last executing test programs: 3.74016851s ago: executing program 3 (id=143): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_FRAME(r0, 0x0, 0x10) 3.666019397s ago: executing program 2 (id=145): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, 0x0) clock_gettime(0x0, 0x0) recvmmsg(r0, &(0x7f0000001b00)=[{{&(0x7f0000000040)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000000140)}, 0x2}], 0x1, 0x20, 0x0) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 3.281136027s ago: executing program 3 (id=148): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x1}) getpid() syz_open_dev$media(&(0x7f0000000380), 0x3, 0x0) pselect6(0x40, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x10000000, 0x1}, &(0x7f0000000000)={0x18, 0x7, 0x6, 0x0, 0x7, 0x400000}, 0x0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) 3.212914241s ago: executing program 2 (id=150): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) capset(&(0x7f0000019340)={0x20071026}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff, 0xe}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000001007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000085000000a000000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 2.433169963s ago: executing program 0 (id=152): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, 0x0) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f00000000c0)={{@my=0x0}, 0x1, 0x0, 0x10001}) 2.21753549s ago: executing program 1 (id=153): open(&(0x7f00009e1000)='./file0\x00', 0x149040, 0x40) syz_open_procfs(0x0, &(0x7f0000000200)='uid_map\x00') bpf$MAP_CREATE(0x0, &(0x7f0000001700)=ANY=[@ANYBLOB="16000000000000"], 0x48) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') pipe2$9p(&(0x7f0000000240), 0x0) socket$inet6(0xa, 0x2, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f00000012c0)=ANY=[@ANYRES8=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r0, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r1, 0x541c, &(0x7f0000000000)) 2.204489821s ago: executing program 2 (id=154): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xff}, 0x1c) r1 = fcntl$dupfd(r0, 0x406, r0) write$cgroup_pid(r1, &(0x7f0000000240), 0xb375) 2.126881493s ago: executing program 4 (id=155): r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) ioctl$SOUND_MIXER_READ_RECMASK(r0, 0x80044dfd, &(0x7f0000000140)) 2.126038725s ago: executing program 0 (id=156): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) sendmsg$inet(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0x58}, 0x122) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a30000000002c000000030a01080000000000000000010000000900030073797a320000000009000100", @ANYRES16=r2], 0xc4}}, 0x0) 2.069881126s ago: executing program 3 (id=157): pread64(0xffffffffffffffff, 0x0, 0x0, 0x4eb) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000012c0)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000280)=@gcm_128={{0x304}, "ed197fbfb5c342b6", "28852cbbbeba35380ee5190047169f9d", "5f2307e0", "2ce6f8da8e55c427"}, 0x28) write$binfmt_elf64(r1, &(0x7f0000000740)=ANY=[], 0x4a2) r2 = syz_io_uring_setup(0xb5c, &(0x7f0000000640)={0x0, 0x9916, 0x0, 0x0, 0x164, 0x0, r1}, &(0x7f0000000040)=0x0, &(0x7f0000000480)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0x0, &(0x7f0000000580)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r2, 0xf23, 0x0, 0xc, 0x0, 0x0) 1.905196524s ago: executing program 1 (id=158): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc", 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_DEL_INTERFACE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x20, 0x0, 0x20, 0x70bd2d, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x9, 0x66}}}}}, 0x20}, 0x1, 0x0, 0x0, 0xa00da64d0fb3986}, 0x4008000) 1.837190828s ago: executing program 2 (id=159): mknodat$null(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x2000, 0x103) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f0000000000), 0x1000000, &(0x7f0000000380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}}) r1 = fspick(0xffffffffffffff9c, 0x0, 0x1) fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0) 1.768230085s ago: executing program 0 (id=160): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_FRAME(r0, 0x0, 0x10) 1.713181701s ago: executing program 4 (id=161): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000100)={@cgroup, 0xffffffffffffffff, 0x37, 0x8}, 0x20) 1.518866045s ago: executing program 2 (id=162): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000001200)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r3, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x3}) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r4, 0xffffffffffffffff, 0x0) 1.518714594s ago: executing program 1 (id=163): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x140, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000040)={0x2b, 0x13, 0x0, 0x2, 0xb, 0xa9, 0x5, 0x2, 0x1}) 1.518631403s ago: executing program 4 (id=164): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) capset(&(0x7f0000019340)={0x20071026}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff, 0xe}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000001007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000085000000a000000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.518050514s ago: executing program 0 (id=165): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000080)={{@my=0x1, 0x3}, @hyper, 0x4, 0x0, 0x5c, 0x7fffffffffffffff, 0x100000000000006, 0x0, 0x6}) 1.40770761s ago: executing program 1 (id=166): r0 = socket$caif_seqpacket(0x25, 0x5, 0x5) sendto(r0, 0x0, 0xffffffffffffffeb, 0x20000803, 0x0, 0x0) 1.377672377s ago: executing program 4 (id=167): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, 0x0) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f00000000c0)={{@my=0x0}, 0x1, 0x0, 0x10001}) 1.290556655s ago: executing program 3 (id=168): open(&(0x7f00009e1000)='./file0\x00', 0x149040, 0x40) syz_open_procfs(0x0, &(0x7f0000000200)='uid_map\x00') bpf$MAP_CREATE(0x0, &(0x7f0000001700)=ANY=[@ANYBLOB="16000000000000"], 0x48) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') pipe2$9p(&(0x7f0000000240), 0x0) socket$inet6(0xa, 0x2, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f00000012c0)=ANY=[@ANYRES8=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r0, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r1, 0x541c, &(0x7f0000000000)) 610.874028ms ago: executing program 0 (id=169): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1) ioctl$KVM_SET_MEMORY_ATTRIBUTES(r1, 0x4020aed2, &(0x7f0000000000)={0x4000, 0x115000, 0x8}) 472.604279ms ago: executing program 1 (id=170): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) sendmsg$inet(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0x58}, 0x122) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a30000000002c000000030a01080000000000000000010000000900030073797a320000000009000100", @ANYRES16=r2], 0xc4}}, 0x0) 463.861316ms ago: executing program 2 (id=171): write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e) syz_clone(0x80324080, &(0x7f00000005c0), 0x0, &(0x7f0000000640), 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0x0, 0x0}, 0x10) 463.381863ms ago: executing program 4 (id=172): mknodat$null(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x2000, 0x103) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f0000000000), 0x1000000, &(0x7f0000000380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}}) r1 = fspick(0xffffffffffffff9c, 0x0, 0x1) fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0) 358.884478ms ago: executing program 3 (id=173): r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24) listen(r0, 0x7f) recvmmsg(r0, 0x0, 0x0, 0x40000000, 0x0) 294.573617ms ago: executing program 4 (id=174): r0 = socket$rds(0x15, 0x5, 0x0) setsockopt$RDS_FREE_MR(r0, 0x114, 0x3, &(0x7f0000000040)={{0x3ff, 0x2}, 0x1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c1840, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0) write(r5, &(0x7f0000004200)='t', 0x1) sendfile(r5, r4, 0x0, 0x7fffffff) ftruncate(r3, 0x2007ffb) sendfile(r3, r3, 0x0, 0x1000000201005) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) sendfile(r0, r0, &(0x7f00000000c0)=0x5, 0xfffffffffffffff8) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) open_by_handle_at(0xffffffffffffff9c, 0x0, 0x0) 148.37047ms ago: executing program 1 (id=175): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892", 0xc) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_DEL_INTERFACE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x20, 0x0, 0x20, 0x70bd2d, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x9, 0x66}}}}}, 0x20}, 0x1, 0x0, 0x0, 0xa00da64d0fb3986}, 0x4008000) 74.412047ms ago: executing program 3 (id=176): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x10) 0s ago: executing program 0 (id=177): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0}, 0x1, 0x0, 0x0, 0x8121}, 0x20000000) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) sendmsg$RDMA_NLDEV_CMD_GET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x801}, 0x4004804) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') pread64(r5, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000) fsopen(0x0, 0xec97e4957fad9f22) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b04, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.156' (ED25519) to the list of known hosts. [ 79.275280][ T5815] cgroup: Unknown subsys name 'net' [ 79.430216][ T5815] cgroup: Unknown subsys name 'cpuset' [ 79.439161][ T5815] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 81.043737][ T5815] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 83.156587][ T5839] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 83.160244][ T5841] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 83.165100][ T5839] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 83.181051][ T5842] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 83.189832][ T5841] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 83.200572][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 83.210104][ T5841] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 83.218844][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 83.226973][ T5841] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 83.235009][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 83.244001][ T5841] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 83.252772][ T5842] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 83.261020][ T5841] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 83.265298][ T5843] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 83.268590][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 83.279022][ T5843] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 83.285809][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 83.291953][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 83.297941][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 83.308039][ T5843] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 83.327289][ T5843] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 83.336232][ T5843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 83.350154][ T5843] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 83.357867][ T5843] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 83.369233][ T5848] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 84.011148][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 84.143533][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 84.240643][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 84.259945][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 84.371161][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 84.504883][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.512408][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.520389][ T5828] bridge_slave_0: entered allmulticast mode [ 84.528533][ T5828] bridge_slave_0: entered promiscuous mode [ 84.567333][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.574609][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.582642][ T5827] bridge_slave_0: entered allmulticast mode [ 84.590465][ T5827] bridge_slave_0: entered promiscuous mode [ 84.599975][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.607327][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.615221][ T5828] bridge_slave_1: entered allmulticast mode [ 84.623226][ T5828] bridge_slave_1: entered promiscuous mode [ 84.656227][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.663749][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.671377][ T5827] bridge_slave_1: entered allmulticast mode [ 84.679044][ T5827] bridge_slave_1: entered promiscuous mode [ 84.778568][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.786012][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.793320][ T5829] bridge_slave_0: entered allmulticast mode [ 84.801353][ T5829] bridge_slave_0: entered promiscuous mode [ 84.827070][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.837062][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.844545][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.852251][ T5835] bridge_slave_0: entered allmulticast mode [ 84.860457][ T5835] bridge_slave_0: entered promiscuous mode [ 84.883444][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.891158][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.899357][ T5829] bridge_slave_1: entered allmulticast mode [ 84.907516][ T5829] bridge_slave_1: entered promiscuous mode [ 84.919246][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.932057][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.941777][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.949582][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.957668][ T5835] bridge_slave_1: entered allmulticast mode [ 84.965309][ T5835] bridge_slave_1: entered promiscuous mode [ 84.972980][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.980910][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.988407][ T5830] bridge_slave_0: entered allmulticast mode [ 84.996446][ T5830] bridge_slave_0: entered promiscuous mode [ 85.005396][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.013184][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.020624][ T5830] bridge_slave_1: entered allmulticast mode [ 85.028324][ T5830] bridge_slave_1: entered promiscuous mode [ 85.053365][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.168210][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.193677][ T5828] team0: Port device team_slave_0 added [ 85.204179][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.218628][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.231519][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.244372][ T5827] team0: Port device team_slave_0 added [ 85.254159][ T5828] team0: Port device team_slave_1 added [ 85.264654][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.277864][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.320375][ T5827] team0: Port device team_slave_1 added [ 85.365782][ T5829] team0: Port device team_slave_0 added [ 85.377721][ T5848] Bluetooth: hci1: command tx timeout [ 85.383808][ T5843] Bluetooth: hci0: command tx timeout [ 85.430536][ T5829] team0: Port device team_slave_1 added [ 85.450708][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.458161][ T5843] Bluetooth: hci3: command tx timeout [ 85.458299][ T5843] Bluetooth: hci2: command tx timeout [ 85.465921][ T5848] Bluetooth: hci4: command tx timeout [ 85.469236][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.469638][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.516697][ T5835] team0: Port device team_slave_0 added [ 85.525334][ T5830] team0: Port device team_slave_0 added [ 85.545174][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.552358][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.579009][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.591531][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.598517][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.624730][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.639129][ T5835] team0: Port device team_slave_1 added [ 85.648423][ T5830] team0: Port device team_slave_1 added [ 85.667547][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.674596][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.700620][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.746667][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.753820][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.780247][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.827240][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.834305][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.860485][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.888189][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.895235][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.921973][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.934918][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.942115][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.968415][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.023557][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.030638][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.056976][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.069663][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.077087][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.103468][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.146595][ T5828] hsr_slave_0: entered promiscuous mode [ 86.153519][ T5828] hsr_slave_1: entered promiscuous mode [ 86.190325][ T5827] hsr_slave_0: entered promiscuous mode [ 86.197282][ T5827] hsr_slave_1: entered promiscuous mode [ 86.203966][ T5827] debugfs: 'hsr0' already exists in 'hsr' [ 86.210390][ T5827] Cannot create hsr debugfs directory [ 86.238201][ T5829] hsr_slave_0: entered promiscuous mode [ 86.245248][ T5829] hsr_slave_1: entered promiscuous mode [ 86.252233][ T5829] debugfs: 'hsr0' already exists in 'hsr' [ 86.258065][ T5829] Cannot create hsr debugfs directory [ 86.439111][ T5835] hsr_slave_0: entered promiscuous mode [ 86.446279][ T5835] hsr_slave_1: entered promiscuous mode [ 86.453086][ T5835] debugfs: 'hsr0' already exists in 'hsr' [ 86.459231][ T5835] Cannot create hsr debugfs directory [ 86.480200][ T5830] hsr_slave_0: entered promiscuous mode [ 86.487361][ T5830] hsr_slave_1: entered promiscuous mode [ 86.493852][ T5830] debugfs: 'hsr0' already exists in 'hsr' [ 86.499795][ T5830] Cannot create hsr debugfs directory [ 87.259547][ T5827] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 87.279288][ T5827] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 87.314866][ T5827] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 87.326472][ T5827] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 87.405087][ T5828] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 87.419114][ T5828] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 87.434870][ T5828] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 87.450150][ T5828] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 87.459382][ T5848] Bluetooth: hci0: command tx timeout [ 87.459968][ T5843] Bluetooth: hci1: command tx timeout [ 87.546782][ T5843] Bluetooth: hci4: command tx timeout [ 87.546826][ T5839] Bluetooth: hci3: command tx timeout [ 87.558982][ T5848] Bluetooth: hci2: command tx timeout [ 87.589120][ T5829] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 87.607768][ T5829] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 87.620417][ T5829] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 87.639765][ T5829] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 87.766833][ T5830] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 87.780425][ T5830] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 87.808172][ T5830] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 87.821406][ T5830] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 87.859009][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.005510][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.065057][ T5835] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.084432][ T77] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.092368][ T77] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.109770][ T5835] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.120648][ T5835] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.147915][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.154798][ T5835] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.198826][ T77] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.206046][ T77] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.271730][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.354962][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.379909][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.413364][ T77] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.420756][ T77] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.463294][ T77] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.470540][ T77] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.508454][ T77] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.516261][ T77] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.561211][ T77] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.568567][ T77] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.707466][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.750243][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.806014][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.813275][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.862296][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.869722][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.921362][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.982694][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.075491][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.131958][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.139229][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.195406][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.202616][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.319371][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.388269][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.408131][ T5827] veth0_vlan: entered promiscuous mode [ 89.517223][ T5827] veth1_vlan: entered promiscuous mode [ 89.538445][ T5848] Bluetooth: hci0: command tx timeout [ 89.544402][ T5839] Bluetooth: hci1: command tx timeout [ 89.616500][ T5839] Bluetooth: hci4: command tx timeout [ 89.622558][ T5848] Bluetooth: hci3: command tx timeout [ 89.622595][ T5843] Bluetooth: hci2: command tx timeout [ 89.680890][ T5829] veth0_vlan: entered promiscuous mode [ 89.719299][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.802094][ T5828] veth0_vlan: entered promiscuous mode [ 89.813127][ T5829] veth1_vlan: entered promiscuous mode [ 89.830563][ T5827] veth0_macvtap: entered promiscuous mode [ 89.863294][ T5827] veth1_macvtap: entered promiscuous mode [ 89.902277][ T5828] veth1_vlan: entered promiscuous mode [ 89.980056][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.005016][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.048325][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.120658][ T5829] veth0_macvtap: entered promiscuous mode [ 90.130701][ T87] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.141071][ T87] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.163432][ T87] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.173075][ T87] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.214991][ T5829] veth1_macvtap: entered promiscuous mode [ 90.228389][ T5828] veth0_macvtap: entered promiscuous mode [ 90.267639][ T5828] veth1_macvtap: entered promiscuous mode [ 90.360478][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.401756][ T5835] veth0_vlan: entered promiscuous mode [ 90.419571][ T87] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.432808][ T87] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.450621][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.493868][ T5835] veth1_vlan: entered promiscuous mode [ 90.511034][ T87] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.521302][ T87] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.552589][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.564454][ T87] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.573847][ T87] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.584614][ T5830] veth0_vlan: entered promiscuous mode [ 90.608297][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.623030][ T77] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.632472][ T77] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.658542][ T87] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.667895][ T87] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.688285][ T87] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.699298][ T87] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.767251][ T5827] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 90.803400][ T5830] veth1_vlan: entered promiscuous mode [ 90.820747][ T5835] veth0_macvtap: entered promiscuous mode [ 90.917522][ T5835] veth1_macvtap: entered promiscuous mode [ 91.051596][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.070153][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.076567][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.122601][ T5954] capability: warning: `syz.0.6' uses deprecated v2 capabilities in a way that may be insecure [ 91.140147][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.152180][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.160525][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.300554][ T77] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.317441][ T5830] veth0_macvtap: entered promiscuous mode [ 91.351835][ T77] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.353079][ T5958] netlink: 'syz.0.8': attribute type 1 has an invalid length. [ 91.369059][ T77] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.385456][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.394879][ T87] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.404369][ T87] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.412495][ T77] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.416740][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.434936][ T5830] veth1_macvtap: entered promiscuous mode [ 91.616508][ T5843] Bluetooth: hci1: command tx timeout [ 91.617067][ T5848] Bluetooth: hci0: command tx timeout [ 91.701204][ T5848] Bluetooth: hci2: command tx timeout [ 91.701232][ T5843] Bluetooth: hci3: command tx timeout [ 91.706794][ T5839] Bluetooth: hci4: command tx timeout [ 91.723431][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.873493][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.931282][ T5968] netlink: 'syz.0.10': attribute type 8 has an invalid length. [ 91.951863][ T87] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.988022][ T5968] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10'. [ 91.988744][ T180] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.997157][ T87] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.056737][ T180] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.085095][ T5968] bond0: entered promiscuous mode [ 92.099546][ T5968] bond_slave_0: entered promiscuous mode [ 92.107116][ T5968] bond_slave_1: entered promiscuous mode [ 92.119394][ T10] cfg80211: failed to load regulatory.db [ 92.122735][ T5968] gretap0: entered promiscuous mode [ 92.159937][ T5968] hsr1: entered promiscuous mode [ 92.165510][ T180] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.237026][ T180] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.329942][ T180] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.374114][ T180] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.689963][ T87] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.726961][ T87] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.886716][ T87] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.890079][ T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 92.916063][ T87] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.066333][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 93.100192][ T9] usb 3-1: config 2 has an invalid interface number: 196 but max is 0 [ 93.134043][ T9] usb 3-1: config 2 has no interface number 0 [ 93.178854][ T9] usb 3-1: config 2 interface 196 has no altsetting 0 [ 93.263262][ T9] usb 3-1: New USB device found, idVendor=0421, idProduct=00a0, bcdDevice= 9.71 [ 93.316916][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.359173][ T9] usb 3-1: Product: syz [ 93.400309][ T9] usb 3-1: Manufacturer: syz [ 94.200175][ T9] usb 3-1: SerialNumber: syz [ 94.443014][ T6018] netlink: 'syz.1.26': attribute type 8 has an invalid length. [ 94.468566][ T6018] netlink: 4 bytes leftover after parsing attributes in process `syz.1.26'. [ 95.315387][ T9] usb 3-1: bad CDC descriptors [ 95.484891][ T9] usb 3-1: USB disconnect, device number 2 [ 95.841359][ T6037] ======================================================= [ 95.841359][ T6037] WARNING: The mand mount option has been deprecated and [ 95.841359][ T6037] and is ignored by this kernel. Remove the mand [ 95.841359][ T6037] option from the mount to silence this warning. [ 95.841359][ T6037] ======================================================= [ 96.908120][ T6050] netlink: 8 bytes leftover after parsing attributes in process `syz.3.40'. [ 96.926602][ T6050] Zero length message leads to an empty skb [ 97.254311][ T6058] overlayfs: conflicting lowerdir path [ 97.269666][ T6064] overlayfs: workdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 97.844414][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.855467][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.096276][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 98.266768][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 98.392208][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 98.401312][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 98.494579][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 98.505194][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 98.597007][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 98.606026][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 98.726832][ T6094] netlink: 'syz.0.56': attribute type 8 has an invalid length. [ 98.737145][ T6094] netlink: 4 bytes leftover after parsing attributes in process `syz.0.56'. [ 100.980087][ T6123] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 101.228748][ T6133] netlink: 'syz.3.72': attribute type 8 has an invalid length. [ 101.237464][ T6133] netlink: 4 bytes leftover after parsing attributes in process `syz.3.72'. [ 103.320818][ T6168] netlink: 'syz.1.84': attribute type 8 has an invalid length. [ 103.370226][ T6168] netlink: 4 bytes leftover after parsing attributes in process `syz.1.84'. [ 103.896980][ T6193] netlink: 4 bytes leftover after parsing attributes in process `syz.2.99'. [ 104.081151][ T6203] netlink: 'syz.4.104': attribute type 8 has an invalid length. [ 104.090656][ T6204] syz.3.103 uses obsolete (PF_INET,SOCK_PACKET) [ 104.097686][ T6203] netlink: 4 bytes leftover after parsing attributes in process `syz.4.104'. [ 110.756538][ T6326] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 112.737520][ T29] audit: type=1804 audit(1772965263.355:2): pid=6374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.174" name="bus" dev="ramfs" ino=10400 res=1 errno=0 [ 112.785014][ T6372] ------------[ cut here ]------------ [ 112.790778][ T6372] !valid_signal(sig) [ 112.790794][ T6372] WARNING: kernel/signal.c:2174 at do_notify_parent+0xd18/0xe30, CPU#1: syz.2.171/6372 [ 112.804623][ T6372] Modules linked in: [ 112.808662][ T6372] CPU: 1 UID: 0 PID: 6372 Comm: syz.2.171 Not tainted syzkaller #0 PREEMPT(full) [ 112.818034][ T6372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 112.828120][ T6372] RIP: 0010:do_notify_parent+0xd18/0xe30 [ 112.833794][ T6372] Code: c6 05 a8 99 70 0e 01 48 c7 c7 80 4c cb 8b be a3 08 00 00 48 c7 c2 00 4e cb 8b e8 23 6f 17 00 e9 2e fa ff ff e8 59 35 3b 00 90 <0f> 0b 90 45 31 e4 e9 1c ff ff ff e8 48 35 3b 00 90 0f 0b 90 e9 db [ 112.853423][ T6372] RSP: 0018:ffffc9000653fc40 EFLAGS: 00010093 [ 112.859600][ T6372] RAX: ffffffff818b5777 RBX: dffffc0000000000 RCX: ffff888058a21e80 [ 112.867575][ T6372] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000040 [ 112.875644][ T6372] RBP: ffffc9000653fd90 R08: 0000000000000003 R09: 0000000000000004 [ 112.883703][ T6372] R10: dffffc0000000000 R11: fffff52000ca7fa4 R12: ffff8880292e2450 [ 112.891681][ T6372] R13: ffff888058a21e80 R14: 0000000000000080 R15: 1ffff92000ca7f90 [ 112.900583][ T6372] FS: 0000000000000000(0000) GS:ffff888125549000(0000) knlGS:0000000000000000 [ 112.909803][ T6372] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.916665][ T6372] CR2: 00007f25c9b456b8 CR3: 000000007c0b8000 CR4: 00000000003526f0 [ 112.924729][ T6372] Call Trace: [ 112.928015][ T6372] [ 112.930953][ T6372] ? do_raw_spin_lock+0x12b/0x2f0 [ 112.935994][ T6372] ? __pfx_do_notify_parent+0x10/0x10 [ 112.941420][ T6372] ? do_raw_write_lock+0x11d/0x260 [ 112.946835][ T6372] ? __pfx_do_raw_write_lock+0x10/0x10 [ 112.953036][ T6372] ? kill_orphaned_pgrp+0x170/0x610 [ 112.958356][ T6372] do_exit+0x15b3/0x2490 [ 112.962628][ T6372] ? __pfx_do_exit+0x10/0x10 [ 112.967247][ T6372] ? rcu_is_watching+0x15/0xb0 [ 112.972233][ T6372] __x64_sys_exit+0x40/0x40 [ 112.976763][ T6372] x64_sys_call+0x2231/0x2240 [ 112.981554][ T6372] do_syscall_64+0x14d/0xf80 [ 112.986240][ T6372] ? trace_irq_disable+0x3b/0x150 [ 112.991268][ T6372] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.997426][ T6372] ? clear_bhb_loop+0x40/0x90 [ 113.002113][ T6372] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.008096][ T6372] RIP: 0033:0x7f5c0739c799 [ 113.012520][ T6372] Code: Unable to access opcode bytes at 0x7f5c0739c76f. [ 113.019536][ T6372] RSP: 002b:0000200000000018 EFLAGS: 00000246 ORIG_RAX: 000000000000003c [ 113.028650][ T6372] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f5c0739c799 [ 113.036824][ T6372] RDX: 00007f5c0739c799 RSI: 0000200000000040 RDI: 000000000000000b [ 113.045832][ T6372] RBP: 00007f5c07432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 113.053822][ T6372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 113.061889][ T6372] R13: 00007f5c07616038 R14: 00007f5c07615fa0 R15: 00007ffda09867e8 [ 113.070068][ T6372] [ 113.073269][ T6372] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 113.080548][ T6372] CPU: 1 UID: 0 PID: 6372 Comm: syz.2.171 Not tainted syzkaller #0 PREEMPT(full) [ 113.089764][ T6372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 113.099826][ T6372] Call Trace: [ 113.103112][ T6372] [ 113.106053][ T6372] vpanic+0x56c/0xa60 [ 113.110135][ T6372] ? __pfx__printk+0x10/0x10 [ 113.115365][ T6372] ? __pfx_vpanic+0x10/0x10 [ 113.119964][ T6372] ? is_bpf_text_address+0x292/0x2b0 [ 113.125268][ T6372] ? is_bpf_text_address+0x26/0x2b0 [ 113.130850][ T6372] panic+0xc5/0xd0 [ 113.134585][ T6372] ? __pfx_panic+0x10/0x10 [ 113.139031][ T6372] __warn+0x315/0x4f0 [ 113.143027][ T6372] ? do_notify_parent+0xd18/0xe30 [ 113.148076][ T6372] ? do_notify_parent+0xd18/0xe30 [ 113.153127][ T6372] __report_bug+0x29a/0x540 [ 113.157642][ T6372] ? do_notify_parent+0xd18/0xe30 [ 113.162889][ T6372] ? __pfx___report_bug+0x10/0x10 [ 113.167957][ T6372] ? do_syscall_64+0x14d/0xf80 [ 113.172915][ T6372] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.179606][ T6372] ? do_notify_parent+0xd18/0xe30 [ 113.184724][ T6372] report_bug+0x16a/0x220 [ 113.189055][ T6372] ? do_notify_parent+0xd18/0xe30 [ 113.194089][ T6372] ? do_notify_parent+0xd1a/0xe30 [ 113.199134][ T6372] handle_bug+0x9c/0x200 [ 113.203413][ T6372] exc_invalid_op+0x1a/0x50 [ 113.207944][ T6372] asm_exc_invalid_op+0x1a/0x20 [ 113.212812][ T6372] RIP: 0010:do_notify_parent+0xd18/0xe30 [ 113.218464][ T6372] Code: c6 05 a8 99 70 0e 01 48 c7 c7 80 4c cb 8b be a3 08 00 00 48 c7 c2 00 4e cb 8b e8 23 6f 17 00 e9 2e fa ff ff e8 59 35 3b 00 90 <0f> 0b 90 45 31 e4 e9 1c ff ff ff e8 48 35 3b 00 90 0f 0b 90 e9 db [ 113.238260][ T6372] RSP: 0018:ffffc9000653fc40 EFLAGS: 00010093 [ 113.244346][ T6372] RAX: ffffffff818b5777 RBX: dffffc0000000000 RCX: ffff888058a21e80 [ 113.252344][ T6372] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000040 [ 113.260374][ T6372] RBP: ffffc9000653fd90 R08: 0000000000000003 R09: 0000000000000004 [ 113.268354][ T6372] R10: dffffc0000000000 R11: fffff52000ca7fa4 R12: ffff8880292e2450 [ 113.276328][ T6372] R13: ffff888058a21e80 R14: 0000000000000080 R15: 1ffff92000ca7f90 [ 113.284395][ T6372] ? do_notify_parent+0xd17/0xe30 [ 113.289442][ T6372] ? do_raw_spin_lock+0x12b/0x2f0 [ 113.294489][ T6372] ? __pfx_do_notify_parent+0x10/0x10 [ 113.299997][ T6372] ? do_raw_write_lock+0x11d/0x260 [ 113.305134][ T6372] ? __pfx_do_raw_write_lock+0x10/0x10 [ 113.310809][ T6372] ? kill_orphaned_pgrp+0x170/0x610 [ 113.316214][ T6372] do_exit+0x15b3/0x2490 [ 113.320475][ T6372] ? __pfx_do_exit+0x10/0x10 [ 113.325339][ T6372] ? rcu_is_watching+0x15/0xb0 [ 113.330119][ T6372] __x64_sys_exit+0x40/0x40 [ 113.334630][ T6372] x64_sys_call+0x2231/0x2240 [ 113.339394][ T6372] do_syscall_64+0x14d/0xf80 [ 113.343992][ T6372] ? trace_irq_disable+0x3b/0x150 [ 113.349110][ T6372] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.355367][ T6372] ? clear_bhb_loop+0x40/0x90 [ 113.360060][ T6372] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.366320][ T6372] RIP: 0033:0x7f5c0739c799 [ 113.370915][ T6372] Code: Unable to access opcode bytes at 0x7f5c0739c76f. [ 113.378113][ T6372] RSP: 002b:0000200000000018 EFLAGS: 00000246 ORIG_RAX: 000000000000003c [ 113.386660][ T6372] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f5c0739c799 [ 113.394635][ T6372] RDX: 00007f5c0739c799 RSI: 0000200000000040 RDI: 000000000000000b [ 113.402714][ T6372] RBP: 00007f5c07432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 113.411062][ T6372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 113.419035][ T6372] R13: 00007f5c07616038 R14: 00007f5c07615fa0 R15: 00007ffda09867e8 [ 113.427207][ T6372] [ 113.430712][ T6372] Kernel Offset: disabled [ 113.435386][ T6372] Rebooting in 86400 seconds..