last executing test programs: 22.87625565s ago: executing program 1 (id=2): syz_mount_image$nilfs2(&(0x7f0000000180), &(0x7f0000000040)='./file2\x00', 0x2000c6, &(0x7f0000001340)=ANY=[], 0x1, 0xac5, &(0x7f0000001480)="$eJzs3V2MXFUBAOBzZ3e2f1s7xVa2tEARDfjDLltaBSu0hCZqTGoTH0zAl6aU2nSpxhIihIRCojExBBJCn3woxhdfIGoM8GIqD4aYQIzRkPiExNcaSXwgRhizs+fMzp7O9M5sd3dmdr4vOXvm3nPvPefO3rlz597zE4CRVWn83b9/YwjhpTdePHLjy289Pz/nUHOJWuPveMtUNYRQxOnxbHvvjS3EH33w1Il2cRH2Nf6m6XD0cnPdLSGE82FvuBRq4bmHLoy/+9rRd14JZx4/duTt11dn7xcVq50BAAAMgGOXDu7f+Y8/797+31dvOhw2NOen6/NanJ6M1/2H44Vyul6uhKXTRUtoNZEtNx5DJVturM1yrflUs+XGO+Q/kW232mG5DSX5j7XMa7ffMMzScVwLRWV6yXSlMj298Js8NH7XTxTTZ0/PPXKuTwUFVtx/bg4h7BVGM+y+pf9lEPoZ6tv6fQYCWJA/L7zC+ZV9Utfc2nh3+V++v9J+/RbVFS0ho+BnP971rdCH4z8n/8HO/5fPqKnAylmHR9Nft7bsV/ocTcbp/DlCXn+p189/2l7+PKLba4BOzxGG5flCp3KOrXE5lqtT+fPjYr26N8bpfbgvS4+fg8bjtPx/Oiz/Y6C9D4fl/n8YgDIIwlXCrqL/Zeg11Pt8/gEGV15vrh6l9LxeX56+oSR9Y0n6ppL0zSXpoct0GEW/fez58EKxeL8r/03f6/2wyWwTn+ixPPn9yF7zz+v9dq+6Ivnn9YlhoG3544W7H37wLwv1/4vm8f9xPN73xula/Gxdiguk+4X5ffVm3f/a0mwqHZa7LivO1jbLN17vWLpcsWNxO6HlPHNFOabSGgt3dLd1Wm7P0u3XsuU2xbAxK29+fbI5Wy/Vn04nxcklpVnc32rLfvx76+J5LJUjnVe2xzgvByxHOh6X1v+fP/oa9f+bj7GmQrV45PTcyTvjdPq8vTVW3TA/f3atCw5cs27b/0yFpe1/Jpvzq5XW88K2xflF63mhls3f12H+XXE6fc99b2xTY/70ie/PPbyk5PGH/NMr8z7AKDr3xJNnjs/Nnfzhar6Yz2iVs1iHL8L5EAagGMt9kY6wQSmPF928SP+143P9OiMBa2XmsUd/MHPuiSfvOP3o8VMnT508O3tg9u57DszOfumemcZ1/Uzr1f16rC4Mo2vx27/fJQEAAAAAAAAAAAC6der9mYt/e/PLf19o/7/Y/i+1/081f1P7/59m7f+zZv7NCsKpHWBqx3dFe/usg9WJbLlqDJ/Mtr8jy2dntt6nYtwcxy+2/0/Z5f26pvJcn83P++9Ny01l8/P+UiayPkiK8JPNreX7dIyf/d9CF0S/CNBHxab2s2Nc1r91OtZT/xT6pRhO6f+WjobUj8mWeCik9t6pv5LU/0M6/29fm2KywtaiXWG/9xFo71/D0v/3ckK6iOl3OQRhQEO9bhQPYDD0e/zPdN8zxWd//42N8yEtdvn+pefLvP9SuBaDPv7kesv/mT7nn+ti/M8VHV64Of5d1+e/bMS8/AFQlw4++81/tmQbbug2/3z809QP9I7e8v9qzD/tzW2hu/zrL2f55w+EunRvlv/mLvO/Yv/3LC//+2L+6W27/dZu818ocVFZWo78vnF6/pfuG38ny/9Qtv+pb8+e93+ZAzUejvnDKBuWcWZ7NSzj/3aS18M4EKfTiTDVc8jHO+m1/Kl+Rfoe2Jltvyj5frvq+L9D8DC4TfnrT9frPx+VcVy+EuOyz8Nk/J+m47HWZrrSMl1t896u13MNDKv31uHzv8Y5bADKIaxA2DQAZbj2sPC12jovfRlebb0/rH7Z6vV6X/v01aFwf/X7/e/30+d+59/v979MPv5vfg2fj/+bp+fj/347S8/H/83Xz8fXy9Pz8X/z93NL+/TmL9Prs+3m4wNPlaTvKkm/oSR9d0n6npL0G0vSbylJv6kk/eaS9OtK0m8NXw+t8vTPlKz/2c7pH7Yu2mn920u2/7mS9PUutUcZ1f2HUZa3z/P5h9GRnv90+vzvKEkHhteFV2cfePA3360ttP+faN4PSc/xDsfpavzt/KM4nT/3Di3T82lvxun3s/RBv98BoyTvPyP/fr+tJB0YXqmel883jKCifSXN/Hlbs9+qGKd+qzpd5zNcPh/jL8T4izG+I8bTMZ6J8WyM961R+VgdD/z6dwdfKBZ/72/L0rutT563B8r7ibqry/Lk9wd6rc+e9+PXq2vNf5nNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPqm0vi7f/9UEcJLb7x45OKfvvar+TmHmkvUGn/HW6aqzfVCuDPGYzG+GF989MFTJ1rjj2NchH2hCEVzfjh6uZnTlhDC+bA3XAq18NxDF8bffe3oO6+EM48fO/L266v3DiwoVjsDAAAA6KP/BwAA//8LwBbF") symlink(&(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', &(0x7f00000002c0)='.\x02\x00') 16.645839721s ago: executing program 1 (id=10): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xa, 0x0, 0x0, 0x0}, 0x94) r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r4 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002) write$binfmt_aout(r4, &(0x7f0000000380)=ANY=[@ANYBLOB="03070000b5"], 0xc8) dup3(r4, r3, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x24, 0x0, 0x0) 13.938338995s ago: executing program 1 (id=13): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000000020000000900020073797a32000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000040000000000a40000000160a01080000000000000000020000000900020073797a30000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) recvmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_MSG_GETFLOWTABLE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x14, 0x17, 0xa, 0x301, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x8094) 13.712496155s ago: executing program 4 (id=15): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="5c0000002000010000000000000000000220000000000000010000000500190002000000080009000000000008000b0005000000080017004e214e22080001"], 0x5c}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}, 0x1, 0x0, 0x0, 0x40801}, 0x0) 13.188444196s ago: executing program 0 (id=18): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0xfffffffffffffdbc, 0x2, {{0x1, 0xd, 0x0, 0x9, 0x8}, 0x6, 0x1, 0x1, 0x4, 0x8, 0xe, 0x7, 0x1d, 0x3, 0x9, {0xa2d6, 0x200, 0xb, 0x40, 0x2, 0x1ff}}}}]}, 0x78}}, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x4, 0x5}, {}, {0x7, 0x5}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0xd, 0x0, 0x9, 0x3}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20048081}, 0xc0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) socket$nl_route(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) r8 = socket$kcm(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r8, &(0x7f00000000c0)={&(0x7f0000000840)=@xdp={0x2c, 0x7, r9, 0x3e}, 0x80, &(0x7f0000000480)=[{&(0x7f00000002c0)='\x00', 0x1}], 0x1}, 0x4) 13.170238157s ago: executing program 1 (id=19): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='map_files\x00') tkill(0x0, 0xb) pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff}, 0x80) r4 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$KEYCTL_WATCH_KEY(0x20, r4, r3, 0x22) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r5, 0xffffffffffffffff, 0x0) 12.943037022s ago: executing program 4 (id=20): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001680)) r1 = eventfd2(0x1, 0x1) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001ac0)=""/191, 0x0, 0xffff1000}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x80, 0xb0) getdents(r2, 0x0, 0xbb) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) 12.900470595s ago: executing program 3 (id=21): socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x10, 0x3, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x3, 0x0, 0x0, {0x7, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x200005}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20004080) 10.51621796s ago: executing program 1 (id=23): sendmsg$inet(0xffffffffffffffff, 0x0, 0x40000) setreuid(0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 000040'], 0x2a, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x84, 0x0, &(0x7f0000001040)) r3 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f0000000500)="14", 0x1, 0xfffffffffffffffd) keyctl$read(0xb, r3, &(0x7f0000000240)=""/112, 0x349b7f55) 10.087650194s ago: executing program 2 (id=24): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8) sendto$inet6(r0, &(0x7f0000000580), 0x0, 0xc001, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback, 0x81}, 0x1c) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000040), 0x4) 10.055521464s ago: executing program 3 (id=25): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0xffe, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0) 9.857821502s ago: executing program 0 (id=26): connect$unix(0xffffffffffffffff, &(0x7f0000000440)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f0000004440)=@base={0x4, 0x4, 0x4, 0x4000b, 0x4, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x50) 9.30871436s ago: executing program 2 (id=27): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r0, &(0x7f0000000a00)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x7fff, @dev={0xfe, 0x80, '\x00', 0x3b}, 0x1}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000380)='1', 0x1}], 0x1, &(0x7f0000000600)=ANY=[], 0x280}}], 0x1, 0x240048d1) setsockopt(r0, 0x84, 0x11, &(0x7f0000000040)="020000000980ffff", 0x8) 9.286093693s ago: executing program 3 (id=28): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x26}, 0x28) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@delqdisc={0x2c, 0x25, 0x8, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0xb}, {0xfff1, 0x10}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0xc}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000050}, 0x20008041) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x10, &(0x7f0000000500)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b702000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r0, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000500000020"}) 8.837002029s ago: executing program 4 (id=29): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e1d, 0x1, @mcast1, 0x8}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000000)=0x28, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x2404adc4, &(0x7f00000000c0)={0xa, 0x4e23, 0x25b0, @ipv4={'\x00', '\xff\xff', @remote}, 0x8}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001ec0)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)}], 0x1}}], 0x1, 0x0) 8.639620898s ago: executing program 2 (id=30): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000000020000000900020073797a32000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000040000000000a40000000160a01080000000000000000020000000900020073797a30000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) recvmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_MSG_GETFLOWTABLE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x14, 0x17, 0xa, 0x301, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x8094) 8.639453878s ago: executing program 0 (id=31): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="5c0000002000010000000000000000000220000000000000010000000500190002000000080009000000000008000b0005000000080017004e214e22080001"], 0x5c}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}, 0x1, 0x0, 0x0, 0x40801}, 0x0) 8.599633128s ago: executing program 3 (id=32): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="5c0000002000010000000000000000000220000000000000010000000500190002000000080009000000000008000b0005000000080017004e214e22080001"], 0x5c}}, 0x0) 8.388312004s ago: executing program 4 (id=33): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x50}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x810}, 0x20004000) 7.967281972s ago: executing program 0 (id=34): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) r1 = socket$inet6(0xa, 0x80002, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000002c0)={'wlan0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) r4 = bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_DELLINK(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000640)=ANY=[@ANYBLOB="18000000041401002dbd7000"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000340)={@fallback=r5, 0x35, 0x0, 0x6, &(0x7f0000000140), 0x0, 0x0, &(0x7f0000000180)=[0x0, 0x0], 0x0, 0x0, 0x0}, 0x40) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="30000000eb4b1e9991d601000000", @ANYRES32, @ANYRES32, @ANYBLOB, @ANYRES64=r6], 0x20) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000080)=ANY=[@ANYRES32, @ANYRES32=r4, @ANYBLOB="370600", @ANYRES64=r6], 0x20) r7 = bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={@map=r7, 0xffffffffffffffff, 0x24, 0x2000, 0xffffffffffffffff, @value, @void, @void, @void, r6}, 0x20) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000140), 0x4) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c0000001000ffff27bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="37ec000000000000140012800b0001006970766c616e00000400028008000500", @ANYRES32=r3, @ANYRES8=r2], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0) r8 = socket(0x11, 0x2, 0x10001) ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f0000000000)={'bond0\x00', &(0x7f0000000180)=@ethtool_sfeatures={0x3b, 0x2, [{0xae9, 0x8}, {0x11, 0x30000080}]}}) 7.934216974s ago: executing program 2 (id=35): socket$kcm(0x10, 0x2, 0x10) ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000020c0), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) gettid() madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) timer_create(0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00') lseek(r1, 0x2000, 0x0) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r2, 0x0, 0x0) r3 = openat$comedi(0xffffffffffffff9c, 0x0, 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, &(0x7f0000000180)={'dt2815\x00', [0xb, 0x9, 0x1, 0x0, 0x0, 0x6, 0x0, 0x7, 0x417, 0xff, 0x2, 0x1, 0x6, 0x2, 0x6, 0x0, 0x5, 0x0, 0x43, 0x40000003, 0x89, 0xb, 0xf27, 0x6, 0x6, 0x8, 0x5, 0x4, 0x8, 0x10000, 0xfffffff4, 0x6]}) userfaultfd(0x801) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x6000000, 0x6e073, 0xffffffffffffffff, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c000280080001400000000820000180"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) 5.814999171s ago: executing program 4 (id=36): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0xfffffffffffffdbc, 0x2, {{0x1, 0xd, 0x0, 0x9, 0x8}, 0x6, 0x1, 0x1, 0x4, 0x8, 0xe, 0x7, 0x1d, 0x3, 0x9, {0xa2d6, 0x200, 0xb, 0x40, 0x2, 0x1ff}}}}]}, 0x78}}, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x4, 0x5}, {}, {0x7, 0x5}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0xd, 0x0, 0x9, 0x3}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20048081}, 0xc0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) socket$nl_route(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) r8 = socket$kcm(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r8, &(0x7f00000000c0)={&(0x7f0000000840)=@xdp={0x2c, 0x7, r9, 0x3e}, 0x80, &(0x7f0000000480)=[{&(0x7f00000002c0)='\x00', 0x1}], 0x1}, 0x4) 5.570757484s ago: executing program 3 (id=37): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000540), 0x1, 0x490, &(0x7f0000000580)="$eJzs3UFrXNUeAPD/nSR9aZu+pO+9RV/BWmwlLdqZpLFtcFEriK4Kat3HmExCyCQTMpO2CUVS/ACCiAquXLkR/ACC9COIUNC9iCiirS5cqCMzudPWOJMETHNx5veD03vOPTPzP6eTOXPPPZe5AXSt4xFxKSJ6IuJ0RAym+3NpivWNVH/c3Ts3puopiVrtyg9JJOm+5msl6fZg+rT+iHj5hYjXkr/GrayuzU+WSsXltFyoLiwVKqtrZ+YWJmeLs8XFsbHR8+MXxs+Nj+xaXy8+9807b374/MVPn7z21cR3p16vN2sgrXuwH7tpo+t9jf+Lpt6IWH4YwTLQk/anL+uGAACwI/Vj/P9ExGON4//B6GkczQEAAACdpPbMQPyaRNQAAACAjpVrXAOb5PLptQADkcvl8xvX8P4vDuRK5Ur1iZnyyuL0xrWyQ9GXm5krFUfSa4WHoi+pl0cb+fvls5vKYxFxOCLeHtzfKOenyqXprE9+AAAAQJc4uGn+//PgxvwfAAAA6DBDWTcAAAAAeOjM/wEAAKDzmf8DAABAR3vx8uV6qjXvfz19dXVlvnz1zHSxMp9fWJnKT5WXl/Kz5fJs4zf7FrZ7vVK5vPRULK5cL1SLlWqhsro2sVBeWaxONO7rPVF0n2gAAADYe4cfvfVlEhHrT+9vpLp9aZ25OnS2XNYNADLTk3UDgMz0Zt0AIDPm+ECyTX1/u4rPdr8tAADAwzH8f+v/0K2s/0P3sv4P3cv6P3Qvc3zA+j8AAHS+gUZKcvl0LXAgcrl8PuJQ47YAfcnMXKk4EhH/jogvBvv+VS+PZt1oAAAAAAAAAAAAAAAAAAAAAAAAAPiHqdWSqAEAAAAdLSL3bZLe/2t48OTA5vMD+5JfBhvbiLj2/pV3r09Wq8uj9f0/3ttffS/dfzaLMxgAAADAZs15enMeDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC76e6dG1PNtJdxv382IoZaxe+N/sa2P/oi4sBPSfQ+8LwkInp2If76zYg40ip+Um9WDKWt2Bw/FxH7M45/cBfiQze7VR9/LrX6/OXieGPb+vPXm6a/q/34l7s3/vW0Gf8O7TDG0dsfF9rGvxlxtLf1+NOMn7SJf2KH8V99ZW2tXV3tg4jhlt8/yZ9iFaoLS4XK6tqZuYXJ2eJscXFsbPT8+IXxc+MjhZm5UjH9t2WMtx755Pet+n+gTfyhbfp/cof9/+329Tv/3SL+qROt3/8jW8Sv/008nn4P1OuHm/n1jfyDjn30+bGt+j/dpv/bvf+ndtj/0y+98fUOHwoA7IHK6tr8ZKlUXJaRkZG5l8l6ZAIAAHbb/YP+rFsCAAAAAAAAAAAAAAAAAAAA3Wsvfk4s6z4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOzEHwEAAP//0wfUAw==") r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc) r1 = socket$inet6(0xa, 0x3, 0x9) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f00000000c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(r3, 0x1, &(0x7f0000000180)=0x3) mlockall(0x2) setrlimit(0xa, &(0x7f0000000000)={0x80000000, 0xffffffffffff0f53}) shmget$private(0x0, 0x1000, 0x0, &(0x7f00008f0000/0x1000)=nil) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x7000) shmctl$SHM_LOCK(0x0, 0xb) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@ipv4, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@ipv4={'\x00', '\xff\xff', @dev}, 0x0, 0x3c}, 0x2, @in=@loopback, 0x0, 0x1}}, 0xe8) sendmmsg(r1, 0x0, 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000b40)=@filter={'filter\x00', 0x4, 0x4, 0x4b8, 0xffffffff, 0x260, 0x0, 0x0, 0xfeffffff, 0xffffffff, 0x3e8, 0x3e8, 0x3e8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x29}, @private2, [0xffffffff, 0xff000000, 0xff, 0xffffff00], [0xffffff00, 0xffffffff, 0xffffffff, 0xffffffff], 'hsr0\x00', 'sit0\x00', {}, {}, 0x87, 0x3, 0x4, 0x5}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x7}}}}, {{@ipv6={@private2, @empty, [0xff], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@srh1={{0x90}, {0x21, 0x12, 0xbe, 0x7, 0x5aa9, @ipv4={'\x00', '\xff\xff', @empty}, @private1, @local, [0xff000000, 0xff000000, 0x0, 0xff], [0xffffffff, 0xff000000, 0xff], [0x0, 0xffffff, 0xff, 0x7fffff7f], 0x3c80}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x1, {0x2000010}}}}, {{@uncond, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x4, 0x7, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast1, @private1, [0x0, 0x0, 0xff, 0xff], [0x0, 0xffffff00], [0x0, 0xff000000], 0x843, 0x1400}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x518) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) 5.106911711s ago: executing program 0 (id=38): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0xffe, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0) 4.992056153s ago: executing program 2 (id=39): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xff}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getgroups(0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r4 = socket$inet_icmp(0x2, 0x2, 0x1) sendmmsg$inet(r4, &(0x7f0000000340)=[{{&(0x7f0000000200)={0x2, 0x4e22, @local}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000400)='\b\x00\x00\x00(\x00\x00\x00', 0x8}], 0x1}}], 0x1, 0x44044) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(0xffffffffffffffff, 0x0, 0x0) r5 = socket(0x1e, 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, 0x0) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, 0x0, &(0x7f0000000140)) sendmmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$inet_sctp_SCTP_RTOINFO(r5, 0x84, 0x0, 0x0, 0x0) 1.079716405s ago: executing program 2 (id=40): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r0, &(0x7f0000000a00)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x7fff, @dev={0xfe, 0x80, '\x00', 0x3b}, 0x1}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000380)='1', 0x1}], 0x1, &(0x7f0000000600)=ANY=[], 0x280}}], 0x1, 0x240048d1) setsockopt(r0, 0x84, 0x11, &(0x7f0000000040)="020000000980ffff", 0x8) 777.659597ms ago: executing program 4 (id=41): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r3, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r3, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000}) ioctl$IOMMU_HWPT_ALLOC$NONE(r2, 0x3b89, &(0x7f0000000000)={0x28, 0x2, r4, r3, 0x0, 0x0, 0x0, 0x0, 0x0}) close_range(r1, 0xffffffffffffffff, 0x0) 604.12016ms ago: executing program 1 (id=42): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x26}, 0x28) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@delqdisc={0x2c, 0x25, 0x8, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0xb}, {0xfff1, 0x10}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0xc}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000050}, 0x20008041) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x10, &(0x7f0000000500)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b702000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r0, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000500000020"}) 481.421885ms ago: executing program 0 (id=43): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e1d, 0x1, @mcast1, 0x8}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000000)=0x28, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x2404adc4, &(0x7f00000000c0)={0xa, 0x4e23, 0x25b0, @ipv4={'\x00', '\xff\xff', @remote}, 0x8}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001ec0)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)}], 0x1}}], 0x1, 0x0) 0s ago: executing program 3 (id=44): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="5c0000002000010000000000000000000220000000000000010000000500190002000000080009000000000008000b0005000000080017004e214e22080001"], 0x5c}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}, 0x1, 0x0, 0x0, 0x40801}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.156' (ED25519) to the list of known hosts. [ 173.646913][ T5765] cgroup: Unknown subsys name 'net' [ 173.772536][ T5765] cgroup: Unknown subsys name 'cpuset' [ 173.791014][ T5765] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 179.520433][ T5765] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 183.766835][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 183.776594][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 183.785690][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 183.798662][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 183.809433][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 183.843175][ T5790] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 183.852333][ T5790] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 183.861172][ T5790] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 183.873914][ T5790] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 183.884993][ T5790] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 183.903949][ T5787] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 183.922529][ T5790] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 183.933620][ T5790] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 183.946962][ T5790] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 183.957974][ T5790] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 184.075100][ T5084] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 184.084258][ T5084] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 184.085014][ T5787] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 184.100688][ T5787] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 184.107104][ T5084] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 184.112948][ T5787] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 184.126660][ T5084] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 184.134684][ T5787] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 184.145833][ T5787] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 184.213636][ T5787] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 185.560701][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 185.627250][ T5796] chnl_net:caif_netlink_parms(): no params data found [ 185.675998][ T5797] chnl_net:caif_netlink_parms(): no params data found [ 185.875275][ T5792] chnl_net:caif_netlink_parms(): no params data found [ 185.921813][ T5787] Bluetooth: hci1: command tx timeout [ 185.972091][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 186.092352][ T5787] Bluetooth: hci0: command tx timeout [ 186.097987][ T51] Bluetooth: hci2: command tx timeout [ 186.241712][ T5787] Bluetooth: hci4: command tx timeout [ 186.321649][ T5787] Bluetooth: hci3: command tx timeout [ 186.547735][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.555447][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.611852][ T5786] bridge_slave_0: entered allmulticast mode [ 186.645133][ T5786] bridge_slave_0: entered promiscuous mode [ 186.673827][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.681342][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.691115][ T5786] bridge_slave_1: entered allmulticast mode [ 186.703219][ T5786] bridge_slave_1: entered promiscuous mode [ 186.915862][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.923495][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.931279][ T5796] bridge_slave_0: entered allmulticast mode [ 186.940014][ T5796] bridge_slave_0: entered promiscuous mode [ 186.974793][ T5797] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.982988][ T5797] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.990541][ T5797] bridge_slave_0: entered allmulticast mode [ 186.999230][ T5797] bridge_slave_0: entered promiscuous mode [ 187.044465][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 187.054806][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.062404][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.071043][ T5796] bridge_slave_1: entered allmulticast mode [ 187.079153][ T5796] bridge_slave_1: entered promiscuous mode [ 187.114138][ T5797] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.121776][ T5797] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.129528][ T5797] bridge_slave_1: entered allmulticast mode [ 187.137975][ T5797] bridge_slave_1: entered promiscuous mode [ 187.178533][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 187.188218][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.195858][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.205070][ T5784] bridge_slave_0: entered allmulticast mode [ 187.214318][ T5784] bridge_slave_0: entered promiscuous mode [ 187.249792][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.257436][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.265263][ T5792] bridge_slave_0: entered allmulticast mode [ 187.274156][ T5792] bridge_slave_0: entered promiscuous mode [ 187.331569][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.339013][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.347497][ T5784] bridge_slave_1: entered allmulticast mode [ 187.355959][ T5784] bridge_slave_1: entered promiscuous mode [ 187.390621][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.398192][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.406455][ T5792] bridge_slave_1: entered allmulticast mode [ 187.415088][ T5792] bridge_slave_1: entered promiscuous mode [ 187.503529][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 187.601993][ T5797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 187.621369][ T5786] team0: Port device team_slave_0 added [ 187.662400][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 187.704976][ T5797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 187.722936][ T5786] team0: Port device team_slave_1 added [ 187.736793][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 187.777961][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 187.843141][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 187.882153][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 187.972649][ T5796] team0: Port device team_slave_0 added [ 188.001645][ T5787] Bluetooth: hci1: command tx timeout [ 188.011159][ T5797] team0: Port device team_slave_0 added [ 188.019709][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 188.027065][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 188.053339][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 188.096487][ T5796] team0: Port device team_slave_1 added [ 188.133432][ T5797] team0: Port device team_slave_1 added [ 188.142284][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 188.149395][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 188.175951][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 188.183520][ T5787] Bluetooth: hci0: command tx timeout [ 188.192448][ T51] Bluetooth: hci2: command tx timeout [ 188.205291][ T5784] team0: Port device team_slave_0 added [ 188.241743][ T5792] team0: Port device team_slave_0 added [ 188.295869][ T5784] team0: Port device team_slave_1 added [ 188.322787][ T5787] Bluetooth: hci4: command tx timeout [ 188.361204][ T5792] team0: Port device team_slave_1 added [ 188.368978][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 188.376223][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 188.402621][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 188.413507][ T5787] Bluetooth: hci3: command tx timeout [ 188.446405][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 188.453632][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 188.480167][ T5797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 188.567908][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 188.575171][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 188.601815][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 188.638727][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 188.645887][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 188.672206][ T5797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 188.685998][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 188.693293][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 188.719680][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 188.815094][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 188.822365][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 188.848703][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 188.862781][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 188.869918][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 188.896279][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 188.913335][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 188.920447][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 188.946754][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 188.969963][ T5786] hsr_slave_0: entered promiscuous mode [ 188.978467][ T5786] hsr_slave_1: entered promiscuous mode [ 189.287976][ T5796] hsr_slave_0: entered promiscuous mode [ 189.296894][ T5796] hsr_slave_1: entered promiscuous mode [ 189.305274][ T5796] debugfs: 'hsr0' already exists in 'hsr' [ 189.311160][ T5796] Cannot create hsr debugfs directory [ 189.329638][ T5784] hsr_slave_0: entered promiscuous mode [ 189.338074][ T5784] hsr_slave_1: entered promiscuous mode [ 189.346197][ T5784] debugfs: 'hsr0' already exists in 'hsr' [ 189.352127][ T5784] Cannot create hsr debugfs directory [ 189.408980][ T5797] hsr_slave_0: entered promiscuous mode [ 189.417787][ T5797] hsr_slave_1: entered promiscuous mode [ 189.425993][ T5797] debugfs: 'hsr0' already exists in 'hsr' [ 189.431959][ T5797] Cannot create hsr debugfs directory [ 189.473765][ T5792] hsr_slave_0: entered promiscuous mode [ 189.483013][ T5792] hsr_slave_1: entered promiscuous mode [ 189.490477][ T5792] debugfs: 'hsr0' already exists in 'hsr' [ 189.496764][ T5792] Cannot create hsr debugfs directory [ 190.081831][ T5787] Bluetooth: hci1: command tx timeout [ 190.241777][ T5787] Bluetooth: hci0: command tx timeout [ 190.247434][ T5787] Bluetooth: hci2: command tx timeout [ 190.401706][ T5787] Bluetooth: hci4: command tx timeout [ 190.481791][ T5787] Bluetooth: hci3: command tx timeout [ 190.685725][ T5786] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 190.737292][ T5786] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 190.767346][ T5786] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 190.787693][ T5786] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 190.887301][ T5796] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 190.925772][ T5796] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 190.948961][ T5796] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 190.967165][ T5796] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 191.192102][ T5797] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 191.220542][ T5797] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 191.246774][ T5797] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 191.269221][ T5797] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 191.718873][ T5784] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 191.748589][ T5784] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 191.772128][ T5784] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 191.792775][ T5784] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 192.126571][ T5792] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 192.163174][ T5787] Bluetooth: hci1: command tx timeout [ 192.170062][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.206810][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.215741][ T5792] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 192.237901][ T5792] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 192.283931][ T5792] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 192.322400][ T5787] Bluetooth: hci2: command tx timeout [ 192.328025][ T51] Bluetooth: hci0: command tx timeout [ 192.420254][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.448344][ T5796] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.483293][ T51] Bluetooth: hci4: command tx timeout [ 192.528690][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.536277][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.572300][ T51] Bluetooth: hci3: command tx timeout [ 192.593852][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.601175][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.628144][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.635494][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.657098][ T5797] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.718668][ T1069] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.726090][ T1069] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.909882][ T5797] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.034070][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.041547][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.096155][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.138357][ T1104] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.145918][ T1104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.427546][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.481032][ T1069] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.488641][ T1069] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.643761][ T1069] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.651267][ T1069] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.740014][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.011766][ T5792] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.115349][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.122885][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.193019][ T1155] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.200467][ T1155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.531040][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.709873][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 195.009455][ T5797] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 195.489628][ T5796] veth0_vlan: entered promiscuous mode [ 195.650610][ T5796] veth1_vlan: entered promiscuous mode [ 195.725344][ T5797] veth0_vlan: entered promiscuous mode [ 195.835487][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 195.880251][ T5797] veth1_vlan: entered promiscuous mode [ 195.956388][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 196.134408][ T5796] veth0_macvtap: entered promiscuous mode [ 196.196242][ T5796] veth1_macvtap: entered promiscuous mode [ 196.333387][ T5797] veth0_macvtap: entered promiscuous mode [ 196.359022][ T5797] veth1_macvtap: entered promiscuous mode [ 196.470918][ T5786] veth0_vlan: entered promiscuous mode [ 196.488587][ T5784] veth0_vlan: entered promiscuous mode [ 196.525656][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 196.598189][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.613379][ T5792] veth0_vlan: entered promiscuous mode [ 196.622755][ T5786] veth1_vlan: entered promiscuous mode [ 196.648754][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 196.678516][ T5784] veth1_vlan: entered promiscuous mode [ 196.730816][ T59] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.769843][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.822443][ T59] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.846955][ T5792] veth1_vlan: entered promiscuous mode [ 196.894105][ T59] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.923613][ T59] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.983258][ T59] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.087902][ T59] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.118679][ T5786] veth0_macvtap: entered promiscuous mode [ 197.155081][ T59] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.219765][ T59] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.238150][ T5786] veth1_macvtap: entered promiscuous mode [ 197.312646][ T5784] veth0_macvtap: entered promiscuous mode [ 197.364641][ T5784] veth1_macvtap: entered promiscuous mode [ 197.498293][ T5792] veth0_macvtap: entered promiscuous mode [ 197.549140][ T5792] veth1_macvtap: entered promiscuous mode [ 197.568729][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 197.603102][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 197.696594][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 197.758429][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 197.803681][ T49] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.845718][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 197.887793][ T49] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.955082][ T1069] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.003525][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 198.018772][ T1069] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.071823][ T1069] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.080823][ T1069] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.156368][ T1069] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.211954][ T1069] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.254453][ T1069] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.338457][ T1069] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.412356][ T1069] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.421366][ T1069] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.206614][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.214875][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.454033][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.462227][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.701712][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.709747][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.913259][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.921301][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.093524][ T5796] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 203.846872][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 203.923299][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 204.502257][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 204.604174][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 204.707927][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 204.900912][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 204.913934][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 204.972906][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 205.013975][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 205.045097][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 205.045165][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 213.334094][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.342412][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.395482][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.403601][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.610872][ T1098] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.622735][ T1098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.698603][ T5984] loop2: detected capacity change from 0 to 512 [ 213.743701][ T5984] EXT4-fs: Ignoring removed oldalloc option [ 213.829303][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.837519][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.944628][ T5984] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 214.022150][ T5984] ext4 filesystem being mounted at /1/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 214.202655][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 214.210711][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 214.375819][ T5989] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.7: bg 0: block 217: padding at end of block bitmap is not set [ 214.466089][ T5988] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.7: bg 0: block 217: padding at end of block bitmap is not set [ 214.520887][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 214.529089][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 214.647834][ T5988] EXT4-fs (loop2): Remounting filesystem read-only [ 214.720013][ T5988] EXT4-fs warning (device loop2): ext4_xattr_inode_lookup_create:1607: inode #19: comm syz.2.7: cleanup dec ref error -117 [ 215.007478][ T5991] loop1: detected capacity change from 0 to 2048 [ 215.066121][ T5991] ======================================================= [ 215.066121][ T5991] WARNING: The mand mount option has been deprecated and [ 215.066121][ T5991] and is ignored by this kernel. Remove the mand [ 215.066121][ T5991] option from the mount to silence this warning. [ 215.066121][ T5991] ======================================================= [ 215.170546][ T5991] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 215.375434][ T5797] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 215.821791][ T1104] Quota error (device loop2): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync! [ 216.463048][ T5995] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 216.812400][ T1104] Quota error (device loop2): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync! [ 216.905750][ T5991] syz.1.2: attempt to access beyond end of device [ 216.905750][ T5991] loop1: rw=8912896, sector=33554430, nr_sectors = 2 limit=2048 [ 216.925769][ T6001] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 218.038842][ T6005] loop3: detected capacity change from 0 to 512 [ 220.735170][ T6005] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.4: invalid indirect mapped block 4294967295 (level 1) [ 220.837748][ T6005] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.4: invalid indirect mapped block 4294967295 (level 1) [ 220.971752][ T6005] EXT4-fs (loop3): 2 truncates cleaned up [ 221.044064][ T6005] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 221.176226][ T6016] 8021q: VLANs not supported on ip6gre0 [ 222.425468][ T6010] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 223.454149][ T5792] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 223.795953][ T6025] netlink: 24 bytes leftover after parsing attributes in process `syz.4.15'. [ 223.893836][ T6028] netlink: 24 bytes leftover after parsing attributes in process `syz.4.15'. [ 224.498642][ T6038] netlink: 76 bytes leftover after parsing attributes in process `syz.0.18'. [ 224.822683][ T6045] netlink: 8 bytes leftover after parsing attributes in process `syz.2.22'. [ 227.664727][ T6065] 8021q: VLANs not supported on ip6gre0 [ 228.416878][ T6071] warning: `syz.3.28' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 228.907778][ T6076] netlink: 24 bytes leftover after parsing attributes in process `syz.0.31'. [ 229.029975][ T6079] netlink: 24 bytes leftover after parsing attributes in process `syz.3.32'. [ 229.495610][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 229.502659][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 230.902642][ T6088] netlink: 8 bytes leftover after parsing attributes in process `syz.0.34'. [ 232.021290][ T6097] netlink: 76 bytes leftover after parsing attributes in process `syz.4.36'. [ 232.211807][ T6098] loop3: detected capacity change from 0 to 512 [ 232.443354][ T6098] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 232.622540][ T6098] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 237.313468][ T5792] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.441295][ T6128] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 237.486085][ T6129] ===================================================== [ 237.493624][ T6129] BUG: KMSAN: uninit-value in pfn_reader_next+0x1d4c/0x3e40 [ 237.501203][ T6129] pfn_reader_next+0x1d4c/0x3e40 [ 237.506472][ T6129] pfn_reader_first+0xbdc/0xcc0 [ 237.511579][ T6129] iopt_area_fill_domains+0x20c/0x13a0 [ 237.517195][ T6129] iopt_map_pages+0x1b97/0x2120 [ 237.522357][ T6129] iopt_map_common+0x224/0x610 [ 237.527330][ T6129] iopt_map_user_pages+0x148/0x1c0 [ 237.532902][ T6129] iommufd_ioas_map+0x6a2/0x9b0 [ 237.537983][ T6129] iommufd_fops_ioctl+0x82a/0x9e0 [ 237.543516][ T6129] __se_sys_ioctl+0x23c/0x400 [ 237.548389][ T6129] __x64_sys_ioctl+0x97/0xe0 [ 237.557274][ T6129] x64_sys_call+0x18a7/0x3e70 [ 237.562232][ T6129] do_syscall_64+0xc9/0xf80 [ 237.566919][ T6129] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.573147][ T6129] [ 237.580754][ T6129] Local variable pfns created at: [ 237.588032][ T6129] iopt_area_fill_domains+0x5c/0x13a0 [ 237.593714][ T6129] iopt_map_pages+0x1b97/0x2120 [ 237.598784][ T6129] [ 237.601216][ T6129] CPU: 1 UID: 0 PID: 6129 Comm: syz.4.41 Not tainted syzkaller #0 PREEMPT(voluntary) [ 237.612703][ T6129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 237.623026][ T6129] ===================================================== [ 237.630078][ T6129] Disabling lock debugging due to kernel taint [ 237.636480][ T6129] Kernel panic - not syncing: kmsan.panic set ... [ 237.643031][ T6129] CPU: 1 UID: 0 PID: 6129 Comm: syz.4.41 Tainted: G B syzkaller #0 PREEMPT(voluntary) [ 237.654362][ T6129] Tainted: [B]=BAD_PAGE [ 237.658598][ T6129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 237.668789][ T6129] Call Trace: [ 237.672177][ T6129] [ 237.675195][ T6129] __dump_stack+0x26/0x30 [ 237.679700][ T6129] dump_stack_lvl+0x50/0x1c0 [ 237.684478][ T6129] ? dump_stack+0x12/0x25 [ 237.689027][ T6129] dump_stack+0x1e/0x25 [ 237.693360][ T6129] vpanic+0x435/0xd40 [ 237.697570][ T6129] panic+0x15d/0x160 [ 237.701755][ T6129] kmsan_report+0x31a/0x320 [ 237.706466][ T6129] ? __msan_warning+0x1b/0x30 [ 237.711319][ T6129] ? pfn_reader_next+0x1d4c/0x3e40 [ 237.716575][ T6129] ? pfn_reader_first+0xbdc/0xcc0 [ 237.721745][ T6129] ? iopt_area_fill_domains+0x20c/0x13a0 [ 237.727535][ T6129] ? iopt_map_pages+0x1b97/0x2120 [ 237.732752][ T6129] ? iopt_map_common+0x224/0x610 [ 237.737918][ T6129] ? iopt_map_user_pages+0x148/0x1c0 [ 237.743435][ T6129] ? iommufd_ioas_map+0x6a2/0x9b0 [ 237.748690][ T6129] ? iommufd_fops_ioctl+0x82a/0x9e0 [ 237.754120][ T6129] ? __se_sys_ioctl+0x23c/0x400 [ 237.759143][ T6129] ? __x64_sys_ioctl+0x97/0xe0 [ 237.764064][ T6129] ? x64_sys_call+0x18a7/0x3e70 [ 237.769103][ T6129] ? do_syscall_64+0xc9/0xf80 [ 237.773959][ T6129] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.780222][ T6129] ? kmsan_get_metadata+0xf1/0x160 [ 237.785554][ T6129] ? kmsan_get_metadata+0xf1/0x160 [ 237.790871][ T6129] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 237.796902][ T6129] ? pfn_reader_user_pin+0x1d9e/0x20b0 [ 237.802530][ T6129] ? iopt_map_pages+0x1b97/0x2120 [ 237.807756][ T6129] ? iopt_map_common+0x224/0x610 [ 237.812900][ T6129] ? iopt_map_user_pages+0x148/0x1c0 [ 237.818492][ T6129] ? iommufd_ioas_map+0x6a2/0x9b0 [ 237.823711][ T6129] ? iommufd_fops_ioctl+0x82a/0x9e0 [ 237.829154][ T6129] ? __se_sys_ioctl+0x23c/0x400 [ 237.834219][ T6129] ? kmsan_get_metadata+0xf1/0x160 [ 237.839577][ T6129] __msan_warning+0x1b/0x30 [ 237.844261][ T6129] pfn_reader_next+0x1d4c/0x3e40 [ 237.849360][ T6129] ? should_fail_ex+0x45/0x8c0 [ 237.854281][ T6129] ? kmsan_get_metadata+0xf1/0x160 [ 237.859609][ T6129] ? kmsan_get_metadata+0xf1/0x160 [ 237.864985][ T6129] ? kmsan_get_metadata+0xf1/0x160 [ 237.870332][ T6129] ? kmsan_get_metadata+0xf1/0x160 [ 237.875686][ T6129] pfn_reader_first+0xbdc/0xcc0 [ 237.880753][ T6129] iopt_area_fill_domains+0x20c/0x13a0 [ 237.886435][ T6129] ? kmsan_get_metadata+0xf1/0x160 [ 237.891756][ T6129] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 237.898327][ T6129] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 237.904625][ T6129] ? kmsan_get_metadata+0xf1/0x160 [ 237.909943][ T6129] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 237.915971][ T6129] iopt_map_pages+0x1b97/0x2120 [ 237.921203][ T6129] iopt_map_common+0x224/0x610 [ 237.926201][ T6129] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 237.932280][ T6129] iopt_map_user_pages+0x148/0x1c0 [ 237.937609][ T6129] iommufd_ioas_map+0x6a2/0x9b0 [ 237.942695][ T6129] ? __pfx_iommufd_ioas_map+0x10/0x10 [ 237.948309][ T6129] iommufd_fops_ioctl+0x82a/0x9e0 [ 237.953606][ T6129] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 237.959407][ T6129] __se_sys_ioctl+0x23c/0x400 [ 237.964279][ T6129] __x64_sys_ioctl+0x97/0xe0 [ 237.969041][ T6129] x64_sys_call+0x18a7/0x3e70 [ 237.973922][ T6129] do_syscall_64+0xc9/0xf80 [ 237.978644][ T6129] ? clear_bhb_loop+0x40/0x90 [ 237.983501][ T6129] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.989605][ T6129] RIP: 0033:0x7f1cd9b9aeb9 [ 237.994162][ T6129] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 238.013957][ T6129] RSP: 002b:00007f1cda9fb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 238.022568][ T6129] RAX: ffffffffffffffda RBX: 00007f1cd9e16180 RCX: 00007f1cd9b9aeb9 [ 238.030669][ T6129] RDX: 0000200000000180 RSI: 0000000000003b85 RDI: 0000000000000006 [ 238.038778][ T6129] RBP: 00007f1cd9c08c1f R08: 0000000000000000 R09: 0000000000000000 [ 238.046926][ T6129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 238.055008][ T6129] R13: 00007f1cd9e16218 R14: 00007f1cd9e16180 R15: 00007ffe7154ad28 [ 238.063157][ T6129] [ 238.066918][ T6129] Kernel Offset: disabled [ 238.071313][ T6129] Rebooting in 86400 seconds..