last executing test programs: 7.008728932s ago: executing program 1 (id=298): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@local}) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r0, 0x7b1, 0x0) 7.006938622s ago: executing program 0 (id=299): ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f0000000280)=@arm64={0x5, 0x6, 0x2, '\x00', 0x1}) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce) r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_MCE_KILL(0x21, 0x1, 0x2) r3 = socket(0x10, 0x3, 0x0) write(r3, 0x0, 0x0) recvmmsg(r3, &(0x7f0000005c80), 0x1b, 0x10122, 0x0) r4 = syz_open_pts(0xffffffffffffffff, 0x0) dup(r4) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r1, 0x50009418, &(0x7f0000000e00)={{r2}, 0x0, 0xe, @inherit={0x70, &(0x7f00000003c0)={0x1, 0x5, 0x6, 0xfff, {0x0, 0x0, 0x8, 0xe, 0x7fffffffffffffff}, [0x2, 0x199, 0xffff, 0x6, 0x7]}}, @subvolid=0xf6dc}) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000840), 0x1a01, 0x0) ioctl$EVIOCGPROP(r5, 0x40047438, 0x0) ioctl$IOMMU_GET_HW_INFO(0xffffffffffffffff, 0x3b8a, &(0x7f00000000c0)={0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f}) ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(0xffffffffffffffff, 0x3b87, &(0x7f0000000000)={0x18, 0x0, 0x0, 0x0, 0x0, 0x3}) 6.401062162s ago: executing program 1 (id=301): r0 = socket$kcm(0x10, 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) syz_emit_vhci(0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r4}, 0x18) r7 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_FMT(r7, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x200, 0x7c2, 0x41414770, 0x58595556, 0x425, 0x10001, 0x6, 0x2, 0x1, 0x3, 0x0, 0x6}}) add_key(&(0x7f0000000040)='dns_resolver\x00', &(0x7f0000000400)={'syz', 0x3}, &(0x7f0000000080)="000001020200", 0x6, 0xfffffffffffffffb) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x12, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) 6.279341113s ago: executing program 3 (id=302): mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000004200)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f}}, 0x50) syz_fuse_handle_req(r0, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x20, 0x0, 0x4000000000009, {0x0, 0xe}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) acct(&(0x7f00000001c0)='./file0\x00') acct(0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r2, 0xffffffffffffffff, 0x0) 5.937555229s ago: executing program 0 (id=303): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)={0x2}) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, 0x0) userfaultfd(0x801) r2 = syz_io_uring_setup(0x27f0, &(0x7f0000000340)={0x0, 0x400000, 0x10100, 0x400001, 0x28c}, &(0x7f0000000080), &(0x7f0000000000)=0x0) syz_io_uring_setup(0x1868, &(0x7f00000003c0)={0x0, 0xd762, 0x100, 0x0, 0x134, 0x0, r2}, &(0x7f00000002c0)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r2, 0x8184c, 0x0, 0x9, 0x0, 0x0) 5.808954741s ago: executing program 0 (id=304): socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d805"], 0x270}, 0x1, 0x0, 0x0, 0x8015}, 0x4) syz_usb_connect(0x0, 0x4d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000298962d08e2041414b9c50102030109023b"], 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$packet(0x11, 0x2, 0x300) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x14) sendmmsg(r0, &(0x7f0000005d40)=[{{&(0x7f0000000180)=@can={0x1d, r2}, 0x80, 0x0}}], 0x1, 0x0) 5.490018055s ago: executing program 3 (id=305): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f3, &(0x7f0000000000)={'syztnl0\x00', &(0x7f0000000340)={'ip_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x2, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x4, 0x0, @local, @empty}}}}) 5.144049911s ago: executing program 2 (id=307): sendmsg$NFT_MSG_GETSET(0xffffffffffffffff, 0x0, 0x4000080) prlimit64(0x0, 0xe, &(0x7f0000000340)={0xa, 0xc1f}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) socket$kcm(0x10, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x4002) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$DRM_IOCTL_MODE_SETPLANE(0xffffffffffffffff, 0xc03064b7, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x7ff, 0x1000, 0x1, 0xfffffffc, 0x5, 0xffff, 0x200400, 0x31e}) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000040)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f00000000c0)=[0x0, 0x0, 0x0], &(0x7f0000000180), 0x3, r2, 0xeeeeeeee}) ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r1, 0xc01864ba, &(0x7f0000000300)={0x2, r4, r2}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000580)={0x0, &(0x7f0000000940)=[{}, {}], &(0x7f0000000500), &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2}) setgroups(0x700, &(0x7f0000000280)) 4.093289707s ago: executing program 3 (id=308): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000001000)={&(0x7f0000000a40)=@newtaction={0x44, 0x30, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0x30, 0x1, [@m_ct={0x2c, 0x1, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x44}}, 0x0) 4.044715378s ago: executing program 2 (id=309): openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0) syz_init_net_socket$llc(0x1a, 0x2, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000440)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0, 0x0, 0x7}, 0x18) userfaultfd(0x801) userfaultfd(0x80801) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(&(0x7f0000000100)=' \x01\x9c\x147\xb3\xcf\xfc\xc3\xa2W)\xebs\x93\xa7\xc7-\xeb\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00AWK\n\x8b!Q\x8f\xf6\xec\xa5fs\xf5l{T\x87r\xd2)r\xa7\xd6\bO\x9a\x98\xf52:\"\xf4\x12\xc0T+\xcd\x9fv|\x8d\xd5\xb2Dvc\x8e\x93\xd8\xd6\xa0\xc56\xd2x\xe3g:', 0x41, 0x80, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet_udp(0x2, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_io_uring_setup(0x2e2, &(0x7f00000002c0)={0x0, 0x1943, 0x10100, 0x0, 0x4000004}, &(0x7f00000000c0), &(0x7f0000000240)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x60, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x61, 0x1, {0x1}}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) write$UHID_CREATE2(r2, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0) io_uring_enter(r1, 0x7330, 0x0, 0x0, 0x0, 0x0) 3.91876405s ago: executing program 3 (id=310): openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$dri(0x0, 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000d40)={0x0, 0xfffffffffffffe22}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, 0x0) unshare(0x22020600) r2 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x4) r4 = openat$cgroup_ro(r3, &(0x7f00000000c0)='cgroup.controllers\x00', 0x5000000, 0x0) readv(r4, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/4096, 0x1000}], 0x1) r5 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0) ioctl$IMDELTIMER(r5, 0x80044941, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x40, @empty}}, 0xfffffffd, 0x0, 0x3f4, 0xfffffffe, 0x0, 0x0, 0x40}, 0x9c) bind$inet6(r7, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x200000, @loopback}, 0x1c) sendto$inet6(r7, &(0x7f0000847fff)="df", 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg(r7, &(0x7f0000003980)=[{{0x0, 0x0, &(0x7f0000000a00)=[{0x0}], 0x1}}], 0x1, 0x84004) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000000040)=[@in={0x2, 0x4e24, @empty}, @in={0x2, 0x4e20, @local}, @in6={0xa, 0x4e23, 0x5, @empty, 0xf2f}, @in6={0xa, 0x4e21, 0xffffffc5, @private0={0xfc, 0x0, '\x00', 0x1}, 0x400}, @in6={0xa, 0x4e22, 0xff, @dev={0xfe, 0x80, '\x00', 0x3c}, 0x7}, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x29}}, @in={0x2, 0x4e23, @multicast1}, @in={0x2, 0x4e24, @empty}], 0xa4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r6) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 3.89081192s ago: executing program 2 (id=311): ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f0000000280)=@arm64={0x5, 0x6, 0x2, '\x00', 0x1}) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce) r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_MCE_KILL(0x21, 0x1, 0x2) r3 = socket(0x10, 0x3, 0x0) write(r3, 0x0, 0x0) recvmmsg(r3, &(0x7f0000005c80), 0x1b, 0x10122, 0x0) r4 = syz_open_pts(0xffffffffffffffff, 0x0) dup(r4) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r1, 0x50009418, &(0x7f0000000e00)={{r2}, 0x0, 0xe, @inherit={0x70, &(0x7f00000003c0)={0x1, 0x5, 0x6, 0xfff, {0x0, 0x0, 0x8, 0xe, 0x7fffffffffffffff}, [0x2, 0x199, 0xffff, 0x6, 0x7]}}, @subvolid=0xf6dc}) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000840), 0x1a01, 0x0) ioctl$EVIOCGPROP(r5, 0x40047438, 0x0) ioctl$IOMMU_GET_HW_INFO(0xffffffffffffffff, 0x3b8a, &(0x7f00000000c0)={0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f}) ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(0xffffffffffffffff, 0x3b87, &(0x7f0000000000)={0x18, 0x0, 0x0, 0x0, 0x0, 0x3}) 2.434244032s ago: executing program 1 (id=312): accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80800) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x1, 0x0, 0x0) syz_init_net_socket$ax25(0x3, 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10) ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1, 0x0, [@null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000)) 2.364394544s ago: executing program 3 (id=313): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)={0x2}) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, 0x0) userfaultfd(0x801) r2 = syz_io_uring_setup(0x27f0, &(0x7f0000000340)={0x0, 0x400000, 0x10100, 0x400001, 0x28c}, &(0x7f0000000080), &(0x7f0000000000)=0x0) syz_io_uring_setup(0x1868, &(0x7f00000003c0)={0x0, 0xd762, 0x100, 0x0, 0x134, 0x0, r2}, &(0x7f00000002c0)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r2, 0x8184c, 0x0, 0x9, 0x0, 0x0) 2.363700364s ago: executing program 2 (id=314): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x1, &(0x7f00000004c0)=0x5) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x10000a0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, 0x0, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$alg(r2, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r2, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000400)=""/101, 0x65}], 0x1}}], 0x1, 0x60, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) io_setup(0xa, 0x0) write$nbd(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="01"], 0x40) 2.202039206s ago: executing program 3 (id=315): r0 = fsopen(&(0x7f00000003c0)='nfsd\x00', 0x1) fsconfig$FSCONFIG_SET_FLAG(r0, 0x6, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000080)={{0x1, 0x1, 0x18}, './file0\x00'}) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) creat(0x0, 0xecf86c37d53049cc) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = dup(0xffffffffffffffff) write$UHID_INPUT(r2, &(0x7f0000001040)={0xf, {"a2e3ad21ed0d1bf91b4d090955f70e06d038e7ff7fc6e5539b0d3f0e8b089b3f35076e090890e0878f0e1ac6e7049b3346959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x96d) 2.172945936s ago: executing program 0 (id=316): r0 = socket(0x10, 0x2, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000340)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) write$binfmt_script(r1, &(0x7f0000000500)={'#! ', './file0'}, 0xb) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd87}, &(0x7f0000000240)=0x40) writev(r1, &(0x7f00000030c0)=[{&(0x7f0000000a40)="fb", 0x1}], 0x1) close_range(r0, r1, 0x0) 2.159461887s ago: executing program 1 (id=317): prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x8b}, 0x0) getrlimit(0xe, &(0x7f00000000c0)) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) close(r4) ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "65366a50432b7ee2c7feddd91df868e7cfc6fa7272f3bf0a71b5d0c19323a260"}}) syz_open_dev$tty1(0xc, 0x4, 0x1) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) statx(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0xf0cb2f4a0c2cfc5d, 0x0) read$FUSE(r5, &(0x7f0000006380)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r5, &(0x7f0000001200)={0x50, 0x0, r6, {0x7, 0x2b, 0x3, 0x61c3c08, 0x0, 0x1, 0x0, 0x6, 0x0, 0x0, 0x2}}, 0x50) read$FUSE(r5, &(0x7f0000004340)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r5, &(0x7f0000000480)={0x10, 0xffffffffffffffda, r7}, 0x10) bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 1.052049874s ago: executing program 0 (id=318): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000001000)={&(0x7f0000000a40)=@newtaction={0x44, 0x30, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0x30, 0x1, [@m_ct={0x2c, 0x1, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x44}}, 0x0) 833.535417ms ago: executing program 1 (id=319): sendmsg$NFT_MSG_GETSET(0xffffffffffffffff, 0x0, 0x4000080) prlimit64(0x0, 0xe, &(0x7f0000000340)={0xa, 0xc1f}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) socket$kcm(0x10, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x4002) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$DRM_IOCTL_MODE_SETPLANE(0xffffffffffffffff, 0xc03064b7, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x7ff, 0x1000, 0x1, 0xfffffffc, 0x5, 0xffff, 0x200400, 0x31e}) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000040)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f00000000c0)=[0x0, 0x0, 0x0], &(0x7f0000000180), 0x3, r2, 0xeeeeeeee}) ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r1, 0xc01864ba, &(0x7f0000000300)={0x2, r4, r2}) setgroups(0x700, &(0x7f0000000280)) 776.384458ms ago: executing program 2 (id=320): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000030000005100000008000300", @ANYRES32=r2, @ANYBLOB="05008a00035f00000a0006"], 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 349.151815ms ago: executing program 0 (id=321): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/icmp\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) fanotify_init(0x10, 0x400) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000)) r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_netdev_private(r1, 0x89f8, &(0x7f0000000140)="4e6a106d0103a9f1ef1bd2d08e33610b226f5a0237ccfb2d91866182b2d688a219bbe96e170c9db53b8cc13c6384db08336648be95a44ac11e312d83ea0042064d1246575e3c53038fc7c3f1ed5ba5db77b86b") r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200880, 0x0) ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x9, 0x3ff, 0xfffffffb, 0x8001, 0x1a, "08400000c38eaad6a4540ad9455fb5031af800"}) ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000100)=0x9) ioctl$TCSETS(r5, 0x5402, &(0x7f0000000480)={0x408, 0x3, 0x0, 0xfffc, 0x1a, "4415264a100046001113fb235902af2556c6b6"}) ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) socket(0x2, 0x80805, 0x0) r6 = socket$inet_sctp(0x2, 0x5, 0x84) r7 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r7, &(0x7f0000000200)={0xa, 0x4e23, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, 0x1c) getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000240)=@assoc_value, &(0x7f0000000080)=0x8) r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r8, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c) connect$rose(r8, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40) 239.360186ms ago: executing program 2 (id=322): openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000006c0), 0x0) io_setup(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x90) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getsockopt$inet6_tcp_buf(r2, 0x6, 0x1a, 0x0, &(0x7f0000000080)) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000700)={{0x0, 0x1}, {0x2, 0xf5}, 0x400, 0xe, 0x4}) 0s ago: executing program 1 (id=323): openat$mice(0xffffffffffffff9c, 0x0, 0x2) socket$inet6_sctp(0xa, 0x1, 0x84) syz_emit_ethernet(0x4a, &(0x7f0000000040)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10}}}}}}}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ipv6_route\x00') syz_io_uring_setup(0x2e3b, &(0x7f0000000240)={0x0, 0x6e96, 0x10000, 0x2, 0x166, 0x0, r0}, &(0x7f00000003c0), &(0x7f0000001040)) r1 = syz_io_uring_setup(0x24fa, &(0x7f00000006c0)={0x0, 0x0, 0x10100, 0x0, 0x1c5}, &(0x7f0000000100)=0x0, &(0x7f0000000180)=0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f0000000040)=ANY=[@ANYRES64=r1], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x11, r4, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x24844}) io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.45' (ED25519) to the list of known hosts. [ 64.276414][ T5772] cgroup: Unknown subsys name 'net' [ 64.409168][ T5772] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 65.746105][ T5772] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 67.905328][ T5788] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.923660][ T5788] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.943019][ T5788] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.943301][ T5794] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.950741][ T5788] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.959527][ T5794] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.973299][ T5799] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.992541][ T5800] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 68.001284][ T5788] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.008429][ T5788] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 68.011116][ T5801] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 68.017617][ T5800] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 68.024233][ T5801] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 68.038239][ T5801] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.038283][ T5788] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 68.046636][ T5801] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 68.052768][ T5800] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 68.061520][ T5104] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 68.068092][ T5800] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 68.074379][ T5104] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 68.080225][ T5788] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 68.102475][ T5104] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 68.110870][ T5800] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 68.119266][ T5800] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 68.479447][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 68.559223][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 68.670641][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 68.747199][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.755395][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.763447][ T5785] bridge_slave_0: entered allmulticast mode [ 68.770177][ T5785] bridge_slave_0: entered promiscuous mode [ 68.777931][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 68.795663][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.802832][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.809971][ T5787] bridge_slave_0: entered allmulticast mode [ 68.817063][ T5787] bridge_slave_0: entered promiscuous mode [ 68.826186][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.833418][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.840576][ T5787] bridge_slave_1: entered allmulticast mode [ 68.848096][ T5787] bridge_slave_1: entered promiscuous mode [ 68.855792][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.863151][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.870330][ T5785] bridge_slave_1: entered allmulticast mode [ 68.877762][ T5785] bridge_slave_1: entered promiscuous mode [ 68.956127][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.969906][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.006924][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.055887][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.063178][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.070329][ T5786] bridge_slave_0: entered allmulticast mode [ 69.078039][ T5786] bridge_slave_0: entered promiscuous mode [ 69.088320][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.113997][ T5785] team0: Port device team_slave_0 added [ 69.120085][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.127426][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.135102][ T5786] bridge_slave_1: entered allmulticast mode [ 69.141693][ T5786] bridge_slave_1: entered promiscuous mode [ 69.170312][ T5785] team0: Port device team_slave_1 added [ 69.191861][ T5787] team0: Port device team_slave_0 added [ 69.233175][ T5787] team0: Port device team_slave_1 added [ 69.239120][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.246851][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.254082][ T5784] bridge_slave_0: entered allmulticast mode [ 69.260870][ T5784] bridge_slave_0: entered promiscuous mode [ 69.281390][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.289001][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.316599][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.330829][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.343476][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.368514][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.375870][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.383096][ T5784] bridge_slave_1: entered allmulticast mode [ 69.389740][ T5784] bridge_slave_1: entered promiscuous mode [ 69.397872][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.405078][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.431624][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.469048][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.476350][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.502386][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.540016][ T5786] team0: Port device team_slave_0 added [ 69.553254][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.560222][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.586601][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.599766][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.612326][ T5786] team0: Port device team_slave_1 added [ 69.651704][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.722099][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.729669][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.756519][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.769128][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.776201][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.802386][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.816680][ T5787] hsr_slave_0: entered promiscuous mode [ 69.823196][ T5787] hsr_slave_1: entered promiscuous mode [ 69.832288][ T5784] team0: Port device team_slave_0 added [ 69.843282][ T5785] hsr_slave_0: entered promiscuous mode [ 69.852323][ T5785] hsr_slave_1: entered promiscuous mode [ 69.858424][ T5785] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.866379][ T5785] Cannot create hsr debugfs directory [ 69.890348][ T5784] team0: Port device team_slave_1 added [ 69.969002][ T5786] hsr_slave_0: entered promiscuous mode [ 69.975801][ T5786] hsr_slave_1: entered promiscuous mode [ 69.981811][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.989647][ T5786] Cannot create hsr debugfs directory [ 70.000581][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.007975][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.034079][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.047226][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.054365][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.081022][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.113495][ T5796] Bluetooth: hci0: command tx timeout [ 70.119390][ T5796] Bluetooth: hci2: command tx timeout [ 70.197384][ T5800] Bluetooth: hci1: command tx timeout [ 70.197697][ T5796] Bluetooth: hci3: command tx timeout [ 70.261629][ T5784] hsr_slave_0: entered promiscuous mode [ 70.267833][ T5784] hsr_slave_1: entered promiscuous mode [ 70.277967][ T5784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.286495][ T5784] Cannot create hsr debugfs directory [ 70.478205][ T5785] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 70.488620][ T5785] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 70.510363][ T5785] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 70.519807][ T5785] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 70.589768][ T5787] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 70.610399][ T5787] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 70.621274][ T5787] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 70.635165][ T5787] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 70.708827][ T5786] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 70.721987][ T5786] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 70.736889][ T5786] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 70.753349][ T5786] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 70.817758][ T5784] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.828665][ T5784] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.838015][ T5784] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.850491][ T5784] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.891553][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.967326][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.988920][ T1138] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.996317][ T1138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.008228][ T1138] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.015363][ T1138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.096292][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.166487][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.181634][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.192170][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.206817][ T1101] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.213972][ T1101] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.250257][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.257484][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.281846][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.307388][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.316228][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.323425][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.350744][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.357906][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.367691][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.374852][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.401618][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.408841][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.494874][ T5787] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 71.506093][ T5787] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.540983][ T5786] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.558211][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.565262][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.634711][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.768137][ T5785] veth0_vlan: entered promiscuous mode [ 71.798196][ T5785] veth1_vlan: entered promiscuous mode [ 71.876329][ T5785] veth0_macvtap: entered promiscuous mode [ 71.903146][ T5785] veth1_macvtap: entered promiscuous mode [ 71.929984][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.985893][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.006539][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.043738][ T5785] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.053589][ T5785] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.062268][ T5785] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.071984][ T5785] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.128475][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.146852][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.182068][ T5787] veth0_vlan: entered promiscuous mode [ 72.193497][ T5796] Bluetooth: hci2: command tx timeout [ 72.198922][ T5800] Bluetooth: hci0: command tx timeout [ 72.243677][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.251686][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.266066][ T5787] veth1_vlan: entered promiscuous mode [ 72.273033][ T5796] Bluetooth: hci3: command tx timeout [ 72.278515][ T5800] Bluetooth: hci1: command tx timeout [ 72.321089][ T5786] veth0_vlan: entered promiscuous mode [ 72.338063][ T5784] veth0_vlan: entered promiscuous mode [ 72.367218][ T5786] veth1_vlan: entered promiscuous mode [ 72.379861][ T5784] veth1_vlan: entered promiscuous mode [ 72.385412][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.403376][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.463334][ T5787] veth0_macvtap: entered promiscuous mode [ 72.489571][ T5787] veth1_macvtap: entered promiscuous mode [ 72.514911][ T5784] veth0_macvtap: entered promiscuous mode [ 72.528490][ T5786] veth0_macvtap: entered promiscuous mode [ 72.550310][ T5784] veth1_macvtap: entered promiscuous mode [ 72.561186][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.574446][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.586609][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.597088][ T5786] veth1_macvtap: entered promiscuous mode [ 72.647255][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.659357][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.670770][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.688348][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.700461][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.711056][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.721872][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.744334][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.767839][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.779520][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.791865][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.806016][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.817932][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.831936][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.864083][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.941528][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 73.009045][ T5787] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.038177][ T5787] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.048556][ T5787] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.060761][ T5787] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.242320][ T5880] net veth1_virt_wifi ÿÿÿÿÿÿ: renamed from virt_wifi0 [ 73.380490][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.393894][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.404095][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.414616][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.428150][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.439590][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.450869][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.461962][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.477598][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.482789][ T5878] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 73.487759][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.504346][ T5878] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 73.504358][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.514998][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.536512][ T5878] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 73.549370][ T5784] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.561590][ T5784] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.571167][ T5784] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.580038][ T5784] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.590916][ T5878] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 73.604548][ T5878] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 73.612459][ T5786] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.622458][ T5786] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.637560][ T5786] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.646392][ T5786] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.655476][ T5878] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 73.667547][ T5878] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 73.677023][ T5878] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 73.691148][ T5878] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 73.701933][ T5878] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 73.718825][ T5878] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 73.729871][ T5878] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 73.921037][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.932322][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.055791][ T1101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.070355][ T1101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.272408][ T1101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.324357][ T1101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.861476][ T1101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.874577][ T1101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.930029][ T1030] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.942009][ T1030] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.976233][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.993128][ T5800] Bluetooth: hci0: command 0x0419 tx timeout [ 75.006496][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.331223][ T5893] Zero length message leads to an empty skb [ 75.662639][ T5800] Bluetooth: hci1: command 0x0419 tx timeout [ 75.712927][ T5800] Bluetooth: hci3: command 0x0419 tx timeout [ 75.720115][ T5796] Bluetooth: hci2: command 0x0419 tx timeout [ 75.945653][ T5897] ======================================================= [ 75.945653][ T5897] WARNING: The mand mount option has been deprecated and [ 75.945653][ T5897] and is ignored by this kernel. Remove the mand [ 75.945653][ T5897] option from the mount to silence this warning. [ 75.945653][ T5897] ======================================================= [ 76.127196][ T5899] process 'syz.2.3' launched '/dev/fd/-1' with NULL argv: empty string added [ 76.218632][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 76.227446][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 76.321152][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 76.329926][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 76.353874][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 76.525897][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 76.534704][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 76.833099][ T0] NOHZ tick-stop error: local softirq work is pending, handler #1c2!!! [ 76.841499][ T0] NOHZ tick-stop error: local softirq work is pending, handler #1c2!!! [ 76.911547][ T5895] overlayfs: failed to resolve 'fsuuid=d85a4bfd-66': -2 [ 77.078058][ T5800] Bluetooth: hci0: command 0x0419 tx timeout [ 77.235446][ T23] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 77.427771][ T23] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 77.444018][ T23] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 77.457288][ T23] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 77.467100][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 77.477722][ T23] usb 1-1: SerialNumber: syz [ 77.852078][ T5883] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 77.854793][ T5796] Bluetooth: hci2: command 0x0419 tx timeout [ 77.854969][ T5796] Bluetooth: hci3: command 0x0419 tx timeout [ 77.856009][ T5800] Bluetooth: hci1: command 0x0419 tx timeout [ 79.042993][ T5883] usb 3-1: Using ep0 maxpacket: 8 [ 79.126145][ T5883] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 79.135455][ T5883] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 79.143829][ T5883] usb 3-1: Product: syz [ 79.148196][ T5883] usb 3-1: Manufacturer: syz [ 79.159809][ T5883] usb 3-1: SerialNumber: syz [ 79.181157][ T5883] usb 3-1: config 0 descriptor?? [ 79.729367][ T23] usb 1-1: 0:2 : does not exist [ 79.741674][ T5883] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 79.834990][ T23] usb 1-1: USB disconnect, device number 2 [ 79.872801][ T5788] Bluetooth: hci3: command 0x0419 tx timeout [ 79.881714][ T5796] Bluetooth: hci2: command 0x0419 tx timeout [ 79.883671][ T5800] Bluetooth: hci1: command 0x0419 tx timeout [ 81.267163][ T5938] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 81.305585][ T5883] dvb_usb_rtl28xxu: probe of 3-1:0.0 failed with error -71 [ 81.351094][ T5883] usb 3-1: USB disconnect, device number 2 [ 81.953904][ T5800] Bluetooth: hci2: command 0x0419 tx timeout [ 81.962686][ T5800] Bluetooth: hci1: command 0x0419 tx timeout [ 81.968802][ T5800] Bluetooth: hci3: command 0x0419 tx timeout [ 82.206590][ T28] cfg80211: failed to load regulatory.db [ 84.045028][ T5951] fuse: Bad value for 'fd' [ 84.631818][ T5957] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:32 to non-existent VLAN 2048 [ 85.622559][ T5969] syz.1.25[5969]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 88.139953][ T5829] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 88.442747][ T5829] usb 4-1: Using ep0 maxpacket: 32 [ 89.039142][ T5829] usb 4-1: config 8 has an invalid interface number: 203 but max is 0 [ 89.119240][ T5829] usb 4-1: config 8 has no interface number 0 [ 89.166836][ T5829] usb 4-1: config 8 interface 203 altsetting 1 has an invalid endpoint with address 0x93, skipping [ 89.198213][ T5829] usb 4-1: config 8 interface 203 altsetting 1 endpoint 0xB has invalid maxpacket 30768, setting to 1024 [ 89.232966][ T5829] usb 4-1: config 8 interface 203 altsetting 1 bulk endpoint 0xB has invalid maxpacket 1024 [ 89.262761][ T5829] usb 4-1: config 8 interface 203 has no altsetting 0 [ 89.282200][ T5829] usb 4-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=eb.7a [ 89.312043][ T5829] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.452817][ T5829] usb 4-1: Product: syz [ 89.454077][ T5999] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 89.457016][ T5829] usb 4-1: Manufacturer: syz [ 89.562214][ T5829] usb 4-1: SerialNumber: syz [ 90.248422][ T5829] usb 4-1: can't set config #8, error -71 [ 90.302328][ T5829] usb 4-1: USB disconnect, device number 2 [ 95.682580][ C0] sched: RT throttling activated [ 97.112684][ T8] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 98.092644][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 98.161043][ T8] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 98.204633][ T8] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 98.227251][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.264868][ T8] usb 3-1: Product: syz [ 98.292653][ T8] usb 3-1: Manufacturer: syz [ 98.297360][ T8] usb 3-1: SerialNumber: syz [ 98.319271][ T8] usb 3-1: config 0 descriptor?? [ 98.482813][ T8] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 98.492275][ T8] usb 3-1: Detected FT232R [ 99.186335][ T8] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 100.048241][ T8] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 100.060721][ T8] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71 [ 100.087662][ T8] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 100.120630][ T8] usb 3-1: USB disconnect, device number 3 [ 100.197563][ T8] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 100.426976][ T8] ftdi_sio 3-1:0.0: device disconnected [ 101.101034][ T5843] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 101.315292][ T5843] usb 1-1: config 0 has an invalid interface number: 238 but max is 0 [ 101.326812][ T5843] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 101.349787][ T5843] usb 1-1: config 0 has no interface number 0 [ 101.368901][ T5843] usb 1-1: config 0 interface 238 altsetting 2 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 101.383093][ T5843] usb 1-1: config 0 interface 238 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 101.396457][ T5843] usb 1-1: config 0 interface 238 has no altsetting 0 [ 101.447613][ T5843] usb 1-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=44.ca [ 101.449266][ T23] libceph: connect (1)[c::]:6789 error -101 [ 101.470728][ T5843] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.480184][ T5843] usb 1-1: Product: syz [ 101.488985][ T5843] usb 1-1: Manufacturer: syz [ 101.490539][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 101.494722][ T5843] usb 1-1: SerialNumber: syz [ 101.537509][ T6091] ceph: No mds server is up or the cluster is laggy [ 101.550671][ T5843] usb 1-1: config 0 descriptor?? [ 101.561128][ T23] libceph: connect (1)[c::]:6789 error -101 [ 101.567722][ T6086] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 101.591347][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 101.603383][ T5843] HFC-S_USB: probe of 1-1:0.238 failed with error -5 [ 101.639536][ T27] audit: type=1326 audit(1751960858.228:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6099 comm="syz.2.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce2638e929 code=0x7ffc0000 [ 101.678784][ T27] audit: type=1326 audit(1751960858.258:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6099 comm="syz.2.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fce2638e929 code=0x7ffc0000 [ 101.720616][ T27] audit: type=1326 audit(1751960858.258:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6099 comm="syz.2.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce2638e929 code=0x7ffc0000 [ 102.562233][ T27] audit: type=1326 audit(1751960858.258:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6099 comm="syz.2.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fce2638e929 code=0x7ffc0000 [ 102.587939][ T27] audit: type=1326 audit(1751960858.258:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6099 comm="syz.2.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce2638e929 code=0x7ffc0000 [ 102.611294][ T27] audit: type=1326 audit(1751960858.258:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6099 comm="syz.2.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce2638e929 code=0x7ffc0000 [ 102.638487][ T27] audit: type=1326 audit(1751960858.258:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6099 comm="syz.2.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fce2638e929 code=0x7ffc0000 [ 102.665536][ T27] audit: type=1326 audit(1751960858.258:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6099 comm="syz.2.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce2638e929 code=0x7ffc0000 [ 102.695012][ T27] audit: type=1326 audit(1751960858.258:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6099 comm="syz.2.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce2638e929 code=0x7ffc0000 [ 102.753935][ T27] audit: type=1326 audit(1751960858.258:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6099 comm="syz.2.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fce2638e929 code=0x7ffc0000 [ 102.800253][ T5774] usb 1-1: USB disconnect, device number 3 [ 102.832335][ T6107] netlink: 12 bytes leftover after parsing attributes in process `syz.2.66'. [ 107.393748][ T6132] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 107.420139][ C0] vkms_vblank_simulate: vblank timer overrun [ 107.432593][ T6132] CIFS: Unable to determine destination address [ 107.748891][ T6137] input: syz1 as /devices/virtual/input/input5 [ 108.317533][ T5857] libceph: connect (1)[c::]:6789 error -101 [ 108.323796][ T5857] libceph: mon0 (1)[c::]:6789 connect error [ 108.407154][ T6148] ceph: No mds server is up or the cluster is laggy [ 109.332760][ T6158] netlink: 20 bytes leftover after parsing attributes in process `syz.0.81'. [ 109.368885][ T6158] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 109.378097][ T6158] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 109.386869][ T6158] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 109.395902][ T6158] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 109.450108][ T6157] sctp: [Deprecated]: syz.0.81 (pid 6157) Use of int in max_burst socket option deprecated. [ 109.450108][ T6157] Use struct sctp_assoc_value instead [ 112.216764][ T23] libceph: connect (1)[c::]:6789 error -101 [ 112.249260][ T23] libceph: mon0 (1)[c::]:6789 connect error [ 112.301181][ T6182] ceph: No mds server is up or the cluster is laggy [ 112.333032][ T6188] input: syz1 as /devices/virtual/input/input6 [ 113.712313][ T6200] tipc: Started in network mode [ 113.718546][ T6200] tipc: Node identity d6e16e26083f, cluster identity 4711 [ 113.732875][ T6200] tipc: Enabled bearer , priority 0 [ 113.841542][ T6200] syzkaller0: entered promiscuous mode [ 113.858632][ T6200] syzkaller0: entered allmulticast mode [ 113.870231][ T6200] tipc: Resetting bearer [ 113.977121][ T6199] tipc: Resetting bearer [ 114.031676][ T6208] XFS (nullb0): Invalid superblock magic number [ 115.592241][ T5857] tipc: Node number set to 3739119142 [ 115.779459][ T5857] libceph: connect (1)[c::]:6789 error -101 [ 115.786841][ T5857] libceph: mon0 (1)[c::]:6789 connect error [ 115.882218][ T6227] ceph: No mds server is up or the cluster is laggy [ 117.416945][ T6199] tipc: Disabling bearer [ 117.697550][ T6248] 8021q: adding VLAN 0 to HW filter on device bond1 [ 118.422842][ T5857] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 118.450285][ T6257] netlink: 12 bytes leftover after parsing attributes in process `syz.2.107'. [ 118.493352][ T5774] libceph: connect (1)[c::]:6789 error -101 [ 118.517577][ T5774] libceph: mon0 (1)[c::]:6789 connect error [ 118.577877][ T6259] ceph: No mds server is up or the cluster is laggy [ 118.624672][ T5857] usb 4-1: Using ep0 maxpacket: 8 [ 118.639452][ T5857] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 118.648823][ T5857] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.657091][ T5857] usb 4-1: Product: syz [ 118.661500][ T5857] usb 4-1: Manufacturer: syz [ 118.679549][ T5857] usb 4-1: SerialNumber: syz [ 118.703597][ T5857] usb 4-1: config 0 descriptor?? [ 118.911310][ T27] kauditd_printk_skb: 16 callbacks suppressed [ 118.911323][ T27] audit: type=1800 audit(1751960875.498:28): pid=6269 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.111" name="bus" dev="overlay" ino=177 res=0 errno=0 [ 118.979128][ T5857] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 120.531973][ T5857] dvb_usb_rtl28xxu: probe of 4-1:0.0 failed with error -71 [ 120.547902][ T5857] usb 4-1: USB disconnect, device number 3 [ 122.093161][ T6303] XFS (nullb0): Invalid superblock magic number [ 131.121377][ T6392] Illegal XDP return value 36 on prog (id 22) dev N/A, expect packet loss! [ 133.058554][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.070597][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.856611][ T6410] input: syz1 as /devices/virtual/input/input8 [ 134.773009][ T5843] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 135.053219][ T5843] usb 2-1: Using ep0 maxpacket: 8 [ 135.528065][ T5843] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 135.597746][ T5843] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.823384][ T5843] usb 2-1: Product: syz [ 135.828073][ T5843] usb 2-1: Manufacturer: syz [ 135.833305][ T5843] usb 2-1: SerialNumber: syz [ 135.842849][ T5843] usb 2-1: config 0 descriptor?? [ 136.070993][ T5843] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 136.402900][ T5829] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 136.662982][ T5829] usb 3-1: Using ep0 maxpacket: 8 [ 136.724747][ T5829] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 136.793508][ T5829] usb 3-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 136.803212][ T5829] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.814902][ T5829] usb 3-1: config 0 descriptor?? [ 136.824993][ T5829] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 136.964321][ T5843] dvb_usb_rtl28xxu: probe of 2-1:0.0 failed with error -71 [ 136.992073][ T5843] usb 2-1: USB disconnect, device number 2 [ 137.042993][ T6445] input: syz1 as /devices/virtual/input/input9 [ 137.227818][ T5829] gspca_vc032x: reg_w err -71 [ 137.233702][ T5829] vc032x: probe of 3-1:0.0 failed with error -71 [ 137.245431][ T5829] usb 3-1: USB disconnect, device number 4 [ 140.765091][ T6475] 8021q: adding VLAN 0 to HW filter on device bond1 [ 140.779387][ T6469] comedi comedi0: Minor 14 could not be opened [ 142.275487][ T6496] netlink: 12 bytes leftover after parsing attributes in process `syz.0.176'. [ 142.300574][ T5843] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 142.507937][ T6500] syz.1.182: attempt to access beyond end of device [ 142.507937][ T6500] nbd1: rw=0, sector=2, nr_sectors = 1 limit=0 [ 142.520970][ T6500] hfs: can't find a HFS filesystem on dev nbd1 [ 142.542668][ T6500] netlink: 8 bytes leftover after parsing attributes in process `syz.1.182'. [ 142.554798][ T5843] usb 3-1: Using ep0 maxpacket: 8 [ 143.237908][ T5843] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 143.247205][ T5843] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.304811][ T5843] usb 3-1: Product: syz [ 143.309086][ T5843] usb 3-1: Manufacturer: syz [ 143.313986][ T5843] usb 3-1: SerialNumber: syz [ 143.321981][ T5843] usb 3-1: config 0 descriptor?? [ 143.477943][ T6502] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 143.530118][ T5843] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 144.768573][ T5843] dvb_usb_rtl28xxu: probe of 3-1:0.0 failed with error -71 [ 144.793306][ T5843] usb 3-1: USB disconnect, device number 5 [ 145.644153][ T6536] syz.3.192: attempt to access beyond end of device [ 145.644153][ T6536] nbd3: rw=0, sector=2, nr_sectors = 1 limit=0 [ 145.657493][ T6536] hfs: can't find a HFS filesystem on dev nbd3 [ 145.668695][ T5843] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 145.722903][ T6537] netlink: 8 bytes leftover after parsing attributes in process `syz.3.192'. [ 146.023774][ T5843] usb 1-1: Using ep0 maxpacket: 16 [ 146.306522][ T5843] usb 1-1: config 0 interface 0 has no altsetting 0 [ 146.335154][ T5843] usb 1-1: New USB device found, idVendor=04b4, idProduct=ed81, bcdDevice= 0.00 [ 146.401216][ T5843] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.610789][ T5843] usb 1-1: config 0 descriptor?? [ 147.265304][ T5843] cypress 0003:04B4:ED81.0001: unknown main item tag 0x0 [ 147.272987][ T5843] cypress 0003:04B4:ED81.0001: unknown main item tag 0x0 [ 147.280235][ T5843] cypress 0003:04B4:ED81.0001: unknown main item tag 0x0 [ 147.329912][ T6550] 8021q: adding VLAN 0 to HW filter on device bond1 [ 147.911337][ T5843] cypress 0003:04B4:ED81.0001: unknown main item tag 0x0 [ 147.918535][ T5843] cypress 0003:04B4:ED81.0001: unknown main item tag 0x0 [ 147.967372][ T5843] cypress 0003:04B4:ED81.0001: unknown main item tag 0x0 [ 147.974625][ T5843] cypress 0003:04B4:ED81.0001: unknown main item tag 0x0 [ 147.989013][ T5843] cypress 0003:04B4:ED81.0001: hidraw0: USB HID v10.00 Device [HID 04b4:ed81] on usb-dummy_hcd.0-1/input0 [ 148.018939][ T5843] usb 1-1: USB disconnect, device number 4 [ 148.315389][ T6557] fido_id[6557]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 148.665097][ T5883] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 148.954703][ T5883] usb 2-1: Using ep0 maxpacket: 8 [ 149.307502][ T5883] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 149.337652][ T5883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.363593][ T6576] netlink: 36 bytes leftover after parsing attributes in process `syz.3.208'. [ 149.365553][ T5883] usb 2-1: Product: syz [ 149.377765][ T5883] usb 2-1: Manufacturer: syz [ 149.382417][ T5883] usb 2-1: SerialNumber: syz [ 149.400051][ T5883] usb 2-1: config 0 descriptor?? [ 149.685962][ T5883] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 150.673059][ T5883] dvb_usb_rtl28xxu: probe of 2-1:0.0 failed with error -71 [ 150.820546][ T5883] usb 2-1: USB disconnect, device number 3 [ 151.765599][ T27] audit: type=1326 audit(1751960908.358:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6599 comm="syz.2.216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce2638e929 code=0x7ffc0000 [ 151.833400][ T27] audit: type=1326 audit(1751960908.358:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6599 comm="syz.2.216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce2638e929 code=0x7ffc0000 [ 151.868101][ T6604] netlink: 36 bytes leftover after parsing attributes in process `syz.1.219'. [ 151.888821][ T27] audit: type=1326 audit(1751960908.358:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6599 comm="syz.2.216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fce2638e929 code=0x7ffc0000 [ 152.034491][ T27] audit: type=1326 audit(1751960908.358:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6599 comm="syz.2.216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce2638e929 code=0x7ffc0000 [ 152.489916][ T6613] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 152.586646][ T6602] comedi comedi0: Minor 14 could not be opened [ 152.772706][ T5883] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 153.432843][ T5883] usb 2-1: Using ep0 maxpacket: 8 [ 153.513274][ T5883] usb 2-1: config index 0 descriptor too short (expected 8251, got 59) [ 153.532894][ T5883] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 153.553033][ T5883] usb 2-1: config 0 has no interfaces? [ 153.561050][ T5883] usb 2-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 153.573597][ T5883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.596203][ T5883] usb 2-1: Product: syz [ 153.600396][ T5883] usb 2-1: Manufacturer: syz [ 153.608820][ T5883] usb 2-1: SerialNumber: syz [ 153.623458][ T5883] usb 2-1: config 0 descriptor?? [ 153.874291][ T5883] usb 2-1: USB disconnect, device number 4 [ 153.907336][ T5843] libceph: connect (1)[c::]:6789 error -101 [ 153.929275][ T5843] libceph: mon0 (1)[c::]:6789 connect error [ 153.968944][ T6634] ceph: No mds server is up or the cluster is laggy [ 154.433764][ T5883] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 154.652660][ T5883] usb 1-1: Using ep0 maxpacket: 8 [ 154.674755][ T5883] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 154.750498][ T5883] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.782610][ T5883] usb 1-1: Product: syz [ 154.786822][ T5883] usb 1-1: Manufacturer: syz [ 154.791426][ T5883] usb 1-1: SerialNumber: syz [ 155.013655][ T5883] usb 1-1: config 0 descriptor?? [ 155.710006][ T6664] 8021q: adding VLAN 0 to HW filter on device bond2 [ 155.789887][ T5883] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 155.923739][ T5843] libceph: connect (1)[c::]:6789 error -101 [ 155.932025][ T5843] libceph: mon0 (1)[c::]:6789 connect error [ 155.939760][ T5843] libceph: connect (1)[c::]:6789 error -101 [ 155.947582][ T5843] libceph: mon0 (1)[c::]:6789 connect error [ 155.971339][ T6672] ceph: No mds server is up or the cluster is laggy [ 156.812381][ T5883] dvb_usb_rtl28xxu: probe of 1-1:0.0 failed with error -71 [ 156.838567][ T5883] usb 1-1: USB disconnect, device number 5 [ 156.988909][ T6687] netlink: 32 bytes leftover after parsing attributes in process `syz.2.247'. [ 157.002774][ T5829] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 157.203048][ T5829] usb 2-1: Using ep0 maxpacket: 8 [ 157.251392][ T5829] usb 2-1: config index 0 descriptor too short (expected 8251, got 59) [ 157.260264][ T5829] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 157.271146][ T5829] usb 2-1: config 0 has no interfaces? [ 157.282995][ T5829] usb 2-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 157.342682][ T5829] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.351037][ T5829] usb 2-1: Product: syz [ 157.366575][ T5829] usb 2-1: Manufacturer: syz [ 157.381974][ T5829] usb 2-1: SerialNumber: syz [ 157.404017][ T5829] usb 2-1: config 0 descriptor?? [ 158.016245][ T5829] usb 2-1: USB disconnect, device number 5 [ 158.354184][ T6704] netlink: 28 bytes leftover after parsing attributes in process `syz.3.253'. [ 158.882361][ T6701] sctp: [Deprecated]: syz.0.254 (pid 6701) Use of int in max_burst socket option deprecated. [ 158.882361][ T6701] Use struct sctp_assoc_value instead [ 159.202810][ T5857] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 159.384398][ T5857] usb 2-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36 [ 159.412820][ T5857] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.432256][ T5857] usb 2-1: config 0 descriptor?? [ 159.513729][ T5843] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 159.723124][ T5857] kaweth 2-1:0.0: Firmware present in device. [ 159.802921][ T5843] usb 3-1: Using ep0 maxpacket: 8 [ 159.837676][ T5843] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 159.847452][ T5843] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.865179][ T5829] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 159.913882][ T5857] kaweth 2-1:0.0: Error reading configuration (-71), no net device created [ 160.044991][ T5857] kaweth: probe of 2-1:0.0 failed with error -5 [ 160.051430][ T5843] usb 3-1: Product: syz [ 160.063309][ T5843] usb 3-1: Manufacturer: syz [ 160.068668][ T5857] usb 2-1: USB disconnect, device number 6 [ 160.074658][ T5843] usb 3-1: SerialNumber: syz [ 160.092397][ T5843] usb 3-1: config 0 descriptor?? [ 160.204842][ T6733] netlink: 28 bytes leftover after parsing attributes in process `syz.0.265'. [ 160.252792][ T5829] usb 4-1: Using ep0 maxpacket: 8 [ 160.264902][ T5829] usb 4-1: config index 0 descriptor too short (expected 8251, got 59) [ 160.273576][ T5829] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 160.284066][ T5829] usb 4-1: config 0 has no interfaces? [ 160.295785][ T5829] usb 4-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 160.308232][ T5843] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 160.316737][ T5829] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.325216][ T5829] usb 4-1: Product: syz [ 160.329375][ T5829] usb 4-1: Manufacturer: syz [ 160.334402][ T5829] usb 4-1: SerialNumber: syz [ 160.341162][ T5829] usb 4-1: config 0 descriptor?? [ 160.573463][ T5829] usb 4-1: USB disconnect, device number 4 [ 160.956348][ T5843] dvb_usb_rtl28xxu: probe of 3-1:0.0 failed with error -71 [ 160.978218][ T5843] usb 3-1: USB disconnect, device number 6 [ 162.395202][ T6767] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 162.412959][ T6767] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 163.032666][ T28] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 163.662934][ T5883] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 163.797532][ T28] usb 2-1: Using ep0 maxpacket: 32 [ 163.937235][ T28] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 163.952783][ T5883] usb 3-1: Using ep0 maxpacket: 8 [ 163.969378][ T5883] usb 3-1: config index 0 descriptor too short (expected 8251, got 59) [ 164.016360][ T28] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 164.072410][ T5883] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 164.145905][ T28] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 164.238235][ T5883] usb 3-1: config 0 has no interfaces? [ 164.273093][ T28] usb 2-1: Product: syz [ 164.340331][ T5883] usb 3-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 164.354802][ T28] usb 2-1: Manufacturer: syz [ 164.402361][ T28] usb 2-1: SerialNumber: syz [ 164.432386][ T5883] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.495151][ T5883] usb 3-1: Product: syz [ 164.515889][ T5883] usb 3-1: Manufacturer: syz [ 164.528675][ T28] usb 2-1: config 0 descriptor?? [ 164.550177][ T5883] usb 3-1: SerialNumber: syz [ 164.555983][ T6776] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 164.625176][ T5883] usb 3-1: config 0 descriptor?? [ 164.883190][ T5883] usb 3-1: USB disconnect, device number 7 [ 164.956317][ T5829] usb 2-1: USB disconnect, device number 7 [ 167.946500][ T6849] netlink: 'syz.1.301': attribute type 10 has an invalid length. [ 168.292758][ T5829] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 168.384721][ T6849] team0: Port device wlan1 added [ 168.492639][ T5829] usb 1-1: Using ep0 maxpacket: 8 [ 168.949070][ T5829] usb 1-1: config index 0 descriptor too short (expected 8251, got 59) [ 168.983974][ T5829] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 169.432762][ T5829] usb 1-1: config 0 has no interfaces? [ 169.472915][ T5829] usb 1-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 169.526598][ T5829] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.567322][ T5829] usb 1-1: Product: syz [ 169.575705][ T5829] usb 1-1: Manufacturer: syz [ 169.586765][ T5829] usb 1-1: SerialNumber: syz [ 169.610095][ T5829] usb 1-1: config 0 descriptor?? [ 170.799358][ T5829] usb 1-1: USB disconnect, device number 6 [ 173.640273][ T6911] ================================================================== [ 173.648463][ T6911] BUG: KASAN: slab-use-after-free in rose_get_neigh+0x391/0x990 [ 173.656219][ T6911] Read of size 1 at addr ffff88805c669830 by task syz.0.321/6911 [ 173.664024][ T6911] [ 173.666365][ T6911] CPU: 1 PID: 6911 Comm: syz.0.321 Not tainted 6.6.96-syzkaller #0 [ 173.674249][ T6911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 173.684308][ T6911] Call Trace: [ 173.687594][ T6911] [ 173.690539][ T6911] dump_stack_lvl+0x16c/0x230 [ 173.695237][ T6911] ? __lock_acquire+0x7c80/0x7c80 [ 173.700276][ T6911] ? show_regs_print_info+0x20/0x20 [ 173.705493][ T6911] ? load_image+0x3b0/0x3b0 [ 173.710010][ T6911] ? __virt_addr_valid+0x469/0x540 [ 173.715135][ T6911] print_report+0xac/0x230 [ 173.719566][ T6911] ? rose_get_neigh+0x391/0x990 [ 173.724432][ T6911] kasan_report+0x117/0x150 [ 173.728950][ T6911] ? rose_get_neigh+0x391/0x990 [ 173.733819][ T6911] rose_get_neigh+0x391/0x990 [ 173.738518][ T6911] rose_connect+0x417/0x10a0 [ 173.743126][ T6911] ? aa_sk_perm+0x7fc/0x930 [ 173.747727][ T6911] ? rose_bind+0x7c0/0x7c0 [ 173.752158][ T6911] ? aa_af_perm+0x1f0/0x2b0 [ 173.756661][ T6911] ? tomoyo_socket_connect_permission+0x164/0x290 [ 173.763074][ T6911] ? __might_fault+0xaa/0x120 [ 173.767764][ T6911] ? bpf_lsm_socket_connect+0x9/0x10 [ 173.773063][ T6911] ? security_socket_connect+0x80/0xa0 [ 173.778530][ T6911] ? rose_bind+0x7c0/0x7c0 [ 173.782961][ T6911] __sys_connect+0x397/0x420 [ 173.787567][ T6911] ? __sys_connect_file+0x180/0x180 [ 173.792787][ T6911] __x64_sys_connect+0x7a/0x90 [ 173.797567][ T6911] do_syscall_64+0x55/0xb0 [ 173.801997][ T6911] ? clear_bhb_loop+0x40/0x90 [ 173.806686][ T6911] ? clear_bhb_loop+0x40/0x90 [ 173.811386][ T6911] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 173.817292][ T6911] RIP: 0033:0x7f1b4d78e929 [ 173.821727][ T6911] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 173.841343][ T6911] RSP: 002b:00007f1b4e553038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 173.849789][ T6911] RAX: ffffffffffffffda RBX: 00007f1b4d9b6080 RCX: 00007f1b4d78e929 [ 173.857768][ T6911] RDX: 000000000000001c RSI: 0000200000000040 RDI: 000000000000000f [ 173.865750][ T6911] RBP: 00007f1b4d810b39 R08: 0000000000000000 R09: 0000000000000000 [ 173.873729][ T6911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 173.881718][ T6911] R13: 0000000000000000 R14: 00007f1b4d9b6080 R15: 00007ffd36f27a18 [ 173.889706][ T6911] [ 173.892732][ T6911] [ 173.895066][ T6911] Allocated by task 5829: [ 173.899403][ T6911] kasan_set_track+0x4e/0x70 [ 173.904004][ T6911] __kasan_kmalloc+0x8f/0xa0 [ 173.908610][ T6911] device_add+0xbe/0xc20 [ 173.912860][ T6911] usb_new_device+0xa31/0x1630 [ 173.917632][ T6911] hub_event+0x2957/0x49c0 [ 173.922057][ T6911] process_scheduled_works+0xa45/0x15b0 [ 173.927617][ T6911] worker_thread+0xa55/0xfc0 [ 173.932217][ T6911] kthread+0x2fa/0x390 [ 173.936293][ T6911] ret_from_fork+0x48/0x80 [ 173.940706][ T6911] ret_from_fork_asm+0x11/0x20 [ 173.945482][ T6911] [ 173.947783][ T6911] Freed by task 5829: [ 173.951759][ T6911] kasan_set_track+0x4e/0x70 [ 173.956331][ T6911] kasan_save_free_info+0x2e/0x50 [ 173.961338][ T6911] ____kasan_slab_free+0x126/0x1e0 [ 173.966480][ T6911] slab_free_freelist_hook+0x130/0x1b0 [ 173.971924][ T6911] __kmem_cache_free+0xba/0x1f0 [ 173.976756][ T6911] kobject_put+0x221/0x470 [ 173.981152][ T6911] hub_event+0x1ce5/0x49c0 [ 173.985550][ T6911] process_scheduled_works+0xa45/0x15b0 [ 173.991090][ T6911] worker_thread+0xa55/0xfc0 [ 173.995683][ T6911] kthread+0x2fa/0x390 [ 173.999729][ T6911] ret_from_fork+0x48/0x80 [ 174.004124][ T6911] ret_from_fork_asm+0x11/0x20 [ 174.008884][ T6911] [ 174.011190][ T6911] Last potentially related work creation: [ 174.016880][ T6911] kasan_save_stack+0x3e/0x60 [ 174.021545][ T6911] __kasan_record_aux_stack+0xaf/0xc0 [ 174.026917][ T6911] insert_work+0x3d/0x310 [ 174.031226][ T6911] __queue_work+0xd2c/0x1020 [ 174.035795][ T6911] call_timer_fn+0x16e/0x530 [ 174.040370][ T6911] __run_timers+0x558/0x7d0 [ 174.044856][ T6911] run_timer_softirq+0x67/0xf0 [ 174.049598][ T6911] handle_softirqs+0x280/0x820 [ 174.054341][ T6911] __irq_exit_rcu+0xc7/0x190 [ 174.058914][ T6911] irq_exit_rcu+0x9/0x20 [ 174.063132][ T6911] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 174.068741][ T6911] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 174.074708][ T6911] [ 174.077011][ T6911] The buggy address belongs to the object at ffff88805c669800 [ 174.077011][ T6911] which belongs to the cache kmalloc-512 of size 512 [ 174.091055][ T6911] The buggy address is located 48 bytes inside of [ 174.091055][ T6911] freed 512-byte region [ffff88805c669800, ffff88805c669a00) [ 174.104764][ T6911] [ 174.107070][ T6911] The buggy address belongs to the physical page: [ 174.113467][ T6911] page:ffffea0001719a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88805c668800 pfn:0x5c668 [ 174.124906][ T6911] head:ffffea0001719a00 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 174.133816][ T6911] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 174.141780][ T6911] page_type: 0xffffffff() [ 174.146087][ T6911] raw: 00fff00000000840 ffff888017841c80 ffffea0000935010 ffffea000099ea10 [ 174.154664][ T6911] raw: ffff88805c668800 000000000010000b 00000001ffffffff 0000000000000000 [ 174.163241][ T6911] page dumped because: kasan: bad access detected [ 174.169641][ T6911] page_owner tracks the page as allocated [ 174.175334][ T6911] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5786, tgid 5786 (syz-executor), ts 72100464366, free_ts 15621218879 [ 174.196674][ T6911] post_alloc_hook+0x1cd/0x210 [ 174.201423][ T6911] get_page_from_freelist+0x195c/0x19f0 [ 174.206953][ T6911] __alloc_pages+0x1e3/0x460 [ 174.211524][ T6911] alloc_slab_page+0x5d/0x170 [ 174.216187][ T6911] new_slab+0x87/0x2e0 [ 174.220240][ T6911] ___slab_alloc+0xc6d/0x12f0 [ 174.224900][ T6911] __kmem_cache_alloc_node+0x1a2/0x260 [ 174.230340][ T6911] __kmalloc+0xa4/0x240 [ 174.234477][ T6911] fib6_info_alloc+0x32/0xe0 [ 174.239054][ T6911] ip6_route_info_create+0x44f/0x1200 [ 174.244408][ T6911] ip6_route_add+0x28/0x130 [ 174.248896][ T6911] addrconf_add_dev+0x257/0x340 [ 174.253732][ T6911] inet6_addr_add+0x215/0xb60 [ 174.258393][ T6911] inet6_rtm_newaddr+0x68d/0x940 [ 174.263316][ T6911] rtnetlink_rcv_msg+0x7c7/0xf10 [ 174.268237][ T6911] netlink_rcv_skb+0x216/0x480 [ 174.272984][ T6911] page last free stack trace: [ 174.277635][ T6911] free_unref_page_prepare+0x7ce/0x8e0 [ 174.283078][ T6911] free_unref_page+0x32/0x2e0 [ 174.287737][ T6911] free_contig_range+0xa1/0x160 [ 174.292609][ T6911] destroy_args+0x87/0x770 [ 174.297008][ T6911] debug_vm_pgtable+0x3cc/0x410 [ 174.301845][ T6911] do_one_initcall+0x1fd/0x750 [ 174.306601][ T6911] do_initcall_level+0x137/0x1f0 [ 174.311536][ T6911] do_initcalls+0x69/0xd0 [ 174.315853][ T6911] kernel_init_freeable+0x3d2/0x570 [ 174.321035][ T6911] kernel_init+0x1d/0x1c0 [ 174.325352][ T6911] ret_from_fork+0x48/0x80 [ 174.329752][ T6911] ret_from_fork_asm+0x11/0x20 [ 174.334503][ T6911] [ 174.336806][ T6911] Memory state around the buggy address: [ 174.342422][ T6911] ffff88805c669700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 174.350461][ T6911] ffff88805c669780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 174.358500][ T6911] >ffff88805c669800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 174.366539][ T6911] ^ [ 174.372146][ T6911] ffff88805c669880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 174.380186][ T6911] ffff88805c669900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 174.388223][ T6911] ================================================================== [ 174.396344][ C1] vkms_vblank_simulate: vblank timer overrun [ 174.402355][ T6911] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 174.409542][ T6911] CPU: 1 PID: 6911 Comm: syz.0.321 Not tainted 6.6.96-syzkaller #0 [ 174.417416][ T6911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 174.427456][ T6911] Call Trace: [ 174.430717][ T6911] [ 174.433640][ T6911] dump_stack_lvl+0x16c/0x230 [ 174.438309][ T6911] ? show_regs_print_info+0x20/0x20 [ 174.443497][ T6911] ? load_image+0x3b0/0x3b0 [ 174.447989][ T6911] panic+0x2c0/0x710 [ 174.451867][ T6911] ? bpf_jit_dump+0xd0/0xd0 [ 174.456353][ T6911] ? _raw_spin_unlock_irqrestore+0xa9/0x110 [ 174.462231][ T6911] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 174.468106][ T6911] ? _raw_spin_unlock+0x40/0x40 [ 174.472948][ T6911] ? print_memory_metadata+0x314/0x400 [ 174.478394][ T6911] ? rose_get_neigh+0x391/0x990 [ 174.483232][ T6911] check_panic_on_warn+0x84/0xa0 [ 174.488156][ T6911] ? rose_get_neigh+0x391/0x990 [ 174.493430][ T6911] end_report+0x6f/0x140 [ 174.497657][ T6911] kasan_report+0x128/0x150 [ 174.502146][ T6911] ? rose_get_neigh+0x391/0x990 [ 174.506984][ T6911] rose_get_neigh+0x391/0x990 [ 174.511648][ T6911] rose_connect+0x417/0x10a0 [ 174.516229][ T6911] ? aa_sk_perm+0x7fc/0x930 [ 174.520716][ T6911] ? rose_bind+0x7c0/0x7c0 [ 174.525119][ T6911] ? aa_af_perm+0x1f0/0x2b0 [ 174.529603][ T6911] ? tomoyo_socket_connect_permission+0x164/0x290 [ 174.536005][ T6911] ? __might_fault+0xaa/0x120 [ 174.540667][ T6911] ? bpf_lsm_socket_connect+0x9/0x10 [ 174.545936][ T6911] ? security_socket_connect+0x80/0xa0 [ 174.551380][ T6911] ? rose_bind+0x7c0/0x7c0 [ 174.555781][ T6911] __sys_connect+0x397/0x420 [ 174.560447][ T6911] ? __sys_connect_file+0x180/0x180 [ 174.565650][ T6911] __x64_sys_connect+0x7a/0x90 [ 174.570404][ T6911] do_syscall_64+0x55/0xb0 [ 174.574807][ T6911] ? clear_bhb_loop+0x40/0x90 [ 174.579469][ T6911] ? clear_bhb_loop+0x40/0x90 [ 174.584128][ T6911] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 174.590012][ T6911] RIP: 0033:0x7f1b4d78e929 [ 174.594412][ T6911] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 174.613999][ T6911] RSP: 002b:00007f1b4e553038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 174.622395][ T6911] RAX: ffffffffffffffda RBX: 00007f1b4d9b6080 RCX: 00007f1b4d78e929 [ 174.630352][ T6911] RDX: 000000000000001c RSI: 0000200000000040 RDI: 000000000000000f [ 174.638309][ T6911] RBP: 00007f1b4d810b39 R08: 0000000000000000 R09: 0000000000000000 [ 174.646265][ T6911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 174.654218][ T6911] R13: 0000000000000000 R14: 00007f1b4d9b6080 R15: 00007ffd36f27a18 [ 174.662178][ T6911] [ 174.665389][ T6911] Kernel Offset: disabled [ 174.669785][ T6911] Rebooting in 86400 seconds..