last executing test programs: 17.890675355s ago: executing program 3 (id=257): socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000500), 0x42, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_io_uring_setup(0x117, &(0x7f0000000400)={0x0, 0x0, 0x10, 0x0, 0x3a2}, &(0x7f00000001c0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r1, 0x0, 0x0, 0x0, 0x40000, 0x1}) io_uring_enter(r2, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0) 14.961325295s ago: executing program 2 (id=269): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000005, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cc, 0x0, 0xa1b, 0x8, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13.764098404s ago: executing program 4 (id=273): socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) getpid() sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(0x0, 0x0, 0x0) r3 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_udp_int(r3, 0x11, 0x67, &(0x7f0000000040)=0x805, 0x4) connect$inet6(r3, &(0x7f0000002140)={0xa, 0x4e25, 0x1, @mcast2, 0x7}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) socket$alg(0x26, 0x5, 0x0) 12.162344501s ago: executing program 4 (id=275): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8088}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = getpid() r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r4, 0x29, 0x31, &(0x7f0000000000)=0x3a9, 0x4) sendto$inet6(r4, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @loopback, 0x2}, 0x1c) getsockopt$inet6_buf(r4, 0x29, 0x6, 0x0, &(0x7f0000000100)) syz_pidfd_open(r3, 0x0) ioctl$IOCTL_START_ACCEL_DEV(0xffffffffffffffff, 0x40096102, &(0x7f00000000c0)) syz_pidfd_open(0x0, 0x0) umount2(&(0x7f0000000040)='.\x00', 0x2) syz_usb_connect(0x3, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xd0, 0x90, 0xc6, 0x20, 0x856, 0xbc02, 0x8676, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x2, 0x24, 0x40, 0x2, [{{0x9, 0x4, 0xc5, 0x0, 0x1, 0x8d, 0x82, 0x5e, 0x0, [], [{{0x9, 0x5, 0x82, 0x3, 0x40, 0x6, 0xc, 0x3}}]}}]}}]}}, 0x0) 11.848430024s ago: executing program 2 (id=277): bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000440)=ANY=[@ANYBLOB="1c00000004000000410000000000000001000000", @ANYRES32=0x1, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0240008c58"], 0x50) 10.575811543s ago: executing program 3 (id=280): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000440)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$key(0xf, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0105500, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) socket$key(0xf, 0x3, 0x2) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r2, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x4}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffffffffffffc, 0x0, 0x6}, {0x0, 0x0, 0x400000000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x0, 0x32}, 0x0, @in=@private=0xa010101, 0x0, 0x0, 0x0, 0xb7, 0x2, 0xfffffffe}}, 0xe8) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x1c) 10.399246079s ago: executing program 2 (id=281): ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000180)={{0x2, 0x4e23, @remote}, {0x20000010304, @local}, 0x4, {0x2, 0x4e20, @rand_addr=0x64010102}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20a00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$KVM_SET_SREGS2(r2, 0x4140aecd, &(0x7f00000000c0)={{0x25000, 0xdddd1000, 0xc, 0xd, 0xb, 0x9, 0x3, 0x4, 0x82, 0x9, 0x5, 0x80}, {0x30000, 0x1, 0xf, 0x0, 0x3, 0x7f, 0x2, 0x3, 0x5, 0x4, 0xb, 0x5}, {0x58000, 0x26000, 0x2, 0x5, 0x0, 0x5, 0x7, 0xfb, 0x0, 0x7, 0x7, 0x60}, {0x49d7d3028b2c7ea0, 0x4, 0xb, 0x58, 0x6, 0x4, 0x3, 0x2, 0x0, 0xdb, 0x0, 0xf4}, {0x19000, 0x4, 0x0, 0x7f, 0x80, 0x5, 0x1, 0x5, 0x4, 0x8, 0xa6, 0x8}, {0x0, 0x1000, 0xf, 0x1, 0x39, 0x9, 0x2, 0x7, 0xf, 0x8, 0xf, 0xc7}, {0xdddd1000, 0xfec00000, 0xc, 0xaf, 0x1, 0x8, 0xc6, 0xf9, 0x3, 0x5, 0x9, 0x2}, {0x9000, 0x10000, 0x10, 0x4, 0x89, 0x3, 0x1, 0x41, 0x2, 0x3, 0x4, 0x2}, {0x4, 0x5}, {0x8000000, 0x9}, 0x20, 0x0, 0xd000, 0xedbe8efe7c7e90de, 0xf, 0x0, 0x78000, 0x1, [0x8, 0xffffffffffff7fff, 0xe, 0x10]}) 9.107676258s ago: executing program 0 (id=283): openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="10000000040000000800000002"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r0, &(0x7f0000001380), &(0x7f0000000000)=""/10, 0x2}, 0x20) 8.662454843s ago: executing program 4 (id=285): sendmsg$tipc(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0}, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100}) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4) ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffc000/0x4000)=nil, 0x4000}) 8.481218312s ago: executing program 0 (id=286): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000380), r0) sendmsg$NFC_CMD_LLC_SET_PARAMS(r1, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x40088) 8.400434298s ago: executing program 4 (id=288): socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001100)={&(0x7f00000005c0)=ANY=[@ANYBLOB="58010000100001000000000000000000d3f373a90a010102000000ac1414bb0000000000000000000000000000000000000a002000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000004d532000000ac141436000000000000000000000000000000000000000000010000000000000000000000000000fdffffffffffffff000000000000000000000000000000000000000000000000e300000000000000fdffffffffffffff04000000000000000000000800000000000000000100000000000000000000000200000000000000000000000a000000cd0000000000"], 0x158}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_io_uring_setup(0x837, &(0x7f0000000180)={0x0, 0x679a, 0x8, 0x4, 0x3cc}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r4, &(0x7f00000001c0)={0x14, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r4, 0x0, &(0x7f0000000080)={0x7b, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r4, 0x0, 0x0) syz_usb_control_io(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io(r4, 0x0, &(0x7f0000000900)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x68}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r4, 0x0, &(0x7f00000006c0)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x20, 0x0, 0x4, {0x7}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r4, 0x0, &(0x7f0000000e80)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000000)={0xc}) r5 = socket$inet_sctp(0x2, 0x5, 0x84) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, r5, 0x80, &(0x7f00000000c0)=@in6={0xa, 0x4e21, 0x200052, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x8}}) io_uring_enter(r1, 0x3514, 0x9141, 0x69, 0x0, 0x0) r6 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r6, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @mcast1}, 0x1c) sendmmsg$inet6(r6, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000000) unshare(0x22020600) r7 = socket$qrtr(0x2a, 0x2, 0x0) io_uring_enter(r1, 0x670f, 0xcb92, 0x28, &(0x7f0000000200)={[0x43e]}, 0x8) bind$qrtr(r7, 0x0, 0x0) 8.127814177s ago: executing program 0 (id=290): socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000500), 0x42, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_io_uring_setup(0x117, &(0x7f0000000400)={0x0, 0x0, 0x10, 0x0, 0x3a2}, &(0x7f00000001c0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r1, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x0, 0x40000, 0x1}) io_uring_enter(r2, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0) 8.105778645s ago: executing program 2 (id=292): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x4, 0xb6, 0x65, 0x20, 0x413, 0x6023, 0x31ae, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x40, [{{0x9, 0x4, 0xa1, 0x7, 0x0, 0xb8, 0x3b, 0xfc}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x129a02, 0x5) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000300)={0x1c, &(0x7f0000001480)=ANY=[@ANYBLOB="200104"], 0x0, 0x0}) 5.411977402s ago: executing program 3 (id=301): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000005c0), 0x10) recvmmsg(r0, &(0x7f00000099c0)=[{{0x0, 0x0, 0x0}, 0x4251}, {{0x0, 0x0, &(0x7f0000007040)=[{&(0x7f0000006040)=""/4086, 0x1000}], 0x1}, 0x8000}], 0x3fffffffffffdfc, 0x10002, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x2710], 0x48}}, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000180)=0x2, 0x4) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x989680}}, 0x0) 4.73064633s ago: executing program 2 (id=304): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000ac0), r1) sendmsg$NLBL_CALIPSO_C_ADD(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000fedbdf2501000000080035f6fdf8000008000100"], 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x20008040) 4.418827286s ago: executing program 2 (id=306): r0 = syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffd, 0x160862) pwritev(r0, &(0x7f0000000500)=[{&(0x7f0000000380)="9e", 0x1}], 0x1, 0x5, 0xfffffff9) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='omfs\x00', 0x208000, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) remap_file_pages(&(0x7f0000299000/0x2000)=nil, 0x2000, 0x0, 0x5, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES32=r3], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r7) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r8, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000740)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0xfffffffe, 0xa7, 0x0, 0x0, 0x0, 0x2}}}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newtfilter={0x6c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x3c, 0x2, [@TCA_BASIC_EMATCHES={0x38, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x2c, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{0x3}}}, @TCF_EM_META={0x18, 0x2, 0x0, 0x0, {{}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x0, 0xe, 0x2}, {0x9, 0x8}}}]}}]}]}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x400c040}, 0x0) socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x24}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) 4.361563718s ago: executing program 4 (id=307): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffff004) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r2 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}}) write$tun(r0, &(0x7f0000000080)={@void, @void, @eth={@multicast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @val={@val, {0x8100, 0x0, 0x0, 0x20}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x17c1, 0x10, 0x0, @gue={{0x2, 0x1, 0x3, 0x4, 0x100, @val=0x80}}}}}}}}, 0x3a) 4.123413964s ago: executing program 3 (id=309): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x60442, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x808000}, 0x8) fsconfig$FSCONFIG_SET_BINARY(r4, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r4, 0x0, 0x2) r7 = openat$cgroup_subtree(r6, &(0x7f0000000100), 0x2, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_RESET_LINK_STATS(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x30, r9, 0x1, 0x0, 0x25dfdbfc, {{}, {}, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}}, 0x0) write$cgroup_subtree(r7, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5) write$cgroup_subtree(r7, &(0x7f00000001c0)={[{0x2b, 'cpu'}]}, 0x5) r10 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', 0x0, 0x800, &(0x7f00000007c0)={'trans=fd,', {'rfdno', 0x3d, r10}, 0x2c, {'wfdno', 0x3d, r0}}) 2.416382861s ago: executing program 3 (id=312): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@delchain={0x24, 0x65, 0x400, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x509d884560ba1ba6, 0x3}, {}, {0x8, 0x10}}}, 0x24}}, 0x10) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000100)=ANY=[@ANYBLOB="60b80000", @ANYBLOB="050427bd7000fedbdf250100000008000100", @ANYRES32, @ANYBLOB="4400028040000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500030005"], 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x4040084) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x1, 0x80000000, 0x4, {0x0, 0x0, 0x0, 0x0, {0x8, 0x3}, {0xa, 0xffe0}, {0xfff1, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_LIMIT={0x8, 0x1, 0xf4b6}]}}]}, 0x3c}}, 0x20004055) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x80782, 0x0) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000000)) r2 = ioctl$TIOCGPTPEER(r1, 0x5441, 0xfffd) readv(r1, &(0x7f0000001940)=[{&(0x7f0000000100)=""/121, 0x79}], 0x1) r3 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_CROPCAP(r3, 0xc02c563a, &(0x7f0000000040)={0x8, {0x6, 0x10001, 0x1, 0x2}, {0x7, 0xcf, 0x9, 0x101}, {0xcc, 0x80000000}}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x4, 0xc0000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x3}, {0xa, 0xe}, {0x0, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xe7e7}, @TCA_FQ_PIE_TARGET={0x8, 0x3, 0x4}]}}]}, 0x44}}, 0x20004015) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$TIOCSETD(r2, 0x5423, 0x0) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.381059892s ago: executing program 0 (id=313): openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22, 0xfffffffe, @empty, 0x5e}, 0x1c) bind$inet6(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$rds(0x15, 0x5, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, &(0x7f00000000c0)={'nat\x00', 0x2, [{}, {}]}, 0x48) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(0xffffffffffffffff, 0x0, 0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$inet_smc(0x2b, 0x1, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0x10000, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x2, r2, 0x0, 0x0, 0x0, 0x80800}) listen(r2, 0x5) io_uring_enter(0xffffffffffffffff, 0x3517, 0xc2de, 0x9, 0x0, 0x0) 2.087876232s ago: executing program 1 (id=314): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) 1.196689978s ago: executing program 1 (id=315): socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = socket$inet(0x2, 0x1, 0x100) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shutdown(r0, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r4 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r4, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x5000, @empty}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000180)="08001efbb07d586e", 0x2a}, {0x0, 0xd6}], 0x2, 0x0, 0x0, 0x60000000}, 0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, 0x0) fsopen(&(0x7f0000000280)='ceph\x00', 0x0) gettid() sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000041}, 0x55fdb4595c3d8036) ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(0xffffffffffffffff, 0xf504, 0x0) 1.163643878s ago: executing program 0 (id=316): bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000440)=ANY=[@ANYBLOB="1c00000004000000410000000000000001000000", @ANYRES32=0x1, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0240008c58"], 0x50) 955.441005ms ago: executing program 1 (id=317): socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001100)={&(0x7f00000005c0)=ANY=[@ANYBLOB="58010000100001000000000000000000d3f373a90a010102000000ac1414bb0000000000000000000000000000000000000a002000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000004d532000000ac141436000000000000000000000000000000000000000000010000000000000000000000000000fdffffffffffffff000000000000000000000000000000000000000000000000e300000000000000fdffffffffffffff04000000000000000000000800000000000000000100000000000000000000000200000000000000000000000a000000cd0000000000"], 0x158}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_io_uring_setup(0x837, &(0x7f0000000180)={0x0, 0x679a, 0x8, 0x4, 0x3cc}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r4, &(0x7f00000001c0)={0x14, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r4, 0x0, &(0x7f0000000080)={0x7b, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r4, 0x0, 0x0) syz_usb_control_io(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io(r4, 0x0, &(0x7f0000000900)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x68}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r4, 0x0, &(0x7f00000006c0)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x20, 0x0, 0x4, {0x7}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r4, 0x0, &(0x7f0000000e80)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000000)={0xc}) r5 = socket$inet_sctp(0x2, 0x5, 0x84) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, r5, 0x80, &(0x7f00000000c0)=@in6={0xa, 0x4e21, 0x200052, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x8}}) io_uring_enter(r1, 0x3514, 0x9141, 0x69, 0x0, 0x0) r6 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r6, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @mcast1}, 0x1c) sendmmsg$inet6(r6, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000000) unshare(0x22020600) r7 = socket$qrtr(0x2a, 0x2, 0x0) io_uring_enter(r1, 0x670f, 0xcb92, 0x28, &(0x7f0000000200)={[0x43e]}, 0x8) bind$qrtr(r7, 0x0, 0x0) 926.623241ms ago: executing program 0 (id=318): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) socket$kcm(0x10, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], 0x0, 0x2, 0x0, 0x0, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) openat$comedi(0xffffffffffffff9c, &(0x7f0000000380)='/dev/comedi3\x00', 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xa43d, 0x80, 0x2, 0x3b9}, &(0x7f0000000000), 0x0) move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0) 787.243847ms ago: executing program 1 (id=319): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000005c0), 0x10) recvmmsg(r0, &(0x7f00000099c0)=[{{0x0, 0x0, 0x0}, 0x4251}, {{0x0, 0x0, &(0x7f0000007040)=[{&(0x7f0000006040)=""/4086, 0x1000}], 0x1}, 0x8000}], 0x3fffffffffffdfc, 0x10002, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000180)=0x2, 0x4) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x989680}}, 0x0) 357.041393ms ago: executing program 1 (id=320): socketpair$unix(0x1, 0x3, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000008, 0x810, 0xffffffffffffffff, 0x0) r1 = socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x8, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) madvise(&(0x7f000083b000/0x1000)=nil, 0x1000, 0x0) setsockopt$MRT6_INIT(0xffffffffffffffff, 0x29, 0xc8, 0x0, 0x0) setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000040)={0x0, 0x1, 0x0, 0x0, 0x2}, 0xc) r4 = openat$vnet(0xffffffffffffff9c, &(0x7f00000038c0), 0x2, 0x0) socket(0x29, 0x80000, 0x6) ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0) eventfd(0x80000001) ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, 0x0) ioctl$VHOST_RESET_OWNER(r4, 0xaf02, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000340)={'wlan0\x00', &(0x7f0000000300)=@ethtool_sset_info={0x37, 0xff, 0xfffffffffffffffa}}) syz_usb_connect(0x3, 0x49, 0x0, 0x0) 194.50735ms ago: executing program 3 (id=321): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shutdown(0xffffffffffffffff, 0x1) r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) r5 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) tkill(r5, 0xb) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r6, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3}) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000041}, 0x55fdb4595c3d8036) fsopen(&(0x7f0000000180)='omfs\x00', 0x1) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2031}, [@IFLA_XDP={0x14, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x2}]}, @IFLA_GROUP={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20048054}, 0x0) 130.539592ms ago: executing program 4 (id=322): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) fsopen(&(0x7f0000000180)='hugetlbfs\x00', 0x0) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) setsockopt$rose(r0, 0x104, 0x7, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = add_key(&(0x7f0000000000)='rxrpc\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$read(0xb, r4, 0x0, 0x0) r5 = syz_open_dev$sndctrl(&(0x7f0000000600), 0x0, 0x8801) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f0000001340)={{0x0, 0x0, 0x0, 0x8, 'syz0\x00'}, 0x3, 0x0, 0x8, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/seq/clients\x00', 0x0, 0x0) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZE(r6, 0x5609, 0x0) r7 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000240), 0x35c, 0x0) preadv(r7, 0x0, 0x0, 0x0, 0x1) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0) 0s ago: executing program 1 (id=323): socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000500), 0x42, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_io_uring_setup(0x117, &(0x7f0000000400)={0x0, 0x0, 0x10, 0x0, 0x3a2}, &(0x7f00000001c0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r1, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x0, 0x40000, 0x1}) io_uring_enter(r2, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.72' (ED25519) to the list of known hosts. [ 92.109814][ T992] cfg80211: failed to load regulatory.db [ 93.188937][ T5783] cgroup: Unknown subsys name 'net' [ 93.430925][ T5783] cgroup: Unknown subsys name 'cpuset' [ 93.485532][ T5783] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 95.421510][ T5783] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 97.809690][ T5796] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 97.812491][ T5796] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 97.814228][ T5796] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 97.821168][ T5796] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 97.822942][ T5796] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 97.907159][ T5799] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 97.935049][ T5799] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 97.940667][ T5799] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 97.945573][ T5799] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 97.965607][ T5799] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 98.033548][ T61] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 98.043281][ T61] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 98.045224][ T61] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 98.068784][ T5806] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 98.071809][ T5806] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 98.073515][ T5806] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 98.090628][ T5796] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 98.100343][ T5796] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 98.105527][ T5796] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 98.121264][ T5796] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 98.133204][ T5116] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 98.134129][ T5116] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 98.153310][ T5806] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 98.157400][ T5806] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 98.165761][ T5806] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 99.046904][ T5798] chnl_net:caif_netlink_parms(): no params data found [ 99.089379][ T5795] chnl_net:caif_netlink_parms(): no params data found [ 99.236902][ T5800] chnl_net:caif_netlink_parms(): no params data found [ 99.282919][ T5804] chnl_net:caif_netlink_parms(): no params data found [ 99.306523][ T5803] chnl_net:caif_netlink_parms(): no params data found [ 99.544417][ T5798] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.546834][ T5798] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.548490][ T5798] bridge_slave_0: entered allmulticast mode [ 99.557376][ T5798] bridge_slave_0: entered promiscuous mode [ 99.598737][ T5795] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.598955][ T5795] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.599294][ T5795] bridge_slave_0: entered allmulticast mode [ 99.601129][ T5795] bridge_slave_0: entered promiscuous mode [ 99.606650][ T5798] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.606926][ T5798] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.607412][ T5798] bridge_slave_1: entered allmulticast mode [ 99.620758][ T5798] bridge_slave_1: entered promiscuous mode [ 99.693760][ T5795] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.693892][ T5795] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.694254][ T5795] bridge_slave_1: entered allmulticast mode [ 99.702692][ T5795] bridge_slave_1: entered promiscuous mode [ 99.801627][ T5800] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.801839][ T5800] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.802025][ T5800] bridge_slave_0: entered allmulticast mode [ 99.804145][ T5800] bridge_slave_0: entered promiscuous mode [ 99.850855][ T5798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.873558][ T5804] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.873668][ T5804] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.873793][ T5804] bridge_slave_0: entered allmulticast mode [ 99.879936][ T5804] bridge_slave_0: entered promiscuous mode [ 99.894637][ T5800] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.894885][ T5800] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.895408][ T5800] bridge_slave_1: entered allmulticast mode [ 99.902400][ T5800] bridge_slave_1: entered promiscuous mode [ 99.920280][ T5803] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.920724][ T5803] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.921173][ T5803] bridge_slave_0: entered allmulticast mode [ 99.931324][ T5803] bridge_slave_0: entered promiscuous mode [ 99.940937][ T5116] Bluetooth: hci0: command tx timeout [ 99.958705][ T5798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.014781][ T5116] Bluetooth: hci1: command tx timeout [ 100.040422][ T5795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.040706][ T5804] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.040827][ T5804] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.041005][ T5804] bridge_slave_1: entered allmulticast mode [ 100.043488][ T5804] bridge_slave_1: entered promiscuous mode [ 100.093278][ T5803] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.093399][ T5803] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.093525][ T5803] bridge_slave_1: entered allmulticast mode [ 100.115288][ T5803] bridge_slave_1: entered promiscuous mode [ 100.137011][ T5795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.176074][ T5116] Bluetooth: hci2: command tx timeout [ 100.237311][ T5800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.254778][ T5116] Bluetooth: hci3: command tx timeout [ 100.254791][ T5796] Bluetooth: hci4: command tx timeout [ 100.262075][ T5798] team0: Port device team_slave_0 added [ 100.294923][ T5804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.298703][ T5800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.301925][ T5803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.304249][ T5798] team0: Port device team_slave_1 added [ 100.313672][ T5795] team0: Port device team_slave_0 added [ 100.323369][ T5804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.380753][ T5803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.382842][ T5795] team0: Port device team_slave_1 added [ 100.493340][ T5800] team0: Port device team_slave_0 added [ 100.535471][ T5804] team0: Port device team_slave_0 added [ 100.536820][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.536832][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.536852][ T5798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.542603][ T5800] team0: Port device team_slave_1 added [ 100.557090][ T5803] team0: Port device team_slave_0 added [ 100.563037][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.563087][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.563161][ T5795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.583332][ T5804] team0: Port device team_slave_1 added [ 100.591876][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.591921][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.591994][ T5798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.659552][ T5803] team0: Port device team_slave_1 added [ 100.662575][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.662616][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.662690][ T5795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.828977][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.828991][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.829011][ T5800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.892093][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.892112][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.892140][ T5804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.940541][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.940559][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.940580][ T5800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.941809][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.941825][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.941854][ T5803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.950476][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.950526][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.950594][ T5804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.075822][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.075835][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 101.075854][ T5803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.652355][ T5798] hsr_slave_0: entered promiscuous mode [ 101.653588][ T5798] hsr_slave_1: entered promiscuous mode [ 101.674053][ T5795] hsr_slave_0: entered promiscuous mode [ 101.676725][ T5795] hsr_slave_1: entered promiscuous mode [ 101.679978][ T5795] debugfs: 'hsr0' already exists in 'hsr' [ 101.680327][ T5795] Cannot create hsr debugfs directory [ 101.784074][ T5800] hsr_slave_0: entered promiscuous mode [ 101.790849][ T5800] hsr_slave_1: entered promiscuous mode [ 101.791544][ T5800] debugfs: 'hsr0' already exists in 'hsr' [ 101.791561][ T5800] Cannot create hsr debugfs directory [ 101.847670][ T5804] hsr_slave_0: entered promiscuous mode [ 101.848671][ T5804] hsr_slave_1: entered promiscuous mode [ 101.849415][ T5804] debugfs: 'hsr0' already exists in 'hsr' [ 101.849439][ T5804] Cannot create hsr debugfs directory [ 101.867034][ T5803] hsr_slave_0: entered promiscuous mode [ 101.870487][ T5803] hsr_slave_1: entered promiscuous mode [ 101.876544][ T5803] debugfs: 'hsr0' already exists in 'hsr' [ 101.876615][ T5803] Cannot create hsr debugfs directory [ 102.014771][ T5116] Bluetooth: hci0: command tx timeout [ 102.095158][ T5116] Bluetooth: hci1: command tx timeout [ 102.254840][ T5116] Bluetooth: hci2: command tx timeout [ 102.334808][ T5116] Bluetooth: hci4: command tx timeout [ 102.334823][ T5796] Bluetooth: hci3: command tx timeout [ 102.828690][ T5798] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 102.863294][ T5798] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 102.902231][ T5798] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 102.956463][ T5798] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 103.062952][ T5795] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 103.091528][ T5795] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 103.138000][ T5795] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 103.186574][ T5795] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 103.323356][ T5800] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 103.363381][ T5800] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 103.397779][ T5800] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 103.446328][ T5800] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 103.603273][ T5803] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 103.637939][ T5803] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 103.689448][ T5803] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 103.725687][ T5803] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 103.852273][ T5804] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 103.887581][ T5804] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 103.927900][ T5798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.930586][ T5804] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 103.980890][ T5804] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 104.081058][ T5798] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.095671][ T5796] Bluetooth: hci0: command tx timeout [ 104.120897][ T5795] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.141016][ T2258] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.141826][ T2258] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.174732][ T5796] Bluetooth: hci1: command tx timeout [ 104.209066][ T3547] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.209184][ T3547] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.267143][ T5795] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.313736][ T3590] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.313880][ T3590] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.334859][ T5796] Bluetooth: hci2: command tx timeout [ 104.356749][ T5800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.379503][ T3560] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.379613][ T3560] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.415935][ T5796] Bluetooth: hci3: command tx timeout [ 104.415970][ T5796] Bluetooth: hci4: command tx timeout [ 104.481740][ T5800] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.491951][ T5803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.533161][ T3547] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.533351][ T3547] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.584226][ T2258] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.587982][ T2258] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.631673][ T5803] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.662669][ T5804] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.720606][ T3522] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.720813][ T3522] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.803773][ T3522] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.804180][ T3522] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.856182][ T5804] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.909911][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.910088][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.980686][ T3590] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.980812][ T3590] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.110785][ T5798] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.293045][ T5795] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.463972][ T5798] veth0_vlan: entered promiscuous mode [ 105.548410][ T5798] veth1_vlan: entered promiscuous mode [ 105.597915][ T5800] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.647017][ T5795] veth0_vlan: entered promiscuous mode [ 105.697227][ T5795] veth1_vlan: entered promiscuous mode [ 105.717810][ T5803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.770855][ T5798] veth0_macvtap: entered promiscuous mode [ 105.801915][ T5798] veth1_macvtap: entered promiscuous mode [ 105.870533][ T5804] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.897185][ T5800] veth0_vlan: entered promiscuous mode [ 105.917378][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.918135][ T5795] veth0_macvtap: entered promiscuous mode [ 105.981825][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.993629][ T5795] veth1_macvtap: entered promiscuous mode [ 106.009687][ T5800] veth1_vlan: entered promiscuous mode [ 106.046048][ T3522] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.063126][ T3522] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.063759][ T5803] veth0_vlan: entered promiscuous mode [ 106.087329][ T3522] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.106752][ T3522] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.133917][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.175924][ T5116] Bluetooth: hci0: command tx timeout [ 106.176280][ T5803] veth1_vlan: entered promiscuous mode [ 106.207871][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.255646][ T5116] Bluetooth: hci1: command tx timeout [ 106.331791][ T3560] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.355963][ T56] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.376422][ T56] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.411250][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.415339][ T5116] Bluetooth: hci2: command tx timeout [ 106.455537][ T5800] veth0_macvtap: entered promiscuous mode [ 106.494920][ T5116] Bluetooth: hci4: command tx timeout [ 106.494954][ T5116] Bluetooth: hci3: command tx timeout [ 106.551356][ T5800] veth1_macvtap: entered promiscuous mode [ 106.605724][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.605751][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.706889][ T5803] veth0_macvtap: entered promiscuous mode [ 106.757188][ T5803] veth1_macvtap: entered promiscuous mode [ 106.763149][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.787987][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.788017][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.850827][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.894138][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.894160][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.953799][ T3522] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.972286][ T3522] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.973652][ T5804] veth0_vlan: entered promiscuous mode [ 106.997836][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.002120][ T3522] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.048073][ T3522] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.071260][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.116251][ T5804] veth1_vlan: entered promiscuous mode [ 107.117450][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.117470][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.227026][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.250786][ T3522] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.277134][ T3522] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.507970][ T3522] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.596381][ T3560] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.596401][ T3560] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.612895][ T5804] veth0_macvtap: entered promiscuous mode [ 108.740884][ T5804] veth1_macvtap: entered promiscuous mode [ 109.017498][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.017520][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.132890][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.166641][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.201337][ T3590] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.201359][ T3590] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.274192][ T1165] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.291796][ T1165] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.306370][ T1165] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.307188][ T1165] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.647450][ T1165] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.647473][ T1165] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.205092][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 110.227396][ T5938] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4'. [ 110.867918][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.867941][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.973674][ T5945] process 'syz.3.12' launched './file0' with NULL argv: empty string added [ 111.042388][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.042409][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.444620][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.314619][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.314724][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 115.062912][ T5979] kAFS: unparsable volume name [ 115.514613][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 115.564640][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 115.574644][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 115.584610][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 115.594616][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 115.604605][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 116.845742][ T5991] netlink: 12 bytes leftover after parsing attributes in process `syz.3.25'. [ 119.297768][ T5796] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 119.297999][ T5796] Bluetooth: hci0: Injecting HCI hardware error event [ 119.299349][ T5796] Bluetooth: hci0: hardware error 0x00 [ 120.558390][ T6013] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 120.589316][ T5993] kthread_run failed with err -4 [ 120.756618][ T6013] netlink: 4 bytes leftover after parsing attributes in process `syz.0.28'. [ 120.756792][ T6013] openvswitch: netlink: Flow actions attr not present in new flow. [ 120.934405][ T6019] netlink: 8 bytes leftover after parsing attributes in process `syz.3.31'. [ 122.574800][ T5796] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 131.492929][ T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 131.973875][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 131.973963][ T10] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 131.973988][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.029446][ T10] usb 2-1: config 0 descriptor?? [ 132.378585][ T6090] IPv6: NLM_F_CREATE should be specified when creating new route [ 133.870632][ T6095] netlink: 3 bytes leftover after parsing attributes in process `syz.3.48'. [ 134.317846][ T6095] batadv1: entered allmulticast mode [ 134.416525][ T3522] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 134.642162][ T10] usb 2-1: can't set config #0, error -71 [ 134.872114][ T10] usb 2-1: USB disconnect, device number 2 [ 137.529755][ T6133] netlink: 4 bytes leftover after parsing attributes in process `syz.2.59'. [ 138.244360][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.244427][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 142.952607][ T6178] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 143.125004][ T6178] GUP no longer grows the stack in syz.4.75 (6178): 200000001000-200000c01000 (200000000000) [ 143.125060][ T6178] CPU: 1 UID: 0 PID: 6178 Comm: syz.4.75 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 143.125086][ T6178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 143.125107][ T6178] Call Trace: [ 143.125120][ T6178] [ 143.125130][ T6178] dump_stack_lvl+0xe8/0x150 [ 143.125178][ T6178] __get_user_pages+0x22b6/0x2800 [ 143.125231][ T6178] ? __pfx_down_read_killable+0x10/0x10 [ 143.125273][ T6178] get_user_pages_unlocked+0x1e2/0x710 [ 143.125317][ T6178] hva_to_pfn+0x34d/0xe00 [ 143.125361][ T6178] ? __pfx_hva_to_pfn+0x10/0x10 [ 143.125402][ T6178] ? xas_start+0x3da/0x780 [ 143.125428][ T6178] ? xa_load+0x60/0x210 [ 143.125464][ T6178] ? kvm_follow_pfn+0x21a/0x3c0 [ 143.125512][ T6178] __kvm_faultin_pfn+0xaa/0x100 [ 143.125552][ T6178] kvm_mmu_faultin_pfn+0x735/0x1590 [ 143.125602][ T6178] ? __pfx_kvm_mmu_faultin_pfn+0x10/0x10 [ 143.125641][ T6178] kvm_tdp_page_fault+0x273/0x370 [ 143.125674][ T6178] kvm_mmu_do_page_fault+0x33d/0x690 [ 143.125710][ T6178] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 143.125746][ T6178] ? __lock_acquire+0x6b5/0x2cf0 [ 143.125774][ T6178] ? vmx_vcpu_run+0xfe9/0x29f0 [ 143.125817][ T6178] ? __vmx_complete_interrupts+0xe7/0x670 [ 143.125848][ T6178] kvm_mmu_page_fault+0x22d/0xb90 [ 143.125880][ T6178] ? handle_ept_violation+0x450/0x740 [ 143.125915][ T6178] ? __pfx_handle_ept_violation+0x10/0x10 [ 143.125948][ T6178] vmx_handle_exit+0xf22/0x1670 [ 143.125975][ T6178] ? vcpu_run+0x4adc/0x7920 [ 143.125999][ T6178] ? rcu_is_watching+0x15/0xb0 [ 143.126038][ T6178] vcpu_run+0x5d4e/0x7920 [ 143.126061][ T6178] ? check_path+0x21/0x40 [ 143.126106][ T6178] ? vcpu_run+0x4adc/0x7920 [ 143.126185][ T6178] ? __pfx_vcpu_run+0x10/0x10 [ 143.126208][ T6178] ? kvm_arch_vcpu_ioctl_run+0x2e8/0x20d0 [ 143.126233][ T6178] ? kvm_arch_vcpu_ioctl_run+0x2e8/0x20d0 [ 143.126272][ T6178] kvm_arch_vcpu_ioctl_run+0x11e6/0x20d0 [ 143.126312][ T6178] ? kvm_arch_vcpu_ioctl_run+0x2e8/0x20d0 [ 143.126335][ T6178] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 143.126364][ T6178] ? do_raw_spin_lock+0x12b/0x2f0 [ 143.126399][ T6178] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 143.126426][ T6178] ? lockdep_hardirqs_on+0x7a/0x110 [ 143.126451][ T6178] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 143.126477][ T6178] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 143.126517][ T6178] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 143.126553][ T6178] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 143.126577][ T6178] ? lockdep_hardirqs_on+0x7a/0x110 [ 143.126611][ T6178] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 143.126637][ T6178] ? rt_write_unlock+0x190/0x230 [ 143.126662][ T6178] kvm_vcpu_ioctl+0xa65/0xfe0 [ 143.126702][ T6178] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 143.126732][ T6178] ? do_futex+0x333/0x420 [ 143.126752][ T6178] ? __fget_files+0x2a/0x420 [ 143.126776][ T6178] ? __asan_memset+0x22/0x50 [ 143.126801][ T6178] ? smack_file_ioctl+0x331/0x360 [ 143.126827][ T6178] ? __pfx_smack_file_ioctl+0x10/0x10 [ 143.126862][ T6178] ? __fget_files+0x2a/0x420 [ 143.126884][ T6178] ? __fget_files+0x3a6/0x420 [ 143.126905][ T6178] ? __fget_files+0x2a/0x420 [ 143.126931][ T6178] ? bpf_lsm_file_ioctl+0x9/0x20 [ 143.126953][ T6178] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 143.126987][ T6178] __se_sys_ioctl+0xff/0x170 [ 143.127018][ T6178] do_syscall_64+0xe2/0xf80 [ 143.127044][ T6178] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.127066][ T6178] ? trace_irq_disable+0x37/0x100 [ 143.127094][ T6178] ? clear_bhb_loop+0x60/0xb0 [ 143.127121][ T6178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.127144][ T6178] RIP: 0033:0x7ff6777abf79 [ 143.127172][ T6178] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 143.127190][ T6178] RSP: 002b:00007ff675a06028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 143.127222][ T6178] RAX: ffffffffffffffda RBX: 00007ff677a25fa0 RCX: 00007ff6777abf79 [ 143.127239][ T6178] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 143.127252][ T6178] RBP: 00007ff6778427e0 R08: 0000000000000000 R09: 0000000000000000 [ 143.127266][ T6178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 143.127279][ T6178] R13: 00007ff677a26038 R14: 00007ff677a25fa0 R15: 00007ffcd4d4ac58 [ 143.127315][ T6178] [ 144.222044][ T6197] kvm: pic: non byte read [ 144.222419][ T6197] kvm: pic: single mode not supported [ 144.222474][ T6197] kvm: pic: non byte read [ 144.222747][ T6197] kvm: pic: non byte read [ 144.223008][ T6197] kvm: pic: non byte read [ 144.230157][ T6197] kvm: pic: non byte read [ 144.232435][ T6197] kvm: pic: non byte read [ 144.233120][ T6197] kvm: pic: non byte read [ 144.258085][ T6197] kvm: pic: non byte read [ 144.259212][ T6197] kvm: pic: non byte read [ 145.750865][ T6223] netlink: 8 bytes leftover after parsing attributes in process `syz.4.88'. [ 146.684381][ T6230] Zero length message leads to an empty skb [ 147.089155][ T6239] kvm: pic: non byte read [ 147.089471][ T6239] kvm: pic: single mode not supported [ 148.984769][ T5902] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 149.206006][ T5902] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 149.220639][ T5902] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 149.220661][ T5902] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.220676][ T5902] usb 5-1: Product: syz [ 149.220686][ T5902] usb 5-1: Manufacturer: syz [ 149.220697][ T5902] usb 5-1: SerialNumber: syz [ 149.240440][ T5902] usb 5-1: config 0 descriptor?? [ 149.460689][ T5902] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 149.628052][ T5796] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 149.628385][ T5796] Bluetooth: hci1: Injecting HCI hardware error event [ 149.630724][ T5796] Bluetooth: hci1: hardware error 0x00 [ 149.780403][ T5867] udevd[5867]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 152.174785][ T5796] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 152.371980][ T6291] netlink: 'syz.1.113': attribute type 2 has an invalid length. [ 152.372003][ T6291] netlink: 'syz.1.113': attribute type 8 has an invalid length. [ 152.372017][ T6291] netlink: 132 bytes leftover after parsing attributes in process `syz.1.113'. [ 153.704889][ T5853] usb 5-1: USB disconnect, device number 2 [ 154.609008][ T5866] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 154.754660][ T5866] usb 3-1: Using ep0 maxpacket: 32 [ 154.775230][ T5866] usb 3-1: config 4 has an invalid interface number: 128 but max is 0 [ 154.775260][ T5866] usb 3-1: config 4 has no interface number 0 [ 154.775311][ T5866] usb 3-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 154.775340][ T5866] usb 3-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 154.775380][ T5866] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 154.775405][ T5866] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.867119][ T5866] hub 3-1:4.128: USB hub found [ 155.220693][ T5866] hub 3-1:4.128: 2 ports detected [ 155.220746][ T5866] hub 3-1:4.128: Using single TT (err -22) [ 155.227137][ T6321] netlink: 'syz.1.124': attribute type 2 has an invalid length. [ 155.227152][ T6321] netlink: 'syz.1.124': attribute type 8 has an invalid length. [ 155.227161][ T6321] netlink: 132 bytes leftover after parsing attributes in process `syz.1.124'. [ 155.753760][ T5853] hub 3-1:4.128: hub_ext_port_status failed (err = -71) [ 155.799893][ T5866] usb 3-1: Failed to suspend device, error -71 [ 155.825933][ T5866] usb 3-1: USB disconnect, device number 2 [ 164.660496][ T6383] netlink: 'syz.2.144': attribute type 2 has an invalid length. [ 164.660551][ T6383] netlink: 'syz.2.144': attribute type 8 has an invalid length. [ 164.660601][ T6383] netlink: 132 bytes leftover after parsing attributes in process `syz.2.144'. [ 170.181018][ T6420] netlink: 'syz.3.156': attribute type 39 has an invalid length. [ 172.475387][ T6428] netlink: 12 bytes leftover after parsing attributes in process `syz.4.162'. [ 172.594615][ T3522] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 172.601142][ T2134] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 172.601195][ T2134] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 172.601232][ T2134] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 172.656399][ T6428] netlink: 12 bytes leftover after parsing attributes in process `syz.4.162'. [ 172.729421][ T6428] netlink: 4 bytes leftover after parsing attributes in process `syz.4.162'. [ 172.803962][ T6428] netlink: 4 bytes leftover after parsing attributes in process `syz.4.162'. [ 174.190774][ T6451] netlink: 1624 bytes leftover after parsing attributes in process `syz.3.169'. [ 174.917680][ T6469] loop7: detected capacity change from 0 to 7 [ 174.964891][ T6469] Dev loop7: unable to read RDB block 7 [ 174.964941][ T6469] loop7: unable to read partition table [ 174.965175][ T6469] loop7: partition table beyond EOD, truncated [ 174.965210][ T6469] loop_reread_partitions: partition scan of loop7 (þ被xü—ŸÑà– ) failed (rc=-5) [ 175.084643][ T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 175.254723][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 175.276505][ T10] usb 5-1: unable to get BOS descriptor or descriptor too short [ 175.279883][ T10] usb 5-1: config 4 interface 0 has no altsetting 0 [ 175.321580][ T10] usb 5-1: string descriptor 0 read error: -22 [ 175.337798][ T10] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 175.337884][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.339272][ T6475] netlink: 12 bytes leftover after parsing attributes in process `syz.1.177'. [ 175.382691][ T6475] netlink: 12 bytes leftover after parsing attributes in process `syz.1.177'. [ 175.723527][ T10] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 176.653442][ T1171] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 176.653782][ T1171] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 176.653825][ T1171] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 176.653861][ T1171] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 176.662261][ T6457] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 176.764171][ T10] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 176.791411][ T10] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 176.791501][ T10] usb 5-1: media controller created [ 176.814326][ T6475] netlink: 4 bytes leftover after parsing attributes in process `syz.1.177'. [ 176.939348][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 176.981162][ T6475] netlink: 4 bytes leftover after parsing attributes in process `syz.1.177'. [ 177.105265][ T992] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 177.230317][ T10] zl10353_read_register: readreg error (reg=127, ret==0) [ 177.244853][ T992] usb 4-1: device descriptor read/64, error -71 [ 177.504842][ T992] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 177.558644][ T10] usb 5-1: USB disconnect, device number 3 [ 177.634736][ T992] usb 4-1: device descriptor read/64, error -71 [ 177.755188][ T992] usb usb4-port1: attempt power cycle [ 178.014291][ T6498] netlink: 104 bytes leftover after parsing attributes in process `syz.1.185'. [ 178.124666][ T992] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 178.154272][ T992] usb 4-1: device descriptor read/8, error -71 [ 178.374770][ T10] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 178.397697][ T992] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 178.421891][ T992] usb 4-1: device descriptor read/8, error -71 [ 178.525018][ T992] usb usb4-port1: unable to enumerate USB device [ 178.526334][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 178.550204][ T10] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 178.550229][ T10] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 178.598286][ T10] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 178.598309][ T10] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 178.598324][ T10] usb 2-1: Product: syz [ 178.598335][ T10] usb 2-1: Manufacturer: syz [ 178.720810][ T10] hub 2-1:4.0: USB hub found [ 178.979959][ T10] hub 2-1:4.0: 2 ports detected [ 181.060053][ T10] hub 2-1:4.0: hub_ext_port_status failed (err = -32) [ 181.477854][ T5853] usb 2-1: USB disconnect, device number 3 [ 181.784906][ T6524] netlink: 20 bytes leftover after parsing attributes in process `syz.2.194'. [ 181.784941][ T6524] netlink: 12 bytes leftover after parsing attributes in process `syz.2.194'. [ 181.784952][ T6524] netlink: 8 bytes leftover after parsing attributes in process `syz.2.194'. [ 181.825089][ T6521] pimreg3: entered allmulticast mode [ 182.388940][ T6541] tipc: Started in network mode [ 182.388971][ T6541] tipc: Node identity ac14140f, cluster identity 4711 [ 182.390175][ T6541] tipc: New replicast peer: 255.255.255.255 [ 182.391844][ T6541] tipc: Enabled bearer , priority 10 [ 183.397217][ T5853] tipc: Node number set to 2886997007 [ 183.522458][ T6553] netlink: 104 bytes leftover after parsing attributes in process `syz.3.202'. [ 183.911545][ T5807] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 184.071197][ T5807] usb 4-1: Using ep0 maxpacket: 32 [ 184.086710][ T5807] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 184.086745][ T5807] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 184.089571][ T5807] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 184.089593][ T5807] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 184.089608][ T5807] usb 4-1: Product: syz [ 184.089618][ T5807] usb 4-1: Manufacturer: syz [ 184.168968][ T5807] hub 4-1:4.0: USB hub found [ 184.383966][ T5807] hub 4-1:4.0: 2 ports detected [ 187.625091][ T6565] hub 4-1:4.0: hub_ext_port_status failed (err = -32) [ 187.936607][ T31] usb 4-1: USB disconnect, device number 6 [ 187.964652][ T5976] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 188.106228][ T5976] usb 5-1: device descriptor read/64, error -71 [ 188.364789][ T5976] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 188.473182][ T6585] netlink: 8 bytes leftover after parsing attributes in process `syz.3.215'. [ 188.473208][ T6585] netlink: 12 bytes leftover after parsing attributes in process `syz.3.215'. [ 188.516587][ T5976] usb 5-1: device descriptor read/64, error -71 [ 188.713095][ T6586] netlink: 8 bytes leftover after parsing attributes in process `syz.3.215'. [ 188.713118][ T6586] netlink: 4 bytes leftover after parsing attributes in process `syz.3.215'. [ 188.951502][ T5976] usb usb5-port1: attempt power cycle [ 189.189970][ T6585] netlink: 8 bytes leftover after parsing attributes in process `syz.3.215'. [ 189.190010][ T6585] netlink: 4 bytes leftover after parsing attributes in process `syz.3.215'. [ 189.275702][ T2134] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 189.405851][ T2134] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 189.414953][ T2134] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 189.415088][ T2134] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 189.471401][ T6586] netlink: 8 bytes leftover after parsing attributes in process `syz.3.215'. [ 189.471428][ T6586] netlink: 4 bytes leftover after parsing attributes in process `syz.3.215'. [ 189.629224][ T5976] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 189.668685][ T5976] usb 5-1: device descriptor read/8, error -71 [ 190.310724][ T5976] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 190.780529][ T5976] usb 5-1: device descriptor read/8, error -71 [ 190.885075][ T5976] usb usb5-port1: unable to enumerate USB device [ 196.604797][ T806] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 196.734716][ T806] usb 3-1: device descriptor read/64, error -71 [ 196.974642][ T806] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 197.112075][ T806] usb 3-1: device descriptor read/64, error -71 [ 197.217270][ T806] usb usb3-port1: attempt power cycle [ 197.904625][ T806] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 197.908778][ T6695] netlink: 104 bytes leftover after parsing attributes in process `syz.0.254'. [ 197.940212][ T806] usb 3-1: device descriptor read/8, error -71 [ 198.178705][ T806] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 198.221325][ T806] usb 3-1: device descriptor read/8, error -71 [ 198.304630][ T31] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 198.329775][ T806] usb usb3-port1: unable to enumerate USB device [ 198.456102][ T31] usb 1-1: Using ep0 maxpacket: 32 [ 198.479628][ T31] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 198.479663][ T31] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 198.517772][ T31] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 198.517795][ T31] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 198.517810][ T31] usb 1-1: Product: syz [ 198.517820][ T31] usb 1-1: Manufacturer: syz [ 198.558788][ T31] hub 1-1:4.0: USB hub found [ 198.780843][ T31] hub 1-1:4.0: 2 ports detected [ 199.620668][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.620743][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.052236][ T31] hub 1-1:4.0: activate --> -90 [ 201.296021][ T31] hub 1-1:4.0: hub_ext_port_status failed (err = -32) [ 205.300162][ T5866] usb 1-1: USB disconnect, device number 2 [ 205.594880][ T5866] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 205.754737][ T5866] usb 5-1: Using ep0 maxpacket: 32 [ 205.757599][ T5866] usb 5-1: config 2 has an invalid interface number: 197 but max is 0 [ 205.757627][ T5866] usb 5-1: config 2 has no interface number 0 [ 205.757696][ T5866] usb 5-1: New USB device found, idVendor=0856, idProduct=bc02, bcdDevice=86.76 [ 205.757722][ T5866] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.243293][ T5866] usb 5-1: string descriptor 0 read error: -71 [ 207.405971][ T5866] mos7840 5-1:2.197: missing endpoints [ 207.435189][ T5866] usb 5-1: USB disconnect, device number 8 [ 207.757856][ T6782] netlink: 104 bytes leftover after parsing attributes in process `syz.4.288'. [ 208.084659][ T31] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 208.228522][ T5807] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 208.247441][ T31] usb 5-1: Using ep0 maxpacket: 32 [ 208.251485][ T31] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 208.251518][ T31] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 208.254442][ T31] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 208.254470][ T31] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 208.256640][ T31] usb 5-1: Product: syz [ 208.256660][ T31] usb 5-1: Manufacturer: syz [ 208.355535][ T31] hub 5-1:4.0: USB hub found [ 208.454725][ T5807] usb 3-1: Using ep0 maxpacket: 32 [ 208.463034][ T5807] usb 3-1: config 0 has an invalid interface number: 161 but max is 0 [ 208.463058][ T5807] usb 3-1: config 0 has no interface number 0 [ 208.463080][ T5807] usb 3-1: config 0 interface 161 has no altsetting 0 [ 208.498048][ T5807] usb 3-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=31.ae [ 208.498133][ T5807] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.498149][ T5807] usb 3-1: Product: syz [ 208.498159][ T5807] usb 3-1: Manufacturer: syz [ 208.498170][ T5807] usb 3-1: SerialNumber: syz [ 208.541773][ T31] hub 5-1:4.0: 2 ports detected [ 208.693390][ T5807] usb 3-1: config 0 descriptor?? [ 209.756899][ T31] hub 5-1:4.0: activate --> -90 [ 211.068538][ T31] hub 5-1:4.0: hub_ext_port_status failed (err = -32) [ 211.213702][ T31] usb 3-1: USB disconnect, device number 7 [ 211.675181][ T31] usb 5-1: USB disconnect, device number 9 [ 212.185152][ T6831] syz.4.307 uses obsolete (PF_INET,SOCK_PACKET) [ 212.189487][ T6836] mmap: syz.2.306 (6836) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 213.121329][ T6836] netlink: 12 bytes leftover after parsing attributes in process `syz.2.306'. [ 213.759950][ T6849] netlink: 8 bytes leftover after parsing attributes in process `syz.3.312'. [ 213.759973][ T6849] netlink: 12 bytes leftover after parsing attributes in process `syz.3.312'. [ 214.110640][ T6855] netlink: 8 bytes leftover after parsing attributes in process `syz.3.312'. [ 214.111822][ T6855] netlink: 4 bytes leftover after parsing attributes in process `syz.3.312'. [ 215.567149][ T6849] netlink: 8 bytes leftover after parsing attributes in process `syz.3.312'. [ 215.567173][ T6849] netlink: 4 bytes leftover after parsing attributes in process `syz.3.312'. [ 215.568526][ T6855] netlink: 8 bytes leftover after parsing attributes in process `syz.3.312'. [ 215.568550][ T6855] netlink: 4 bytes leftover after parsing attributes in process `syz.3.312'. [ 218.048922][ T6885] chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19 [ 218.050468][ T6885] caif:caif_disconnect_client(): nothing to disconnect [ 218.061649][ T31] ------------[ cut here ]------------ [ 218.061663][ T31] faux_driver vkms: [drm] vblank wait timed out on crtc 0 [ 218.061683][ T31] WARNING: drivers/gpu/drm/drm_vblank.c:1318 at drm_wait_one_vblank+0x3b5/0x5d0, CPU#1: kworker/1:0/31 [ 218.061728][ T31] Modules linked in: [ 218.061755][ T31] CPU: 1 UID: 0 PID: 31 Comm: kworker/1:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 218.061780][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 218.061795][ T31] Workqueue: events drm_fb_helper_damage_work [ 218.061823][ T31] RIP: 0010:drm_wait_one_vblank+0x5a2/0x5d0 [ 218.061849][ T31] Code: 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 4f 76 db fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 8b 4c 24 04 <67> 48 0f b9 3a e9 e3 fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f [ 218.061868][ T31] RSP: 0018:ffffc90000a5f8e0 EFLAGS: 00010246 [ 218.061886][ T31] RAX: 1ffff110283e5600 RBX: ffffffff8f535760 RCX: 0000000000000000 [ 218.061902][ T31] RDX: ffffffff8b9f0aa0 RSI: ffffffff8ba0c800 RDI: ffffffff8f535760 [ 218.061918][ T31] RBP: ffffc90000a5f9c8 R08: 0000000000000000 R09: 0000000000000000 [ 218.061932][ T31] R10: dffffc0000000000 R11: fffffbfff1e9118f R12: ffffffff8ba0c800 [ 218.061947][ T31] R13: ffff888141f2b000 R14: 1ffff9200014bf20 R15: ffffffff8b9f0aa0 [ 218.061963][ T31] FS: 0000000000000000(0000) GS:ffff8881266a9000(0000) knlGS:0000000000000000 [ 218.061980][ T31] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 218.061995][ T31] CR2: 00007fcdfe2296c0 CR3: 000000003d9b0000 CR4: 00000000003526f0 [ 218.062014][ T31] Call Trace: [ 218.062023][ T31] [ 218.062038][ T31] ? __pfx_drm_wait_one_vblank+0x10/0x10 [ 218.062066][ T31] ? __pfx_autoremove_wake_function+0x10/0x10 [ 218.062095][ T31] ? rt_spin_unlock+0x160/0x200 [ 218.062132][ T31] ? drm_vblank_get+0x147/0x260 [ 218.062160][ T31] drm_client_modeset_wait_for_vblank+0xc5/0xf0 [ 218.062187][ T31] drm_fb_helper_damage_work+0x131/0x6f0 [ 218.062218][ T31] ? process_scheduled_works+0xa0f/0x17a0 [ 218.062247][ T31] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 218.062277][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 218.062304][ T31] ? process_scheduled_works+0xa0f/0x17a0 [ 218.062325][ T31] ? process_scheduled_works+0xa0f/0x17a0 [ 218.062350][ T31] process_scheduled_works+0xaec/0x17a0 [ 218.062413][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 218.062434][ T31] ? do_raw_spin_lock+0x12b/0x2f0 [ 218.062460][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 218.062495][ T31] worker_thread+0xda6/0x1360 [ 218.062547][ T31] kthread+0x388/0x470 [ 218.062577][ T31] ? __pfx_worker_thread+0x10/0x10 [ 218.062598][ T31] ? __pfx_kthread+0x10/0x10 [ 218.062630][ T31] ret_from_fork+0x51b/0xa40 [ 218.062657][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 218.062680][ T31] ? __switch_to+0xc82/0x1410 [ 218.062718][ T31] ? __pfx_kthread+0x10/0x10 [ 218.062750][ T31] ret_from_fork_asm+0x1a/0x30 [ 218.062801][ T31] [ 218.062813][ T31] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 218.062828][ T31] CPU: 1 UID: 0 PID: 31 Comm: kworker/1:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 218.062851][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 218.062864][ T31] Workqueue: events drm_fb_helper_damage_work [ 218.062890][ T31] Call Trace: [ 218.062898][ T31] [ 218.062907][ T31] vpanic+0x1e0/0x670 [ 218.062943][ T31] panic+0xc5/0xd0 [ 218.062975][ T31] ? __pfx_panic+0x10/0x10 [ 218.063016][ T31] ? ret_from_fork_asm+0x1a/0x30 [ 218.063056][ T31] __warn+0x315/0x4a0 [ 218.063084][ T31] ? drm_wait_one_vblank+0x3b5/0x5d0 [ 218.063119][ T31] ? drm_wait_one_vblank+0x3b5/0x5d0 [ 218.063146][ T31] __report_bug+0x29a/0x540 [ 218.063178][ T31] ? drm_wait_one_vblank+0x3b5/0x5d0 [ 218.063205][ T31] ? __pfx___report_bug+0x10/0x10 [ 218.063246][ T31] ? drm_wait_one_vblank+0x3b5/0x5d0 [ 218.063277][ T31] report_bug_entry+0x19a/0x290 [ 218.063303][ T31] ? drm_wait_one_vblank+0x5a2/0x5d0 [ 218.063328][ T31] ? drm_wait_one_vblank+0x5a7/0x5d0 [ 218.063354][ T31] handle_bug+0xca/0x200 [ 218.063386][ T31] exc_invalid_op+0x1a/0x50 [ 218.063422][ T31] asm_exc_invalid_op+0x1a/0x20 [ 218.063444][ T31] RIP: 0010:drm_wait_one_vblank+0x5a2/0x5d0 [ 218.063470][ T31] Code: 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 4f 76 db fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 8b 4c 24 04 <67> 48 0f b9 3a e9 e3 fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f [ 218.063487][ T31] RSP: 0018:ffffc90000a5f8e0 EFLAGS: 00010246 [ 218.063505][ T31] RAX: 1ffff110283e5600 RBX: ffffffff8f535760 RCX: 0000000000000000 [ 218.063521][ T31] RDX: ffffffff8b9f0aa0 RSI: ffffffff8ba0c800 RDI: ffffffff8f535760 [ 218.063538][ T31] RBP: ffffc90000a5f9c8 R08: 0000000000000000 R09: 0000000000000000 [ 218.063552][ T31] R10: dffffc0000000000 R11: fffffbfff1e9118f R12: ffffffff8ba0c800 [ 218.063568][ T31] R13: ffff888141f2b000 R14: 1ffff9200014bf20 R15: ffffffff8b9f0aa0 [ 218.063607][ T31] ? __pfx_drm_wait_one_vblank+0x10/0x10 [ 218.063635][ T31] ? __pfx_autoremove_wake_function+0x10/0x10 [ 218.063663][ T31] ? rt_spin_unlock+0x160/0x200 [ 218.063699][ T31] ? drm_vblank_get+0x147/0x260 [ 218.063728][ T31] drm_client_modeset_wait_for_vblank+0xc5/0xf0 [ 218.063754][ T31] drm_fb_helper_damage_work+0x131/0x6f0 [ 218.063784][ T31] ? process_scheduled_works+0xa0f/0x17a0 [ 218.063812][ T31] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 218.063841][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 218.063868][ T31] ? process_scheduled_works+0xa0f/0x17a0 [ 218.063889][ T31] ? process_scheduled_works+0xa0f/0x17a0 [ 218.063914][ T31] process_scheduled_works+0xaec/0x17a0 [ 218.063968][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 218.063990][ T31] ? do_raw_spin_lock+0x12b/0x2f0 [ 218.064015][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 218.064049][ T31] worker_thread+0xda6/0x1360 [ 218.064101][ T31] kthread+0x388/0x470 [ 218.064131][ T31] ? __pfx_worker_thread+0x10/0x10 [ 218.064152][ T31] ? __pfx_kthread+0x10/0x10 [ 218.064183][ T31] ret_from_fork+0x51b/0xa40 [ 218.064211][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 218.064235][ T31] ? __switch_to+0xc82/0x1410 [ 218.064274][ T31] ? __pfx_kthread+0x10/0x10 [ 218.064305][ T31] ret_from_fork_asm+0x1a/0x30 [ 218.064357][ T31] [ 218.065058][ T31] Kernel Offset: disabled