last executing test programs: 59.233646125s ago: executing program 2 (id=75): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) socket$nl_audit(0x10, 0x3, 0x9) socket$nl_netfilter(0x10, 0x3, 0xc) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) socket$kcm(0x2, 0x3, 0x84) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x2}, 0x0, 0x0) 55.665181902s ago: executing program 2 (id=80): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000007c5e0000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0x11, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 55.072826579s ago: executing program 2 (id=84): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @multicast2}, 0x2, 0x0, 0x4}}, 0x2e) bind$inet6(r1, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x87, &(0x7f0000000240)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x34}, @val={@void}, {@ipv6={0x86dd, @udp={0x0, 0x6, "910100", 0x4d, 0x11, 0xff, @remote, @local, {[], {0x0, 0xe22, 0x4d, 0x0, @opaque="f31eaedc54f72d0330734d7dab788c1615848943e9d9b274e798bcf3e671f5985d446d8906e76e83382282286c10535dc4642eca2acb39ad13094f9702ab96ab307f13fbe9"}}}}}}, 0x0) 46.599522378s ago: executing program 2 (id=89): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x40, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) recvmsg(r3, &(0x7f0000000440)={&(0x7f00000006c0)=@qipcrtr, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000280)}, {&(0x7f0000000740)=""/221, 0xdd}, {&(0x7f0000000840)=""/189, 0xbd}, {&(0x7f0000000900)=""/210, 0xd2}], 0x4}, 0x40000101) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r4, 0xae80, 0x0) 45.277330705s ago: executing program 2 (id=94): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000007c5e0000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0x11, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 44.675077216s ago: executing program 2 (id=97): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000280)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='gid_map\x00') write$P9_RVERSION(r2, 0x0, 0x500) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r6, 0x4048aecb, &(0x7f0000000400)={0x4, 0x0, [{0x80000001, 0x408, 0x0, 0x200, 0x7, 0x3, 0xc}, {0xc0000001, 0x5, 0x5, 0x4, 0xfa1e, 0xc1, 0x3}, {0x40000000, 0x2, 0x5, 0x0, 0x46, 0x3, 0xffffc000}, {0x2, 0x4, 0x0, 0x4, 0x53b, 0x2, 0xb}]}) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4) openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff) r7 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0) r8 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r8, 0xc004500a, &(0x7f0000001340)) syz_usb_connect$lan78xx(0x5, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r8, 0xc0045006, &(0x7f0000000180)=0x6f) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000885) epoll_create1(0x80000) write$dsp(r8, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) ioctl$SNDCTL_DSP_SETFRAGMENT(r7, 0xc004500a, &(0x7f0000000080)=0x80000003) r9 = dup2(r7, r7) read$FUSE(r9, &(0x7f00000063c0)={0x2020}, 0x2020) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38) 29.453199653s ago: executing program 32 (id=97): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000280)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='gid_map\x00') write$P9_RVERSION(r2, 0x0, 0x500) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r6, 0x4048aecb, &(0x7f0000000400)={0x4, 0x0, [{0x80000001, 0x408, 0x0, 0x200, 0x7, 0x3, 0xc}, {0xc0000001, 0x5, 0x5, 0x4, 0xfa1e, 0xc1, 0x3}, {0x40000000, 0x2, 0x5, 0x0, 0x46, 0x3, 0xffffc000}, {0x2, 0x4, 0x0, 0x4, 0x53b, 0x2, 0xb}]}) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4) openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff) r7 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0) r8 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r8, 0xc004500a, &(0x7f0000001340)) syz_usb_connect$lan78xx(0x5, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r8, 0xc0045006, &(0x7f0000000180)=0x6f) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000885) epoll_create1(0x80000) write$dsp(r8, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) ioctl$SNDCTL_DSP_SETFRAGMENT(r7, 0xc004500a, &(0x7f0000000080)=0x80000003) r9 = dup2(r7, r7) read$FUSE(r9, &(0x7f00000063c0)={0x2020}, 0x2020) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38) 16.379149184s ago: executing program 4 (id=142): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback, 0x2}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000009c0)=@ccm_128={{0x304}, "04bf950000f1ff00", "ea0500a985ad611e0124b4776f7f8286", "385afa2f", "a69109b15a39d65a"}, 0x28) 15.714111922s ago: executing program 4 (id=145): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@remote, 0x200000, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@loopback, 0x200000, 0x2, 0x0, 0x0, 0xfffd, 0x97}, 0x20) 15.146270983s ago: executing program 4 (id=149): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='syscall\x00') r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000580)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0xbc3d, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x2, 0x6}}, 0x20) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000600)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0x4, @remote, 0x7}, {0xa, 0x0, 0x9, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}}}, 0x48) syz_emit_ethernet(0x1df, &(0x7f0000000180)=ANY=[], 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000100)={0x0, 0x280, 0x55a6}, 0x0) r5 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000200), 0x100, 0x0) syz_open_dev$media(&(0x7f00000000c0), 0x0, 0x0) unshare(0xe060400) r6 = gettid() r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r7, &(0x7f0000002780)={0x0, 0x0, &(0x7f0000002740)={&(0x7f0000000140)={0x34, r8, 0x301, 0x0, 0x0, {0x4e}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0) syz_open_procfs$namespace(r6, &(0x7f0000000000)='ns/uts\x00') r9 = memfd_create(&(0x7f0000000080)='%\x00', 0x3) fsetxattr$system_posix_acl(r9, &(0x7f0000000180)='system.posix_acl_access\x00', &(0x7f00000001c0)=ANY=[@ANYBLOB="0200000001000200000000000400000000000000040000000000000020"], 0x24, 0x3) unshare(0x2c060000) ioctl$IOCTL_STATUS_ACCEL_DEV(r5, 0x40046103, &(0x7f0000000300)={0x3, 0x6, 0xfffffff9, 0x9, 0x5, 0x1, 0xf7, 0x7f, 0x3, 0x1, 0x1, "f7d9d17d2756a832754d2db7a81004bd6b122e1a46766bc2f671d8be1f6c41e1"}) ioctl$VIDIOC_QUERY_EXT_CTRL(r1, 0xc0e85667, &(0x7f0000000100)={0x40000000, 0x100, "2712db36f3c964c0cdd68849d8e85f0130b1fb723f0eb00fc8a12fd500025269", 0x0, 0xfffffffffffffffb, 0x4a10875b, 0x0, 0x0, 0xf, 0x7fff, 0x5, [0x0, 0x9, 0x7, 0x9ae]}) pread64(r0, &(0x7f0000000380)=""/140, 0x8c, 0x200000000000000) 9.480917301s ago: executing program 1 (id=162): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x10, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@call={0x85, 0x0, 0x0, 0x9}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 8.836600899s ago: executing program 1 (id=164): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000009c0)=@ccm_128={{0x304}, "04bf950000f1ff00", "ea0500a985ad611e0124b4776f7f8286", "385afa2f", "a69109b15a39d65a"}, 0x28) 8.12103051s ago: executing program 1 (id=167): openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newqdisc={0x6c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x3c, 0x2, [@TCA_GRED_PARMS={0x38, 0x1, {0x40, 0x7, 0x3, 0x8, 0x6, 0x2, 0x2, 0x80, 0x8, 0x7, 0x15, 0x1d, 0x4, 0x5, 0x7, 0xc5f7}}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x200400dc}, 0x0) 6.833350941s ago: executing program 3 (id=169): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@remote, 0x200000, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@loopback, 0x200000, 0x2, 0x0, 0x0, 0xfffd, 0x97}, 0x20) 6.28697306s ago: executing program 3 (id=170): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(0x0, r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, r2, 0x401, 0x70bd26, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}}, 0x4) write$nci(r0, &(0x7f0000000240)=@NCI_OP_NFCEE_MODE_SET_RSP={0x2, 0x1, 0x2, 0x1, 0x1, 0xff}, 0x4) 5.518276862s ago: executing program 3 (id=172): r0 = shmget$private(0x0, 0x3000, 0x2, &(0x7f0000ffd000/0x3000)=nil) shmat(r0, &(0x7f0000ffc000/0x3000)=nil, 0x4000) shmctl$IPC_RMID(r0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x20c02) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)="aefdda9d240303005a90f57f07703aeff0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072a", 0x2a}], 0x1) r2 = syz_io_uring_setup(0xbde, &(0x7f0000000540)={0x0, 0xec25, 0x400, 0x41, 0x40000337}, &(0x7f0000000dc0)=0x0, &(0x7f0000000a40)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x1000000000, &(0x7f0000000600)=[{0x0}], 0x1}) io_uring_enter(r2, 0x40847ba, 0x0, 0xe, 0x0, 0x1b) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x90, 0x0, 0x4000000000000, {0x0, 0x200000000, 0x20000000, 0x4, 0x6, 0x0, {0x0, 0x20000010001, 0x0, 0xd, 0x3, 0x100, 0x10000, 0x2, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x7}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) pipe2(&(0x7f0000000040), 0x0) 5.332293244s ago: executing program 0 (id=173): syz_emit_ethernet(0x36, &(0x7f0000000300)={@local, @random='?\x00', @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x23, 0x28, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x7, 0x0, 0x67}}}}}}, 0x0) 4.784125424s ago: executing program 4 (id=174): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x40, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) recvmsg(r3, &(0x7f0000000440)={&(0x7f00000006c0)=@qipcrtr, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000280)}, {&(0x7f0000000740)=""/221, 0xdd}, {&(0x7f0000000840)=""/189, 0xbd}, {&(0x7f0000000900)=""/210, 0xd2}], 0x4}, 0x40000101) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r4, 0xae80, 0x0) 4.764523957s ago: executing program 1 (id=175): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89d, 0xc000, 0xa, 0x20002f7}) 4.635442235s ago: executing program 3 (id=176): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000009c0)=@ccm_128={{0x304}, "04bf950000f1ff00", "ea0500a985ad611e0124b4776f7f8286", "385afa2f", "a69109b15a39d65a"}, 0x28) 4.549439561s ago: executing program 0 (id=177): socket$nl_route(0x10, 0x3, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$inet6(0xa, 0x800000000000002, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x800) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES16], 0x54}}, 0x0) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0) 3.726141531s ago: executing program 3 (id=178): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000007c5e0000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b70400000000000085"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0x11, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.441783725s ago: executing program 4 (id=179): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@loopback, 0x200000, 0x2, 0x0, 0x0, 0xfffd, 0x97}, 0x20) 3.132460893s ago: executing program 0 (id=180): r0 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000000)={0x2, @pix_mp={0x89, 0x3, 0x59555956, 0x4, 0x6, [{0xebd, 0xfffffffc}, {0xffffff01, 0xafcd}, {0x7f, 0x8}, {0xaf8, 0x3}, {0x1, 0x4}, {0x8, 0x6}, {0x1000, 0x80000000}, {0x8, 0x6}], 0x6, 0xf, 0x4, 0x1, 0x3}}) 3.031770911s ago: executing program 3 (id=181): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4) shutdown(r2, 0x0) recvmmsg(r2, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4001}, 0x20000000) 2.610737085s ago: executing program 4 (id=182): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb80393884d01a507, 0x4008032, 0xffffffffffffffff, 0x0) getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x30) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x2, 0x7, 0xfffffe0001000001, 0xfa11, 0xffffffff}, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r3, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r3, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000}) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r5, 0x100000000) r6 = syz_clone3(&(0x7f00000076c0)={0x40208200, 0x0, 0x0, 0x0, {0x33}, 0x0, 0x5b, 0x0, 0x0}, 0x58) ioctl$IOMMU_HWPT_ALLOC$NONE(r2, 0x3b89, &(0x7f0000000000)={0x28, 0x2, r4, r3, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_UNMAP$ALL(r2, 0x3b86, &(0x7f0000000040)={0x18, r3}) ioctl$FS_IOC_READ_VERITY_METADATA(r2, 0xc0286687, 0x0) syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a72b7a104c05e102c8e201020301090224000100000000090471020216fa1f0009051402100000fa0009058202"], 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000003f40)={&(0x7f0000000200)={0x50, 0xfffffffffffffff5, 0xc36, {0x7, 0x2b, 0x10001, 0xffffffffc0010425, 0x1, 0x1ff, 0xae, 0xf38b68, 0x0, 0x0, 0x10, 0x2}}, &(0x7f0000000340)={0x18, 0x0, 0x100, {0x1}}, &(0x7f0000000380)={0x18, 0x0, 0x1, {0x8f}}, &(0x7f00000003c0)={0x18, 0x4df60775bc85ec92, 0x2, {0x400}}, &(0x7f00000014c0)={0x18, 0xffffffffffffffda, 0x7fffffff, {0x40000000}}, &(0x7f0000001500)={0x28, 0x0, 0x400, {{0xff, 0x3, 0x1, r6}}}, &(0x7f0000001540)={0x60, 0xfffffffffffffff5, 0x8, {{0x1, 0xbcb0, 0x1, 0x80000000, 0x8, 0x8, 0x6, 0x2}}}, &(0x7f00000015c0)={0x18, 0x0, 0x102, {0x6}}, &(0x7f0000001600)={0x1b, 0x0, 0x5, {'/dev/iommu\x00'}}, &(0x7f0000003680)={0x20, 0x0, 0x3, {0x0, 0x8}}, &(0x7f00000038c0)={0x78, 0x0, 0xffffffffffffffff, {0x4, 0x10001, 0x0, {0x2, 0xfffffffffffffff7, 0x1, 0xd, 0x4, 0x4, 0x1, 0xe80c, 0x1, 0x4000, 0x1ff, 0x0, 0x0, 0x6, 0x5}}}, &(0x7f0000003940)={0x90, 0x0, 0x2b0, {0x5, 0x0, 0x101, 0x2, 0x2, 0xe5f, {0x0, 0x7, 0x8, 0x5, 0x75b, 0x10, 0x9, 0x5, 0x15d87b66, 0x2000, 0xe, 0x0, 0x0, 0x0, 0x1}}}, &(0x7f0000003a00)={0xe0, 0xffffffffffffffda, 0x3ff, [{0x4, 0x1, 0xb, 0x6, '/dev/iommu\x00'}, {0x9, 0x9, 0xf, 0x0, '/dev/dri/card#\x00'}, {0x4, 0x7fff, 0x13, 0x4, './binderfs/binder1\x00'}, {0x4, 0x7, 0xf, 0x8, '/dev/dri/card#\x00'}, {0x6, 0xffff, 0xa, 0x8, '#\x1b-{@/:3&]'}]}, &(0x7f00000036c0)=ANY=[], &(0x7f0000003cc0)={0xa0, 0x0, 0x401, {{0x1, 0x1, 0xa, 0x6, 0x8, 0xffffffff, {0x0, 0x1, 0x401, 0x4, 0xc, 0xf095, 0x1, 0x6, 0xe33f, 0x6000, 0x8, 0x0, 0xee01, 0xffffffff}}, {0x0, 0x1}}}, &(0x7f0000003d80)={0x20, 0x0, 0x6, {0x0, 0x0, 0x200, 0xb}}, &(0x7f0000003e00)={0x130, 0x0, 0x1, {0x2, 0x3da7, 0x0, '\x00', {0x10, 0x8, 0x2, 0x3, 0x0, 0x0, 0xa000, '\x00', 0x9, 0x0, 0x6, 0x7, {0xc, 0x3}, {0x9, 0xa}, {0x3, 0x9}, {0x5, 0x1}, 0xbb9, 0x8, 0x4, 0x8}}}}) r8 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r8, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1e67}, {&(0x7f00000000c0)=""/250, 0x4}], 0x2, 0x0, 0xd64}}], 0x300, 0x34000, 0x0) sendmsg$ETHTOOL_MSG_TSINFO_GET(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES16=r7, @ANYBLOB="a787000000ff000000000b00000404000180"], 0x18}}, 0x0) read(r0, 0x0, 0x0) userfaultfd(0x801) 2.336373798s ago: executing program 0 (id=183): socket$packet(0x11, 0x3, 0x300) syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r0, 0xfffffffc) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, r3, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x1802, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r5, 0x1, 0x70bd2c, 0xff07, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x1c}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}, 0x1, 0xff07}, 0x2000000) 1.069314023s ago: executing program 1 (id=184): socket$inet_udp(0x2, 0x2, 0x0) unshare(0x22020600) r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x208000, 0x0) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000000400)=""/73, 0x49}], 0x1, 0x0, 0x0) 1.017659643s ago: executing program 0 (id=185): r0 = shmget$private(0x0, 0x3000, 0x2, &(0x7f0000ffd000/0x3000)=nil) shmat(r0, &(0x7f0000ffc000/0x3000)=nil, 0x4000) shmctl$IPC_RMID(r0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x20c02) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)="aefdda9d240303005a90f57f07703aeff0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072a", 0x2a}], 0x1) r2 = syz_io_uring_setup(0xbde, &(0x7f0000000540)={0x0, 0xec25, 0x400, 0x41, 0x40000337}, &(0x7f0000000dc0)=0x0, &(0x7f0000000a40)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x1000000000, &(0x7f0000000600)=[{0x0}], 0x1}) io_uring_enter(r2, 0x40847ba, 0x0, 0xe, 0x0, 0x1b) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x90, 0x0, 0x4000000000000, {0x0, 0x200000000, 0x20000000, 0x4, 0x6, 0x0, {0x0, 0x20000010001, 0x0, 0xd, 0x3, 0x100, 0x10000, 0x2, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x7}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) pipe2(&(0x7f0000000040), 0x0) 235.852684ms ago: executing program 1 (id=186): mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x5031, 0xffffffffffffffff, 0xc2dcc000) clock_nanosleep(0x2, 0x0, &(0x7f0000000080)={0x77359400}, &(0x7f0000001b40)) 0s ago: executing program 0 (id=187): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback, 0x2}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000009c0)=@ccm_128={{0x304}, "04bf950000f1ff00", "ea0500a985ad611e0124b4776f7f8286", "385afa2f", "a69109b15a39d65a"}, 0x28) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.122' (ED25519) to the list of known hosts. [ 192.209527][ T5764] cgroup: Unknown subsys name 'net' [ 192.338892][ T5764] cgroup: Unknown subsys name 'cpuset' [ 192.354578][ T5764] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 198.736438][ T5764] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 203.626242][ T5785] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 203.636532][ T5785] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 203.646317][ T5785] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 203.660407][ T5785] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 203.679854][ T5789] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 203.690931][ T5789] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 203.700086][ T5789] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 203.710976][ T5789] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 203.720788][ T5790] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 203.736224][ T50] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 203.749333][ T50] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 203.779346][ T5793] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 203.799293][ T5793] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 203.809465][ T50] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 203.809621][ T5795] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 203.825222][ T5795] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 203.838152][ T5793] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 203.847669][ T5793] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 203.901076][ T5785] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 203.913095][ T5785] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 203.943827][ T5793] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 203.960055][ T5793] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 203.980169][ T5793] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 203.995529][ T5793] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 204.012575][ T5793] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 205.403530][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 205.629005][ T5794] chnl_net:caif_netlink_parms(): no params data found [ 205.878442][ T5789] Bluetooth: hci1: command tx timeout [ 205.884092][ T5789] Bluetooth: hci0: command tx timeout [ 205.888811][ T5793] Bluetooth: hci2: command tx timeout [ 205.930852][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 205.962241][ T5793] Bluetooth: hci3: command tx timeout [ 205.977244][ T5798] chnl_net:caif_netlink_parms(): no params data found [ 206.120392][ T5793] Bluetooth: hci4: command tx timeout [ 206.273274][ T5782] chnl_net:caif_netlink_parms(): no params data found [ 206.876742][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.884846][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.893831][ T5784] bridge_slave_0: entered allmulticast mode [ 206.908095][ T5784] bridge_slave_0: entered promiscuous mode [ 206.992646][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.004028][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.028372][ T5784] bridge_slave_1: entered allmulticast mode [ 207.051560][ T5784] bridge_slave_1: entered promiscuous mode [ 207.073513][ T5794] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.081313][ T5794] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.089619][ T5794] bridge_slave_0: entered allmulticast mode [ 207.099458][ T5794] bridge_slave_0: entered promiscuous mode [ 207.197420][ T5794] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.205354][ T5794] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.236439][ T5794] bridge_slave_1: entered allmulticast mode [ 207.251286][ T5794] bridge_slave_1: entered promiscuous mode [ 207.479889][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.554756][ T5794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.564564][ T5798] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.572338][ T5798] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.580884][ T5798] bridge_slave_0: entered allmulticast mode [ 207.590054][ T5798] bridge_slave_0: entered promiscuous mode [ 207.609956][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.700679][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.708364][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.716008][ T5787] bridge_slave_0: entered allmulticast mode [ 207.725322][ T5787] bridge_slave_0: entered promiscuous mode [ 207.745287][ T5794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.789589][ T5798] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.797120][ T5798] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.805229][ T5798] bridge_slave_1: entered allmulticast mode [ 207.813908][ T5798] bridge_slave_1: entered promiscuous mode [ 207.850932][ T5782] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.858694][ T5782] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.866639][ T5782] bridge_slave_0: entered allmulticast mode [ 207.876298][ T5782] bridge_slave_0: entered promiscuous mode [ 207.890348][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.898098][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.906030][ T5787] bridge_slave_1: entered allmulticast mode [ 207.915044][ T5787] bridge_slave_1: entered promiscuous mode [ 207.958462][ T5793] Bluetooth: hci2: command tx timeout [ 207.958612][ T5789] Bluetooth: hci0: command tx timeout [ 207.964045][ T5793] Bluetooth: hci1: command tx timeout [ 208.003979][ T5784] team0: Port device team_slave_0 added [ 208.011089][ T5782] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.018820][ T5782] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.026561][ T5782] bridge_slave_1: entered allmulticast mode [ 208.035653][ T5782] bridge_slave_1: entered promiscuous mode [ 208.048115][ T5789] Bluetooth: hci3: command tx timeout [ 208.086082][ T5794] team0: Port device team_slave_0 added [ 208.162535][ T5784] team0: Port device team_slave_1 added [ 208.206625][ T5794] team0: Port device team_slave_1 added [ 208.212604][ T5789] Bluetooth: hci4: command tx timeout [ 208.252528][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.272121][ T5798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.292554][ T5798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.396812][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.409138][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.416369][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 208.442933][ T5794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.522005][ T5782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.578023][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 208.585172][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 208.611629][ T5794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 208.669186][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.676410][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 208.703431][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.723757][ T5782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.771783][ T5798] team0: Port device team_slave_0 added [ 208.780431][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 208.787561][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 208.814132][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 208.860566][ T5787] team0: Port device team_slave_0 added [ 208.880635][ T5787] team0: Port device team_slave_1 added [ 208.894253][ T5798] team0: Port device team_slave_1 added [ 209.069561][ T5782] team0: Port device team_slave_0 added [ 209.134028][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.141382][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.168078][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.183620][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.191478][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.218036][ T5798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.238376][ T5782] team0: Port device team_slave_1 added [ 209.258422][ T5794] hsr_slave_0: entered promiscuous mode [ 209.267340][ T5794] hsr_slave_1: entered promiscuous mode [ 209.308306][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.315440][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.342023][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.356447][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.363736][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.390167][ T5798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.531661][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.539003][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.565444][ T5782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.593032][ T5784] hsr_slave_0: entered promiscuous mode [ 209.602366][ T5784] hsr_slave_1: entered promiscuous mode [ 209.610818][ T5784] debugfs: 'hsr0' already exists in 'hsr' [ 209.616826][ T5784] Cannot create hsr debugfs directory [ 209.666440][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.673742][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 209.700434][ T5782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.945055][ T5787] hsr_slave_0: entered promiscuous mode [ 209.954223][ T5787] hsr_slave_1: entered promiscuous mode [ 209.963372][ T5787] debugfs: 'hsr0' already exists in 'hsr' [ 209.969433][ T5787] Cannot create hsr debugfs directory [ 210.021690][ T5798] hsr_slave_0: entered promiscuous mode [ 210.032306][ T5798] hsr_slave_1: entered promiscuous mode [ 210.038395][ T5789] Bluetooth: hci0: command tx timeout [ 210.044125][ T5785] Bluetooth: hci1: command tx timeout [ 210.044938][ T5793] Bluetooth: hci2: command tx timeout [ 210.056422][ T5798] debugfs: 'hsr0' already exists in 'hsr' [ 210.062490][ T5798] Cannot create hsr debugfs directory [ 210.118202][ T5793] Bluetooth: hci3: command tx timeout [ 210.278281][ T5793] Bluetooth: hci4: command tx timeout [ 210.292239][ T5782] hsr_slave_0: entered promiscuous mode [ 210.301469][ T5782] hsr_slave_1: entered promiscuous mode [ 210.310063][ T5782] debugfs: 'hsr0' already exists in 'hsr' [ 210.315925][ T5782] Cannot create hsr debugfs directory [ 211.524292][ T5794] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 211.552270][ T5794] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 211.578965][ T5794] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 211.605545][ T5794] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 211.743071][ T5782] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 211.788525][ T5782] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 211.838724][ T5782] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 211.890781][ T5782] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 212.013540][ T5784] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 212.054310][ T5784] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 212.114775][ T5784] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 212.123406][ T5793] Bluetooth: hci0: command tx timeout [ 212.123609][ T5789] Bluetooth: hci1: command tx timeout [ 212.129829][ T5793] Bluetooth: hci2: command tx timeout [ 212.160443][ T5784] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 212.198220][ T5793] Bluetooth: hci3: command tx timeout [ 212.359425][ T5793] Bluetooth: hci4: command tx timeout [ 212.368560][ T5798] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 212.426281][ T5798] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 212.453022][ T5798] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 212.522683][ T5798] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 212.772439][ T5787] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 212.796515][ T5787] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 212.834413][ T5787] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 212.914057][ T5787] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 213.282525][ T5794] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.510342][ T5782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.542907][ T5794] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.667680][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.675185][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.706511][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.754707][ T5798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.832413][ T2977] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.839942][ T2977] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.889520][ T5782] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.953122][ T5798] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.994058][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.037954][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.045459][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.070237][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.077595][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.153509][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.161203][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.178088][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.185494][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.201487][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.208932][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.289781][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.297137][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.506741][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.802399][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.932560][ T2977] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.940180][ T2977] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.066318][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.073997][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.130978][ T5794] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 216.708505][ T5782] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 216.820360][ T5798] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 216.880530][ T5794] veth0_vlan: entered promiscuous mode [ 216.906000][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.097931][ T5794] veth1_vlan: entered promiscuous mode [ 217.236025][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.385304][ T5782] veth0_vlan: entered promiscuous mode [ 217.503411][ T5798] veth0_vlan: entered promiscuous mode [ 217.602332][ T5782] veth1_vlan: entered promiscuous mode [ 217.627348][ T5794] veth0_macvtap: entered promiscuous mode [ 217.665391][ T5784] veth0_vlan: entered promiscuous mode [ 217.753071][ T5798] veth1_vlan: entered promiscuous mode [ 217.781299][ T5794] veth1_macvtap: entered promiscuous mode [ 217.864757][ T5784] veth1_vlan: entered promiscuous mode [ 218.090398][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 218.223688][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 218.386035][ T5782] veth0_macvtap: entered promiscuous mode [ 218.412888][ T2977] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.428808][ T2977] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.441135][ T2977] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.476557][ T2977] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.500331][ T5798] veth0_macvtap: entered promiscuous mode [ 218.540209][ T5782] veth1_macvtap: entered promiscuous mode [ 218.614933][ T5784] veth0_macvtap: entered promiscuous mode [ 218.645288][ T5798] veth1_macvtap: entered promiscuous mode [ 218.712476][ T5784] veth1_macvtap: entered promiscuous mode [ 218.864083][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 218.976897][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 219.029066][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 219.060002][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 219.164236][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 219.190289][ T5787] veth0_vlan: entered promiscuous mode [ 219.205029][ T2977] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.272081][ T2977] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.294972][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 219.338226][ T2977] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.347420][ T2977] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.395332][ T5787] veth1_vlan: entered promiscuous mode [ 219.425861][ T2977] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.476604][ T2977] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.575663][ T2977] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.663414][ T2977] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.708278][ T2977] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.717341][ T2977] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.799164][ T35] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.875232][ T2961] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.931352][ T5787] veth0_macvtap: entered promiscuous mode [ 220.056488][ T5787] veth1_macvtap: entered promiscuous mode [ 220.346877][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.481478][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 220.595332][ T2977] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.655192][ T2977] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.713710][ T2977] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.769946][ T2977] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.313284][ T2961] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.321687][ T2961] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.677576][ T2977] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.688812][ T2977] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.232894][ T5794] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 226.159481][ T5960] Zero length message leads to an empty skb [ 226.271012][ T2961] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 226.279437][ T2961] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 226.579559][ T3482] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 226.587689][ T3482] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 226.718432][ T2961] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 226.726510][ T2961] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 227.002113][ T3482] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 227.010385][ T3482] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 227.316621][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 227.329180][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 227.763795][ T1333] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 227.772053][ T1333] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 227.854742][ T5978] vcan0: tx drop: invalid sa for name 0x0000000000000002 [ 228.028252][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.036312][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.458204][ T2977] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.466235][ T2977] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.722825][ T5985] netlink: 'syz.1.9': attribute type 1 has an invalid length. [ 228.734935][ T5985] netlink: 16 bytes leftover after parsing attributes in process `syz.1.9'. [ 228.850158][ T5984] netlink: 'syz.2.3': attribute type 4 has an invalid length. [ 229.305264][ T5988] syzkaller1: entered promiscuous mode [ 229.311713][ T5988] syzkaller1: entered allmulticast mode [ 229.495857][ T5993] netlink: 'syz.0.10': attribute type 3 has an invalid length. [ 229.525424][ T5995] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 229.528148][ C1] hrtimer: interrupt took 688420 ns [ 230.681447][ T6008] netlink: 19 bytes leftover after parsing attributes in process `syz.3.15'. [ 230.707713][ T6010] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 230.784734][ T6010] netlink: 'syz.2.16': attribute type 1 has an invalid length. [ 230.792964][ T6010] netlink: 'syz.2.16': attribute type 5 has an invalid length. [ 230.800921][ T6010] netlink: 240 bytes leftover after parsing attributes in process `syz.2.16'. [ 230.862811][ T6012] netlink: 'syz.2.16': attribute type 1 has an invalid length. [ 230.870858][ T6012] netlink: 'syz.2.16': attribute type 5 has an invalid length. [ 230.884164][ T6012] netlink: 240 bytes leftover after parsing attributes in process `syz.2.16'. [ 230.989410][ T6014] netlink: 'syz.1.17': attribute type 2 has an invalid length. [ 230.997578][ T6014] netlink: 8 bytes leftover after parsing attributes in process `syz.1.17'. [ 232.932709][ T6040] syz.3.28 uses obsolete (PF_INET,SOCK_PACKET) [ 234.804338][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 234.813281][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 237.417355][ T6104] tls_set_device_offload: netdev not found [ 241.019668][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 241.328389][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 241.430018][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 241.533158][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!! [ 241.839257][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 241.942134][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 242.249066][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 242.351616][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 242.463500][ T0] NOHZ tick-stop error: local softirq work is pending, handler #308!!! [ 242.472372][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 249.993732][ T6173] syzkaller0: entered promiscuous mode [ 249.999723][ T6173] syzkaller0: entered allmulticast mode [ 251.545990][ T6189] syzkaller1: entered promiscuous mode [ 251.552403][ T6189] syzkaller1: entered allmulticast mode [ 260.944061][ T6216] syzkaller0: entered promiscuous mode [ 260.950174][ T6216] syzkaller0: entered allmulticast mode [ 261.324124][ T6222] netlink: 'syz.0.93': attribute type 1 has an invalid length. [ 261.716550][ T795] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 261.928234][ T795] usb 2-1: Using ep0 maxpacket: 8 [ 261.958819][ T795] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 261.970057][ T795] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 261.979519][ T795] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 261.988924][ T795] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.131356][ T795] usb 2-1: config 0 descriptor?? [ 270.128232][ T795] usb 2-1: USB disconnect, device number 2 [ 272.163654][ T6261] syzkaller0: entered promiscuous mode [ 272.169521][ T6261] syzkaller0: entered allmulticast mode [ 279.066946][ T5789] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 279.084140][ T5789] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 279.094781][ T5789] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 279.135633][ T5789] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 279.159561][ T5789] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 281.358556][ T5789] Bluetooth: hci5: command tx timeout [ 282.259197][ T6300] chnl_net:caif_netlink_parms(): no params data found [ 283.407258][ T5789] Bluetooth: hci5: command tx timeout [ 283.760404][ T6342] netlink: 8 bytes leftover after parsing attributes in process `syz.3.126'. [ 285.476880][ T6300] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.484584][ T6300] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.528898][ T5789] Bluetooth: hci5: command tx timeout [ 285.603448][ T6300] bridge_slave_0: entered allmulticast mode [ 285.687403][ T6300] bridge_slave_0: entered promiscuous mode [ 285.786870][ T6300] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.795453][ T6300] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.039318][ T6300] bridge_slave_1: entered allmulticast mode [ 286.142482][ T6300] bridge_slave_1: entered promiscuous mode [ 286.800880][ T6300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 286.951729][ T6300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 286.978381][ T796] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 287.252598][ T796] usb 2-1: Using ep0 maxpacket: 8 [ 287.274152][ T796] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 287.286915][ T796] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 287.296577][ T796] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.552832][ T796] usb 2-1: config 0 descriptor?? [ 287.558200][ T5789] Bluetooth: hci5: command tx timeout [ 287.615914][ T6300] team0: Port device team_slave_0 added [ 287.751094][ T6300] team0: Port device team_slave_1 added [ 287.923584][ T796] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 288.092184][ T6363] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 288.189888][ T6363] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 288.434432][ T6300] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 288.442123][ T6300] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 288.468712][ T6300] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 288.568565][ T795] usb 2-1: USB disconnect, device number 3 [ 288.717485][ T6300] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 288.724880][ T6300] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 288.755228][ T6300] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 289.826203][ T6300] hsr_slave_0: entered promiscuous mode [ 289.903439][ T6300] hsr_slave_1: entered promiscuous mode [ 289.960822][ T6300] debugfs: 'hsr0' already exists in 'hsr' [ 289.972398][ T6300] Cannot create hsr debugfs directory [ 290.964057][ T58] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 291.248989][ T58] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 291.459958][ T58] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 291.783772][ T58] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.898348][ T5411] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 293.023803][ T58] bridge_slave_1: left allmulticast mode [ 293.030267][ T58] bridge_slave_1: left promiscuous mode [ 293.043397][ T58] bridge0: port 2(bridge_slave_1) entered disabled state [ 293.083963][ T5411] usb 2-1: Using ep0 maxpacket: 8 [ 293.134375][ T5411] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 293.150155][ T5411] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 293.162966][ T5411] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.219464][ T58] bridge_slave_0: left allmulticast mode [ 293.225343][ T58] bridge_slave_0: left promiscuous mode [ 293.232533][ T58] bridge0: port 1(bridge_slave_0) entered disabled state [ 293.322446][ T5411] usb 2-1: config 0 descriptor?? [ 293.696674][ T5411] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 293.903211][ T6409] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 293.980489][ T6409] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 294.302522][ T795] usb 2-1: USB disconnect, device number 4 [ 295.184544][ T58] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 295.316292][ T58] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 295.356686][ T58] bond0 (unregistering): Released all slaves [ 295.566451][ T6300] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 295.735429][ T6300] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 295.869621][ T6300] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 296.242273][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 296.249510][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 296.302357][ T6300] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 297.130693][ T58] hsr_slave_0: left promiscuous mode [ 297.158352][ T58] hsr_slave_1: left promiscuous mode [ 297.180446][ T58] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 297.188143][ T58] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 297.291785][ T58] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 297.301236][ T58] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 297.481240][ T58] veth1_macvtap: left promiscuous mode [ 297.486988][ T58] veth0_macvtap: left promiscuous mode [ 297.538765][ T58] veth1_vlan: left promiscuous mode [ 297.557295][ T58] veth0_vlan: left promiscuous mode [ 298.729506][ T796] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 298.933635][ T796] usb 1-1: Using ep0 maxpacket: 8 [ 298.965355][ T796] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 298.981701][ T796] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 298.993750][ T796] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.162483][ T796] usb 1-1: config 0 descriptor?? [ 299.479819][ T796] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 299.698835][ T6450] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 299.745975][ T6450] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 300.059363][ T796] usb 1-1: USB disconnect, device number 2 [ 300.455431][ T58] team0 (unregistering): Port device team_slave_1 removed [ 300.576757][ T58] team0 (unregistering): Port device team_slave_0 removed [ 303.352530][ T6300] 8021q: adding VLAN 0 to HW filter on device bond0 [ 303.612978][ T6300] 8021q: adding VLAN 0 to HW filter on device team0 [ 303.793271][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 303.800914][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 303.935081][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 303.942821][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 307.073686][ T6526] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 307.088882][ T6526] ===================================================== [ 307.096151][ T6526] BUG: KMSAN: uninit-value in pfn_reader_next+0x1d4c/0x3e40 [ 307.103845][ T6526] pfn_reader_next+0x1d4c/0x3e40 [ 307.109136][ T6526] pfn_reader_first+0xbdc/0xcc0 [ 307.114182][ T6526] iopt_area_fill_domains+0x20c/0x13a0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 307.120005][ T6526] iopt_map_pages+0x1b97/0x2120 [ 307.125070][ T6526] iopt_map_common+0x224/0x610 [ 307.130565][ T6526] iopt_map_user_pages+0x148/0x1c0 [ 307.135922][ T6526] iommufd_ioas_map+0x6a2/0x9b0 [ 307.141174][ T6526] iommufd_fops_ioctl+0x82a/0x9e0 [ 307.146473][ T6526] __se_sys_ioctl+0x23c/0x400 [ 307.151565][ T6526] __x64_sys_ioctl+0x97/0xe0 [ 307.156445][ T6526] x64_sys_call+0x18a7/0x3e70 [ 307.162057][ T6526] do_syscall_64+0xc9/0xf80 [ 307.170951][ T6526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.177164][ T6526] [ 307.180861][ T6526] Local variable pfns created at: [ 307.186018][ T6526] iopt_area_fill_domains+0x5c/0x13a0 [ 307.191897][ T6526] iopt_map_pages+0x1b97/0x2120 [ 307.196972][ T6526] [ 307.199537][ T6526] CPU: 0 UID: 0 PID: 6526 Comm: syz.4.182 Not tainted syzkaller #0 PREEMPT(voluntary) [ 307.209419][ T6526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 307.219676][ T6526] ===================================================== [ 307.226669][ T6526] Disabling lock debugging due to kernel taint [ 307.232986][ T6526] Kernel panic - not syncing: kmsan.panic set ... [ 307.239528][ T6526] CPU: 0 UID: 0 PID: 6526 Comm: syz.4.182 Tainted: G B syzkaller #0 PREEMPT(voluntary) [ 307.250933][ T6526] Tainted: [B]=BAD_PAGE [ 307.255141][ T6526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 307.265289][ T6526] Call Trace: [ 307.268663][ T6526] [ 307.271726][ T6526] __dump_stack+0x26/0x30 [ 307.276280][ T6526] dump_stack_lvl+0x50/0x1c0 [ 307.281077][ T6526] ? dump_stack+0x12/0x25 [ 307.285541][ T6526] dump_stack+0x1e/0x25 [ 307.289999][ T6526] vpanic+0x435/0xd40 [ 307.294391][ T6526] panic+0x15d/0x160 [ 307.298483][ T6526] kmsan_report+0x31a/0x320 [ 307.303195][ T6526] ? __msan_warning+0x1b/0x30 [ 307.308017][ T6526] ? pfn_reader_next+0x1d4c/0x3e40 [ 307.313264][ T6526] ? pfn_reader_first+0xbdc/0xcc0 [ 307.318415][ T6526] ? iopt_area_fill_domains+0x20c/0x13a0 [ 307.324240][ T6526] ? iopt_map_pages+0x1b97/0x2120 [ 307.329394][ T6526] ? iopt_map_common+0x224/0x610 [ 307.334452][ T6526] ? iopt_map_user_pages+0x148/0x1c0 [ 307.339861][ T6526] ? iommufd_ioas_map+0x6a2/0x9b0 [ 307.345024][ T6526] ? iommufd_fops_ioctl+0x82a/0x9e0 [ 307.350384][ T6526] ? __se_sys_ioctl+0x23c/0x400 [ 307.355440][ T6526] ? __x64_sys_ioctl+0x97/0xe0 [ 307.360317][ T6526] ? x64_sys_call+0x18a7/0x3e70 [ 307.365314][ T6526] ? do_syscall_64+0xc9/0xf80 [ 307.370117][ T6526] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.376333][ T6526] ? kmsan_get_metadata+0xf1/0x160 [ 307.381696][ T6526] ? kmsan_get_metadata+0xf1/0x160 [ 307.386980][ T6526] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 307.392953][ T6526] ? pfn_reader_user_pin+0x1d9e/0x20b0 [ 307.398560][ T6526] ? iopt_map_pages+0x1b97/0x2120 [ 307.403820][ T6526] ? iopt_map_common+0x224/0x610 [ 307.408883][ T6526] ? iopt_map_user_pages+0x148/0x1c0 [ 307.414325][ T6526] ? iommufd_ioas_map+0x6a2/0x9b0 [ 307.419487][ T6526] ? iommufd_fops_ioctl+0x82a/0x9e0 [ 307.424853][ T6526] ? __se_sys_ioctl+0x23c/0x400 [ 307.429852][ T6526] ? kmsan_get_metadata+0xf1/0x160 [ 307.435131][ T6526] __msan_warning+0x1b/0x30 [ 307.439771][ T6526] pfn_reader_next+0x1d4c/0x3e40 [ 307.444821][ T6526] ? should_fail_ex+0x45/0x8c0 [ 307.449698][ T6526] ? kmsan_get_metadata+0xf1/0x160 [ 307.454984][ T6526] ? kmsan_get_metadata+0xf1/0x160 [ 307.460315][ T6526] ? kmsan_get_metadata+0xf1/0x160 [ 307.465595][ T6526] ? kmsan_get_metadata+0xf1/0x160 [ 307.470868][ T6526] pfn_reader_first+0xbdc/0xcc0 [ 307.475871][ T6526] iopt_area_fill_domains+0x20c/0x13a0 [ 307.481623][ T6526] ? kmsan_get_metadata+0xf1/0x160 [ 307.486978][ T6526] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 307.493457][ T6526] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 307.499668][ T6526] ? kmsan_get_metadata+0xf1/0x160 [ 307.504955][ T6526] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 307.511105][ T6526] iopt_map_pages+0x1b97/0x2120 [ 307.516238][ T6526] iopt_map_common+0x224/0x610 [ 307.521145][ T6526] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 307.527212][ T6526] iopt_map_user_pages+0x148/0x1c0 [ 307.532496][ T6526] iommufd_ioas_map+0x6a2/0x9b0 [ 307.537515][ T6526] ? __pfx_iommufd_ioas_map+0x10/0x10 [ 307.543138][ T6526] iommufd_fops_ioctl+0x82a/0x9e0 [ 307.548406][ T6526] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 307.554104][ T6526] __se_sys_ioctl+0x23c/0x400 [ 307.558955][ T6526] __x64_sys_ioctl+0x97/0xe0 [ 307.563732][ T6526] x64_sys_call+0x18a7/0x3e70 [ 307.568564][ T6526] do_syscall_64+0xc9/0xf80 [ 307.573243][ T6526] ? clear_bhb_loop+0x40/0x90 [ 307.578127][ T6526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.584250][ T6526] RIP: 0033:0x7f581279aeb9 [ 307.588819][ T6526] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 307.608562][ T6526] RSP: 002b:00007f5813681028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 307.617200][ T6526] RAX: ffffffffffffffda RBX: 00007f5812a16180 RCX: 00007f581279aeb9 [ 307.625369][ T6526] RDX: 0000200000000180 RSI: 0000000000003b85 RDI: 0000000000000006 [ 307.633503][ T6526] RBP: 00007f5812808c1f R08: 0000000000000000 R09: 0000000000000000 [ 307.641670][ T6526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 307.649785][ T6526] R13: 00007f5812a16218 R14: 00007f5812a16180 R15: 00007ffe864f7668 [ 307.657904][ T6526] [ 307.661601][ T6526] Kernel Offset: disabled [ 307.666113][ T6526] Rebooting in 86400 seconds..