last executing test programs: 33.090686907s ago: executing program 2 (id=22): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000000)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000540)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0}) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000140)={0x0, r1}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000940)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000) 32.333786639s ago: executing program 2 (id=24): r0 = socket$alg(0x26, 0x5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r1, 0x0) bind$alg(r0, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) r2 = accept$alg(r0, 0x0, 0x0) r3 = dup(r2) write$FUSE_INIT(r3, &(0x7f0000000080)={0x4f}, 0xfffffdef) setsockopt(r3, 0x1, 0x20, &(0x7f0000000040)="c04bfa0a", 0x4) read$FUSE(r3, &(0x7f0000002000)={0x2020}, 0xfffffc7c) 31.676661185s ago: executing program 2 (id=28): mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='debugfs\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000580), 0x0, &(0x7f0000000380)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000140)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', r0, &(0x7f0000000000)='./file0\x00') mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000440)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') link(&(0x7f0000000280)='./file0\x00', 0x0) 31.277638378s ago: executing program 2 (id=32): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x2382, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1}) ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000400000004"]) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_CAP_HYPERV_SYNIC2(r4, 0x4068aea3, &(0x7f0000002240)) ioctl$KVM_IRQ_LINE_STATUS(r3, 0xc008ae67, &(0x7f0000000180)={0x4, 0xdf2}) 30.619284435s ago: executing program 2 (id=36): mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x1a3089, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) symlink(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) setpgid(r0, 0x0) setpgid(0x0, r0) mount(0x0, &(0x7f0000000300)='./file1\x00', &(0x7f0000000080)='tmpfs\x00', 0x800, 0x0) 29.582186644s ago: executing program 2 (id=40): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) r1 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000040)={0x0, 0x4, 0x30, 0x4, 0x7}, &(0x7f0000000080)=0x18) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, &(0x7f0000000140)) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f00000000c0)={0xd7c, 0x0, 0x7ff, 0x3}, &(0x7f0000000240)=0x10) 17.157540662s ago: executing program 3 (id=99): timer_settime(0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) lseek(0xffffffffffffffff, 0x164, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2800000011143dcf0000000000000000080001000000000008004b0028"], 0x28}}, 0x0) 14.912819961s ago: executing program 3 (id=108): syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="120100002ec6601037210100352a010203010902120001000000000904"], 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}}, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0x39}, 0x0, 0x1, 0x0, 0x4}, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f0000000100)=0x2000004) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000180)="00214717a7070008000003063ceb9d04712000000000000000ce8cf4bbca69d16c68f7c2fdaa355f37c0c6eb", 0x2c}], 0x1, 0x3, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r2, 0x400452c8, &(0x7f0000000100)) 14.266515733s ago: executing program 32 (id=40): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) r1 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000040)={0x0, 0x4, 0x30, 0x4, 0x7}, &(0x7f0000000080)=0x18) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, &(0x7f0000000140)) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f00000000c0)={0xd7c, 0x0, 0x7ff, 0x3}, &(0x7f0000000240)=0x10) 12.874862591s ago: executing program 3 (id=113): socket$nl_generic(0x10, 0x3, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=@setlink={0x3c, 0x13, 0x1, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0xa, r2}, @IFLA_ALT_IFNAME={0x14, 0x35, 'dummy0\x00'}]}, 0x3c}}, 0x0) r3 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000080)={'dummy0\x00'}) r4 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TCFLSH(r4, 0x540b, 0x0) 12.148946721s ago: executing program 3 (id=116): unshare(0x4000600) r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440)={0x28, 0x0, 0x0, @local}, 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) dup3(r1, r0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 7.416089725s ago: executing program 3 (id=132): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="120100001d9167204f17316a3f26010203010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="4400000001040500000000000000000003000000080003400000fd2c060006400000000008000340000000000a0002000000000502"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x2000004) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 7.077356671s ago: executing program 0 (id=135): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00006dbffc), 0x4) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000200)="67d8902400aa303e97380e90231bdbdaf6a4bd866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a22491af0ffea4174a9de3350c14498396b28c7d1784d04aa38922721cb7816094cb82950fd012efd26d", 0x5a}, {&(0x7f0000000900)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df895d9907e4afb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b907e0974f1073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf4dee8512f3bac440f5d5e4bed6b897608b01eae26a54433e5f5c74a2ee3c2fc50067be05a677ff52a7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fedb679328f114f7c8238ac955391b24614d91be1701ae07c170a9c299fcf3d0ac4cea07e88fbf66b697883af17a06ac3f9954eb2fbd20f101802cd023fc48c5d464c16059cc9dce8558c5322ac7612db0e27252804059094a318c4cdeeddd5793a427628c2c41a21f0d2f3962e32f710bf9e216ff1694e8d88c8a81328744b36d9ef9f08c0ea3ccd4f8729e2f00a048162834a958df39f9c5a8c8e876a52816446d0106f4a81dba144c80fda0b401f0774edbf73b3de44d7ca5c28b0830910f3b02be5e8", 0x427}], 0x2}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f0000000680)=0x1, 0x4) 6.714235981s ago: executing program 0 (id=137): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000900)={'bridge0\x00', @remote}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r2, &(0x7f0000000140)='P', &(0x7f0000000000)=""/8, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r2, &(0x7f0000000100), &(0x7f0000000000)=""/8, 0x2}, 0x20) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000107400)) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f0000109600)={0x3af7, [], 0x9, "3ef6f3c4857e59"}) ioctl$SIOCSIFHWADDR(r1, 0x89a1, &(0x7f0000000900)={'bridge0\x00', @broadcast}) 5.367129147s ago: executing program 0 (id=139): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6_sctp(0xa, 0x5, 0x84) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0xa, 0x20}, {}, {}, {0x18, 0x2, 0x2, 0x0, r1}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 5.230001865s ago: executing program 4 (id=140): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1) syz_open_dev$video(0x0, 0x8, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) 3.64895251s ago: executing program 1 (id=141): r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) flock(r0, 0x5) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x14}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) flock(r3, 0x1) flock(r3, 0x2) dup3(r3, r0, 0x0) 3.6480617s ago: executing program 3 (id=142): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x101842, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket(0x1d, 0x2, 0x6) syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040)) 3.500323159s ago: executing program 4 (id=143): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r3}, 0x18) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r4, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10) 3.464100771s ago: executing program 0 (id=144): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000240)=[@mss, @timestamp, @timestamp, @mss={0x2, 0x1}, @window, @window={0x3, 0x0, 0xfffc}, @timestamp, @timestamp], 0x8) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='cdg\x00', 0x4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0xc7) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) 3.302319095s ago: executing program 4 (id=145): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r1, r2, 0x5, 0x0, 0x0, @void, @value}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r1}, &(0x7f00000006c0), &(0x7f0000000700)=r0}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd8073a46b08b94214d816f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb4147000001000000008f2b9000f22425e4097ed62cbc891061017cfa6f6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe68db8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3542646bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)=ANY=[@ANYRES32=r4, @ANYRES32=r3, @ANYBLOB='&'], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) 3.282355054s ago: executing program 1 (id=146): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='contention_end\x00', r0}, 0x18) r1 = syz_create_resource$binfmt(&(0x7f0000000080)='./file1\x00') r2 = openat$binfmt(0xffffffffffffff9c, r1, 0x42, 0x1ff) close(r2) execveat$binfmt(0xffffffffffffff9c, r1, 0x0, 0x0, 0x0) r3 = fsopen(&(0x7f0000000340)='devpts\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r4, &(0x7f0000000140)='./file0\x00') 3.013936569s ago: executing program 4 (id=147): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x0, 0x2}}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000080)={0x42, 0x80000009, 0x2}, 0x10) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x4}, 0x10) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r4, &(0x7f0000000380)={&(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x4}}}, 0x10, 0x0}, 0x0) 2.972381184s ago: executing program 1 (id=148): fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000140)='\x00\x00g\x0e\xaccg\xf6\xd3\'\xec$\xbem\xfc\xf1\xd5\xab\x87u\xeb\xb4\x8c[\xd7R\xa0.3[\x99\v\xb7:b\xd6\x8ek\xf8L=\xf7\x85o\xaeG^\xe5\xa1 )\xab\x98)Rjm\x02\xf7\b\x8d\xa3z\xf8\xd6\xbf=ED\x9csg\xcbw\x81fM\xce/Ly\x1b,\x9c\xae\xc0\xeb\xab\xb0\xb1\xeb\xff\x85w\xe3\xcdz(I', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x900, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x3, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @cgroup_sysctl=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000300)={0x70001, 0x0, [0xe, 0xc, 0xe, 0xb4, 0xfffffffffffffffc, 0x7, 0x26, 0x1ff]}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000000)="f20f1c0166b864912c870f23c80f21f866350c0080000f23f80f01fc0f20e06635000010000f22e00f20c06635000000400f22c00f1c9700000f01c566b9a001000066b80400000066ba000000000f30c0dbb6660f3adf932700de", 0x54}], 0x1555555555555457, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.595340903s ago: executing program 4 (id=149): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="3c0200007d"], 0x23c) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2.211993504s ago: executing program 0 (id=150): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000000280)={{0xf4}, 0x0, 0x1, 0x7, {0xf5, 0x8}, 0x8, 0x81}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) r3 = dup(r2) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x7, 0x6, 0x81, '\x00', 0x3c}) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000000c0)=0xffff) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2.128063979s ago: executing program 1 (id=151): symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000000340)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') rename(&(0x7f0000000140)='./file1\x00', &(0x7f0000001900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x4) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) 1.978661113s ago: executing program 0 (id=152): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x70f9a000) r1 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81) ioctl$HIDIOCGFEATURE(r1, 0xc0404807, &(0x7f0000000040)={0x0, "c3de0e714685cbd78f45e00b22e52ec50ae4ecdc5ca8737a05cbbb0425a5bb221d70720b88c39907b4bd9df53411a722ee745c762bc15d597e1b5631088a626e"}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='mm_page_free_batched\x00', r2}, 0x10) socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) 1.779638811s ago: executing program 1 (id=153): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) kexec_load(0x0, 0x1, &(0x7f0000000140)=[{0x0, 0x0, 0x0, 0x41000000}], 0x3e0000) 1.52203813s ago: executing program 4 (id=154): mknod$loop(&(0x7f0000000140)='./file0\x00', 0x2000, 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}}) chmod(&(0x7f0000000140)='./file0\x00', 0x0) r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0) write$tcp_mem(r3, &(0x7f0000000180)={0x5, 0x20, 0x544c, 0x20, 0x100000001}, 0x48) write$binfmt_script(r3, &(0x7f0000000340)={'#! ', './file1/../file0'}, 0x14) 0s ago: executing program 1 (id=155): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000b40), 0x600, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r2, 0x0) r3 = dup3(r2, r1, 0x0) recvmmsg(r3, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0xf00, 0xf0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.69' (ED25519) to the list of known hosts. [ 74.590623][ T5813] cgroup: Unknown subsys name 'net' [ 74.706258][ T5813] cgroup: Unknown subsys name 'cpuset' [ 74.714776][ T5813] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 76.257265][ T5813] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 80.204891][ T5826] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.213941][ T5826] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.221980][ T5826] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.230652][ T5826] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.239048][ T5826] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 80.246674][ T5826] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.374261][ T5139] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 80.383045][ T5139] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.392501][ T5139] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.403060][ T5139] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.410828][ T5139] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 80.420692][ T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.442663][ T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.452704][ T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.460730][ T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.469288][ T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.477312][ T55] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 80.485671][ T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.512961][ T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.539272][ T5830] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.547210][ T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.556326][ T5830] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.575217][ T55] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 80.592702][ T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.620360][ T5826] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 80.629286][ T5826] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 80.637490][ T5826] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 80.645490][ T5826] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 80.653632][ T5826] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 80.661108][ T5826] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 80.906928][ T5823] chnl_net:caif_netlink_parms(): no params data found [ 80.974330][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 81.179897][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 81.189860][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.200144][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.207788][ T5823] bridge_slave_0: entered allmulticast mode [ 81.216227][ T5823] bridge_slave_0: entered promiscuous mode [ 81.227843][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.235309][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.242937][ T5823] bridge_slave_1: entered allmulticast mode [ 81.249903][ T5823] bridge_slave_1: entered promiscuous mode [ 81.257336][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.264649][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.272273][ T5827] bridge_slave_0: entered allmulticast mode [ 81.279020][ T5827] bridge_slave_0: entered promiscuous mode [ 81.289106][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.296584][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.303914][ T5827] bridge_slave_1: entered allmulticast mode [ 81.310867][ T5827] bridge_slave_1: entered promiscuous mode [ 81.327209][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 81.411445][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.450645][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.463417][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.497661][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.528121][ T5827] team0: Port device team_slave_0 added [ 81.567299][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 81.580375][ T5823] team0: Port device team_slave_0 added [ 81.590295][ T5827] team0: Port device team_slave_1 added [ 81.616109][ T5823] team0: Port device team_slave_1 added [ 81.640463][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.650950][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.658367][ T5833] bridge_slave_0: entered allmulticast mode [ 81.666079][ T5833] bridge_slave_0: entered promiscuous mode [ 81.674318][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.681547][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.689118][ T5833] bridge_slave_1: entered allmulticast mode [ 81.696656][ T5833] bridge_slave_1: entered promiscuous mode [ 81.774100][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.781122][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.808076][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.821645][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.830926][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.857932][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.878580][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.885811][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.912477][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.925335][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.932692][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.959047][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.971260][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.978813][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.986988][ T5829] bridge_slave_0: entered allmulticast mode [ 81.994617][ T5829] bridge_slave_0: entered promiscuous mode [ 82.005301][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.012586][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.019812][ T5829] bridge_slave_1: entered allmulticast mode [ 82.027077][ T5829] bridge_slave_1: entered promiscuous mode [ 82.035553][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.047970][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.142808][ T5833] team0: Port device team_slave_0 added [ 82.180126][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.191405][ T5833] team0: Port device team_slave_1 added [ 82.207611][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.215065][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.225991][ T5837] bridge_slave_0: entered allmulticast mode [ 82.234249][ T5837] bridge_slave_0: entered promiscuous mode [ 82.263771][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.291015][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.298923][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.306863][ T5837] bridge_slave_1: entered allmulticast mode [ 82.314907][ T5837] bridge_slave_1: entered promiscuous mode [ 82.316525][ T55] Bluetooth: hci0: command tx timeout [ 82.329522][ T5827] hsr_slave_0: entered promiscuous mode [ 82.336594][ T5827] hsr_slave_1: entered promiscuous mode [ 82.357075][ T5823] hsr_slave_0: entered promiscuous mode [ 82.363984][ T5823] hsr_slave_1: entered promiscuous mode [ 82.370192][ T5823] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.378571][ T5823] Cannot create hsr debugfs directory [ 82.397513][ T5829] team0: Port device team_slave_0 added [ 82.404559][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.411724][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.438121][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.462639][ T55] Bluetooth: hci1: command tx timeout [ 82.488012][ T5829] team0: Port device team_slave_1 added [ 82.502915][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.509903][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.536607][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.561330][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.589687][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.597194][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.623564][ T55] Bluetooth: hci3: command tx timeout [ 82.624472][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.638753][ T55] Bluetooth: hci2: command tx timeout [ 82.654476][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.677626][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.685010][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.711364][ T55] Bluetooth: hci4: command tx timeout [ 82.711748][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.800328][ T5837] team0: Port device team_slave_0 added [ 82.821094][ T5829] hsr_slave_0: entered promiscuous mode [ 82.828541][ T5829] hsr_slave_1: entered promiscuous mode [ 82.835616][ T5829] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.843644][ T5829] Cannot create hsr debugfs directory [ 82.874270][ T5837] team0: Port device team_slave_1 added [ 82.897991][ T5833] hsr_slave_0: entered promiscuous mode [ 82.904533][ T5833] hsr_slave_1: entered promiscuous mode [ 82.910657][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.918309][ T5833] Cannot create hsr debugfs directory [ 82.984354][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.991357][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.018063][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.074187][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.081629][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.108069][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.235551][ T5827] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 83.267949][ T5837] hsr_slave_0: entered promiscuous mode [ 83.274368][ T5837] hsr_slave_1: entered promiscuous mode [ 83.280386][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 83.288252][ T5837] Cannot create hsr debugfs directory [ 83.294284][ T5827] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 83.320032][ T5827] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 83.350914][ T5827] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 83.527758][ T5823] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 83.537525][ T5823] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 83.560864][ T5823] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 83.582705][ T5823] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 83.640454][ T5833] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 83.676015][ T5833] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 83.688201][ T5833] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 83.713744][ T5833] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 83.776418][ T5829] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 83.804336][ T5829] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 83.818694][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.830690][ T5829] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 83.862667][ T5829] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 83.902624][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.948096][ T1106] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.955621][ T1106] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.977163][ T5837] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 84.008969][ T5837] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 84.019575][ T5837] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 84.032599][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.040377][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.057948][ T5837] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 84.086192][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.181965][ T5823] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.227878][ T2993] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.235278][ T2993] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.268208][ T2993] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.275458][ T2993] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.356756][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.370065][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.383764][ T55] Bluetooth: hci0: command tx timeout [ 84.431008][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.469359][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.514338][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.521703][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.537564][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.544819][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.552458][ T55] Bluetooth: hci1: command tx timeout [ 84.564101][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.571373][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.657387][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.664643][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.680320][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.702662][ T55] Bluetooth: hci2: command tx timeout [ 84.702671][ T5826] Bluetooth: hci3: command tx timeout [ 84.708541][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.784104][ T55] Bluetooth: hci4: command tx timeout [ 84.789748][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.842068][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.849431][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.905609][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.913122][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.926738][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.988733][ T5827] veth0_vlan: entered promiscuous mode [ 85.039399][ T5827] veth1_vlan: entered promiscuous mode [ 85.086469][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.199672][ T5823] veth0_vlan: entered promiscuous mode [ 85.245843][ T5823] veth1_vlan: entered promiscuous mode [ 85.283229][ T5827] veth0_macvtap: entered promiscuous mode [ 85.301799][ T5829] veth0_vlan: entered promiscuous mode [ 85.321506][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.330739][ T5827] veth1_macvtap: entered promiscuous mode [ 85.364252][ T5829] veth1_vlan: entered promiscuous mode [ 85.430254][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.450698][ T5823] veth0_macvtap: entered promiscuous mode [ 85.467006][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.497468][ T5823] veth1_macvtap: entered promiscuous mode [ 85.525796][ T5827] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.537422][ T5827] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.547048][ T5827] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.556376][ T5827] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.583677][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.648024][ T5829] veth0_macvtap: entered promiscuous mode [ 85.677546][ T5823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.689442][ T5823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.700780][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.710426][ T5829] veth1_macvtap: entered promiscuous mode [ 85.732449][ T5823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.744083][ T5823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.756388][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.803694][ T5823] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.813433][ T5823] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.829991][ T5823] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.839342][ T5823] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.871658][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.888758][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.899286][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.910485][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.921769][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.960105][ T5833] veth0_vlan: entered promiscuous mode [ 85.983823][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.995271][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.006008][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.017015][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.028501][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.048337][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.060207][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.081746][ T5837] veth0_vlan: entered promiscuous mode [ 86.096909][ T5829] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.106736][ T5829] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.119415][ T5829] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.128791][ T5829] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.162085][ T5833] veth1_vlan: entered promiscuous mode [ 86.188255][ T1106] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.198331][ T5837] veth1_vlan: entered promiscuous mode [ 86.214661][ T1106] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.289828][ T1106] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.312958][ T1106] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.360529][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.377378][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.385268][ T5837] veth0_macvtap: entered promiscuous mode [ 86.395890][ T5837] veth1_macvtap: entered promiscuous mode [ 86.421136][ T5827] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 86.458239][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.468271][ T55] Bluetooth: hci0: command tx timeout [ 86.477199][ T5833] veth0_macvtap: entered promiscuous mode [ 86.485496][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.493248][ T5833] veth1_macvtap: entered promiscuous mode [ 86.510035][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.520798][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.531516][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.542801][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.554773][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.565683][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.579766][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.623693][ T5826] Bluetooth: hci1: command tx timeout [ 86.646505][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.681292][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.691990][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.714855][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.724831][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.736765][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.749225][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.776205][ T1106] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.784045][ T5826] Bluetooth: hci3: command tx timeout [ 86.784498][ T5826] Bluetooth: hci2: command tx timeout [ 86.807078][ T5837] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.839461][ T5837] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.852199][ T1106] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.855213][ T5837] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.869729][ T5826] Bluetooth: hci4: command tx timeout [ 86.877216][ T5837] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.914004][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.930774][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.946131][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.956717][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.969289][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.981044][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.999433][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.011371][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.026544][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.084071][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.099417][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.122329][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.169983][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.189090][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.219143][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.246880][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.273651][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.285090][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.359692][ T5833] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.373537][ T5833] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.420746][ T5833] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.443444][ T5833] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.508479][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.568434][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.669256][ T5918] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 87.855835][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.936863][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.076020][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.125887][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.153486][ T1326] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.172151][ T1326] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.545777][ T5826] Bluetooth: hci0: command tx timeout [ 88.658456][ T5933] netlink: 'syz.0.11': attribute type 4 has an invalid length. [ 88.703162][ T5826] Bluetooth: hci1: command tx timeout [ 88.764870][ T5935] netlink: 'syz.0.11': attribute type 4 has an invalid length. [ 88.864180][ T5826] Bluetooth: hci2: command tx timeout [ 88.870389][ T55] Bluetooth: hci3: command tx timeout [ 88.943085][ T5826] Bluetooth: hci4: command tx timeout [ 89.712391][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 89.832244][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 89.832676][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 90.112665][ T978] usb 1-1: new low-speed USB device number 2 using dummy_hcd [ 90.153542][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 90.265521][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 90.300702][ T978] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 is Bulk; changing to Interrupt [ 90.319548][ T978] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B is Bulk; changing to Interrupt [ 90.535152][ T978] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 90.630472][ T978] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 90.695958][ T978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.702577][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 90.760594][ T978] usbtmc 1-1:16.0: bulk endpoints not found [ 90.976406][ T5967] netlink: 'syz.0.21': attribute type 1 has an invalid length. [ 91.001553][ T5967] ipip0: entered promiscuous mode [ 91.014717][ T5967] ipip0: entered allmulticast mode [ 91.144588][ T978] usb 1-1: USB disconnect, device number 2 [ 91.313083][ T5991] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 91.990516][ T5988] Process accounting resumed [ 92.372918][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.383292][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 92.452343][ T3629] cfg80211: failed to load regulatory.db [ 92.542687][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 92.664523][ T6021] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 94.063619][ T26] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 94.314155][ T26] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 94.790692][ T26] usb 1-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00 [ 94.804297][ T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.934957][ T26] usb 1-1: config 0 descriptor?? [ 95.685265][ T26] logitech 0003:046D:C293.0001: collection stack underflow [ 95.704327][ T26] logitech 0003:046D:C293.0001: item 0 1 0 12 parsing failed [ 95.717103][ T26] logitech 0003:046D:C293.0001: parse failed [ 95.726657][ T26] logitech 0003:046D:C293.0001: probe with driver logitech failed with error -22 [ 95.890589][ T5879] usb 1-1: USB disconnect, device number 3 [ 97.742555][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.666183][ T6093] netlink: 8 bytes leftover after parsing attributes in process `syz.4.61'. [ 100.694712][ T6093] netlink: 4 bytes leftover after parsing attributes in process `syz.4.61'. [ 100.711879][ T6093] netlink: 32 bytes leftover after parsing attributes in process `syz.4.61'. [ 100.757055][ T5826] block nbd0: Receive control failed (result -107) [ 100.776523][ T6096] warning: `syz.0.62' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 101.294318][ T6108] netlink: 'syz.0.66': attribute type 10 has an invalid length. [ 101.529982][ T6112] xt_CT: No such helper "syz1" [ 101.702625][ T6108] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 102.042519][ T6108] syz.0.66 (6108) used greatest stack depth: 18520 bytes left [ 102.178537][ T6123] syz.0.69 uses obsolete (PF_INET,SOCK_PACKET) [ 102.661906][ T6134] __vm_enough_memory: pid: 6134, comm: syz.1.73, bytes: 21200028389376 not enough memory for the allocation [ 103.187331][ T30] audit: type=1326 audit(1742833158.564:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6142 comm="syz.0.76" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91d618d169 code=0x7ffc0000 [ 103.244770][ T30] audit: type=1326 audit(1742833158.564:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6142 comm="syz.0.76" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91d618d169 code=0x7ffc0000 [ 103.277446][ T30] audit: type=1326 audit(1742833158.594:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6142 comm="syz.0.76" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f91d618d169 code=0x7ffc0000 [ 103.332185][ T30] audit: type=1326 audit(1742833158.594:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6142 comm="syz.0.76" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91d618d169 code=0x7ffc0000 [ 103.406932][ T30] audit: type=1326 audit(1742833158.594:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6142 comm="syz.0.76" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91d618d169 code=0x7ffc0000 [ 103.524703][ T30] audit: type=1326 audit(1742833158.594:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6142 comm="syz.0.76" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f91d618d169 code=0x7ffc0000 [ 103.601917][ T30] audit: type=1326 audit(1742833158.594:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6142 comm="syz.0.76" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91d618d169 code=0x7ffc0000 [ 103.672282][ T30] audit: type=1326 audit(1742833158.594:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6142 comm="syz.0.76" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f91d618d169 code=0x7ffc0000 [ 103.745701][ T30] audit: type=1326 audit(1742833158.594:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6142 comm="syz.0.76" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91d618d169 code=0x7ffc0000 [ 103.818373][ T30] audit: type=1326 audit(1742833158.594:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6142 comm="syz.0.76" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f91d618d169 code=0x7ffc0000 [ 104.270110][ T6165] mac80211_hwsim hwsim6 syzkaller0: entered promiscuous mode [ 104.282459][ T6165] mac80211_hwsim hwsim6 syzkaller0: entered allmulticast mode [ 104.472331][ T3629] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 104.626598][ T3629] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 104.638418][ T3629] usb 5-1: config 0 has no interfaces? [ 104.647463][ T3629] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 104.692142][ T3629] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 104.701047][ T3629] usb 5-1: SerialNumber: syz [ 104.713962][ T3629] usb 5-1: config 0 descriptor?? [ 104.908261][ T6177] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 104.948122][ T3629] usb 5-1: USB disconnect, device number 2 [ 105.246167][ T6189] netlink: 'syz.3.93': attribute type 4 has an invalid length. [ 105.277090][ T6189] netlink: 'syz.3.93': attribute type 4 has an invalid length. [ 105.515826][ T26] kernel write not supported for file bpf-prog (pid: 26 comm: kworker/1:0) [ 105.587443][ T6200] netlink: 'syz.0.98': attribute type 3 has an invalid length. [ 105.595618][ T6200] netlink: 8 bytes leftover after parsing attributes in process `syz.0.98'. [ 105.674138][ T6200] bond0: (slave wlan1): Releasing backup interface [ 105.820081][ T6204] netlink: 8 bytes leftover after parsing attributes in process `syz.3.99'. [ 105.851604][ T6204] netlink: 8 bytes leftover after parsing attributes in process `syz.3.99'. [ 106.169160][ T6210] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 106.177092][ T6210] IPv6: NLM_F_CREATE should be set when creating new route [ 106.214809][ T6210] lo: entered allmulticast mode [ 106.252826][ T6210] tunl0: entered allmulticast mode [ 106.277401][ T6210] gre0: entered allmulticast mode [ 106.311332][ T6210] gretap0: entered allmulticast mode [ 106.331289][ T6210] erspan0: entered allmulticast mode [ 106.358910][ T6210] ip_vti0: entered allmulticast mode [ 106.386510][ T6210] ip6_vti0: entered allmulticast mode [ 106.441793][ T6210] sit0: entered allmulticast mode [ 106.478531][ T6210] ip6tnl0: entered allmulticast mode [ 106.496567][ T6210] ip6gre0: entered allmulticast mode [ 106.561133][ T6210] syz_tun: entered allmulticast mode [ 106.628172][ T6210] ip6gretap0: entered allmulticast mode [ 106.710439][ T6210] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.719481][ T6210] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.193357][ T6210] bridge0: entered allmulticast mode [ 107.214118][ T6210] vcan0: entered allmulticast mode [ 107.286308][ T6210] bond0: entered allmulticast mode [ 107.312167][ T6210] bond_slave_0: entered allmulticast mode [ 107.318547][ T6210] bond_slave_1: entered allmulticast mode [ 107.408571][ T6210] team0: entered allmulticast mode [ 107.414948][ T6210] team_slave_0: entered allmulticast mode [ 107.421082][ T6210] team_slave_1: entered allmulticast mode [ 107.456405][ T6210] dummy0: entered allmulticast mode [ 107.495215][ T6210] nlmon0: entered allmulticast mode [ 107.510025][ T6210] caif0: entered allmulticast mode [ 107.527122][ T6210] batadv0: entered allmulticast mode [ 107.548678][ T6210] vxcan0: entered allmulticast mode [ 107.560272][ T6210] vxcan1: entered allmulticast mode [ 107.574606][ T6210] veth0: entered allmulticast mode [ 107.595892][ T6210] veth1: entered allmulticast mode [ 107.633357][ T6210] wg0: entered allmulticast mode [ 107.646631][ T6210] wg1: entered allmulticast mode [ 107.681316][ T6210] wg2: entered allmulticast mode [ 107.706959][ T6210] veth0_to_bridge: entered allmulticast mode [ 107.759976][ T6210] veth1_to_bridge: entered allmulticast mode [ 107.791281][ T6210] veth0_to_bond: entered allmulticast mode [ 107.823014][ T6210] veth1_to_bond: entered allmulticast mode [ 107.864310][ T6210] veth0_to_team: entered allmulticast mode [ 107.906699][ T6210] veth1_to_team: entered allmulticast mode [ 107.938324][ T6210] veth0_to_batadv: entered allmulticast mode [ 107.968454][ T6210] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 107.989918][ T6210] batadv_slave_0: entered allmulticast mode [ 107.999782][ T6210] veth1_to_batadv: entered allmulticast mode [ 108.008613][ T6210] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 108.017121][ T6210] batadv_slave_1: entered allmulticast mode [ 108.027619][ T6210] xfrm0: entered allmulticast mode [ 108.036229][ T6210] veth0_to_hsr: entered allmulticast mode [ 108.053840][ T6210] hsr_slave_0: entered allmulticast mode [ 108.061957][ T6210] veth1_to_hsr: entered allmulticast mode [ 108.077246][ T6210] hsr_slave_1: entered allmulticast mode [ 108.096761][ T6210] hsr0: entered allmulticast mode [ 108.108271][ T6210] veth1_virt_wifi: entered allmulticast mode [ 108.117837][ T6210] veth0_virt_wifi: entered allmulticast mode [ 108.127126][ T6210] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 108.135586][ T6210] veth1_vlan: entered allmulticast mode [ 108.144559][ T6210] veth0_vlan: entered allmulticast mode [ 108.171401][ T6210] vlan0: entered allmulticast mode [ 108.181834][ T6210] vlan1: entered allmulticast mode [ 108.182500][ T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 108.201309][ T6210] macvlan0: entered allmulticast mode [ 108.257160][ T6210] macvlan1: entered allmulticast mode [ 108.292275][ T6210] ipvlan0: entered allmulticast mode [ 108.300611][ T6210] ipvlan1: entered allmulticast mode [ 108.331317][ T6210] veth1_macvtap: entered allmulticast mode [ 108.358727][ T6210] veth0_macvtap: entered allmulticast mode [ 108.391401][ T6210] macvtap0: entered allmulticast mode [ 108.394603][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 108.414434][ T6210] macsec0: entered allmulticast mode [ 108.436747][ T6210] geneve0: entered allmulticast mode [ 108.445905][ T6210] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.459326][ T6210] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.469653][ T6210] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.481083][ T10] usb 4-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35 [ 108.486504][ T6210] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.510837][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.541285][ T6210] geneve1: entered allmulticast mode [ 108.553381][ T10] usb 4-1: Product: syz [ 108.578490][ T10] usb 4-1: Manufacturer: syz [ 108.586148][ T6210] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 108.609465][ T10] usb 4-1: SerialNumber: syz [ 108.616286][ T6210] netdevsim netdevsim4 netdevsim1: entered allmulticast mode [ 108.641812][ T10] usb 4-1: config 0 descriptor?? [ 108.655279][ T6210] netdevsim netdevsim4 netdevsim2: entered allmulticast mode [ 108.703461][ T6210] netdevsim netdevsim4 netdevsim3: entered allmulticast mode [ 108.704291][ T10] as10x_usb: device has been detected [ 108.772618][ T6210] mac80211_hwsim hwsim10 wlan0: entered allmulticast mode [ 108.774451][ T10] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led)) [ 108.850067][ T10] usb 4-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))... [ 108.859678][ T6210] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode [ 108.994339][ T10] as10x_usb: error during firmware upload part1 [ 109.075218][ T10] Registered device Sky IT Digital Key (green led) [ 109.186585][ T978] usb 4-1: USB disconnect, device number 2 [ 109.340547][ T978] Unregistered device Sky IT Digital Key (green led) [ 109.368325][ T978] as10x_usb: device has been disconnected [ 109.431425][ T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 109.454280][ T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 109.466611][ T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 109.481377][ T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 109.490645][ T55] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 109.500840][ T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 109.800959][ T2993] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.827421][ T6236] netlink: 28 bytes leftover after parsing attributes in process `syz.4.111'. [ 109.841938][ T6236] netlink: 28 bytes leftover after parsing attributes in process `syz.4.111'. [ 109.976492][ T6236] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 110.015349][ T6236] syz_tun: entered promiscuous mode [ 110.090551][ T6236] hsr1: Slave A (netdevsim0) is not up; please bring it up to get a fully working HSR network [ 110.115322][ T6240] kvm: pic: non byte write [ 110.134345][ T6236] hsr1: Slave B (syz_tun) is not up; please bring it up to get a fully working HSR network [ 110.183937][ T6241] batman_adv: batadv0: Adding interface: dummy0 [ 110.210748][ T6241] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 110.243318][ T6241] batman_adv: batadv0: Interface activated: dummy0 [ 110.289053][ T6242] batadv0: mtu less than device minimum [ 110.334572][ T6242] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 110.348060][ T6242] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 110.360841][ T6242] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 110.373637][ T6242] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 110.386822][ T6242] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 110.399724][ T6242] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 110.412533][ T6242] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 110.425459][ T6242] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 110.437427][ T6242] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 110.629751][ T2993] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.378206][ T2993] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.598104][ T55] Bluetooth: hci2: command tx timeout [ 111.830781][ T6259] process 'syz.0.117' launched './file2' with NULL argv: empty string added [ 111.883898][ T2993] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.020657][ T6233] chnl_net:caif_netlink_parms(): no params data found [ 113.234933][ T6278] netlink: 24 bytes leftover after parsing attributes in process `syz.4.125'. [ 113.238070][ T2993] bridge_slave_1: left allmulticast mode [ 113.267679][ T2993] bridge_slave_1: left promiscuous mode [ 113.284366][ T2993] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.401171][ T2993] bridge_slave_0: left allmulticast mode [ 113.438392][ T2993] bridge_slave_0: left promiscuous mode [ 113.466729][ T2993] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.672238][ T55] Bluetooth: hci2: command tx timeout [ 115.127995][ T6314] netlink: 24 bytes leftover after parsing attributes in process `syz.1.130'. [ 115.375518][ T2993] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 115.407825][ T2993] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 115.419997][ T2993] bond0 (unregistering): Released all slaves [ 115.462464][ T6283] sch_tbf: burst 88 is lower than device veth3 mtu (1514) ! [ 115.672138][ T3629] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 115.743343][ T55] Bluetooth: hci2: command tx timeout [ 115.842936][ T3629] usb 4-1: Using ep0 maxpacket: 32 [ 115.864441][ T3629] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 115.894728][ T3629] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.920074][ T3629] usb 4-1: Product: syz [ 115.971836][ T3629] usb 4-1: Manufacturer: syz [ 115.999666][ T3629] usb 4-1: SerialNumber: syz [ 116.060033][ T3629] usb 4-1: config 0 descriptor?? [ 116.108658][ T3629] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 116.144407][ T6233] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.178055][ T6233] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.204884][ T6233] bridge_slave_0: entered allmulticast mode [ 116.251619][ T6233] bridge_slave_0: entered promiscuous mode [ 117.041507][ T6322] netlink: 12 bytes leftover after parsing attributes in process `syz.3.132'. [ 117.088199][ T6336] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.097257][ T6336] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.112753][ T6336] bridge0: entered allmulticast mode [ 117.131977][ T6339] bridge_slave_1: left allmulticast mode [ 117.139781][ T6339] bridge_slave_1: left promiscuous mode [ 117.148765][ T6339] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.189571][ T6339] bridge_slave_0: left allmulticast mode [ 117.206744][ T6339] bridge_slave_0: left promiscuous mode [ 117.214439][ T6339] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.365082][ T6233] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.382824][ T6233] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.390277][ T6233] bridge_slave_1: entered allmulticast mode [ 117.407530][ T6233] bridge_slave_1: entered promiscuous mode [ 117.567404][ T2993] hsr_slave_0: left promiscuous mode [ 117.576690][ T2993] hsr_slave_1: left promiscuous mode [ 117.583398][ T2993] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 117.602406][ T2993] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 117.750895][ T2993] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 117.839776][ T55] Bluetooth: hci2: command tx timeout [ 117.839943][ T2993] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 117.922663][ T3629] gspca_stk1135: reg_w 0xf err -71 [ 117.930356][ T3629] gspca_stk1135: serial bus timeout: status=0x00 [ 117.964840][ T3629] gspca_stk1135: Sensor write failed [ 117.971361][ T3629] gspca_stk1135: serial bus timeout: status=0x00 [ 117.982670][ C0] net_ratelimit: 10 callbacks suppressed [ 117.982686][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 118.068561][ T3629] gspca_stk1135: Sensor write failed [ 118.082671][ T3629] gspca_stk1135: serial bus timeout: status=0x00 [ 118.096526][ T3629] gspca_stk1135: Sensor read failed [ 118.111817][ T2993] veth1_macvtap: left promiscuous mode [ 118.125475][ T2993] veth0_macvtap: left promiscuous mode [ 118.131339][ T3629] gspca_stk1135: serial bus timeout: status=0x00 [ 118.150244][ T2993] veth1_vlan: left promiscuous mode [ 118.462653][ T3629] gspca_stk1135: Sensor read failed [ 118.473381][ T2993] veth0_vlan: left promiscuous mode [ 118.479008][ T3629] gspca_stk1135: Detected sensor type unknown (0x0) [ 118.517674][ T3629] gspca_stk1135: serial bus timeout: status=0x00 [ 118.551602][ T3629] gspca_stk1135: Sensor read failed [ 118.633247][ T3629] gspca_stk1135: serial bus timeout: status=0x00 [ 118.699615][ T3629] gspca_stk1135: Sensor read failed [ 118.774268][ T3629] gspca_stk1135: serial bus timeout: status=0x00 [ 118.875919][ T3629] gspca_stk1135: Sensor write failed [ 118.882586][ T3629] gspca_stk1135: serial bus timeout: status=0x00 [ 119.051517][ T3629] gspca_stk1135: Sensor write failed [ 119.073472][ T3629] stk1135 4-1:0.0: probe with driver stk1135 failed with error -71 [ 119.213702][ T3629] usb 4-1: USB disconnect, device number 3 [ 119.367959][ T6354] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 120.833128][ T2993] team0 (unregistering): Port device team_slave_1 removed [ 120.914810][ T2993] team0 (unregistering): Port device team_slave_0 removed [ 120.938281][ T3629] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 121.020323][ T3629] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 122.786970][ T1106] ================================================================== [ 122.795218][ T1106] BUG: KASAN: slab-out-of-bounds in iov_iter_revert+0x1c1/0x590 [ 122.803026][ T1106] Read of size 4 at addr ffff888027d68778 by task kworker/u8:5/1106 [ 122.811306][ T1106] [ 122.813668][ T1106] CPU: 0 UID: 0 PID: 1106 Comm: kworker/u8:5 Not tainted 6.14.0-syzkaller #0 [ 122.813690][ T1106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 122.813704][ T1106] Workqueue: events_unbound netfs_write_collection_worker [ 122.813748][ T1106] Call Trace: [ 122.813769][ T1106] [ 122.813778][ T1106] dump_stack_lvl+0x241/0x360 [ 122.813801][ T1106] ? __pfx_dump_stack_lvl+0x10/0x10 [ 122.813821][ T1106] ? __pfx__printk+0x10/0x10 [ 122.813851][ T1106] ? _printk+0xd5/0x120 [ 122.813881][ T1106] ? __virt_addr_valid+0x183/0x530 [ 122.813913][ T1106] ? __virt_addr_valid+0x183/0x530 [ 122.813944][ T1106] print_report+0x16e/0x5b0 [ 122.813974][ T1106] ? __virt_addr_valid+0x183/0x530 [ 122.814002][ T1106] ? __virt_addr_valid+0x183/0x530 [ 122.814031][ T1106] ? __virt_addr_valid+0x45f/0x530 [ 122.814061][ T1106] ? __phys_addr+0xba/0x170 [ 122.814090][ T1106] ? iov_iter_revert+0x1c1/0x590 [ 122.814115][ T1106] kasan_report+0x143/0x180 [ 122.814146][ T1106] ? iov_iter_revert+0x1c1/0x590 [ 122.814173][ T1106] iov_iter_revert+0x1c1/0x590 [ 122.814200][ T1106] netfs_retry_writes+0x17db/0x19b0 [ 122.814233][ T1106] ? __pfx_validate_chain+0x10/0x10 [ 122.814253][ T1106] ? mark_lock+0x9a/0x360 [ 122.814286][ T1106] ? __lock_acquire+0x1397/0x2100 [ 122.814318][ T1106] ? __pfx_netfs_retry_writes+0x10/0x10 [ 122.814352][ T1106] ? register_lock_class+0x102/0x980 [ 122.814382][ T1106] ? __pfx_register_lock_class+0x10/0x10 [ 122.814415][ T1106] netfs_write_collection_worker+0x2f90/0x3bc0 [ 122.814474][ T1106] ? process_scheduled_works+0x9c6/0x18e0 [ 122.814500][ T1106] process_scheduled_works+0xabe/0x18e0 [ 122.814537][ T1106] ? __pfx_process_scheduled_works+0x10/0x10 [ 122.814566][ T1106] ? assign_work+0x364/0x3d0 [ 122.814591][ T1106] worker_thread+0x870/0xd30 [ 122.814624][ T1106] ? __kthread_parkme+0x169/0x1d0 [ 122.814652][ T1106] ? __pfx_worker_thread+0x10/0x10 [ 122.814677][ T1106] kthread+0x7a9/0x920 [ 122.814705][ T1106] ? __pfx_kthread+0x10/0x10 [ 122.814735][ T1106] ? __pfx_worker_thread+0x10/0x10 [ 122.814769][ T1106] ? __pfx_kthread+0x10/0x10 [ 122.814798][ T1106] ? __pfx_kthread+0x10/0x10 [ 122.814828][ T1106] ? __pfx_kthread+0x10/0x10 [ 122.814856][ T1106] ? _raw_spin_unlock_irq+0x23/0x50 [ 122.814883][ T1106] ? lockdep_hardirqs_on+0x99/0x150 [ 122.814913][ T1106] ? __pfx_kthread+0x10/0x10 [ 122.814942][ T1106] ret_from_fork+0x4b/0x80 [ 122.814968][ T1106] ? __pfx_kthread+0x10/0x10 [ 122.814997][ T1106] ret_from_fork_asm+0x1a/0x30 [ 122.815026][ T1106] [ 122.815034][ T1106] [ 123.062773][ T1106] Allocated by task 5869: [ 123.067112][ T1106] kasan_save_track+0x3f/0x80 [ 123.071810][ T1106] __kasan_kmalloc+0x98/0xb0 [ 123.076527][ T1106] __kmalloc_cache_noprof+0x243/0x390 [ 123.081968][ T1106] __set_page_owner+0x2ad/0x530 [ 123.086854][ T1106] post_alloc_hook+0x1f4/0x240 [ 123.091744][ T1106] get_page_from_freelist+0x3651/0x37a0 [ 123.097317][ T1106] __alloc_frozen_pages_noprof+0x292/0x710 [ 123.103240][ T1106] alloc_pages_mpol+0x311/0x660 [ 123.108108][ T1106] allocate_slab+0x8f/0x3a0 [ 123.112622][ T1106] ___slab_alloc+0xc27/0x14a0 [ 123.117591][ T1106] __slab_alloc+0x58/0xa0 [ 123.121948][ T1106] __kmalloc_node_track_caller_noprof+0x2e9/0x4c0 [ 123.128382][ T1106] kmalloc_reserve+0x111/0x2a0 [ 123.133156][ T1106] __alloc_skb+0x1f3/0x440 [ 123.137586][ T1106] skb_copy+0x19d/0x9c0 [ 123.141769][ T1106] mac80211_hwsim_tx_frame_no_nl+0xedd/0x15c0 [ 123.147874][ T1106] mac80211_hwsim_tx+0x1837/0x23c0 [ 123.153000][ T1106] ieee80211_handle_wake_tx_queue+0x1ae/0x2d0 [ 123.159083][ T1106] ieee80211_queue_skb+0x1ae9/0x24b0 [ 123.164371][ T1106] ieee80211_tx+0x2c4/0x470 [ 123.168876][ T1106] __ieee80211_subif_start_xmit+0xe65/0x15a0 [ 123.174860][ T1106] ieee80211_subif_start_xmit+0xde/0x4d0 [ 123.180518][ T1106] dev_hard_start_xmit+0x27a/0x7d0 [ 123.185637][ T1106] __dev_queue_xmit+0x1b73/0x3f50 [ 123.190668][ T1106] ip6_finish_output2+0x12bc/0x17c0 [ 123.195876][ T1106] ip6_finish_output+0x41e/0x840 [ 123.200814][ T1106] NF_HOOK+0x9e/0x430 [ 123.204801][ T1106] mld_sendpack+0x843/0xdb0 [ 123.209308][ T1106] mld_ifc_work+0x7d9/0xd90 [ 123.213851][ T1106] process_scheduled_works+0xabe/0x18e0 [ 123.219437][ T1106] worker_thread+0x870/0xd30 [ 123.224040][ T1106] kthread+0x7a9/0x920 [ 123.228119][ T1106] ret_from_fork+0x4b/0x80 [ 123.232574][ T1106] ret_from_fork_asm+0x1a/0x30 [ 123.237402][ T1106] [ 123.239757][ T1106] The buggy address belongs to the object at ffff888027d68760 [ 123.239757][ T1106] which belongs to the cache kmalloc-16 of size 16 [ 123.253657][ T1106] The buggy address is located 8 bytes to the right of [ 123.253657][ T1106] allocated 16-byte region [ffff888027d68760, ffff888027d68770) [ 123.268073][ T1106] [ 123.270403][ T1106] The buggy address belongs to the physical page: [ 123.276831][ T1106] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27d68 [ 123.285600][ T1106] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 123.293144][ T1106] page_type: f5(slab) [ 123.297129][ T1106] raw: 00fff00000000000 ffff88801b041640 0000000000000000 dead000000000001 [ 123.305715][ T1106] raw: 0000000000000000 0000000000800080 00000000f5000000 0000000000000000 [ 123.314296][ T1106] page dumped because: kasan: bad access detected [ 123.320717][ T1106] page_owner tracks the page as allocated [ 123.326780][ T1106] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 36, tgid 36 (kworker/u8:2), ts 11602775178, free_ts 11435765758 [ 123.346079][ T1106] post_alloc_hook+0x1f4/0x240 [ 123.350864][ T1106] get_page_from_freelist+0x3651/0x37a0 [ 123.356593][ T1106] __alloc_frozen_pages_noprof+0x292/0x710 [ 123.362408][ T1106] allocate_slab+0x66/0x3a0 [ 123.366919][ T1106] ___slab_alloc+0xc27/0x14a0 [ 123.371595][ T1106] __slab_alloc+0x58/0xa0 [ 123.375927][ T1106] __kmalloc_node_noprof+0x2ee/0x4d0 [ 123.381214][ T1106] blk_mq_alloc_and_init_hctx+0x47b/0xd50 [ 123.386940][ T1106] blk_mq_realloc_hw_ctxs+0x19c/0xb00 [ 123.392416][ T1106] blk_mq_init_allocated_queue+0x3f6/0x14c0 [ 123.398760][ T1106] blk_mq_alloc_queue+0x198/0x290 [ 123.403810][ T1106] scsi_alloc_sdev+0x76c/0xb80 [ 123.408579][ T1106] scsi_probe_and_add_lun+0x1d2/0x4b30 [ 123.414064][ T1106] __scsi_scan_target+0x205/0x1080 [ 123.419180][ T1106] scsi_scan_host_selected+0x37e/0x690 [ 123.424676][ T1106] do_scan_async+0x138/0x7a0 [ 123.429272][ T1106] page last free pid 26 tgid 26 stack trace: [ 123.435249][ T1106] free_frozen_pages+0xe04/0x10e0 [ 123.440284][ T1106] vfree+0x1c3/0x360 [ 123.444192][ T1106] delayed_vfree_work+0x56/0x80 [ 123.449162][ T1106] process_scheduled_works+0xabe/0x18e0 [ 123.454729][ T1106] worker_thread+0x870/0xd30 [ 123.459351][ T1106] kthread+0x7a9/0x920 [ 123.463441][ T1106] ret_from_fork+0x4b/0x80 [ 123.467869][ T1106] ret_from_fork_asm+0x1a/0x30 [ 123.472640][ T1106] [ 123.474961][ T1106] Memory state around the buggy address: [ 123.480675][ T1106] ffff888027d68600: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 123.488747][ T1106] ffff888027d68680: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 123.496811][ T1106] >ffff888027d68700: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 123.504958][ T1106] ^ [ 123.512931][ T1106] ffff888027d68780: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 123.520992][ T1106] ffff888027d68800: 00 00 fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc [ 123.529089][ T1106] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 123.797066][ T1106] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 123.804331][ T1106] CPU: 1 UID: 0 PID: 1106 Comm: kworker/u8:5 Not tainted 6.14.0-syzkaller #0 [ 123.813117][ T1106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 123.823268][ T1106] Workqueue: events_unbound netfs_write_collection_worker [ 123.830407][ T1106] Call Trace: [ 123.833725][ T1106] [ 123.836664][ T1106] dump_stack_lvl+0x241/0x360 [ 123.841364][ T1106] ? __pfx_dump_stack_lvl+0x10/0x10 [ 123.846599][ T1106] ? __pfx__printk+0x10/0x10 [ 123.851218][ T1106] ? preempt_schedule+0xe1/0xf0 [ 123.856264][ T1106] ? vscnprintf+0x5d/0x90 [ 123.860651][ T1106] panic+0x349/0x880 [ 123.864572][ T1106] ? check_panic_on_warn+0x21/0xb0 [ 123.869704][ T1106] ? __pfx_panic+0x10/0x10 [ 123.874138][ T1106] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 123.880129][ T1106] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 123.886472][ T1106] ? print_report+0x519/0x5b0 [ 123.891164][ T1106] check_panic_on_warn+0x86/0xb0 [ 123.896116][ T1106] ? iov_iter_revert+0x1c1/0x590 [ 123.901061][ T1106] end_report+0x77/0x160 [ 123.905490][ T1106] kasan_report+0x154/0x180 [ 123.910117][ T1106] ? iov_iter_revert+0x1c1/0x590 [ 123.915099][ T1106] iov_iter_revert+0x1c1/0x590 [ 123.919895][ T1106] netfs_retry_writes+0x17db/0x19b0 [ 123.925118][ T1106] ? __pfx_validate_chain+0x10/0x10 [ 123.930408][ T1106] ? mark_lock+0x9a/0x360 [ 123.934778][ T1106] ? __lock_acquire+0x1397/0x2100 [ 123.939843][ T1106] ? __pfx_netfs_retry_writes+0x10/0x10 [ 123.945506][ T1106] ? register_lock_class+0x102/0x980 [ 123.950816][ T1106] ? __pfx_register_lock_class+0x10/0x10 [ 123.956597][ T1106] netfs_write_collection_worker+0x2f90/0x3bc0 [ 123.962999][ T1106] ? process_scheduled_works+0x9c6/0x18e0 [ 123.968736][ T1106] process_scheduled_works+0xabe/0x18e0 [ 123.974395][ T1106] ? __pfx_process_scheduled_works+0x10/0x10 [ 123.980385][ T1106] ? assign_work+0x364/0x3d0 [ 123.984987][ T1106] worker_thread+0x870/0xd30 [ 123.989717][ T1106] ? __kthread_parkme+0x169/0x1d0 [ 123.994780][ T1106] ? __pfx_worker_thread+0x10/0x10 [ 123.999937][ T1106] kthread+0x7a9/0x920 [ 124.004024][ T1106] ? __pfx_kthread+0x10/0x10 [ 124.008630][ T1106] ? __pfx_worker_thread+0x10/0x10 [ 124.013764][ T1106] ? __pfx_kthread+0x10/0x10 [ 124.018458][ T1106] ? __pfx_kthread+0x10/0x10 [ 124.023186][ T1106] ? __pfx_kthread+0x10/0x10 [ 124.027790][ T1106] ? _raw_spin_unlock_irq+0x23/0x50 [ 124.033016][ T1106] ? lockdep_hardirqs_on+0x99/0x150 [ 124.038357][ T1106] ? __pfx_kthread+0x10/0x10 [ 124.042981][ T1106] ret_from_fork+0x4b/0x80 [ 124.047421][ T1106] ? __pfx_kthread+0x10/0x10 [ 124.052039][ T1106] ret_from_fork_asm+0x1a/0x30 [ 124.056845][ T1106] [ 124.060341][ T1106] Kernel Offset: disabled [ 124.064944][ T1106] Rebooting in 86400 seconds..