last executing test programs: 11.966719683s ago: executing program 1 (id=127): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet_tcp(0x2, 0x1, 0x0) timerfd_settime(0xffffffffffffffff, 0x3, 0x0, 0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBMODE(r3, 0x4b45, 0x0) 10.993968825s ago: executing program 3 (id=131): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000300)={'syztnl1\x00', &(0x7f0000000280)={'syztnl1\x00', 0x0, 0x29, 0x2, 0x9, 0x1000, 0x49, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @loopback}, 0x7, 0x1, 0x3, 0x86}}) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0}, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) socket$inet(0x2, 0x3, 0x30) r3 = socket$nl_generic(0x10, 0x3, 0x10) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)={0x20, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x48000) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x100000, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r2, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 10.56906756s ago: executing program 2 (id=134): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x6) fchdir(r1) unshare(0x20000400) shutdown(0xffffffffffffffff, 0x0) 9.982723957s ago: executing program 2 (id=135): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[], 0x0, 0x4e}, 0x28) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb2570000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$PNPIPE_ENCAP(r3, 0x113, 0x1, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_FILTER(r4, 0x6b, 0x1, &(0x7f0000000000), 0x0) syz_open_dev$sndpcmc(0x0, 0x0, 0x20101) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x61, 0x100001}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = socket(0x40000000015, 0x5, 0x0) getsockopt$sock_buf(r5, 0x1, 0x1c, 0x0, &(0x7f0000000300)) add_key(&(0x7f0000000140)='ceph\x00', &(0x7f0000000180)={'syz', 0x3}, &(0x7f00000003c0)="416e1e98b645ff3bf42c693588e4e6d63b2492a320c549756d905a8790f3ddffa564293917837d13af3432306b840b3066aaaacf76b8db", 0x37, 0xfffffffffffffffe) 9.981732027s ago: executing program 0 (id=136): syz_open_dev$sndpcmc(0x0, 0x1, 0x800) bpf$ITER_CREATE(0x21, 0x0, 0x0) socket(0x2, 0x80805, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0xc800) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0xffffffff, 0xffffffffffffffff, 0x0, 0x0}) r1 = shmget$private(0x0, 0x800000, 0x0, &(0x7f0000173000/0x800000)=nil) shmat(r1, &(0x7f0000000000/0x4000)=nil, 0xffffffffffff9fff) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'veth1_to_bridge\x00', 0x20}, 0x18) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000040), &(0x7f0000000080)=0x30) getsockopt$IP_VS_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x481, &(0x7f0000000100), &(0x7f0000000140)=0xc) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000440), 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r3, 0xc0f85403, &(0x7f0000000480)={{0x3, 0x0, 0x1, 0x1, 0x4}, 0x0, 0x6, 'id0\x00', 'timer0\x00'}) 9.931301808s ago: executing program 3 (id=137): r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x74, &(0x7f0000000080)=""/160, &(0x7f0000000140)=0xa0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x5) bind$inet(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_io_uring_setup(0x8007b6, &(0x7f0000000080)={0x0, 0x6273, 0x1000, 0x3, 0x400000}, &(0x7f0000000180), &(0x7f0000000140), &(0x7f0000000340)) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000940)=@bpf_lsm={0x1d, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x41100, 0x9, '\x00', 0x0, 0x1b, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)=[r1, 0xffffffffffffffff], &(0x7f0000000880)}, 0x94) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) ioctl$UI_SET_RELBIT(r3, 0x40045566, 0x8) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) write$cgroup_int(r4, &(0x7f0000000040)=0x1c9, 0x12) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0) r6 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, 0x0) ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r6}) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={0xffffffffffffffff, 0x18000000000002a0, 0x204, 0xfffff000, &(0x7f0000000040)="5aee41dea43e63a3f7fb7f11c72b", 0x0, 0xf000, 0x2f, 0x0, 0x0, 0x0, 0x0}, 0x48) 8.363969627s ago: executing program 2 (id=138): openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_WOWLAN(r1, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000440)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010300000000"], 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x20048040) recvmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) eventfd(0xfffffff9) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000ff02000200000000", 0x1c) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x28, 0x10, 0x1, 0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x40101}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000980)={0x6, 0x0, [{0x200000, 0x6a, &(0x7f0000000180)=""/106}, {0x25000, 0x79, &(0x7f0000000300)=""/121}, {0x50000, 0xf1, &(0x7f0000000580)=""/241}, {0x0, 0x52, &(0x7f00000006c0)=""/82}, {0x8080000, 0xa4, &(0x7f0000000740)=""/164}, {0xb000, 0xc7, &(0x7f0000000880)=""/199}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) 7.792046004s ago: executing program 0 (id=139): syz_create_resource$binfmt(0x0) syz_open_dev$radio(0x0, 0x2, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102392, 0x18ff8) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0x7) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) 7.700202686s ago: executing program 3 (id=140): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x100, 0x3, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}}}, 0x24}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)=[{}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 6.820614136s ago: executing program 1 (id=141): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb18b7d0670f8b3be16755ead6a6fb713fa618ce2cf424ea7cc84b04016b", 0x7a}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab50447", 0x6f}, {0x0}, {&(0x7f0000000780)="8ff2f15bd0017ce4b36b6bc4335634254cffcc40c0312f5ff35991272b79d76712dc0c3cfdc0d70ce8004884e6917bed9ffee1584df7f06c7bccac71daf78bf3c68b8d5e56357654784bdbc700bceb1049c6a47d53c5ac29f83aed3ae9", 0x5d}], 0x4}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000580)="8f966bd94d169820f6", 0x9}], 0x2, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x9a9}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x60}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, 0x0}}], 0x3, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 6.664331508s ago: executing program 3 (id=142): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb", 0x5d}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab50447", 0x6f}, {0x0}, {&(0x7f0000000780)="8ff2f15bd0017ce4b36b6bc4335634254cffcc40c0312f5ff35991272b79d76712dc0c3cfdc0d70ce8004884e6917bed9ffee1584df7f06c7bccac71daf78bf3c68b8d5e56357654784bdbc700bceb1049c6a47d53c5ac29f83aed3ae9968fe8", 0x60}], 0x4}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000580)}], 0x2, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x9a9}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x60}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, 0x0}}], 0x3, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 5.320523765s ago: executing program 2 (id=143): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000020c0), 0x0, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x8040) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000005, 0x12, r0, 0x81000000) sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000070}, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=@newlink={0x20, 0x10, 0x437}, 0x20}}, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800006, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bc0000/0x400000)=nil, 0x600000, 0x9) socket$vsock_stream(0x28, 0x1, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x40) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d5304974) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x28) close(r3) close(0xffffffffffffffff) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=ANY=[@ANYBLOB="28000000000701010000000000000000030000050900010073797a3000000000050003002f000000df7c2e2bb087491b59eff764d90fd43b42bd32d295958281877fa8b146fbb56c1b55c0805962568c947c6844f25280572d3e"], 0x28}, 0x1, 0x0, 0x0, 0x50800}, 0x10) r4 = socket$pppl2tp(0x18, 0x1, 0x1) r5 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x2}}, 0x2e) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002cbd701004000000050000000600010005000000080009000200000008000b000000000008000c00a80a00000500130008000000050005"], 0x44}, 0x1, 0x0, 0x0, 0x20008802}, 0x30) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000640)='./file1\x00', 0x1008000, &(0x7f00000001c0)=ANY=[@ANYRES32=0x0, @ANYRES64=0x0, @ANYRESOCT, @ANYRESHEX, @ANYRES64, @ANYRES8=0x0, @ANYRESDEC, @ANYRES64], 0x1, 0x5f0, &(0x7f0000000c80)="$eJzs3UFvHGcZB/D/rB3HDlLquEkbUCWsIlUIi2RtSyTlApSCLFShShw4W8RJrGzSyt4itwcIiEPFqR+hCPkLII5FyoH2wAFOPRv1iMTdt0UzO7teO4uxnSW7aX4/afZ9Zt6dd595dnY8MytrAzy31pYy/ShF1pbe2inn93ZXW3u7q/d7cZLzSRrJbJKiXPznJF8kD9Od8tVex0D7mM8/mb3z2UefftidK8eaLaa7zy+OW+9k+rnMd3Ot2lGNt/Lk4x3awoUki088HoxAp+efg0tnesETfi4BgElWJFPDls8nF+oT9vI6oHtW3D3HfqY9HHcCAAAA8BS8sJ/97OTiuPMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAZ0n9+/9FPTV68WKK3u//z9TLUsfPtEfjTgAAAAAAAAAARuDr+9nPTi725jtF9Z3/q9XM5erxK3kv29nIVq5lJ+tpp52tLCeZHxhoZme93d5aPsGaK0PXXHk62wsAAAAAAAAAX1K/zdrB9/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAJimSq21TT5V48n8Z0ktkkM+XzHib/6MXPskfjTgAAAACeghf2s5+dXOzNd4rqmv+l6rp/Nu/lQdrZTDutbORWdS+ge9Xf2Ntdbe3trt4vp8fH/cG/T5VGNWK69x6Gv/LV6hlzuZ3Nasm1/CLvpJVbaVRrlq728hme12/KnIrv1U6Y2a26Lbf8J3U7GearipzrV6RZ51ZW49LxlTjlu3P0lZbT6N/5uXyKmp/0btGFui23582JrvnKwN730vGVSBZ+/vsbd1sP7t29vb00OZt0RkcrsTpQiZefq0o0q0pc6c+v5cf5WZaymLezlc38MutpZyOLebOK1uv9uXycP75S3z809/b/ymSmfl+6R9HT5fRqte7FbOaneSe3ynd0qpkbuZGVfCevp3noHb4yNO9fd+ru/U6nk8bpjrTf+GYdnEvyo7qdDGVdLw3UdfCYO1/1DS45qNLC6P8eTX+tDsq9542JOzZeOvJXoleJF4+vxB+qHWe79eDe1t31d0/4eq/VbVmBH/YrMV0v7UyNZKPOpNxfFvq5HN47yr4Xh/YtV32X+32Nx/qu9PuOfFJz9JM6U5/DPT7SStX38tC+7npXB/qGnW8BMPEufOvCzNy/5v4+9/Hc7+buzr01+8b5m+dfmcm5v5777nRz6rXGK8Wf8nF+dXD9DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnN32+x/cW2+1NrbOHPR+iehJxxEIBJMTjPvIBPy/XW/ff/f69vsffHvz/vqdjTsbD15v3ry5vLx8o3n99mZro34cd5YAwCgdnPSPOxMAAAAAAAAAAAAAAOC/eRr/TjzubQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL7c1pYy/ShFlpvXmuX83u5qq5x68cEzZ5MUZfCXJF8kD9OdMl91Tx//Op9/Mnvns48+/fBgrHJK8beVUWzFoVwa/ZxGM97KwHh/PNNwRa90WUyyULcwdv8JAAD//6dHBpI=") rename(0x0, 0x0) 5.240414416s ago: executing program 0 (id=144): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='comm\x00') writev(r4, &(0x7f00000006c0)=[{&(0x7f0000000100)="c1", 0x1}], 0x1) fsopen(&(0x7f0000000140)='sysfs\x00', 0x0) r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x189182, 0x0) ioctl$RTC_AIE_ON(r5, 0x7001) close(0xffffffffffffffff) 5.240081316s ago: executing program 1 (id=145): r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x74, &(0x7f0000000080)=""/160, &(0x7f0000000140)=0xa0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x5) bind$inet(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_io_uring_setup(0x8007b6, &(0x7f0000000080)={0x0, 0x6273, 0x1000, 0x3, 0x400000}, &(0x7f0000000180), &(0x7f0000000140), &(0x7f0000000340)) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000940)=@bpf_lsm={0x1d, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x41100, 0x9, '\x00', 0x0, 0x1b, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)=[r1, 0xffffffffffffffff], &(0x7f0000000880)}, 0x94) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) ioctl$UI_SET_RELBIT(r3, 0x40045566, 0x8) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) write$cgroup_int(r4, &(0x7f0000000040)=0x1c9, 0x12) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0) r6 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, 0x0) ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r6}) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x15, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001f7ff04b7050000240000006a0a00fe00000000850000000b000000b70000000000000095000000000000009cc6b3fcd62c061c6238975d43a4505f80e39c9f3c530cf08e467b592f868ee3b0a435df0a0e8c1bf176db2a6b2feb4b77d3d5707bfd2d84aaa3b1d4e984c46ea7e2b347a36f5662403e1b2be4284322a4988a0d411a9872971c7c56f0979bd10b97163c066d0e196bf0fb04e500b0c0502df9de9ca3c00cb9a323d9b401bf4e418d07fa22f0610a70f2bdf4000200000000b0c2c125080963f6324bb7b80197aa3161f45346b100000000000000000089e399f6609876b588743794298b79dc192dff048fc207c81f28bdd3e26a1a8a0481e9f0da43bb6ca66e2f55a9ff19ffcafe3e64be06000000000000005064caec04a367c23d9fb6a6991ddb737d527d6acb15426406991c3b404984dfa2c6e94bd0339454c13ad3c328a182c15dc760a313e3b3ca5d3393404029e98fa883c71949a34d84030323e3d54fc5b29d27643453ad9226e3550ee5520211d9370175fba303f003073afd1ec9f7c6133f260c6882a146880b9387f1beb5418618bc83a3becf9bb5d80eff7da7ba8b913c685fc6700848dc6665d73248c1f74e08ad04ce905faf32706e0000249a028044ede964362cfb2f30a246c3b2f60000fc4deb91da1368b0960b8d69bd99c64893d44f962524429dc0584b8e7e541c903869d96989b9a986620cb2c95c83f2a082c52764f49e51188f9418b01bcd8ae164acdac95318ec8b2c6feacdcf4b528e5e58219bc54f6ad5679e7f430e6960ed048c46e1dccca05bfa1d67c83795eae2d31968c055d325a9c794ef88b30c2de4a274878b73c05ffa88b7073be648b12bb1fee58958d6a6f31bfe568215dfbde59dad00008a73b40f09cf018cd496b36050d7fd45e3620c28f76749262e33e16429a6da35ceb1a989de81c3f8b8bc348ef2ac3789b847611fcb0a26acafdd6d9a1b17dcb9f7c493d8f8cd344a1d470ca0d6f16ab0293774b5509fb0e7113936d59d5a60dbd84a938476adeebab9ff44f531bb0200000000000000cc1fbc455a64fd449284f71761092a0302000000000000008a05d36fd9b814b4292745418c92d944763a4bf5e138d810e29a31f08f7dea7762d2d8f7e1d24cabe17ad4135d8872935ceac6eb4f046f2acc1b0efb4438abddcabb4e4e72a450aab72b589bec83bbb688e659fb426cd43d0ee993516fd4e867232cde69b6ffad447dcd92e0ef8234ff850ec3948dd1fa7afb77d951fe4abf618121b7894c106beb49a71c62df5544ef221973432ccc7e62b151eb898a01010a7ec5acd0a5dcb2de443880c8a682515d1da9a3048744acb44384d1591df789883c0560495cb0cb32283529926d25e5c7f481112ab8a82247e927fb6f256830dab3671f00500d36a17790bab7d0e89e6c15314f2b963bfc867953476b0505c7d728326d666f39e82cfcf7e7a85df288d75df24c5e4d529c349923f9a4fb882310391dd58b4cbd8def239a227724d39c3e6c40e20e07e68a22888a5c3941b7a765b92bcb37f302487bcbd93ccf3a104021ff34ddf7ffcca1a04eae963e25516a114573779b24a341dfb2e80f1f345c6d96493ffc2a18478b5bf3aab2ea59c51cf0678e1a57d0ea042d911548ff612002ddb2d54d42fbdde42b56887003d27468225b2594a0500200f314113e889468cf13dd92aa0d7744db6b56557a5adad95cb9a69d4de50642b4b9d6d3ba7eb534b00d0fea62f0a61535dfc4da06e7f8695be614c557caed7eb0120516e1351fed7d8ffa31c8f4be364185469cfc5f25c90d71bce745dd2d58a30e0844f12c4cbbdd7a08465e665c2620d78673dfb6d9263e44f59fae487c62c98a3534f1a3eac9ee9f18a18106ba3d7c7a62330f5c0e98cb7982dd7bad02c8dba9c13894185bfc4bd2520b6e2043fcb3fc5eb55ecf9e6e363ea2ac40a14a6f00f0ffffa0fdb6487c51ef12c2e88beeb5aa6f6a4151cfb90644e50630ed474df7d1635afcb1ea3f6c47b5acbba2ce5099a9387f74d1ffbd1da497613174f76a656ba5bacccbb58dddaf9a3510d65383829a51e0f41e661fa80ca1eaaa6cf0824305ba4ec80400c50ffe83ccb0e6fef321190c58aca8c7c8c6d26ff5cbc2cadebda8e1219e04f8dacffd33db1a0a2e74c9eb978d80a12d0b5327bfd053000000000000000000be0d02a14708504412fa93d335992b2983c5addc191b4a21c7b340d0536b01958e15315eb5f3f9f4992c18f666359f40295fa73284c4b607669bae01bd68c3e2b770c324a0ab26b6065d7e95a7bd80052db57506ec7cc861bf3998d07484c66630ca8173fea3f06ed1dfc70a8b90418e2dc76137e0f68cb1c8a908aef9f009f85647dba54e05028c33d94d463fb20d2e7547184b8d3611e45dff02144387f342ef9b9bf650e9d049bf65258a7bc094a6965e24611c077e1ca0891362a9d68f3ec7610c0449ac59110500a09b75885cd79ba32776e4a511c8a4ad922b000000000002ef507ec6fc7f5dc431b9d8cbd9003972bf1dc6a71bedad8e19efc3edd2a7a7e555d5f3176af69920471e6e5bcb8966c813c132d65e2b99d3015e06b372e1aefaae14ee3fbc6349af362c19b59c214de66912d1a9a98d92dc030000009443de62caca334c46d110e50896fe50d0477771d387f40c8ef05750ca651e6e69a237dcf78666d6ab2bda1f853525494e4efdd93be38bb5fc671f8794002d7a951fd336aaf4ed1166cb459df70218c571ba1c40b028234505e5477effff26af8812c2fbb8785a223fce0a0601c2a3b58bea8c6216eadabcabe86ab46e4cd3d58ef7ce8d3c4b0bc5952e81dfc0a490d8568db6f9c51fe703c6864fae0053d2f91f49e977cdc1962dbc28c29471a72199862bc8fc6e211d13d8579cab4fba94b2b613c9b8148d05e0690a4c4ab35aabc45801d2b82081e62b23a01b58b1ffb624f63ad2246796796160cd3682374364edac52f1becb7c6eff50823b75fb2ef516ec4ec1cb20a2535b504502d744f2099674e58f2c117c980cf0d041c8e45c4f166bab4aa5ed200ef4dcff96f7c9c1ab8c22db0f439b23b04bcd41ffc3a0e01976ca1cf43e12d7d72f3faa4979faabd62e2dc54a980eae4d5e8c6498de331c3aba1144ef1190ea6cda641d9416c4560cab2d819eac7b04c70f141754c3ffd79da363fe8859afee531710caf1b2bf5a51142f4755cbb700c28083525a9093790096cb93417f1216000000000000000000000000000040ceb244e4cae2b65a36d41793aabccd3d0c50486eae6793e1f54814a8ee2779c14ca94759266200229b58c12279817869e831cade7b09ddffffff9d93e2ad25eed43c0b9ee4fd209b5b919a42f676b9d7236fc8dd5040899d0676291407ce9ac8101dd3512f5b3ac8cf8179d1749de324000030d0f942ec4604c28d5c287d1435956784003a53eb5f0436ead88d7acf0166dbd9f30a9b259c8a9b9faf1356faf269cded935b07863e4fdad8aab52686c81babd1c08f6700a2fadd413443022ea5c774ffefdd426abed08d437a4db48611fc82a18ab9f54758a1aad86d95cd186ceb55fafa3930090467b8b7bb8ae7e1c8b4b4106a381cb67fdb86def4de2076dc538bb97502b4b4350e633dc0a53c2fc9a01bc5cfae0245f1fab843c633446f5f3a43226109b7dafe7815773bd6969f04cbe15236b90000000000000000000000000000000000000000000000000000ff0779b9c0057addb2efe11b8b3a706569f1522b57d71bb0beccab7c8fe9e1330b2f501b2ac3cfe9e2f505e833217557abb257d61a73a758543651b250f8d8ef9c8481bb28a137d15040b0181c28dfad7c17b30c452a64c43a117cb948247c33abc765a6ba695c3cea5e32a4d11c9b4be91c60932bae2dcbec2ff4268e03aad15efc6004e6b3d7f0edf8b5d4ae7846a6d43c16c90b7c5dc13ac2ff0439ab693498964cad2bb533bcd240778b7e49145c48efde42b44c01517f1a7c7707b4c4fc0900e7086ec40354504590696282286db9030f0320e2fcba8723939005347b3c99e3f1310d41ab328c1f351b3f744ff1973431000000000000000000000000000000000000003495d69aaf9a1d83e83511a3bf44fe753b8ad83bc34ea4d46b397e000fd267c50122aa5aaf8474ec2e57d960d963900bef84a4b3c7dd01ae4d6b5522aa8a35ae7996e298bcfe3f31a34e3e12c58cf172a4d3677a67b52041ec21ae8003aa1c9969178b1b00e4d12ac9741fd788fb6260ec043c013907523c77f8acc20b9e2fd224ca8f21fab2b10991881e0a12f4e1c4f54b9ca7c9a0c8298d60b8b6eaa023418992d6d62b0e9faca4a3b3a845e859137cd933ef5eb8db16f159f32505725da51414562d064b551246dacd58023fed3c087bb52ae4bc09f3846c785d1b278e661ed01fbc2415288bc9c808c4aef648d431b3029da0dec8886c3ee9cad996843d00a3b5eb54e270dd2e96c8f2fdb4c27c2d1bd467f2a14867dec67730d8a68329839d9feff688dfbe25c73f936338e7b057980da58a6303d95f17712d667d5a1066ae457ae32925ce658b559c1182a74e267da57fe25b19153f1cdebaddf3f7a3479c09f2303dff449c0513b152a75ed48215cc31264a6ff648a95daa0d599dbce303b3b5307572df30429a3b4b115cab0a018f2501272048dd9e69877535e20078e7c28a98f26ace7a266bdc15ce904f25ec7fb2434ee7b5b69bed702ba1e7ed72942f452f1a98a2d949450091075efa823b11f5f5eccd921c04c7c15a5a05750cd85b1300fc00ce275de7559e117f87cb6c3c9a4b9f96149e3fcffa44d7000000000000000000d43d07d546acb7009c0c4f6e57b8577d2113bfca1939b9bf757265e175c1863a7c8d7640675830dc11d5d59546daf2385a7074f770c8333b21e2fb660141bc4f1ed45f703da6ac2557ab6952bd0c300000000000000000005b44bff4e3966fdfc9b720412bec09936b08e440c774e222dbd9a323a889f295e5d3bae64fc48ba123668e6a0be1e732aa5e2a0d4373a0b76d84f018d45bdf6f12d6d5d23a0331c3ae5e99a2bcdb52386135ea15890007e1cba5e52a04971139272012ae5542ba109a9d2f49798ce2fc6f639735e0222cd08075418239042bfe47c363973d3245ce507e838dfd90ae442a96fa1343029be56de31c2eff226c05f0ae3dbe2281e7bc02db39342d5b54ad3616733a5aa7753613423a0c4d2844a6e08fa5b76e18f7e24e967f6f83c546718d0f20959376427cdd449a4be3d75fd3e51e1b7f8690855af8eddbd3fd556b4460d0091e3623933f1a11db14aea54af6c49725bfa51fed222dc379995f48b1aab94441767c8bccbfd966d814715203bd8f549cd57d6a87295bf16aa25fb4e7fcaa8cec5e5c03b0095861bf2fed70ffb46bbb78ba90ca272ead9b3d2959fd9dbaabd1d51a60b474cef4c700faf718b810e4d3527a4663ee9fbc0000000000000000000000000000000000000000000000000061abf7a66b7b3f57ff830000"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7e8}, 0x94) 5.172109206s ago: executing program 3 (id=146): wait4(0x0, 0x0, 0x8, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x5, 0x7, 0xb3}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@newqdisc={0x58, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xffffbddc, {0x0, 0x0, 0x0, r6, {0x10}, {}, {0xe, 0x1}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x200000, 0xe, 0x7, 0x7, 0x9, 0x40, 0xffffffff, 0x2}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4040098}, 0x4000) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r8 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r8, &(0x7f0000000480)="c1858aec1d0a21756f66b4805f3a", 0xe, 0x40000, &(0x7f0000000240)={0x11, 0xf8, r7, 0x1, 0x5, 0x6, @random="24f51e8e0a5a"}, 0x14) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmmsg(r0, &(0x7f00000023c0)=[{{&(0x7f0000000040)=@ll={0x11, 0x17, r9, 0x1, 0x4}, 0x80, 0x0}}], 0x1, 0x40000) 2.318549021s ago: executing program 0 (id=147): syz_open_dev$sndpcmc(0x0, 0x1, 0x800) bpf$ITER_CREATE(0x21, 0x0, 0x0) socket(0x2, 0x80805, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0xc800) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0xffffffff, 0xffffffffffffffff, 0x0, 0x0}) r1 = shmget$private(0x0, 0x800000, 0x0, &(0x7f0000173000/0x800000)=nil) shmat(r1, &(0x7f0000000000/0x4000)=nil, 0xffffffffffff9fff) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'veth1_to_bridge\x00', 0x20}, 0x18) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000040), &(0x7f0000000080)=0x30) getsockopt$IP_VS_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x481, &(0x7f0000000100), &(0x7f0000000140)=0xc) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000440), 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r3, 0xc0f85403, &(0x7f0000000480)={{0x3, 0x0, 0x1, 0x1, 0x4}, 0x0, 0x6, 'id0\x00', 'timer0\x00'}) 1.400316832s ago: executing program 2 (id=148): syz_open_dev$sndmidi(0x0, 0x2, 0x141101) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xacd6a4e1331e885c, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5}) r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000080)={'veth0_macvtap\x00', @multicast}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) socket$key(0xf, 0x3, 0x2) close(0xffffffffffffffff) r3 = syz_open_dev$evdev(&(0x7f0000000100), 0x2, 0x862b01) ioctl$EVIOCSFF(r3, 0x40304580, &(0x7f00000003c0)={0x53, 0x0, 0xff17, {0xfc00, 0x1}, {0x4b, 0x82}, @ramp={0x6, 0x4, {0x5edb, 0x400, 0x9}}}) 961.611658ms ago: executing program 1 (id=149): setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000380)={@ipv4={'\x00', '\xff\xff', @multicast2}, 0x1, 0x1, 0xff, 0x8, 0x5}, 0x20) 889.844518ms ago: executing program 0 (id=150): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x100, 0x3, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}}}, 0x24}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)=[{}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 612.117902ms ago: executing program 3 (id=151): openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_WOWLAN(r1, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000440)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010300000000000000"], 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x20048040) recvmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) eventfd(0xfffffff9) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000ff02000200000000", 0x1c) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x28, 0x10, 0x1, 0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x40101}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000980)={0x6, 0x0, [{0x200000, 0x6a, &(0x7f0000000180)=""/106}, {0x25000, 0x79, &(0x7f0000000300)=""/121}, {0x50000, 0xf1, &(0x7f0000000580)=""/241}, {0x0, 0x52, &(0x7f00000006c0)=""/82}, {0x8080000, 0xa4, &(0x7f0000000740)=""/164}, {0xb000, 0xc7, &(0x7f0000000880)=""/199}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) 453.802864ms ago: executing program 1 (id=152): syz_create_resource$binfmt(0x0) syz_open_dev$radio(0x0, 0x2, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102392, 0x18ff8) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0x7) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) 121.101308ms ago: executing program 0 (id=153): r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0) membarrier(0x2, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) io_uring_setup(0x30ab, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f) fspick(r0, &(0x7f00000001c0)='./cgroup\x00', 0x0) r2 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2) ioctl$FE_SET_PROPERTY(r2, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c6171360aaf4716308a633fda925d1085c6b9f70f72ad6cc5f48537", 0x20}, 0xfffffff9}, {0xa, '\x00', @data, 0x7ff}, {0x26, '\x00', @st={0x4, [{0x3, @svalue=0x4}, {0x2, @svalue=0x775a}, {0x3, @svalue=0xd2}, {0x1, @svalue=0xfffffffffffffff8}]}, 0x7fe}]}) mount(&(0x7f0000000480)=@nullb, 0x0, &(0x7f00000004c0)='cramfs\x00', 0x208000, 0x0) syz_io_uring_setup(0x3075, &(0x7f0000000300)={0x0, 0x235d, 0x400, 0x1, 0x400002d8}, 0x0, &(0x7f0000000200), &(0x7f0000000000)) socketpair(0x23, 0x2, 0x1, &(0x7f0000000040)) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000100)={0x31}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r3 = io_uring_setup(0x89b, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0x4, 0x20002f7}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1c, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="dbaa00fe9c"], 0x0, 0xb, 0x0, 0x0, 0x0, 0x6f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x8}, 0x94) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(0xffffffffffffffff, &(0x7f0000000340)={0x15, 0x110, 0xfa08, {0xffffffffffffffff, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x4, @loopback}, @in={0x2, 0x4000, @broadcast}}}, 0x118) 2.869349ms ago: executing program 1 (id=154): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb", 0x5d}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab50447", 0x6f}, {0x0}, {&(0x7f0000000780)="8ff2f15bd0017ce4b36b6bc4335634254cffcc40c0312f5ff35991272b79d76712dc0c3cfdc0d70ce8004884e6917bed9ffee1584df7f06c7bccac71daf78bf3c68b8d5e56357654784bdbc700bceb1049c6a47d53c5ac29f83aed3ae9968fe8", 0x60}], 0x4}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000580)}], 0x2, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x9a9}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x60}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, 0x0}}], 0x3, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 0s ago: executing program 2 (id=155): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='comm\x00') writev(r4, &(0x7f00000006c0)=[{&(0x7f0000000100)="c1", 0x1}], 0x1) fsopen(&(0x7f0000000140)='sysfs\x00', 0x0) r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x189182, 0x0) ioctl$RTC_AIE_ON(r5, 0x7001) close(0xffffffffffffffff) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.140' (ED25519) to the list of known hosts. [ 83.965853][ T5760] cgroup: Unknown subsys name 'net' [ 84.110901][ T5760] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.561386][ T5760] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 88.620642][ T5775] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.665680][ T5775] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.676492][ T5775] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.686678][ T5775] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.698081][ T5775] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 88.712978][ T5775] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.733124][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.746829][ T5781] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.785307][ T5782] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.808374][ T5782] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.827954][ T5782] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.837073][ T5788] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.849965][ T5788] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 88.861903][ T5788] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.898916][ T5785] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.912621][ T5785] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.915584][ T5788] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.934412][ T5785] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.947595][ T5788] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.960380][ T5782] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.976965][ T5782] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 88.987592][ T5788] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 88.999861][ T5782] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.009505][ T5788] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.595118][ T5777] chnl_net:caif_netlink_parms(): no params data found [ 89.702062][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 89.854291][ T5778] chnl_net:caif_netlink_parms(): no params data found [ 89.876109][ T5777] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.885024][ T5777] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.895478][ T5777] bridge_slave_0: entered allmulticast mode [ 89.905980][ T5777] bridge_slave_0: entered promiscuous mode [ 89.925033][ T5777] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.934666][ T5777] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.945847][ T5777] bridge_slave_1: entered allmulticast mode [ 89.953694][ T5777] bridge_slave_1: entered promiscuous mode [ 89.995730][ T5776] chnl_net:caif_netlink_parms(): no params data found [ 90.099980][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.116421][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.126445][ T5772] bridge_slave_0: entered allmulticast mode [ 90.139367][ T5772] bridge_slave_0: entered promiscuous mode [ 90.185051][ T5777] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.200941][ T5777] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.237461][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.246606][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.257729][ T5772] bridge_slave_1: entered allmulticast mode [ 90.266473][ T5772] bridge_slave_1: entered promiscuous mode [ 90.396369][ T5777] team0: Port device team_slave_0 added [ 90.434175][ T5778] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.445916][ T5778] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.456217][ T5778] bridge_slave_0: entered allmulticast mode [ 90.466243][ T5778] bridge_slave_0: entered promiscuous mode [ 90.482723][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.505921][ T5777] team0: Port device team_slave_1 added [ 90.514355][ T5776] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.527909][ T5776] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.536555][ T5776] bridge_slave_0: entered allmulticast mode [ 90.548893][ T5776] bridge_slave_0: entered promiscuous mode [ 90.561830][ T5778] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.572093][ T5778] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.580826][ T5778] bridge_slave_1: entered allmulticast mode [ 90.590920][ T5778] bridge_slave_1: entered promiscuous mode [ 90.612681][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.654767][ T5776] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.663730][ T5776] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.673721][ T5776] bridge_slave_1: entered allmulticast mode [ 90.683003][ T5776] bridge_slave_1: entered promiscuous mode [ 90.766001][ T5778] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.790492][ T5772] team0: Port device team_slave_0 added [ 90.801486][ T5772] team0: Port device team_slave_1 added [ 90.820075][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.828365][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.862970][ T5777] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.891132][ T5782] Bluetooth: hci1: command tx timeout [ 90.905776][ T5782] Bluetooth: hci0: command tx timeout [ 90.914113][ T5778] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.964685][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.974080][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.004070][ T5777] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.030439][ T5776] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.048680][ T5782] Bluetooth: hci2: command tx timeout [ 91.055553][ T5782] Bluetooth: hci3: command tx timeout [ 91.072985][ T5778] team0: Port device team_slave_0 added [ 91.081015][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.090733][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.122362][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.140746][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.151774][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.184824][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.204395][ T5776] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.244368][ T5778] team0: Port device team_slave_1 added [ 91.340788][ T5776] team0: Port device team_slave_0 added [ 91.354123][ T5776] team0: Port device team_slave_1 added [ 91.385049][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.395048][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.426762][ T5778] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.448429][ T5777] hsr_slave_0: entered promiscuous mode [ 91.461989][ T5777] hsr_slave_1: entered promiscuous mode [ 91.519394][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.527361][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.560426][ T5778] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.658736][ T5776] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.671513][ T5776] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.707247][ T5776] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.754675][ T5772] hsr_slave_0: entered promiscuous mode [ 91.764136][ T5772] hsr_slave_1: entered promiscuous mode [ 91.772917][ T5772] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.784246][ T5772] Cannot create hsr debugfs directory [ 91.807302][ T5776] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.816705][ T5776] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.856392][ T5776] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.913632][ T5778] hsr_slave_0: entered promiscuous mode [ 91.924445][ T5778] hsr_slave_1: entered promiscuous mode [ 91.934082][ T5778] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.943291][ T5778] Cannot create hsr debugfs directory [ 92.140859][ T5776] hsr_slave_0: entered promiscuous mode [ 92.152389][ T5776] hsr_slave_1: entered promiscuous mode [ 92.163388][ T5776] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.174457][ T5776] Cannot create hsr debugfs directory [ 92.270025][ T23] cfg80211: failed to load regulatory.db [ 92.642895][ T5777] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.700476][ T5777] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.727630][ T5777] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 92.744064][ T5777] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 92.836624][ T5772] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.862341][ T5772] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.877025][ T5772] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.899599][ T5772] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.968280][ T5781] Bluetooth: hci1: command tx timeout [ 92.974860][ T5782] Bluetooth: hci0: command tx timeout [ 93.063019][ T5778] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.104315][ T5778] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 93.127933][ T5782] Bluetooth: hci3: command tx timeout [ 93.136282][ T5782] Bluetooth: hci2: command tx timeout [ 93.186515][ T5778] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 93.203671][ T5778] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 93.269395][ T5776] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.286730][ T5776] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 93.321020][ T5776] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 93.353125][ T5776] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 93.374157][ T5777] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.444808][ T5777] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.510267][ T78] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.520260][ T78] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.551465][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.592750][ T33] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.603052][ T33] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.668737][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.710663][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.722271][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.740944][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.749548][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.845947][ T5778] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.994117][ T5778] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.075137][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.084357][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.128385][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.136824][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.246189][ T5776] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.350851][ T5776] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.383582][ T5778] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 94.408708][ T5778] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.494167][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.502704][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.559894][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.568755][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.757311][ T5776] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.796619][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.912933][ T5777] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.025765][ T5772] veth0_vlan: entered promiscuous mode [ 95.057576][ T5782] Bluetooth: hci0: command tx timeout [ 95.064057][ T5782] Bluetooth: hci1: command tx timeout [ 95.124270][ T5772] veth1_vlan: entered promiscuous mode [ 95.208199][ T5782] Bluetooth: hci2: command tx timeout [ 95.212602][ T5778] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.215234][ T5782] Bluetooth: hci3: command tx timeout [ 95.274151][ T5777] veth0_vlan: entered promiscuous mode [ 95.355357][ T5777] veth1_vlan: entered promiscuous mode [ 95.401338][ T5772] veth0_macvtap: entered promiscuous mode [ 95.428772][ T5772] veth1_macvtap: entered promiscuous mode [ 95.503720][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.521119][ T5778] veth0_vlan: entered promiscuous mode [ 95.549478][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.569928][ T5776] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.582565][ T5777] veth0_macvtap: entered promiscuous mode [ 95.604282][ T5778] veth1_vlan: entered promiscuous mode [ 95.622973][ T5772] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.637326][ T5772] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.651085][ T5772] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.663298][ T5772] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.692018][ T5777] veth1_macvtap: entered promiscuous mode [ 95.874454][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.911654][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.940919][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.955729][ T5778] veth0_macvtap: entered promiscuous mode [ 96.025889][ T5778] veth1_macvtap: entered promiscuous mode [ 96.049987][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.065554][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.085483][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.124135][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.136333][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.160732][ T5777] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.178672][ T5777] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.197785][ T5777] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.215112][ T5777] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.236978][ T5776] veth0_vlan: entered promiscuous mode [ 96.261471][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.275228][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.291072][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.304558][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.322710][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.390097][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.403610][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.413733][ T5776] veth1_vlan: entered promiscuous mode [ 96.446661][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.463047][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.475305][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.494523][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.512231][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.555244][ T5778] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.578364][ T5778] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.591156][ T5778] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.601531][ T5778] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.838909][ T4121] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.868921][ T4121] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.911650][ T5776] veth0_macvtap: entered promiscuous mode [ 97.134626][ T5781] Bluetooth: hci1: command tx timeout [ 97.135798][ T5782] Bluetooth: hci0: command tx timeout [ 97.298723][ T5782] Bluetooth: hci3: command tx timeout [ 97.306074][ T5781] Bluetooth: hci2: command tx timeout [ 97.475438][ T5776] veth1_macvtap: entered promiscuous mode [ 97.616933][ T2897] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.693659][ T2897] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.947229][ T4121] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.960051][ T4121] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.984979][ T5776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.011745][ T5776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.024482][ T5776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.071000][ T5776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.087657][ T5776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.100059][ T5776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.117126][ T5776] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.184762][ T5776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.227457][ T5776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.250422][ T5847] dlm: non-version read from control device 218 [ 98.254454][ T5776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.271917][ T5776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.284073][ T5776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.298952][ T5776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.320359][ T5776] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.349560][ T5776] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.364115][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.393140][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.402455][ T5776] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.425573][ T5776] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.462729][ T5776] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.797268][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.833677][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.004926][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.071299][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.704487][ T5859] netlink: 'syz.2.6': attribute type 4 has an invalid length. [ 101.393474][ T5870] block device autoloading is deprecated and will be removed. [ 103.910591][ T5879] sched: RT throttling activated [ 107.423555][ T5907] syz.0.16[5907]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 108.611013][ T5908] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 108.942628][ T5910] syz.3.17 uses obsolete (PF_INET,SOCK_PACKET) [ 111.708810][ T5929] ======================================================= [ 111.708810][ T5929] WARNING: The mand mount option has been deprecated and [ 111.708810][ T5929] and is ignored by this kernel. Remove the mand [ 111.708810][ T5929] option from the mount to silence this warning. [ 111.708810][ T5929] ======================================================= [ 116.261848][ T5946] capability: warning: `syz.2.27' uses deprecated v2 capabilities in a way that may be insecure [ 118.126431][ T5964] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 124.941371][ T6027] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 126.715031][ T6056] netlink: 8 bytes leftover after parsing attributes in process `syz.2.49'. [ 129.607837][ T6097] netlink: 8 bytes leftover after parsing attributes in process `syz.0.58'. [ 132.001017][ T6110] capability: warning: `syz.2.61' uses 32-bit capabilities (legacy support in use) [ 132.631245][ T786] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 132.823207][ T786] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid maxpacket 99, setting to 64 [ 132.837930][ T786] usb 1-1: config 0 interface 0 has no altsetting 0 [ 132.859656][ T786] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 132.872025][ T786] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 132.901900][ T786] usb 1-1: Product: syz [ 132.917480][ T786] usb 1-1: Manufacturer: syz [ 132.935994][ T786] usb 1-1: SerialNumber: syz [ 132.980228][ T786] usb 1-1: config 0 descriptor?? [ 133.004743][ T6116] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 133.085150][ T786] usb 1-1: selecting invalid altsetting 0 [ 133.210327][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.217098][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.167890][ T23] usb 1-1: USB disconnect, device number 2 [ 134.856599][ T6157] netlink: 8 bytes leftover after parsing attributes in process `syz.1.71'. [ 138.878501][ T6195] x_tables: arp_tables: NFQUEUE target: not valid for this family [ 139.126626][ T6194] netlink: 8 bytes leftover after parsing attributes in process `syz.3.81'. [ 143.070044][ T6218] Zero length message leads to an empty skb [ 146.008307][ T6235] netlink: 8 bytes leftover after parsing attributes in process `syz.1.91'. [ 146.254847][ T6241] x_tables: arp_tables: NFQUEUE target: not valid for this family [ 153.010866][ T6281] netlink: 8 bytes leftover after parsing attributes in process `syz.1.102'. [ 153.236974][ T6291] x_tables: arp_tables: NFQUEUE target: not valid for this family [ 155.911038][ T6299] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.919378][ T6299] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.155703][ T6299] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 159.256338][ T6299] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 160.170491][ T6299] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.179624][ T6299] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.188764][ T6299] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.197789][ T6299] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.133159][ T6365] netlink: 8 bytes leftover after parsing attributes in process `syz.0.121'. [ 166.132730][ T6413] netlink: 8 bytes leftover after parsing attributes in process `syz.0.133'. [ 170.072713][ T6430] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.080594][ T6430] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.564740][ T6430] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 170.618838][ T6430] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 171.092763][ T6430] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.101828][ T6430] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.110931][ T6430] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.119854][ T6430] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.569767][ T6450] loop2: detected capacity change from 0 to 1024 [ 176.635425][ T6493] ================================================================== [ 176.643585][ T6493] BUG: KASAN: slab-use-after-free in dvb_device_open+0xca/0x370 [ 176.651313][ T6493] Read of size 8 at addr ffff888026840218 by task syz.0.153/6493 [ 176.659104][ T6493] [ 176.661576][ T6493] CPU: 1 PID: 6493 Comm: syz.0.153 Not tainted syzkaller #0 [ 176.668911][ T6493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 176.679236][ T6493] Call Trace: [ 176.682569][ T6493] [ 176.685536][ T6493] dump_stack_lvl+0x18c/0x250 [ 176.690363][ T6493] ? __lock_acquire+0x7d40/0x7d40 [ 176.695542][ T6493] ? show_regs_print_info+0x20/0x20 [ 176.700807][ T6493] ? load_image+0x420/0x420 [ 176.705377][ T6493] ? _raw_spin_lock_irqsave+0xc0/0x100 [ 176.710933][ T6493] ? __virt_addr_valid+0x18c/0x540 [ 176.716118][ T6493] ? __virt_addr_valid+0x469/0x540 [ 176.721290][ T6493] print_report+0xa8/0x210 [ 176.725777][ T6493] ? dvb_device_open+0xca/0x370 [ 176.730696][ T6493] kasan_report+0x117/0x150 [ 176.735360][ T6493] ? chrdev_open+0x3e3/0x6a0 [ 176.740011][ T6493] ? dvb_device_open+0xca/0x370 [ 176.744916][ T6493] dvb_device_open+0xca/0x370 [ 176.749646][ T6493] ? do_raw_spin_unlock+0x121/0x230 [ 176.754899][ T6493] chrdev_open+0x5cc/0x6a0 [ 176.759542][ T6493] ? cd_forget+0x160/0x160 [ 176.764013][ T6493] ? fsnotify_perm+0x3ed/0x5e0 [ 176.768842][ T6493] ? cd_forget+0x160/0x160 [ 176.773322][ T6493] do_dentry_open+0x8c6/0x1500 [ 176.778300][ T6493] path_openat+0x27f1/0x3230 [ 176.782955][ T6493] ? verify_lock_unused+0x140/0x140 [ 176.788316][ T6493] ? do_filp_open+0x430/0x430 [ 176.793041][ T6493] ? lockdep_hardirqs_on+0x98/0x150 [ 176.798416][ T6493] ? __virt_addr_valid+0x18c/0x540 [ 176.805184][ T6493] do_filp_open+0x1f5/0x430 [ 176.809784][ T6493] ? vfs_tmpfile+0x490/0x490 [ 176.814430][ T6493] ? _raw_spin_unlock+0x28/0x40 [ 176.819426][ T6493] ? alloc_fd+0x58f/0x630 [ 176.823906][ T6493] do_sys_openat2+0x134/0x1d0 [ 176.828730][ T6493] ? do_sys_open+0xe0/0xe0 [ 176.833195][ T6493] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 176.839226][ T6493] ? lock_chain_count+0x20/0x20 [ 176.844228][ T6493] __x64_sys_openat+0x139/0x160 [ 176.849155][ T6493] do_syscall_64+0x55/0xa0 [ 176.853626][ T6493] ? clear_bhb_loop+0x40/0x90 [ 176.858358][ T6493] ? clear_bhb_loop+0x40/0x90 [ 176.863134][ T6493] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 176.869104][ T6493] RIP: 0033:0x7f2a1295d60e [ 176.873604][ T6493] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 176.893264][ T6493] RSP: 002b:00007f2a137b7b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 176.901750][ T6493] RAX: ffffffffffffffda RBX: 00007f2a137b86c0 RCX: 00007f2a1295d60e [ 176.909814][ T6493] RDX: 0000000000000002 RSI: 00007f2a137b7c00 RDI: ffffffffffffff9c [ 176.917840][ T6493] RBP: 00007f2a137b7c00 R08: 0000000000000000 R09: 0000000000000000 [ 176.926744][ T6493] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd [ 176.934765][ T6493] R13: 00007f2a12c16128 R14: 00007f2a12c16090 R15: 00007ffe4f49f108 [ 176.942801][ T6493] [ 176.945859][ T6493] [ 176.948222][ T6493] Allocated by task 6244: [ 176.952600][ T6493] kasan_set_track+0x4e/0x70 [ 176.957236][ T6493] __kasan_kmalloc+0x8f/0xa0 [ 176.961868][ T6493] __mmu_notifier_register+0x391/0x640 [ 176.967470][ T6493] mmu_notifier_register+0x45/0x1c0 [ 176.973190][ T6493] kvm_dev_ioctl+0x118a/0x1660 [ 176.978030][ T6493] __se_sys_ioctl+0xfd/0x170 [ 176.982685][ T6493] do_syscall_64+0x55/0xa0 [ 176.987146][ T6493] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 176.993098][ T6493] [ 176.995453][ T6493] Freed by task 6249: [ 176.999461][ T6493] kasan_set_track+0x4e/0x70 [ 177.004119][ T6493] kasan_save_free_info+0x2e/0x50 [ 177.009220][ T6493] ____kasan_slab_free+0x126/0x1e0 [ 177.014387][ T6493] slab_free_freelist_hook+0x130/0x1a0 [ 177.019892][ T6493] __kmem_cache_free+0xba/0x1e0 [ 177.024803][ T6493] __mmu_notifier_subscriptions_destroy+0x66/0xa0 [ 177.031272][ T6493] __mmdrop+0xec/0x3d0 [ 177.035824][ T6493] exit_mm+0x1f2/0x2c0 [ 177.039959][ T6493] do_exit+0x8dd/0x2460 [ 177.044175][ T6493] do_group_exit+0x21b/0x2d0 [ 177.048820][ T6493] get_signal+0x12fc/0x13f0 [ 177.053454][ T6493] arch_do_signal_or_restart+0xc2/0x800 [ 177.059058][ T6493] exit_to_user_mode_loop+0x70/0x110 [ 177.064481][ T6493] exit_to_user_mode_prepare+0xee/0x180 [ 177.070087][ T6493] syscall_exit_to_user_mode+0x1a/0x50 [ 177.075601][ T6493] do_syscall_64+0x61/0xa0 [ 177.080077][ T6493] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 177.086022][ T6493] [ 177.088750][ T6493] The buggy address belongs to the object at ffff888026840200 [ 177.088750][ T6493] which belongs to the cache kmalloc-256 of size 256 [ 177.103341][ T6493] The buggy address is located 24 bytes inside of [ 177.103341][ T6493] freed 256-byte region [ffff888026840200, ffff888026840300) [ 177.118413][ T6493] [ 177.120816][ T6493] The buggy address belongs to the physical page: [ 177.127273][ T6493] page:ffffea00009a1000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26840 [ 177.137469][ T6493] head:ffffea00009a1000 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 177.146538][ T6493] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 177.154583][ T6493] page_type: 0xffffffff() [ 177.159005][ T6493] raw: 00fff00000000840 ffff888017c41b40 ffffea0000847880 0000000000000006 [ 177.167632][ T6493] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 177.176791][ T6493] page dumped because: kasan: bad access detected [ 177.183432][ T6493] page_owner tracks the page as allocated [ 177.189196][ T6493] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 19058272764, free_ts 0 [ 177.211385][ T6493] post_alloc_hook+0x1c1/0x200 [ 177.216216][ T6493] get_page_from_freelist+0x1951/0x19e0 [ 177.221815][ T6493] __alloc_pages+0x1f0/0x460 [ 177.226536][ T6493] alloc_page_interleave+0x24/0x1e0 [ 177.231880][ T6493] alloc_slab_page+0x5d/0x160 [ 177.236806][ T6493] new_slab+0x87/0x2d0 [ 177.240916][ T6493] ___slab_alloc+0xc5d/0x12f0 [ 177.245654][ T6493] __kmem_cache_alloc_node+0x19e/0x250 [ 177.251179][ T6493] kmalloc_trace+0x2a/0xe0 [ 177.255667][ T6493] bus_add_driver+0x162/0x630 [ 177.260413][ T6493] driver_register+0x23a/0x310 [ 177.265236][ T6493] usb_register_driver+0x206/0x3d0 [ 177.270414][ T6493] do_one_initcall+0x242/0x790 [ 177.275384][ T6493] do_initcall_level+0x137/0x1f0 [ 177.280640][ T6493] do_initcalls+0x69/0xd0 [ 177.285056][ T6493] kernel_init_freeable+0x3ed/0x580 [ 177.290492][ T6493] page_owner free stack trace missing [ 177.295908][ T6493] [ 177.298271][ T6493] Memory state around the buggy address: [ 177.303940][ T6493] ffff888026840100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 177.312062][ T6493] ffff888026840180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 177.320353][ T6493] >ffff888026840200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 177.328544][ T6493] ^ [ 177.333448][ T6493] ffff888026840280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 177.341658][ T6493] ffff888026840300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 177.350465][ T6493] ================================================================== [ 177.358884][ C1] vkms_vblank_simulate: vblank timer overrun [ 177.366497][ T6493] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 177.373758][ T6493] CPU: 1 PID: 6493 Comm: syz.0.153 Not tainted syzkaller #0 [ 177.381095][ T6493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 177.391359][ T6493] Call Trace: [ 177.394690][ T6493] [ 177.397658][ T6493] dump_stack_lvl+0x18c/0x250 [ 177.402410][ T6493] ? show_regs_print_info+0x20/0x20 [ 177.407666][ T6493] ? load_image+0x420/0x420 [ 177.412231][ T6493] panic+0x2dc/0x730 [ 177.416176][ T6493] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 177.422394][ T6493] ? bpf_jit_dump+0xd0/0xd0 [ 177.427089][ T6493] ? _raw_spin_unlock_irqrestore+0x111/0x120 [ 177.433122][ T6493] ? _raw_spin_unlock+0x40/0x40 [ 177.438025][ T6493] ? dvb_device_open+0xca/0x370 [ 177.442924][ T6493] check_panic_on_warn+0x84/0xa0 [ 177.447942][ T6493] ? dvb_device_open+0xca/0x370 [ 177.452860][ T6493] end_report+0x6f/0x130 [ 177.458153][ T6493] kasan_report+0x128/0x150 [ 177.462894][ T6493] ? chrdev_open+0x3e3/0x6a0 [ 177.467634][ T6493] ? dvb_device_open+0xca/0x370 [ 177.472625][ T6493] dvb_device_open+0xca/0x370 [ 177.477353][ T6493] ? do_raw_spin_unlock+0x121/0x230 [ 177.482867][ T6493] chrdev_open+0x5cc/0x6a0 [ 177.487418][ T6493] ? cd_forget+0x160/0x160 [ 177.491964][ T6493] ? fsnotify_perm+0x3ed/0x5e0 [ 177.496783][ T6493] ? cd_forget+0x160/0x160 [ 177.501435][ T6493] do_dentry_open+0x8c6/0x1500 [ 177.506309][ T6493] path_openat+0x27f1/0x3230 [ 177.511062][ T6493] ? verify_lock_unused+0x140/0x140 [ 177.516317][ T6493] ? do_filp_open+0x430/0x430 [ 177.521046][ T6493] ? lockdep_hardirqs_on+0x98/0x150 [ 177.526302][ T6493] ? __virt_addr_valid+0x18c/0x540 [ 177.531475][ T6493] do_filp_open+0x1f5/0x430 [ 177.536025][ T6493] ? vfs_tmpfile+0x490/0x490 [ 177.540840][ T6493] ? _raw_spin_unlock+0x28/0x40 [ 177.545735][ T6493] ? alloc_fd+0x58f/0x630 [ 177.550204][ T6493] do_sys_openat2+0x134/0x1d0 [ 177.554938][ T6493] ? do_sys_open+0xe0/0xe0 [ 177.559404][ T6493] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 177.565431][ T6493] ? lock_chain_count+0x20/0x20 [ 177.570331][ T6493] __x64_sys_openat+0x139/0x160 [ 177.575249][ T6493] do_syscall_64+0x55/0xa0 [ 177.579705][ T6493] ? clear_bhb_loop+0x40/0x90 [ 177.584430][ T6493] ? clear_bhb_loop+0x40/0x90 [ 177.589150][ T6493] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 177.595089][ T6493] RIP: 0033:0x7f2a1295d60e [ 177.599545][ T6493] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 177.619369][ T6493] RSP: 002b:00007f2a137b7b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 177.627830][ T6493] RAX: ffffffffffffffda RBX: 00007f2a137b86c0 RCX: 00007f2a1295d60e [ 177.635859][ T6493] RDX: 0000000000000002 RSI: 00007f2a137b7c00 RDI: ffffffffffffff9c [ 177.643971][ T6493] RBP: 00007f2a137b7c00 R08: 0000000000000000 R09: 0000000000000000 [ 177.652078][ T6493] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd [ 177.660091][ T6493] R13: 00007f2a12c16128 R14: 00007f2a12c16090 R15: 00007ffe4f49f108 [ 177.668109][ T6493] [ 177.671736][ T6493] Kernel Offset: disabled [ 177.676289][ T6493] Rebooting in 86400 seconds..