last executing test programs: 16.390744267s ago: executing program 1 (id=127): r0 = syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2) io_setup(0x8, &(0x7f0000004200)=0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') io_submit(r1, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, 0x0) 15.393085791s ago: executing program 1 (id=129): syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2d) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002040)=""/102400, 0x19000) get_robust_list(0x0, &(0x7f0000000540)=&(0x7f0000000500)={&(0x7f0000000400)={&(0x7f0000000380)}}, 0x0) ioperm(0x0, 0x2, 0x7e) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) r3 = syz_open_dev$dvb_dvr(&(0x7f0000000340), 0x0, 0x20000) preadv(r3, &(0x7f0000000180)=[{&(0x7f00000007c0)=""/4096, 0x1000}], 0x1, 0x207, 0x4) setfsuid(0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000100), 0x12) 14.091645006s ago: executing program 1 (id=135): ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)) mount$overlay(0x0, 0x0, 0x0, 0x40000, &(0x7f0000000040)={[], [], 0x3a}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8) close(0xffffffffffffffff) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000500), 0x40002, 0x0) preadv(r1, 0x0, 0x0, 0x401, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_TEST_OP_MD_CHECK_MAP(r2, 0x3ba0, &(0x7f0000000380)={0x48, 0x16, 0x0, 0x0, 0xe160, 0x0, 0x0}) socket(0xa, 0x3, 0x3a) 12.887225528s ago: executing program 3 (id=136): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000010000000"], 0x48) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000100)) openat$tun(0xffffffffffffff9c, 0x0, 0x1c1842, 0x0) ioctl$VIDIOC_ENUMAUDOUT(0xffffffffffffffff, 0xc0345642, &(0x7f0000000080)={0x1, "7bc7b0eb07939da1ee8efc70c96ced7db5515f1f455fd01ec5750310cb20fa5e"}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000500)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x3}, 0x8}, 0x94) syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="040e04050520"], 0x7) r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000780)={{0x8, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x4, 0x0, 0x40000000000, 0xffffffffffffffff, 0xffffffeffffffffe, 0x0, 0x4, 0x0, 0x7, 0x4, 0x0, 0x0, 0xfffffeffbfffffff, 0x0, 0x0, 0x0, 0x3, 0x80000000, 0x3, 0x0, 0x0, 0x4, 0x0, 0x6, 0x1, 0x40, 0x0, 0xfffffffffffffffd, 0x100200000, 0xb, 0x6, 0x0, 0x0, 0x0, 0x9, 0x0, 0x10000, 0x1000, 0x0, 0x9, 0x0, 0x2, 0x0, 0x0, 0x0, 0xffffffdfffffffff, 0xfffffffffffffffc, 0x3, 0x0, 0x7, 0x10000, 0x7785, 0x0, 0x4, 0x4, 0x8, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x80000002000, 0x0, 0x4, 0x0, 0xfffffffffffffffe, 0x0, 0x7ff, 0x0, 0xfffffffffffffffe, 0x9, 0x1000000000, 0x0, 0x80000000000002, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x2c5, 0x0, 0x100, 0x81, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x9, 0x100000000000, 0x4000000000, 0x3, 0x2, 0x0, 0x7, 0xc0c0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffffffeffffc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x80]}) 11.410069458s ago: executing program 1 (id=137): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120141014813442024040075ee69010203010902240001000010000904b8070259d1ca000905060200020d0006090582020002"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000480)={0x84, &(0x7f0000000940)={0x40, 0xa, 0x4, "a0e763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000640)={0x44, &(0x7f0000000200)={0x0, 0xc, 0x4, "ca258375"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000000)=ANY=[@ANYBLOB="601004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000005c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="205aba"], 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000580)={0x2c, &(0x7f00000007c0)=ANY=[@ANYBLOB="201704"], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000002c0)={0x2c, &(0x7f0000000380)={0x0, 0xe, 0x4, "2ae84be4"}, 0x0, 0x0, 0x0, 0x0}) 10.285872506s ago: executing program 0 (id=139): r0 = syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2) io_setup(0x8, &(0x7f0000004200)=0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') io_submit(r1, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, 0x0) 9.377159287s ago: executing program 0 (id=140): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x24, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_HELP={0x10, 0x5, 0x0, 0x1, {0xa, 0x1, 'H.245\x00'}}]}, 0x24}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x7}, [@tail_call={{}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x100000}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x4058534c, &(0x7f0000000000)={0x80, 0x9, 0x2, 0xe05, 0x20000, 0x28e7}) 8.388421886s ago: executing program 0 (id=143): r0 = socket(0x2, 0x805, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, 0x0, &(0x7f0000000040)=0x63) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xc8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = shmget$private(0x0, 0x4000, 0x1, &(0x7f0000003000/0x4000)=nil) shmat(r1, &(0x7f0000000000/0x4000)=nil, 0x4000) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x700, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000200)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f00000002c0)={0x28, 0x6, r2, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1}) ioctl$IOMMU_VFIO_IOAS$SET(0xffffffffffffffff, 0x3b88, &(0x7f0000000140)={0xc, r2}) ioctl$IOMMU_VFIO_SET_IOMMU(0xffffffffffffffff, 0x3b66, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) close(r3) 7.888387723s ago: executing program 0 (id=145): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) read$msr(r1, &(0x7f0000004600)=""/102400, 0x19000) syz_emit_ethernet(0x4a, 0x0, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0) ioctl$SNAPSHOT_FREE_SWAP_PAGES(r2, 0x3309) setrlimit(0x2, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x4000000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) 6.516072103s ago: executing program 3 (id=146): r0 = socket(0x2d, 0x2, 0x0) bind$xdp(r0, &(0x7f0000000080)={0x2d, 0x9, 0x0, 0x2018, r0}, 0x10) socket$packet(0x11, 0x3, 0x300) syz_emit_vhci(&(0x7f00000016c0)=ANY=[@ANYBLOB="04131505c9000000c9000000c800e917c8000c00c900fe0154d6574678ade55bdbd72fa3e98b86c993a022606cd7119c7ae1bdecae296cc584988d292562ed34239299a0ccc3b356726062dd0674fca0358091d400fbb19fa0f92024fecf4051372df764a2a7b78985"], 0x18) 6.347186166s ago: executing program 3 (id=147): socket$nl_netfilter(0x10, 0x3, 0xc) bind$inet6(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) 6.050707621s ago: executing program 4 (id=148): syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000600)={0x44, &(0x7f0000000740)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000500)=0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000540)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) openat$binfmt_format(0xffffff9c, 0x0, 0x2, 0x0) io_uring_setup(0x3454, &(0x7f00000003c0)={0x0, 0x0, 0x40, 0x0, 0xa7}) clock_gettime(0xfffffffffffffffb, 0x0) migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa) mmap(&(0x7f0000a82000/0x3000)=nil, 0x3000, 0x300000a, 0x810, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x2}, 0x1c) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20004001) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x40040}, 0x800) ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f0000000180)=""/67) syz_usb_connect$uac1(0x1, 0x0, 0x0, &(0x7f0000000880)={0x0, 0x0, 0x37, &(0x7f0000000140)={0x5, 0xf, 0x37, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0xda, "9be30049b874bfa13fa1039b4f0a321f"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xb, 0x0, 0x6, 0x800}, @ss_container_id={0x14, 0x10, 0x4, 0xa, "a41709cf027d58104e6929058b401f89"}]}, 0x7, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x80f}}, {0x0, 0x0}, {0x4, &(0x7f00000005c0)=@lang_id={0x4, 0x3, 0xc65}}, {0x0, 0x0}, {0x78, &(0x7f00000006c0)=@string={0x78, 0x3, "a326f09bdf223c3ee2367cbe947a4f45ae7f41a030085ba711a4ce190330633286305fb0e8a79278ee129e6d20ace81384f608823f947cb70d7db7dead993c712b14595fbc3e11c68556252180d8d1e5ba6eff8c16e25bdb14048c85bb1bafd8150d59082187106a3e006ba0bb4ed53e36ee3b4e7efc"}}, {0x2, &(0x7f0000000780)=@string={0x2}}, {0x53, &(0x7f00000007c0)=@string={0x53, 0x3, "cf10239a8b03e646b877b61bb193055285832aeb996cb16e676da1a34d7b02ff1ef73b2f3837c28ecc0ffbaca0e3fa6bdcfa2b22888d21b3296dd9bdea72f006de6de1ccfd1faff53f04a8476c0288adb7"}}]}) 6.022848504s ago: executing program 3 (id=149): syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100003441eb4023398a716af6b593a0010902240001000040000904ee0202949da00009050402000000"], 0x0) 5.275143419s ago: executing program 1 (id=150): openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0) fcntl$lock(0xffffffffffffffff, 0x6, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00') r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) getsockopt$bt_BT_POWER(r0, 0x12, 0x4, 0x0, &(0x7f0000000200)=0x3e) syz_usb_connect(0x0, 0x5f, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd70102030109024d00010000000009040000050095c20009050000000000000007058433c4"], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x10000005) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000100)) syz_emit_ethernet(0x2a, &(0x7f00000002c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa08004510003e00660000070290780a010102ac1414aa11ff90780000000037651247ff2c73d3bd82cdd35a52c063558eaf688848fc88773729525d9a484709e6053c3c9ec8b267e6355dcfe06f9e7fabd2ef2670246fa18119123609a3b1c19c5cb675"], 0x0) 5.2448499s ago: executing program 0 (id=151): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x15, 0x4, 0xfffffffc) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r0, 0x0, &(0x7f0000000100)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}, 0x1, 0xfffc}, 0x4000800) r1 = syz_open_dev$hidraw(&(0x7f0000000280), 0x1, 0x803) ioctl$HIDIOCGFEATURE(r1, 0xc0404807, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) setrlimit(0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r6 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r6, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe}) rmdir(&(0x7f0000000000)='./file0\x00') 4.648451519s ago: executing program 2 (id=152): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r3, 0x0, 0x0, 0x2, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x32, &(0x7f0000001140)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x24, 0x66, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@timestamp={0x44, 0x4, 0x8d}]}}, {0x4e24, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) 4.641740731s ago: executing program 4 (id=153): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x24, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_HELP={0x10, 0x5, 0x0, 0x1, {0xa, 0x1, 'H.245\x00'}}]}, 0x24}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x7}, [@tail_call={{}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x100000}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x4058534c, &(0x7f0000000000)={0x80, 0x9, 0x2, 0xe05, 0x20000, 0x28e7}) 3.471193613s ago: executing program 4 (id=154): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/custom0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) r1 = dup3(0xffffffffffffffff, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000200)='\f'}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) bind$netlink(r3, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(0x0, r4) sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000700)=ANY=[@ANYRES32, @ANYBLOB="46000600000000001c00128009"], 0x3c}, 0x1, 0x0, 0x0, 0x40040}, 0x0) sendmsg$nl_route(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="28000000007a32ba70e177e280e5d9a8ba166faa95f8bb6a6bd51873f4e5c5f25e5db4e4939f92192f95c426afdc5daf608184a2ddab3c3c77947b6788c788e4a4380bb2b57af8f2", @ANYRES32=0x0, @ANYBLOB="00000000e300", @ANYRES32], 0x28}}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r5, &(0x7f0000000040)={0x2, 0xfffd, @local}, 0x10) r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f0000000500)={'pcl812\x00', [0x4f28, 0x4, 0x10000, 0x4, 0x5, 0xa7, 0x4, 0x7, 0x54c6cfef, 0x8e64, 0xe3d, 0x1, 0x6, 0x1, 0x6, 0x101, 0x0, 0x7f, 0x3, 0x2, 0xbfc90000, 0x1, 0x0, 0x20001e58, 0x3, 0xe64, 0x4, 0x8, 0x3, 0x0, 0xfffffff8]}) chdir(0x0) 3.389505362s ago: executing program 2 (id=155): r0 = socket(0x2, 0x805, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, 0x0, &(0x7f0000000040)=0x63) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xc8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = shmget$private(0x0, 0x4000, 0x1, &(0x7f0000003000/0x4000)=nil) shmat(r1, &(0x7f0000000000/0x4000)=nil, 0x4000) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x700, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000200)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f00000002c0)={0x28, 0x6, r2, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1}) ioctl$IOMMU_VFIO_IOAS$SET(0xffffffffffffffff, 0x3b88, &(0x7f0000000140)={0xc, r2}) ioctl$IOMMU_VFIO_SET_IOMMU(0xffffffffffffffff, 0x3b66, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) close(r3) 3.323278291s ago: executing program 3 (id=156): sendmsg$ETHTOOL_MSG_EEE_GET(0xffffffffffffffff, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000001380)={&(0x7f0000001400)={0x50, 0x0, 0x200, 0x70bd28, 0x8, {}, [@HEADER={0x4}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x40448a0) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000340)}, {&(0x7f00000005c0)="f2b3", 0x2}], 0x2}}], 0x1, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000f80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=ANY=[], 0x340}}, {{&(0x7f0000000300)={0xa, 0x4e20, 0x80000000, @empty, 0x7}, 0x1c, &(0x7f0000000f00)=[{&(0x7f0000000500)='q', 0x1}, {&(0x7f0000000540)}, {0x0}, {0x0}, {&(0x7f0000000700)}, {0x0}], 0x6}}], 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0xeeee8000, 0x4, 0x3, 0xf1, 0x5, 0xfa, 0xd4, 0xd4, 0x0, 0x4, 0x7, 0x4f}, {0x5000, 0x2, 0xd, 0x9, 0x8, 0x3, 0x6, 0xb, 0x5, 0xf, 0x3, 0xc0}, {0xffff1000, 0xeeef0000, 0xb, 0x1, 0x2, 0x7, 0x4, 0x1, 0x81, 0x0, 0x6, 0x5}, {0xeeee8000, 0x2000, 0x8, 0xf8, 0x3, 0x46, 0x2, 0xd, 0x6, 0x0, 0x8, 0x1}, {0x100000, 0x4000, 0x9, 0x9, 0x3, 0x9, 0xd, 0x6, 0x5, 0x9, 0xc, 0x4b}, {0x6000, 0x0, 0x4, 0x6, 0x3, 0x7d, 0x1, 0xff, 0x4, 0x90, 0x1, 0xfc}, {0x8000000, 0x4000, 0x0, 0x9d, 0x3, 0x0, 0x0, 0xb, 0x5, 0x7, 0x9, 0xf8}, {0xf7f63004, 0x8000000, 0xf, 0x5, 0x28, 0x3, 0xa, 0x9, 0x54, 0x1, 0x2, 0x7}, {0xdddd1000, 0x5}, {0x4, 0x9}, 0x40030000, 0x0, 0x80a0000, 0x300, 0x1, 0xa901, 0xe6e70c00, [0x3, 0x401, 0x7, 0xc5]}) ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000740)={"373ab6e870bf64ef25ad87deef94c3b7350df627ea76a6efbd6c33a19e5dde0b3718dac0c2b8e833beb9e0347000fc7332c43a3128856f23df4628fb1e54b1745094c19bc88c190192f58dda884b3296f7cd6373842bff61047e0697c9af6e9f62b88fd21621b527902efdae6efd3516c7e5a36f4aaa12cd1b3ac0686db46783f45fe6aa2515ab6996b4807b0d9575a9061a775ef515a40b97c34035e8e412b9200000001000000062a07ab97f50ff5deb8a5978611317016887694245b363252230bbe17ed0f591f935d8e4ae7563eeff2fdfad8a775f0a4b15f63f5c4851df9aef747ace240cec55ce1659c08d38714245835e15291c4973ade3b2006d8870a1d739eb8e7a284e23f660b2061e31a70627be4acb16ecbe8a4edde1c5397c761a2fe0690f5d580ebf35b8640441ddf47d1f67a5e2d892f14a4f88412ce3cc8ec4d0580729c8638502410837253d6ac316ee9c6a24eb5d83463ff9bdf81f31c12b04adec97fe1377d2f29067e5f6f48cc123f2c4c02afe60d224c7d974a63c1aa9b110d2187f18de3753b57c630eab26238e8201501a007da99f1d07f76c4da113859ab55792049a15c5d83051f41ae951912eb81154f2398a729b6d6c51d6850bddcd4b35b24996e4ec707d1a744dff58ea5030fcd6b46a468ac029f86be30c7c3d5708e3871fed2e63b9c3ad265350e87e9fc44696eadeecc1ff67e30b64be27f480180d26218d031380149bcc31bd712063e9c09ed5329a530800000025d79eb9d4491d82d2b7a3d7d0cf9286396fcb8c2ccf1655b3ba420c36c3fb88d788308e947cc15e0957a98a843911c954c2a2feccd60d0000da8330cd1de951bcd767cf211a241c882b8d5e608fc0e796afead2a7b05018b4ae6c034c4c4997868343a5d064838dd0aca0d21b429665a0a1b4fd17cd34e711cee01d2348dc5871cca7ab4e4924f6f4bc29e7dbfae6788549e600000000271cd7ddfabd45803a6d1145734a82b2b9a6a87c8e118629840a027fd3f8e5a6a5dccee1a480d6cd0402a64db2263b1a9de61848b1eb31b51189f4caa2fdf0c3a38275386522137fe573ec27693a337c324952480c9ae476a694010aa22095c6d8bfceb5e024cbc21d6c1d1b17fae63dc627a948c4eca7dfa3f8a5e628531472e00ed28f2d2b7fcf03b5ba1975fcc010482a08c7800b3c87587a9fea37402ffafcc9cabc16a123164765d10dafe323ce33f197af8a3cf57332dbbee3f263a16cb565b61690b5804341630437ad2277be4ff82d1aa32c15b0cf99c88c7bca0ecf47a3be490bf6079f19acdf9a71f636fff612167c849b5c149cb32d8dd98d2aa8bb0606a1214fc1f0da04476cd8c3c056ec88eefca4d331ecbd5416c356466202cb97ddfc320b7594d5ab2e9102d549ffa72300"}) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 3.289855798s ago: executing program 4 (id=157): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b000000000000000000", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000010000000"], 0x48) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000100)) openat$tun(0xffffffffffffff9c, 0x0, 0x1c1842, 0x0) ioctl$VIDIOC_ENUMAUDOUT(0xffffffffffffffff, 0xc0345642, &(0x7f0000000080)={0x1, "7bc7b0eb07939da1ee8efc70c96ced7db5515f1f455fd01ec5750310cb20fa5e"}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000500)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x3}, 0x8}, 0x94) syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="040e04050520"], 0x7) r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000780)={{0x8, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x4, 0x0, 0x40000000000, 0xffffffffffffffff, 0xffffffeffffffffe, 0x0, 0x4, 0x0, 0x7, 0x4, 0x0, 0x0, 0xfffffeffbfffffff, 0x0, 0x0, 0x0, 0x3, 0x80000000, 0x3, 0x0, 0x0, 0x4, 0x0, 0x6, 0x1, 0x40, 0x0, 0xfffffffffffffffd, 0x100200000, 0xb, 0x6, 0x0, 0x0, 0x0, 0x9, 0x0, 0x10000, 0x1000, 0x0, 0x9, 0x0, 0x2, 0x0, 0x0, 0x0, 0xffffffdfffffffff, 0xfffffffffffffffc, 0x3, 0x0, 0x7, 0x10000, 0x7785, 0x0, 0x4, 0x4, 0x8, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x80000002000, 0x0, 0x4, 0x0, 0xfffffffffffffffe, 0x0, 0x7ff, 0x0, 0xfffffffffffffffe, 0x9, 0x1000000000, 0x0, 0x80000000000002, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x2c5, 0x0, 0x100, 0x81, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x9, 0x100000000000, 0x4000000000, 0x3, 0x2, 0x0, 0x7, 0xc0c0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffffffeffffc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x80]}) 3.180869353s ago: executing program 2 (id=158): r0 = socket(0x2d, 0x2, 0x0) bind$xdp(r0, &(0x7f0000000080)={0x2d, 0x9, 0x0, 0x2018, r0}, 0x10) socket$packet(0x11, 0x3, 0x300) syz_emit_vhci(&(0x7f00000016c0)=ANY=[@ANYBLOB="04131505c9000000c9000000c800e917c8000c00c900fe0154d6574678ade55bdbd72fa3e98b86c993a022606cd7119c7ae1bdecae296cc584988d292562ed34239299a0ccc3b356726062dd0674fca0358091d400fbb19fa0f92024fecf4051372df764a2a7b78985"], 0x18) 2.92503429s ago: executing program 2 (id=159): syz_io_uring_setup(0xb5c, &(0x7f0000000640)={0x0, 0x1590, 0x100, 0x1, 0x164}, &(0x7f0000000240)=0x0, &(0x7f00000001c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80}) r1 = io_uring_setup(0x666, &(0x7f00000002c0)={0x0, 0x284f, 0x40, 0xfffffffe, 0x235}) io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) socket(0x840000000002, 0x3, 0xff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000040)={0x204, 0xa, 0x4}) ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0585609, 0x0) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="4c00000002060101000000000000000000000000050005000a000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e65740000000048225137a8016a1dcbe2e88b61a93149b574bc416dc82d1a595a"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) sendmsg$IPSET_CMD_TEST(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="640000000906010800000000000000000600000505000100070000003c0007801800148014000240fc0000000000000000000000000000011800018014000240ff01000000000000000000000000000105000300070000000900020073797a31"], 0x64}}, 0x4800) 2.92431467s ago: executing program 4 (id=160): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$netlink(0x10, 0x3, 0xe) writev(r2, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0xbbf, 0x74, 0x0, 0x0) getsockopt$sock_buf(r2, 0x1, 0x3b, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) close(r5) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r6 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) read$FUSE(0xffffffffffffffff, &(0x7f0000002240)={0x2020}, 0x2020) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@ipv4_newaddr={0x40, 0x14, 0x509, 0x80000, 0x25dfdbfe, {0x2, 0x8, 0x3c, 0xfe, r4}, [@IFA_FLAGS={0x8, 0x8, 0x13}, @IFA_BROADCAST={0x8, 0x4, @empty}, @IFA_TARGET_NETNSID={0x8}, @IFA_RT_PRIORITY={0x8, 0x9, 0x6}, @IFA_BROADCAST={0x8, 0x4, @remote}]}, 0x40}, 0x1, 0x0, 0x0, 0x24048084}, 0x14000854) r7 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r7, 0x0, 0x484, &(0x7f00000000c0)=""/24, &(0x7f0000000340)=0x18) copy_file_range(r3, 0x0, r3, &(0x7f0000000100)=0x2295, 0xf, 0x0) ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f00000000c0)={0x3, 0x43}) socket$inet6_tcp(0xa, 0x1, 0x0) 2.171747193s ago: executing program 2 (id=161): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) read$msr(r1, &(0x7f0000004600)=""/102400, 0x19000) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0) ioctl$SNAPSHOT_FREE_SWAP_PAGES(r2, 0x3309) setrlimit(0x2, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x4000000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) 2.138161571s ago: executing program 1 (id=162): r0 = socket(0x11, 0x2, 0x0) setsockopt(r0, 0x107, 0x1, &(0x7f00000001c0)="110000000200060000071a80010061cc", 0x10) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x1}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000001c0)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}}) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000003c0)={@ifindex, 0xb, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) connect$inet(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(r5, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000}) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r6, 0xffffffffffffffff, 0x3f00000000000000) 2.075606001s ago: executing program 3 (id=163): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) getpid() bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = socket$netlink(0x10, 0x3, 0xb) capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40}) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000000)=0xa, 0x4) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(0xffffffffffffffff, 0xc01864b0, &(0x7f0000000280)={0x0, 0x0, 0x6, 0x7, 0x9}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r4) r5 = socket(0x2b, 0x1, 0x1) bind$inet6(r4, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) accept4$vsock_stream(r5, 0x0, 0x0, 0x80800) r6 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) 1.951242826s ago: executing program 0 (id=164): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x24, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_HELP={0x10, 0x5, 0x0, 0x1, {0xa, 0x1, 'H.245\x00'}}]}, 0x24}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x7}, [@tail_call={{}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x100000}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x4058534c, 0x0) 650.672382ms ago: executing program 2 (id=165): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r3, 0x0, 0x0, 0x2, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x32, &(0x7f0000001140)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x24, 0x66, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@timestamp={0x44, 0x4, 0x8d}]}}, {0x4e24, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) 0s ago: executing program 4 (id=166): r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa07, &(0x7f00000002c0)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.112' (ED25519) to the list of known hosts. [ 65.332117][ T5826] cgroup: Unknown subsys name 'net' [ 65.481727][ T5826] cgroup: Unknown subsys name 'cpuset' [ 65.490198][ T5826] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 66.768793][ T5826] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 68.861983][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 68.877347][ T5844] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.889348][ T5844] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 68.898527][ T5844] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.906110][ T5844] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 68.913686][ T5844] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 68.922668][ T5844] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 68.929740][ T5847] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.937230][ T5847] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 68.937834][ T5844] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 68.956386][ T5854] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.963579][ T5844] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 68.972800][ T5844] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 68.974151][ T5847] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 68.980525][ T5854] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 68.989106][ T5847] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 68.995797][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 69.002108][ T5847] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 69.015768][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 69.017414][ T5847] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 69.030203][ T5844] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 69.042972][ T5842] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 69.053785][ T5842] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 69.063198][ T5842] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 69.076529][ T5842] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 69.573680][ T5848] chnl_net:caif_netlink_parms(): no params data found [ 69.646647][ T5851] chnl_net:caif_netlink_parms(): no params data found [ 69.685558][ T5855] chnl_net:caif_netlink_parms(): no params data found [ 69.969021][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.976739][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.984341][ T5851] bridge_slave_0: entered allmulticast mode [ 69.991843][ T5851] bridge_slave_0: entered promiscuous mode [ 70.000654][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 70.012414][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.020708][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.027891][ T5848] bridge_slave_0: entered allmulticast mode [ 70.035776][ T5848] bridge_slave_0: entered promiscuous mode [ 70.047915][ T5855] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.055182][ T5855] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.062413][ T5855] bridge_slave_0: entered allmulticast mode [ 70.070128][ T5855] bridge_slave_0: entered promiscuous mode [ 70.078225][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.085631][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.092836][ T5851] bridge_slave_1: entered allmulticast mode [ 70.100189][ T5851] bridge_slave_1: entered promiscuous mode [ 70.113576][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.121004][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.128269][ T5848] bridge_slave_1: entered allmulticast mode [ 70.135659][ T5848] bridge_slave_1: entered promiscuous mode [ 70.142977][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 70.154756][ T5855] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.162022][ T5855] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.169305][ T5855] bridge_slave_1: entered allmulticast mode [ 70.176520][ T5855] bridge_slave_1: entered promiscuous mode [ 70.285466][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.303890][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.326264][ T5855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.338931][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.357157][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.375357][ T5855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.474603][ T5855] team0: Port device team_slave_0 added [ 70.483058][ T5851] team0: Port device team_slave_0 added [ 70.501199][ T5848] team0: Port device team_slave_0 added [ 70.519419][ T5855] team0: Port device team_slave_1 added [ 70.527518][ T5851] team0: Port device team_slave_1 added [ 70.533915][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.541525][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.548813][ T5838] bridge_slave_0: entered allmulticast mode [ 70.556079][ T5838] bridge_slave_0: entered promiscuous mode [ 70.566040][ T5848] team0: Port device team_slave_1 added [ 70.630573][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.637775][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.645042][ T5838] bridge_slave_1: entered allmulticast mode [ 70.652503][ T5838] bridge_slave_1: entered promiscuous mode [ 70.669203][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.676458][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.684144][ T5839] bridge_slave_0: entered allmulticast mode [ 70.691434][ T5839] bridge_slave_0: entered promiscuous mode [ 70.700164][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.707441][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.714810][ T5839] bridge_slave_1: entered allmulticast mode [ 70.722896][ T5839] bridge_slave_1: entered promiscuous mode [ 70.741494][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.748436][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 70.774385][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.800907][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.807931][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 70.833900][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.857219][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.864237][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 70.890204][ T5855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.902620][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.909655][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 70.935587][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.957581][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.964744][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 70.990922][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.014194][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.021166][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 71.047076][ T5855] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.070750][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.091080][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.100537][ T5849] Bluetooth: hci3: command tx timeout [ 71.100677][ T5849] Bluetooth: hci1: command tx timeout [ 71.106136][ T5842] Bluetooth: hci0: command tx timeout [ 71.112068][ T5853] Bluetooth: hci4: command tx timeout [ 71.117390][ T5847] Bluetooth: hci2: command tx timeout [ 71.129385][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.148461][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.237639][ T5838] team0: Port device team_slave_0 added [ 71.247606][ T5839] team0: Port device team_slave_0 added [ 71.260771][ T5851] hsr_slave_0: entered promiscuous mode [ 71.267595][ T5851] hsr_slave_1: entered promiscuous mode [ 71.279550][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.286319][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.300188][ T5838] team0: Port device team_slave_1 added [ 71.318185][ T5839] team0: Port device team_slave_1 added [ 71.374979][ T5855] hsr_slave_0: entered promiscuous mode [ 71.381971][ T5855] hsr_slave_1: entered promiscuous mode [ 71.388788][ T5855] debugfs: 'hsr0' already exists in 'hsr' [ 71.394603][ T5855] Cannot create hsr debugfs directory [ 71.417450][ T5848] hsr_slave_0: entered promiscuous mode [ 71.424201][ T5848] hsr_slave_1: entered promiscuous mode [ 71.430736][ T5848] debugfs: 'hsr0' already exists in 'hsr' [ 71.436481][ T5848] Cannot create hsr debugfs directory [ 71.472054][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.479103][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 71.505127][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.518463][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.525488][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 71.551936][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.564233][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.571384][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 71.597306][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.610853][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.617803][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 71.643965][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.843632][ T5839] hsr_slave_0: entered promiscuous mode [ 71.850239][ T5839] hsr_slave_1: entered promiscuous mode [ 71.856556][ T5839] debugfs: 'hsr0' already exists in 'hsr' [ 71.862513][ T5839] Cannot create hsr debugfs directory [ 71.886827][ T5838] hsr_slave_0: entered promiscuous mode [ 71.894214][ T5838] hsr_slave_1: entered promiscuous mode [ 71.902115][ T5838] debugfs: 'hsr0' already exists in 'hsr' [ 71.908967][ T5838] Cannot create hsr debugfs directory [ 72.361444][ T5851] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 72.373029][ T5851] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 72.383556][ T5851] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 72.401794][ T5851] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 72.458746][ T5855] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 72.477405][ T5855] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 72.488446][ T5855] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 72.500113][ T5855] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 72.600837][ T5848] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 72.611258][ T5848] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 72.632584][ T5848] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 72.644320][ T5848] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 72.764849][ T5838] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 72.775968][ T5838] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 72.800738][ T5838] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 72.812381][ T5838] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 72.832274][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.932841][ T5851] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.963109][ T1113] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.970486][ T1113] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.987907][ T5839] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 72.999313][ T5839] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 73.026417][ T5839] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 73.040079][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.047226][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.063718][ T5839] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 73.109750][ T5855] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.180496][ T5842] Bluetooth: hci1: command tx timeout [ 73.180688][ T5853] Bluetooth: hci4: command tx timeout [ 73.186202][ T5842] Bluetooth: hci3: command tx timeout [ 73.191803][ T5849] Bluetooth: hci0: command tx timeout [ 73.197115][ T5847] Bluetooth: hci2: command tx timeout [ 73.270006][ T5855] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.293531][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.332054][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.339281][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.383741][ T1113] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.391046][ T1113] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.415675][ T5848] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.490563][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.497683][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.554479][ T1113] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.561620][ T1113] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.583712][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.632174][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.693762][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.729820][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.753824][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.761044][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.815815][ T717] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.823034][ T717] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.868322][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.920258][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.927444][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.982355][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.989655][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.063555][ T5855] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.091140][ T5851] veth0_vlan: entered promiscuous mode [ 74.165552][ T5851] veth1_vlan: entered promiscuous mode [ 74.246438][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.383892][ T5855] veth0_vlan: entered promiscuous mode [ 74.437775][ T5855] veth1_vlan: entered promiscuous mode [ 74.462544][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.485314][ T5851] veth0_macvtap: entered promiscuous mode [ 74.524774][ T5851] veth1_macvtap: entered promiscuous mode [ 74.603435][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.642270][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.679839][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.690498][ T717] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.703938][ T717] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.713676][ T717] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.735057][ T5855] veth0_macvtap: entered promiscuous mode [ 74.742731][ T717] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.769433][ T5855] veth1_macvtap: entered promiscuous mode [ 74.880020][ T5838] veth0_vlan: entered promiscuous mode [ 74.906397][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.922300][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.968271][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.981819][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.007454][ T5848] veth0_vlan: entered promiscuous mode [ 75.014734][ T5838] veth1_vlan: entered promiscuous mode [ 75.032258][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.041066][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.070930][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.081189][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.110326][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.118448][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.136038][ T5839] veth0_vlan: entered promiscuous mode [ 75.147024][ T5848] veth1_vlan: entered promiscuous mode [ 75.233146][ T5839] veth1_vlan: entered promiscuous mode [ 75.236828][ T5851] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 75.270783][ T5847] Bluetooth: hci0: command tx timeout [ 75.275544][ T5838] veth0_macvtap: entered promiscuous mode [ 75.276253][ T5847] Bluetooth: hci4: command tx timeout [ 75.287630][ T5842] Bluetooth: hci1: command tx timeout [ 75.287679][ T5853] Bluetooth: hci3: command tx timeout [ 75.295403][ T5838] veth1_macvtap: entered promiscuous mode [ 75.300603][ T5849] Bluetooth: hci2: command tx timeout [ 75.383060][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.404776][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.443547][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.582962][ T5848] veth0_macvtap: entered promiscuous mode [ 75.590428][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.599634][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.616468][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.631093][ T5839] veth0_macvtap: entered promiscuous mode [ 75.652630][ T5848] veth1_macvtap: entered promiscuous mode [ 75.663172][ T717] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.705097][ T717] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.718448][ T717] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.730963][ T5839] veth1_macvtap: entered promiscuous mode [ 75.760155][ T717] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.849114][ T5964] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3'. [ 75.891036][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.942020][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.957776][ T5966] comedi: valid board names for 8255 driver are: [ 75.964477][ T5966] 8255 [ 75.967236][ T5966] comedi: valid board names for vmk80xx driver are: [ 75.973864][ T5966] vmk80xx [ 75.976875][ T5966] comedi: valid board names for usbduxsigma driver are: [ 75.983854][ T5966] usbduxsigma [ 75.987213][ T5966] comedi: valid board names for usbduxfast driver are: [ 75.994176][ T5966] usbduxfast [ 75.997448][ T5966] comedi: valid board names for usbdux driver are: [ 76.004465][ T5966] usbdux [ 76.007405][ T5966] comedi: valid board names for ni6501 driver are: [ 76.008438][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 76.013945][ T5966] ni6501 [ 76.022829][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 76.025767][ T5966] comedi: valid board names for dt9812 driver are: [ 76.040507][ T5966] dt9812 [ 76.043437][ T5966] comedi: valid board names for ni_labpc_cs driver are: [ 76.050421][ T5966] ni_labpc_cs [ 76.053780][ T5966] comedi: valid board names for ni_daq_700 driver are: [ 76.060713][ T5966] ni_daq_700 [ 76.063985][ T5966] comedi: valid board names for labpc_pci driver are: [ 76.070795][ T5966] labpc_pci [ 76.073986][ T5966] comedi: valid board names for adl_pci9118 driver are: [ 76.080952][ T5966] pci9118dg [ 76.084136][ T5966] pci9118hg [ 76.087316][ T5966] pci9118hr [ 76.090541][ T5966] comedi: valid board names for 8255_pci driver are: [ 76.097201][ T5966] 8255_pci [ 76.100846][ T5966] comedi: valid board names for s526 driver are: [ 76.107163][ T5966] s526 [ 76.109966][ T5966] comedi: valid board names for multiq3 driver are: [ 76.110806][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 76.116543][ T5966] multiq3 [ 76.125332][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 76.127803][ T5966] comedi: valid board names for pcmuio driver are: [ 76.142704][ T5966] pcmuio48 [ 76.145811][ T5966] pcmuio96 [ 76.149022][ T5966] comedi: valid board names for pcmmio driver are: [ 76.155506][ T5966] pcmmio [ 76.158434][ T5966] comedi: valid board names for pcmda12 driver are: [ 76.165041][ T5966] pcmda12 [ 76.168060][ T5966] comedi: valid board names for pcmad driver are: [ 76.174501][ T5966] pcmad12 [ 76.177530][ T5966] pcmad16 [ 76.180554][ T5966] comedi: valid board names for ni_labpc driver are: [ 76.187207][ T5966] lab-pc-1200 [ 76.190601][ T5966] lab-pc-1200ai [ 76.194134][ T5966] lab-pc+ [ 76.197138][ T5966] comedi: valid board names for atmio16 driver are: [ 76.203731][ T5966] atmio16 [ 76.206738][ T5966] atmio16d [ 76.209867][ T5966] comedi: valid board names for ni_at_ao driver are: [ 76.213243][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 76.216528][ T5966] at-ao-6 [ 76.225527][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 76.227922][ T5966] at-ao-10 [ 76.252012][ T5966] comedi: valid board names for ni_at_a2150 driver are: [ 76.259154][ T5966] ni_at_a2150 [ 76.262513][ T5966] comedi: valid board names for adq12b driver are: [ 76.269038][ T5966] adq12b [ 76.271962][ T5966] comedi: valid board names for mpc624 driver are: [ 76.278440][ T5966] mpc624 [ 76.281380][ T5966] comedi: valid board names for c6xdigio driver are: [ 76.288038][ T5966] c6xdigio [ 76.291216][ T5966] comedi: valid board names for aio_iiro_16 driver are: [ 76.298129][ T5966] aio_iiro_16 [ 76.301569][ T5966] comedi: valid board names for aio_aio12_8 driver are: [ 76.308541][ T5966] aio_aio12_8 [ 76.311903][ T5966] aio_ai12_8 [ 76.315169][ T5966] aio_ao12_4 [ 76.316735][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 76.318448][ T5966] comedi: valid board names for fl512 driver are: [ 76.333064][ T5966] fl512 [ 76.335896][ T5966] comedi: valid board names for dmm32at driver are: [ 76.342547][ T5966] dmm32at [ 76.345555][ T5966] comedi: valid board names for dt282x driver are: [ 76.352253][ T5966] dt2821 [ 76.355173][ T5966] dt2821-f [ 76.358260][ T5966] dt2821-g [ 76.361389][ T5966] dt2823 [ 76.364305][ T5966] dt2824-pgh [ 76.367565][ T5966] dt2824-pgl [ 76.370861][ T5966] dt2825 [ 76.373777][ T5966] dt2827 [ 76.376691][ T5966] dt2828 [ 76.379747][ T5966] dt2829 [ 76.382665][ T5966] dt21-ez [ 76.385682][ T5966] dt23-ez [ 76.388768][ T5966] dt24-ez [ 76.391784][ T5966] dt24-ez-pgl [ 76.395136][ T5966] comedi: valid board names for dt2817 driver are: [ 76.401661][ T5966] dt2817 [ 76.404579][ T5966] comedi: valid board names for dt2815 driver are: [ 76.411080][ T5966] dt2815 [ 76.414001][ T5966] comedi: valid board names for dt2814 driver are: [ 76.417991][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 76.420515][ T5966] dt2814 [ 76.429274][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 76.431655][ T5966] comedi: valid board names for dt2811 driver are: [ 76.446294][ T5966] dt2811-pgh [ 76.449601][ T5966] dt2811-pgl [ 76.452874][ T5966] comedi: valid board names for dt2801 driver are: [ 76.459415][ T5966] dt2801 [ 76.462335][ T5966] comedi: valid board names for das6402 driver are: [ 76.468941][ T5966] das6402-12 [ 76.472213][ T5966] das6402-16 [ 76.475479][ T5966] comedi: valid board names for das1800 driver are: [ 76.482083][ T5966] das-1701st [ 76.485346][ T5966] das-1701st-da [ 76.488913][ T5966] das-1702st [ 76.492176][ T5966] das-1702st-da [ 76.495699][ T5966] das-1702hr [ 76.498988][ T5966] das-1702hr-da [ 76.502514][ T5966] das-1701ao [ 76.505777][ T5966] das-1702ao [ 76.509092][ T5966] das-1801st [ 76.512355][ T5966] das-1801st-da [ 76.515876][ T5966] das-1802st [ 76.519159][ T5966] das-1802st-da [ 76.520410][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 76.522685][ T5966] das-1802hr [ 76.534238][ T5966] das-1802hr-da [ 76.537762][ T5966] das-1801hc [ 76.541116][ T5966] das-1802hc [ 76.544384][ T5966] das-1801ao [ 76.547649][ T5966] das-1802ao [ 76.550956][ T5966] comedi: valid board names for das800 driver are: [ 76.557442][ T5966] das-800 [ 76.560471][ T5966] cio-das800 [ 76.563756][ T5966] das-801 [ 76.566762][ T5966] cio-das801 [ 76.570070][ T5966] das-802 [ 76.573074][ T5966] cio-das802 [ 76.576332][ T5966] cio-das802/16 [ 76.579878][ T5966] comedi: valid board names for isa-das08 driver are: [ 76.586612][ T5966] isa-das08 [ 76.589815][ T5966] das08-pgm [ 76.592990][ T5966] das08-pgh [ 76.596162][ T5966] das08-pgl [ 76.599361][ T5966] das08-aoh [ 76.602546][ T5966] das08-aol [ 76.605715][ T5966] das08-aom [ 76.608925][ T5966] das08/jr-ao [ 76.612272][ T5966] das08jr-16-ao [ 76.615797][ T5966] pc104-das08 [ 76.619212][ T5966] das08jr/16 [ 76.622487][ T5966] comedi: valid board names for das16m1 driver are: [ 76.629135][ T5966] das16m1 [ 76.632155][ T5966] comedi: valid board names for dac02 driver are: [ 76.638579][ T5966] dac02 [ 76.641411][ T5966] comedi: valid board names for rti802 driver are: [ 76.647889][ T5966] rti802 [ 76.650861][ T5966] comedi: valid board names for rti800 driver are: [ 76.657337][ T5966] rti800 [ 76.660283][ T5966] rti815 [ 76.663202][ T5966] comedi: valid board names for pcm3724 driver are: [ 76.669809][ T5966] pcm3724 [ 76.672814][ T5966] comedi: valid board names for pcl818 driver are: [ 76.679312][ T5966] pcl818l [ 76.682312][ T5966] pcl818h [ 76.685310][ T5966] pcl818hd [ 76.688400][ T5966] pcl818hg [ 76.691546][ T5966] pcl818 [ 76.694468][ T5966] pcl718 [ 76.697381][ T5966] pcm3718 [ 76.700782][ T5966] comedi: valid board names for pcl816 driver are: [ 76.707264][ T5966] pcl816 [ 76.710216][ T5966] pcl814b [ 76.713221][ T5966] comedi: valid board names for pcl812 driver are: [ 76.719747][ T5966] pcl812 [ 76.722665][ T5966] pcl812pg [ 76.725754][ T5966] acl8112pg [ 76.728987][ T5966] acl8112dg [ 76.732182][ T5966] acl8112hg [ 76.735357][ T5966] a821pgl [ 76.738356][ T5966] a821pglnda [ 76.741646][ T5966] a821pgh [ 76.744648][ T5966] a822pgl [ 76.747646][ T5966] a822pgh [ 76.750684][ T5966] a823pgl [ 76.753687][ T5966] a823pgh [ 76.756699][ T5966] pcl813 [ 76.759645][ T5966] pcl813b [ 76.762648][ T5966] acl8113 [ 76.765646][ T5966] iso813 [ 76.768612][ T5966] acl8216 [ 76.771636][ T5966] a826pg [ 76.774568][ T5966] comedi: valid board names for pcl730 driver are: [ 76.781135][ T5966] pcl730 [ 76.784051][ T5966] iso730 [ 76.786960][ T5966] acl7130 [ 76.789992][ T5966] pcm3730 [ 76.793000][ T5966] pcl725 [ 76.795910][ T5966] p8r8dio [ 76.798928][ T5966] acl7225b [ 76.802012][ T5966] p16r16dio [ 76.805180][ T5966] pcl733 [ 76.808086][ T5966] pcl734 [ 76.811032][ T5966] opmm-1616-xt [ 76.814470][ T5966] pearl-mm-p [ 76.817725][ T5966] ir104-pbf [ 76.820926][ T5966] comedi: valid board names for pcl726 driver are: [ 76.827408][ T5966] pcl726 [ 76.830368][ T5966] pcl727 [ 76.833299][ T5966] pcl728 [ 76.836208][ T5966] acl6126 [ 76.839235][ T5966] acl6128 [ 76.842233][ T5966] comedi: valid board names for pcl724 driver are: [ 76.848731][ T5966] pcl724 [ 76.851643][ T5966] pcl722 [ 76.854550][ T5966] pcl731 [ 76.857458][ T5966] acl7122 [ 76.860513][ T5966] acl7124 [ 76.863517][ T5966] pet48dio [ 76.866602][ T5966] pcmio48 [ 76.869640][ T5966] onyx-mm-dio [ 76.872991][ T5966] comedi: valid board names for pcl711 driver are: [ 76.879494][ T5966] pcl711 [ 76.882410][ T5966] pcl711b [ 76.885403][ T5966] acl8112hg [ 76.888603][ T5966] acl8112dg [ 76.891773][ T5966] comedi: valid board names for amplc_pc263 driver are: [ 76.898717][ T5966] pc263 [ 76.901541][ T5966] comedi: valid board names for amplc_pc236 driver are: [ 76.908443][ T5966] pc36at [ 76.911380][ T5966] comedi: valid board names for amplc_dio200 driver are: [ 76.918372][ T5966] pc212e [ 76.921300][ T5966] pc214e [ 76.924209][ T5966] pc215e [ 76.927115][ T5966] pc218e [ 76.930082][ T5966] pc272e [ 76.933011][ T5966] comedi: valid board names for comedi_parport driver are: [ 76.940494][ T5966] comedi_parport [ 76.944111][ T5966] comedi: valid board names for comedi_test driver are: [ 76.951049][ T5966] comedi_test [ 76.954399][ T5966] comedi: valid board names for comedi_bond driver are: [ 76.961329][ T5966] comedi_bond [ 77.056138][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.138225][ T732] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.332443][ T732] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.342968][ T5849] Bluetooth: hci4: command tx timeout [ 77.349500][ T5849] Bluetooth: hci1: command tx timeout [ 77.354901][ T5849] Bluetooth: hci0: command tx timeout [ 77.360353][ T5853] Bluetooth: hci2: command tx timeout [ 77.365784][ T5163] Bluetooth: hci3: command tx timeout [ 77.450822][ T5849] Bluetooth: hci4: hcon ffff88807d770000 sent 1 < count 6121 [ 77.461121][ T5849] Bluetooth: hci4: hcon ffff88807d770000 sent 0 < count 12 [ 77.471148][ T5849] Bluetooth: hci4: hcon ffff88807d24c000 sent 1 < count 510 [ 77.483027][ T732] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.493532][ T732] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.513934][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.587252][ T1125] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.595189][ T1125] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.673714][ T36] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.683064][ T5975] vivid-000: disconnect [ 77.703780][ T5974] vivid-000: reconnect [ 77.714085][ T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.752846][ T717] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.990553][ T5978] random: crng reseeded on system resumption [ 78.045825][ T717] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.312970][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.466989][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.772430][ T717] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.821880][ T717] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.690062][ T5983] netlink: 40 bytes leftover after parsing attributes in process `syz.0.13'. [ 79.772672][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.781098][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.809689][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.817548][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.139347][ T5988] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.14'. [ 80.518293][ T1125] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.101851][ T1125] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.434088][ T6006] capability: warning: `syz.4.5' uses deprecated v2 capabilities in a way that may be insecure [ 81.762943][ T5849] Bluetooth: hci4: hcon ffff88807d770000 sent 0 < count 6121 [ 81.794359][ T5849] Bluetooth: hci4: hcon ffff88807d770000 sent 0 < count 12 [ 81.803405][ T5849] Bluetooth: hci4: hcon ffff88807d24c000 sent 0 < count 510 [ 81.878166][ T24] cfg80211: failed to load regulatory.db [ 82.605024][ T6019] random: crng reseeded on system resumption [ 84.182844][ T5993] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 84.210467][ T6031] netlink: 40 bytes leftover after parsing attributes in process `syz.0.23'. [ 84.660843][ T5993] usb 2-1: config 36 has an invalid interface number: 3 but max is 0 [ 84.669395][ T5993] usb 2-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config [ 84.688181][ T5993] usb 2-1: config 36 has no interface number 0 [ 84.747823][ T5993] usb 2-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=26.29 [ 84.780256][ T5993] usb 2-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 84.821942][ T5993] usb 2-1: Manufacturer: syz [ 84.845043][ T5993] usb 2-1: SerialNumber: syz [ 84.903373][ T6033] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 85.552517][ T5993] usb 2-1: USB disconnect, device number 2 [ 86.189488][ T6044] netlink: 12 bytes leftover after parsing attributes in process `syz.0.25'. [ 90.679565][ T5993] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 91.087374][ T6075] Zero length message leads to an empty skb [ 91.371737][ T6077] vivid-003: disconnect [ 91.389912][ T6072] vivid-003: reconnect [ 91.671429][ T6082] IPVS: length: 24 != 21528 [ 95.282973][ T6119] netlink: 40 bytes leftover after parsing attributes in process `syz.1.34'. [ 95.479670][ T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 95.780539][ T5957] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 95.911900][ T10] usb 4-1: config 36 has an invalid interface number: 3 but max is 0 [ 95.927013][ T10] usb 4-1: config 36 has an invalid descriptor of length 0, skipping remainder of the config [ 95.934246][ T6129] vivid-004: disconnect [ 95.971529][ T10] usb 4-1: config 36 has no interface number 0 [ 95.972982][ T6128] vivid-004: reconnect [ 95.997015][ T10] usb 4-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=26.29 [ 96.008816][ T5957] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 96.023084][ T10] usb 4-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 96.038937][ T5957] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 96.048586][ T10] usb 4-1: Manufacturer: syz [ 96.070974][ T10] usb 4-1: SerialNumber: syz [ 96.074089][ T5957] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 96.125476][ T5957] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 96.175497][ T5957] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 96.205674][ T5957] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.228967][ T5957] usb 1-1: Product: syz [ 96.240992][ T5957] usb 1-1: Manufacturer: syz [ 96.255522][ T5957] usb 1-1: SerialNumber: syz [ 96.264767][ T6131] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0) [ 96.275938][ T5957] usb 1-1: config 0 descriptor?? [ 96.631406][ T10] usb 4-1: USB disconnect, device number 2 [ 96.636695][ T5957] garmin_gps 1-1:0.0: Garmin GPS usb/tty converter detected [ 96.747568][ T5957] garmin_gps ttyUSB0: garmin_write_bulk - usb_submit_urb(write bulk) failed with status = -8 [ 96.775558][ T5957] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -8 [ 96.843451][ T5957] usb 1-1: USB disconnect, device number 3 [ 97.086006][ T5957] garmin_gps 1-1:0.0: device disconnected [ 99.009372][ T6155] netlink: 40 bytes leftover after parsing attributes in process `syz.2.57'. [ 99.209124][ T6165] Cannot find del_set index 2 as target [ 103.065563][ T6199] random: crng reseeded on system resumption [ 103.946240][ T55] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 105.600163][ T55] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 105.631020][ T55] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 105.658511][ T55] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 105.678779][ T55] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 105.734480][ T55] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 105.756982][ T55] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.774997][ T55] usb 1-1: Product: syz [ 105.788858][ T55] usb 1-1: Manufacturer: syz [ 105.800272][ T55] usb 1-1: SerialNumber: syz [ 105.825456][ T55] usb 1-1: config 0 descriptor?? [ 105.853289][ T55] usb 1-1: can't set config #0, error -71 [ 105.882096][ T55] usb 1-1: USB disconnect, device number 4 [ 106.896804][ T6223] Cannot find del_set index 2 as target [ 107.419295][ T6228] netlink: 40 bytes leftover after parsing attributes in process `syz.3.71'. [ 109.769215][ T6214] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 112.422461][ T6264] netlink: 40 bytes leftover after parsing attributes in process `syz.2.88'. [ 113.252558][ T6269] futex_wake_op: syz.2.90 tries to shift op by -1; fix this program [ 113.619864][ T10] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 114.700523][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 114.722287][ T10] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 114.750053][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 114.772583][ T10] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 114.806534][ T10] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 114.825758][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.850998][ T10] usb 2-1: Product: syz [ 114.856021][ T10] usb 2-1: Manufacturer: syz [ 114.865591][ T10] usb 2-1: SerialNumber: syz [ 114.885265][ T10] usb 2-1: config 0 descriptor?? [ 114.895502][ T10] garmin_gps 2-1:0.0: Garmin GPS usb/tty converter detected [ 114.905836][ T10] garmin_gps ttyUSB0: garmin_write_bulk - usb_submit_urb(write bulk) failed with status = -8 [ 114.917524][ T10] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -8 [ 115.156625][ T6290] netlink: 12 bytes leftover after parsing attributes in process `syz.0.96'. [ 116.061569][ T10] usb 2-1: USB disconnect, device number 3 [ 116.074447][ T10] garmin_gps 2-1:0.0: device disconnected [ 117.657969][ T6304] vivid-001: disconnect [ 117.670954][ T6303] vivid-001: reconnect [ 119.436849][ T6331] Cannot find del_set index 2 as target [ 119.955867][ T6336] netlink: 12 bytes leftover after parsing attributes in process `syz.0.107'. [ 121.880824][ T5849] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 121.894670][ T5849] CPU: 1 UID: 0 PID: 5849 Comm: kworker/u9:5 Tainted: G L syzkaller #0 PREEMPT(full) [ 121.894707][ T5849] Tainted: [L]=SOFTLOCKUP [ 121.894714][ T5849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 121.894728][ T5849] Workqueue: hci0 hci_rx_work [ 121.894763][ T5849] Call Trace: [ 121.894773][ T5849] [ 121.894783][ T5849] dump_stack_lvl+0xe8/0x150 [ 121.894817][ T5849] sysfs_create_dir_ns+0x271/0x2a0 [ 121.894848][ T5849] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 121.894877][ T5849] ? do_raw_spin_unlock+0xf5/0x210 [ 121.894908][ T5849] kobject_add_internal+0x62b/0xd00 [ 121.894944][ T5849] kobject_add+0x163/0x240 [ 121.894983][ T5849] ? __pfx_kobject_add+0x10/0x10 [ 121.895011][ T5849] ? _raw_spin_unlock+0x3f/0x50 [ 121.895035][ T5849] ? get_device_parent+0x366/0x3a0 [ 121.895066][ T5849] device_add+0x408/0xb70 [ 121.895097][ T5849] hci_conn_add_sysfs+0xd5/0x210 [ 121.895121][ T5849] le_conn_complete_evt+0xf1d/0x1430 [ 121.895159][ T5849] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 121.895186][ T5849] ? lockdep_hardirqs_on+0x7a/0x110 [ 121.895210][ T5849] ? irqentry_exit+0x61a/0x700 [ 121.895231][ T5849] ? rcu_is_watching+0x15/0xb0 [ 121.895255][ T5849] ? skb_pull_data+0xfb/0x200 [ 121.895290][ T5849] hci_le_conn_complete_evt+0x187/0x470 [ 121.895325][ T5849] hci_event_packet+0x7af/0x12c0 [ 121.895353][ T5849] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 121.895381][ T5849] ? __pfx_hci_event_packet+0x10/0x10 [ 121.895408][ T5849] ? kcov_remote_start+0x49a/0x7a0 [ 121.895436][ T5849] ? hci_send_to_monitor+0xe2/0x590 [ 121.895468][ T5849] hci_rx_work+0x3ee/0x1040 [ 121.895501][ T5849] ? process_one_work+0x8bb/0x1780 [ 121.895531][ T5849] process_one_work+0x9ab/0x1780 [ 121.895583][ T5849] ? __pfx_process_one_work+0x10/0x10 [ 121.895612][ T5849] ? do_raw_spin_lock+0x12b/0x2f0 [ 121.895654][ T5849] worker_thread+0xba8/0x11e0 [ 121.895682][ T5849] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 121.895705][ T5849] ? __kthread_parkme+0x7a/0x1f0 [ 121.895726][ T5849] ? __kthread_parkme+0x19c/0x1f0 [ 121.895753][ T5849] kthread+0x388/0x470 [ 121.895777][ T5849] ? __pfx_worker_thread+0x10/0x10 [ 121.895794][ T5849] ? __pfx_kthread+0x10/0x10 [ 121.895820][ T5849] ret_from_fork+0x51e/0xb90 [ 121.895853][ T5849] ? __pfx_ret_from_fork+0x10/0x10 [ 121.895881][ T5849] ? __switch_to+0xc7d/0x1450 [ 121.895911][ T5849] ? __pfx_kthread+0x10/0x10 [ 121.895936][ T5849] ret_from_fork_asm+0x1a/0x30 [ 121.895979][ T5849] [ 121.896105][ T5849] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 122.253907][ T5849] Bluetooth: hci0: failed to register connection device [ 126.961007][ T6395] netlink: 12 bytes leftover after parsing attributes in process `syz.1.126'. [ 129.200453][ T6410] Cannot find del_set index 2 as target [ 131.996058][ T6428] netlink: 180 bytes leftover after parsing attributes in process `syz.4.134'. [ 132.059505][ T5849] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 132.069784][ T5849] CPU: 1 UID: 0 PID: 5849 Comm: kworker/u9:5 Tainted: G L syzkaller #0 PREEMPT(full) [ 132.069817][ T5849] Tainted: [L]=SOFTLOCKUP [ 132.069824][ T5849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 132.069837][ T5849] Workqueue: hci2 hci_rx_work [ 132.069869][ T5849] Call Trace: [ 132.069877][ T5849] [ 132.069886][ T5849] dump_stack_lvl+0xe8/0x150 [ 132.069920][ T5849] sysfs_create_dir_ns+0x271/0x2a0 [ 132.069952][ T5849] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 132.069981][ T5849] ? do_raw_spin_unlock+0xf5/0x210 [ 132.070012][ T5849] kobject_add_internal+0x62b/0xd00 [ 132.070049][ T5849] kobject_add+0x163/0x240 [ 132.070081][ T5849] ? __pfx_kobject_add+0x10/0x10 [ 132.070108][ T5849] ? _raw_spin_unlock+0x28/0x50 [ 132.070131][ T5849] ? get_device_parent+0x366/0x3a0 [ 132.070162][ T5849] device_add+0x408/0xb70 [ 132.070192][ T5849] hci_conn_add_sysfs+0xd5/0x210 [ 132.070217][ T5849] le_conn_complete_evt+0xf1d/0x1430 [ 132.070256][ T5849] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 132.070281][ T5849] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 132.070308][ T5849] ? __pfx___mutex_lock+0x10/0x10 [ 132.070332][ T5849] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 132.070352][ T5849] ? skb_pull_data+0xfb/0x200 [ 132.070386][ T5849] hci_le_conn_complete_evt+0x187/0x470 [ 132.070421][ T5849] hci_event_packet+0x7af/0x12c0 [ 132.070450][ T5849] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 132.070477][ T5849] ? __pfx_hci_event_packet+0x10/0x10 [ 132.070505][ T5849] ? kcov_remote_start+0x49a/0x7a0 [ 132.070533][ T5849] ? hci_send_to_monitor+0xe2/0x590 [ 132.070566][ T5849] hci_rx_work+0x3ee/0x1040 [ 132.070599][ T5849] ? process_one_work+0x8bb/0x1780 [ 132.070638][ T5849] process_one_work+0x9ab/0x1780 [ 132.070689][ T5849] ? __pfx_process_one_work+0x10/0x10 [ 132.070718][ T5849] ? do_raw_spin_lock+0x12b/0x2f0 [ 132.070761][ T5849] worker_thread+0xba8/0x11e0 [ 132.070790][ T5849] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 132.070813][ T5849] ? __kthread_parkme+0x7a/0x1f0 [ 132.070835][ T5849] ? __kthread_parkme+0x19c/0x1f0 [ 132.070862][ T5849] kthread+0x388/0x470 [ 132.070886][ T5849] ? __pfx_worker_thread+0x10/0x10 [ 132.070904][ T5849] ? __pfx_kthread+0x10/0x10 [ 132.070929][ T5849] ret_from_fork+0x51e/0xb90 [ 132.070962][ T5849] ? __pfx_ret_from_fork+0x10/0x10 [ 132.070991][ T5849] ? __switch_to+0xc7d/0x1450 [ 132.071021][ T5849] ? __pfx_kthread+0x10/0x10 [ 132.071047][ T5849] ret_from_fork_asm+0x1a/0x30 [ 132.071084][ T5849] [ 132.071986][ T5849] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 132.393906][ T5849] Bluetooth: hci2: failed to register connection device [ 132.755254][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.775129][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.011879][ T6431] cgroup2: Unknown parameter 'fO±Û¸üjÂavordynmods' [ 133.190709][ T5163] Bluetooth: hci0: command 0x0406 tx timeout [ 134.568567][ T5957] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 134.779056][ T5957] usb 2-1: Using ep0 maxpacket: 32 [ 134.788095][ T5957] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 134.796937][ T5957] usb 2-1: config 0 has no interface number 0 [ 134.803481][ T5957] usb 2-1: config 0 interface 184 has no altsetting 0 [ 134.813169][ T5957] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 134.822812][ T5957] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.831217][ T5957] usb 2-1: Product: syz [ 134.835553][ T5957] usb 2-1: Manufacturer: syz [ 134.840627][ T5957] usb 2-1: SerialNumber: syz [ 134.903412][ T5957] usb 2-1: config 0 descriptor?? [ 135.763535][ T6452] misc userio: Invalid payload size [ 136.098196][ T5957] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 136.153424][ T5957] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 136.544750][ T6460] random: crng reseeded on system resumption [ 137.596950][ T5853] Bluetooth: hci1: hcon ffff88807e058000 sent 1 < count 6121 [ 137.611746][ T5853] Bluetooth: hci1: hcon ffff88807e058000 sent 0 < count 12 [ 137.619783][ T5853] Bluetooth: hci1: hcon ffff88807deac000 sent 1 < count 510 [ 138.309286][ T5957] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000118: -71 [ 138.342829][ T5957] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to write RX_ADDRH: -71 [ 138.377030][ T5957] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to set mac address [ 138.438347][ T5957] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 138.581578][ T5957] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -71 [ 138.662129][ T5896] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 138.791455][ T5957] usb 2-1: USB disconnect, device number 4 [ 138.870247][ T5896] usb 4-1: config 0 has an invalid interface number: 238 but max is 0 [ 138.886182][ T5896] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 138.924590][ T5896] usb 4-1: config 0 has no interface number 0 [ 138.942392][ T5896] usb 4-1: config 0 interface 238 altsetting 2 endpoint 0x4 has invalid wMaxPacketSize 0 [ 138.964347][ T5896] usb 4-1: config 0 interface 238 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 0 [ 138.985315][ T5896] usb 4-1: config 0 interface 238 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 139.020028][ T5896] usb 4-1: config 0 interface 238 has no altsetting 0 [ 139.030892][ T5896] usb 4-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=f6.6a [ 139.041858][ T5896] usb 4-1: New USB device strings: Mfr=181, Product=147, SerialNumber=160 [ 139.058553][ T5896] usb 4-1: Product: syz [ 139.068810][ T5896] usb 4-1: Manufacturer: syz [ 139.078802][ T5896] usb 4-1: SerialNumber: syz [ 139.097973][ T5896] usb 4-1: config 0 descriptor?? [ 139.149979][ T5896] comedi comedi5: Wrong number of endpoints [ 139.167788][ T5896] ni6501 4-1:0.238: driver 'ni6501' failed to auto-configure device. [ 139.188583][ T5957] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 139.326538][ T5896] usb 4-1: USB disconnect, device number 3 [ 139.353521][ T5957] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 139.377889][ T5957] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 139.416086][ T5957] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 139.462786][ T5957] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 140.165895][ T5163] Bluetooth: hci2: command 0x0406 tx timeout [ 140.487872][ T5957] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 140.525926][ T5957] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.564773][ T5957] usb 2-1: Product: syz [ 140.588770][ T5957] usb 2-1: Manufacturer: syz [ 140.603697][ T5957] usb 2-1: SerialNumber: syz [ 140.659389][ T5957] usb 2-1: config 0 descriptor?? [ 140.724029][ T5957] garmin_gps 2-1:0.0: Garmin GPS usb/tty converter detected [ 140.760867][ T5957] garmin_gps ttyUSB0: garmin_write_bulk - usb_submit_urb(write bulk) failed with status = -8 [ 140.819444][ T5957] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -8 [ 140.874917][ T5853] Bluetooth: hci2: unexpected event for opcode 0x2005 [ 140.935533][ T5896] usb 2-1: USB disconnect, device number 5 [ 140.957421][ T5896] garmin_gps 2-1:0.0: device disconnected [ 141.018608][ T5853] Bluetooth: hci4: hcon ffff88807d770000 sent 0 < count 6121 [ 141.034663][ T5853] Bluetooth: hci4: hcon ffff88807d770000 sent 0 < count 12 [ 141.043663][ T5853] Bluetooth: hci4: hcon ffff88807d24c000 sent 0 < count 510 [ 142.239920][ T6516] random: crng reseeded on system resumption [ 143.040010][ T6508] IPVS: length: 24 != 24159191448 [ 143.143267][ T6513] dummy0: entered allmulticast mode [ 144.663690][ T6528] [ 144.666060][ T6528] ====================================================== [ 144.673089][ T6528] WARNING: possible circular locking dependency detected [ 144.680110][ T6528] syzkaller #0 Tainted: G L [ 144.686091][ T6528] ------------------------------------------------------ [ 144.693112][ T6528] syz.4.166/6528 is trying to acquire lock: [ 144.698986][ T6528] ffff88803618dab8 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0xaf/0x130 [ 144.707904][ T6528] [ 144.707904][ T6528] but task is already holding lock: [ 144.715266][ T6528] ffff8880337d0a30 (&ctx->map_changing_lock){.+.+}-{4:4}, at: mfill_get_vma+0x162/0x660 [ 144.725019][ T6528] [ 144.725019][ T6528] which lock already depends on the new lock. [ 144.725019][ T6528] [ 144.735431][ T6528] [ 144.735431][ T6528] the existing dependency chain (in reverse order) is: [ 144.744433][ T6528] [ 144.744433][ T6528] -> #2 (&ctx->map_changing_lock){.+.+}-{4:4}: [ 144.752756][ T6528] down_read+0x47/0x2e0 [ 144.757424][ T6528] mfill_get_vma+0x162/0x660 [ 144.762548][ T6528] mfill_atomic_continue+0x197/0x1440 [ 144.768426][ T6528] userfaultfd_ioctl+0x232d/0x4c70 [ 144.774060][ T6528] __se_sys_ioctl+0xfc/0x170 [ 144.779171][ T6528] do_syscall_64+0x14d/0xf80 [ 144.784281][ T6528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.790688][ T6528] [ 144.790688][ T6528] -> #1 (vm_lock){++++}-{0:0}: [ 144.797632][ T6528] __vma_start_exclude_readers+0x28a/0x940 [ 144.803959][ T6528] __vma_start_write+0xdc/0x290 [ 144.809329][ T6528] mprotect_fixup+0x5eb/0xa80 [ 144.814514][ T6528] setup_arg_pages+0x565/0xac0 [ 144.819795][ T6528] load_elf_binary+0xc5e/0x2980 [ 144.825164][ T6528] bprm_execve+0x949/0x1470 [ 144.830178][ T6528] kernel_execve+0x844/0x930 [ 144.835292][ T6528] try_to_run_init_process+0x13/0x60 [ 144.841095][ T6528] kernel_init+0xad/0x1d0 [ 144.845940][ T6528] ret_from_fork+0x51e/0xb90 [ 144.851141][ T6528] ret_from_fork_asm+0x1a/0x30 [ 144.856433][ T6528] [ 144.856433][ T6528] -> #0 (&mm->mmap_lock){++++}-{4:4}: [ 144.863987][ T6528] __lock_acquire+0x15a5/0x2cf0 [ 144.869371][ T6528] lock_acquire+0xf0/0x2e0 [ 144.874334][ T6528] __might_fault+0xcb/0x130 [ 144.879371][ T6528] userfaultfd_ioctl+0x2372/0x4c70 [ 144.885009][ T6528] __se_sys_ioctl+0xfc/0x170 [ 144.890108][ T6528] do_syscall_64+0x14d/0xf80 [ 144.895213][ T6528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.901615][ T6528] [ 144.901615][ T6528] other info that might help us debug this: [ 144.901615][ T6528] [ 144.911824][ T6528] Chain exists of: [ 144.911824][ T6528] &mm->mmap_lock --> vm_lock --> &ctx->map_changing_lock [ 144.911824][ T6528] [ 144.924765][ T6528] Possible unsafe locking scenario: [ 144.924765][ T6528] [ 144.932204][ T6528] CPU0 CPU1 [ 144.937561][ T6528] ---- ---- [ 144.942961][ T6528] rlock(&ctx->map_changing_lock); [ 144.948149][ T6528] lock(vm_lock); [ 144.954377][ T6528] lock(&ctx->map_changing_lock); [ 144.961992][ T6528] rlock(&mm->mmap_lock); [ 144.966395][ T6528] [ 144.966395][ T6528] *** DEADLOCK *** [ 144.966395][ T6528] [ 144.974520][ T6528] 2 locks held by syz.4.166/6528: [ 144.979576][ T6528] #0: ffff888076c02e48 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x1d1/0x500 [ 144.988804][ T6528] #1: ffff8880337d0a30 (&ctx->map_changing_lock){.+.+}-{4:4}, at: mfill_get_vma+0x162/0x660 [ 144.998972][ T6528] [ 144.998972][ T6528] stack backtrace: [ 145.004848][ T6528] CPU: 0 UID: 0 PID: 6528 Comm: syz.4.166 Tainted: G L syzkaller #0 PREEMPT(full) [ 145.004869][ T6528] Tainted: [L]=SOFTLOCKUP [ 145.004874][ T6528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 145.004884][ T6528] Call Trace: [ 145.004891][ T6528] [ 145.004898][ T6528] dump_stack_lvl+0xe8/0x150 [ 145.004923][ T6528] print_circular_bug+0x2e1/0x300 [ 145.004942][ T6528] check_noncircular+0x12e/0x150 [ 145.004961][ T6528] __lock_acquire+0x15a5/0x2cf0 [ 145.004986][ T6528] ? __kernel_text_address+0xd/0x30 [ 145.005005][ T6528] ? unwind_get_return_address+0x4d/0x90 [ 145.005020][ T6528] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 145.005043][ T6528] lock_acquire+0xf0/0x2e0 [ 145.005065][ T6528] ? __might_fault+0xaf/0x130 [ 145.005089][ T6528] ? __might_fault+0xaf/0x130 [ 145.005109][ T6528] __might_fault+0xcb/0x130 [ 145.005130][ T6528] ? __might_fault+0xaf/0x130 [ 145.005151][ T6528] userfaultfd_ioctl+0x2372/0x4c70 [ 145.005173][ T6528] ? __kasan_slab_free+0x5c/0x80 [ 145.005186][ T6528] ? kfree+0x1c5/0x650 [ 145.005215][ T6528] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 145.005246][ T6528] ? kasan_quarantine_put+0xbb/0x1f0 [ 145.005270][ T6528] ? tomoyo_path_number_perm+0x219/0x630 [ 145.005290][ T6528] ? tomoyo_path_number_perm+0x219/0x630 [ 145.005309][ T6528] ? do_vfs_ioctl+0x1166/0x1530 [ 145.005325][ T6528] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 145.005343][ T6528] ? do_futex+0x333/0x420 [ 145.005362][ T6528] ? __fget_files+0x2a/0x420 [ 145.005383][ T6528] ? __fget_files+0x2a/0x420 [ 145.005402][ T6528] ? __fget_files+0x3a0/0x420 [ 145.005421][ T6528] ? __fget_files+0x2a/0x420 [ 145.005441][ T6528] ? bpf_lsm_file_ioctl+0x9/0x20 [ 145.005456][ T6528] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 145.005477][ T6528] __se_sys_ioctl+0xfc/0x170 [ 145.005492][ T6528] do_syscall_64+0x14d/0xf80 [ 145.005510][ T6528] ? trace_irq_disable+0x3b/0x150 [ 145.005528][ T6528] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.005543][ T6528] ? clear_bhb_loop+0x40/0x90 [ 145.005559][ T6528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.005573][ T6528] RIP: 0033:0x7fe7b1b9c799 [ 145.005599][ T6528] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 145.005612][ T6528] RSP: 002b:00007fe7b2986028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 145.005628][ T6528] RAX: ffffffffffffffda RBX: 00007fe7b1e15fa0 RCX: 00007fe7b1b9c799 [ 145.005640][ T6528] RDX: 00002000000002c0 RSI: 00000000c020aa07 RDI: 0000000000000003 [ 145.005650][ T6528] RBP: 00007fe7b1c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 145.005659][ T6528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 145.005668][ T6528] R13: 00007fe7b1e16038 R14: 00007fe7b1e15fa0 R15: 00007ffed3134508 [ 145.005683][ T6528] [ 146.067953][ T6525] dummy0: left allmulticast mode