last executing test programs: 14.267811554s ago: executing program 0 (id=1): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setresuid(0xee01, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xc, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a0000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800020850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x0, 0x6, 0x8, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sched_rr_get_interval(r1, &(0x7f0000000200)) kexec_load(0x0, 0x0, &(0x7f0000000180), 0x0) sync() ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000007c0)) fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) 13.498132564s ago: executing program 2 (id=3): fsopen(&(0x7f00000003c0)='hpfs\x00', 0x1) 10.041050773s ago: executing program 0 (id=6): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000200304306000000000000109022400010000000009040000010300000009210000000122020009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\"\v'], 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, &(0x7f0000000040)=ANY=[@ANYBLOB="00140d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 9.579259702s ago: executing program 2 (id=7): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) prctl$PR_SET_IO_FLUSHER(0x43, 0x1) r2 = fsopen(0x0, 0x0) socket$rxrpc(0x21, 0x2, 0x2) fsconfig$FSCONFIG_SET_PATH_EMPTY(r2, 0x4, 0x0, 0x0, 0xffffffffffffff9c) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) close_range(0xffffffffffffffff, r0, 0x2) r4 = accept4(r3, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992ea5400c2", 0x10) sendmmsg$unix(r4, &(0x7f0000000680), 0x4924924924925c6, 0x0) 9.244290556s ago: executing program 3 (id=4): r0 = socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0xb, &(0x7f0000000100)=ANY=[@ANYBLOB="180300000000008000000000001000008510000006000000180000000000000000000000000000006500000000000000180000000000000000000000000000009500000000000000840300000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) close_range(r0, 0xffffffffffffffff, 0x0) 7.883314318s ago: executing program 3 (id=8): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) fstat(r0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(0x0, r1) syz_clone(0x498144ee5f62e149, 0x0, 0x17, 0x0, 0x0, 0x0) 7.879233188s ago: executing program 1 (id=2): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x28}}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26}) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000200)={0x1, @pix={0x8d8, 0x5, 0x58565559, 0x6, 0x8000002, 0xb, 0xb, 0xfffffffd, 0x0, 0x6, 0x0, 0x4}}) mount(0x0, 0x0, &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) ioprio_set$pid(0x1, r1, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000a00)={'syz1\x00', {0x6ec9, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0x1, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x3, 0x100f5, 0x10009, 0x39, 0x747d5a13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x2004, 0x3, 0x4, 0xf252, 0x4, 0xfffff76d, 0x300000, 0x7, 0xe, 0x4623b, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x3, 0xd, 0x3, 0xba55, 0x1000, 0x2, 0x200, 0x2, 0x400008, 0xa8, 0x4, 0x2, 0x0, 0x8, 0xc5, 0x1, 0x199f, 0x5, 0x2, 0x9, 0x1, 0x4, 0x6, 0x1000, 0x5, 0x80000040, 0x9, 0x5b, 0x5], [0x6, 0x1e, 0x3, 0x4ef4, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0x4, 0x39ca, 0x72c, 0x1c32, 0x3, 0x9, 0x10000, 0x400, 0x8001, 0x3, 0x1, 0x297, 0x5, 0x0, 0x80, 0x4, 0x100, 0x89e, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0x0, 0x5, 0x1, 0xffffffff, 0x6, 0x5, 0xd65, 0x1, 0x6, 0x96, 0xfffffffd, 0x101, 0x0, 0xb, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0xbde, 0x3], [0x401, 0xc584, 0xffff, 0x8cd4, 0x7, 0x20, 0xb, 0x4, 0x8, 0x10, 0x7, 0x44c, 0xe8b, 0x5, 0x80000001, 0x8, 0xffffffff, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe57, 0x6807, 0x80000001, 0x4, 0x7b, 0x5, 0x9, 0x2, 0x20000005, 0x80, 0x9, 0x9, 0x4a, 0x2, 0x3, 0x4, 0x20007, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x95a, 0xffffffff, 0x44, 0x3, 0x6, 0x100fffd, 0x2005, 0x2000007, 0x4, 0xea, 0x9, 0x80000001, 0x2, 0xd9, 0x0, 0x807ff, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x88, 0x2, 0x6, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x20000800, 0x9, 0x1000, 0x7f, 0x5, 0x3fb6, 0x4, 0x8e8, 0x8, 0x1e0, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x3b, 0xffffffff, 0x5, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x8, 0x8a8, 0x2, 0x3e, 0x7, 0x2, 0x4, 0x4, 0x10, 0x0, 0x0, 0x801, 0x1, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0xbf3a, 0xfffffffd, 0x7, 0xe, 0x2, 0xe, 0xf, 0x132, 0x6]}, 0x45c) write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000003c0)={0x7, 0x7f, 0x1}, 0x1001) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) unshare(0x40020000) mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000100)='hfs\x00', 0x2000010, 0x0) 6.558650155s ago: executing program 0 (id=9): socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = semget$private(0x0, 0x4, 0xf4) semctl$SEM_STAT(r1, 0x4, 0x12, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="78000000100083040400", @ANYRES32, @ANYRESHEX], 0x78}, 0x1, 0x0, 0x0, 0x8800}, 0x841) r4 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) mkdir(0x0, 0x0) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000000300)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000680)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002dbd7000ffdbdf251500000008000300", @ANYRES32=r7], 0x40}, 0x1, 0x0, 0x0, 0x2004c015}, 0x240488d0) chroot(&(0x7f0000000100)='./file0\x00') r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), r9) ioctl$sock_SIOCGIFINDEX_802154(r9, 0x8933, &(0x7f0000000000)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="0100fdfffffffdffffff1d00000008000300", @ANYRES32=r11, @ANYBLOB="18002f8008000200"], 0x34}}, 0x0) sendmsg$IEEE802154_LLSEC_DEL_DEV(r6, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00012cbd7000ffdbdf252b00000008000200", @ANYRES32=r7, @ANYBLOB="0ac770007770616e3100000008000200"/28, @ANYRES32=r7, @ANYBLOB="08000200", @ANYRES32=r11, @ANYBLOB="0c0005000201aaaaaaaaaaaa"], 0x50}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000) ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000000)=[@register_looper, @enter_looper], 0x0, 0x0, 0x0}) 4.679294069s ago: executing program 3 (id=10): r0 = socket$nl_route(0x10, 0x3, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000200)={@link_local, @random="dbde00", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x3e, 0x34, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x6, 0x4, 0x0, 0x0, 0x0, 0x68, 0x0, 0x0, 0x11, 0x0, @empty=0xac1414aa, @rand_addr=0x1, {[@timestamp_prespec={0x44, 0x4}]}}}}}}}, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) socket$packet(0x11, 0x2, 0x300) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=0x0) timer_settime(r2, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r3 = syz_init_net_socket$ax25(0x3, 0x3, 0xcf) recvmmsg(r3, &(0x7f0000005600)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x103, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000019340), 0xffffffffffffffff) socket$inet(0x2, 0x4000000000000001, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000000300)=""/102392, 0x18ff8) r5 = socket$rds(0x15, 0x5, 0x0) bind$rds(r5, &(0x7f0000000040)={0x2, 0x4e21, @broadcast}, 0x10) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x22803) 3.261044163s ago: executing program 1 (id=11): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r0, 0x3ba0, &(0x7f00000006c0)={0x48}) 2.774690491s ago: executing program 0 (id=12): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/diskstats\x00', 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, 0x0, 0x20000084) preadv(r0, &(0x7f0000003540)=[{&(0x7f00000003c0)=""/73, 0x49}], 0x342, 0xfffffffe, 0x80) ioctl$DRM_IOCTL_PANTHOR_BO_CREATE(0xffffffffffffffff, 0xc0186445, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffd, 0x1ea1e2) 2.697888766s ago: executing program 3 (id=13): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c1840, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x20800000000, 0xb, &(0x7f0000006680)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) setrlimit(0xd, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000240), r1) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4000000) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CAP_HYPERV_SYNIC2(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r5, &(0x7f0000009b80)=""/102392, 0x18ff8) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) write(r3, &(0x7f0000004200)='t', 0x1) sendfile(r3, r2, 0x0, 0x7fffffff) 2.44049991s ago: executing program 4 (id=5): socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f000000b500), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f000000d040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000180)="64670feea1096f00003e660f38054c880f323e26640fb9a9c94f660fc7b27f1a360f09366764f4660fdd40e69a3a00e300baa000b0e5ee", 0x37}], 0x1, 0x6, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) getcwd(0x0, 0x0) 302.235µs ago: executing program 0 (id=14): r0 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000) ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000001e40)={0x4, {"0dbad96fff01000008ff002084000100", "3dfab043e15fad27a639f105b5e9f977", "a7c947420000000000000000ff4a70f3"}, 0x4000c, 0x1}) preadv(r0, &(0x7f0000000480)=[{&(0x7f0000000180)=""/1, 0x1}], 0x1, 0x1, 0xd) 0s ago: executing program 1 (id=15): socket$nl_route(0x10, 0x3, 0x0) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f0000000080)={0xc8, 0x0, 0x316f, 0x0, 0x30, "ec28a144f13d7607"}) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x2002, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'veth0_to_batadv\x00', {0x1}, 0x2a}) socket$rxrpc(0x21, 0x2, 0xa) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)={[{@dyn}]}) chdir(&(0x7f0000000280)='./file0\x00') openat(0xffffffffffffff9c, 0x0, 0x2000c2, 0xe8) mount(0x0, &(0x7f0000000200)='./bus\x00', 0x0, 0x1000, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./bus\x00', 0x0, 0x2, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.170' (ED25519) to the list of known hosts. [ 191.887730][ T5753] cgroup: Unknown subsys name 'net' [ 192.039147][ T5753] cgroup: Unknown subsys name 'cpuset' [ 192.057791][ T5753] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 198.440727][ T5753] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 203.270870][ T5775] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 203.281605][ T5778] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 203.290647][ T5778] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 203.301582][ T5778] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 203.310415][ T5778] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 203.319808][ T5778] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 203.334273][ T5782] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 203.342739][ T5782] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 203.384732][ T5787] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 203.384929][ T5784] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 203.399886][ T5782] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 203.408233][ T5787] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 203.413380][ T5784] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 203.424695][ T5787] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 203.434782][ T5784] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 203.446061][ T5787] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 203.455857][ T5784] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 203.459504][ T5787] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 203.465897][ T5782] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 203.476701][ T5789] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 203.492712][ T5784] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 203.503678][ T5784] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 203.513080][ T5788] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 203.514241][ T5784] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 203.550038][ T5788] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 204.108082][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 204.114948][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 205.161187][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 205.389129][ T5773] chnl_net:caif_netlink_parms(): no params data found [ 205.543515][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 205.585791][ T5779] chnl_net:caif_netlink_parms(): no params data found [ 205.611687][ T49] Bluetooth: hci2: command tx timeout [ 205.611774][ T5775] Bluetooth: hci3: command tx timeout [ 205.611990][ T5775] Bluetooth: hci1: command tx timeout [ 205.617315][ T49] Bluetooth: hci0: command tx timeout [ 205.688874][ T49] Bluetooth: hci4: command tx timeout [ 206.057695][ T5777] chnl_net:caif_netlink_parms(): no params data found [ 206.226670][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.258950][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.266677][ T5771] bridge_slave_0: entered allmulticast mode [ 206.302496][ T5771] bridge_slave_0: entered promiscuous mode [ 206.358671][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.388860][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.396561][ T5771] bridge_slave_1: entered allmulticast mode [ 206.432248][ T5771] bridge_slave_1: entered promiscuous mode [ 206.797166][ T5773] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.805131][ T5773] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.813392][ T5773] bridge_slave_0: entered allmulticast mode [ 206.827214][ T5773] bridge_slave_0: entered promiscuous mode [ 206.885980][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 206.896009][ T5773] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.906641][ T5773] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.914673][ T5773] bridge_slave_1: entered allmulticast mode [ 206.923646][ T5773] bridge_slave_1: entered promiscuous mode [ 207.092420][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.104006][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.112847][ T5772] bridge_slave_0: entered allmulticast mode [ 207.125619][ T5772] bridge_slave_0: entered promiscuous mode [ 207.151205][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.193436][ T5779] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.201108][ T5779] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.208977][ T5779] bridge_slave_0: entered allmulticast mode [ 207.217708][ T5779] bridge_slave_0: entered promiscuous mode [ 207.233086][ T5779] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.241182][ T5779] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.249986][ T5779] bridge_slave_1: entered allmulticast mode [ 207.261095][ T5779] bridge_slave_1: entered promiscuous mode [ 207.275069][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.283883][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.293502][ T5772] bridge_slave_1: entered allmulticast mode [ 207.304689][ T5772] bridge_slave_1: entered promiscuous mode [ 207.512271][ T5771] team0: Port device team_slave_0 added [ 207.529984][ T5773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.605522][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.624206][ T5771] team0: Port device team_slave_1 added [ 207.639068][ T5773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.659536][ T5779] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.688814][ T5788] Bluetooth: hci1: command tx timeout [ 207.689007][ T5778] Bluetooth: hci3: command tx timeout [ 207.695428][ T49] Bluetooth: hci0: command tx timeout [ 207.701863][ T5775] Bluetooth: hci2: command tx timeout [ 207.729433][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.768645][ T5775] Bluetooth: hci4: command tx timeout [ 207.804868][ T5779] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.815123][ T5777] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.823206][ T5777] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.831073][ T5777] bridge_slave_0: entered allmulticast mode [ 207.840637][ T5777] bridge_slave_0: entered promiscuous mode [ 207.965786][ T5777] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.973809][ T5777] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.983465][ T5777] bridge_slave_1: entered allmulticast mode [ 207.994939][ T5777] bridge_slave_1: entered promiscuous mode [ 208.079165][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.086507][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 208.113592][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.134474][ T5773] team0: Port device team_slave_0 added [ 208.151141][ T5773] team0: Port device team_slave_1 added [ 208.220017][ T5772] team0: Port device team_slave_0 added [ 208.228569][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 208.235804][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 208.263126][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 208.311702][ T5779] team0: Port device team_slave_0 added [ 208.328146][ T5777] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.346403][ T5772] team0: Port device team_slave_1 added [ 208.428063][ T5779] team0: Port device team_slave_1 added [ 208.442843][ T5777] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.515358][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.523196][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 208.549894][ T5773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.649401][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.656672][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 208.683053][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.697406][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 208.704971][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 208.732409][ T5773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 208.810108][ T5777] team0: Port device team_slave_0 added [ 208.818494][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 208.825816][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 208.852810][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 208.885499][ T5779] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.893948][ T5779] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 208.921287][ T5779] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.968083][ T5777] team0: Port device team_slave_1 added [ 208.997938][ T5779] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.005657][ T5779] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.032392][ T5779] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.058688][ T5771] hsr_slave_0: entered promiscuous mode [ 209.067608][ T5771] hsr_slave_1: entered promiscuous mode [ 209.234870][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.242254][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.270165][ T5777] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.398936][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.406271][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.432628][ T5777] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.458149][ T5773] hsr_slave_0: entered promiscuous mode [ 209.467760][ T5773] hsr_slave_1: entered promiscuous mode [ 209.476365][ T5773] debugfs: 'hsr0' already exists in 'hsr' [ 209.482390][ T5773] Cannot create hsr debugfs directory [ 209.506409][ T5772] hsr_slave_0: entered promiscuous mode [ 209.515736][ T5772] hsr_slave_1: entered promiscuous mode [ 209.524477][ T5772] debugfs: 'hsr0' already exists in 'hsr' [ 209.530524][ T5772] Cannot create hsr debugfs directory [ 209.656780][ T5779] hsr_slave_0: entered promiscuous mode [ 209.665869][ T5779] hsr_slave_1: entered promiscuous mode [ 209.674412][ T5779] debugfs: 'hsr0' already exists in 'hsr' [ 209.680394][ T5779] Cannot create hsr debugfs directory [ 209.768942][ T5775] Bluetooth: hci0: command tx timeout [ 209.769082][ T49] Bluetooth: hci1: command tx timeout [ 209.774885][ T5778] Bluetooth: hci2: command tx timeout [ 209.780693][ T5788] Bluetooth: hci3: command tx timeout [ 209.848636][ T49] Bluetooth: hci4: command tx timeout [ 210.039128][ T5777] hsr_slave_0: entered promiscuous mode [ 210.048850][ T5777] hsr_slave_1: entered promiscuous mode [ 210.056833][ T5777] debugfs: 'hsr0' already exists in 'hsr' [ 210.063085][ T5777] Cannot create hsr debugfs directory [ 211.217840][ T5771] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 211.252155][ T5771] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 211.276189][ T5771] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 211.314425][ T5771] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 211.438110][ T5773] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 211.474586][ T5773] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 211.496241][ T5773] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 211.524105][ T5773] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 211.733435][ T5772] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 211.765015][ T5772] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 211.805915][ T5772] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 211.850612][ T49] Bluetooth: hci2: command tx timeout [ 211.856240][ T49] Bluetooth: hci1: command tx timeout [ 211.862298][ T5788] Bluetooth: hci0: command tx timeout [ 211.862759][ T5778] Bluetooth: hci3: command tx timeout [ 211.877498][ T5772] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 211.934824][ T5778] Bluetooth: hci4: command tx timeout [ 212.157288][ T5779] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 212.209952][ T5779] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 212.233094][ T5779] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 212.264130][ T5779] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 212.624265][ T5777] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 212.652007][ T5777] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 212.676505][ T5777] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 212.712452][ T5777] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 213.005987][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.072878][ T5773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.226588][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.286258][ T5773] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.364425][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.381601][ T137] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.389456][ T137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.407214][ T137] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.414883][ T137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.483934][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.491706][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.507932][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.515607][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.853559][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.912710][ T83] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.920283][ T83] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.967639][ T5779] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.030028][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.037447][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.288188][ T5779] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.413628][ T5777] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.514979][ T155] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.522860][ T155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.625521][ T34] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.633168][ T34] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.824485][ T5777] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.951940][ T1330] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.959651][ T1330] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.047899][ T1330] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.055758][ T1330] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.422185][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 215.559126][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 216.324551][ T5773] veth0_vlan: entered promiscuous mode [ 216.562588][ T5771] veth0_vlan: entered promiscuous mode [ 216.605442][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 216.626407][ T5773] veth1_vlan: entered promiscuous mode [ 216.781120][ T5771] veth1_vlan: entered promiscuous mode [ 216.869923][ T5779] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.013341][ T5773] veth0_macvtap: entered promiscuous mode [ 217.118191][ T5773] veth1_macvtap: entered promiscuous mode [ 217.177789][ T5777] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.241166][ T5771] veth0_macvtap: entered promiscuous mode [ 217.327430][ T5771] veth1_macvtap: entered promiscuous mode [ 217.367065][ T5772] veth0_vlan: entered promiscuous mode [ 217.472201][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 217.536931][ T5772] veth1_vlan: entered promiscuous mode [ 217.636713][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 217.799659][ T5779] veth0_vlan: entered promiscuous mode [ 217.817335][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 217.825371][ T34] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.840501][ T83] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.933973][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 217.965443][ T83] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.976267][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.056519][ T5779] veth1_vlan: entered promiscuous mode [ 218.151033][ T34] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.165606][ T34] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.229731][ T34] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.254719][ T34] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.327722][ T5772] veth0_macvtap: entered promiscuous mode [ 218.391841][ T5772] veth1_macvtap: entered promiscuous mode [ 218.657198][ T5779] veth0_macvtap: entered promiscuous mode [ 218.700436][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 218.824788][ T5779] veth1_macvtap: entered promiscuous mode [ 218.908770][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 218.934311][ T5777] veth0_vlan: entered promiscuous mode [ 219.077330][ T137] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.089615][ T137] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.160754][ T137] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.195970][ T137] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.284758][ T5779] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 219.328210][ T5777] veth1_vlan: entered promiscuous mode [ 219.446444][ T5779] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 219.601002][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.621961][ T995] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.685475][ T995] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.719420][ T995] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.997415][ T5777] veth0_macvtap: entered promiscuous mode [ 220.135738][ T5777] veth1_macvtap: entered promiscuous mode [ 220.397569][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.542769][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 220.671350][ T155] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.708786][ T155] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.773339][ T155] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.802775][ T155] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.972834][ T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 223.998540][ T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.311421][ T995] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.348702][ T995] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.705425][ T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.768716][ T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.866637][ T5773] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 225.088219][ T1330] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.118666][ T1330] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.636600][ T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.655659][ T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 229.166165][ T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 229.269509][ T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 229.868519][ T24] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 229.969014][ T83] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 230.043248][ T83] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 230.067588][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 230.102512][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 230.152706][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 230.205205][ T24] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 230.258966][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 230.311603][ T24] usb 1-1: config 0 descriptor?? [ 230.550029][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 230.623772][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 230.979434][ T24] ft260 0003:0403:6030.0001: unknown main item tag 0x0 [ 231.047666][ T24] ft260 0003:0403:6030.0001: unknown main item tag 0x0 [ 231.216862][ T24] ft260 0003:0403:6030.0001: chip code: 0000 0000 [ 231.437012][ T24] ft260 0003:0403:6030.0001: failed to retrieve system status [ 231.516956][ T24] ft260 0003:0403:6030.0001: probe with driver ft260 failed with error -71 [ 231.594419][ T24] usb 1-1: USB disconnect, device number 2 [ 233.686130][ T5982] hfs: can't find a HFS filesystem on dev nullb0 [ 234.758741][ T83] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.767058][ T83] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 235.760287][ T5984] netlink: 'syz.0.9': attribute type 2 has an invalid length. [ 236.288743][ T83] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 236.332756][ T83] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 238.274084][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 238.378620][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 238.478871][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 239.093321][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 239.867243][ T6004] ===================================================== [ 239.874988][ T6004] BUG: KMSAN: uninit-value in dvb_demux_read+0x580/0xa40 [ 239.882551][ T6004] dvb_demux_read+0x580/0xa40 [ 239.887454][ T6004] vfs_readv+0x931/0xf30 [ 239.892030][ T6004] __x64_sys_preadv+0x2a3/0x510 [ 239.897205][ T6004] x64_sys_call+0x3220/0x3ea0 [ 239.902668][ T6004] do_syscall_64+0x134/0xf80 [ 239.908760][ T6004] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.914884][ T6004] [ 239.917796][ T6004] Uninit was created at: [ 239.922551][ T6004] __alloc_frozen_pages_noprof+0x6f7/0x1020 [ 239.932888][ T6004] alloc_pages_mpol+0x328/0x860 [ 239.938130][ T6004] alloc_pages_noprof+0x101/0x280 [ 239.943573][ T6004] __vmalloc_node_range_noprof+0xa97/0x2d80 [ 239.950061][ T6004] __vmalloc_noprof+0x128/0x1f0 [ 239.955058][ T6004] vmalloc_array_noprof+0x48/0x80 [ 239.960467][ T6004] dvb_dmxdev_init+0xd8/0x680 [ 239.965362][ T6004] vidtv_bridge_probe+0x1bfd/0x2690 [ 239.970881][ T6004] platform_probe+0x213/0x370 [ 239.976122][ T6004] really_probe+0x4d5/0xe40 [ 239.981844][ T6004] __driver_probe_device+0x25e/0x370 [ 239.987453][ T6004] driver_probe_device+0x70/0x8f0 [ 239.992744][ T6004] __driver_attach+0x541/0xaa0 [ 239.997843][ T6004] bus_for_each_dev+0x33b/0x580 [ 240.003115][ T6004] driver_attach+0x51/0x70 [ 240.007715][ T6004] bus_add_driver+0x54f/0xdb0 [ 240.013478][ T6004] driver_register+0x42e/0x6a0 [ 240.019005][ T6004] __platform_driver_register+0x65/0x80 [ 240.021234][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!! [ 240.024795][ T6004] vidtv_bridge_init+0x73/0x100 [ 240.038140][ T6004] do_one_initcall+0x237/0xbb0 [ 240.038557][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 240.043337][ T6004] do_initcall_level+0x157/0x350 [ 240.056974][ T6004] do_initcalls+0x176/0x310 [ 240.061704][ T6004] do_basic_setup+0x1d/0x30 [ 240.066315][ T6004] kernel_init_freeable+0x213/0x460 [ 240.071717][ T6004] kernel_init+0x2f/0x5e0 [ 240.076185][ T6004] ret_from_fork+0x20f/0x910 [ 240.081136][ T6004] ret_from_fork_asm+0x1a/0x30 [ 240.086059][ T6004] [ 240.088644][ T6004] CPU: 0 UID: 0 PID: 6004 Comm: syz.0.14 Not tainted syzkaller #0 PREEMPT(full) [ 240.097983][ T6004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 240.108515][ T6004] ===================================================== [ 240.116213][ T6004] Disabling lock debugging due to kernel taint [ 240.123620][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 240.262665][ T6000] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 240.322056][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 240.354544][ T6004] Kernel panic - not syncing: kmsan.panic set ... [ 240.361372][ T6004] CPU: 1 UID: 0 PID: 6004 Comm: syz.0.14 Tainted: G B syzkaller #0 PREEMPT(full) [ 240.372306][ T6004] Tainted: [B]=BAD_PAGE [ 240.376602][ T6004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 240.386917][ T6004] Call Trace: [ 240.390343][ T6004] [ 240.393401][ T6004] __dump_stack+0x26/0x30 [ 240.397962][ T6004] dump_stack_lvl+0x50/0x1c0 [ 240.402773][ T6004] ? dump_stack+0x12/0x25 [ 240.407328][ T6004] dump_stack+0x1e/0x25 [ 240.411886][ T6004] vpanic+0x7b4/0x1430 [ 240.416312][ T6004] panic+0x15d/0x160 [ 240.420762][ T6004] kmsan_report+0x31a/0x320 [ 240.425627][ T6004] ? __msan_warning+0x1b/0x30 [ 240.430635][ T6004] ? dvb_demux_read+0x580/0xa40 [ 240.435684][ T6004] ? vfs_readv+0x931/0xf30 [ 240.440294][ T6004] ? __x64_sys_preadv+0x2a3/0x510 [ 240.445597][ T6004] ? x64_sys_call+0x3220/0x3ea0 [ 240.450789][ T6004] ? do_syscall_64+0x134/0xf80 [ 240.455767][ T6004] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.462229][ T6004] ? __rcu_read_unlock+0x6c/0xd0 [ 240.467429][ T6004] ? aa_file_perm+0x4b9/0x2870 [ 240.472656][ T6004] ? aa_file_perm+0x4f0/0x2870 [ 240.477665][ T6004] ? stack_depot_save_flags+0x35/0x790 [ 240.483380][ T6004] ? kmsan_get_metadata+0xf1/0x160 [ 240.488775][ T6004] ? kmsan_get_metadata+0xf1/0x160 [ 240.494243][ T6004] ? kmsan_get_metadata+0xf1/0x160 [ 240.499636][ T6004] ? kmsan_get_metadata+0xf1/0x160 [ 240.505012][ T6004] ? kmsan_get_metadata+0x146/0x160 [ 240.510497][ T6004] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 240.517269][ T6004] ? __pfx_dvb_demux_read+0x10/0x10 [ 240.522869][ T6004] ? kmsan_get_metadata+0x146/0x160 [ 240.528458][ T6004] __msan_warning+0x1b/0x30 [ 240.533201][ T6004] dvb_demux_read+0x580/0xa40 [ 240.538370][ T6004] ? __pfx_dvb_demux_read+0x10/0x10 [ 240.543788][ T6004] vfs_readv+0x931/0xf30 [ 240.548305][ T6004] ? kmsan_get_metadata+0xf1/0x160 [ 240.553700][ T6004] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 240.559821][ T6004] __x64_sys_preadv+0x2a3/0x510 [ 240.564955][ T6004] x64_sys_call+0x3220/0x3ea0 [ 240.569881][ T6004] do_syscall_64+0x134/0xf80 [ 240.574709][ T6004] ? clear_bhb_loop+0x50/0xa0 [ 240.579614][ T6004] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.585731][ T6004] RIP: 0033:0x7f4f9d19c799 [ 240.590306][ T6004] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 240.610215][ T6004] RSP: 002b:00007f4f9e108028 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 240.619015][ T6004] RAX: ffffffffffffffda RBX: 00007f4f9d415fa0 RCX: 00007f4f9d19c799 [ 240.627196][ T6004] RDX: 0000000000000001 RSI: 0000200000000480 RDI: 0000000000000003 [ 240.635428][ T6004] RBP: 00007f4f9d232c99 R08: 000000000000000d R09: 0000000000000000 [ 240.643585][ T6004] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 240.651800][ T6004] R13: 00007f4f9d416038 R14: 00007f4f9d415fa0 R15: 00007ffcbccfb028 [ 240.660027][ T6004] [ 240.663819][ T6004] Kernel Offset: disabled [ 240.668238][ T6004] Rebooting in 86400 seconds..