last executing test programs: 1m43.58332581s ago: executing program 2 (id=3): syz_open_dev$usbmon(0x0, 0x80000001, 0x82002) syz_open_dev$cec(0x0, 0x0, 0x6c100) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$usbfs(0x0, 0x203, 0x54442) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x60, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) syz_usb_connect(0x0, 0x0, 0x0, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r3, 0x89f0, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) r5 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r4, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@getchain={0x34, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xc, 0xfff3}, {0xffff, 0x7}}, [{0x8, 0xb, 0x63a7}, {0x8, 0xb, 0xffff0000}]}, 0x34}}, 0x40000) 1m38.892049268s ago: executing program 1 (id=10): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=@ipv4_getnexthop={0x20, 0x6a, 0x605, 0x70bd2c, 0x25dfdbfc, {}, [@NHA_OIF={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x880) 1m38.699699912s ago: executing program 0 (id=1): ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x5cee313670d5fda3}) socket$inet_tcp(0x2, 0x1, 0x0) socket$kcm(0x10, 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000fcfeffff8500000013000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x23}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1805000000000000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x4}) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000003c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x3c, 0xa, [@struct={0x8, 0x4, 0x0, 0xf, 0x0, 0xffffffff, [{0xe, 0x0, 0x3}, {0x7, 0x3, 0xfffffffd}, {0x8, 0x0, 0x2}, {0xf, 0x1, 0xf48e}]}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e]}}, 0x0, 0x5e, 0x0, 0x6}, 0x28) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0) syz_init_net_socket$netrom(0x6, 0x5, 0x0) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1/file4\x00', &(0x7f0000000280), 0x804010, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@aname={'aname', 0x3d, '/dev/snd/midiC#D#\x00'}}]}}) 1m32.831632025s ago: executing program 1 (id=13): r0 = syz_open_dev$evdev(&(0x7f0000000380), 0x1, 0x2100) ioctl$EVIOCSABS20(r0, 0x401845e0, 0x0) 1m27.72736692s ago: executing program 1 (id=16): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0xa, &(0x7f00000002c0)=0x2000000000000002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20000080}, 0x40008) sendmsg$NFT_BATCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0bfc0000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}, 0x1, 0x0, 0x0, 0x40820}, 0x0) writev(r0, &(0x7f0000000040), 0x2) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = creat(0x0, 0x144) close(0x3) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'sit0\x00', 0x0}) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, 0x0, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, 0x0, 0x0) bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x0, r4}, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f00000024c0), r1) socket$key(0xf, 0x3, 0x2) openat$dsp(0xffffffffffffff9c, &(0x7f0000000080), 0x20801, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x4e23, @remote}, 0x10) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x8}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x7, 0x4, 0x0, 0xfffffffffffffffc, 0x0, 0x6}, {0x0, 0x0, 0x400000000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x0, 0x32}, 0x0, @in=@private=0xa010101, 0x0, 0x0, 0x0, 0xb7, 0x2, 0xfffffffe}}, 0xe8) socket$nl_generic(0x10, 0x3, 0x10) ioctl$XFS_IOC_BULKSTAT(0xffffffffffffffff, 0x8040587f, &(0x7f0000000240)={{0xae7, 0x4, 0x4, 0x8, 0x8}, &(0x7f0000000500)}) ioctl$FS_IOC_SETFSLABEL(0xffffffffffffffff, 0x41009432, &(0x7f00000000c0)="bf64030b41a7061685b5f6b9d213b61e3a6ea036dd75aea7eaf94cbb6bd95d1d18f7a7a982066c4042f61d587335a78441f1e4f2d53212787381e05d38e69faa553d7aa5ff5155ad991ece3164d880f71e45c4a4c1d31163ca8372550a9fdf0f460e1144ddaec737035d2a1965bab798710aa611c2719a6177ea51a7fdfa3edf0a6fb0bd1bea87d8911f24926dafd736d1a635c0026b3b00e86a0c15dcf602e5b9f05aacf5d283c55326131f7a1d082485017d3c499ad7eabddef5ce2dbe9163504165d3e99a5058398136be24929d8083afa88c8c6a684bd6118688063e6dd3cf9b1f1d071e85f2bd78136da8a6809840e524cfbd306798c1d145dee884bdbe") 1m25.602849425s ago: executing program 32 (id=3): syz_open_dev$usbmon(0x0, 0x80000001, 0x82002) syz_open_dev$cec(0x0, 0x0, 0x6c100) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$usbfs(0x0, 0x203, 0x54442) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x60, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) syz_usb_connect(0x0, 0x0, 0x0, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r3, 0x89f0, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) r5 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r4, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@getchain={0x34, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xc, 0xfff3}, {0xffff, 0x7}}, [{0x8, 0xb, 0x63a7}, {0x8, 0xb, 0xffff0000}]}, 0x34}}, 0x40000) 1m25.522854652s ago: executing program 0 (id=18): r0 = openat$ttyS3(0xffffff9c, 0x0, 0x210100, 0x0) syz_open_pts(r0, 0x81) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r2, 0xc05064a7, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00') fsconfig$FSCONFIG_CMD_RECONFIGURE(r4, 0x7, 0x0, 0x0, 0x0) timer_create(0x0, 0x0, &(0x7f0000000300)) preadv(r4, &(0x7f0000000580)=[{&(0x7f0000000200)=""/122, 0x7a}], 0x1, 0x45, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) 1m20.489708792s ago: executing program 1 (id=22): socket$nl_route(0x10, 0x3, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x101343) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x101343) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000001c0)=0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940), 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) writev(r2, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000200), 0x35c, 0x0) socket$packet(0x11, 0x3, 0x300) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$can_j1939(r3, &(0x7f00000000c0)={0x1d, r4}, 0x18) recvmmsg(0xffffffffffffffff, &(0x7f00000065c0)=[{{0x0, 0x0, &(0x7f0000000140)=[{0x0}, {&(0x7f0000000340)=""/128, 0x80}], 0x2}, 0x2}], 0x1, 0x40004023, 0x0) connect$can_j1939(r3, &(0x7f0000000140)={0x1d, r4, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0x2}, 0x18) sendmmsg(r3, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5) openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/oss_mixer\x00', 0x80000, 0x0) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 1m16.191725361s ago: executing program 0 (id=25): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) r3 = socket$xdp(0x2c, 0x3, 0x0) bind$xdp(r3, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_mreq(r4, 0x29, 0x1b, 0x0, 0x0) setsockopt$inet6_mreq(r4, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00'}) listen(0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r5, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x0, 0x2, 0xffffffff, 0x3, 0x22}, 0x7}) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) modify_ldt$write(0x1, &(0x7f0000000340)={0x8, 0x20000000}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000002600010316bd7000fcffbfff01"], 0x14}, 0x1, 0x0, 0x0, 0x448d3}, 0x800) 1m15.80710662s ago: executing program 1 (id=27): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) munlockall() r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000780)={'vxcan1\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000040)={0x1d, r1, 0x3}, 0x18) syz_genetlink_get_family_id$mptcp(&(0x7f0000000280), r0) sendmsg$AUDIT_TRIM(r0, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x4) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x29, 0x2, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f000010"], 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0) timer_create(0x0, &(0x7f0000000480)={0x0, 0x21, 0x2}, &(0x7f0000000b80)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0xfffe, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r3, 0x1, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000002140)={0x0, 0x0, &(0x7f0000002100)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000006100010000000000000000000a0000000000000000000000080018004e234e23115d9eafde4d3b9d01000000000000001f166e09b49eae874ecfb52e6686bd4fa80fc6c6b659c0f75441908c89c1d2d2914a1a99857ea75457d0468d73f01777aefec7064d0ebb60e2419d792272edc2aa120fb3f6d08adc91d2943a5ce2841197defeac014c07ad988b75247f88583b23c7a23a210eb30b0dfcb8d3f68b10f53d0f3c5f8d7ea97779339f9ebe6425549c55cf360710bc2f1a19e4a941217ce8fc972391bab4790645cd"], 0x24}}, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8) ioctl$DVB_DEMUX_DMX_SET_FILTER(0xffffffffffffffff, 0x403c6f2b, &(0x7f00000001c0)={0xe9b, {"4ac84c090829139d2e39e106b0af319c", "f651751751426b42a73bac2e05602052", "1e5d41057420f5c22ecdccef8094db00"}, 0x9, 0x1}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0) ioctl$FBIOGET_VSCREENINFO(r4, 0x4600, &(0x7f0000000100)) ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000040)={0x191, 0x258, 0x300, 0x3f, 0x32, 0x1, 0x0, 0x0, {}, {}, {}, {}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0xe07, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3}) 1m10.990923142s ago: executing program 1 (id=30): r0 = syz_open_dev$evdev(&(0x7f0000000980), 0x3, 0x2002) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000040)=0x4000802) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000001100)={0x2, 0x0, @private}, 0x10) socket(0xa, 0x1, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0xd, &(0x7f0000000280)=@req={0x6, 0x3c00, 0x5, 0x80000001}, 0x10) sendmmsg$sock(r5, 0x0, 0x0, 0x40001) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r6 = syz_open_dev$vim2m(&(0x7f0000000180), 0x3, 0x2) ioctl$vim2m_VIDIOC_STREAMOFF(r6, 0x40045612, &(0x7f0000000240)=0x2) close(r6) fsetxattr$security_capability(r4, 0x0, 0x0, 0xfffffe04, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) socket$xdp(0x2c, 0x3, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) sendmsg$NL80211_CMD_NEW_STATION(r7, 0x0, 0x0) mremap(&(0x7f0000216000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000875000/0x1000)=nil) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 59.954353801s ago: executing program 33 (id=25): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) r3 = socket$xdp(0x2c, 0x3, 0x0) bind$xdp(r3, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_mreq(r4, 0x29, 0x1b, 0x0, 0x0) setsockopt$inet6_mreq(r4, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00'}) listen(0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r5, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x0, 0x2, 0xffffffff, 0x3, 0x22}, 0x7}) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) modify_ldt$write(0x1, &(0x7f0000000340)={0x8, 0x20000000}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000002600010316bd7000fcffbfff01"], 0x14}, 0x1, 0x0, 0x0, 0x448d3}, 0x800) 55.154705419s ago: executing program 34 (id=30): r0 = syz_open_dev$evdev(&(0x7f0000000980), 0x3, 0x2002) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000040)=0x4000802) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000001100)={0x2, 0x0, @private}, 0x10) socket(0xa, 0x1, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0xd, &(0x7f0000000280)=@req={0x6, 0x3c00, 0x5, 0x80000001}, 0x10) sendmmsg$sock(r5, 0x0, 0x0, 0x40001) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r6 = syz_open_dev$vim2m(&(0x7f0000000180), 0x3, 0x2) ioctl$vim2m_VIDIOC_STREAMOFF(r6, 0x40045612, &(0x7f0000000240)=0x2) close(r6) fsetxattr$security_capability(r4, 0x0, 0x0, 0xfffffe04, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) socket$xdp(0x2c, 0x3, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) sendmsg$NL80211_CMD_NEW_STATION(r7, 0x0, 0x0) mremap(&(0x7f0000216000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000875000/0x1000)=nil) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 21.007052283s ago: executing program 4 (id=53): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [], {0x14, 0x10}}, 0x28}}, 0x20000080) 20.349671538s ago: executing program 3 (id=54): socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x44000, 0x0) syz_init_net_socket$ax25(0x3, 0x2, 0xf0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_init_net_socket$ax25(0x3, 0x5, 0x6) setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10) ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000)) 20.219640581s ago: executing program 4 (id=55): pipe(&(0x7f0000000040)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_sctp(0x2, 0x5, 0x84) socket(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) socket$inet6_udp(0xa, 0x2, 0x0) socket(0x1, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6(0xa, 0x3, 0x6) socket$netlink(0x10, 0x3, 0xb) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) memfd_create(&(0x7f0000000180)='\b\x9dF\xd8\b\xb3~u\xa5\"\xdc\xfdq\xf6c\r;\xfcO\x8c=\x81\xb1\x8aWpA\xd4\x98\x85K\x89>N\x8ar\x17O\x0fKR\xe2{mn\xcc\xbf2\xc0\xa7\x14\xd0\xd4\xfe/m\xdf\xb6]\xc2\xaa\x86\xec(\xf7\xcd\xa6\xd9n^.\x13*\xd4\xb8\xe8\xc4\xefb\x14Vx\xc6\xfe\x9e\xee\xe7\xd7E\xe9\t\x83\xdeNX\xec\xe66\x1b\x97$\xee\x84\x14n,B\xd5?\xe5E:+Pm\x1d\xb4\xb8\xeb\xe8Op2\x82\xc7\x0e\x97\x03\xef\x1a\xa5\x00.\x89\b!m\f\xd9\x8b$}\x9f\fX\x81\xa8\xf6\x94\xbc\xed\x80|l]\xe9\xca\xd3\xc9\xa3\x9e\x9cJI\xf1\xa2\xa0\xc4:\x00\x00\x00\x00\x00\x00\b\x00\x00', 0x0) socket$inet_smc(0x2b, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000010025bd7000fadbdf2500000000", @ANYRES32=r1, @ANYRES64=r0], 0x44}, 0x1, 0x0, 0x0, 0x40448e0}, 0x4000) 17.608321759s ago: executing program 3 (id=56): openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000780)='tasks\x00', 0x2, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) getsockopt$bt_BT_POWER(r0, 0x12, 0x4, 0x0, &(0x7f0000000200)=0x3e) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x10000005) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0b000000ff000000324900007f00000001"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r5, 0xffffffffffffffff}, &(0x7f0000000100)=0x7d8, &(0x7f0000000140)='%pi6 \x00'}, 0x20) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380), &(0x7f0000000300), 0x2, r6}, 0x38) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r7, 0x0, 0x44049) accept4(r8, 0x0, 0x0, 0x800) 13.499014794s ago: executing program 3 (id=57): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0e, &(0x7f0000000000)) 13.248468078s ago: executing program 4 (id=58): openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f0000000300)=[{0x0}, {0x0}, {&(0x7f00000005c0)="f2", 0x1}], 0x3}}, {{&(0x7f0000000600)=@can, 0x80, &(0x7f0000000680)=[{&(0x7f0000000980)="d542f6300b61ca7913e7cd7b4036afcfddb3c77fc63db30ef223f1cc4fcdcbb56655be4873ea15e1a9d348fadc935180e702560acae65d42d95f6ddcae59879a1ce7e78eb197a0c8231a504b2614ac6dfd9a5760fe75ba4204694d382eb51806597cde99cedde3f0edd8bd3fce154f83e47f422d0e5bf427c23771a122bd0369cec32bbe791bfc2c0fce202d51df0862c31baa7b80bab6d64c1d5826a7f4c1982e3693e7a0677f2ad388ce872b890394a3ecfd1cec45ba7966945271fc033565d4a9bb17a41aacf550c4510ba99a24b48eab32e5d7549de9bae7954e0f750b55f706de3d5001638a1260dd8d2ad735d9ec409711851badf7e170fc", 0xfb}, {&(0x7f0000000780)="92bdcafd7ac9e21583ea71b9eb5feeb69b7eeb919260393d59069611e6d460fd38481da64e5ad543477ed7b768b1a06c0a5d60edf6c5610c123e3572a7c3bd74b7bd876c6f1c54709ef06cb9187fa5ddecc04cdc8fd3e74782c0aa0579531662e6d5fcdddc53becdd0b8a59c3a97fe428e75e7707525647bd822", 0x7a}, {&(0x7f0000000580)}], 0x3, &(0x7f0000000b40)=[@timestamping={{0x14, 0x1, 0x25, 0x2d}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @timestamping={{0x14, 0x1, 0x25, 0x7}}, @timestamping={{0x14, 0x1, 0x25, 0xc}}], 0x60}}, {{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000bc0)="e7bc2f4799fe560c31cf5a20a1b22fb77ce7f19e605b6a8d2645af02e63f9a9d7ba31907ccc0f4aa71ec0762b3a8e3332fe3603b4624ac6a578ccd9a27b381a8dad12b3e3de940a99238945935184cd93dd174b70ecb9c3c99d2df9dd0cbef6a9e230f7dd8367384f034a7a011388990e94cd43e9f80ec3358dc596926960604b9f051", 0x83}, {&(0x7f0000000c80)="6c3e28dcd5c7eb9bc39a4bbc398357f3ad842b38a95863911bbd6e6afd9641d356257181e43b6e60349f69ec5f529734f76708a6c5eccb57005c1a513d8030d12c", 0x41}, {&(0x7f0000000d00)="dc6e94ac2db166801ffce85f6f44f2cb071c6b5113bc6bbf2f503d468253693a01102fcb8157c6e8a2b5620efa5d22400147cce896821150f95c0c69fa587a1f99fcb28cfeb09f45cb836f0ff891be10bb209dc04adc202ef866f27b74faa5ad3a2e5d40ebd6785c4e4a97ac13238c746d1109d12af5446c4e84591f121a494251e43bed18f6269bdd2e56f9c211dd7145f664286911b8bb3acf76a1b5ece94183a6c8cc47f2e1dd4e91dc10be8732e92e8620fa060fb1", 0xb7}, {&(0x7f0000000fc0)="c6eae69212ba50dd664af774c32d34273a3baad9692140de74d9294c555a8c2e0d53acea79b788b5eb1a12ada17eda2b2fb96c439ce16e6266afda6613fd7c90be9a9dfcd1b099fe6b023b725241a6e1048c700e7a939bd3a38f1101213b81c252dd8c44b7e647940438343d0d082507d218a952e6d77ec0918968c74f220c981a3797fb6cadfd6723a75c5c4da33e830ecf602c55bc60831ddd694f15728f4d1eacad82a03540713f52f9485138574e5b6aec693c2c613e442d5306c2ef1c8ad8dda8d005f3f3bacb5991d1c18db228185e4d2fcca72d87d81df01c142428158ad7ba84dd6c65d24a8d094308433219872eeda0c235f8be3088a880", 0xfc}, {&(0x7f00000010c0)="978d1129fddf5e2f1be8be48f935ef4f71893a57f79be3e44522d3987ccee23f4e717d8c8e14573937040fb658a24f1c9e0c7f98a24fa1209a6ea754e1244234c715713d120b6929614443fd6b4223bc04c3a8c9241ccbb6a8b0bb19fe4eedae48642a74e97588dc36bf06a4c1fb17b47b39240a6a8e9b5daa97e63d777e665841a349c52022252eafc1c129e154ab390624dd7fb8ac1e44c203140d6aab524f61cd8642ee0f380ebb21dc9267a8fbefa6eec89ff97e7800f44f89b17d43206217941c34067892c05465382550a1da2519", 0xd1}, {&(0x7f0000000800)="b56380b7487ff3b0cd079ed795bdeeb3ad75fe878a", 0x15}, {&(0x7f00000011c0)}, {&(0x7f0000001200)="43979d4537ac96f6e22b12acd1fdd3ffc7ef440e65e2e70d511a408f743d4ce7516f4364a00a041dc7b1ffe56ebc713b158ea1aab13ce3db53ab8af3f76ffaa86df636018175c4a8ea922a193ad08ca30d5031b27a4a87bff93dc12a98b6e4f25b5550d98a5bf3e040a8902083eea93bdbde6da91df3a730dd2b8215e9840f04dd0ab667500fe952fa1b8845c2cee50f8322175049c4a994def6599287fb0f8d61029188945e9b273cded0", 0xab}, {&(0x7f0000001300)}], 0x9, &(0x7f00000014c0)}}], 0x3, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000f80)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0x80000000, @empty, 0x7}, 0x1c, &(0x7f0000000f00)=[{0x0}, {&(0x7f0000000540)}, {&(0x7f00000006c0)="58b327f21946add0e0c31b173119ac7b4ceda64bbfbc8159462a8686f4303aeee1d7c9b54c4bd660fe192582950eb09a8bae632fb4e7313e3828773c09fec9b010373ca7be0ccc91233fffcfe03f287a50f2b4a970278097aed06e61a0f2da47b0bd02fcb45bf35e78c15cc4c5d6d163a6eaf921d8afc7d8376e847f403535371a24ce2a19c3898aca95be", 0x8b}, {0x0}, {0x0}, {0x0}], 0x6}}], 0x1, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0xeeee8000, 0x4, 0x3, 0xf1, 0x5, 0xfa, 0xd4, 0x6, 0x0, 0x4, 0x7, 0x4f}, {0x5000, 0x2, 0xd, 0x9, 0x8, 0x3, 0xb, 0xb, 0x5, 0xf, 0x3, 0xc0}, {0xffff1000, 0x9000, 0xb, 0x1, 0x2, 0x7, 0x4, 0x4, 0x81, 0x0, 0x6, 0x5}, {0xeeee8000, 0x2000, 0x8, 0xf8, 0x3, 0x46, 0x2, 0xd, 0x6, 0xf3, 0x8, 0x1}, {0x100000, 0x4000, 0x9, 0x9, 0x3, 0x9, 0xd, 0x6, 0x5, 0x9, 0xc, 0x4b}, {0x6000, 0x0, 0x4, 0x4, 0x3, 0x7d, 0x1, 0xff, 0x4, 0x90, 0x1, 0xfc}, {0x8000000, 0x4000, 0x0, 0x9d, 0x3, 0x0, 0x0, 0xb, 0x5, 0x7, 0x9, 0xf8}, {0xf7f63004, 0x8000000, 0xf, 0x5, 0x7, 0x3, 0xa, 0x9, 0x54, 0x1, 0x2, 0x7}, {0xdddd1000, 0x5}, {0x4, 0x9}, 0x40030000, 0x0, 0x80a0000, 0x300, 0x1, 0xa901, 0xe6e70c00, [0x3, 0x401, 0x7, 0xc5]}) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 12.03459606s ago: executing program 4 (id=59): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000001cc0)={0x0, 0x0, &(0x7f0000001c80)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x28}, 0x1, 0x0, 0x0, 0x8844}, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) pipe2$9p(&(0x7f0000000180), 0x880) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x38}}, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r2, &(0x7f00000001c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f00000000c0)={0xff, 0x6, 0xfe, 0xfd, 0xfe, 0x9, 0x8, 0x1, 0x3, 0x8, 0x20, 0xff, 0x7, 0x4}, 0xe) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r3, 0x0) setpgid(0x0, r3) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) 10.297117228s ago: executing program 4 (id=60): gettid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r1, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x8000) connect$qrtr(0xffffffffffffffff, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc) r5 = syz_io_uring_setup(0x497, &(0x7f0000000540)={0x0, 0x4660, 0x400, 0x3, 0x285}, &(0x7f00000004c0)=0x0, &(0x7f0000000480)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}) io_uring_enter(r5, 0x3498, 0x969, 0xffff000000000000, 0x0, 0x0) 8.305746088s ago: executing program 3 (id=61): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup(r2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001100a7cc4a372eaf541d00200700", @ANYRES32=r3, @ANYBLOB="00000000100000081c001a80080002802d00ff0008000200", @ANYRESDEC=r0], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x40) write$tun(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd0700100000001400000060ec97000fc82c00fe8000000000000000000000000000aaff02000000000000000000000000000188"], 0xffe) 1.269654225s ago: executing program 4 (id=62): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) syz_open_dev$MSR(&(0x7f0000000000), 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=ANY=[@ANYBLOB="5400000010000304000000000000000000000400", @ANYRES32=0x0, @ANYBLOB="00030000000000002c001280860b00010062726964676500001c0045864d13028008000500010000000500250001000000050029000000000008000aa244cd5b540bd0250d01f640ceb75996301b1996fff8e3517ebb785a00"/117, @ANYRES32=r1, @ANYBLOB], 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x8044) r2 = socket$nl_generic(0x10, 0x3, 0x10) socketpair(0x2a, 0x1, 0xffff, &(0x7f0000000000)={0xffffffffffffffff}) recvmsg$can_j1939(r3, &(0x7f0000000280)={&(0x7f0000000040)=@tipc=@name, 0x80, &(0x7f0000000200)=[{&(0x7f0000000140)=""/5, 0x5}, {&(0x7f0000000180)=""/22, 0x16}, {&(0x7f00000001c0)=""/4, 0x4}], 0x3, &(0x7f0000000240)=""/28, 0x1c}, 0x10101) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)={0x24, 0x7, 0x6, 0x5, 0x0, 0x0, {0x7, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x20040000) openat$sequencer(0xffffffffffffff9c, &(0x7f00000002c0), 0x200, 0x0) r5 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) getsockname$llc(r5, 0x0, 0x0) ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000300)) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000400)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, [@printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}, {0x85, 0x0, 0x0, 0x2d}}, @call={0x85, 0x0, 0x0, 0x11}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r6, 0x29, 0x36, &(0x7f0000000000)=ANY=[], 0x8) connect$inet6(r6, &(0x7f00000003c0)={0xa, 0xfffe, 0x3080000, @mcast2, 0x6}, 0x1c) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000400)={'#! ', './file1/../file0'}, 0x14) setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10) write(r6, &(0x7f00000000c0)="8f2a0a65bd8c3a2b0304000e0580a7b6070d63e286a5cefe", 0x5ac) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xca100, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x100000000, 0x0, 0x20, 0x0, 0x0, 0x2004c9, 0x7000, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x4000000000000004, 0x2], 0xffff1000}) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$sock_SIOCBRDELBR(r2, 0x89a2, &(0x7f0000000200)='bridge0\x00') 1.195731119s ago: executing program 3 (id=63): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="380000001214010028bd7000fcdbdf25080003000300000008004f0002000000080015000200000008004b001300000008001500010000002b7da62408a9185eb39cfc229ffae0f31b3af7376b906b8d06f0fa37f765af883e429381d30de1f95a7af1"], 0x38}, 0x1, 0x0, 0x0, 0x11}, 0x800) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000700), 0x8082, 0x0) write(r1, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000000)=[0x0, 0x0]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0x4000) madvise(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x9) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r6 = socket$nl_route(0x10, 0x3, 0x0) signalfd(r4, &(0x7f0000000040)={[0xff]}, 0x8) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000340)={'netdevsim0\x00', 0x0}) socket$rxrpc(0x21, 0x2, 0x2) r7 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000000c0)="1400000035000b0bc8d643234724d3f90324fc60", 0x14}], 0x1}, 0x0) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040e0a0f0d04"], 0xd) openat$vimc2(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000300)={&(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0], 0x4, r2}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f0000000380)={&(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2, r3}) ioctl$F2FS_IOC_DECOMPRESS_FILE(r1, 0xf517, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB(r1, 0xc01c64ae, &(0x7f00000000c0)={r3, 0x6, 0x9, 0x3, 0x9, 0x8, 0x3bd478bd}) getsockopt$XDP_MMAP_OFFSETS(0xffffffffffffffff, 0x11b, 0x7, 0x0, &(0x7f0000000080)) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) socket$inet(0x2, 0x800, 0xffffffff) 0s ago: executing program 3 (id=64): openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000780)='tasks\x00', 0x2, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) getsockopt$bt_BT_POWER(r0, 0x12, 0x4, 0x0, &(0x7f0000000200)=0x3e) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x10000005) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0b000000ff000000324900007f00000001"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r5, 0xffffffffffffffff}, &(0x7f0000000100)=0x7d8, &(0x7f0000000140)='%pi6 \x00'}, 0x20) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380), &(0x7f0000000300), 0x2, r6}, 0x38) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r7, 0x0, 0x44049) accept4(r8, 0x0, 0x0, 0x800) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.52' (ED25519) to the list of known hosts. [ 184.050890][ T5753] cgroup: Unknown subsys name 'net' [ 184.176297][ T5753] cgroup: Unknown subsys name 'cpuset' [ 184.191698][ T5753] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 190.553810][ T5753] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 195.500095][ T5774] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 195.509974][ T5774] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 195.521290][ T5774] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 195.537033][ T5774] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 195.548758][ T5780] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 195.558813][ T5780] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 195.569610][ T5780] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 195.577770][ T5777] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 195.588284][ T5777] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 195.609720][ T5783] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 195.620754][ T5073] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 195.641102][ T5073] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 195.652403][ T5780] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 195.662443][ T5780] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 195.678038][ T5780] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 195.706614][ T49] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 195.712570][ T5783] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 195.726374][ T5783] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 195.736515][ T5783] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 195.767288][ T5783] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 195.778607][ T49] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 195.778684][ T5783] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 195.797967][ T49] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 195.816678][ T5073] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 195.837624][ T5073] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 197.327462][ T5775] chnl_net:caif_netlink_parms(): no params data found [ 197.513683][ T5778] chnl_net:caif_netlink_parms(): no params data found [ 197.695616][ T5777] Bluetooth: hci2: command tx timeout [ 197.701434][ T5777] Bluetooth: hci0: command tx timeout [ 197.775602][ T5777] Bluetooth: hci1: command tx timeout [ 197.821072][ T5779] chnl_net:caif_netlink_parms(): no params data found [ 197.855564][ T5777] Bluetooth: hci3: command tx timeout [ 197.935592][ T5777] Bluetooth: hci4: command tx timeout [ 198.065235][ T5781] chnl_net:caif_netlink_parms(): no params data found [ 198.113561][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 198.580436][ T5775] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.588969][ T5775] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.598415][ T5775] bridge_slave_0: entered allmulticast mode [ 198.609872][ T5775] bridge_slave_0: entered promiscuous mode [ 198.639095][ T5775] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.655846][ T5775] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.663537][ T5775] bridge_slave_1: entered allmulticast mode [ 198.692866][ T5775] bridge_slave_1: entered promiscuous mode [ 198.830466][ T5778] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.838537][ T5778] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.846459][ T5778] bridge_slave_0: entered allmulticast mode [ 198.856765][ T5778] bridge_slave_0: entered promiscuous mode [ 199.001999][ T5778] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.012023][ T5778] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.020334][ T5778] bridge_slave_1: entered allmulticast mode [ 199.029563][ T5778] bridge_slave_1: entered promiscuous mode [ 199.040830][ T5779] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.048485][ T5779] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.056689][ T5779] bridge_slave_0: entered allmulticast mode [ 199.065720][ T5779] bridge_slave_0: entered promiscuous mode [ 199.090413][ T5775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 199.145957][ T5779] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.153513][ T5779] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.163104][ T5779] bridge_slave_1: entered allmulticast mode [ 199.174155][ T5779] bridge_slave_1: entered promiscuous mode [ 199.309543][ T5775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 199.452554][ T5778] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 199.518490][ T5781] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.526377][ T5781] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.534435][ T5781] bridge_slave_0: entered allmulticast mode [ 199.544707][ T5781] bridge_slave_0: entered promiscuous mode [ 199.558306][ T5781] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.566073][ T5781] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.573582][ T5781] bridge_slave_1: entered allmulticast mode [ 199.583200][ T5781] bridge_slave_1: entered promiscuous mode [ 199.628587][ T5778] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 199.650436][ T5779] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 199.722735][ T5775] team0: Port device team_slave_0 added [ 199.764633][ T5779] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 199.775142][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.783375][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.791215][ T5777] Bluetooth: hci0: command tx timeout [ 199.796963][ T5073] Bluetooth: hci2: command tx timeout [ 199.804066][ T5771] bridge_slave_0: entered allmulticast mode [ 199.813845][ T5771] bridge_slave_0: entered promiscuous mode [ 199.855901][ T5777] Bluetooth: hci1: command tx timeout [ 199.888847][ T5775] team0: Port device team_slave_1 added [ 199.936064][ T5777] Bluetooth: hci3: command tx timeout [ 200.015746][ T5777] Bluetooth: hci4: command tx timeout [ 200.026219][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.034771][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.042627][ T5771] bridge_slave_1: entered allmulticast mode [ 200.052234][ T5771] bridge_slave_1: entered promiscuous mode [ 200.076649][ T5781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 200.099395][ T5781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 200.165887][ T5778] team0: Port device team_slave_0 added [ 200.256432][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 200.263512][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 200.290019][ T5775] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 200.310671][ T5778] team0: Port device team_slave_1 added [ 200.323814][ T5779] team0: Port device team_slave_0 added [ 200.387578][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 200.394687][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 200.421405][ T5775] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 200.467732][ T5779] team0: Port device team_slave_1 added [ 200.482706][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 200.502232][ T5781] team0: Port device team_slave_0 added [ 200.612029][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 200.657206][ T5781] team0: Port device team_slave_1 added [ 200.669088][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 200.676741][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 200.703785][ T5778] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 200.830907][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 200.838310][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 200.865030][ T5778] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 200.879860][ T5779] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 200.887131][ T5779] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 200.914124][ T5779] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 200.934751][ T5771] team0: Port device team_slave_0 added [ 201.019950][ T5779] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 201.027343][ T5779] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 201.054000][ T5779] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 201.096319][ T5771] team0: Port device team_slave_1 added [ 201.104502][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 201.112010][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 201.139330][ T5781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 201.164402][ T5775] hsr_slave_0: entered promiscuous mode [ 201.173964][ T5775] hsr_slave_1: entered promiscuous mode [ 201.251410][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 201.258956][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 201.285616][ T5781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 201.450964][ T5778] hsr_slave_0: entered promiscuous mode [ 201.460789][ T5778] hsr_slave_1: entered promiscuous mode [ 201.469383][ T5778] debugfs: 'hsr0' already exists in 'hsr' [ 201.475254][ T5778] Cannot create hsr debugfs directory [ 201.484433][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 201.491751][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 201.518224][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 201.590601][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 201.597966][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 201.624327][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 201.662165][ T5779] hsr_slave_0: entered promiscuous mode [ 201.671392][ T5779] hsr_slave_1: entered promiscuous mode [ 201.680255][ T5779] debugfs: 'hsr0' already exists in 'hsr' [ 201.686270][ T5779] Cannot create hsr debugfs directory [ 201.856938][ T5777] Bluetooth: hci0: command tx timeout [ 201.862593][ T5777] Bluetooth: hci2: command tx timeout [ 201.935725][ T5777] Bluetooth: hci1: command tx timeout [ 201.971701][ T5781] hsr_slave_0: entered promiscuous mode [ 201.980816][ T5781] hsr_slave_1: entered promiscuous mode [ 201.989647][ T5781] debugfs: 'hsr0' already exists in 'hsr' [ 201.995711][ T5781] Cannot create hsr debugfs directory [ 202.015672][ T5777] Bluetooth: hci3: command tx timeout [ 202.095603][ T5777] Bluetooth: hci4: command tx timeout [ 202.164577][ T5771] hsr_slave_0: entered promiscuous mode [ 202.173523][ T5771] hsr_slave_1: entered promiscuous mode [ 202.182526][ T5771] debugfs: 'hsr0' already exists in 'hsr' [ 202.188481][ T5771] Cannot create hsr debugfs directory [ 203.353615][ T5775] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 203.379369][ T5775] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 203.400835][ T5775] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 203.438031][ T5775] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 203.583451][ T5778] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 203.607192][ T5778] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 203.668534][ T5778] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 203.695791][ T5778] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 203.892294][ T5779] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 203.919866][ T5779] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 203.935708][ T5777] Bluetooth: hci2: command tx timeout [ 203.935808][ T5073] Bluetooth: hci0: command tx timeout [ 203.969263][ T5779] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 204.002843][ T5779] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 204.015894][ T5073] Bluetooth: hci1: command tx timeout [ 204.114354][ T5073] Bluetooth: hci3: command tx timeout [ 204.133657][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 204.145885][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 204.175952][ T5777] Bluetooth: hci4: command tx timeout [ 204.303631][ T5771] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 204.371448][ T5771] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 204.440063][ T5771] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 204.468144][ T5771] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 204.720138][ T5775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.784987][ T5781] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 204.813766][ T5781] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 204.884756][ T5781] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 204.916814][ T5781] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 205.169405][ T5775] 8021q: adding VLAN 0 to HW filter on device team0 [ 205.263211][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.270992][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.329473][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.337173][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.431420][ T5778] 8021q: adding VLAN 0 to HW filter on device bond0 [ 205.664832][ T5778] 8021q: adding VLAN 0 to HW filter on device team0 [ 205.780841][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 205.838819][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.846280][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.942080][ T5779] 8021q: adding VLAN 0 to HW filter on device bond0 [ 205.979882][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.987451][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 206.088005][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 206.221585][ T5781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 206.249529][ T5779] 8021q: adding VLAN 0 to HW filter on device team0 [ 206.290572][ T1029] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.298360][ T1029] bridge0: port 1(bridge_slave_0) entered forwarding state [ 206.408934][ T1029] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.416588][ T1029] bridge0: port 1(bridge_slave_0) entered forwarding state [ 206.473999][ T34] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.481696][ T34] bridge0: port 2(bridge_slave_1) entered forwarding state [ 206.603702][ T3494] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.611382][ T3494] bridge0: port 2(bridge_slave_1) entered forwarding state [ 206.660907][ T5781] 8021q: adding VLAN 0 to HW filter on device team0 [ 206.709218][ T1133] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.716658][ T1133] bridge0: port 1(bridge_slave_0) entered forwarding state [ 206.916604][ T3494] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.924152][ T3494] bridge0: port 2(bridge_slave_1) entered forwarding state [ 207.200973][ T5775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 208.639804][ T5778] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 209.231541][ T5779] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 209.345962][ T5778] veth0_vlan: entered promiscuous mode [ 209.363770][ T5781] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 209.386248][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 209.532452][ T5778] veth1_vlan: entered promiscuous mode [ 209.647250][ T5775] veth0_vlan: entered promiscuous mode [ 209.824092][ T5775] veth1_vlan: entered promiscuous mode [ 209.852991][ T5779] veth0_vlan: entered promiscuous mode [ 209.973246][ T5778] veth0_macvtap: entered promiscuous mode [ 210.030569][ T5778] veth1_macvtap: entered promiscuous mode [ 210.100605][ T5781] veth0_vlan: entered promiscuous mode [ 210.109997][ T5779] veth1_vlan: entered promiscuous mode [ 210.171464][ T5771] veth0_vlan: entered promiscuous mode [ 210.288801][ T5781] veth1_vlan: entered promiscuous mode [ 210.314111][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 210.325465][ T5775] veth0_macvtap: entered promiscuous mode [ 210.368045][ T5771] veth1_vlan: entered promiscuous mode [ 210.401353][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 210.435087][ T5775] veth1_macvtap: entered promiscuous mode [ 210.521953][ T1029] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.535888][ T1029] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.544936][ T1029] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.607430][ T1029] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.711526][ T5779] veth0_macvtap: entered promiscuous mode [ 210.818074][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 210.827508][ T5779] veth1_macvtap: entered promiscuous mode [ 210.971869][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 211.029643][ T5781] veth0_macvtap: entered promiscuous mode [ 211.063954][ T5771] veth0_macvtap: entered promiscuous mode [ 211.167773][ T5781] veth1_macvtap: entered promiscuous mode [ 211.179500][ T57] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.194684][ T57] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.256245][ T5779] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 211.272171][ T5771] veth1_macvtap: entered promiscuous mode [ 211.317076][ T57] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.327495][ T57] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.427614][ T5779] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 211.580315][ T1029] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.607784][ T1029] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.658036][ T1029] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.676671][ T34] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.704050][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 211.805933][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 211.848324][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 211.962446][ T34] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.986912][ T34] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.069842][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 212.089083][ T34] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.120638][ T34] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.309558][ T34] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.339727][ T34] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.408624][ T34] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.450528][ T34] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.764160][ T3494] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 216.801819][ T3494] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 217.168280][ T1029] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 217.197061][ T1029] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 217.690688][ T5778] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 217.875630][ T1029] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 217.905626][ T1029] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.271925][ T1133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 218.280604][ T1133] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.716740][ T5958] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 218.824765][ T1133] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 218.871206][ T1133] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 219.128482][ T5959] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3'. [ 219.553049][ T5959] bridge_slave_1: left allmulticast mode [ 219.581760][ T5959] bridge_slave_1: left promiscuous mode [ 219.597574][ T5959] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.669750][ T5959] bridge_slave_0: left allmulticast mode [ 219.686305][ T5959] bridge_slave_0: left promiscuous mode [ 219.693939][ T5959] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.289738][ T3494] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 220.311479][ T3494] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 220.411877][ T3494] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 220.455781][ T3494] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 220.876244][ T1029] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 220.886875][ T1029] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 221.488648][ T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 221.510981][ T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 221.962106][ T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 222.008020][ T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 223.045517][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 223.148475][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 223.967035][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 224.786372][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!! [ 224.888652][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 225.196501][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!! [ 225.227142][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 225.298802][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 228.268215][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!! [ 228.580322][ T5989] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 231.647055][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 242.179395][ T6023] netlink: 'syz.3.21': attribute type 2 has an invalid length. [ 242.188970][ T6023] netlink: 'syz.3.21': attribute type 1 has an invalid length. [ 245.611169][ T5073] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 245.667185][ T5073] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 245.686305][ T5073] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 245.717353][ T5073] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 245.732649][ T5073] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 246.603783][ T6040] netlink: 16 bytes leftover after parsing attributes in process `syz.4.26'. [ 248.384844][ T5073] Bluetooth: hci5: command tx timeout [ 248.538597][ T6027] uprobe: syz.3.24:6027 failed to unregister, leaking uprobe [ 248.878900][ T6027] uprobe: syz.3.24:6027 failed to unregister, leaking uprobe [ 248.882376][ T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 250.358893][ T10] usb 2-1: device descriptor read/all, error -71 [ 250.418513][ T5073] Bluetooth: hci5: command tx timeout [ 251.154049][ T6056] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2139632632 (8558530528 ns) > initial count (4400489236 ns). Using initial count to start timer. [ 252.308318][ T6028] chnl_net:caif_netlink_parms(): no params data found [ 252.495993][ T5073] Bluetooth: hci5: command tx timeout [ 254.586352][ T5073] Bluetooth: hci5: command tx timeout [ 255.648307][ T6078] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 256.603283][ T6028] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.649788][ T6028] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.698326][ T6028] bridge_slave_0: entered allmulticast mode [ 256.902248][ T6028] bridge_slave_0: entered promiscuous mode [ 256.973811][ T6028] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.997007][ T6028] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.004864][ T6028] bridge_slave_1: entered allmulticast mode [ 257.075957][ T6028] bridge_slave_1: entered promiscuous mode [ 257.744124][ T6028] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 257.898190][ T6028] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 258.596324][ T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 258.667744][ T6028] team0: Port device team_slave_0 added [ 258.797244][ T6028] team0: Port device team_slave_1 added [ 258.848562][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 258.879303][ T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 258.943092][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 259.007121][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 259.023382][ T1029] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.095000][ T10] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 259.155848][ T10] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 259.250166][ T10] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 259.265610][ T10] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 259.296648][ T10] usb 4-1: Manufacturer: syz [ 259.342551][ T10] usb 4-1: config 0 descriptor?? [ 259.452856][ T1029] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.762124][ T6028] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 259.785662][ T6028] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 259.931760][ T6028] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 260.081630][ T1029] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.160165][ T6028] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 260.195817][ T10] rc_core: IR keymap rc-hauppauge not found [ 260.201945][ T10] Registered IR keymap rc-empty [ 260.223769][ T6028] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 260.266175][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 260.311114][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 260.357964][ T6028] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 260.423325][ T10] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 260.463360][ T1029] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.543863][ T10] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input5 [ 260.687753][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 260.796015][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 260.908826][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 260.984847][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 261.065839][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 261.140066][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 261.191223][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 261.255846][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 261.300746][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 261.395991][ T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 261.550461][ T10] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 261.593453][ T10] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 261.726712][ T6028] hsr_slave_0: entered promiscuous mode [ 261.760585][ T10] usb 4-1: USB disconnect, device number 2 [ 261.849285][ T6028] hsr_slave_1: entered promiscuous mode [ 262.087801][ T6028] debugfs: 'hsr0' already exists in 'hsr' [ 262.093777][ T6028] Cannot create hsr debugfs directory [ 262.678668][ T6092] netlink: 8 bytes leftover after parsing attributes in process `syz.3.38'. [ 264.137936][ T5777] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 264.157838][ T5777] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 264.176112][ T5777] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 264.190059][ T5777] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 264.231454][ T5777] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 264.265519][ T5928] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 264.497504][ T5928] usb 4-1: Using ep0 maxpacket: 8 [ 264.550662][ T5928] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 264.592342][ T5928] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 264.671096][ T5928] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 264.715701][ T5928] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 264.800410][ T5928] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 264.859668][ T5928] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.210147][ T5928] usb 4-1: usb_control_msg returned -32 [ 265.267920][ T5928] usbtmc 4-1:16.0: can't read capabilities [ 265.398214][ T5928] usb 4-1: USB disconnect, device number 3 [ 265.434754][ T1029] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 265.554333][ T1029] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 265.567878][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 265.574563][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 265.638968][ T1029] bond0 (unregistering): Released all slaves [ 266.337639][ T5073] Bluetooth: hci2: command tx timeout [ 268.616174][ T5073] Bluetooth: hci2: command tx timeout [ 270.659619][ T5073] Bluetooth: hci2: command tx timeout [ 271.890666][ T6108] Zero length message leads to an empty skb [ 273.695751][ T5073] Bluetooth: hci2: command tx timeout [ 277.659739][ T5777] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 278.468845][ T5777] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 278.480446][ T5777] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 278.510173][ T5777] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 278.537062][ T5777] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 278.839222][ T1029] hsr_slave_0: left promiscuous mode [ 278.875137][ T1029] hsr_slave_1: left promiscuous mode [ 278.901815][ T6121] netlink: 36 bytes leftover after parsing attributes in process `syz.4.47'. [ 278.901916][ T1029] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 278.919121][ T1029] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 278.933667][ T1029] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 278.942902][ T1029] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 279.008552][ T1029] veth1_macvtap: left promiscuous mode [ 279.014935][ T1029] veth0_macvtap: left promiscuous mode [ 279.025061][ T1029] veth1_vlan: left promiscuous mode [ 279.038051][ T1029] veth0_vlan: left promiscuous mode [ 280.242999][ T1029] team0 (unregistering): Port device team_slave_1 removed [ 280.279442][ T1029] team0 (unregistering): Port device team_slave_0 removed [ 280.658815][ T5777] Bluetooth: hci0: command tx timeout [ 282.805071][ T5777] Bluetooth: hci0: command tx timeout [ 284.935977][ T5777] Bluetooth: hci0: command tx timeout [ 285.787022][ T6028] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 285.871661][ T6028] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 286.083879][ T6028] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 286.158646][ T6028] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 286.471984][ T1029] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 286.747596][ T1029] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 286.976228][ T5777] Bluetooth: hci0: command tx timeout [ 287.017834][ T1029] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.363779][ T1029] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.660749][ T6095] chnl_net:caif_netlink_parms(): no params data found [ 288.915623][ T5826] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 288.971413][ T1029] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.046083][ T6115] chnl_net:caif_netlink_parms(): no params data found [ 289.085752][ T5826] usb 5-1: Using ep0 maxpacket: 8 [ 289.124988][ T5826] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 289.151648][ T5826] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 289.171804][ T5826] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 289.183990][ T5826] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 289.203029][ T5826] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 289.213879][ T5826] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.228885][ T1029] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.502707][ T5826] usb 5-1: GET_CAPABILITIES returned 0 [ 289.525941][ T5826] usbtmc 5-1:16.0: can't read capabilities [ 289.601884][ T1029] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.726094][ T5828] usb 5-1: USB disconnect, device number 2 [ 290.053116][ T1029] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.228220][ T6095] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.241924][ T6095] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.251473][ T6095] bridge_slave_0: entered allmulticast mode [ 290.262990][ T6095] bridge_slave_0: entered promiscuous mode [ 290.340182][ T6095] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.366752][ T6095] bridge0: port 2(bridge_slave_1) entered disabled state [ 290.374718][ T6095] bridge_slave_1: entered allmulticast mode [ 290.401471][ T6095] bridge_slave_1: entered promiscuous mode [ 290.780840][ T6095] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 290.887804][ T6028] 8021q: adding VLAN 0 to HW filter on device bond0 [ 291.194876][ T6095] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 293.150105][ T24] libceph: connect (1)[c::]:6789 error -101 [ 293.159107][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 293.281169][ T6095] team0: Port device team_slave_0 added [ 293.342529][ T6115] bridge0: port 1(bridge_slave_0) entered blocking state [ 293.350555][ T6115] bridge0: port 1(bridge_slave_0) entered disabled state [ 293.717341][ T24] libceph: connect (1)[c::]:6789 error -101 [ 293.723735][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 293.746085][ T6115] bridge_slave_0: entered allmulticast mode [ 293.760102][ T6171] ceph: No mds server is up or the cluster is laggy [ 293.807895][ T6115] bridge_slave_0: entered promiscuous mode [ 293.884654][ T6115] bridge0: port 2(bridge_slave_1) entered blocking state [ 293.899488][ T6115] bridge0: port 2(bridge_slave_1) entered disabled state [ 293.916391][ T6115] bridge_slave_1: entered allmulticast mode [ 293.934143][ T6115] bridge_slave_1: entered promiscuous mode [ 294.634831][ T6095] team0: Port device team_slave_1 added [ 297.631342][ T6095] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 300.422042][ T6095] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 300.455775][ T6095] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 301.046052][ T6095] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 301.095514][ T6095] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 301.225465][ T6095] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 301.442640][ T6115] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 301.559049][ T6115] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 301.646178][ T1029] bridge_slave_1: left allmulticast mode [ 301.652067][ T1029] bridge_slave_1: left promiscuous mode [ 301.681702][ T6195] netlink: 36 bytes leftover after parsing attributes in process `syz.4.55'. [ 301.715066][ T1029] bridge0: port 2(bridge_slave_1) entered disabled state [ 301.763030][ T1029] bridge_slave_0: left allmulticast mode [ 301.799796][ T1029] bridge_slave_0: left promiscuous mode [ 301.828814][ T1029] bridge0: port 1(bridge_slave_0) entered disabled state [ 301.929446][ T1029] bridge_slave_1: left allmulticast mode [ 301.944177][ T1029] bridge_slave_1: left promiscuous mode [ 301.973029][ T1029] bridge0: port 2(bridge_slave_1) entered disabled state [ 302.018208][ T5073] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 302.036249][ T5073] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 302.047735][ T5073] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 302.066123][ T1029] bridge_slave_0: left allmulticast mode [ 302.072817][ T1029] bridge_slave_0: left promiscuous mode [ 302.089799][ T5073] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 302.103972][ T1029] bridge0: port 1(bridge_slave_0) entered disabled state [ 302.119171][ T5073] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 303.277008][ T1029] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 303.329697][ T1029] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 303.367177][ T1029] bond0 (unregistering): Released all slaves [ 303.728530][ T1029] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 303.750002][ T1029] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 303.772343][ T1029] bond0 (unregistering): Released all slaves [ 305.540347][ T5777] Bluetooth: hci3: command tx timeout [ 307.989991][ T5777] Bluetooth: hci3: command tx timeout [ 308.374983][ T6115] team0: Port device team_slave_0 added [ 308.469648][ T6115] team0: Port device team_slave_1 added [ 308.931689][ T6095] hsr_slave_0: entered promiscuous mode [ 308.975777][ T6095] hsr_slave_1: entered promiscuous mode [ 308.998754][ T6095] debugfs: 'hsr0' already exists in 'hsr' [ 309.017067][ T6095] Cannot create hsr debugfs directory [ 309.045631][ T6115] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 309.066435][ T6115] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 309.130436][ T6115] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 309.171060][ T6115] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 309.191906][ T6115] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 309.245980][ T6115] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 310.065953][ T5777] Bluetooth: hci3: command tx timeout [ 311.017789][ T10] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 311.049209][ T6115] hsr_slave_0: entered promiscuous mode [ 311.091335][ T6115] hsr_slave_1: entered promiscuous mode [ 311.122385][ T6115] debugfs: 'hsr0' already exists in 'hsr' [ 311.150194][ T6115] Cannot create hsr debugfs directory [ 311.223183][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 311.262927][ T10] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 311.325784][ T10] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 311.385928][ T10] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 311.422232][ T10] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 311.475879][ T10] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 311.502243][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 311.777599][ T10] usb 4-1: GET_CAPABILITIES returned 2f [ 311.794424][ T10] usbtmc 4-1:16.0: can't read capabilities [ 311.989942][ T10] usb 4-1: USB disconnect, device number 4 [ 312.095689][ T5777] Bluetooth: hci3: command tx timeout [ 313.520389][ T6244] xt_hashlimit: size too large, truncated to 1048576 [ 314.611598][ T1029] hsr_slave_0: left promiscuous mode [ 314.649558][ T1029] hsr_slave_1: left promiscuous mode [ 314.711624][ T1029] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 314.748591][ T1029] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 314.839814][ T1029] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 314.876184][ T1029] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 314.993204][ T1029] hsr_slave_0: left promiscuous mode [ 315.079349][ T1029] hsr_slave_1: left promiscuous mode [ 315.110217][ T1029] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 315.175668][ T1029] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 315.218546][ T1029] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 315.266068][ T1029] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 315.458043][ T1029] veth1_macvtap: left promiscuous mode [ 315.487425][ T1029] veth0_macvtap: left promiscuous mode [ 315.493640][ T1029] veth1_vlan: left promiscuous mode [ 315.547299][ T1029] veth0_vlan: left promiscuous mode [ 315.579416][ T1029] veth1_macvtap: left promiscuous mode [ 315.585209][ T1029] veth0_macvtap: left promiscuous mode [ 315.601960][ T1029] veth1_vlan: left promiscuous mode [ 315.633119][ T1029] veth0_vlan: left promiscuous mode [ 317.778314][ T1029] team0 (unregistering): Port device team_slave_1 removed [ 317.822288][ T1029] team0 (unregistering): Port device team_slave_0 removed [ 318.824824][ T5783] Bluetooth: hci4: command 0x0406 tx timeout [ 318.831380][ T49] Bluetooth: hci1: command 0x0406 tx timeout [ 318.970746][ T1029] team0 (unregistering): Port device team_slave_1 removed [ 319.063179][ T1029] team0 (unregistering): Port device team_slave_0 removed [ 320.474349][ T6262] netlink: 8 bytes leftover after parsing attributes in process `syz.4.62'. [ 320.522329][ T6262] netlink: 40 bytes leftover after parsing attributes in process `syz.4.62'. [ 320.640489][ T5073] Bluetooth: hci4: unexpected event for opcode 0x040d [ 321.636016][ C1] ===================================================== [ 321.643381][ C1] BUG: KMSAN: uninit-value in __flush_smp_call_function_queue+0x362/0x18e0 [ 321.652210][ C1] __flush_smp_call_function_queue+0x362/0x18e0 [ 321.658679][ C1] generic_smp_call_function_single_interrupt+0x1c/0x30 [ 321.665837][ C1] __sysvec_call_function_single+0x4b/0x3e0 [ 321.671943][ C1] sysvec_call_function_single+0x7c/0x90 [ 321.677768][ C1] asm_sysvec_call_function_single+0x1f/0x30 [ 321.683964][ C1] virt_to_page_or_null+0xd7/0x170 [ 321.689294][ C1] kmsan_get_metadata+0xf1/0x160 [ 321.694500][ C1] kmsan_get_shadow_origin_ptr+0x35/0xb0 [ 321.700382][ C1] __msan_metadata_ptr_for_load_4+0x24/0x40 [ 321.706490][ C1] on_stack+0x7e/0x1f0 [ 321.710759][ C1] update_stack_state+0xa7/0x1c0 [ 321.715913][ C1] unwind_next_frame+0x116/0x350 [ 321.721059][ C1] arch_stack_walk+0x1b0/0x280 [ 321.726011][ C1] stack_trace_save+0xc2/0x100 [ 321.730966][ C1] kmsan_internal_poison_memory+0x4a/0x90 [ 321.736880][ C1] kmsan_slab_alloc+0xdc/0x160 [ 321.741850][ C1] kmem_cache_alloc_lru_noprof+0x382/0x1280 [ 321.747959][ C1] __d_alloc+0x55/0xa00 [ 321.752290][ C1] d_alloc+0x57/0x300 [ 321.756443][ C1] lookup_one_qstr_excl+0x1a1/0x7b0 [ 321.761932][ C1] start_dirop+0x70/0x120 [ 321.766437][ C1] simple_start_creating+0x13d/0x180 [ 321.771920][ C1] debugfs_start_creating+0x19a/0x390 [ 321.777581][ C1] __debugfs_create_file+0xab/0x850 [ 321.783004][ C1] debugfs_create_file_full+0x60/0x80 [ 321.788566][ C1] nsim_udp_tunnels_info_create+0x2ba/0x7c0 [ 321.794655][ C1] nsim_create+0x757/0x1bf0 [ 321.799312][ C1] __nsim_dev_port_add+0xcc3/0x1480 [ 321.804710][ C1] nsim_dev_port_add_all+0x65/0x1f0 [ 321.810115][ C1] nsim_drv_probe+0x153f/0x1820 [ 321.815237][ C1] nsim_bus_probe+0x2e/0x40 [ 321.819918][ C1] really_probe+0x4d5/0xe40 [ 321.824569][ C1] __driver_probe_device+0x25e/0x370 [ 321.830147][ C1] driver_probe_device+0x70/0x8f0 [ 321.835332][ C1] __device_attach_driver+0x4ee/0x950 [ 321.840884][ C1] bus_for_each_drv+0x3e3/0x680 [ 321.845950][ C1] __device_attach+0x3c5/0x5f0 [ 321.850920][ C1] device_initial_probe+0x126/0x170 [ 321.856329][ C1] bus_probe_device+0x287/0x530 [ 321.861379][ C1] device_add+0x12a9/0x1c00 [ 321.866119][ C1] device_register+0x36/0x40 [ 321.870895][ C1] new_device_store+0x483/0xc10 [ 321.875935][ C1] bus_attr_store+0x92/0xf0 [ 321.880647][ C1] sysfs_kf_write+0x208/0x2f0 [ 321.885521][ C1] kernfs_fop_write_iter+0x5f9/0xa90 [ 321.891014][ C1] vfs_write+0xbe1/0x15c0 [ 321.895544][ C1] ksys_write+0x1d9/0x470 [ 321.900116][ C1] __x64_sys_write+0x97/0xf0 [ 321.904910][ C1] x64_sys_call+0x2ff0/0x3ea0 [ 321.909815][ C1] do_syscall_64+0x134/0xf80 [ 321.914586][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.920650][ C1] [ 321.923143][ C1] Local variable tmp created at: [ 321.928173][ C1] number+0x83/0x2190 [ 321.932453][ C1] vsnprintf+0xd0d/0x1b00 [ 321.936981][ C1] [ 321.939445][ C1] CPU: 1 UID: 0 PID: 6095 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 321.949164][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 321.959350][ C1] ===================================================== [ 321.966477][ C1] Disabling lock debugging due to kernel taint [ 321.972765][ C1] Kernel panic - not syncing: kmsan.panic set ... [ 321.979419][ C1] CPU: 1 UID: 0 PID: 6095 Comm: syz-executor Tainted: G B syzkaller #0 PREEMPT(full) [ 321.990656][ C1] Tainted: [B]=BAD_PAGE [ 321.994951][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 322.005153][ C1] Call Trace: [ 322.008538][ C1] [ 322.011494][ C1] __dump_stack+0x26/0x30 [ 322.016033][ C1] dump_stack_lvl+0x50/0x1c0 [ 322.020811][ C1] ? dump_stack+0x12/0x25 [ 322.025324][ C1] dump_stack+0x1e/0x25 [ 322.029659][ C1] vpanic+0x7b4/0x1430 [ 322.033946][ C1] panic+0x15d/0x160 [ 322.038078][ C1] kmsan_report+0x31a/0x320 [ 322.042815][ C1] ? __msan_warning+0x1b/0x30 [ 322.047713][ C1] ? __flush_smp_call_function_queue+0x362/0x18e0 [ 322.054408][ C1] ? generic_smp_call_function_single_interrupt+0x1c/0x30 [ 322.061726][ C1] ? __sysvec_call_function_single+0x4b/0x3e0 [ 322.067995][ C1] ? sysvec_call_function_single+0x7c/0x90 [ 322.074012][ C1] ? asm_sysvec_call_function_single+0x1f/0x30 [ 322.080412][ C1] ? virt_to_page_or_null+0xd7/0x170 [ 322.086167][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 322.091548][ C1] ? kmsan_get_shadow_origin_ptr+0x35/0xb0 [ 322.097611][ C1] ? __msan_metadata_ptr_for_load_4+0x24/0x40 [ 322.103916][ C1] ? on_stack+0x7e/0x1f0 [ 322.108464][ C1] ? update_stack_state+0xa7/0x1c0 [ 322.113784][ C1] ? unwind_next_frame+0x116/0x350 [ 322.119290][ C1] ? arch_stack_walk+0x1b0/0x280 [ 322.124423][ C1] ? stack_trace_save+0xc2/0x100 [ 322.129553][ C1] ? kmsan_internal_poison_memory+0x4a/0x90 [ 322.135650][ C1] ? kmsan_slab_alloc+0xdc/0x160 [ 322.140799][ C1] ? kmem_cache_alloc_lru_noprof+0x382/0x1280 [ 322.147043][ C1] ? __d_alloc+0x55/0xa00 [ 322.151576][ C1] ? d_alloc+0x57/0x300 [ 322.155891][ C1] ? lookup_one_qstr_excl+0x1a1/0x7b0 [ 322.161447][ C1] ? start_dirop+0x70/0x120 [ 322.166115][ C1] ? simple_start_creating+0x13d/0x180 [ 322.171803][ C1] ? debugfs_start_creating+0x19a/0x390 [ 322.177574][ C1] ? __debugfs_create_file+0xab/0x850 [ 322.183137][ C1] ? debugfs_create_file_full+0x60/0x80 [ 322.188934][ C1] ? nsim_udp_tunnels_info_create+0x2ba/0x7c0 [ 322.195218][ C1] ? nsim_create+0x757/0x1bf0 [ 322.200072][ C1] ? __nsim_dev_port_add+0xcc3/0x1480 [ 322.205643][ C1] ? nsim_dev_port_add_all+0x65/0x1f0 [ 322.211203][ C1] ? nsim_drv_probe+0x153f/0x1820 [ 322.216397][ C1] ? nsim_bus_probe+0x2e/0x40 [ 322.221240][ C1] ? really_probe+0x4d5/0xe40 [ 322.226074][ C1] ? __driver_probe_device+0x25e/0x370 [ 322.231757][ C1] ? driver_probe_device+0x70/0x8f0 [ 322.237210][ C1] ? __device_attach_driver+0x4ee/0x950 [ 322.243003][ C1] ? bus_for_each_drv+0x3e3/0x680 [ 322.248206][ C1] ? __device_attach+0x3c5/0x5f0 [ 322.253532][ C1] ? device_initial_probe+0x126/0x170 [ 322.259126][ C1] ? bus_probe_device+0x287/0x530 [ 322.264329][ C1] ? device_add+0x12a9/0x1c00 [ 322.269240][ C1] ? device_register+0x36/0x40 [ 322.274205][ C1] ? new_device_store+0x483/0xc10 [ 322.279414][ C1] ? bus_attr_store+0x92/0xf0 [ 322.284468][ C1] ? sysfs_kf_write+0x208/0x2f0 [ 322.289560][ C1] ? kernfs_fop_write_iter+0x5f9/0xa90 [ 322.295223][ C1] ? vfs_write+0xbe1/0x15c0 [ 322.299930][ C1] ? ksys_write+0x1d9/0x470 [ 322.304622][ C1] ? __x64_sys_write+0x97/0xf0 [ 322.309576][ C1] ? x64_sys_call+0x2ff0/0x3ea0 [ 322.314653][ C1] ? do_syscall_64+0x134/0xf80 [ 322.319688][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.325948][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 322.331998][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 322.337336][ C1] __msan_warning+0x1b/0x30 [ 322.342130][ C1] __flush_smp_call_function_queue+0x362/0x18e0 [ 322.348563][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 322.354631][ C1] generic_smp_call_function_single_interrupt+0x1c/0x30 [ 322.361854][ C1] __sysvec_call_function_single+0x4b/0x3e0 [ 322.367961][ C1] sysvec_call_function_single+0x7c/0x90 [ 322.373779][ C1] [ 322.376832][ C1] [ 322.379899][ C1] asm_sysvec_call_function_single+0x1f/0x30 [ 322.386196][ C1] RIP: 0010:virt_to_page_or_null+0xd7/0x170 [ 322.392346][ C1] Code: ff 05 e5 19 d9 12 48 85 c9 74 09 4c 8b 01 41 f6 c0 02 75 5b 65 ff 0d d0 19 d9 12 0f 84 8a 00 00 00 31 f6 65 ff 0d c1 19 d9 12 <85> f6 5d 0f 84 4c ff ff ff 48 81 ff 00 00 00 80 72 09 48 8b 0d 90 [ 322.412217][ C1] RSP: 0018:ffff88803a4469b8 EFLAGS: 00000286 [ 322.418463][ C1] RAX: ffff8880ba446b48 RBX: ffff88803a446b48 RCX: ffff88813fffab30 [ 322.426617][ C1] RDX: 000000003a446b48 RSI: 0000000000000001 RDI: ffff88803a446b48 [ 322.434729][ C1] RBP: ffff88803a4469b8 R08: ffffea000000000f R09: ffff88803a448000 [ 322.442848][ C1] R10: ffff88803a444000 R11: ffffffff81dcf260 R12: ffff88803a446b48 [ 322.450976][ C1] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000 [ 322.459083][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 322.465504][ C1] kmsan_get_metadata+0xf1/0x160 [ 322.470688][ C1] kmsan_get_shadow_origin_ptr+0x35/0xb0 [ 322.476747][ C1] __msan_metadata_ptr_for_load_4+0x24/0x40 [ 322.482896][ C1] on_stack+0x7e/0x1f0 [ 322.487216][ C1] update_stack_state+0xa7/0x1c0 [ 322.492408][ C1] unwind_next_frame+0x116/0x350 [ 322.497653][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 322.504031][ C1] arch_stack_walk+0x1b0/0x280 [ 322.509015][ C1] ? device_register+0x36/0x40 [ 322.513989][ C1] stack_trace_save+0xc2/0x100 [ 322.518973][ C1] kmsan_internal_poison_memory+0x4a/0x90 [ 322.524993][ C1] ? d_alloc+0x57/0x300 [ 322.529496][ C1] ? kmsan_internal_poison_memory+0x4a/0x90 [ 322.535595][ C1] ? kmsan_slab_alloc+0xdc/0x160 [ 322.540733][ C1] ? kmem_cache_alloc_lru_noprof+0x382/0x1280 [ 322.546979][ C1] ? __d_alloc+0x55/0xa00 [ 322.551677][ C1] ? d_alloc+0x57/0x300 [ 322.556180][ C1] ? lookup_one_qstr_excl+0x1a1/0x7b0 [ 322.561738][ C1] ? start_dirop+0x70/0x120 [ 322.566433][ C1] ? simple_start_creating+0x13d/0x180 [ 322.572173][ C1] ? debugfs_start_creating+0x19a/0x390 [ 322.577918][ C1] ? __debugfs_create_file+0xab/0x850 [ 322.583496][ C1] ? debugfs_create_file_full+0x60/0x80 [ 322.589251][ C1] ? nsim_udp_tunnels_info_create+0x2ba/0x7c0 [ 322.595514][ C1] ? nsim_create+0x757/0x1bf0 [ 322.600360][ C1] ? __nsim_dev_port_add+0xcc3/0x1480 [ 322.606108][ C1] ? nsim_dev_port_add_all+0x65/0x1f0 [ 322.611752][ C1] ? nsim_drv_probe+0x153f/0x1820 [ 322.616970][ C1] ? nsim_bus_probe+0x2e/0x40 [ 322.621833][ C1] ? really_probe+0x4d5/0xe40 [ 322.626677][ C1] ? __driver_probe_device+0x25e/0x370 [ 322.632367][ C1] ? driver_probe_device+0x70/0x8f0 [ 322.637811][ C1] ? __device_attach_driver+0x4ee/0x950 [ 322.643723][ C1] ? bus_for_each_drv+0x3e3/0x680 [ 322.649175][ C1] ? __device_attach+0x3c5/0x5f0 [ 322.654363][ C1] ? device_initial_probe+0x126/0x170 [ 322.659960][ C1] ? bus_probe_device+0x287/0x530 [ 322.665171][ C1] ? device_add+0x12a9/0x1c00 [ 322.670096][ C1] ? device_register+0x36/0x40 [ 322.675044][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 322.680396][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 322.686580][ C1] ? should_fail_ex+0x45/0x8c0 [ 322.691633][ C1] ? stack_depot_save_flags+0x35/0x790 [ 322.697288][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 322.702643][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 322.707992][ C1] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 322.714541][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 322.719876][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 322.726107][ C1] kmsan_slab_alloc+0xdc/0x160 [ 322.731073][ C1] kmem_cache_alloc_lru_noprof+0x382/0x1280 [ 322.737166][ C1] ? __d_alloc+0x55/0xa00 [ 322.741736][ C1] __d_alloc+0x55/0xa00 [ 322.746088][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 322.751444][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 322.757484][ C1] d_alloc+0x57/0x300 [ 322.761647][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 322.766991][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 322.773042][ C1] lookup_one_qstr_excl+0x1a1/0x7b0 [ 322.778509][ C1] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 322.784819][ C1] start_dirop+0x70/0x120 [ 322.789364][ C1] simple_start_creating+0x13d/0x180 [ 322.794872][ C1] debugfs_start_creating+0x19a/0x390 [ 322.800479][ C1] __debugfs_create_file+0xab/0x850 [ 322.806076][ C1] debugfs_create_file_full+0x60/0x80 [ 322.811663][ C1] nsim_udp_tunnels_info_create+0x2ba/0x7c0 [ 322.817763][ C1] nsim_create+0x757/0x1bf0 [ 322.822434][ C1] ? dput+0x5d/0xa0 [ 322.826520][ C1] ? simple_done_creating+0x59/0x80 [ 322.831985][ C1] ? debugfs_create_symlink+0x2c2/0x4a0 [ 322.837743][ C1] __nsim_dev_port_add+0xcc3/0x1480 [ 322.843202][ C1] nsim_dev_port_add_all+0x65/0x1f0 [ 322.848608][ C1] nsim_drv_probe+0x153f/0x1820 [ 322.853772][ C1] ? __pfx_nsim_bus_probe+0x10/0x10 [ 322.859145][ C1] nsim_bus_probe+0x2e/0x40 [ 322.863812][ C1] really_probe+0x4d5/0xe40 [ 322.868507][ C1] __driver_probe_device+0x25e/0x370 [ 322.874034][ C1] driver_probe_device+0x70/0x8f0 [ 322.879309][ C1] ? kmsan_get_metadata+0xf1/0x160 [ 322.884657][ C1] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 322.890736][ C1] __device_attach_driver+0x4ee/0x950 [ 322.896351][ C1] bus_for_each_drv+0x3e3/0x680 [ 322.901435][ C1] ? __pfx___device_attach_driver+0x10/0x10 [ 322.907547][ C1] __device_attach+0x3c5/0x5f0 [ 322.912562][ C1] device_initial_probe+0x126/0x170 [ 322.918003][ C1] bus_probe_device+0x287/0x530 [ 322.923270][ C1] device_add+0x12a9/0x1c00 [ 322.928028][ C1] device_register+0x36/0x40 [ 322.932804][ C1] new_device_store+0x483/0xc10 [ 322.937933][ C1] ? __pfx_new_device_store+0x10/0x10 [ 322.943569][ C1] bus_attr_store+0x92/0xf0 [ 322.948279][ C1] ? __pfx_bus_attr_store+0x10/0x10 [ 322.953693][ C1] sysfs_kf_write+0x208/0x2f0 [ 322.958687][ C1] ? __pfx_sysfs_kf_write+0x10/0x10 [ 322.964194][ C1] kernfs_fop_write_iter+0x5f9/0xa90 [ 322.969702][ C1] vfs_write+0xbe1/0x15c0 [ 322.974279][ C1] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 322.980300][ C1] ksys_write+0x1d9/0x470 [ 322.984864][ C1] __x64_sys_write+0x97/0xf0 [ 322.989684][ C1] x64_sys_call+0x2ff0/0x3ea0 [ 322.994596][ C1] do_syscall_64+0x134/0xf80 [ 322.999401][ C1] ? clear_bhb_loop+0x50/0xa0 [ 323.004272][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.010360][ C1] RIP: 0033:0x7f0f4f35cfce [ 323.014930][ C1] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 323.034748][ C1] RSP: 002b:00007ffff4d0be68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 323.043344][ C1] RAX: ffffffffffffffda RBX: 000055557ec1d500 RCX: 00007f0f4f35cfce [ 323.051494][ C1] RDX: 0000000000000003 RSI: 00007ffff4d0bef0 RDI: 0000000000000005 [ 323.059602][ C1] RBP: 00007f0f4f433540 R08: 0000000000000000 R09: 0000000000000000 [ 323.067710][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 323.075918][ C1] R13: 00007ffff4d0bef0 R14: 00007f0f50144620 R15: 0000000000000003 [ 323.084095][ C1] [ 323.087961][ C1] Kernel Offset: disabled [ 323.092448][ C1] Rebooting in 86400 seconds..