last executing test programs: 25.238842757s ago: executing program 4 (id=5): socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket(0x2000000000000021, 0x2, 0x10000000000002) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x3, 0xf, &(0x7f00000002c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7", @ANYRES32, @ANYRESHEX=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) connect$rxrpc(r2, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24) sendmmsg(r2, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r2, &(0x7f0000000d00), 0xf000, 0x10002, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x0, 0x800010, 0x0, 0x2, 0x89, 0x8, 0xb319, 0x3}, 0x0) r3 = syz_open_dev$dri(0x0, 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r3, 0xc01064c8, &(0x7f00000001c0)={0x0, 0x0, 0x0}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x15) read(r5, 0x0, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x34, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000840}, 0x8040) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0xfffffffe, @empty, 0xcac2d78b}}, 0x0, 0x0, 0x43, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae36556dd38ea6c029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8) connect$inet6(r4, &(0x7f0000000240)={0xa, 0x0, 0x0, @loopback, 0xfffffffd}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000180)=@ccm_128={{0x303}, "c3dcca97db272ca1", "b1bd96cbf7c8b6d1aa82f8f3f991b3bb", "0516d22f", "c6752d083db10feb"}, 0x28) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000200), 0x4) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x188}}], 0x1, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-aes-neonbs\x00'}, 0x58) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 20.049434951s ago: executing program 2 (id=23): socket$inet(0x2, 0x4000000000000001, 0x0) socket$inet6(0xa, 0x1, 0x8010000000000084) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r2, &(0x7f0000000200)={0x10, 0x0, 0xffffffff, 0x80065c9}, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900038073797a3200000000140000001100014707a082b1"], 0x7c}, 0x1, 0x0, 0x0, 0x25}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x30, 0x12, 0xa, 0x201, 0x6000000, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x58}}, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) syz_emit_ethernet(0x32, &(0x7f0000000040)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x7, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local, {[@generic={0x94, 0x6, "d853bd7a"}, @noop, @noop]}}, @address_request={0x11, 0x0, 0x0, 0x90b6}}}}}, 0x0) 15.152856359s ago: executing program 2 (id=33): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a0300000000000000000007"], 0xe4}, 0x1, 0x0, 0x0, 0x10}, 0x4000) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000300)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="3f9d00000000000000001700000008000300", @ANYRES32=r2, @ANYBLOB="60003080050002000000000014000400403a050c5bae9c544ef2b6d713459a7a1c0001800500020000000000080004000500000008000100020000"], 0x7c}, 0x1, 0x0, 0x0, 0x4004}, 0x0) 13.54255694s ago: executing program 2 (id=35): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x49a6a03276b449aa, 0x54, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x3ff4, 0x0, 0x2, 0x1000003}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) r0 = syz_open_dev$vbi(&(0x7f0000000140), 0x3, 0x2) mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x197, 0x0) r1 = syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x10000, 0x0, 0x100002cf}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000005580)=""/102392, 0x18ff8) mount(&(0x7f0000000200)=@rnullb, &(0x7f0000000240)='./file0\x00', &(0x7f00000002c0)='aufs\x00', 0x9010, &(0x7f0000000300)='eth0\x00') madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000e56000/0x4000)=nil, 0x4000, 0x11) ioctl$VIDIOC_SUBDEV_S_SELECTION(0xffffffffffffffff, 0xc040563e, &(0x7f0000000180)={0x0, 0x0, 0x102, 0x6, {0x5, 0x9, 0xd, 0x58}}) syz_io_uring_submit(r2, r3, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) r5 = socket(0x10, 0x3, 0x0) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0xe000, &(0x7f0000000200)=[{&(0x7f0000000240)="d8000000180081064e81f782db4cb904021d0800fd027c05e8fe55a10a0006000140020203600e41b0000900ac00060311000000a4000500000080200004015c3b61c1d67f6f94007134cf6efb8000a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000000008af26c8b7b55f4d3a6823a45f28fcb1d", 0xd8}], 0x1}, 0x40) sendmmsg(r5, &(0x7f0000000000), 0x4000000000001f2, 0x0) io_uring_enter(r1, 0x7a98, 0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000040)={0xc, @pix_mp={0x8, 0x4000000, 0x55595659, 0x0, 0x3, [{0x1}, {0x6}, {0x2, 0x6}, {0x0, 0x80027fff}, {0xffffff80, 0x9}, {0x2, 0x100003}, {0x6, 0xfff}, {0x4, 0x3ff}], 0xce, 0x1, 0x6, 0x3, 0x6}}) r7 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_buf(r7, 0x6, 0xd, 0x0, 0x0) getsockopt$inet6_mptcp_buf(r7, 0x11c, 0x2, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x3ff4) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x5, 0x0) 12.888895995s ago: executing program 0 (id=37): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000000, 0x80010, r0, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x14}}, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000005c0)={&(0x7f0000000240)="bde24cded07e0282f9bc90786a35", &(0x7f0000000340)=""/80, &(0x7f00000003c0), &(0x7f00000004c0)="b42963f24ce591f3311fdb4bb943106c6fee707aed7032cbaaa2d78922fd38e59f35f9ea54878c7ddf071fec0bab7307b17a276aeaa80ca6489e32d093ff071e20002dcd51ee501efcff9745b89e35d051182e9a2a5e8e8ab895aced8039eabae3ee26f891dbbb57a1732727960a6310a36103dd560efa19c5c1ab6bd9", 0x1, r0}, 0x38) getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x19, 0x0, &(0x7f0000000080)) r4 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/net\x00') sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x38, r3, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x2}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r4}]}, 0x38}, 0x1, 0x0, 0x0, 0x8002}, 0x40004840) 12.771401867s ago: executing program 2 (id=39): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x4b301, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000240)=0xd) r1 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x30000011}) writev(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x1000, 0x80000100008a}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) kcmp(r2, r2, 0x1, 0xffffffffffffffff, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x400000bce) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(0x4) 11.956368471s ago: executing program 0 (id=41): r0 = socket$inet(0x2, 0x3, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="01002dbd0600ffdbdb252100000008000300", @ANYRES32=r2, @ANYBLOB="0600eb00000800000400ec000a0006"], 0x44}, 0x1, 0x0, 0x0, 0x4048020}, 0x20000) 10.615707842s ago: executing program 0 (id=42): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$sndctrl(&(0x7f0000000080), 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setgroups(0x40000000000002e6, &(0x7f0000000140)=[0x0]) syz_open_dev$video4linux(&(0x7f0000000100), 0x2, 0x201) 10.012542065s ago: executing program 32 (id=5): socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket(0x2000000000000021, 0x2, 0x10000000000002) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x3, 0xf, &(0x7f00000002c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7", @ANYRES32, @ANYRESHEX=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) connect$rxrpc(r2, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24) sendmmsg(r2, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r2, &(0x7f0000000d00), 0xf000, 0x10002, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x0, 0x800010, 0x0, 0x2, 0x89, 0x8, 0xb319, 0x3}, 0x0) r3 = syz_open_dev$dri(0x0, 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r3, 0xc01064c8, &(0x7f00000001c0)={0x0, 0x0, 0x0}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x15) read(r5, 0x0, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x34, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000840}, 0x8040) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0xfffffffe, @empty, 0xcac2d78b}}, 0x0, 0x0, 0x43, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae36556dd38ea6c029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8) connect$inet6(r4, &(0x7f0000000240)={0xa, 0x0, 0x0, @loopback, 0xfffffffd}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000180)=@ccm_128={{0x303}, "c3dcca97db272ca1", "b1bd96cbf7c8b6d1aa82f8f3f991b3bb", "0516d22f", "c6752d083db10feb"}, 0x28) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000200), 0x4) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x188}}], 0x1, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-aes-neonbs\x00'}, 0x58) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 9.197319867s ago: executing program 1 (id=45): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40182, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_GUEST_MEMFD(r3, 0xc040aed4, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x4000000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x5, 0x8, 0x8005, 0x0, 0x9, 0x1000000000, 0x7, 0xfa11, 0x6}, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') getdents(r7, &(0x7f0000001fc0)=""/184, 0xb8) mknodat$loop(r7, &(0x7f0000000000)='./file0\x00', 0x4, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@ipv6_newrule={0x30, 0x20, 0x1, 0x70bda7, 0x0, {0xa, 0x0, 0x0, 0x40}, [@FIB_RULE_POLICY=@FRA_IIFNAME={0x14, 0x3, 'hsr0\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x24040804}, 0x4008000) sendmsg$nl_route(r8, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x40084) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x18, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}, [@nested={0x4, 0x11}]}, 0x18}, 0x1, 0x0, 0x0, 0x42804}, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$ETHTOOL_MSG_PAUSE_SET(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001e0000000c00018008000100", @ANYRES32=r11, @ANYBLOB="05000300"], 0x28}}, 0x80) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@getchain={0x4c, 0x66, 0xfcd66a900070b359, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x1}, {0xe, 0xfff1}, {0xfff3, 0x9}}, [{0x8, 0xb, 0x1}, {0x8, 0xb, 0xe7ed}, {0x8, 0xb, 0xc0}, {0x8, 0xb, 0x100}, {0x8, 0xb, 0xea78}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4048081}, 0x4000) 8.772065829s ago: executing program 2 (id=46): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x3e, 0x208604) r1 = syz_usb_connect$cdc_ecm(0x0, 0x5e, &(0x7f0000000000)=ANY=[@ANYBLOB="12011001020000402505a1a440000102030d0902"], 0x0) syz_usb_disconnect(r1) syz_usb_disconnect(r0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc000905850200"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) read$char_usb(r2, &(0x7f0000000500)=""/68, 0x44) syz_usb_disconnect(r1) 8.640511911s ago: executing program 3 (id=47): socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2e) syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil) r3 = openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0) r4 = socket(0x2b, 0x80801, 0x1) setsockopt$inet6_mtu(r4, 0x29, 0x1e, &(0x7f00000000c0), 0x4) write$cgroup_subtree(r3, &(0x7f00000004c0)=ANY=[], 0xe) capget(0x0, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000600)=ANY=[@ANYBLOB="b8000000190001002dbd70000000000000000000000000000000000000000001fe8000000000000000000000000000bb00000000000000000a000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000c00000000000000000000000000000000000000000000000000000000000000fffffffffeffffff0000800000200000fcffffffffffffff0000000000000000000a000000000000040000000000000002e3b5000000000800000000000000000101"], 0xb8}}, 0x4) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@updpolicy={0xb8, 0x19, 0x1, 0xfffffffc, 0x0, {{@in=@dev={0xac, 0x14, 0x14, 0x2c}, @in6=@local, 0x4e22, 0x0, 0x4e24, 0x0, 0xa, 0x0, 0x60}, {0x0, 0x1000000000000401, 0xfffffffffffffffe, 0x40000000, 0x0, 0x1a, 0x1, 0xfffffffffffffffe}, {0x7a, 0x5, 0x0, 0x7fff}, 0x8, 0x0, 0x1, 0x0, 0x3}}, 0xb8}}, 0x8044) sendto$inet6(r5, &(0x7f0000000240)="c8", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x1, @dev={0xfe, 0x80, '\x00', 0x36}, 0x9}, 0x1c) 6.885871141s ago: executing program 1 (id=48): socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[], 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x2}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xbf) socket$igmp6(0xa, 0x3, 0x2) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r4 = dup(r3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x8012, r4, 0x2000) ioctl$VIDIOC_S_CROP(r4, 0x4014563c, &(0x7f00000001c0)={0x6, {0xffffff32, 0x8c6f, 0x6a}}) r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, 0x0) rmdir(&(0x7f0000000040)='./cgroup/../file0\x00') bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/61}, 0x20) socket$nl_netfilter(0x10, 0x3, 0xc) clock_getres(0x6, &(0x7f0000000100)={0x0, 0x0}) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0xfffffffffffffeb9, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYRESDEC=r6], 0x2c}, 0x1, 0x0, 0x0, 0x40080}, 0x0) 6.009368406s ago: executing program 3 (id=49): getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x30) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x2, 0x7, 0xfffffe0001000001, 0xfa11, 0xffffffff}, 0x0) r2 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x0) r3 = fsmount(r2, 0x0, 0x0) fchdir(r3) mkdir(&(0x7f00000008c0)='./bus\x00', 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101400, 0xad) lseek(r4, 0x100000001, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) r7 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r8 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r8, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x8000, @rand_addr=0xfffffffffffffffe}, 0x10) listen(r8, 0xda90) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r7, 0x100000000) ioctl$IOMMU_HWPT_ALLOC$NONE(r5, 0x3b89, &(0x7f0000000000)={0x28, 0x2, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000) 5.712092245s ago: executing program 1 (id=50): preadv(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000001240)=""/1, 0x1}], 0x1, 0x0, 0x2) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000023896) ioctl$TCSBRKP(r0, 0x5425, 0x1) r2 = epoll_create(0x1) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_usb_connect$uac1(0x5, 0x0, 0x0, 0x0) syz_usb_connect$hid(0x2, 0x94, 0x0, 0x0) r3 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r3, 0xc0405602, 0x0) setsockopt$CAN_RAW_RECV_OWN_MSGS(0xffffffffffffffff, 0x65, 0x4, 0x0, 0x0) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x630400, 0x0) openat$cgroup_ro(r4, 0x0, 0x0, 0x0) syz_open_dev$vim2m(&(0x7f0000000040), 0xf7f, 0x2) socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'lo\x00'}) ptrace(0x10, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x400000000002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x30, r8, 0x1, 0x0, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x1, 0x0, 0x2000000}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x1004) 4.475922338s ago: executing program 3 (id=51): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f00000002c0)={0x0, 0x1c2b, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180), &(0x7f00000001c0)) r3 = socket$nl_route(0x10, 0x3, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x19, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xfffffc01, 0x0, 0x0, 0x0, 0xf4fa}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @func={0x85, 0x0, 0x1, 0x0, 0x7}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000280)='syzkaller\x00', 0x7fffffff, 0x3d, &(0x7f0000000440)=""/61, 0x40f00, 0x0, '\x00', 0x0, 0x25, r1, 0x8, &(0x7f0000000480)={0x9, 0x2}, 0x8, 0x10, &(0x7f00000004c0)={0x1, 0x1, 0x81, 0x5}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000500)=[r1, r1, r1, r1], &(0x7f0000000740)=[{0x2, 0x5, 0x6, 0x1}, {0x5, 0x2, 0xf, 0xa}, {0x4, 0x2, 0x8, 0x8}, {0x3, 0x1, 0xb, 0x6}], 0x10, 0x2a}, 0x94) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000008c0)=@newlink={0x58, 0x10, 0x801, 0x70bd28, 0xfffffffe, {0x0, 0x0, 0x0, 0x0, 0x0, 0x42004}, [@IFLA_GROUP={0x8}, @IFLA_XDP={0x1c, 0x2b, 0x0, 0x1, [@IFLA_XDP_EXPECTED_FD={0x8, 0x8, r3}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x19}, @IFLA_XDP_EXPECTED_FD={0x8, 0x8, r4}]}, @IFLA_IFALIAS={0x14, 0x14, 'macvlan0\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x20}, 0x0) io_uring_enter(r2, 0x2ded, 0x4000, 0x4, 0x0, 0x0) r5 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000940)="57f40956c8a73fced25a958d9344746a5c3d07950ecf5b2d89e2c783ac082565e8c94edee9ae2a24b0b925438be888317de67e3f74808e13eab027dae34f70315c9d1bc4df9cda9cf1d23f8451be3b7273824e501d56a169a1bb2b55fd1fd0c280509342fb583c935d2b4cee059e2f0e2e62ce03de4c522668e9f2f0e44e1335a7fbc4682d30", 0x86) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r6, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r6, 0x84, 0x7a, &(0x7f0000000340)={0x0, @in6={{0xa, 0x3, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x5}}}, &(0x7f0000000040)=0xbc) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x7d, &(0x7f0000000040)={0x0, 0x7fffffff}, 0x8) listen(r5, 0x0) r7 = accept4(r5, 0x0, 0x0, 0x80800) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), r1) sendmsg$TIPC_NL_LINK_SET(r7, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f0000000540)={0x180, r8, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x10000000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x40}]}, @TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x3}]}, @TIPC_NLA_MEDIA={0x28, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}]}]}, @TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'xfrm0\x00'}}]}, @TIPC_NLA_NET={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_ADDR={0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xc}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x101}]}, @TIPC_NLA_BEARER={0x7c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0xe16, @dev={0xfe, 0x80, '\x00', 0x24}, 0x200}}, {0x14, 0x2, @in={0x2, 0x4e24, @private=0xa010102}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'macvtap0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x6}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}, @TIPC_NLA_NET={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4ab965e7}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x4}, @TIPC_NLA_NET_NODEID={0xc}]}]}, 0x180}}, 0x4800) ioctl$TUNSETCARRIER(r1, 0x400454e2, &(0x7f0000000200)=0x1) 4.474833584s ago: executing program 0 (id=52): socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000000500)={0xf000000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f910, 0xffffc081, '\x00', @p_u8=&(0x7f00000003c0)=0xc2}}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) openat$fb0(0xffffffffffffff9c, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000005580)=""/102392, 0x18ff8) r3 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000340), &(0x7f00000001c0)=0xc) sendmsg$nl_generic(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x2a, 0x107, 0xfffffffc, 0x0, {0x5, 0x7c}}, 0x14}, 0x1, 0x0, 0x0, 0x488c4}, 0xc000) bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 3.860515792s ago: executing program 0 (id=53): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103", @ANYRES16], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f0000000c80)=ANY=[@ANYBLOB="00000c040000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = gettid() wait4(r1, 0x0, 0x40000000, 0x0) r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298}) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00005cf000/0x4000)=nil, 0x400000, 0x2, 0x2}) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f00000000c0)=ANY=[@ANYBLOB='@\b$\x00\x00\x00'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 3.626928556s ago: executing program 1 (id=54): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)={0x1}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000002000/0x18000)=nil, 0x0, 0x0, 0x4498bda7e2139f51, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x5, 0x7fff, 0x1000200004, 0x4, 0x2, 0x0, 0x1], 0x8080000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.28436545s ago: executing program 3 (id=55): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd04, 0x24dfdbff, {0x0, 0x0, 0x0, 0x0, {0x4, 0xa}, {}, {0xfff2, 0xb}}, [@filter_kind_options=@f_bpf={{0x8}, {0xc, 0x2, [@TCA_BPF_CLASSID={0x8, 0x3, {0x0, 0xb}}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_TDLS_OPER(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x1c}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000400)={0x38, r1, 0x209, 0x0, 0x25dfdbfe, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @loopback={0xff00000000000000}}, @FOU_ATTR_IFINDEX={0x8, 0xb, r3}]}, 0x38}}, 0x0) 3.082736293s ago: executing program 3 (id=56): socket$inet6_udp(0xa, 0x2, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1e0) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) socket$netlink(0x10, 0x3, 0x15) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) syz_io_uring_setup(0x239, 0x0, 0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(0x0, r1, 0x0) write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x217) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f000001b700)=""/102392, 0x18ff8) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x881, 0x0) socket(0x23, 0x5, 0x2) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x3c1, 0x3, 0x460, 0x0, 0x268, 0x300, 0x0, 0x268, 0x390, 0x460, 0x460, 0x390, 0x460, 0x9, 0x0, {[{{@uncond, 0x0, 0x230, 0x258, 0x0, {0x9401}, [@common=@inet=@hashlimit2={{0x150}, {'hsr0\x00', {0x0, 0x9, 0x0, 0x0, 0x0, 0x5, 0x9}}}, @common=@unspec=@time={{0x38}, {0x0, 0x0, 0x10000000}}]}, @common=@unspec=@NFQUEUE2={0x28}}, {{@ipv6={@private2, @remote, [], [], 'ip6gretap0\x00', 'ip6_vti0\x00'}, 0x0, 0xd0, 0x138, 0x0, {}, [@common=@ipv6header={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4c0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040844) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @local}, 0x3}, 0x1c) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_sys\x00', 0x275a, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x2a, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) 2.973325177s ago: executing program 2 (id=57): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40182, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_GUEST_MEMFD(r3, 0xc040aed4, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x4000000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x5, 0x8, 0x8005, 0x0, 0x9, 0x1000000000, 0x7, 0xfa11, 0x6}, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') getdents(r7, &(0x7f0000001fc0)=""/184, 0xb8) mknodat$loop(r7, &(0x7f0000000000)='./file0\x00', 0x4, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@ipv6_newrule={0x30, 0x20, 0x1, 0x70bda7, 0x0, {0xa, 0x0, 0x0, 0x40}, [@FIB_RULE_POLICY=@FRA_IIFNAME={0x14, 0x3, 'hsr0\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x24040804}, 0x4008000) sendmsg$nl_route(r8, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x40084) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x18, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}, [@nested={0x4, 0x11}]}, 0x18}, 0x1, 0x0, 0x0, 0x42804}, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$ETHTOOL_MSG_PAUSE_SET(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001e0000000c00018008000100", @ANYRES32=r11, @ANYBLOB="05000300"], 0x28}}, 0x80) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@getchain={0x4c, 0x66, 0xfcd66a900070b359, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x1}, {0xe, 0xfff1}, {0xfff3, 0x9}}, [{0x8, 0xb, 0x1}, {0x8, 0xb, 0xe7ed}, {0x8, 0xb, 0xc0}, {0x8, 0xb, 0x100}, {0x8, 0xb, 0xea78}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4048081}, 0x4000) 1.706694374s ago: executing program 1 (id=58): socket$nl_crypto(0x10, 0x3, 0x15) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x4}, 0x10) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='projid_map\x00') prctl$PR_SET_SECCOMP(0x16, 0xe7, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_clone(0x2000, 0x0, 0xff36, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000040)={"6538535a2270f2bfb7a7624449262a0d764e59779d15ef996f25c5c3f2c04f8d"}) shmctl$SHM_UNLOCK(0x0, 0xc) write(r0, &(0x7f0000000080)="240000001a007f0214f9f4070009040803000000000000050002000008000f40fe00000e", 0x24) 1.704961953s ago: executing program 3 (id=59): socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[], 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x2}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xbf) socket$igmp6(0xa, 0x3, 0x2) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r4 = dup(r3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x8012, r4, 0x2000) ioctl$VIDIOC_S_CROP(r4, 0x4014563c, &(0x7f00000001c0)={0x6, {0xffffff32, 0x8c6f, 0x6a}}) r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, 0x0) rmdir(&(0x7f0000000040)='./cgroup/../file0\x00') bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/61}, 0x20) socket$nl_netfilter(0x10, 0x3, 0xc) clock_getres(0x6, &(0x7f0000000100)={0x0, 0x0}) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0xfffffffffffffeb9, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYRESDEC=r6], 0x2c}, 0x1, 0x0, 0x0, 0x40080}, 0x0) 14.187197ms ago: executing program 1 (id=60): socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00') socket(0x1, 0x80000, 0x3a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x6, 0x8, 0x8001, 0x0, 0x9, 0x4, 0xfffffe0000000001, 0xfa14, 0xffffffff}, 0x0) r2 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) ioctl$IMDELTIMER(r2, 0x80044941, &(0x7f00000000c0)=0x2) openat$vimc2(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$evdev(0x0, 0xa, 0x300) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000f40)=@raw={'raw\x00', 0x8, 0x3, 0x478, 0x1c0, 0xffffffff, 0xffffffff, 0x1c0, 0xffffffff, 0x3a8, 0xffffffff, 0xffffffff, 0x3a8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@remote, @loopback, [0xff, 0x0, 0xff, 0xff], [0xffffffff, 0xff, 0xff], 'team_slave_0\x00', 'netdevsim0\x00', {}, {0xff}, 0x29, 0x3, 0x0, 0x60}, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x9, 0x2, 0x24, 0x0, 'syz0\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x1c8, 0x1e8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x1, 'syz0\x00', 0xfe}}, @common=@mh={{0x28}, {"b11c", 0x1}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d8) quotactl_fd$Q_GETFMT(0xffffffffffffffff, 0xffffffff80000402, 0xffffffffffffffff, 0x0) ioprio_set$pid(0x3, 0x0, 0x0) ioprio_get$uid(0x3, 0x0) r4 = open(&(0x7f00000003c0)='./file0\x00', 0x48040, 0x0) finit_module(r4, 0x0, 0x2) 0s ago: executing program 0 (id=61): openat$sequencer(0xffffffffffffff9c, 0x0, 0x80200, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000380)={0xc}) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x100000a, 0x4082172, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc22, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$SNDCTL_SYNTH_INFO(r1, 0xc08c5102, 0x0) ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000100)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x5, 0xfffe, 0x4, 0x0, {0xa, 0x4e21, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x9}}}, 0x32) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_GET(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x1c, r4, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40081}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x840}, 0x0) r6 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r6, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r6, 0x1, 0x3e, &(0x7f0000000100)=r7, 0x4) sendmsg$inet(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000480)="b9693e14ae39b9d4956589cd4383940ab3b40d07cb4c156f3ca6fc88de9cb8a4ecac59ed49fd2b216619907a0b6431db4058ea0fc81a8a2c0d90fe4a4d001cb9ee95d2753b07a7825250f7428fd1147c0143bfdaa681777e472c350000a1e49900194dc22df4c565e5e7dbf454da7e3171f9736ec5b31348bd11c559d531fc5ad17bb24275fe9a24f69f4c0d44458071aff8d3c4783a7f1ccd3442264f6416fda9da7fe6f999f956700335e3e6a034413af8c4ba7c00"/195, 0xc3}, {&(0x7f0000000380)="248d7ac09ae9afb8954f66838ae5bb401e1c656014c4c8af25db88b25065cb5a4c7073b230eb916c6ff171fd78611ff70f30b9e77db814a1d43c7fa7a70c0df21e728ed51b836e0ce6f3faf0e4817093867621b5e0c03cf4638bc53de55de11380d10ae2775154c1069ae25d99ff710f4bbf7b5e76282c2df5a2d1f289179a74a84d8aceef5d869e05cc5117f25cd1e4d2461a95237c2fa3ba38e181e3f23a3cde974dfa75aecc3b2ce33369ad52580a6cd143f10ac7e783955969b8bd05a524f919a2fd9d3cbd055b5d2f7f00ca58f6b770492f471dc3b6b3b101d10f157ec9f68dac9b8d18cf8b", 0xe8}, {&(0x7f0000000240)="a3df552cfd633a6742d5c27a9fc4f4", 0xffffff53}], 0x3}, 0x4009080) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.56' (ED25519) to the list of known hosts. [ 97.826042][ T31] cfg80211: failed to load regulatory.db [ 98.088358][ T5779] cgroup: Unknown subsys name 'net' [ 98.308388][ T5779] cgroup: Unknown subsys name 'cpuset' [ 98.364444][ T5779] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 100.184924][ T5779] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 102.461181][ T5805] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 102.469715][ T5805] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 102.473669][ T5805] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 102.481637][ T5805] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 102.487144][ T5805] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 102.488658][ T5805] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 102.493042][ T5805] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 102.508246][ T5805] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 102.510773][ T5805] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 102.511194][ T5805] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 102.513522][ T5805] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 102.522448][ T5805] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 102.523600][ T5805] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 102.524715][ T5805] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 102.526584][ T5805] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 102.527359][ T5805] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 102.528369][ T5805] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 102.529796][ T5805] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 102.530516][ T5805] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 102.533558][ T60] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 102.536084][ T60] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 102.537545][ T5808] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 102.541422][ T5111] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 102.542541][ T5111] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 102.555419][ T60] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 103.584511][ T5792] chnl_net:caif_netlink_parms(): no params data found [ 103.612756][ T5795] chnl_net:caif_netlink_parms(): no params data found [ 103.643279][ T5793] chnl_net:caif_netlink_parms(): no params data found [ 103.714983][ T5791] chnl_net:caif_netlink_parms(): no params data found [ 103.720511][ T5794] chnl_net:caif_netlink_parms(): no params data found [ 104.007098][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.008663][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.008822][ T5792] bridge_slave_0: entered allmulticast mode [ 104.010511][ T5792] bridge_slave_0: entered promiscuous mode [ 104.074609][ T5795] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.074706][ T5795] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.075058][ T5795] bridge_slave_0: entered allmulticast mode [ 104.076566][ T5795] bridge_slave_0: entered promiscuous mode [ 104.079063][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.079193][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.079354][ T5792] bridge_slave_1: entered allmulticast mode [ 104.081230][ T5792] bridge_slave_1: entered promiscuous mode [ 104.127691][ T5793] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.127817][ T5793] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.128342][ T5793] bridge_slave_0: entered allmulticast mode [ 104.131103][ T5793] bridge_slave_0: entered promiscuous mode [ 104.144099][ T5795] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.144268][ T5795] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.144548][ T5795] bridge_slave_1: entered allmulticast mode [ 104.147056][ T5795] bridge_slave_1: entered promiscuous mode [ 104.217022][ T5793] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.217137][ T5793] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.217760][ T5793] bridge_slave_1: entered allmulticast mode [ 104.220241][ T5793] bridge_slave_1: entered promiscuous mode [ 104.259438][ T5791] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.259547][ T5791] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.259741][ T5791] bridge_slave_0: entered allmulticast mode [ 104.261930][ T5791] bridge_slave_0: entered promiscuous mode [ 104.264873][ T5794] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.264977][ T5794] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.265900][ T5794] bridge_slave_0: entered allmulticast mode [ 104.268408][ T5794] bridge_slave_0: entered promiscuous mode [ 104.328142][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.331840][ T5794] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.331910][ T5794] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.332055][ T5794] bridge_slave_1: entered allmulticast mode [ 104.338025][ T5794] bridge_slave_1: entered promiscuous mode [ 104.376036][ T5795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.376531][ T5791] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.376657][ T5791] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.376964][ T5791] bridge_slave_1: entered allmulticast mode [ 104.381071][ T5791] bridge_slave_1: entered promiscuous mode [ 104.391679][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.422081][ T5793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.427245][ T5795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.488409][ T5793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.615937][ T5797] Bluetooth: hci0: command tx timeout [ 104.691995][ T5794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.696403][ T5797] Bluetooth: hci2: command tx timeout [ 104.696516][ T5797] Bluetooth: hci3: command tx timeout [ 104.696584][ T5797] Bluetooth: hci1: command tx timeout [ 104.696646][ T5797] Bluetooth: hci4: command tx timeout [ 104.752143][ T5791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.766734][ T5792] team0: Port device team_slave_0 added [ 104.770226][ T5794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.823386][ T5795] team0: Port device team_slave_0 added [ 104.833292][ T5791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.837765][ T5792] team0: Port device team_slave_1 added [ 104.861621][ T5793] team0: Port device team_slave_0 added [ 104.863657][ T5795] team0: Port device team_slave_1 added [ 104.915166][ T5793] team0: Port device team_slave_1 added [ 104.958151][ T5794] team0: Port device team_slave_0 added [ 104.984791][ T5791] team0: Port device team_slave_0 added [ 104.985904][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.985913][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.985925][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.989386][ T5794] team0: Port device team_slave_1 added [ 105.006805][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.006821][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 105.006848][ T5795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.012349][ T5791] team0: Port device team_slave_1 added [ 105.013170][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.013183][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 105.013207][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.038628][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.038646][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 105.038666][ T5793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.041927][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.041944][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 105.041967][ T5795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.102465][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.102484][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 105.102507][ T5793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.141710][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.141727][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 105.141750][ T5794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.166567][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.166584][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 105.166607][ T5791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.168040][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.168054][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 105.168077][ T5794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.213366][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.213383][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 105.213406][ T5791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.318349][ T5792] hsr_slave_0: entered promiscuous mode [ 105.320050][ T5792] hsr_slave_1: entered promiscuous mode [ 105.407275][ T5795] hsr_slave_0: entered promiscuous mode [ 105.408662][ T5795] hsr_slave_1: entered promiscuous mode [ 105.409788][ T5795] debugfs: 'hsr0' already exists in 'hsr' [ 105.409903][ T5795] Cannot create hsr debugfs directory [ 105.422318][ T5793] hsr_slave_0: entered promiscuous mode [ 105.423586][ T5793] hsr_slave_1: entered promiscuous mode [ 105.425780][ T5793] debugfs: 'hsr0' already exists in 'hsr' [ 105.425809][ T5793] Cannot create hsr debugfs directory [ 105.529680][ T5794] hsr_slave_0: entered promiscuous mode [ 105.531138][ T5794] hsr_slave_1: entered promiscuous mode [ 105.532289][ T5794] debugfs: 'hsr0' already exists in 'hsr' [ 105.532319][ T5794] Cannot create hsr debugfs directory [ 105.562686][ T5791] hsr_slave_0: entered promiscuous mode [ 105.566763][ T5791] hsr_slave_1: entered promiscuous mode [ 105.568120][ T5791] debugfs: 'hsr0' already exists in 'hsr' [ 105.568532][ T5791] Cannot create hsr debugfs directory [ 106.695129][ T5804] Bluetooth: hci0: command tx timeout [ 106.765790][ T5792] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 106.774205][ T5804] Bluetooth: hci4: command tx timeout [ 106.774239][ T5804] Bluetooth: hci1: command tx timeout [ 106.774259][ T5804] Bluetooth: hci3: command tx timeout [ 106.774277][ T5804] Bluetooth: hci2: command tx timeout [ 106.835897][ T5792] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 106.861300][ T5792] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 106.916258][ T5792] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 107.042215][ T5794] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 107.083632][ T5794] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 107.139178][ T5794] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 107.209883][ T5794] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 107.359036][ T5791] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 107.401957][ T5791] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 107.448226][ T5791] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 107.506408][ T5791] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 107.672883][ T5795] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 107.715457][ T5795] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 107.757266][ T5795] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 107.825836][ T5795] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 108.016373][ T5793] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 108.066772][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.068615][ T5793] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 108.116857][ T5793] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 108.163395][ T5793] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 108.271535][ T5792] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.285286][ T5794] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.320619][ T4539] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.321599][ T4539] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.371752][ T4539] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.371968][ T4539] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.406419][ T5794] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.441186][ T4539] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.441322][ T4539] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.447236][ T5791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.491271][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.491456][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.555315][ T5791] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.601150][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.601599][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.625378][ T5795] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.641567][ T3583] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.642471][ T3583] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.770448][ T5793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.774023][ T5797] Bluetooth: hci0: command tx timeout [ 108.781014][ T5795] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.838181][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.838371][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.854910][ T5797] Bluetooth: hci2: command tx timeout [ 108.854944][ T5797] Bluetooth: hci3: command tx timeout [ 108.854965][ T5797] Bluetooth: hci1: command tx timeout [ 108.854985][ T5797] Bluetooth: hci4: command tx timeout [ 108.890287][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.890519][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.913082][ T5793] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.979004][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.979137][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.003255][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.003342][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.203572][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.381204][ T5794] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.432942][ T5791] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.541441][ T5792] veth0_vlan: entered promiscuous mode [ 109.622454][ T5792] veth1_vlan: entered promiscuous mode [ 109.690926][ T5794] veth0_vlan: entered promiscuous mode [ 109.732849][ T5794] veth1_vlan: entered promiscuous mode [ 109.755514][ T5793] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.762715][ T5791] veth0_vlan: entered promiscuous mode [ 109.782480][ T5795] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.842981][ T5792] veth0_macvtap: entered promiscuous mode [ 109.856923][ T5791] veth1_vlan: entered promiscuous mode [ 109.885528][ T5792] veth1_macvtap: entered promiscuous mode [ 109.986824][ T5794] veth0_macvtap: entered promiscuous mode [ 110.030504][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.033187][ T5794] veth1_macvtap: entered promiscuous mode [ 110.117976][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.143177][ T5793] veth0_vlan: entered promiscuous mode [ 110.154421][ T5791] veth0_macvtap: entered promiscuous mode [ 110.178973][ T56] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.196708][ T56] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.201483][ T5791] veth1_macvtap: entered promiscuous mode [ 110.217701][ T56] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.232489][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.232574][ T4539] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.239859][ T5793] veth1_vlan: entered promiscuous mode [ 110.326359][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.399769][ T4539] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.405858][ T4539] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.420293][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.420392][ T4539] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.470927][ T4539] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.506445][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.652613][ T4539] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.677585][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.677607][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.681930][ T4539] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.712270][ T4539] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.774292][ T4539] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.784993][ T5793] veth0_macvtap: entered promiscuous mode [ 110.854089][ T5804] Bluetooth: hci0: command tx timeout [ 110.885501][ T5793] veth1_macvtap: entered promiscuous mode [ 110.886576][ T5795] veth0_vlan: entered promiscuous mode [ 110.891763][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.891781][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.934317][ T5804] Bluetooth: hci4: command tx timeout [ 110.934351][ T5804] Bluetooth: hci1: command tx timeout [ 110.934370][ T5804] Bluetooth: hci3: command tx timeout [ 110.934388][ T5804] Bluetooth: hci2: command tx timeout [ 111.050215][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.050239][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.055782][ T5795] veth1_vlan: entered promiscuous mode [ 111.109700][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.158150][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.169243][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.169265][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.233118][ T162] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.237462][ T162] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.243178][ T162] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.294700][ T162] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.326125][ T162] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.326144][ T162] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.386816][ T5795] veth0_macvtap: entered promiscuous mode [ 111.437652][ T162] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.437671][ T162] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.438850][ T5795] veth1_macvtap: entered promiscuous mode [ 111.716235][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.724583][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 111.851994][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.910365][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.910380][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.939118][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.979737][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.980584][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.981043][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.041116][ T134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.041137][ T134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.139963][ T5920] netlink: 'syz.2.6': attribute type 22 has an invalid length. [ 113.207127][ T1131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.207146][ T1131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.302835][ T1131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.302854][ T1131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.261726][ T5930] netlink: 'syz.1.2': attribute type 3 has an invalid length. [ 114.261827][ T5930] netlink: 'syz.1.2': attribute type 3 has an invalid length. [ 114.261874][ T5930] netlink: 'syz.1.2': attribute type 3 has an invalid length. [ 114.261923][ T5930] netlink: 'syz.1.2': attribute type 3 has an invalid length. [ 114.261968][ T5930] netlink: 'syz.1.2': attribute type 3 has an invalid length. [ 114.262055][ T5930] netlink: 'syz.1.2': attribute type 3 has an invalid length. [ 114.262099][ T5930] netlink: 'syz.1.2': attribute type 3 has an invalid length. [ 114.262142][ T5930] netlink: 'syz.1.2': attribute type 3 has an invalid length. [ 114.262186][ T5930] netlink: 'syz.1.2': attribute type 3 has an invalid length. [ 114.285262][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 114.346334][ T5796] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 114.579874][ T5796] usb 3-1: Using ep0 maxpacket: 8 [ 114.603949][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 114.605199][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 114.605275][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 114.605383][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 114.607081][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 114.607150][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 114.607224][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 114.642390][ T5796] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 114.642442][ T5796] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 114.642462][ T5796] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.687798][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 114.816784][ T5796] usb 3-1: config 0 descriptor?? [ 115.171103][ T5796] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 116.724187][ T5956] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 116.924238][ T5877] usb 3-1: USB disconnect, device number 2 [ 119.497840][ T5984] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 121.485744][ T809] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 121.923937][ T809] usb 1-1: Using ep0 maxpacket: 32 [ 121.925375][ T809] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 121.925394][ T809] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 121.925421][ T809] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 121.925433][ T809] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.938382][ T809] usb 1-1: config 0 descriptor?? [ 121.940455][ T6000] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 121.962832][ T809] hub 1-1:0.0: USB hub found [ 122.246176][ T809] hub 1-1:0.0: 1 port detected [ 123.273960][ T5870] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 123.439408][ T5870] usb 2-1: too many configurations: 13, using maximum allowed: 8 [ 123.441651][ T5870] usb 2-1: config 0 has no interfaces? [ 123.450887][ T5870] usb 2-1: config 0 has no interfaces? [ 123.454201][ T5870] usb 2-1: config 0 has no interfaces? [ 123.466062][ T5870] usb 2-1: config 0 has no interfaces? [ 123.480406][ T5870] usb 2-1: config 0 has no interfaces? [ 123.482312][ T5870] usb 2-1: config 0 has no interfaces? [ 123.497022][ T5870] usb 2-1: config 0 has no interfaces? [ 123.499186][ T5870] usb 2-1: config 0 has no interfaces? [ 123.513307][ T5870] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 123.513451][ T5870] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.513477][ T5870] usb 2-1: Product: syz [ 123.513490][ T5870] usb 2-1: Manufacturer: syz [ 123.513502][ T5870] usb 2-1: SerialNumber: syz [ 123.694778][ T5870] usb 2-1: config 0 descriptor?? [ 123.938433][ T5870] usb 2-1: USB disconnect, device number 2 [ 124.236822][ T809] hub 1-1:0.0: hub_ext_port_status failed (err = -32) [ 124.371112][ T809] usb 1-1: reset high-speed USB device number 2 using dummy_hcd [ 124.593957][ T6008] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 124.753857][ T6008] usb 2-1: Using ep0 maxpacket: 32 [ 124.760381][ T6008] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 124.760407][ T6008] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0 [ 124.775301][ T6008] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 124.775329][ T6008] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 124.775346][ T6008] usb 2-1: Product: syz [ 124.775358][ T6008] usb 2-1: Manufacturer: syz [ 124.775371][ T6008] usb 2-1: SerialNumber: syz [ 124.838451][ T6008] usb 2-1: config 0 descriptor?? [ 125.615660][ T810] usb 2-1: USB disconnect, device number 3 [ 125.651801][ T5870] usb 1-1: USB disconnect, device number 2 [ 126.048177][ T6017] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 126.705517][ T6032] validate_nla: 45 callbacks suppressed [ 126.705531][ T6032] netlink: 'syz.2.35': attribute type 6 has an invalid length. [ 126.706320][ T6032] netlink: 'syz.2.35': attribute type 6 has an invalid length. [ 126.706460][ T6032] Zero length message leads to an empty skb [ 130.472467][ T5804] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 130.497520][ T5804] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 130.501396][ T5804] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 130.519788][ T5804] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 130.520584][ T5804] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 132.544059][ T5804] Bluetooth: hci5: command tx timeout [ 133.598345][ T3583] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.754044][ T5870] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 134.064863][ T5870] usb 3-1: too many configurations: 13, using maximum allowed: 8 [ 134.066347][ T5870] usb 3-1: config 0 has no interfaces? [ 134.067766][ T5870] usb 3-1: config 0 has no interfaces? [ 134.069137][ T5870] usb 3-1: config 0 has no interfaces? [ 134.070380][ T5870] usb 3-1: config 0 has no interfaces? [ 134.119423][ T5870] usb 3-1: config 0 has no interfaces? [ 134.139824][ T6088] faux_driver vgem: [drm] Unknown color mode 13; guessing buffer size. [ 134.152771][ T5870] usb 3-1: config 0 has no interfaces? [ 134.159829][ T5870] usb 3-1: config 0 has no interfaces? [ 134.182456][ T5870] usb 3-1: config 0 has no interfaces? [ 134.194020][ T5870] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 134.194048][ T5870] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.194065][ T5870] usb 3-1: Product: syz [ 134.194077][ T5870] usb 3-1: Manufacturer: syz [ 134.194089][ T5870] usb 3-1: SerialNumber: syz [ 134.246560][ T5870] usb 3-1: config 0 descriptor?? [ 134.292466][ T3583] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.743219][ T5804] Bluetooth: hci5: command tx timeout [ 134.925340][ T5878] usb 3-1: USB disconnect, device number 3 [ 135.734908][ T3583] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.105984][ T36] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 136.284741][ T36] usb 1-1: Using ep0 maxpacket: 32 [ 136.296301][ T36] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 136.296331][ T36] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 136.296380][ T36] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 136.296399][ T36] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.351476][ T36] usb 1-1: config 0 descriptor?? [ 136.352923][ T6108] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 136.374216][ T36] hub 1-1:0.0: USB hub found [ 136.584372][ T6065] chnl_net:caif_netlink_parms(): no params data found [ 136.607202][ T36] hub 1-1:0.0: 1 port detected [ 136.773951][ T5804] Bluetooth: hci5: command tx timeout [ 137.492590][ T3583] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.644998][ T36] usb 1-1: reset high-speed USB device number 3 using dummy_hcd [ 137.854243][ T6065] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.855274][ T6065] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.855471][ T6065] bridge_slave_0: entered allmulticast mode [ 137.857696][ T6065] bridge_slave_0: entered promiscuous mode [ 137.861315][ T6065] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.861510][ T6065] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.861698][ T6065] bridge_slave_1: entered allmulticast mode [ 137.914432][ T6065] bridge_slave_1: entered promiscuous mode [ 138.822548][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.920239][ T5804] Bluetooth: hci5: command tx timeout [ 139.590573][ T5879] usb 1-1: USB disconnect, device number 3 [ 139.684551][ T36] ================================================================== [ 139.684567][ T36] BUG: KASAN: vmalloc-out-of-bounds in __list_add_valid_or_report+0x4e/0x130 [ 139.684599][ T36] Read of size 8 at addr ffffc9000e579008 by task kworker/1:1/36 [ 139.684613][ T36] [ 139.684640][ T36] CPU: 1 UID: 0 PID: 36 Comm: kworker/1:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 139.684660][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 139.684671][ T36] Workqueue: usb_hub_wq hub_event [ 139.684710][ T36] Call Trace: [ 139.684721][ T36] [ 139.684729][ T36] dump_stack_lvl+0xe8/0x150 [ 139.684753][ T36] print_report+0xba/0x230 [ 139.684781][ T36] ? __list_add_valid_or_report+0x4e/0x130 [ 139.684803][ T36] kasan_report+0x117/0x150 [ 139.684828][ T36] ? __list_add_valid_or_report+0x4e/0x130 [ 139.684855][ T36] __list_add_valid_or_report+0x4e/0x130 [ 139.684880][ T36] kcov_remote_stop+0x457/0x680 [ 139.684903][ T36] hub_event+0x49d8/0x4f60 [ 139.684923][ T36] ? __lock_acquire+0x6b5/0x2cf0 [ 139.684966][ T36] ? look_up_lock_class+0x57/0x110 [ 139.684989][ T36] ? register_lock_class+0x31/0x2e0 [ 139.685013][ T36] ? __lock_acquire+0x6b5/0x2cf0 [ 139.685035][ T36] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 139.685057][ T36] ? __pfx_hub_event+0x10/0x10 [ 139.685083][ T36] ? process_scheduled_works+0xa25/0x1830 [ 139.685103][ T36] ? process_scheduled_works+0xa25/0x1830 [ 139.685125][ T36] process_scheduled_works+0xb02/0x1830 [ 139.685156][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 139.685179][ T36] ? assign_work+0x3d5/0x5e0 [ 139.685201][ T36] worker_thread+0xa50/0xfc0 [ 139.685233][ T36] kthread+0x388/0x470 [ 139.685250][ T36] ? __pfx_worker_thread+0x10/0x10 [ 139.685269][ T36] ? __pfx_kthread+0x10/0x10 [ 139.685287][ T36] ret_from_fork+0x51e/0xb90 [ 139.685310][ T36] ? __pfx_ret_from_fork+0x10/0x10 [ 139.685331][ T36] ? __switch_to+0xc7d/0x1450 [ 139.685351][ T36] ? __pfx_kthread+0x10/0x10 [ 139.685368][ T36] ret_from_fork_asm+0x1a/0x30 [ 139.685391][ T36] [ 139.685398][ T36] [ 139.685402][ T36] The buggy address belongs to a vmalloc virtual mapping [ 139.685418][ T36] Memory state around the buggy address: [ 139.685428][ T36] ffffc9000e578f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 139.685439][ T36] ffffc9000e578f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 139.685450][ T36] >ffffc9000e579000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 139.685458][ T36] ^ [ 139.685467][ T36] ffffc9000e579080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 139.685478][ T36] ffffc9000e579100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 139.685486][ T36] ================================================================== [ 139.685502][ T36] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 139.685514][ T36] CPU: 1 UID: 0 PID: 36 Comm: kworker/1:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 139.685533][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 139.685543][ T36] Workqueue: usb_hub_wq hub_event [ 139.685564][ T36] Call Trace: [ 139.685571][ T36] [ 139.685577][ T36] vpanic+0x56c/0xa60 [ 139.685600][ T36] ? __pfx_vpanic+0x10/0x10 [ 139.685627][ T36] panic+0xc5/0xd0 [ 139.685648][ T36] ? __pfx_panic+0x10/0x10 [ 139.685670][ T36] ? __list_add_valid_or_report+0x4e/0x130 [ 139.685694][ T36] ? rcu_is_watching+0x15/0xb0 [ 139.685715][ T36] ? __list_add_valid_or_report+0x4e/0x130 [ 139.685738][ T36] check_panic_on_warn+0x89/0xb0 [ 139.685757][ T36] ? __list_add_valid_or_report+0x4e/0x130 [ 139.685786][ T36] end_report+0x73/0x180 [ 139.685808][ T36] ? __list_add_valid_or_report+0x4e/0x130 [ 139.685831][ T36] kasan_report+0x128/0x150 [ 139.685854][ T36] ? __list_add_valid_or_report+0x4e/0x130 [ 139.685881][ T36] __list_add_valid_or_report+0x4e/0x130 [ 139.685906][ T36] kcov_remote_stop+0x457/0x680 [ 139.685928][ T36] hub_event+0x49d8/0x4f60 [ 139.685949][ T36] ? __lock_acquire+0x6b5/0x2cf0 [ 139.685970][ T36] ? look_up_lock_class+0x57/0x110 [ 139.685990][ T36] ? register_lock_class+0x31/0x2e0 [ 139.686016][ T36] ? __lock_acquire+0x6b5/0x2cf0 [ 139.686037][ T36] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 139.686060][ T36] ? __pfx_hub_event+0x10/0x10 [ 139.686086][ T36] ? process_scheduled_works+0xa25/0x1830 [ 139.686106][ T36] ? process_scheduled_works+0xa25/0x1830 [ 139.686128][ T36] process_scheduled_works+0xb02/0x1830 [ 139.686161][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 139.686184][ T36] ? assign_work+0x3d5/0x5e0 [ 139.686207][ T36] worker_thread+0xa50/0xfc0 [ 139.686239][ T36] kthread+0x388/0x470 [ 139.686255][ T36] ? __pfx_worker_thread+0x10/0x10 [ 139.686275][ T36] ? __pfx_kthread+0x10/0x10 [ 139.686292][ T36] ret_from_fork+0x51e/0xb90 [ 139.686314][ T36] ? __pfx_ret_from_fork+0x10/0x10 [ 139.686335][ T36] ? __switch_to+0xc7d/0x1450 [ 139.686360][ T36] ? __pfx_kthread+0x10/0x10 [ 139.686381][ T36] ret_from_fork_asm+0x1a/0x30 [ 139.686403][ T36] [ 139.686679][ T36] Kernel Offset: disabled