last executing test programs: 14.133906886s ago: executing program 3 (id=9): openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000003f01f00040000009a"], 0x48) syz_init_net_socket$rose(0xb, 0x5, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = mq_open(&(0x7f0000000000)='/dev/ptp0\x00', 0x800, 0x100, 0x0) syz_open_dev$loop(0x0, 0xb8a, 0x18b80) syz_open_dev$dvb_frontend(&(0x7f00000003c0), 0x0, 0xe82) mq_timedsend(r2, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x77359400}) pselect6(0x40, &(0x7f00000001c0)={0x0, 0xff00000000000000, 0x5, 0xfffffffffffffffd, 0x8001, 0x0, 0x1000001000, 0x45}, 0x0, &(0x7f0000000080)={0x3ff, 0x4, 0x100000, 0x9, 0x0, 0x10, 0x80000002, 0xff00000000000000}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 13.26140108s ago: executing program 3 (id=11): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000012c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109024a0001100000000904000003fe03010009cd8d1f00020000000905050200067e001009058b1e", @ANYRESHEX], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r1, &(0x7f0000002680)="e7", 0x1) 12.075452544s ago: executing program 1 (id=12): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x61, 0x100001}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_io_uring_setup(0x76b9, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000000), 0x100000040, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000003c0), 0x3) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000004c0)={0x50, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x2000000}, 0x0) getsockopt$bt_hci(r1, 0x11a, 0x3, 0x0, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) removexattr(0x0, &(0x7f0000000300)=ANY=[]) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, 0x0, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0x0, 0x806, 0x5, 0xffffffff}, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000040)={0x28, 0x1, 0x0, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0xfffffffffffffffc}) open(&(0x7f0000000040)='.\x00', 0x0, 0x6c) 11.087095192s ago: executing program 2 (id=3): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x2, @empty, 0xcac2d78a}}, 0x0, 0x0, 0x43, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da55a02ddbe2665dca1029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8) connect$inet6(r0, &(0x7f0000000540)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) writev(r0, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1) shutdown(r0, 0x1) 10.177940948s ago: executing program 1 (id=13): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, 0x0, 0x4000010) r3 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000) accept(r3, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1f, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@call={0x85, 0x0, 0x0, 0x7d}]}, 0x0, 0xa, 0x0, 0x0, 0x41000, 0x1e, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000040)={r4}, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r5, &(0x7f0000000300)=""/102400, 0x19000) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x20b, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x9}]}], {0x14}}, 0x64}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r7, 0x4b52, &(0x7f0000000000)={0x2, {0x2, 0xffff, 0x880}}) syz_emit_ethernet(0x0, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000980)=@newqdisc={0x5c, 0x24, 0xd0f, 0x470bd30, 0x25dfdbff, {0x60, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {0xfff1, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_ingress={0xc}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x5}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x3, 0x0, 0x4, 0x3, 0x2, 0x9, 0x1}}, {0x4}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x44080) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) 10.137209019s ago: executing program 2 (id=14): socket$nl_route(0x10, 0x3, 0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) setrlimit(0x4, &(0x7f0000000240)={0xfe, 0x4}) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x1, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r5 = mq_open(&(0x7f0000000480)='!sel\x00\x00\x00\x10\x00\x00\x00\x00\xd7\\P\xc1\xde.O\xcb]0y\x00\x00\x00\x00\x00\x00\x00\x00', 0x6e93ebbbcc0884f2, 0x196, 0x0) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000fea000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fec000/0x14000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r6 = io_uring_setup(0x1c79, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xd9}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_uring_enter(r6, 0x2219, 0x7721, 0x16, 0x0, 0x0) mq_timedreceive(r5, &(0x7f0000000880)=""/202, 0xca, 0x200000200009, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000280)=0x0) ptrace$peek(0x2, r7, &(0x7f00000002c0)) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r4, 0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000000c0)=r3}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r8}, &(0x7f00000006c0), &(0x7f0000000700)}, 0x20) recvmsg$unix(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x2000) shutdown(0xffffffffffffffff, 0x2) 10.026857034s ago: executing program 0 (id=15): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680)) socket$inet(0x2, 0x4000000000000001, 0x0) socket$kcm(0x11, 0x2, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, 0x0) accept$inet6(0xffffffffffffffff, 0x0, 0x0) fanotify_init(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000004c40)=""/102376, 0x18fe8) syz_pidfd_open(0x0, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) mknod(&(0x7f0000000240)='./file0\x00', 0x1000, 0x10) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x5}, 0x1c) setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000001440)=ANY=[], 0xc0) 7.992568097s ago: executing program 2 (id=16): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000040), 0xfffffffffffffffe, 0x2) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]}) close_range(r1, 0xffffffffffffffff, 0x0) 7.458969647s ago: executing program 0 (id=17): openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000003f01f00040000009a0000"], 0x48) syz_init_net_socket$rose(0xb, 0x5, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = mq_open(&(0x7f0000000000)='/dev/ptp0\x00', 0x800, 0x100, 0x0) syz_open_dev$loop(0x0, 0xb8a, 0x18b80) syz_open_dev$dvb_frontend(&(0x7f00000003c0), 0x0, 0xe82) mq_timedsend(r2, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x77359400}) pselect6(0x40, &(0x7f00000001c0)={0x0, 0xff00000000000000, 0x5, 0xfffffffffffffffd, 0x8001, 0x0, 0x1000001000, 0x45}, 0x0, &(0x7f0000000080)={0x3ff, 0x4, 0x100000, 0x9, 0x0, 0x10, 0x80000002, 0xff00000000000000}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 7.449366845s ago: executing program 1 (id=18): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000007d40)=ANY=[@ANYBLOB], 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000640)={{r0, 0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f00000004c0)='%pi6 \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r1}, 0x4) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x11, &(0x7f0000000340)=ANY=[@ANYBLOB="180200000000000000000000020004008500000097000000b7080000000000007b8af8ff00000000b7080000ffffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="b347d4211a17c1d89ee99b6f73ac", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 7.33602859s ago: executing program 3 (id=19): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeeb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fchdir(0xffffffffffffffff) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x70, 0xff00, 0x90, [0x0, 0x0, 0x0, 0x0, 0x200000001300, 0x200000001330], 0x0, 0x0, &(0x7f0000001300)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}]}, 0x108) 7.24555511s ago: executing program 1 (id=20): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeeb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fchdir(0xffffffffffffffff) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r4 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000400)={0xf0f016, 0x2}) getdents64(r3, &(0x7f0000000200)=""/50, 0x32) getdents(r3, 0xfffffffffffffffd, 0x58) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl(r5, 0x8b2a, &(0x7f0000000040)) r6 = socket$igmp(0x2, 0x3, 0x2) setsockopt$EBT_SO_SET_ENTRIES(r6, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x70, 0xff00, 0x90, [0x0, 0x0, 0x0, 0x0, 0x200000001300, 0x200000001330], 0x0, 0x0, &(0x7f0000001300)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}]}, 0x108) r7 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r7, 0x40085112, &(0x7f0000000040)=@e={0xff, 0xa, 0x0, 0x0, @SEQ_CONTROLLER=0xfe}) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) write$tun(r8, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001000000000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b8002944"], 0xfdef) 5.733470131s ago: executing program 0 (id=21): socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r1, &(0x7f0000000040), 0x10) listen(r1, 0x0) r2 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r2, &(0x7f0000000080), 0x10) sched_setscheduler(0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000280)="fb", 0x1}], 0x1) setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000140)={0x1, 0x9}, 0x8) close(r2) 4.70811725s ago: executing program 3 (id=22): setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x2, @empty, 0xcac2d78a}}, 0x0, 0x0, 0x43, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da55a02ddbe2665dca1029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8) connect$inet6(0xffffffffffffffff, &(0x7f0000000540)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1) shutdown(0xffffffffffffffff, 0x1) 3.846931297s ago: executing program 0 (id=23): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001900010027bd7000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB], 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x4000000) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0) r2 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000080)={0x84, @local, 0x15, 0x3, 'sh\x00', 0x19, 0x5, 0x71}, 0x2c) r3 = socket$kcm(0xa, 0x2, 0x0) r4 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e24, 0x3, 'lc\x00', 0x5, 0x8, 0x77}, {@remote, 0x4e20, 0x10000, 0xc, 0x2}}, 0x44) sendmsg$sock(r3, 0x0, 0x0) sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@sco={0x1f, @none}, 0x80, 0x0, 0x50, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)={0x20, 0x1a, 0x1, 0x0, 0x0, "", [@typed={0xa, 0x3ffc, 0x0, 0x0, @str=':*^${\x00'}, @nested={0x4, 0x1b}]}, 0x20}], 0x1}, 0x0) capset(0x0, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x2}) openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ethtool(0x0, r6) sendmsg$ETHTOOL_MSG_STRSET_GET(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[@ANYBLOB, @ANYRES16=r7, @ANYBLOB="01002dbd70027100c1582100"], 0x2c}, 0x1, 0x0, 0x0, 0x2001}, 0x4010000) 3.593148519s ago: executing program 1 (id=24): socket$nl_route(0x10, 0x3, 0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) setrlimit(0x4, &(0x7f0000000240)={0xfe, 0x4}) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x1, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r5 = mq_open(&(0x7f0000000480)='!sel\x00\x00\x00\x10\x00\x00\x00\x00\xd7\\P\xc1\xde.O\xcb]0y\x00\x00\x00\x00\x00\x00\x00\x00', 0x6e93ebbbcc0884f2, 0x196, 0x0) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000fea000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fec000/0x14000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r6 = io_uring_setup(0x1c79, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xd9}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_uring_enter(r6, 0x2219, 0x7721, 0x16, 0x0, 0x0) mq_timedreceive(r5, &(0x7f0000000880)=""/202, 0xca, 0x200000200009, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000280)=0x0) ptrace$peek(0x2, r7, &(0x7f00000002c0)) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r4, 0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000000c0)=r3}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r8}, &(0x7f00000006c0), &(0x7f0000000700)}, 0x20) recvmsg$unix(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000002380)}, 0x2000) shutdown(0xffffffffffffffff, 0x2) 3.392026334s ago: executing program 3 (id=25): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680)) socket$inet(0x2, 0x4000000000000001, 0x0) socket$kcm(0x11, 0x2, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, 0x0) accept$inet6(0xffffffffffffffff, 0x0, 0x0) fanotify_init(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000004c40)=""/102376, 0x18fe8) syz_pidfd_open(0x0, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) mknod(&(0x7f0000000240)='./file0\x00', 0x1000, 0x10) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x5}, 0x1c) setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000001440)=ANY=[], 0xc0) 1.646786804s ago: executing program 1 (id=26): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)=':', 0x1, 0x1) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xd) 1.010553273s ago: executing program 0 (id=27): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, 0x0, 0x4000010) r3 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000) accept(r3, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1f, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@call={0x85, 0x0, 0x0, 0x7d}]}, 0x0, 0xa, 0x0, 0x0, 0x41000, 0x1e, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000040)={r4}, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r5, &(0x7f0000000300)=""/102400, 0x19000) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x20b, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x9}]}], {0x14}}, 0x64}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r7, 0x4b52, &(0x7f0000000000)={0x2, {0x2, 0xffff, 0x880}}) syz_emit_ethernet(0x0, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000980)=@newqdisc={0x5c, 0x24, 0xd0f, 0x470bd30, 0x25dfdbff, {0x60, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {0xfff1, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_ingress={0xc}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x5}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x3, 0x0, 0x4, 0x3, 0x2, 0x9, 0x1}}, {0x4}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x44080) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) 826.613593ms ago: executing program 2 (id=28): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000007d40)=ANY=[@ANYBLOB], 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000640)={{r0, 0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f00000004c0)='%pi6 \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r1}, 0x4) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x11, &(0x7f0000000340)=ANY=[@ANYBLOB="180200000000000000000000020004008500000097000000b7080000000000007b8af8ff00000000b7080000ffffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="b347d4211a17c1d89ee99b6f73ac", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 153.799493ms ago: executing program 3 (id=29): openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000003f01f00040000009a0000"], 0x48) syz_init_net_socket$rose(0xb, 0x5, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = mq_open(&(0x7f0000000000)='/dev/ptp0\x00', 0x800, 0x100, 0x0) syz_open_dev$loop(0x0, 0xb8a, 0x18b80) syz_open_dev$dvb_frontend(&(0x7f00000003c0), 0x0, 0xe82) mq_timedsend(r2, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x77359400}) pselect6(0x40, &(0x7f00000001c0)={0x0, 0xff00000000000000, 0x5, 0xfffffffffffffffd, 0x8001, 0x0, 0x1000001000, 0x45}, 0x0, &(0x7f0000000080)={0x3ff, 0x4, 0x100000, 0x9, 0x0, 0x10, 0x80000002, 0xff00000000000000}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 86.382889ms ago: executing program 0 (id=30): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000012c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109024a0001100000000904000003fe03010009cd8d1f00020000000905050200067e001009058b1e", @ANYRESHEX], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r1, &(0x7f0000002680)="e7", 0x1) 0s ago: executing program 2 (id=31): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeeb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fchdir(0xffffffffffffffff) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x70, 0xff00, 0x90, [0x0, 0x0, 0x0, 0x0, 0x200000001300, 0x200000001330], 0x0, 0x0, &(0x7f0000001300)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}]}, 0x108) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.140' (ED25519) to the list of known hosts. syzkaller login: [ 81.438693][ T5759] cgroup: Unknown subsys name 'net' [ 81.578928][ T5759] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.275730][ T5759] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 84.841221][ T5773] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.849820][ T5773] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.857865][ T5773] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.871351][ T5773] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.900129][ T5773] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 84.907760][ T5773] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 84.970885][ T5773] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.981477][ T5773] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.994265][ T5773] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.003298][ T5773] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.011732][ T5773] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.019701][ T5773] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.048207][ T5773] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.056903][ T5773] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.064951][ T5773] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.087722][ T5773] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.096036][ T5773] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 85.106060][ T5773] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.117901][ T5778] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.130589][ T5778] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.140682][ T5778] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.161482][ T5778] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.169456][ T5778] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.177579][ T5778] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.594405][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 85.633095][ T5774] chnl_net:caif_netlink_parms(): no params data found [ 85.782408][ T5779] chnl_net:caif_netlink_parms(): no params data found [ 85.795120][ T5776] chnl_net:caif_netlink_parms(): no params data found [ 85.874414][ T5774] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.882474][ T5774] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.891151][ T5774] bridge_slave_0: entered allmulticast mode [ 85.898773][ T5774] bridge_slave_0: entered promiscuous mode [ 85.907409][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.914815][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.922344][ T5771] bridge_slave_0: entered allmulticast mode [ 85.929393][ T5771] bridge_slave_0: entered promiscuous mode [ 85.958917][ T5774] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.966320][ T5774] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.973964][ T5774] bridge_slave_1: entered allmulticast mode [ 85.981655][ T5774] bridge_slave_1: entered promiscuous mode [ 85.988986][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.996369][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.003762][ T5771] bridge_slave_1: entered allmulticast mode [ 86.011323][ T5771] bridge_slave_1: entered promiscuous mode [ 86.120860][ T5774] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.133643][ T5774] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.146736][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.167318][ T5779] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.174721][ T5779] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.185329][ T5779] bridge_slave_0: entered allmulticast mode [ 86.192582][ T5779] bridge_slave_0: entered promiscuous mode [ 86.201327][ T5779] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.208523][ T5779] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.215855][ T5779] bridge_slave_1: entered allmulticast mode [ 86.223821][ T5779] bridge_slave_1: entered promiscuous mode [ 86.244041][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.307372][ T5776] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.314783][ T5776] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.322590][ T5776] bridge_slave_0: entered allmulticast mode [ 86.330167][ T5776] bridge_slave_0: entered promiscuous mode [ 86.353040][ T5774] team0: Port device team_slave_0 added [ 86.363473][ T5779] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.376683][ T5771] team0: Port device team_slave_0 added [ 86.383730][ T5776] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.392665][ T5776] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.400754][ T5776] bridge_slave_1: entered allmulticast mode [ 86.407949][ T5776] bridge_slave_1: entered promiscuous mode [ 86.426785][ T5774] team0: Port device team_slave_1 added [ 86.437455][ T5779] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.457794][ T5771] team0: Port device team_slave_1 added [ 86.519250][ T5776] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.532433][ T5779] team0: Port device team_slave_0 added [ 86.550927][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.557937][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.584023][ T5774] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.607551][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.614817][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.641473][ T5774] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.654965][ T5779] team0: Port device team_slave_1 added [ 86.673789][ T5776] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.695468][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.702776][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.729012][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.741995][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.749021][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.779964][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.857556][ T5779] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.864844][ T5779] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.891357][ T5779] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.908009][ T5776] team0: Port device team_slave_0 added [ 86.917663][ T5776] team0: Port device team_slave_1 added [ 86.930981][ T5778] Bluetooth: hci0: command tx timeout [ 86.946912][ T5771] hsr_slave_0: entered promiscuous mode [ 86.954516][ T5771] hsr_slave_1: entered promiscuous mode [ 86.962251][ T5779] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.969332][ T5779] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.996079][ T5779] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.034170][ T5774] hsr_slave_0: entered promiscuous mode [ 87.041416][ T5774] hsr_slave_1: entered promiscuous mode [ 87.048088][ T5774] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.056717][ T5774] Cannot create hsr debugfs directory [ 87.086083][ T5776] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.092359][ T5778] Bluetooth: hci1: command tx timeout [ 87.093356][ T5776] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.125150][ T5776] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.165950][ T5776] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.176635][ T5776] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.180494][ T5773] Bluetooth: hci2: command tx timeout [ 87.211372][ T5776] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.250582][ T5773] Bluetooth: hci3: command tx timeout [ 87.409076][ T5776] hsr_slave_0: entered promiscuous mode [ 87.416108][ T5776] hsr_slave_1: entered promiscuous mode [ 87.424386][ T5776] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.433626][ T5776] Cannot create hsr debugfs directory [ 87.468212][ T5779] hsr_slave_0: entered promiscuous mode [ 87.477072][ T5779] hsr_slave_1: entered promiscuous mode [ 87.483876][ T5779] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.491952][ T5779] Cannot create hsr debugfs directory [ 87.900183][ T5774] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 87.949752][ T5774] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 87.969316][ T5774] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.002279][ T5774] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.093574][ T5771] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.107262][ T5771] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.124147][ T5771] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.138344][ T5771] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.246077][ T5776] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.258385][ T5776] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.269555][ T5776] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.282345][ T5776] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.393552][ T5774] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.412918][ T5779] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.425541][ T5779] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.437176][ T5779] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.449195][ T5779] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.472840][ T5774] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.508008][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.515484][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.543603][ T1100] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.550819][ T1100] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.652359][ T5776] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.703342][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.759491][ T5776] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.812715][ T1100] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.820111][ T1100] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.843905][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.865481][ T1100] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.872835][ T1100] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.903662][ T5779] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.916898][ T1100] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.924201][ T1100] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.956814][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.964253][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.001230][ T5779] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.011992][ T5773] Bluetooth: hci0: command tx timeout [ 89.064350][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.071593][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.115646][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.123339][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.170330][ T5773] Bluetooth: hci1: command tx timeout [ 89.196363][ T5776] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.250790][ T5773] Bluetooth: hci2: command tx timeout [ 89.332381][ T5773] Bluetooth: hci3: command tx timeout [ 89.367712][ T5774] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.535424][ T5774] veth0_vlan: entered promiscuous mode [ 89.568540][ T5774] veth1_vlan: entered promiscuous mode [ 89.649720][ T5776] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.686692][ T5774] veth0_macvtap: entered promiscuous mode [ 89.727125][ T5774] veth1_macvtap: entered promiscuous mode [ 89.789062][ T5776] veth0_vlan: entered promiscuous mode [ 89.831188][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.854350][ T5776] veth1_vlan: entered promiscuous mode [ 89.873636][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.933243][ T5774] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.947469][ T5774] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.956843][ T5774] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.965806][ T5774] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.984124][ T5776] veth0_macvtap: entered promiscuous mode [ 90.003778][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.018156][ T5776] veth1_macvtap: entered promiscuous mode [ 90.081955][ T5776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.094297][ T5776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.108769][ T5776] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.121384][ T5776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.132647][ T5776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.144546][ T5776] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.171239][ T5776] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.191031][ T5776] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.200335][ T5776] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.209093][ T5776] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.248140][ T5779] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.316649][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.330465][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.416044][ T5771] veth0_vlan: entered promiscuous mode [ 90.428400][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.441780][ T5771] veth1_vlan: entered promiscuous mode [ 90.451352][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.526425][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.536192][ T5779] veth0_vlan: entered promiscuous mode [ 90.556378][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.601318][ T5779] veth1_vlan: entered promiscuous mode [ 90.615217][ T5771] veth0_macvtap: entered promiscuous mode [ 90.638391][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.647476][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.659514][ T5771] veth1_macvtap: entered promiscuous mode [ 90.811047][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.828198][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.839157][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.859175][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.891598][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.901867][ T5779] veth0_macvtap: entered promiscuous mode [ 90.956500][ T5779] veth1_macvtap: entered promiscuous mode [ 90.974628][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.998446][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.018569][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.031630][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.053610][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.119012][ T5773] Bluetooth: hci0: command tx timeout [ 91.164923][ T5779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.176226][ T5779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.186544][ T5779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.197297][ T5779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.207601][ T5779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.218343][ T5779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.250011][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 91.390042][ T5773] Bluetooth: hci1: command tx timeout [ 91.395171][ T5779] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.395757][ T5773] Bluetooth: hci2: command tx timeout [ 91.411039][ T5773] Bluetooth: hci3: command tx timeout [ 91.838080][ T5771] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.070286][ T5771] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.090076][ T5771] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.099038][ T5771] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.284044][ T5779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.302335][ T8] cfg80211: failed to load regulatory.db [ 92.544483][ T5779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.100010][ T5779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.119481][ T5779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.144439][ T5779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.155706][ T5779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.170065][ T5773] Bluetooth: hci0: command tx timeout [ 93.202621][ T5779] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.371547][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 93.380278][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 93.414797][ T5773] Bluetooth: hci2: command tx timeout [ 93.420840][ T5773] Bluetooth: hci1: command tx timeout [ 93.490531][ T5773] Bluetooth: hci3: command tx timeout [ 93.939612][ T5779] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.105214][ T5779] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.115002][ T5779] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.124387][ T5779] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.370796][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 94.451524][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 94.682514][ T5858] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 94.691874][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 95.030339][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 95.042167][ T1113] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.055339][ T1113] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.262201][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.280103][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.372546][ T5865] warning: `syz.1.10' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 95.510342][ T5867] syz.1.10 uses obsolete (PF_INET,SOCK_PACKET) [ 96.370144][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 96.389696][ T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 96.730979][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.792935][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.888581][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.949241][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.970135][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 96.986370][ T9] usb 4-1: config index 0 descriptor too short (expected 74, got 45) [ 97.000052][ T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 97.030010][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 97.112164][ T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 97.168857][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 97.216023][ T9] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 97.310039][ T9] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 97.319173][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.459892][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 97.480011][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 97.756599][ T5876] netlink: 'syz.0.1': attribute type 27 has an invalid length. [ 97.851487][ T9] usb 4-1: usb_control_msg returned -32 [ 97.899322][ T5761] IPVS: starting estimator thread 0... [ 98.070084][ T9] usbtmc 4-1:16.0: can't read capabilities [ 98.165171][ T9] usb 4-1: USB disconnect, device number 2 [ 98.190104][ T5878] IPVS: using max 17 ests per chain, 40800 per kthread [ 101.757749][ T5894] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 102.019870][ C1] sched: RT throttling activated [ 104.721780][ T5914] netlink: 'syz.0.23': attribute type 27 has an invalid length. [ 108.538638][ T5939] ================================================================== [ 108.546792][ T5939] BUG: KASAN: slab-use-after-free in dvb_device_open+0xca/0x370 [ 108.554500][ T5939] Read of size 8 at addr ffff888026b01418 by task syz.3.29/5939 [ 108.562174][ T5939] [ 108.564564][ T5939] CPU: 1 PID: 5939 Comm: syz.3.29 Not tainted syzkaller #0 [ 108.571799][ T5939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 108.581934][ T5939] Call Trace: [ 108.585258][ T5939] [ 108.588219][ T5939] dump_stack_lvl+0x18c/0x250 [ 108.593048][ T5939] ? __lock_acquire+0x7d40/0x7d40 [ 108.598214][ T5939] ? show_regs_print_info+0x20/0x20 [ 108.603481][ T5939] ? load_image+0x400/0x400 [ 108.608031][ T5939] ? _raw_spin_lock_irqsave+0xc0/0x100 [ 108.613545][ T5939] ? __virt_addr_valid+0x18c/0x540 [ 108.618709][ T5939] ? __virt_addr_valid+0x469/0x540 [ 108.623866][ T5939] print_report+0xa8/0x210 [ 108.628509][ T5939] ? dvb_device_open+0xca/0x370 [ 108.633402][ T5939] kasan_report+0x117/0x150 [ 108.637991][ T5939] ? chrdev_open+0x3e3/0x6a0 [ 108.642635][ T5939] ? dvb_device_open+0xca/0x370 [ 108.647545][ T5939] dvb_device_open+0xca/0x370 [ 108.652270][ T5939] ? do_raw_spin_unlock+0x121/0x230 [ 108.657606][ T5939] chrdev_open+0x5cc/0x6a0 [ 108.662076][ T5939] ? cd_forget+0x160/0x160 [ 108.666536][ T5939] ? fsnotify_perm+0x3ed/0x5e0 [ 108.671381][ T5939] ? cd_forget+0x160/0x160 [ 108.675857][ T5939] do_dentry_open+0x8c6/0x1500 [ 108.680880][ T5939] path_openat+0x27f1/0x3230 [ 108.685524][ T5939] ? do_sys_openat2+0xda/0x1d0 [ 108.690335][ T5939] ? verify_lock_unused+0x140/0x140 [ 108.695606][ T5939] ? do_filp_open+0x430/0x430 [ 108.700771][ T5939] ? __virt_addr_valid+0x18c/0x540 [ 108.705939][ T5939] do_filp_open+0x1f5/0x430 [ 108.710573][ T5939] ? vfs_tmpfile+0x490/0x490 [ 108.715214][ T5939] ? _raw_spin_unlock+0x28/0x40 [ 108.720114][ T5939] ? alloc_fd+0x58f/0x630 [ 108.724531][ T5939] do_sys_openat2+0x134/0x1d0 [ 108.729349][ T5939] ? do_sys_open+0xe0/0xe0 [ 108.733811][ T5939] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 108.739832][ T5939] ? lock_chain_count+0x20/0x20 [ 108.744768][ T5939] __x64_sys_openat+0x139/0x160 [ 108.749680][ T5939] do_syscall_64+0x55/0xa0 [ 108.754236][ T5939] ? clear_bhb_loop+0x40/0x90 [ 108.758960][ T5939] ? clear_bhb_loop+0x40/0x90 [ 108.763690][ T5939] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 108.769636][ T5939] RIP: 0033:0x7f0ca595cfce [ 108.774158][ T5939] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 108.793899][ T5939] RSP: 002b:00007f0ca6798b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 108.802456][ T5939] RAX: ffffffffffffffda RBX: 00007f0ca67996c0 RCX: 00007f0ca595cfce [ 108.810498][ T5939] RDX: 0000000000000e82 RSI: 00007f0ca6798c00 RDI: ffffffffffffff9c [ 108.818560][ T5939] RBP: 00007f0ca6798c00 R08: 0000000000000000 R09: 0000000000000000 [ 108.826576][ T5939] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd [ 108.834600][ T5939] R13: 00007f0ca5c16308 R14: 00007f0ca5c16270 R15: 00007ffc375f36c8 [ 108.842672][ T5939] [ 108.845729][ T5939] [ 108.848078][ T5939] Allocated by task 1: [ 108.852192][ T5939] kasan_set_track+0x4e/0x70 [ 108.856834][ T5939] __kasan_kmalloc+0x8f/0xa0 [ 108.861466][ T5939] dvb_register_device+0x2fd/0x2210 [ 108.866708][ T5939] dvb_register_frontend+0x649/0x930 [ 108.872044][ T5939] vidtv_bridge_probe+0x9ab/0xf80 [ 108.877124][ T5939] platform_probe+0x13b/0x1c0 [ 108.881859][ T5939] really_probe+0x25b/0xb20 [ 108.886421][ T5939] __driver_probe_device+0x18c/0x330 [ 108.891750][ T5939] driver_probe_device+0x4f/0x420 [ 108.896811][ T5939] __driver_attach+0x44e/0x6e0 [ 108.901613][ T5939] bus_for_each_dev+0x235/0x2b0 [ 108.906524][ T5939] bus_add_driver+0x340/0x630 [ 108.911340][ T5939] driver_register+0x23a/0x310 [ 108.916165][ T5939] vidtv_bridge_init+0x3d/0x70 [ 108.920980][ T5939] do_one_initcall+0x242/0x790 [ 108.925804][ T5939] do_initcall_level+0x137/0x1f0 [ 108.930891][ T5939] do_initcalls+0x69/0xd0 [ 108.935278][ T5939] kernel_init_freeable+0x3ed/0x580 [ 108.940531][ T5939] kernel_init+0x1d/0x1c0 [ 108.944984][ T5939] ret_from_fork+0x48/0x80 [ 108.949459][ T5939] ret_from_fork_asm+0x11/0x20 [ 108.954270][ T5939] [ 108.956640][ T5939] Freed by task 5894: [ 108.960734][ T5939] kasan_set_track+0x4e/0x70 [ 108.965365][ T5939] kasan_save_free_info+0x2e/0x50 [ 108.970439][ T5939] ____kasan_slab_free+0x126/0x1e0 [ 108.975615][ T5939] slab_free_freelist_hook+0x130/0x1a0 [ 108.981113][ T5939] __kmem_cache_free+0xba/0x1e0 [ 108.986015][ T5939] dvb_device_open+0x2ee/0x370 [ 108.990819][ T5939] chrdev_open+0x5cc/0x6a0 [ 108.995273][ T5939] do_dentry_open+0x8c6/0x1500 [ 109.000087][ T5939] path_openat+0x27f1/0x3230 [ 109.004713][ T5939] do_filp_open+0x1f5/0x430 [ 109.009250][ T5939] do_sys_openat2+0x134/0x1d0 [ 109.013968][ T5939] __x64_sys_openat+0x139/0x160 [ 109.018859][ T5939] do_syscall_64+0x55/0xa0 [ 109.023319][ T5939] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 109.029251][ T5939] [ 109.031612][ T5939] The buggy address belongs to the object at ffff888026b01400 [ 109.031612][ T5939] which belongs to the cache kmalloc-256 of size 256 [ 109.045709][ T5939] The buggy address is located 24 bytes inside of [ 109.045709][ T5939] freed 256-byte region [ffff888026b01400, ffff888026b01500) [ 109.059463][ T5939] [ 109.061830][ T5939] The buggy address belongs to the physical page: [ 109.068285][ T5939] page:ffffea00009ac000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26b00 [ 109.078490][ T5939] head:ffffea00009ac000 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 109.087814][ T5939] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 109.095845][ T5939] page_type: 0xffffffff() [ 109.100218][ T5939] raw: 00fff00000000840 ffff888017c41b40 dead000000000122 0000000000000000 [ 109.108853][ T5939] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 109.117470][ T5939] page dumped because: kasan: bad access detected [ 109.124008][ T5939] page_owner tracks the page as allocated [ 109.129752][ T5939] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 17450901644, free_ts 0 [ 109.149531][ T5939] post_alloc_hook+0x1c1/0x200 [ 109.154351][ T5939] get_page_from_freelist+0x1951/0x19e0 [ 109.159932][ T5939] __alloc_pages+0x1f0/0x460 [ 109.164554][ T5939] alloc_page_interleave+0x24/0x1e0 [ 109.169792][ T5939] alloc_slab_page+0x5d/0x160 [ 109.174524][ T5939] new_slab+0x87/0x2d0 [ 109.178650][ T5939] ___slab_alloc+0xc5d/0x12f0 [ 109.183382][ T5939] __kmem_cache_alloc_node+0x19e/0x250 [ 109.188889][ T5939] kmalloc_trace+0x2a/0xe0 [ 109.193354][ T5939] bus_add_driver+0x162/0x630 [ 109.198109][ T5939] driver_register+0x23a/0x310 [ 109.202924][ T5939] usb_register_driver+0x206/0x3d0 [ 109.208172][ T5939] do_one_initcall+0x242/0x790 [ 109.213072][ T5939] do_initcall_level+0x137/0x1f0 [ 109.218065][ T5939] do_initcalls+0x69/0xd0 [ 109.222441][ T5939] kernel_init_freeable+0x3ed/0x580 [ 109.227692][ T5939] page_owner free stack trace missing [ 109.233086][ T5939] [ 109.235435][ T5939] Memory state around the buggy address: [ 109.241094][ T5939] ffff888026b01300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 109.249199][ T5939] ffff888026b01380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 109.257298][ T5939] >ffff888026b01400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 109.265392][ T5939] ^ [ 109.270302][ T5939] ffff888026b01480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 109.278609][ T5939] ffff888026b01500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 109.286797][ T5939] ================================================================== [ 109.303720][ T5939] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 109.310990][ T5939] CPU: 1 PID: 5939 Comm: syz.3.29 Not tainted syzkaller #0 [ 109.318227][ T5939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 109.328331][ T5939] Call Trace: [ 109.331703][ T5939] [ 109.334664][ T5939] dump_stack_lvl+0x18c/0x250 [ 109.339397][ T5939] ? show_regs_print_info+0x20/0x20 [ 109.344647][ T5939] ? load_image+0x400/0x400 [ 109.349208][ T5939] panic+0x2dc/0x730 [ 109.353152][ T5939] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 109.359359][ T5939] ? bpf_jit_dump+0xd0/0xd0 [ 109.363910][ T5939] ? _raw_spin_unlock_irqrestore+0x111/0x120 [ 109.369931][ T5939] ? _raw_spin_unlock+0x40/0x40 [ 109.374819][ T5939] ? dvb_device_open+0xca/0x370 [ 109.379712][ T5939] check_panic_on_warn+0x84/0xa0 [ 109.384697][ T5939] ? dvb_device_open+0xca/0x370 [ 109.389587][ T5939] end_report+0x6f/0x130 [ 109.393879][ T5939] kasan_report+0x128/0x150 [ 109.398419][ T5939] ? chrdev_open+0x3e3/0x6a0 [ 109.403059][ T5939] ? dvb_device_open+0xca/0x370 [ 109.407970][ T5939] dvb_device_open+0xca/0x370 [ 109.412719][ T5939] ? do_raw_spin_unlock+0x121/0x230 [ 109.417975][ T5939] chrdev_open+0x5cc/0x6a0 [ 109.422451][ T5939] ? cd_forget+0x160/0x160 [ 109.426907][ T5939] ? fsnotify_perm+0x3ed/0x5e0 [ 109.431724][ T5939] ? cd_forget+0x160/0x160 [ 109.436183][ T5939] do_dentry_open+0x8c6/0x1500 [ 109.440991][ T5939] path_openat+0x27f1/0x3230 [ 109.445631][ T5939] ? do_sys_openat2+0xda/0x1d0 [ 109.450439][ T5939] ? verify_lock_unused+0x140/0x140 [ 109.455687][ T5939] ? do_filp_open+0x430/0x430 [ 109.460406][ T5939] ? __virt_addr_valid+0x18c/0x540 [ 109.465570][ T5939] do_filp_open+0x1f5/0x430 [ 109.470116][ T5939] ? vfs_tmpfile+0x490/0x490 [ 109.474756][ T5939] ? _raw_spin_unlock+0x28/0x40 [ 109.479700][ T5939] ? alloc_fd+0x58f/0x630 [ 109.484125][ T5939] do_sys_openat2+0x134/0x1d0 [ 109.488859][ T5939] ? do_sys_open+0xe0/0xe0 [ 109.493324][ T5939] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 109.499345][ T5939] ? lock_chain_count+0x20/0x20 [ 109.504238][ T5939] __x64_sys_openat+0x139/0x160 [ 109.509139][ T5939] do_syscall_64+0x55/0xa0 [ 109.513628][ T5939] ? clear_bhb_loop+0x40/0x90 [ 109.518343][ T5939] ? clear_bhb_loop+0x40/0x90 [ 109.523191][ T5939] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 109.529218][ T5939] RIP: 0033:0x7f0ca595cfce [ 109.533670][ T5939] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 109.553339][ T5939] RSP: 002b:00007f0ca6798b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 109.561808][ T5939] RAX: ffffffffffffffda RBX: 00007f0ca67996c0 RCX: 00007f0ca595cfce [ 109.569916][ T5939] RDX: 0000000000000e82 RSI: 00007f0ca6798c00 RDI: ffffffffffffff9c [ 109.577933][ T5939] RBP: 00007f0ca6798c00 R08: 0000000000000000 R09: 0000000000000000 [ 109.585947][ T5939] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd [ 109.593960][ T5939] R13: 00007f0ca5c16308 R14: 00007f0ca5c16270 R15: 00007ffc375f36c8 [ 109.601981][ T5939] [ 109.605630][ T5939] Kernel Offset: disabled [ 109.609970][ T5939] Rebooting in 86400 seconds..