST\x00'}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x20008040) 2.273938784s ago: executing program 4 (id=97): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}, @NFT_MSG_DELOBJ={0x34, 0x14, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x1f}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x98}}, 0x0) 1.885281323s ago: executing program 0 (id=98): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller1\x00', 0x2}) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}}) write$tun(r0, &(0x7f0000000100)={@val={0x0, 0x888e}, @void, @eth={@empty, @broadcast, @val={@void, {0x8100, 0x0, 0x0, 0x20}}, {@x25={0x805, {0x2, 0xb, 0xb}}}}}, 0x19) 1.484511694s ago: executing program 1 (id=99): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x0, 0x0) readv(r1, &(0x7f0000000040)=[{&(0x7f0000001640)=""/244, 0xf4}], 0x1) 1.477347039s ago: executing program 4 (id=100): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x183842, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000000), 0xf26e, 0x122c42) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001ac0)={r0, 0x0, {0x0, 0x0, 0x0, 0x4, 0xa, 0x0, 0x0, 0x1d, 0x4, "339f020bbe82b38b000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef6a565e691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200"}}) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) epoll_create1(0x0) close(0x4) 1.015776376s ago: executing program 2 (id=101): r0 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000) ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"2ac78e02ff04856afe13be00", "3dfab043e15fad27a639f105b5e9f977", "a7c947420000000000000000ff4a70f3"}, 0x40004, 0x1}) pipe(&(0x7f0000000040)) socket$inet6_tcp(0xa, 0x1, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xec) sched_setscheduler(0x0, 0x1, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000380)=@HCI_EVENT_PKT={0x4, @extended_inquiry_info={{0x2f, 0xff}, {0x1, [{@any, 0x9, 0x1, "cdaaf1", 0x3, 0x7, "8e60c15df36640acbce967e3e19d05dc5dd83ba298452e1b35c4a49ec78e56646874086553f36812819d35d5b6582eb675271ae90c090d172912fb7a10a55b9dff73f2a3e5424d2d4007e168ee80ba624185929136a7a9a4e818e91d439c8290c8d81c64a31cd3371b338be158a092d3c7aa8333083dc9581f700354ee4a14b7b5ae3ff2fb1f108b03fd189a72d141cb17c8a62ee457183a331cb1f91a43d32d1e3ad225bf38823cfe8bbb251381862fca291e50b580118c6dd0337fa73815b8ab6a9883299fea154fbb99d7ed794159fb7d59ad9193e1487e53e929784790e8fae420a0748f6da4856119e5c22d5a15"}]}}}, 0x102) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) preadv(r0, &(0x7f0000000480)=[{&(0x7f0000000180)=""/1, 0x1}], 0x1, 0x1, 0xd) 619.720488ms ago: executing program 0 (id=102): socket$nl_route(0x10, 0x3, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000300)='\x00', 0x89901) mount_setattr(r1, &(0x7f0000000340)='./file0/../file0\x00', 0x1000, &(0x7f0000000400)={0x81, 0x8, 0x100000, {r1}}, 0x20) 177.12151ms ago: executing program 1 (id=103): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000600)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000240)={0x2c, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000280)={0x0, 0x6}, 0x0, 0x0}) 86.897314ms ago: executing program 4 (id=104): r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a000008048002000905", @ANYBLOB="f7", @ANYRESOCT], 0x0) syz_usb_disconnect(r0) r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x200) syz_usb_disconnect(r1) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[], 0x0) ioctl$EVIOCRMFF(r1, 0x4004550d, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 0s ago: executing program 3 (id=105): r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc1105518, &(0x7f0000000c40)={{0x3, 0x0, 0xb136, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x3, 0x0, 0x1, 0xffff, 0x8001, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80000, 0xf, 0x7ffffffffffffe, 0x592a, 0x9, 0x0, 0xfffffffe, 0x4, 0x7, 0x0, 0x7, 0x7ff, 0xfffffffe, 0x0, 0x40, 0x0, 0x0, 0x100000005, 0x8, 0x1f, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x20000000, 0x0, 0x7, 0x0, 0x2, 0x0, 0x1, 0xfffffffffffffffd, 0xfffffffd, 0x7, 0x0, 0x0, 0x4000, 0x3, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x4, 0x0, 0x0, 0x40, 0xfffffffffffffffc, 0x0, 0x0, 0x541ec3ed, 0xfffffffffffffffa, 0x0, 0x401, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x400000000000, 0x10000, 0x1, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x20000001, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x80000000000000, 0xfffffffc, 0xfffffffffffffffe, 0x8, 0x4, 0x0, 0x3, 0x0, 0x7, 0x0, 0x0, 0xfffffffffffffffd, 0x4, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0xde4, 0x7, 0xffffffffffffffff, 0x100000000]}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.203' (ED25519) to the list of known hosts. [ 192.414505][ T5752] cgroup: Unknown subsys name 'net' [ 192.547070][ T5752] cgroup: Unknown subsys name 'cpuset' [ 192.563126][ T5752] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 199.664217][ T5752] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 204.613481][ T5778] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 204.622193][ T5778] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 204.634288][ T5781] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 204.642817][ T5781] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 204.652295][ T5781] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 204.662140][ T5781] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 204.677344][ T5781] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 204.687576][ T5781] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 204.704951][ T5782] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 204.723119][ T5784] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 204.740695][ T5784] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 204.751166][ T5784] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 204.757721][ T5788] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 204.761395][ T5784] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 204.771477][ T5788] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 204.783612][ T5788] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 204.789076][ T5784] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 204.798508][ T5788] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 204.805827][ T5784] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 204.821027][ T5784] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 204.832406][ T5784] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 204.834019][ T5788] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 204.848970][ T5784] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 204.861438][ T5784] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 204.873887][ T5784] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 206.519776][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 206.833711][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 206.865812][ T5778] Bluetooth: hci1: command tx timeout [ 206.945858][ T5778] Bluetooth: hci3: command tx timeout [ 206.951770][ T5778] Bluetooth: hci2: command tx timeout [ 206.957896][ T5788] Bluetooth: hci4: command tx timeout [ 206.959572][ T5784] Bluetooth: hci0: command tx timeout [ 207.034919][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 207.287447][ T5780] chnl_net:caif_netlink_parms(): no params data found [ 207.356681][ T5773] chnl_net:caif_netlink_parms(): no params data found [ 207.916500][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.924205][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.948947][ T5787] bridge_slave_0: entered allmulticast mode [ 207.979939][ T5787] bridge_slave_0: entered promiscuous mode [ 208.010288][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.034097][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.046186][ T5787] bridge_slave_1: entered allmulticast mode [ 208.054975][ T5787] bridge_slave_1: entered promiscuous mode [ 208.226885][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.246699][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.261347][ T5771] bridge_slave_0: entered allmulticast mode [ 208.277266][ T5771] bridge_slave_0: entered promiscuous mode [ 208.292172][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.300618][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.312433][ T5772] bridge_slave_0: entered allmulticast mode [ 208.330674][ T5772] bridge_slave_0: entered promiscuous mode [ 208.377411][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.415866][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.423772][ T5771] bridge_slave_1: entered allmulticast mode [ 208.479665][ T5771] bridge_slave_1: entered promiscuous mode [ 208.569045][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.579690][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.590551][ T5772] bridge_slave_1: entered allmulticast mode [ 208.599779][ T5772] bridge_slave_1: entered promiscuous mode [ 208.648415][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.672324][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.858216][ T5780] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.866494][ T5780] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.874249][ T5780] bridge_slave_0: entered allmulticast mode [ 208.884063][ T5780] bridge_slave_0: entered promiscuous mode [ 208.907594][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.946066][ T5784] Bluetooth: hci1: command tx timeout [ 208.988878][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.999324][ T5780] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.007728][ T5780] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.015427][ T5780] bridge_slave_1: entered allmulticast mode [ 209.024930][ T5780] bridge_slave_1: entered promiscuous mode [ 209.031320][ T5784] Bluetooth: hci0: command tx timeout [ 209.036055][ T5778] Bluetooth: hci4: command tx timeout [ 209.037188][ T5784] Bluetooth: hci3: command tx timeout [ 209.043297][ T5776] Bluetooth: hci2: command tx timeout [ 209.064596][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 209.083350][ T5787] team0: Port device team_slave_0 added [ 209.090297][ T5773] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.098197][ T5773] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.106354][ T5773] bridge_slave_0: entered allmulticast mode [ 209.115741][ T5773] bridge_slave_0: entered promiscuous mode [ 209.137080][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 209.214901][ T5787] team0: Port device team_slave_1 added [ 209.248251][ T5773] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.256472][ T5773] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.264094][ T5773] bridge_slave_1: entered allmulticast mode [ 209.273123][ T5773] bridge_slave_1: entered promiscuous mode [ 209.373702][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 209.385968][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 209.489674][ T5780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 209.509767][ T5772] team0: Port device team_slave_0 added [ 209.519262][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.527312][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.554834][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.606092][ T5771] team0: Port device team_slave_0 added [ 209.622022][ T5780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 209.640632][ T5772] team0: Port device team_slave_1 added [ 209.649808][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.657158][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.684249][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.705801][ T5773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 209.725033][ T5771] team0: Port device team_slave_1 added [ 209.926315][ T5773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 210.029511][ T5780] team0: Port device team_slave_0 added [ 210.161752][ T5780] team0: Port device team_slave_1 added [ 210.170760][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 210.177997][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 210.204808][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 210.223302][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 210.232020][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 210.259041][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 210.279607][ T5773] team0: Port device team_slave_0 added [ 210.289520][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 210.296897][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 210.323776][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 210.456371][ T5773] team0: Port device team_slave_1 added [ 210.464970][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 210.472934][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 210.500228][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 210.564378][ T5787] hsr_slave_0: entered promiscuous mode [ 210.574288][ T5787] hsr_slave_1: entered promiscuous mode [ 210.635313][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 210.643277][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 210.670824][ T5780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 210.689576][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 210.696878][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 210.724413][ T5780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 210.791992][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 210.799600][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 210.827558][ T5773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 210.931158][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 210.938599][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 210.965010][ T5773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 211.025746][ T5776] Bluetooth: hci1: command tx timeout [ 211.033022][ T5772] hsr_slave_0: entered promiscuous mode [ 211.042352][ T5772] hsr_slave_1: entered promiscuous mode [ 211.050814][ T5772] debugfs: 'hsr0' already exists in 'hsr' [ 211.057311][ T5772] Cannot create hsr debugfs directory [ 211.106046][ T5776] Bluetooth: hci2: command tx timeout [ 211.106286][ T5784] Bluetooth: hci3: command tx timeout [ 211.112160][ T5788] Bluetooth: hci4: command tx timeout [ 211.118153][ T5784] Bluetooth: hci0: command tx timeout [ 211.296402][ T5780] hsr_slave_0: entered promiscuous mode [ 211.305871][ T5780] hsr_slave_1: entered promiscuous mode [ 211.313942][ T5780] debugfs: 'hsr0' already exists in 'hsr' [ 211.320235][ T5780] Cannot create hsr debugfs directory [ 211.358858][ T5771] hsr_slave_0: entered promiscuous mode [ 211.368608][ T5771] hsr_slave_1: entered promiscuous mode [ 211.377789][ T5771] debugfs: 'hsr0' already exists in 'hsr' [ 211.383813][ T5771] Cannot create hsr debugfs directory [ 211.729250][ T5773] hsr_slave_0: entered promiscuous mode [ 211.738956][ T5773] hsr_slave_1: entered promiscuous mode [ 211.748063][ T5773] debugfs: 'hsr0' already exists in 'hsr' [ 211.754347][ T5773] Cannot create hsr debugfs directory [ 212.943524][ T5787] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 212.965027][ T5787] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 213.003816][ T5787] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 213.041143][ T5787] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 213.107779][ T5784] Bluetooth: hci1: command tx timeout [ 213.131636][ T5772] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 213.184431][ T5772] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 213.191741][ T5784] Bluetooth: hci4: command tx timeout [ 213.196074][ T5788] Bluetooth: hci2: command tx timeout [ 213.198318][ T5784] Bluetooth: hci3: command tx timeout [ 213.203146][ T5776] Bluetooth: hci0: command tx timeout [ 213.247953][ T5772] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 213.296903][ T5772] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 213.504648][ T5771] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 213.532331][ T5771] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 213.559961][ T5771] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 213.619943][ T5771] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 213.916252][ T5780] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 213.971757][ T5780] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 213.995143][ T5780] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 214.031610][ T5780] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 214.402452][ T5773] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 214.457598][ T5773] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 214.508020][ T5773] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 214.556283][ T5773] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 214.599131][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.832474][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.865366][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.990760][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.998548][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.063409][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.071223][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.298297][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 215.393157][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 215.441480][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.449399][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.552106][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.560124][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.780487][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 215.917739][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.925943][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.007185][ T5780] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.033889][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.041750][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.274067][ T5780] 8021q: adding VLAN 0 to HW filter on device team0 [ 216.412424][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.420460][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.605121][ T2974] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.613062][ T2974] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.654030][ T5773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.968522][ T5773] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.002085][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.098912][ T34] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.106727][ T34] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.279331][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.287180][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 218.084037][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 218.420669][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 219.173857][ T5772] veth0_vlan: entered promiscuous mode [ 219.254059][ T5780] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 219.351496][ T5772] veth1_vlan: entered promiscuous mode [ 219.413650][ T5771] veth0_vlan: entered promiscuous mode [ 219.468506][ T5787] veth0_vlan: entered promiscuous mode [ 219.581233][ T5771] veth1_vlan: entered promiscuous mode [ 219.613676][ T5787] veth1_vlan: entered promiscuous mode [ 219.790983][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 220.010017][ T5772] veth0_macvtap: entered promiscuous mode [ 220.033059][ T5771] veth0_macvtap: entered promiscuous mode [ 220.058465][ T5780] veth0_vlan: entered promiscuous mode [ 220.117282][ T5771] veth1_macvtap: entered promiscuous mode [ 220.150139][ T5772] veth1_macvtap: entered promiscuous mode [ 220.245408][ T5787] veth0_macvtap: entered promiscuous mode [ 220.275080][ T5780] veth1_vlan: entered promiscuous mode [ 220.305669][ T5787] veth1_macvtap: entered promiscuous mode [ 220.419819][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.477392][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.537439][ T5773] veth0_vlan: entered promiscuous mode [ 220.577901][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 220.592825][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 220.680893][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.699246][ T2974] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.750324][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 220.766745][ T2974] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.777582][ T2974] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.834574][ T5773] veth1_vlan: entered promiscuous mode [ 220.847110][ T2974] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.867683][ T2974] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.938890][ T2974] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.035858][ T2974] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.046875][ T53] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.096780][ T5780] veth0_macvtap: entered promiscuous mode [ 221.126892][ T53] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.150809][ T53] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.211362][ T53] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.228036][ T53] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.281328][ T5780] veth1_macvtap: entered promiscuous mode [ 221.571580][ T5773] veth0_macvtap: entered promiscuous mode [ 221.665255][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 221.837023][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 221.846590][ T5773] veth1_macvtap: entered promiscuous mode [ 221.959095][ T1132] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.011181][ T1132] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.035312][ T1132] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.045066][ T1132] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.291259][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 222.400236][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 222.498213][ T34] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.601126][ T34] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.660554][ T53] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.686277][ T34] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.026276][ T1141] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.034614][ T1141] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.223742][ T1132] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.277235][ T1132] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.592392][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.601024][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.833831][ T685] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.879334][ T685] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 229.262969][ T5772] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 229.342843][ T72] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 229.376772][ T72] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 229.528969][ T1088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 229.565742][ T1088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 229.684811][ T72] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 229.719552][ T72] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 230.101652][ T1141] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 230.124194][ T1141] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 230.590656][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 230.590760][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 230.902672][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 230.902784][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 231.282486][ T5967] netlink: 'syz.4.5': attribute type 1 has an invalid length. [ 232.069267][ T5972] netlink: 'syz.2.3': attribute type 10 has an invalid length. [ 232.135259][ T5972] netlink: 55 bytes leftover after parsing attributes in process `syz.2.3'. [ 233.538516][ T5978] netlink: 'syz.2.7': attribute type 1 has an invalid length. [ 233.879099][ T5978] ======================================================= [ 233.879099][ T5978] WARNING: The mand mount option has been deprecated and [ 233.879099][ T5978] and is ignored by this kernel. Remove the mand [ 233.879099][ T5978] option from the mount to silence this warning. [ 233.879099][ T5978] ======================================================= [ 234.629054][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 234.837670][ T5988] netlink: 104 bytes leftover after parsing attributes in process `syz.2.10'. [ 234.837777][ T5988] netlink: 104 bytes leftover after parsing attributes in process `syz.2.10'. [ 235.528511][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 235.540152][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 236.439127][ T5993] netlink: 12 bytes leftover after parsing attributes in process `syz.3.12'. [ 236.512792][ T5995] fuse: Unknown parameter 'fd0x0000000000000003' [ 236.578604][ T5998] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14'. [ 237.717055][ T6036] netlink: 12 bytes leftover after parsing attributes in process `syz.4.15'. [ 239.487347][ T6080] syz.1.18 uses obsolete (PF_INET,SOCK_PACKET) [ 240.326565][ T40] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 240.605324][ T40] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 240.648537][ T40] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 240.719921][ T40] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 240.726636][ T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 240.763025][ T40] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.925907][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 240.935880][ T5830] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 240.967074][ T10] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 240.990985][ T10] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 241.021289][ T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 241.078696][ T40] usb 3-1: usb_control_msg returned -32 [ 241.090255][ T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 241.095981][ T40] usbtmc 3-1:16.0: can't read capabilities [ 241.108490][ T10] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 241.124359][ T10] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 241.161141][ T5830] usb 4-1: Using ep0 maxpacket: 32 [ 241.178155][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.206751][ T5830] usb 4-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 241.223320][ T5830] usb 4-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 241.310962][ T5830] usb 4-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 241.385856][ T5830] usb 4-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 241.485054][ T6092] usbtmc 3-1:16.0: usb_control_msg returned -32 [ 241.513526][ T10] usb 5-1: usb_control_msg returned -32 [ 241.520201][ T5830] usb 4-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 241.521739][ T40] usb 3-1: USB disconnect, device number 2 [ 241.552667][ T10] usbtmc 5-1:16.0: can't read capabilities [ 241.560335][ T5830] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.624604][ T5830] usb 4-1: Product: syz [ 241.641116][ T5830] usb 4-1: Manufacturer: syz [ 241.661530][ T5830] usb 4-1: SerialNumber: syz [ 241.790871][ C0] imon 4-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 241.821589][ T5830] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/input/input5 [ 242.126127][ T5830] imon 4-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 242.135030][ T5830] (id 0x00) [ 242.464300][ T6097] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 242.657326][ T6097] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 243.021540][ T40] usb 5-1: USB disconnect, device number 2 [ 243.047488][ T5830] rc_core: IR keymap rc-imon-pad not found [ 243.054054][ T5830] Registered IR keymap rc-empty [ 243.061952][ T5830] imon 4-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 243.076282][ T5830] imon 4-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 243.144765][ T5830] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/rc/rc0 [ 243.156401][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 243.165071][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 243.188032][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 243.251629][ T5830] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/rc/rc0/input6 [ 243.382681][ T5830] imon 4-1:155.0: iMON device (15c2:ffdc, intf0) on usb<4:2> initialized [ 243.458464][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 243.637403][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 243.721828][ T5830] usb 4-1: USB disconnect, device number 2 [ 243.810256][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 244.026474][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 244.727707][ T6117] netlink: 4 bytes leftover after parsing attributes in process `syz.4.28'. [ 247.320457][ T6143] netlink: 4 bytes leftover after parsing attributes in process `syz.4.38'. [ 248.799259][ T6152] netlink: 4 bytes leftover after parsing attributes in process `syz.0.43'. [ 249.227634][ T6156] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 251.871128][ T6172] netlink: 4 bytes leftover after parsing attributes in process `syz.3.51'. [ 252.615868][ T5830] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 252.806228][ T5830] usb 2-1: Using ep0 maxpacket: 32 [ 252.873758][ T5830] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 252.997111][ T5830] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 253.024674][ T5830] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.055977][ T5830] usb 2-1: Product: syz [ 253.064947][ T5830] usb 2-1: Manufacturer: syz [ 253.091758][ T5830] usb 2-1: SerialNumber: syz [ 253.122148][ T5830] usb 2-1: config 0 descriptor?? [ 253.171023][ T5830] quatech2 2-1:0.0: Quatech 2nd gen USB to Serial Driver converter detected [ 253.429453][ T5830] usb 2-1: qt2_setup_urbs - submit read urb failed -8 [ 253.456902][ T5830] quatech2 2-1:0.0: probe with driver quatech2 failed with error -8 [ 253.644094][ T5830] usb 2-1: USB disconnect, device number 2 [ 253.834545][ T6183] netlink: 4 bytes leftover after parsing attributes in process `syz.0.56'. [ 255.967721][ T5776] Bluetooth: hci0: Invalid handle: 0x306c > 0x0eff [ 256.522326][ T6205] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 256.805047][ T6206] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 257.319230][ T6209] netlink: 4 bytes leftover after parsing attributes in process `syz.0.65'. [ 257.936189][ T5830] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 258.209279][ T5830] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 258.271101][ T5830] usb 4-1: config 0 has no interfaces? [ 258.321250][ T5830] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 258.364416][ T5830] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 258.396463][ T5830] usb 4-1: Product: syz [ 258.411623][ T5830] usb 4-1: Manufacturer: syz [ 258.456022][ T5830] usb 4-1: SerialNumber: syz [ 258.514356][ T5830] usb 4-1: config 0 descriptor?? [ 258.814467][ T6217] netlink: 4 bytes leftover after parsing attributes in process `syz.0.68'. [ 259.884538][ T6225] random: crng reseeded on system resumption [ 261.273407][ T5830] usb 4-1: USB disconnect, device number 3 [ 263.198606][ T6237] overlayfs: failed to resolve './file0': -2 [ 265.075075][ T6245] bpf: Bad value for 'uid' [ 266.229408][ T5830] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 266.438717][ T5830] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 266.500386][ T5830] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 266.609568][ T5830] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 266.645887][ T5830] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 266.773956][ T5830] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 266.816042][ T5830] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 266.865808][ T5830] usb 2-1: Product: syz [ 266.881091][ T5830] usb 2-1: Manufacturer: syz [ 266.996233][ T5830] cdc_wdm 2-1:1.0: skipping garbage [ 267.006080][ T5830] cdc_wdm 2-1:1.0: skipping garbage [ 267.011878][ T5830] cdc_wdm 2-1:1.0: skipping garbage [ 267.036034][ T5830] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22 [ 267.186458][ T40] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 267.229197][ T795] usb 2-1: USB disconnect, device number 3 [ 267.404700][ T40] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 267.469425][ T40] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 267.481025][ T6261] netlink: 'syz.2.86': attribute type 1 has an invalid length. [ 267.550061][ T40] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.636176][ T40] usb 4-1: config 0 descriptor?? [ 267.719913][ T40] pwc: Askey VC010 type 2 USB webcam detected. [ 268.016406][ T5830] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 268.106266][ T40] pwc: recv_control_msg error -32 req 02 val 2b00 [ 268.144831][ T40] pwc: recv_control_msg error -32 req 02 val 2700 [ 268.183813][ T40] pwc: recv_control_msg error -32 req 02 val 2c00 [ 268.217690][ T5830] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 268.234888][ T40] pwc: recv_control_msg error -32 req 04 val 1000 [ 268.241829][ T5830] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 268.241970][ T5830] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 268.242128][ T5830] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 268.308468][ T40] pwc: recv_control_msg error -32 req 04 val 1300 [ 268.328614][ T40] pwc: recv_control_msg error -32 req 04 val 1400 [ 268.376100][ T40] pwc: recv_control_msg error -32 req 02 val 2000 [ 268.383070][ T5830] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 268.383368][ T5830] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 268.383510][ T5830] usb 2-1: Product: syz [ 268.407646][ T6265] Bluetooth: MGMT ver 1.23 [ 268.448213][ T5830] usb 2-1: Manufacturer: syz [ 268.512122][ T5830] cdc_wdm 2-1:1.0: skipping garbage [ 268.562106][ T5830] cdc_wdm 2-1:1.0: skipping garbage [ 268.573494][ T5830] cdc_wdm 2-1:1.0: skipping garbage [ 268.589523][ T5830] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22 [ 268.670853][ T40] pwc: recv_control_msg error -71 req 04 val 1500 [ 268.711554][ T40] pwc: recv_control_msg error -71 req 02 val 2500 [ 268.730510][ T40] pwc: recv_control_msg error -71 req 02 val 2400 [ 268.776574][ T40] pwc: recv_control_msg error -71 req 02 val 2600 [ 268.787393][ T40] pwc: recv_control_msg error -71 req 02 val 2900 [ 268.813719][ T40] pwc: recv_control_msg error -71 req 02 val 2800 [ 268.837306][ T40] pwc: recv_control_msg error -71 req 04 val 1100 [ 268.877708][ T40] pwc: recv_control_msg error -71 req 04 val 1200 [ 268.926906][ T40] pwc: Registered as video103. [ 268.966814][ T40] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input7 [ 269.229490][ T40] usb 4-1: USB disconnect, device number 4 [ 270.230814][ T5830] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 270.373406][ T6280] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 270.446516][ T5830] usb 3-1: Using ep0 maxpacket: 32 [ 270.493539][ T5830] usb 3-1: config 0 has an invalid interface number: 188 but max is 0 [ 270.568805][ T5830] usb 3-1: config 0 has no interface number 0 [ 270.578821][ T10] usb 2-1: USB disconnect, device number 4 [ 270.615722][ T5830] usb 3-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 270.768803][ T5830] usb 3-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 270.838493][ T5830] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 270.890436][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 270.899986][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 270.940680][ T5830] usb 3-1: Product: syz [ 270.959719][ T5830] usb 3-1: Manufacturer: syz [ 270.967482][ T5830] usb 3-1: SerialNumber: syz [ 270.994265][ T5830] usb 3-1: config 0 descriptor?? [ 271.017361][ T6276] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 271.334603][ T6276] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 271.849240][ T5830] asix 3-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 271.897382][ T5830] asix 3-1:0.188: probe with driver asix failed with error -61 [ 273.447293][ T40] usb 3-1: USB disconnect, device number 3 [ 274.776001][ T6305] ===================================================== [ 274.784216][ T6305] BUG: KMSAN: uninit-value in dvb_demux_read+0x580/0xa40 [ 274.792713][ T6305] dvb_demux_read+0x580/0xa40 [ 274.798931][ T6305] vfs_readv+0x931/0xf30 [ 274.803780][ T6305] __ia32_compat_sys_preadv+0x2da/0x540 [ 274.810168][ T6305] ia32_sys_call+0x3e87/0x4360 [ 274.816047][ T6305] __do_fast_syscall_32+0x17f/0x3f0 [ 274.821789][ T6305] do_fast_syscall_32+0x37/0x80 [ 274.828220][ T6305] do_SYSENTER_32+0x1f/0x30 [ 274.837219][ T6305] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 274.850507][ T6305] [ 274.853054][ T6305] Uninit was created at: [ 274.860640][ T6305] __alloc_frozen_pages_noprof+0x6f7/0x1020 [ 274.868782][ T6305] alloc_pages_mpol+0x328/0x860 [ 274.874033][ T6305] alloc_pages_noprof+0x101/0x280 [ 274.880359][ T6305] __vmalloc_node_range_noprof+0xa97/0x2d80 [ 274.889450][ T6305] __vmalloc_noprof+0x128/0x1f0 [ 274.895187][ T6305] vmalloc_array_noprof+0x48/0x80 [ 274.900931][ T6305] dvb_dmxdev_init+0xd8/0x680 [ 274.906113][ T6305] vidtv_bridge_probe+0x1bfd/0x2690 [ 274.912165][ T6305] platform_probe+0x213/0x370 [ 274.918351][ T6305] really_probe+0x4d5/0xe40 [ 274.923247][ T6305] __driver_probe_device+0x25e/0x370 [ 274.929238][ T6305] driver_probe_device+0x70/0x8f0 [ 274.934636][ T6305] __driver_attach+0x859/0xad0 [ 274.940288][ T6305] bus_for_each_dev+0x33b/0x580 [ 274.946111][ T6305] driver_attach+0x51/0x70 [ 274.956532][ T6305] bus_add_driver+0x54f/0xdb0 [ 274.961860][ T6305] driver_register+0x42e/0x6a0 [ 274.969632][ T6305] __platform_driver_register+0x65/0x80 [ 274.975685][ T6305] vidtv_bridge_init+0x73/0x100 [ 274.980839][ T6305] do_one_initcall+0x237/0xbb0 [ 274.986314][ T6305] do_initcall_level+0x157/0x350 [ 274.991865][ T6305] do_initcalls+0x176/0x310 [ 274.999224][ T6305] do_basic_setup+0x1d/0x30 [ 275.004154][ T6305] kernel_init_freeable+0x213/0x460 [ 275.010816][ T6305] kernel_init+0x2f/0x5e0 [ 275.015750][ T6305] ret_from_fork+0x20f/0x910 [ 275.021086][ T6305] ret_from_fork_asm+0x1a/0x30 [ 275.026755][ T6305] [ 275.029208][ T6305] CPU: 1 UID: 0 PID: 6305 Comm: syz.2.101 Not tainted syzkaller #0 PREEMPT(full) [ 275.039200][ T6305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 275.057335][ T6305] ===================================================== [ 275.068350][ T6305] Disabling lock debugging due to kernel taint [ 275.296699][ T10] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 275.320334][ T5830] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 275.405701][ T6305] Kernel panic - not syncing: kmsan.panic set ... [ 275.412700][ T6305] CPU: 0 UID: 0 PID: 6305 Comm: syz.2.101 Tainted: G B syzkaller #0 PREEMPT(full) [ 275.424532][ T6305] Tainted: [B]=BAD_PAGE [ 275.428820][ T6305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 275.440732][ T6305] Call Trace: [ 275.444785][ T6305] [ 275.448110][ T6305] __dump_stack+0x26/0x30 [ 275.453547][ T6305] dump_stack_lvl+0x50/0x1c0 [ 275.459356][ T6305] ? dump_stack+0x12/0x25 [ 275.465370][ T6305] dump_stack+0x1e/0x25 [ 275.470819][ T6305] vpanic+0x7b4/0x1430 [ 275.475907][ T6305] panic+0x15d/0x160 [ 275.480853][ T6305] kmsan_report+0x31a/0x320 [ 275.486170][ T6305] ? __msan_warning+0x1b/0x30 [ 275.491451][ T6305] ? dvb_demux_read+0x580/0xa40 [ 275.497488][ T6305] ? vfs_readv+0x931/0xf30 [ 275.502806][ T6305] ? __ia32_compat_sys_preadv+0x2da/0x540 [ 275.508901][ T6305] ? ia32_sys_call+0x3e87/0x4360 [ 275.514706][ T6305] ? __do_fast_syscall_32+0x17f/0x3f0 [ 275.520839][ T6305] ? do_fast_syscall_32+0x37/0x80 [ 275.526637][ T6305] ? do_SYSENTER_32+0x1f/0x30 [ 275.531874][ T6305] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 275.539265][ T6305] ? __rcu_read_unlock+0x6c/0xd0 [ 275.544644][ T6305] ? aa_file_perm+0x417/0x27c0 [ 275.550354][ T6305] ? aa_file_perm+0x532/0x27c0 [ 275.555691][ T6305] ? stack_depot_save_flags+0x35/0x790 [ 275.562725][ T6305] ? kmsan_get_metadata+0xf1/0x160 [ 275.568548][ T6305] ? kmsan_get_metadata+0xf1/0x160 [ 275.575634][ T6305] ? kmsan_get_metadata+0xf1/0x160 [ 275.582109][ T6305] ? kmsan_get_metadata+0x146/0x160 [ 275.588874][ T6305] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 275.597512][ T6305] ? __pfx_dvb_demux_read+0x10/0x10 [ 275.605066][ T6305] ? kmsan_get_metadata+0x146/0x160 [ 275.613621][ T6305] __msan_warning+0x1b/0x30 [ 275.619465][ T6305] dvb_demux_read+0x580/0xa40 [ 275.624851][ T6305] ? __pfx_dvb_demux_read+0x10/0x10 [ 275.631109][ T6305] vfs_readv+0x931/0xf30 [ 275.636144][ T6305] ? kmsan_get_metadata+0xf1/0x160 [ 275.642113][ T6305] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 275.649497][ T6305] __ia32_compat_sys_preadv+0x2da/0x540 [ 275.656194][ T6305] ia32_sys_call+0x3e87/0x4360 [ 275.661981][ T6305] __do_fast_syscall_32+0x17f/0x3f0 [ 275.668448][ T6305] do_fast_syscall_32+0x37/0x80 [ 275.674104][ T6305] do_SYSENTER_32+0x1f/0x30 [ 275.679231][ T6305] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 275.686790][ T6305] RIP: 0023:0xf7f52f6c [ 275.691543][ T6305] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad [ 275.713519][ T6305] RSP: 002b:00000000f53f550c EFLAGS: 00000206 ORIG_RAX: 000000000000014d [ 275.722389][ T6305] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000480 [ 275.730694][ T6305] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 000000000000000d [ 275.739695][ T6305] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 275.748596][ T6305] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 275.757139][ T6305] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 275.766163][ T6305] [ 275.769738][ T6305] Kernel Offset: disabled [ 275.774500][ T6305] Rebooting in 86400 seconds..