last executing test programs: 21.920716339s ago: executing program 2 (id=853): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffa000/0x3000)=nil) shmat(r3, &(0x7f0000001000/0x3000)=nil, 0x1000) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sysfs$2(0x2, 0x4, 0x0) sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="030300000000400000000600000008000300", @ANYRES32=r5], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) 15.432364676s ago: executing program 2 (id=871): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041) write$sndseq(r1, &(0x7f00000008c0), 0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000004002, 0x0) r3 = dup(r2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r3, 0x0) capset(&(0x7f0000000080)={0x20071026}, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$bt_hci(r4, 0x84, 0x1, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe) read$FUSE(r3, &(0x7f0000000580)={0x2020}, 0x2020) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x6, 0x0, 0x0, 0x5}, 0x94) madvise(&(0x7f0000000000/0x600000)=nil, 0x100000, 0x9) r5 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) remap_file_pages(&(0x7f0000509000/0x1000)=nil, 0x1000, 0x8, 0x3, 0x2000) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000480)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000340)={&(0x7f0000001fc0)=@newqdisc={0xcbc, 0x24, 0x20, 0x70bd2c, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xfff3}, {0x887f97af9de19276, 0x12}, {0xe, 0xfff2}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x9}, @qdisc_kind_options=@q_tbf={{0x8}, {0xc68, 0x2, [@TCA_TBF_PRATE64={0xc, 0x5, 0xe708d78077e4cfd3}, @TCA_TBF_PTAB={0x404, 0x3, [0x6b97, 0x7f, 0x3, 0x5, 0xffffff3a, 0xfff, 0x2, 0xfffff801, 0x0, 0x5, 0x7f, 0x20, 0xc0000, 0x0, 0x6, 0xcd2, 0xfff, 0x3, 0xe94b, 0x4, 0x3, 0x3bba, 0x6, 0x4, 0x8, 0x2, 0x0, 0x7, 0x1, 0xff, 0xa0c, 0x4, 0x4, 0x7fff, 0x1, 0x0, 0x4, 0x3ff, 0xb5, 0x9, 0x7, 0x9, 0x10, 0x5, 0x81, 0x4, 0x6, 0x4, 0x6, 0x8, 0x5, 0x5, 0x1, 0xa2, 0xf, 0x9, 0x400, 0x8, 0x2, 0x6, 0xad, 0x8001, 0x400, 0x7, 0x7, 0x1e, 0x800, 0xffffffff, 0x9, 0x101, 0x5, 0x5, 0x66, 0x7, 0x5, 0xffff, 0x5, 0xffffffff, 0xb, 0x7f, 0x3, 0x4, 0x8, 0x2, 0x5, 0xfff, 0x3, 0x7, 0x0, 0x7, 0x7, 0x1, 0x2, 0x2, 0x0, 0x9, 0x5, 0x100, 0x36, 0x3, 0x6, 0x0, 0x8, 0x4, 0x6, 0x5, 0x0, 0x7, 0x7, 0x48000, 0x9, 0xb, 0x6d81, 0x0, 0x0, 0x9, 0x914, 0x4, 0x8000, 0x6, 0x0, 0x2, 0x7, 0x2, 0x2, 0x644, 0x6b0, 0x8, 0x6, 0x0, 0x1, 0x3, 0xd, 0x5, 0x1, 0x3, 0x2000, 0x97, 0x3, 0xa2, 0x1, 0x0, 0x3, 0xc, 0x1, 0x7, 0x9, 0x5, 0xfffffffc, 0x10000, 0x7, 0x4000, 0x0, 0xb658, 0xfffffffc, 0xdd, 0x6edb, 0x1, 0x0, 0x6, 0x7, 0x10001, 0x80000001, 0x9, 0x90, 0x1, 0xfffffffa, 0x5, 0x7f, 0x0, 0xa3, 0x10001, 0x6, 0x7, 0x4, 0x2, 0x5, 0x120, 0x10000, 0x9, 0x40, 0x5e, 0x4, 0x8ee0, 0x8, 0xa, 0x80000000, 0x0, 0x40, 0x4, 0x4, 0x7, 0x0, 0xfafe, 0x6, 0x5, 0x0, 0x36df1a46, 0x7, 0x2, 0x7f, 0x5, 0x1, 0x5, 0x3, 0x5be8, 0x9491, 0x2, 0x5, 0x8, 0xb5, 0x7fffffff, 0x0, 0x2b, 0x0, 0x3, 0x9, 0x8, 0x0, 0x81, 0xe, 0x8, 0x4, 0x2000000, 0x4, 0x4, 0x7, 0x1, 0x8, 0xe7, 0x1, 0x80000001, 0x8, 0x7, 0x9b, 0x38ac, 0x5, 0x3, 0x80, 0x1, 0x4, 0x5, 0xffffff80, 0x2, 0x100, 0x7, 0x116d, 0x7f, 0x8, 0x1ffc0000, 0x1, 0x8, 0x9, 0x25b93dc, 0x7, 0x6]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x26, 0x1, 0x9, 0x7, 0x9, 0x7}, {0x8, 0x1, 0x4, 0x2, 0x4, 0xd3}, 0x4, 0x8, 0x1ac}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xccfadf379f72c138}, @TCA_TBF_RTAB={0x404, 0x2, [0x1000, 0x0, 0x7, 0x4, 0x10000, 0x4, 0xaca, 0x4, 0x88, 0x1, 0x9, 0x400, 0x3, 0x1, 0x3, 0x4, 0x3, 0x7, 0x0, 0x80, 0x8001, 0x0, 0xfffffff9, 0x5, 0x2, 0x401, 0x10004, 0x4, 0x81, 0x6, 0x9, 0xc8, 0x9, 0x4, 0x6, 0xff, 0x1ff, 0xffffff01, 0x4, 0xa21, 0x9, 0x3, 0x10001, 0x1, 0x4, 0x3d9, 0x3, 0xc2, 0x9, 0x5, 0x5, 0x8, 0x5, 0x57087658, 0xa, 0x5, 0x3, 0xf, 0x9, 0xffff, 0x5, 0x4, 0x200, 0x1, 0x9a, 0x9, 0x2, 0xffff0c6c, 0xffffffff, 0x3, 0x2, 0x2, 0x3, 0x9, 0x7, 0x6, 0x1, 0x58d, 0x7, 0x10000, 0x1, 0x0, 0x2, 0x1, 0x2, 0x0, 0x6, 0x5, 0x2da4, 0x9, 0x4, 0x10000, 0xb, 0x4, 0x7, 0x4, 0x3, 0xc, 0x2, 0x2, 0x0, 0xffff, 0xde, 0x9, 0x5, 0x29, 0x800, 0x3, 0xe9de, 0xffff, 0x80000000, 0xb7ba, 0xac, 0x6, 0x29, 0x4, 0x1, 0xf2d, 0x2, 0x800, 0x2000ff, 0x1, 0x66be, 0x8, 0x9, 0x3, 0xdb, 0xff, 0x40, 0x9, 0x4, 0x1, 0x0, 0x9, 0x8001, 0x400, 0xfffffffb, 0x80, 0x6, 0x1000000, 0x7, 0x7f, 0x0, 0x400, 0x1, 0x0, 0x2c7, 0x7, 0xcb43, 0x8000, 0xba3, 0xb, 0x9bd, 0x6, 0x0, 0xffff, 0x5, 0x800, 0x401, 0xffff, 0x6, 0x0, 0x8, 0x1000, 0x5, 0x1, 0x5, 0xfffffff7, 0x7, 0xfff, 0x2b7, 0x5, 0x0, 0x1, 0x1000, 0x1, 0xa800, 0xffff, 0x6c, 0x2, 0x4, 0x1, 0x3, 0x101, 0x6, 0x6, 0x2a0e3b8f, 0x7, 0x6, 0x7ff, 0x8, 0xc66, 0x1, 0x6, 0x3f9e, 0xb, 0x22f, 0xa, 0xde8, 0x42bffd08, 0x4, 0x81, 0x40, 0x5, 0x10, 0x8000, 0xfffffba8, 0x8, 0x401, 0x5, 0x4, 0x3ff, 0x6, 0x0, 0x1, 0x1, 0xfffff001, 0x5, 0x5, 0x7, 0x2, 0x9, 0x9, 0xc0, 0x3, 0x101, 0x6, 0x2, 0x1, 0x2, 0x1, 0x80000000, 0x8, 0x7fffffff, 0x0, 0x10, 0x0, 0xcd95, 0x4, 0x4, 0x1071, 0x6, 0xe, 0x0, 0x3, 0x2, 0x7ff, 0x1, 0x4, 0x0, 0x40, 0x5, 0xe, 0x3, 0x0, 0xffff8001]}, @TCA_TBF_BURST={0x8, 0x6, 0x6}, @TCA_TBF_PBURST={0x8, 0x7, 0x1470}, @TCA_TBF_RTAB={0x404, 0x2, [0x6, 0x51ec, 0x5, 0x8001, 0xfffffffe, 0x5, 0x3, 0x0, 0xde3145, 0x1, 0x101, 0x3456, 0x8, 0x8001, 0xff, 0x9, 0x5, 0x0, 0x6, 0xe, 0x9, 0x8000, 0xfffffffb, 0x0, 0x7, 0xe31, 0x7d, 0x3, 0x9, 0x80, 0x2, 0x101, 0x6000, 0x7, 0x10, 0x5, 0x6, 0x3, 0x3, 0x7, 0x4, 0x4, 0xffff, 0x4, 0xad2d, 0x1, 0x6, 0xffffffff, 0x7fffffff, 0x0, 0x0, 0xaab, 0x4, 0x4, 0x7, 0x7f, 0x6, 0x7fff, 0x2, 0xbf, 0x7, 0x4, 0x8, 0x7, 0x8, 0x10001, 0x2, 0x5, 0x5, 0x1, 0x4, 0xaf, 0x40, 0x4, 0x4, 0x0, 0x7, 0x1, 0x4, 0x3, 0x3, 0x15b0, 0x2, 0xa, 0x3f4, 0xe, 0x1, 0x9, 0xc0, 0x8, 0xfffff192, 0xe36, 0x80000000, 0x1, 0x4, 0x8, 0x4, 0x0, 0x4, 0x3, 0x80000000, 0x0, 0x5, 0x8, 0xfffffff7, 0xfffffe80, 0x9bb, 0x10, 0xfffffff7, 0x8000, 0x7, 0x1, 0x8, 0x80000000, 0x2, 0x3, 0x2, 0x5d, 0xc9, 0x9, 0xb4, 0x6, 0x1, 0x6, 0x68, 0x4, 0x6, 0xb, 0xb, 0xb, 0xffffffff, 0xa, 0x29d6, 0x3, 0x5, 0x48d, 0x2, 0x5, 0x7, 0x7, 0x968a9e70, 0x1, 0x6, 0x10000, 0x1, 0xe762, 0x401, 0x4, 0xadd, 0xc03, 0x5, 0x5, 0x1, 0x2, 0x401, 0x6, 0x7, 0x9, 0x1000, 0x7, 0x7, 0x80000001, 0xdf, 0xffffa8c3, 0x7, 0x3, 0xc, 0x4, 0x1000, 0x9ae, 0x5, 0x7, 0x2, 0x10, 0xff, 0x3, 0x8, 0x4, 0x7fffffff, 0x6, 0xd, 0x1, 0x1, 0x8, 0x7, 0x80000001, 0x404, 0x10000, 0xfffffff9, 0x822, 0x4, 0x1, 0x8, 0x4, 0x6, 0xffffffff, 0x7, 0x5, 0x1, 0xa, 0x7ff, 0xff, 0x4, 0x6, 0x4, 0xe079, 0xd1, 0x1, 0x8, 0x5, 0xc2e, 0x6, 0x400, 0x2, 0x5, 0xc505, 0x6, 0x8, 0x9e7, 0x0, 0xfffff46c, 0x80000000, 0x7, 0x603, 0x4, 0x23, 0xc0b, 0x1, 0x5, 0x1, 0x4, 0xcfd, 0x2, 0x800, 0x7, 0x2, 0x0, 0x3, 0x2, 0x715, 0xa, 0x5, 0x8, 0x8, 0x9, 0xe0, 0x6, 0x5, 0xf, 0x9963, 0xb, 0xecf0, 0x244, 0x0, 0x0, 0x9f14]}, @TCA_TBF_PBURST={0x8, 0x7, 0x1e9f}]}}, @TCA_RATE={0x6, 0x5, {0x3, 0x9}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0xffff}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x7}, @TCA_RATE={0x6, 0x5, {0x7, 0x8}}]}, 0xcbc}, 0x1, 0x0, 0x0, 0x4000}, 0x44810) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = socket(0x10, 0x803, 0x0) sendto(r7, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r7, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}, 0xe00}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 10.938902103s ago: executing program 2 (id=880): socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="190000000400000008000000"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r0}, &(0x7f00000001c0), &(0x7f0000000300)=r1}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x5, 0xe, 0x0, &(0x7f00000003c0)="000000000000000000000001e370", 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) 10.87697768s ago: executing program 4 (id=881): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x24, 0x24, 0xd0f, 0x0, 0x25dfdbfb, {0x60, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9f"], 0x0, 0x6e, 0x0, 0x1}, 0x28) r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'bond0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a000000", @ANYRES32=r2, @ANYBLOB="14000200fe8000"/16], 0x48}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x4, '\x00', r2, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) 10.619744285s ago: executing program 2 (id=882): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000340)=ANY=[@ANYBLOB="f0000000100013070000000000000000fc020000000000000000000000000000fe8000000000000000000000000000100004000000000000000000202c000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe"], 0xf0}, 0x1, 0xe}, 0x10) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) 10.517353137s ago: executing program 4 (id=884): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) io_uring_setup(0x30d3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000d00)=@mangle={'mangle\x00', 0x64, 0x6, 0x600, 0x310, 0x1d0, 0x440, 0x310, 0x0, 0x530, 0x530, 0x530, 0x530, 0x530, 0x6, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, [], [], 'vcan0\x00', 'veth1_virt_wifi\x00'}, 0x0, 0xa8, 0xe8, 0x0, {0x7a00000000000000}}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x9}}}, {{@ipv6={@mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'syzkaller1\x00', 'ip6tnl0\x00'}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@private0}}}, {{@ipv6={@rand_addr=' \x01\x00', @mcast2, [], [0xffffff00], 'veth1_to_batadv\x00', 'vlan1\x00'}, 0x0, 0xf8, 0x140, 0x0, {}, [@common=@inet=@ecn={{0x28}}, @common=@ipv6header={{0x28}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@empty}}}, {{@ipv6={@private0, @mcast2, [], [], 'veth1_to_team\x00', 'veth0_macvtap\x00'}, 0x0, 0xf0, 0x130, 0x0, {}, [@common=@hbh={{0x48}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe760]}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@remote}}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x2f}, @mcast2, [0xff, 0x0, 0x7f, 0xff], [0xffffffff, 0xff, 0xffffffff, 0xff], 'veth1_to_batadv\x00', 'rose0\x00', {}, {0xff}, 0x29, 0x4c, 0x2, 0x65}, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4=@local}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x660) 10.412932552s ago: executing program 1 (id=885): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$inet6_mptcp(0xa, 0x1, 0x106) openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/handlers\x00', 0x0, 0x0) 10.269013687s ago: executing program 2 (id=886): socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet(0x10, 0x3, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000040)={0x400, 0x3}, 0x65) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0) sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(r2, 0x0, 0x487, &(0x7f0000002b40), &(0x7f0000002b80)=0x30) syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0x2}, 0x8) sendto$inet(r0, &(0x7f0000000100)="ab", 0x1, 0x40048c4, &(0x7f00000000c0)={0x2, 0x4e22, @local}, 0x10) getpid() socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$netrom(0x6, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) 9.34286911s ago: executing program 1 (id=888): bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r1, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e) connect$pptp(r1, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000015c0), 0x2300, 0x0) ioctl$PPPIOCATTCHAN(r2, 0x40047438, &(0x7f0000000040)=0x1) keyctl$chown(0x4, 0x0, 0xee01, 0xee00) readv(r2, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 8.412255008s ago: executing program 4 (id=889): socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) fanotify_mark(0xffffffffffffffff, 0x1, 0xe, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) fsetxattr$security_ima(r3, &(0x7f0000000040), &(0x7f0000000080)=@ng={0x4, 0xd}, 0x2, 0x0) write$binfmt_script(r3, &(0x7f0000002040)={'#! ', './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0'}, 0x1002) execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) sendmsg$netlink(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000600)=ANY=[@ANYBLOB="18010000351c00042bbd700000080000000000800802d8", @ANYRES32=r3, @ANYBLOB="0c0049000100010000000000130054002f6465762f6370752f232f6d7372000008003400e0000002080035005d00000004002500d87bde6f1a469ab6defd7ef3acada2931c4686e92570d98bb613f61166cd9d05864fe02e3470e5d0f3ab43cbbd7eac98cc44fa6ab5a42c83b4a53ba03649f573c9898462d14516fb96f5c80e7f05989d015f5f7a1080f19204babecd4161f6b2395307a7a2d40a2052a334184a5397ade80d5a4d6945eac12c59d3c2cffabfb61e97ec53da7e1f6daaa3cd732fc2514b0c39d7ba66711edef9e5433128666ebe15c6abbacc81792d7408fcfb008ea0b0d00e1748934d0522cb16adcc66c61995"], 0x118}, {&(0x7f0000001240)=ANY=[@ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="090029006861736800000000277063da5d85f9702a89841c916ed42f1c24b00b552e7d79b0958ecc718e871f4d72b6e47040adf40400a980f8d461846373f49fa621075a14531a16b0dcdc163cc03986086e5db0750f8fe30d82206c600572adce743ecb29849ff507908dcfeb16f2df03de29d4d2f6ad24603adcbcedeeda6814f83ea89678e3a48d6cfc2e9e245670a4823693f51f5d0f1f3fbf6a31075600c1877afee5570eb1c6617301c2c36b21feeeb1bcefa3c86d39f16d94bbbfb9b2402f5c00ad5e604c6d6eb31e5b41b79ae83d62c9d2acf8a8ef5489010c69b334e10269f03ac1692e757b69dabefbe6be9fd1f4248f36cd6cc89cd52d67f052bbfd30eef652e403d4caf046ae574a0800e9000a0101020000bd407a36c55d5af278b92bda6c79c28bc7ae2601b48e58c8449d8a981f465477644648da2312417da732f455f844621eb5f726abc890efc590931738bd5a2cfe8de9cbb9bcac67f08cc422bf843b19f4bfd4302caf5388dc38d1d26a7ca5382d1c7526ce5d468e95cca04fd474f53379092bad9a3a9b3f7feb36be5d215d238696313ab75b1e"], 0x4d4}], 0x2, &(0x7f0000000080)=[@rights={{0x14, 0x1, 0x1, [r1]}}], 0x18, 0x8000}, 0x4808c) 8.272947283s ago: executing program 3 (id=891): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) lseek(0xffffffffffffffff, 0x8000000000008, 0x1) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r1, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001240)=[{{0x0, 0x0, 0x0}, 0xd6}], 0x1, 0x42, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000180)=r3, 0x4) r4 = syz_io_uring_setup(0xa0, &(0x7f00000002c0)={0x0, 0x89b8, 0x1, 0x0, 0x207}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x11, 0x2007, @fd=r2, 0x19c, &(0x7f0000000240), 0x0, 0x8, 0x1}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0) 8.198122423s ago: executing program 1 (id=892): socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="190000000400000008000000"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r0}, &(0x7f00000001c0), &(0x7f0000000300)=r1}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x5, 0xe, 0x0, &(0x7f00000003c0)="000000000000000000000001e370", 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) 6.948756164s ago: executing program 3 (id=893): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000000002) sched_setscheduler(r0, 0x2, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = socket$inet6(0xa, 0x3, 0xff) setsockopt$inet6_int(r3, 0x29, 0x16, 0x0, 0x0) openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 6.948359797s ago: executing program 1 (id=894): socket$alg(0x26, 0x5, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x893, 0x0, 0x0, 0x0) r2 = timerfd_create(0x8, 0x80000) timerfd_settime(r2, 0x0, 0x0, 0x0) readv(r2, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x2004000c) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) sendmsg$nl_route_sched(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r6, {0xf000, 0xffff}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_CLASSID={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff) syz_genetlink_get_family_id$wireguard(&(0x7f0000000000), 0xffffffffffffffff) 5.739108008s ago: executing program 3 (id=896): bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r1, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e) connect$pptp(r1, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000015c0), 0x2300, 0x0) ioctl$PPPIOCATTCHAN(r2, 0x40047438, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) keyctl$chown(0x4, 0x0, 0xee01, 0xee00) readv(r2, &(0x7f00000002c0)=[{&(0x7f00000000c0)=""/75, 0x4b}], 0x1) close_range(r0, 0xffffffffffffffff, 0x0) 4.6317538s ago: executing program 3 (id=897): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4004) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000e000000200000000000000000000000000000000000000000000000000000000000000001000"], 0xb8}, 0x1, 0x0, 0x0, 0x404c830}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b800000015"], 0xb8}}, 0x0) 4.558951878s ago: executing program 1 (id=898): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000180)) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x60, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r5, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) 4.307579308s ago: executing program 3 (id=899): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = epoll_create(0x7) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r2, &(0x7f0000000180)) epoll_create1(0x0) epoll_create(0x6) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socket$nl_route(0x10, 0x3, 0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000200)) 3.105299175s ago: executing program 1 (id=900): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) io_uring_setup(0x30d3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000d00)=@mangle={'mangle\x00', 0x64, 0x6, 0x600, 0x310, 0x1d0, 0x440, 0x310, 0x0, 0x530, 0x530, 0x530, 0x530, 0x530, 0x6, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, [], [], 'vcan0\x00', 'veth1_virt_wifi\x00'}, 0x0, 0xa8, 0xe8, 0x0, {0x7a00000000000000}}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x9}}}, {{@ipv6={@mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'syzkaller1\x00', 'ip6tnl0\x00'}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@private0}}}, {{@ipv6={@rand_addr=' \x01\x00', @mcast2, [], [0xffffff00], 'veth1_to_batadv\x00', 'vlan1\x00'}, 0x0, 0xf8, 0x140, 0x0, {}, [@common=@inet=@ecn={{0x28}}, @common=@ipv6header={{0x28}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@empty}}}, {{@ipv6={@private0, @mcast2, [], [], 'veth1_to_team\x00', 'veth0_macvtap\x00'}, 0x0, 0xf0, 0x130, 0x0, {}, [@common=@hbh={{0x48}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe760]}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@remote}}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x2f}, @mcast2, [0xff, 0x0, 0x7f, 0xff], [0xffffffff, 0xff, 0xffffffff, 0xff], 'veth1_to_batadv\x00', 'rose0\x00', {}, {0xff}, 0x29, 0x4c, 0x2, 0x65}, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4=@local}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x660) 2.420965813s ago: executing program 0 (id=902): bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r1, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e) connect$pptp(r1, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000015c0), 0x2300, 0x0) ioctl$PPPIOCATTCHAN(r2, 0x40047438, &(0x7f0000000040)=0x1) keyctl$chown(0x4, 0x0, 0xee01, 0xee00) readv(r2, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.267304544s ago: executing program 0 (id=903): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000100)=0x1000) write$dsp(r2, 0x0, 0x0) close(0x3) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000200), 0x1d5080, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) 1.434532117s ago: executing program 0 (id=904): socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="190000000400000008000000"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r0}, &(0x7f00000001c0), &(0x7f0000000300)=r1}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x5, 0xe, 0x0, &(0x7f00000003c0)="000000000000000000000001e370", 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) 1.387498002s ago: executing program 2 (id=905): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0) mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0) r2 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0) landlock_restrict_self(r2, 0x0) landlock_restrict_self(r2, 0x0) linkat(0xffffffffffffff9c, &(0x7f0000000500)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f0000000540)='./file1/file4/file7/file5\x00', 0x0) 1.12918824s ago: executing program 4 (id=906): ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) syz_clone(0x89c200, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 990.650744ms ago: executing program 0 (id=907): bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r1, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e) connect$pptp(r1, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000015c0), 0x2300, 0x0) ioctl$PPPIOCATTCHAN(r2, 0x40047438, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) keyctl$chown(0x4, 0x0, 0xee01, 0xee00) readv(r2, &(0x7f00000002c0)=[{&(0x7f00000000c0)=""/75, 0x4b}], 0x1) close_range(r0, 0xffffffffffffffff, 0x0) 718.293753ms ago: executing program 0 (id=908): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x40000006}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r6, {}, {0x2, 0xb}, {0xd, 0xd}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_RATE_ENABLE={0x8}, @TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x6}]}}]}, 0x40}}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 624.960904ms ago: executing program 4 (id=909): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4004) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000e0000002000000000000000000000000000000000000000000000000000000000000000010000200"], 0xb8}, 0x1, 0x0, 0x0, 0x404c830}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b800000015"], 0xb8}}, 0x0) 497.453152ms ago: executing program 3 (id=910): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000011008188e6b62aa73f72cc9f0ba1f8483d0000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0xd, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0xf}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10) close(0xffffffffffffffff) 102.722725ms ago: executing program 4 (id=911): syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000600)={0x0, 0x0, 0x54}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@x86={0x5, 0x5, 0x17, 0x0, 0x3, 0xf9, 0x2, 0x79, 0xff, 0x8, 0x1, 0x1, 0x0, 0x8, 0x5, 0x8, 0x72, 0x7, 0xfa, '\x00', 0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, r4, 0x2000003, 0x11, r2, 0x0) 0s ago: executing program 0 (id=912): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x24, 0x24, 0xd0f, 0x0, 0x25dfdbfb, {0x60, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9f"], 0x0, 0x6e, 0x0, 0x1}, 0x28) r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'bond0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a000000", @ANYRES32=r2, @ANYBLOB="14000200fe8000000000000000000000000000aa0800093f"], 0x48}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x4, '\x00', r2, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.229' (ED25519) to the list of known hosts. [ 86.220528][ T5822] cgroup: Unknown subsys name 'net' [ 86.329849][ T5822] cgroup: Unknown subsys name 'cpuset' [ 86.339777][ T5822] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 88.148471][ T5822] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 91.996687][ T9] cfg80211: failed to load regulatory.db [ 93.141399][ T5845] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 93.151165][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 93.159517][ T5845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 93.167365][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 93.175036][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 93.183258][ T5845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 93.191257][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 93.200103][ T5845] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 93.207800][ T5845] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 93.216278][ T5845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 93.224078][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 93.237639][ T5853] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 93.255017][ T5856] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 93.263028][ T5853] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 93.270956][ T5853] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 93.277246][ T5155] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 93.279789][ T5853] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 93.287045][ T5155] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 93.293137][ T5853] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 93.300347][ T5155] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 93.306519][ T5853] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 93.313763][ T5155] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 93.328150][ T5853] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 93.349438][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 93.357656][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 94.009698][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 94.181693][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 94.194143][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 94.292549][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 94.421770][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.429493][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.436984][ T5836] bridge_slave_0: entered allmulticast mode [ 94.444428][ T5836] bridge_slave_0: entered promiscuous mode [ 94.452984][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 94.496661][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.503832][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.511165][ T5836] bridge_slave_1: entered allmulticast mode [ 94.519547][ T5836] bridge_slave_1: entered promiscuous mode [ 94.646962][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.654160][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.661899][ T5837] bridge_slave_0: entered allmulticast mode [ 94.669996][ T5837] bridge_slave_0: entered promiscuous mode [ 94.677697][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.684844][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.692311][ T5839] bridge_slave_0: entered allmulticast mode [ 94.700185][ T5839] bridge_slave_0: entered promiscuous mode [ 94.740935][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.748234][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.755546][ T5837] bridge_slave_1: entered allmulticast mode [ 94.762838][ T5837] bridge_slave_1: entered promiscuous mode [ 94.770526][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.777933][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.785125][ T5839] bridge_slave_1: entered allmulticast mode [ 94.793016][ T5839] bridge_slave_1: entered promiscuous mode [ 94.802975][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.816019][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.832808][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.840012][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.847496][ T5838] bridge_slave_0: entered allmulticast mode [ 94.854820][ T5838] bridge_slave_0: entered promiscuous mode [ 94.942344][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.949885][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.960100][ T5838] bridge_slave_1: entered allmulticast mode [ 94.967615][ T5838] bridge_slave_1: entered promiscuous mode [ 94.992938][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.006244][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.019323][ T5836] team0: Port device team_slave_0 added [ 95.057059][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.081894][ T5836] team0: Port device team_slave_1 added [ 95.088497][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.096051][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.103264][ T5847] bridge_slave_0: entered allmulticast mode [ 95.110652][ T5847] bridge_slave_0: entered promiscuous mode [ 95.134159][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.182388][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.190127][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.197412][ T5847] bridge_slave_1: entered allmulticast mode [ 95.204666][ T5847] bridge_slave_1: entered promiscuous mode [ 95.229464][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.256190][ T5837] team0: Port device team_slave_0 added [ 95.264633][ T5839] team0: Port device team_slave_0 added [ 95.275413][ T5839] team0: Port device team_slave_1 added [ 95.285957][ T51] Bluetooth: hci0: command tx timeout [ 95.299682][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.307096][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.333408][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.355983][ T51] Bluetooth: hci3: command tx timeout [ 95.356082][ T5852] Bluetooth: hci2: command tx timeout [ 95.361498][ T5853] Bluetooth: hci1: command tx timeout [ 95.378192][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.404731][ T5837] team0: Port device team_slave_1 added [ 95.435424][ T5853] Bluetooth: hci4: command tx timeout [ 95.442278][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.449615][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.476574][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.491525][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.527729][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.534734][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.560974][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.574467][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.581772][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.607997][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.629774][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.657556][ T5838] team0: Port device team_slave_0 added [ 95.711971][ T5838] team0: Port device team_slave_1 added [ 95.734000][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.741270][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.767353][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.796757][ T5847] team0: Port device team_slave_0 added [ 95.818436][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.825566][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.852288][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.883523][ T5836] hsr_slave_0: entered promiscuous mode [ 95.890111][ T5836] hsr_slave_1: entered promiscuous mode [ 95.899331][ T5847] team0: Port device team_slave_1 added [ 95.920604][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.928191][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.954366][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.967252][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.974245][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.000354][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.039077][ T5839] hsr_slave_0: entered promiscuous mode [ 96.045987][ T5839] hsr_slave_1: entered promiscuous mode [ 96.052228][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 96.060190][ T5839] Cannot create hsr debugfs directory [ 96.113769][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.121205][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.147863][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.222752][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.230012][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.256107][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.308168][ T5838] hsr_slave_0: entered promiscuous mode [ 96.314631][ T5838] hsr_slave_1: entered promiscuous mode [ 96.321019][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 96.328856][ T5838] Cannot create hsr debugfs directory [ 96.361374][ T5837] hsr_slave_0: entered promiscuous mode [ 96.368131][ T5837] hsr_slave_1: entered promiscuous mode [ 96.374218][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 96.381870][ T5837] Cannot create hsr debugfs directory [ 96.518826][ T5847] hsr_slave_0: entered promiscuous mode [ 96.525346][ T5847] hsr_slave_1: entered promiscuous mode [ 96.531530][ T5847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 96.539424][ T5847] Cannot create hsr debugfs directory [ 96.987973][ T5836] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 97.008522][ T5836] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 97.039549][ T5836] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 97.050791][ T5836] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 97.103706][ T5837] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 97.127764][ T5837] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 97.145001][ T5837] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 97.162156][ T5837] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 97.268430][ T5839] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 97.310462][ T5839] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 97.324556][ T5839] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 97.335618][ T5839] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 97.355945][ T5853] Bluetooth: hci0: command tx timeout [ 97.428896][ T5838] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 97.436792][ T5853] Bluetooth: hci2: command tx timeout [ 97.446665][ T5853] Bluetooth: hci1: command tx timeout [ 97.452125][ T5853] Bluetooth: hci3: command tx timeout [ 97.466781][ T5838] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 97.492047][ T5838] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 97.516294][ T5853] Bluetooth: hci4: command tx timeout [ 97.549680][ T5838] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 97.581023][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.624696][ T5847] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 97.640233][ T5847] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 97.650804][ T5847] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 97.675058][ T5847] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 97.732116][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.743643][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.798948][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.806437][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.838939][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.846184][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.878810][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.907760][ T1315] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.914918][ T1315] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.957109][ T1328] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.964521][ T1328] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.983334][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.041851][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.063971][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.133649][ T1328] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.140892][ T1328] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.158976][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.230410][ T1315] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.237674][ T1315] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.268935][ T1315] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.276198][ T1315] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.323031][ T1315] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.330281][ T1315] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.372730][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.480111][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.582683][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.589931][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.619387][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.626612][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.681864][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.737576][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.820885][ T5847] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 98.913579][ T5836] veth0_vlan: entered promiscuous mode [ 98.988559][ T5836] veth1_vlan: entered promiscuous mode [ 99.101339][ T5836] veth0_macvtap: entered promiscuous mode [ 99.172736][ T5836] veth1_macvtap: entered promiscuous mode [ 99.212597][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.264072][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.320096][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.362860][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.394072][ T5836] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.409668][ T5836] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.420563][ T5836] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.433859][ T5836] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.446336][ T5853] Bluetooth: hci0: command tx timeout [ 99.517621][ T51] Bluetooth: hci1: command tx timeout [ 99.519887][ T5852] Bluetooth: hci2: command tx timeout [ 99.523222][ T5853] Bluetooth: hci3: command tx timeout [ 99.580938][ T5838] veth0_vlan: entered promiscuous mode [ 99.593110][ T5839] veth0_vlan: entered promiscuous mode [ 99.607210][ T5853] Bluetooth: hci4: command tx timeout [ 99.631637][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.664515][ T5837] veth0_vlan: entered promiscuous mode [ 99.686232][ T5838] veth1_vlan: entered promiscuous mode [ 99.696375][ T5839] veth1_vlan: entered promiscuous mode [ 99.710382][ T5837] veth1_vlan: entered promiscuous mode [ 99.722892][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.740895][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.809966][ T5837] veth0_macvtap: entered promiscuous mode [ 99.838855][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.842260][ T5837] veth1_macvtap: entered promiscuous mode [ 99.856971][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.910236][ T5838] veth0_macvtap: entered promiscuous mode [ 99.931500][ T5847] veth0_vlan: entered promiscuous mode [ 99.944778][ T5847] veth1_vlan: entered promiscuous mode [ 99.961334][ T5836] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 99.979004][ T5838] veth1_macvtap: entered promiscuous mode [ 99.992392][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.014611][ T5839] veth0_macvtap: entered promiscuous mode [ 100.052910][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.071516][ T5839] veth1_macvtap: entered promiscuous mode [ 100.111333][ T5837] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.123495][ T5837] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.132412][ T5837] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.141535][ T5837] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.186605][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.207501][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.218242][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.244185][ T5847] veth0_macvtap: entered promiscuous mode [ 100.259767][ T5838] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.270763][ T5838] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.280717][ T5838] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.289568][ T5838] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.304567][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.340505][ T5847] veth1_macvtap: entered promiscuous mode [ 100.358492][ T5839] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.374685][ T5839] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.386001][ T5839] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.394809][ T5839] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.926209][ T153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.965032][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.979316][ T153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.130395][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.156751][ T1328] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.159637][ T5847] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.164607][ T1328] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.178128][ T5847] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.225330][ T5847] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.234052][ T5847] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.508371][ T153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.517194][ T5853] Bluetooth: hci0: command tx timeout [ 101.522883][ T1328] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.534210][ T1328] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.542285][ T153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.567580][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.569700][ T1328] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.576529][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.589999][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.595854][ T5853] Bluetooth: hci3: command tx timeout [ 101.604638][ T5853] Bluetooth: hci1: command tx timeout [ 101.611843][ T5853] Bluetooth: hci2: command tx timeout [ 101.685368][ T5964] netem: change failed [ 101.690530][ T5852] Bluetooth: hci4: command tx timeout [ 102.209833][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.217254][ T1328] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.537198][ T5966] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.545083][ T5966] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.185878][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 106.526405][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 106.526729][ T5990] process 'syz.4.10' launched '/dev/fd/6' with NULL argv: empty string added [ 107.442865][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 107.452473][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 108.978272][ T0] NOHZ tick-stop error: local softirq work is pending, handler #302!!! [ 109.118748][ T6014] xt_TPROXY: Can be used only with -p tcp or -p udp [ 109.385747][ T6014] netlink: 24 bytes leftover after parsing attributes in process `syz.4.16'. [ 110.126112][ T1209] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 110.288120][ T5973] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 110.577911][ T5973] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 110.860452][ T5973] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 110.899691][ T6028] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 110.907879][ T6028] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 110.916583][ T6028] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 110.925606][ T6028] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 110.938732][ T1209] usb 2-1: Using ep0 maxpacket: 32 [ 110.969520][ T5973] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 110.983807][ T1209] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10 [ 110.988010][ T5973] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 111.010461][ T5973] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 111.056184][ T1209] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 111.103448][ T5973] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 111.112930][ T1209] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 111.131009][ T1209] usb 2-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 111.138907][ T5973] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 111.140319][ T1209] usb 2-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 111.189849][ T5973] usb 3-1: Product: syz [ 111.202080][ T5973] usb 3-1: Manufacturer: syz [ 111.205313][ T1209] usb 2-1: Product: syz [ 111.215832][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.237363][ T5973] cdc_wdm 3-1:1.0: skipping garbage [ 111.257650][ T5973] cdc_wdm 3-1:1.0: skipping garbage [ 111.261225][ T1209] usb 2-1: Manufacturer: syz [ 111.285436][ T1209] usb 2-1: SerialNumber: syz [ 111.328358][ T5973] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 111.357708][ T1209] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input5 [ 111.371529][ T5973] cdc_wdm 3-1:1.0: Unknown control protocol [ 111.933971][ T5973] usb 3-1: USB disconnect, device number 2 [ 112.050785][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 112.153347][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 112.767176][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 112.785233][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 113.009755][ T1209] usb 2-1: USB disconnect, device number 2 [ 113.015810][ C0] appletouch 2-1:1.0: atp_complete: usb_submit_urb failed with result -19 [ 114.008570][ T1209] appletouch 2-1:1.0: input: appletouch disconnected [ 119.726007][ T6091] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 120.328302][ T6099] vxfs: WRONG superblock magic 00000000 at 1 [ 120.336442][ T6099] vxfs: WRONG superblock magic 00000000 at 8 [ 120.342625][ T6099] vxfs: can't find superblock. [ 121.022473][ T6097] ceph: No mds server is up or the cluster is laggy [ 121.733329][ T45] libceph: connect (1)[c::]:6789 error -101 [ 121.748630][ T45] libceph: mon0 (1)[c::]:6789 connect error [ 122.684613][ T6114] GUP no longer grows the stack in syz.3.43 (6114): 200000004000-20000000a000 (200000002000) [ 122.695200][ T6114] CPU: 0 UID: 0 PID: 6114 Comm: syz.3.43 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 122.695227][ T6114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 122.695247][ T6114] Call Trace: [ 122.695264][ T6114] [ 122.695274][ T6114] dump_stack_lvl+0x189/0x250 [ 122.695314][ T6114] ? __pfx_dump_stack_lvl+0x10/0x10 [ 122.695338][ T6114] ? __pfx__printk+0x10/0x10 [ 122.695362][ T6114] ? find_vma+0xe7/0x160 [ 122.695406][ T6114] __get_user_pages+0x2a60/0x30b0 [ 122.695473][ T6114] ? __pfx___get_user_pages+0x10/0x10 [ 122.695511][ T6114] get_user_pages_remote+0x2f9/0xaa0 [ 122.695538][ T6114] ? __pfx_mtree_load+0x10/0x10 [ 122.695577][ T6114] ? __pfx_get_user_pages_remote+0x10/0x10 [ 122.695616][ T6114] __access_remote_vm+0x215/0x5f0 [ 122.695657][ T6114] ? __pfx___access_remote_vm+0x10/0x10 [ 122.695691][ T6114] ? alloc_pages_noprof+0xbe/0x190 [ 122.695727][ T6114] proc_pid_cmdline_read+0x440/0x840 [ 122.695759][ T6114] ? __asan_memset+0x22/0x50 [ 122.695791][ T6114] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 122.695827][ T6114] ? rw_verify_area+0x258/0x650 [ 122.695859][ T6114] vfs_readv+0x5a7/0x850 [ 122.695881][ T6114] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 122.695915][ T6114] ? __pfx_vfs_readv+0x10/0x10 [ 122.695953][ T6114] ? __fget_files+0x2a/0x420 [ 122.695978][ T6114] ? __fget_files+0x3a0/0x420 [ 122.695995][ T6114] ? __fget_files+0x2a/0x420 [ 122.696039][ T6114] __x64_sys_preadv+0x197/0x2a0 [ 122.696074][ T6114] ? __pfx___x64_sys_preadv+0x10/0x10 [ 122.696102][ T6114] ? rcu_is_watching+0x15/0xb0 [ 122.696131][ T6114] ? do_syscall_64+0xbe/0x3b0 [ 122.696155][ T6114] do_syscall_64+0xfa/0x3b0 [ 122.696173][ T6114] ? lockdep_hardirqs_on+0x9c/0x150 [ 122.696202][ T6114] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.696223][ T6114] ? clear_bhb_loop+0x60/0xb0 [ 122.696248][ T6114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.696268][ T6114] RIP: 0033:0x7f1cb718e929 [ 122.696293][ T6114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.696315][ T6114] RSP: 002b:00007f1cb7fe7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 122.696337][ T6114] RAX: ffffffffffffffda RBX: 00007f1cb73b5fa0 RCX: 00007f1cb718e929 [ 122.696352][ T6114] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000004 [ 122.696364][ T6114] RBP: 00007f1cb7210b39 R08: 0000000000000000 R09: 0000000000000000 [ 122.696377][ T6114] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 122.696389][ T6114] R13: 0000000000000000 R14: 00007f1cb73b5fa0 R15: 00007ffcf4b8bc98 [ 122.696422][ T6114] [ 122.961845][ T1209] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 124.223640][ T1209] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 124.223677][ T1209] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 124.223701][ T1209] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 124.223746][ T1209] usb 5-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.00 [ 124.223770][ T1209] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.267426][ T1209] usb 5-1: config 0 descriptor?? [ 124.854411][ T1209] dragonrise 0003:0079:0011.0001: hidraw0: USB HID v0.00 Device [HID 0079:0011] on usb-dummy_hcd.4-1/input0 [ 125.030427][ T92] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 125.785134][ T1209] usb 5-1: USB disconnect, device number 2 [ 126.055397][ T92] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 126.135703][ T92] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 126.270640][ T92] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 126.348390][ T92] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 126.357863][ T92] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.405107][ T92] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 126.450879][ T92] usb 4-1: invalid MIDI out EP 0 [ 127.456294][ T6144] fido_id[6144]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 127.645670][ T6152] Zero length message leads to an empty skb [ 127.770340][ T92] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 127.788686][ T6051] udevd[6051]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 127.800075][ T92] usb 4-1: USB disconnect, device number 2 [ 129.267250][ T6181] netlink: 4 bytes leftover after parsing attributes in process `syz.3.63'. [ 133.103166][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.109784][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 136.114832][ T6241] xt_TPROXY: Can be used only with -p tcp or -p udp [ 136.778283][ T6243] F2FS-fs (loop7): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 136.786569][ T6243] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock [ 136.796767][ T6243] F2FS-fs (loop7): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 136.805376][ T6243] F2FS-fs (loop7): Can't find valid F2FS filesystem in 2th superblock [ 141.787903][ T6285] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9) [ 141.794675][ T6285] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 141.803556][ T6285] vhci_hcd vhci_hcd.0: Device attached [ 142.055651][ T45] usb 39-1: new high-speed USB device number 2 using vhci_hcd [ 142.178062][ T6287] vhci_hcd: connection closed [ 142.190268][ T153] vhci_hcd: stop threads [ 142.220133][ T153] vhci_hcd: release socket [ 142.226273][ T153] vhci_hcd: disconnect device [ 142.236942][ T6293] netlink: 'syz.1.97': attribute type 6 has an invalid length. [ 142.909983][ T30] audit: type=1107 audit(1752163105.515:2): pid=6309 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='' [ 144.346147][ T5911] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 144.745283][ T5911] usb 3-1: Using ep0 maxpacket: 8 [ 144.765523][ T5911] usb 3-1: config 2 has an invalid interface number: 25 but max is 0 [ 144.867622][ T5911] usb 3-1: config 2 has no interface number 0 [ 144.976594][ T5911] usb 3-1: config 2 interface 25 has no altsetting 0 [ 145.137426][ T5911] usb 3-1: New USB device found, idVendor=413c, idProduct=4004, bcdDevice=33.1b [ 145.295356][ T5911] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.346121][ T5911] usb 3-1: Product: syz [ 145.350367][ T5911] usb 3-1: Manufacturer: syz [ 145.354993][ T5911] usb 3-1: SerialNumber: syz [ 145.487324][ T5911] ipaq 3-1:2.25: PocketPC PDA converter detected [ 145.501397][ T5911] usb 3-1: active config #2 != 1 ?? [ 145.826430][ T5911] usb 3-1: USB disconnect, device number 3 [ 148.035617][ T45] vhci_hcd: vhci_device speed not set [ 149.978166][ T5852] Bluetooth: hci4: command 0x0405 tx timeout [ 152.719892][ T6388] netem: change failed [ 153.049967][ T6395] netlink: 'syz.3.132': attribute type 12 has an invalid length. [ 153.095317][ T6395] netlink: 9472 bytes leftover after parsing attributes in process `syz.3.132'. [ 154.266688][ T6407] random: crng reseeded on system resumption [ 155.279209][ T6414] IPVS: sync thread started: state = BACKUP, mcast_ifn = vlan0, syncid = 1, id = 0 [ 155.489952][ T6422] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 159.658272][ T45] libceph: connect (1)[c::]:6789 error -101 [ 159.705491][ T45] libceph: mon0 (1)[c::]:6789 connect error [ 160.003639][ T45] libceph: connect (1)[c::]:6789 error -101 [ 160.017219][ T45] libceph: mon0 (1)[c::]:6789 connect error [ 161.005731][ T45] libceph: connect (1)[c::]:6789 error -101 [ 161.016494][ T6455] ceph: No mds server is up or the cluster is laggy [ 161.381731][ T45] libceph: mon0 (1)[c::]:6789 connect error [ 164.886408][ T6512] bridge0: port 3(netdevsim0) entered blocking state [ 164.896296][ T6512] bridge0: port 3(netdevsim0) entered disabled state [ 164.906054][ T6512] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 164.933944][ T6512] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 164.944666][ T6512] bridge0: port 3(netdevsim0) entered blocking state [ 164.951660][ T6512] bridge0: port 3(netdevsim0) entered forwarding state [ 166.301736][ T6536] random: crng reseeded on system resumption [ 167.158246][ T6547] Bluetooth: MGMT ver 1.23 [ 168.168702][ T6559] bridge0: port 3(netdevsim0) entered blocking state [ 168.176746][ T6559] bridge0: port 3(netdevsim0) entered disabled state [ 168.184124][ T6559] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 168.198351][ T6559] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 168.206454][ T6559] bridge0: port 3(netdevsim0) entered blocking state [ 168.213262][ T6559] bridge0: port 3(netdevsim0) entered forwarding state [ 171.095292][ T5911] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 171.225407][ T5911] usb 5-1: device descriptor read/64, error -71 [ 171.525613][ T5911] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 171.827230][ T5911] usb 5-1: device descriptor read/64, error -71 [ 172.031988][ T5911] usb usb5-port1: attempt power cycle [ 172.866322][ T5911] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 172.892021][ T5853] Bluetooth: Frame is too long (len 10, expected len 9) [ 173.419282][ T5911] usb 5-1: device descriptor read/8, error -71 [ 177.971409][ T6701] random: crng reseeded on system resumption [ 178.662212][ T45] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 178.835368][ T45] usb 3-1: Using ep0 maxpacket: 8 [ 178.870212][ T45] usb 3-1: config 2 has an invalid interface number: 25 but max is 0 [ 178.958969][ T45] usb 3-1: config 2 has no interface number 0 [ 179.042183][ T45] usb 3-1: config 2 interface 25 has no altsetting 0 [ 179.157711][ T45] usb 3-1: New USB device found, idVendor=413c, idProduct=4004, bcdDevice=33.1b [ 179.434612][ T45] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 179.444365][ T45] usb 3-1: Product: syz [ 179.485285][ T45] usb 3-1: Manufacturer: syz [ 179.489953][ T45] usb 3-1: SerialNumber: syz [ 180.195632][ T45] usb 3-1: can't set config #2, error -71 [ 180.225781][ T45] usb 3-1: USB disconnect, device number 4 [ 180.574211][ T6734] IPVS: sync thread started: state = BACKUP, mcast_ifn = vlan0, syncid = 1, id = 0 [ 182.867309][ T6756] random: crng reseeded on system resumption [ 185.168504][ T45] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 185.348699][ T45] usb 3-1: Using ep0 maxpacket: 8 [ 185.354971][ T6773] netlink: 8 bytes leftover after parsing attributes in process `syz.1.261'. [ 185.379557][ T45] usb 3-1: config 2 has an invalid interface number: 25 but max is 0 [ 185.394090][ T6776] netlink: 12 bytes leftover after parsing attributes in process `syz.0.263'. [ 185.404718][ T45] usb 3-1: config 2 has no interface number 0 [ 185.411433][ T45] usb 3-1: config 2 interface 25 has no altsetting 0 [ 185.440097][ T45] usb 3-1: New USB device found, idVendor=413c, idProduct=4004, bcdDevice=33.1b [ 185.449243][ T45] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.457687][ T45] usb 3-1: Product: syz [ 185.461885][ T45] usb 3-1: Manufacturer: syz [ 185.466569][ T45] usb 3-1: SerialNumber: syz [ 185.523304][ T45] ipaq 3-1:2.25: PocketPC PDA converter detected [ 185.536385][ T45] usb 3-1: active config #2 != 1 ?? [ 185.543622][ T6776] bond1: entered promiscuous mode [ 185.556888][ T6776] 8021q: adding VLAN 0 to HW filter on device bond1 [ 185.598966][ T6778] 8021q: adding VLAN 0 to HW filter on device bond1 [ 185.606724][ T6778] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 185.643760][ T6778] bond1: (slave vcan1): Error -95 calling set_mac_address [ 185.713636][ T45] usb 3-1: USB disconnect, device number 5 [ 185.862699][ T6789] tipc: Started in network mode [ 185.869496][ T6789] tipc: Node identity 4, cluster identity 4711 [ 185.877229][ T6789] tipc: Node number set to 4 [ 186.396009][ T5852] Bluetooth: hci5: command 0x1003 tx timeout [ 186.402996][ T5853] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 190.737969][ T6849] IPVS: sync thread started: state = BACKUP, mcast_ifn = vlan0, syncid = 1, id = 0 [ 190.910432][ T6853] netlink: 68 bytes leftover after parsing attributes in process `syz.4.289'. [ 192.748029][ T6876] netlink: 12 bytes leftover after parsing attributes in process `syz.1.298'. [ 193.008202][ T6886] netlink: 28 bytes leftover after parsing attributes in process `syz.1.298'. [ 194.266091][ T6882] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 194.280742][ T6886] 8021q: adding VLAN 0 to HW filter on device bond1 [ 194.406501][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.412959][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.576865][ T6907] netlink: 68 bytes leftover after parsing attributes in process `syz.0.304'. [ 198.535525][ T5853] Bluetooth: hci4: unexpected event for opcode 0x0c26 [ 199.582997][ T6950] use of bytesused == 0 is deprecated and will be removed in the future, [ 199.591725][ T6950] use the actual size instead. [ 200.861264][ T6973] bridge0: port 3(netdevsim0) entered blocking state [ 200.868716][ T6973] bridge0: port 3(netdevsim0) entered disabled state [ 200.876785][ T6973] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 200.898073][ T6973] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 200.907991][ T6973] bridge0: port 3(netdevsim0) entered blocking state [ 200.914800][ T6973] bridge0: port 3(netdevsim0) entered forwarding state [ 201.734953][ T6982] IPVS: stopping backup sync thread 6734 ... [ 201.966218][ T5966] Bluetooth: hci5: Frame reassembly failed (-84) [ 203.436804][ T7000] xt_TPROXY: Can be used only with -p tcp or -p udp [ 203.968925][ T6017] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 203.995541][ T5853] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 204.001971][ T5852] Bluetooth: hci5: command 0x1003 tx timeout [ 204.143901][ T6017] usb 4-1: Using ep0 maxpacket: 8 [ 204.196154][ T6017] usb 4-1: config 2 has an invalid interface number: 25 but max is 0 [ 204.954402][ T6017] usb 4-1: config 2 has no interface number 0 [ 204.971124][ T6017] usb 4-1: config 2 interface 25 has no altsetting 0 [ 204.981299][ T6017] usb 4-1: New USB device found, idVendor=413c, idProduct=4004, bcdDevice=33.1b [ 205.025247][ T6017] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 205.034240][ T6017] usb 4-1: Product: syz [ 205.059025][ T6017] usb 4-1: Manufacturer: syz [ 205.063686][ T6017] usb 4-1: SerialNumber: syz [ 205.095110][ T7032] xt_TPROXY: Can be used only with -p tcp or -p udp [ 205.330205][ T6017] usb 4-1: USB disconnect, device number 3 [ 206.386773][ T7050] IPVS: stopping backup sync thread 6849 ... [ 208.150582][ T7073] netlink: 5636 bytes leftover after parsing attributes in process `syz.3.372'. [ 208.797904][ T7092] IPVS: sync thread started: state = BACKUP, mcast_ifn = vlan0, syncid = 1, id = 0 [ 210.115875][ T7103] netlink: 4 bytes leftover after parsing attributes in process `syz.4.383'. [ 211.850234][ T7123] IPVS: stopping backup sync thread 6414 ... [ 212.379977][ T7138] netlink: 68 bytes leftover after parsing attributes in process `syz.3.396'. [ 217.116496][ T5845] Bluetooth: hci0: command 0x0406 tx timeout [ 217.122615][ T5845] Bluetooth: hci3: command 0x0406 tx timeout [ 217.128858][ T5845] Bluetooth: hci1: command 0x0406 tx timeout [ 217.136888][ T5856] Bluetooth: hci2: command 0x0406 tx timeout [ 217.137193][ T5845] Bluetooth: hci4: command 0x0405 tx timeout [ 218.165988][ T7203] random: crng reseeded on system resumption [ 219.593767][ T7217] netlink: 104 bytes leftover after parsing attributes in process `syz.1.425'. [ 221.957737][ T7253] random: crng reseeded on system resumption [ 223.755994][ T7264] fuse: Unknown parameter 'use00000000000000000000' [ 226.305366][ T5924] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 226.526351][ T5924] usb 2-1: Using ep0 maxpacket: 8 [ 226.544635][ T5924] usb 2-1: config 2 has an invalid interface number: 25 but max is 0 [ 226.546164][ T7294] netlink: 104 bytes leftover after parsing attributes in process `syz.2.450'. [ 226.573478][ T5924] usb 2-1: config 2 has no interface number 0 [ 226.590844][ T5924] usb 2-1: config 2 interface 25 has no altsetting 0 [ 226.827550][ T5924] usb 2-1: New USB device found, idVendor=413c, idProduct=4004, bcdDevice=33.1b [ 226.845209][ T5924] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.865495][ T5924] usb 2-1: Product: syz [ 226.869724][ T5924] usb 2-1: Manufacturer: syz [ 226.874363][ T5924] usb 2-1: SerialNumber: syz [ 227.614340][ T5924] usb 2-1: USB disconnect, device number 3 [ 227.836983][ C1] Illegal XDP return value 16128 on prog (id 76) dev lo, expect packet loss! [ 227.882125][ T7313] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 227.907419][ T7312] netlink: 'syz.2.457': attribute type 39 has an invalid length. [ 228.152028][ T7320] netlink: 68 bytes leftover after parsing attributes in process `syz.3.459'. [ 229.432408][ T7348] netlink: 68 bytes leftover after parsing attributes in process `syz.0.471'. [ 230.851645][ T7367] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 231.484507][ T7371] netlink: 4 bytes leftover after parsing attributes in process `syz.4.479'. [ 233.055228][ T7395] random: crng reseeded on system resumption [ 235.707632][ T7423] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.494' sets config #0 [ 236.245208][ T5155] Bluetooth: Frame is too long (len 10, expected len 9) [ 238.101489][ T7443] IPVS: sync thread started: state = BACKUP, mcast_ifn = vlan0, syncid = 1, id = 0 [ 238.193273][ T7445] random: crng reseeded on system resumption [ 243.002604][ T7486] netlink: 28 bytes leftover after parsing attributes in process `syz.1.519'. [ 244.885003][ T7517] [U] ^R [ 247.919245][ T7546] syz.4.542 uses obsolete (PF_INET,SOCK_PACKET) [ 248.365265][ T7555] netlink: 8 bytes leftover after parsing attributes in process `syz.0.543'. [ 248.416524][ T7555] gtp0: entered promiscuous mode [ 248.422157][ T7555] gtp0: entered allmulticast mode [ 251.132791][ T7587] warning: `syz.4.554' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 252.795336][ T5842] Bluetooth: hci5: command 0x1003 tx timeout [ 252.801715][ T5155] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 252.945403][ T1209] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 253.071890][ T7617] netlink: 4 bytes leftover after parsing attributes in process `syz.4.567'. [ 253.109854][ T1209] usb 1-1: too many configurations: 151, using maximum allowed: 8 [ 253.193775][ T1209] usb 1-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7 [ 253.216430][ T1209] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130 [ 253.245095][ T1209] usb 1-1: Product: syz [ 253.276284][ T1209] usb 1-1: Manufacturer: syz [ 253.280961][ T1209] usb 1-1: SerialNumber: syz [ 253.297582][ T1209] usb 1-1: config 0 descriptor?? [ 253.513312][ T1209] usb 1-1: USB disconnect, device number 2 [ 253.619397][ T7632] netlink: 68 bytes leftover after parsing attributes in process `syz.3.574'. [ 254.966142][ T7048] wlan1: Trigger new scan to find an IBSS to join [ 255.833013][ T7660] tipc: Started in network mode [ 255.843815][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.843900][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.875111][ T7660] tipc: Node identity e6e0d99d4e8a, cluster identity 4711 [ 255.893155][ T7660] tipc: Enabled bearer , priority 0 [ 255.904905][ T7664] syzkaller0: entered promiscuous mode [ 255.958438][ T7664] syzkaller0: entered allmulticast mode [ 256.042389][ T7660] tipc: Resetting bearer [ 256.145733][ T7659] tipc: Resetting bearer [ 256.174240][ T7659] tipc: Disabling bearer [ 257.198572][ T7679] random: crng reseeded on system resumption [ 257.215967][ T5842] Bluetooth: hci5: command 0x1003 tx timeout [ 257.254891][ T5155] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 257.719439][ T7686] tipc: Cannot configure node identity twice [ 259.413567][ T7728] netlink: 8 bytes leftover after parsing attributes in process `syz.3.608'. [ 259.529538][ T7728] gtp0: entered promiscuous mode [ 259.554925][ T7728] gtp0: entered allmulticast mode [ 260.002108][ T153] wlan1: Trigger new scan to find an IBSS to join [ 261.200535][ T153] wlan1: Creating new IBSS network, BSSID 00:00:00:8d:00:00 [ 262.629023][ T7784] random: crng reseeded on system resumption [ 263.874685][ T7793] netlink: 8 bytes leftover after parsing attributes in process `syz.0.634'. [ 265.411961][ T7823] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.646' sets config #0 [ 268.914309][ T7863] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.660' sets config #0 [ 270.465516][ T7880] 8021q: VLANs not supported on ipvlan1 [ 270.906037][ T7885] tipc: Started in network mode [ 270.911013][ T7885] tipc: Node identity d26848fe2056, cluster identity 4711 [ 270.922834][ T7889] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 270.944423][ T7885] tipc: Enabled bearer , priority 0 [ 270.982897][ T7885] syzkaller0: entered promiscuous mode [ 271.007512][ T7885] syzkaller0: entered allmulticast mode [ 271.093445][ T7895] netlink: 5636 bytes leftover after parsing attributes in process `syz.2.674'. [ 271.191577][ T7885] tipc: Resetting bearer [ 271.266276][ T7884] tipc: Resetting bearer [ 271.407017][ T7884] tipc: Disabling bearer [ 272.572213][ T7913] xt_CT: No such helper "netbios-ns" [ 272.890674][ T7921] dummy0 speed is unknown, defaulting to 1000 [ 272.910386][ T7921] dummy0 speed is unknown, defaulting to 1000 [ 272.960523][ T7921] dummy0 speed is unknown, defaulting to 1000 [ 273.002941][ T7921] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 274.085457][ T7921] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 274.322961][ T7921] dummy0 speed is unknown, defaulting to 1000 [ 274.388177][ T7921] dummy0 speed is unknown, defaulting to 1000 [ 274.398714][ T7921] dummy0 speed is unknown, defaulting to 1000 [ 274.502141][ T7921] dummy0 speed is unknown, defaulting to 1000 [ 274.520394][ T7921] dummy0 speed is unknown, defaulting to 1000 [ 274.612816][ T7942] tipc: Started in network mode [ 274.628703][ T7942] tipc: Node identity 4, cluster identity 4711 [ 274.728302][ T7942] tipc: Node number set to 4 [ 274.767272][ T5155] Bluetooth: Frame is too long (len 10, expected len 9) [ 275.548838][ T7954] random: crng reseeded on system resumption [ 276.266819][ T1209] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 277.143177][ T1209] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 277.177018][ T1209] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 277.226144][ T1209] usb 5-1: Product: syz [ 277.247069][ T1209] usb 5-1: Manufacturer: syz [ 277.267487][ T1209] usb 5-1: SerialNumber: syz [ 278.056288][ T1209] usb 5-1: config 0 descriptor?? [ 278.175592][ T1209] usb 5-1: USB disconnect, device number 7 [ 278.512481][ T5833] udevd[5833]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 281.089932][ T5155] Bluetooth: Frame is too long (len 10, expected len 9) [ 281.175428][ T8038] Process accounting resumed [ 285.308370][ T10] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 285.567400][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 285.699257][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 285.753344][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 285.817899][ T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 285.879167][ T10] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 285.910229][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 286.116659][ T10] usb 2-1: config 0 descriptor?? [ 287.891978][ T10] HID 045e:07da: Invalid code 65791 type 1 [ 287.904983][ T10] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0002/input/input6 [ 288.168769][ T10] microsoft 0003:045E:07DA.0002: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 288.256635][ T10] usb 2-1: USB disconnect, device number 4 [ 288.438105][ T8110] fido_id[8110]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 289.127917][ T8125] Bluetooth: hci0: invalid length 0, exp 2 for type 1 [ 290.530472][ T8160] netlink: 20 bytes leftover after parsing attributes in process `syz.1.769'. [ 290.577232][ T92] kernel write not supported for file /comedi4 (pid: 92 comm: kworker/1:2) [ 291.061951][ T8163] xt_TPROXY: Can be used only with -p tcp or -p udp [ 291.216793][ T8174] bridge0: port 3(netdevsim0) entered blocking state [ 291.251833][ T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 291.251933][ T8174] bridge0: port 3(netdevsim0) entered disabled state [ 291.363189][ T8174] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 291.393329][ T8174] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 291.404154][ T8174] bridge0: port 3(netdevsim0) entered blocking state [ 291.411049][ T8174] bridge0: port 3(netdevsim0) entered forwarding state [ 292.799738][ T8157] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.768' sets config #0 [ 292.980169][ T8191] netlink: 32 bytes leftover after parsing attributes in process `syz.3.778'. [ 293.279974][ T8196] xt_CT: No such helper "netbios-ns" [ 293.382292][ T8201] netlink: 8 bytes leftover after parsing attributes in process `syz.4.782'. [ 293.535364][ T1209] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 293.589733][ T8205] tipc: Enabled bearer , priority 0 [ 293.623221][ T8205] syzkaller0: entered promiscuous mode [ 293.674467][ T8205] syzkaller0: entered allmulticast mode [ 293.684202][ T8210] IPVS: sync thread started: state = BACKUP, mcast_ifn = vlan0, syncid = 1, id = 0 [ 293.702183][ T8205] tipc: Resetting bearer [ 293.745737][ T1209] usb 4-1: Using ep0 maxpacket: 8 [ 293.850386][ T1209] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 293.877512][ T8204] tipc: Resetting bearer [ 294.039499][ T1209] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.179222][ T8204] tipc: Disabling bearer [ 294.368677][ T1209] pvrusb2: Hardware description: Terratec Grabster AV400 [ 294.413970][ T1209] pvrusb2: ********** [ 294.471843][ T1209] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 294.545338][ T1209] pvrusb2: Important functionality might not be entirely working. [ 294.553233][ T1209] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 294.644911][ T8216] bridge0: entered promiscuous mode [ 294.669289][ T8216] batman_adv: batadv0: Adding interface: macsec1 [ 294.676383][ T8216] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 294.702827][ T8216] batman_adv: batadv0: Interface activated: macsec1 [ 295.581408][ T1209] pvrusb2: ********** [ 295.590522][ T1209] usb 4-1: USB disconnect, device number 4 [ 295.597861][ T1209] pvrusb2: Device being rendered inoperable [ 297.132788][ T5155] Bluetooth: Frame is too long (len 10, expected len 9) [ 297.303961][ T8232] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.792' sets config #0 [ 297.580147][ T8244] netlink: 104 bytes leftover after parsing attributes in process `syz.0.795'. [ 299.146238][ T8255] random: crng reseeded on system resumption [ 306.165171][ T8333] netlink: 8 bytes leftover after parsing attributes in process `syz.3.823'. [ 306.212959][ T8333] gtp1: entered promiscuous mode [ 306.228577][ T8333] gtp1: entered allmulticast mode [ 308.186291][ T5155] Bluetooth: hci3: unexpected event for opcode 0x080d [ 310.185272][ T8360] xt_CT: No such helper "netbios-ns" [ 312.237482][ T5155] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 312.250455][ T5155] Bluetooth: hci3: Injecting HCI hardware error event [ 312.264982][ T5842] Bluetooth: hci3: hardware error 0x00 [ 313.293360][ T5155] Bluetooth: Frame is too long (len 10, expected len 9) [ 314.395418][ T5842] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 316.379975][ T8408] xt_CT: No such helper "netbios-ns" [ 317.317328][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.338148][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 320.088599][ T8456] syzkaller0: entered promiscuous mode [ 320.119869][ T8456] syzkaller0: entered allmulticast mode [ 321.228307][ T8463] xt_CT: No such helper "netbios-ns" [ 322.846943][ T5842] Bluetooth: Frame is too long (len 10, expected len 9) [ 322.996270][ T7368] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 325.559189][ T8495] capability: warning: `syz.2.871' uses deprecated v2 capabilities in a way that may be insecure [ 325.690837][ T8503] netlink: 4 bytes leftover after parsing attributes in process `syz.0.873'. [ 325.700297][ T8495] mmap: syz.2.871 (8495) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 325.857898][ T8505] netlink: 4 bytes leftover after parsing attributes in process `syz.0.873'. [ 326.074565][ T8503] erspan0: entered promiscuous mode [ 326.080596][ T8503] macvtap1: entered promiscuous mode [ 326.086208][ T8503] macvtap1: entered allmulticast mode [ 326.091682][ T8503] erspan0: entered allmulticast mode [ 327.156376][ T8505] erspan0: left allmulticast mode [ 327.162833][ T8505] erspan0: left promiscuous mode [ 328.881545][ T8533] netlink: 28 bytes leftover after parsing attributes in process `syz.4.881'. [ 328.937304][ T8533] netlink: 28 bytes leftover after parsing attributes in process `syz.4.881'. [ 329.408276][ T8540] xt_TPROXY: Can be used only with -p tcp or -p udp [ 331.732993][ T8564] cgroup: fork rejected by pids controller in /syz3 [ 334.594558][ T5842] Bluetooth: Frame is too long (len 10, expected len 9) [ 335.161981][ T8676] netlink: 104 bytes leftover after parsing attributes in process `syz.3.897'. [ 336.472395][ T8682] syz.1.898 (8682) used greatest stack depth: 16432 bytes left [ 339.137407][ T8709] tipc: Enabled bearer , priority 0 [ 339.166372][ T8709] syzkaller0: entered promiscuous mode [ 339.179297][ T8709] syzkaller0: entered allmulticast mode [ 339.222667][ T8709] tipc: Resetting bearer [ 339.238703][ T8711] netlink: 104 bytes leftover after parsing attributes in process `syz.4.909'. [ 339.255356][ T8708] tipc: Resetting bearer [ 339.335996][ T8708] tipc: Disabling bearer [ 339.368701][ T8713] netlink: 'syz.3.910': attribute type 10 has an invalid length. [ 339.790006][ T8719] netlink: 20 bytes leftover after parsing attributes in process `syz.0.912'. [ 339.832369][ T8721] netlink: 20 bytes leftover after parsing attributes in process `syz.0.912'. [ 339.839685][ T8716] ------------[ cut here ]------------ [ 339.847244][ T8716] WARNING: CPU: 0 PID: 8716 at ./include/linux/memcontrol.h:371 folio_memcg+0x1a8/0x310 [ 339.857081][ T8716] Modules linked in: [ 339.861208][ T8716] CPU: 0 UID: 0 PID: 8716 Comm: syz.4.911 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 339.873179][ T8716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 339.883291][ T8716] RIP: 0010:folio_memcg+0x1a8/0x310 [ 339.889873][ T8716] Code: 80 3c 28 00 74 08 4c 89 f7 e8 b4 cc 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d e9 bf 21 65 09 cc e8 a9 74 ba ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff [ 339.910303][ T8716] RSP: 0018:ffffc9000376f250 EFLAGS: 00010287 [ 339.917007][ T8716] RAX: ffffffff8205b0a7 RBX: 0000000000000000 RCX: 0000000000080000 [ 339.925025][ T8716] RDX: ffffc9000bdc4000 RSI: 00000000000027a8 RDI: 00000000000027a9 [ 339.933083][ T8716] RBP: 0000000000000000 R08: ffffea0001df6447 R09: 1ffffd40003bec88 [ 339.941164][ T8716] R10: dffffc0000000000 R11: fffff940003bec89 R12: ffffea0001df6470 [ 339.949190][ T8716] R13: dffffc0000000000 R14: ffff888031207900 R15: 0000000000000002 [ 339.957472][ T8716] FS: 00007f0e74c2c6c0(0000) GS:ffff888125c4f000(0000) knlGS:0000000000000000 [ 339.966464][ T8716] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 339.973193][ T8716] CR2: 0000000000000000 CR3: 000000007a77e000 CR4: 00000000003526f0 [ 339.981303][ T8716] Call Trace: [ 339.984816][ T8716] [ 339.987902][ T8716] workingset_activation+0x5f/0x4a0 [ 339.993771][ T8716] ? folio_mark_accessed+0x2a1/0x4a0 [ 339.999578][ T8716] folio_mark_accessed+0x3b5/0x4a0 [ 340.004763][ T8716] kvm_release_page_clean+0x9a/0xe0 [ 340.010065][ T8716] kvm_tdp_page_fault+0x2dd/0x370 [ 340.015217][ T8716] kvm_mmu_do_page_fault+0x2c5/0x640 [ 340.020554][ T8716] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 340.026454][ T8716] ? vmx_handle_exit_irqoff+0x29e/0xad0 [ 340.032051][ T8716] ? __pfx_current_save_fsgs+0x10/0x10 [ 340.037597][ T8716] kvm_mmu_page_fault+0x22f/0xb70 [ 340.042685][ T8716] ? __pfx_handle_ept_violation+0x10/0x10 [ 340.048474][ T8716] vmx_handle_exit+0x1093/0x18a0 [ 340.053450][ T8716] ? vcpu_run+0x361c/0x6f70 [ 340.058086][ T8716] ? rcu_is_watching+0x15/0xb0 [ 340.062890][ T8716] vcpu_run+0x432e/0x6f70 [ 340.067286][ T8716] ? vcpu_run+0x361c/0x6f70 [ 340.071849][ T8716] ? __pfx_vcpu_run+0x10/0x10 [ 340.076599][ T8716] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 340.082351][ T8716] ? rcu_is_watching+0x15/0xb0 [ 340.087209][ T8716] kvm_arch_vcpu_ioctl_run+0xfc9/0x1940 [ 340.092791][ T8716] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 340.099052][ T8716] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 340.105553][ T8716] ? __lock_acquire+0xab9/0xd20 [ 340.110578][ T8716] kvm_vcpu_ioctl+0x95c/0xe90 [ 340.115374][ T8716] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 340.120613][ T8716] ? __lock_acquire+0xab9/0xd20 [ 340.125539][ T8716] ? __asan_memset+0x22/0x50 [ 340.130179][ T8716] ? smack_file_ioctl+0x302/0x340 [ 340.135301][ T8716] ? __pfx_smack_file_ioctl+0x10/0x10 [ 340.140712][ T8716] ? __fget_files+0x2a/0x420 [ 340.145350][ T8716] ? __fget_files+0x3a0/0x420 [ 340.150058][ T8716] ? __fget_files+0x2a/0x420 [ 340.154688][ T8716] ? bpf_lsm_file_ioctl+0x9/0x20 [ 340.159700][ T8716] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 340.164927][ T8716] __se_sys_ioctl+0xf9/0x170 [ 340.169598][ T8716] do_syscall_64+0xfa/0x3b0 [ 340.174132][ T8716] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.180274][ T8716] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 340.185996][ T8716] ? clear_bhb_loop+0x60/0xb0 [ 340.190712][ T8716] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.196662][ T8716] RIP: 0033:0x7f0e73d8e929 [ 340.201665][ T8716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 340.221819][ T8716] RSP: 002b:00007f0e74c2c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 340.230322][ T8716] RAX: ffffffffffffffda RBX: 00007f0e73fb5fa0 RCX: 00007f0e73d8e929 [ 340.238573][ T8716] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 340.246600][ T8716] RBP: 00007f0e73e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 340.254634][ T8716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 340.262697][ T8716] R13: 0000000000000000 R14: 00007f0e73fb5fa0 R15: 00007ffea9f9a548 [ 340.270745][ T8716] [ 340.273784][ T8716] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 340.281092][ T8716] CPU: 0 UID: 0 PID: 8716 Comm: syz.4.911 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 340.293007][ T8716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 340.303087][ T8716] Call Trace: [ 340.306383][ T8716] [ 340.309325][ T8716] dump_stack_lvl+0x99/0x250 [ 340.313931][ T8716] ? __asan_memcpy+0x40/0x70 [ 340.318541][ T8716] ? __pfx_dump_stack_lvl+0x10/0x10 [ 340.323751][ T8716] ? __pfx__printk+0x10/0x10 [ 340.328361][ T8716] panic+0x2db/0x790 [ 340.332267][ T8716] ? __pfx_panic+0x10/0x10 [ 340.336707][ T8716] __warn+0x31b/0x4b0 [ 340.340718][ T8716] ? folio_memcg+0x1a8/0x310 [ 340.345342][ T8716] ? folio_memcg+0x1a8/0x310 [ 340.349951][ T8716] report_bug+0x2be/0x4f0 [ 340.354305][ T8716] ? folio_memcg+0x1a8/0x310 [ 340.358907][ T8716] ? folio_memcg+0x1a8/0x310 [ 340.363592][ T8716] ? folio_memcg+0x1aa/0x310 [ 340.368195][ T8716] handle_bug+0x84/0x160 [ 340.372451][ T8716] exc_invalid_op+0x1a/0x50 [ 340.376962][ T8716] asm_exc_invalid_op+0x1a/0x20 [ 340.381821][ T8716] RIP: 0010:folio_memcg+0x1a8/0x310 [ 340.387026][ T8716] Code: 80 3c 28 00 74 08 4c 89 f7 e8 b4 cc 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d e9 bf 21 65 09 cc e8 a9 74 ba ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff [ 340.406657][ T8716] RSP: 0018:ffffc9000376f250 EFLAGS: 00010287 [ 340.412764][ T8716] RAX: ffffffff8205b0a7 RBX: 0000000000000000 RCX: 0000000000080000 [ 340.420756][ T8716] RDX: ffffc9000bdc4000 RSI: 00000000000027a8 RDI: 00000000000027a9 [ 340.428746][ T8716] RBP: 0000000000000000 R08: ffffea0001df6447 R09: 1ffffd40003bec88 [ 340.436736][ T8716] R10: dffffc0000000000 R11: fffff940003bec89 R12: ffffea0001df6470 [ 340.444716][ T8716] R13: dffffc0000000000 R14: ffff888031207900 R15: 0000000000000002 [ 340.452704][ T8716] ? folio_memcg+0x1a7/0x310 [ 340.457326][ T8716] workingset_activation+0x5f/0x4a0 [ 340.462562][ T8716] ? folio_mark_accessed+0x2a1/0x4a0 [ 340.467878][ T8716] folio_mark_accessed+0x3b5/0x4a0 [ 340.473011][ T8716] kvm_release_page_clean+0x9a/0xe0 [ 340.478226][ T8716] kvm_tdp_page_fault+0x2dd/0x370 [ 340.483271][ T8716] kvm_mmu_do_page_fault+0x2c5/0x640 [ 340.488835][ T8716] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 340.494666][ T8716] ? vmx_handle_exit_irqoff+0x29e/0xad0 [ 340.500221][ T8716] ? __pfx_current_save_fsgs+0x10/0x10 [ 340.505722][ T8716] kvm_mmu_page_fault+0x22f/0xb70 [ 340.510792][ T8716] ? __pfx_handle_ept_violation+0x10/0x10 [ 340.516529][ T8716] vmx_handle_exit+0x1093/0x18a0 [ 340.521474][ T8716] ? vcpu_run+0x361c/0x6f70 [ 340.525990][ T8716] ? rcu_is_watching+0x15/0xb0 [ 340.530769][ T8716] vcpu_run+0x432e/0x6f70 [ 340.535255][ T8716] ? vcpu_run+0x361c/0x6f70 [ 340.539845][ T8716] ? __pfx_vcpu_run+0x10/0x10 [ 340.544556][ T8716] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 340.550317][ T8716] ? rcu_is_watching+0x15/0xb0 [ 340.555098][ T8716] kvm_arch_vcpu_ioctl_run+0xfc9/0x1940 [ 340.560690][ T8716] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 340.566436][ T8716] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 340.572470][ T8716] ? __lock_acquire+0xab9/0xd20 [ 340.577384][ T8716] kvm_vcpu_ioctl+0x95c/0xe90 [ 340.582095][ T8716] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 340.587307][ T8716] ? __lock_acquire+0xab9/0xd20 [ 340.592170][ T8716] ? __asan_memset+0x22/0x50 [ 340.596780][ T8716] ? smack_file_ioctl+0x302/0x340 [ 340.601823][ T8716] ? __pfx_smack_file_ioctl+0x10/0x10 [ 340.607231][ T8716] ? __fget_files+0x2a/0x420 [ 340.611862][ T8716] ? __fget_files+0x3a0/0x420 [ 340.616559][ T8716] ? __fget_files+0x2a/0x420 [ 340.621165][ T8716] ? bpf_lsm_file_ioctl+0x9/0x20 [ 340.626113][ T8716] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 340.631321][ T8716] __se_sys_ioctl+0xf9/0x170 [ 340.635928][ T8716] do_syscall_64+0xfa/0x3b0 [ 340.640441][ T8716] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.646513][ T8716] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 340.652153][ T8716] ? clear_bhb_loop+0x60/0xb0 [ 340.656846][ T8716] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.662743][ T8716] RIP: 0033:0x7f0e73d8e929 [ 340.667166][ T8716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 340.686833][ T8716] RSP: 002b:00007f0e74c2c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 340.695282][ T8716] RAX: ffffffffffffffda RBX: 00007f0e73fb5fa0 RCX: 00007f0e73d8e929 [ 340.703276][ T8716] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 340.711265][ T8716] RBP: 00007f0e73e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 340.719252][ T8716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 340.727246][ T8716] R13: 0000000000000000 R14: 00007f0e73fb5fa0 R15: 00007ffea9f9a548 [ 340.735269][ T8716] [ 340.738703][ T8716] Kernel Offset: disabled [ 340.743056][ T8716] Rebooting in 86400 seconds..