last executing test programs: 4.04013114s ago: executing program 2 (id=3): r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x20000005) r1 = socket$inet6(0xa, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x0, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nfc(&(0x7f00000000c0), r5) sendmsg$NFC_CMD_LLC_SDREQ(r5, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000240)={0x20, r6, 0x6d827113aa2625e5, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_LLC_SDP={0x4}]}, 0x20}}, 0x0) r7 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) setsockopt$sock_int(r7, 0x1, 0x8, &(0x7f0000000180)=0x10000, 0x4) gettid() preadv(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) lseek(0xffffffffffffffff, 0x9, 0x0) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r8, 0xc0502100, &(0x7f00000005c0)) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r8, 0xc0182101, &(0x7f0000000100)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r8, 0xc0502100, &(0x7f0000000480)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r8, 0xc0182101, &(0x7f00000000c0)={r9, 0x0, 0x2908}) 3.972405681s ago: executing program 3 (id=4): mount$bind(0x0, 0x0, &(0x7f0000000180), 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-aes-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f", 0xc) r2 = accept4(r1, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f00000003c0)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) sendmsg$alg(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}], 0x1}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@minixdf}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_user\x00', 0x26e1, 0x0) ioctl$TUNSETOFFLOAD(r3, 0x40086607, 0x20001412) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) r5 = eventfd(0x0) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, 0x0) ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000240)=r5) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000070000000850000000f00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001b40)={&(0x7f0000000100)='jbd2_handle_stats\x00', r6}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) poll(&(0x7f0000000180)=[{r5}], 0x1, 0x800) ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000200)={0x0, r5}) read(r5, &(0x7f0000000040)=""/14, 0xe) ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000500)) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x0, 0x1, 0x0, &(0x7f0000000640)=""/87, 0x0}) ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x20000) 2.973892158s ago: executing program 3 (id=6): r0 = socket$inet6(0xa, 0x2, 0x0) mkdir(0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r6}, 0x10) mkdir(0x0, 0x0) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a00060000000000000500e50000070000001ffeff0001000003f1dc7f7c6e870200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x10}}, 0x0) sendmmsg(r7, &(0x7f0000000180), 0x400008a, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000020000008500000086000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) fcntl$setown(0xffffffffffffffff, 0x8, r2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000000)={0x6, &(0x7f0000000080)=[{}, {0x0, 0x2, 0xc9, 0x6}, {0x7, 0x7, 0xc6, 0x7}, {0x7ffd, 0xd, 0xfe, 0x5}, {0x0, 0x3, 0xdc, 0xc}, {0x7d3, 0x5, 0x83, 0xffff1a30}]}, 0x10) 2.884440367s ago: executing program 2 (id=7): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) sendto$inet(r5, 0x0, 0x0, 0x24048081, 0x0, 0x0) connect$inet(r5, &(0x7f0000000140)={0x2, 0x0, @empty}, 0x10) r6 = add_key(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r6, r7, 0x0) keyctl$clear(0x3, r6) 1.702605263s ago: executing program 3 (id=8): bpf$PROG_LOAD(0x5, &(0x7f0000002200)={0x0, 0x5, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xa8}, @call]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x4040ae79, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xb, 0x1f, 0x2, 0xbf22, 0x1}, 0x48) bind$bt_sco(0xffffffffffffffff, &(0x7f0000000340)={0x1f, @none}, 0x8) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000400), 0x401, r0, 0x0, 0xa002a0}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000300)={&(0x7f0000000080)='`', &(0x7f0000000140)=""/184, &(0x7f0000000200), &(0x7f0000001540), 0x1, r0}, 0x38) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x7, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000a50a010000000000050002000000000005000000000000008505000000ffffff95"], &(0x7f0000000100)='GPL\x00'}, 0x90) bind$alg(0xffffffffffffffff, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f0000000380)={[{@test_dummy_encryption}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@stripe={'stripe', 0x3d, 0x7}}, {@commit={'commit', 0x3d, 0x5}}, {@orlov}, {@barrier_val={'barrier', 0x3d, 0x8}}, {@max_batch_time}, {}]}, 0xd, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r2 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000280)={{}, 'syz1\x00'}) ioctl$UI_DEV_CREATE(r3, 0x5501) r4 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r4, 0x29, 0x19, &(0x7f0000000380)=0x7, 0x4) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x0, 0x0, 0x4c) recvmmsg(r4, &(0x7f0000002fc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=""/62, 0x3e}}], 0x1, 0x2101, 0x0) syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x0) dup(r2) r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x12, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r5}, {}, {0x85, 0x0, 0x0, 0xba}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 1.296418378s ago: executing program 0 (id=1): chdir(&(0x7f0000000040)='./file0\x00') r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$fou(&(0x7f00000001c0), 0xffffffffffffffff) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x0, 0x40}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000001a40), 0x1003, r4}, 0x38) write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0xb0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r5, 0x8946, &(0x7f0000000900)={'veth0_vlan\x00', @random='\x00\x00\x00 \x00'}) r6 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r6, 0x4008af00, &(0x7f0000000140)=0x200000000) write$vhost_msg_v2(r6, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r6, &(0x7f0000000080)={0x2, 0x0, {&(0x7f0000000a00)=""/4096, 0x1000, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000440)={0x2, 0x0, {&(0x7f0000000000)=""/95, 0x5f, 0x0, 0x0, 0x4}}, 0x48) 1.277393961s ago: executing program 4 (id=5): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = epoll_create1(0x0) epoll_pwait(r2, &(0x7f0000000200)=[{}], 0x1, 0x6e, 0x0, 0x0) close(r2) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x8, 0xc}, 0x48) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x0, 0x4, 0x4, 0x12}, 0x48) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_SET_LIMITS(r5, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000004}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x24, r6, 0x200, 0x0, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_SUBFLOWS={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x50040080}, 0x40844) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) r9 = socket$inet6(0xa, 0x3, 0x2) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r9, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_DAT_CACHE(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r8, 0x305, 0x0, 0x0, {0x7}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r10}]}, 0x1c}}, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f00000004c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000400)={0x68, r6, 0x4, 0x70bd25, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x6}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x8}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x7}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4}]}, 0x68}, 0x1, 0x0, 0x0, 0x804}, 0x20004010) r11 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x4, [@func_proto={0x0, 0x0, 0x0, 0xd, 0xa}, @enum={0x0, 0x2, 0x0, 0x6, 0x4, [{0x2}, {}]}]}, {0x0, [0x0, 0x5f]}}, &(0x7f0000000f40)=""/4089, 0x44, 0xff9, 0x8}, 0x20) sendmsg$nl_route(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000005400e501000000000000000007000000", @ANYRES32, @ANYBLOB="000001001d6403b747b21260d9cfa4812c7f443a2c90b726284fb798156dafc5a727600d263799c7087c7b4ec9d60526e2181f9a264aba8c92160d346903a97b0676ba8b33d22a26cb17632c86831815ce100b795e7db05fc8fe7d251923ee0970657ef58abba7469ceb201b94335d4ca130b01189d0b9d6002209b54b41a11d7ae8a3b68edc7d9a66dffc6a239cb89acfe5c40babc9e7b290d11e9c5ef01d7fdc3d7c70cd8b87f8582d1d19946bd163ac9445dffc1f6faed0393a62860aba7a6d7b6a", @ANYRES32, @ANYBLOB="00000000ffffffff00000000000000000000000086dd0000"], 0x38}}, 0x0) r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffbf03000008000000b704000000000000850000000300000085000000070000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r12}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00'}) socket$nl_route(0x10, 0x3, 0x0) 157.927946ms ago: executing program 1 (id=2): r0 = socket$phonet(0x23, 0x2, 0x1) recvfrom$phonet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f00000044c0)=ANY=[], 0x1458) syz_open_dev$dri(&(0x7f0000000000), 0x2d1, 0x0) ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, &(0x7f0000000800)={0x0, 0x0, 0xa, 0x0, 0x0, [], [], [], [0x3]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[], 0x0, 0x37}, 0x20) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0x0, 0x4, 0x0, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1}, 0x48) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/vmallocinfo\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000000)) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000180)={r2, 0x0, 0x0}, 0x20) preadv(r3, &(0x7f0000001c00)=[{&(0x7f0000000a00)=""/4075, 0xfeb}], 0x1, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)) syz_mount_image$hfs(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x204080, &(0x7f0000000140)={[{@codepage={'codepage', 0x3d, 'cp1250'}}, {@iocharset={'iocharset', 0x3d, 'macceltic'}}, {@uid}, {@dir_umask={'dir_umask', 0x3d, 0x3}}]}, 0x3a, 0x286, &(0x7f0000000200)="$eJzs3c9qE1EUx/HfnaRtakud/pGCy2rBldi6ETeK9CFciKhNhGKooBXUlbgWcSe4d+dafAE3rsQX0JUrHyC7kXtnkkzi/Gs0uU38fiAhOvfcOaczydwTSCIA/60be9/fX/5pb0aqqSbpqhRIakh1SWe02XhyeHRw1G41iyaquQh7M4ojzR9j9g9bWaE2zkUkQvuvupbT/4fxiKIo+uE7CXjnnv0ZAmkheXa67Y2JZzYeL3wn4JnpqKOnWvGdBwDAr+T6HyTX+eVk/R4E0nZy2Z+p63/HdwKepa7/rsuKjD2+p92mfr/nWji7Peh2iQUz5m6ZV3xmDSwwTVlX6XIJFu8ftFsX9x+2m4Fe6loiNWzD3TfjU7erJNutgmQzlNeeZ8nVMGdr2M3Jf32UPb49fio95ov5am6bUO/U7K3/6pGxh8kdqdAdqbAXEOd/KX9GV2UYj8qpctXt5GyyB336UKHKRnZHou4ZtarBNwjCbp5v5gui1oai4up28qtzUeuZUbslURvDUf2zOT9ydDllDzGvzU2zpV/6qL3U+j+wf+1tVXlm2jFuZHJmFNZTdyPDCokFldJHVXOFW1/pnq5o5fGz5w/uttutR1PxoHYy0pj4g7omsa/uCXMiSp7tB/rreWpa0FhTLXrxWPyXr1PwqH/QtXnLdzLwwa67TNz/pfqV626b7ZNCt06fU9Y6PSqbPDXjTk5vsObuTx2rg1vK7+Cq9lznLkjnC/b4eXDaMMlzRpg9fdMd3v8HAAAAAAAAAAAAAAAAAACYNtU+D7CQjB7t4wSeSwQAAAAAAAAAAAAAAAAAAAAAYOqN//d/U9/qXf77v+5buvn9X2AyfgcAAP//C8h7PA==") mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x800001, 0x28011, 0xffffffffffffffff, 0x0) r4 = socket$kcm(0x2, 0x3, 0x84) sendmsg$inet(r4, 0x0, 0x48044) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r5, &(0x7f0000000840)='cgroup.threads\x00', 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x31) 0s ago: executing program 0 (id=9): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$ENABLE_STATS(0x20, 0x0, 0xffffffffffffffad) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18020000200000000000000000000000850000004100000095000000000000004be98911ed5a3cf4451d51e400827eef4df9eb3fd52b8f0a456c3a6cfd127868ad3fe3f9a9b946c97f9fc091e4c3f4b0a0d7ed298717a480c48868562f04005972b6a5265519fee4cb1b8b93f0b164770fd40c7a8060ce72beff7cda177e28a1a97b2c8c56a3f15b2f7a9b7ae2cf52d08555d3c3315e95095217bff8c9441a45fd00000000000000979ed4e35d21d13d428af521c553b9420385390207dc1634aee0244045e5c380e6090329d37b29a56c16d5c7bee160b91246bd2c205047bd92581165c774b1fd46072c161f1d33e6d5c1a5db7a714e3ed5468408f279bd9f98ec3c5ffd79cd37810f03000000b65d147fa05253a600adfb03775847b220369339529d434f3190c81c3dd501a780cfaaaa916c8a33ee4b52d18e160428893f33d206d3a7195e7f69c831099bdc940000aa2c2e61509bf6c58b100000000000000000000000005e3210346531c1eb14fbec6eb35d6f3e3853512c6bf186bd8b75d17aeeaa07"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096}, 0x70) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r2, r1, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x4a, &(0x7f0000000980)={@local, @random="c4bc9cac9686", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @local, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = syz_usb_connect$printer(0x0, 0x36, 0x0, 0x0) syz_usb_disconnect(r5) r6 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x7, 0x1, 0x1}}]}}]}}, 0x0) syz_usb_control_io$printer(r6, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}}) r7 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r7, 0x541b, 0x0) r8 = syz_usb_connect(0x0, 0x4a, 0x0, 0x0) syz_usb_control_io(r8, 0x0, &(0x7f0000000dc0)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x20, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_ep_write$ath9k_ep1(r8, 0x82, 0x88, &(0x7f0000000040)=ANY=[]) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r4}, 0x10) r9 = socket$inet6_udp(0xa, 0x2, 0x0) r10 = dup2(r9, r9) connect$pppl2tp(r10, &(0x7f00000000c0)=@pppol2tp={0xa, 0x1, {0xffff0000, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, 0x26) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r11, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.2' (ED25519) to the list of known hosts. [ 55.254846][ T5216] cgroup: Unknown subsys name 'net' [ 55.420988][ T5216] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 56.769901][ T5216] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 59.018799][ T5239] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 59.029569][ T5239] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 59.039247][ T5244] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 59.064246][ T5244] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 59.071128][ T5239] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 59.074242][ T5243] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 59.083363][ T5239] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 59.090574][ T5244] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 59.106154][ T5239] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 59.108503][ T5244] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 59.114885][ T5239] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 59.124240][ T5244] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 59.134733][ T5239] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 59.143670][ T5244] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 59.151004][ T5239] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 59.158102][ T5244] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 59.168326][ T5239] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 59.175306][ T5244] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 59.183929][ T5239] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 59.191975][ T5244] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 59.201589][ T5239] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 59.209186][ T5238] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 59.218555][ T5239] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 59.229087][ T5238] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 59.235892][ T5239] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 59.256831][ T5238] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 59.268208][ T55] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 59.275901][ T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 59.279328][ T5238] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 59.294997][ T5238] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 59.635903][ T5227] chnl_net:caif_netlink_parms(): no params data found [ 59.816252][ T5230] chnl_net:caif_netlink_parms(): no params data found [ 59.888027][ T5227] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.896962][ T5227] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.907048][ T5227] bridge_slave_0: entered allmulticast mode [ 59.914192][ T5227] bridge_slave_0: entered promiscuous mode [ 59.923262][ T5240] chnl_net:caif_netlink_parms(): no params data found [ 59.940211][ T5228] chnl_net:caif_netlink_parms(): no params data found [ 59.965793][ T5227] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.973015][ T5227] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.982408][ T5227] bridge_slave_1: entered allmulticast mode [ 59.989253][ T5227] bridge_slave_1: entered promiscuous mode [ 60.088398][ T5227] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.097856][ T5226] chnl_net:caif_netlink_parms(): no params data found [ 60.146134][ T5227] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.190985][ T5230] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.198939][ T5230] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.208721][ T5230] bridge_slave_0: entered allmulticast mode [ 60.218391][ T5230] bridge_slave_0: entered promiscuous mode [ 60.241105][ T5227] team0: Port device team_slave_0 added [ 60.266918][ T5230] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.276296][ T5230] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.284776][ T5230] bridge_slave_1: entered allmulticast mode [ 60.291835][ T5230] bridge_slave_1: entered promiscuous mode [ 60.315061][ T5227] team0: Port device team_slave_1 added [ 60.343371][ T5240] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.351560][ T5240] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.360107][ T5240] bridge_slave_0: entered allmulticast mode [ 60.368813][ T5240] bridge_slave_0: entered promiscuous mode [ 60.413905][ T5240] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.422021][ T5240] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.431721][ T5240] bridge_slave_1: entered allmulticast mode [ 60.440064][ T5240] bridge_slave_1: entered promiscuous mode [ 60.458298][ T5230] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.484615][ T5228] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.492251][ T5228] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.500126][ T5228] bridge_slave_0: entered allmulticast mode [ 60.507486][ T5228] bridge_slave_0: entered promiscuous mode [ 60.518818][ T5228] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.526194][ T5228] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.534338][ T5228] bridge_slave_1: entered allmulticast mode [ 60.542954][ T5228] bridge_slave_1: entered promiscuous mode [ 60.559546][ T5230] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.580080][ T5227] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.588242][ T5227] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.616261][ T5227] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.644460][ T5240] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.657038][ T5240] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.684190][ T5227] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.692235][ T5227] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.725462][ T5227] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.752166][ T5226] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.760051][ T5226] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.768165][ T5226] bridge_slave_0: entered allmulticast mode [ 60.778940][ T5226] bridge_slave_0: entered promiscuous mode [ 60.807153][ T5230] team0: Port device team_slave_0 added [ 60.815644][ T5230] team0: Port device team_slave_1 added [ 60.832976][ T5226] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.840415][ T5226] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.848379][ T5226] bridge_slave_1: entered allmulticast mode [ 60.856127][ T5226] bridge_slave_1: entered promiscuous mode [ 60.864906][ T5228] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.915072][ T5228] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.935567][ T5240] team0: Port device team_slave_0 added [ 60.942856][ T5230] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.950102][ T5230] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.976535][ T5230] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.996561][ T5226] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.009144][ T5226] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.027904][ T5240] team0: Port device team_slave_1 added [ 61.034626][ T5230] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.041790][ T5230] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.070682][ T5230] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.086619][ T5227] hsr_slave_0: entered promiscuous mode [ 61.094755][ T5227] hsr_slave_1: entered promiscuous mode [ 61.112424][ T5228] team0: Port device team_slave_0 added [ 61.122749][ T5228] team0: Port device team_slave_1 added [ 61.170301][ T5240] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.180541][ T5240] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.212542][ T5240] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.252460][ T5226] team0: Port device team_slave_0 added [ 61.268928][ T5240] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.277131][ T5240] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.311363][ T5240] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.334513][ T5233] Bluetooth: hci1: command tx timeout [ 61.334518][ T5238] Bluetooth: hci3: command tx timeout [ 61.334783][ T5233] Bluetooth: hci2: command tx timeout [ 61.365717][ T5226] team0: Port device team_slave_1 added [ 61.384289][ T5228] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.397472][ T5228] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.429169][ T5228] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.444190][ T5233] Bluetooth: hci0: command tx timeout [ 61.444202][ T5242] Bluetooth: hci4: command tx timeout [ 61.446756][ T5228] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.467440][ T5228] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.504317][ T5228] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.523759][ T5230] hsr_slave_0: entered promiscuous mode [ 61.530949][ T5230] hsr_slave_1: entered promiscuous mode [ 61.537741][ T5230] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.546860][ T5230] Cannot create hsr debugfs directory [ 61.566557][ T5226] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.573788][ T5226] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.600394][ T5226] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.637716][ T5226] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.646510][ T5226] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.678456][ T5226] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.693110][ T5240] hsr_slave_0: entered promiscuous mode [ 61.699790][ T5240] hsr_slave_1: entered promiscuous mode [ 61.706459][ T5240] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.716205][ T5240] Cannot create hsr debugfs directory [ 61.780512][ T5228] hsr_slave_0: entered promiscuous mode [ 61.788561][ T5228] hsr_slave_1: entered promiscuous mode [ 61.795785][ T5228] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.806550][ T5228] Cannot create hsr debugfs directory [ 61.899621][ T5226] hsr_slave_0: entered promiscuous mode [ 61.907468][ T5226] hsr_slave_1: entered promiscuous mode [ 61.914495][ T5226] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.922070][ T5226] Cannot create hsr debugfs directory [ 62.123178][ T5227] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 62.154913][ T5227] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 62.179503][ T5227] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 62.190066][ T5227] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 62.257984][ T5230] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 62.271058][ T5230] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 62.297459][ T5230] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 62.308710][ T5230] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 62.366522][ T5228] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 62.388220][ T5228] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 62.406883][ T5228] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 62.437820][ T5228] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 62.482280][ T5240] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 62.497605][ T5240] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 62.508792][ T5240] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 62.539444][ T5240] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 62.573133][ T5227] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.632850][ T5226] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 62.645476][ T5226] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 62.660784][ T5226] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 62.684369][ T5226] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 62.707741][ T5227] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.749230][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.757205][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.778427][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.785720][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.798711][ T5230] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.854873][ T5230] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.902842][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.911021][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.924742][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.934808][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.953086][ T5228] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.980715][ T5228] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.022550][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.029913][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.053402][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.062306][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.087580][ T5240] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.169534][ T5240] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.205278][ T5226] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.257247][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.265222][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.275523][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.283243][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.310972][ T5226] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.361151][ T2583] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.368370][ T2583] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.402984][ T5227] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.416084][ T5233] Bluetooth: hci3: command tx timeout [ 63.416132][ T5242] Bluetooth: hci1: command tx timeout [ 63.422136][ T5233] Bluetooth: hci2: command tx timeout [ 63.435924][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.443001][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.471327][ T5230] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.493946][ T5233] Bluetooth: hci4: command tx timeout [ 63.504765][ T5233] Bluetooth: hci0: command tx timeout [ 63.523004][ T5240] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 63.539921][ T5240] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 63.660211][ T5230] veth0_vlan: entered promiscuous mode [ 63.682159][ T5227] veth0_vlan: entered promiscuous mode [ 63.718761][ T5227] veth1_vlan: entered promiscuous mode [ 63.779922][ T5230] veth1_vlan: entered promiscuous mode [ 63.807376][ T5228] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.830920][ T5227] veth0_macvtap: entered promiscuous mode [ 63.874935][ T5227] veth1_macvtap: entered promiscuous mode [ 63.959171][ T5230] veth0_macvtap: entered promiscuous mode [ 63.980924][ T5227] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.015896][ T5230] veth1_macvtap: entered promiscuous mode [ 64.037688][ T5227] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.066591][ T5240] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.092320][ T5227] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.110856][ T5227] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.121184][ T5227] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.136049][ T5227] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.156919][ T5230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.169712][ T5230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.190159][ T5230] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.202037][ T5230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.214680][ T5230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.232166][ T5230] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.251912][ T5230] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.262703][ T5230] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.274456][ T5230] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.287676][ T5230] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.318902][ T5226] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.427273][ T5240] veth0_vlan: entered promiscuous mode [ 64.491755][ T5240] veth1_vlan: entered promiscuous mode [ 64.511868][ T5226] veth0_vlan: entered promiscuous mode [ 64.519736][ T5228] veth0_vlan: entered promiscuous mode [ 64.536143][ T2583] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.543761][ T5228] veth1_vlan: entered promiscuous mode [ 64.553728][ T2583] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.589501][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.601455][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.608203][ T5226] veth1_vlan: entered promiscuous mode [ 64.657841][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.664277][ T5228] veth0_macvtap: entered promiscuous mode [ 64.676795][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.717900][ T5228] veth1_macvtap: entered promiscuous mode [ 64.724572][ T2915] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.740136][ T2915] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.741697][ T5240] veth0_macvtap: entered promiscuous mode [ 64.757283][ T5226] veth0_macvtap: entered promiscuous mode [ 64.795897][ T5240] veth1_macvtap: entered promiscuous mode [ 64.811231][ T5228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.822498][ T5228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.833241][ T5228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.848293][ T5228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.862444][ T5228] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.880484][ T5226] veth1_macvtap: entered promiscuous mode [ 64.897428][ T5228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.910944][ T5228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.924135][ T5228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.940688][ T5228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.955102][ T5228] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.970772][ T5228] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.982019][ T5228] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.997385][ T5228] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.008327][ T5228] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.096079][ T5226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.133858][ T5226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.167380][ T5226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.185349][ T5226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.199956][ T5226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.216397][ T5226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.251720][ T5226] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.283232][ T5320] loop3: detected capacity change from 0 to 512 [ 65.298298][ T5226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.314021][ T5226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.329297][ T5226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.349356][ T5226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.367878][ T5226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.379762][ T5226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.409600][ T5320] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 65.439952][ T5226] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.468298][ T5240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.475487][ T5320] ext4 filesystem being mounted at /0/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 65.496054][ T5240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.523700][ T5233] Bluetooth: hci1: command tx timeout [ 65.531644][ T5233] Bluetooth: hci3: command tx timeout [ 65.533937][ T5240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.539783][ T5233] Bluetooth: hci2: command tx timeout [ 65.573969][ T5233] Bluetooth: hci0: command tx timeout [ 65.582418][ T5233] Bluetooth: hci4: command tx timeout [ 65.611189][ T5240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.632949][ T5240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.650651][ T5240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.662058][ T5240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.676718][ T5240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.689477][ T5240] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.725143][ T5226] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.745906][ T5226] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.761814][ T5226] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.780263][ T5226] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.800407][ T5240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.821631][ T5240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.836083][ T5240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.849873][ T5240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.862804][ T5240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.875764][ T5240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.887699][ T5240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.900951][ T5240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.918153][ T5240] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.938861][ T5240] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.953730][ T5240] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.971227][ T5240] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.983210][ T5240] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.095385][ T5230] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 66.230692][ T2915] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.259132][ T2915] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.308758][ T2915] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.322115][ T2915] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.284919][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.339231][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.449344][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.474711][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.509390][ T2583] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.535060][ T5340] loop3: detected capacity change from 0 to 1024 [ 67.541941][ T2583] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.574191][ T5238] Bluetooth: hci3: command tx timeout [ 67.574812][ T5233] Bluetooth: hci1: command tx timeout [ 67.656602][ T5233] Bluetooth: hci0: command tx timeout [ 67.656630][ T5238] Bluetooth: hci2: command tx timeout [ 67.662486][ T5233] Bluetooth: hci4: command tx timeout [ 67.674008][ T2915] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.675285][ T0] NOHZ tick-stop error: local softirq work is pending, handler #340!!! [ 67.696069][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 67.771805][ T2915] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.867931][ T5340] EXT4-fs: Ignoring removed orlov option [ 67.889460][ T5340] EXT4-fs (loop3): Test dummy encryption mode enabled [ 67.938526][ T5340] EXT4-fs (loop3): stripe (7) is not aligned with cluster size (16), stripe is disabled [ 68.096479][ T5347] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5'. [ 68.134646][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 68.494500][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 68.502774][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 68.834835][ T5340] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 69.113411][ T5340] BUG: spinlock (null) on CPU#-1950675520, x/-1 [ 69.113469][ T5340] ================================================================== [ 69.127945][ T5340] BUG: KASAN: stack-out-of-bounds in vprintk_store+0x103/0x1160 [ 69.135596][ T5340] Write of size 32 at addr ffffc900043c7700 by task syz.3.8/5340 [ 69.143295][ T5340] [ 69.145617][ T5340] CPU: 1 UID: 0 PID: 5340 Comm: syz.3.8 Not tainted 6.11.0-rc4-next-20240820-syzkaller #0 [ 69.155580][ T5340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 69.165625][ T5340] Call Trace: [ 69.168890][ T5340] [ 69.171834][ T5340] dump_stack_lvl+0x241/0x360 [ 69.176519][ T5340] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.181723][ T5340] ? __pfx__printk+0x10/0x10 [ 69.186330][ T5340] ? _printk+0xd5/0x120 [ 69.190930][ T5340] print_report+0x169/0x550 [ 69.195480][ T5340] ? vsnprintf+0x948/0x1da0 [ 69.199990][ T5340] ? __virt_addr_valid+0xbd/0x530 [ 69.205006][ T5340] ? vprintk_store+0x103/0x1160 [ 69.209840][ T5340] kasan_report+0x143/0x180 [ 69.214451][ T5340] ? vprintk_store+0x103/0x1160 [ 69.219299][ T5340] kasan_check_range+0x282/0x290 [ 69.224320][ T5340] __asan_memset+0x23/0x50 [ 69.229069][ T5340] vprintk_store+0x103/0x1160 [ 69.234254][ T5340] ? vprintk_store+0xd2a/0x1160 [ 69.239178][ T5340] ? vprintk_store+0xdb3/0x1160 [ 69.244187][ T5340] ? __pfx_vprintk_store+0x10/0x10 [ 69.249317][ T5340] ? __pfx_vprintk_store+0x10/0x10 [ 69.254865][ T5340] ? is_bpf_text_address+0x26/0x2a0 [ 69.260361][ T5340] ? __pfx_lock_release+0x10/0x10 [ 69.265485][ T5340] ? unwind_next_frame+0x18e6/0x22d0 [ 69.271277][ T5340] ? preempt_count_add+0x93/0x190 [ 69.277228][ T5340] vprintk_emit+0x1e0/0x7c0 [ 69.281748][ T5340] ? __pfx_vprintk_emit+0x10/0x10 [ 69.287065][ T5340] ? vprintk_emit+0x1e0/0x7c0 [ 69.291753][ T5340] ? __pfx_vprintk_emit+0x10/0x10 [ 69.298414][ T5340] _printk+0xd5/0x120 [ 69.302708][ T5340] ? report_bug+0x25e/0x500 [ 69.307785][ T5340] ? __pfx__printk+0x10/0x10 [ 69.313233][ T5340] ? _printk+0xd5/0x120 [ 69.317409][ T5340] ? __pfx__printk+0x10/0x10 [ 69.322079][ T5340] ? find_bug+0xa3/0x390 [ 69.326853][ T5340] ? lockdep_hardirqs_on_prepare+0x497/0x780 [ 69.334154][ T5340] report_bug+0x346/0x500 [ 69.338498][ T5340] ? lockdep_hardirqs_on_prepare+0x497/0x780 [ 69.344719][ T5340] handle_bug+0x60/0x90 [ 69.349481][ T5340] exc_invalid_op+0x1a/0x50 [ 69.354114][ T5340] asm_exc_invalid_op+0x1a/0x20 [ 69.359015][ T5340] RIP: e300:lockdep_hardirqs_on_prepare+0x497/0x780 [ 69.365617][ T5340] Code: 00 00 65 48 8b 04 25 28 00 00 00 48 3b 44 24 60 0f 85 ab 02 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 90 <0f> 0b 90 48 c7 c7 40 ce 0a 8c e8 ea a1 4b 0a 48 ba 00 00 00 00 00 [ 69.385302][ T5340] RSP: 0018:ffffc900043c7ba0 EFLAGS: 00010097 [ 69.391378][ T5340] RAX: 0000000000000000 RBX: ffffffffffffffff RCX: 1ffff92000878f34 [ 69.399342][ T5340] RDX: dffffc0000000000 RSI: 00000000000000ee RDI: 00000000000000ef [ 69.408069][ T5340] RBP: 1ffff92000878f78 R08: ffffffff81324838 R09: 1ffff110045e9000 [ 69.416602][ T5340] R10: dffffc0000000000 R11: ffffed10045e9001 R12: 0000000000000000 [ 69.427882][ T5340] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffff92000878f78 [ 69.435950][ T5340] ? __switch_to+0x768/0x1c30 [ 69.440737][ T5340] ? futex_wake+0x1e8/0x5c0 [ 69.445335][ T5340] ? __pfx_futex_wake+0x10/0x10 [ 69.450179][ T5340] ? getname_flags+0x3f0/0x540 [ 69.455060][ T5340] ? do_futex+0x392/0x560 [ 69.459728][ T5340] ? __pfx_do_futex+0x10/0x10 [ 69.465221][ T5340] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 69.471278][ T5340] ? __se_sys_futex+0x3f9/0x480 [ 69.476382][ T5340] ? __pfx___se_sys_futex+0x10/0x10 [ 69.482206][ T5340] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 69.489110][ T5340] ? do_syscall_64+0x100/0x230 [ 69.494652][ T5340] ? __x64_sys_futex+0x21/0xf0 [ 69.500452][ T5340] ? do_syscall_64+0xf3/0x230 [ 69.505448][ T5340] ? clear_bhb_loop+0x35/0x90 [ 69.510321][ T5340] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.517192][ T5340] [ 69.520589][ T5340] [ 69.523157][ T5340] The buggy address belongs to stack of task syz.3.8/5340 [ 69.530387][ T5340] and is located at offset 128 in frame: [ 69.536105][ T5340] vprintk_store+0x0/0x1160 [ 69.540984][ T5340] [ 69.543406][ T5340] This frame has 8 objects: [ 69.548184][ T5340] [32, 40) 'flags.i.i.i257' [ 69.548194][ T5340] [64, 72) 'flags.i.i.i256' [ 69.552851][ T5340] [96, 104) 'flags.i.i.i' [ 69.558416][ T5340] [128, 160) 'e' [ 69.563184][ T5340] [192, 196) 'flags' [ 69.567001][ T5340] [208, 232) 'r' [ 69.571089][ T5340] [272, 280) 'prefix_buf' [ 69.574826][ T5340] [304, 328) 'args2' [ 69.579522][ T5340] [ 69.586417][ T5340] The buggy address belongs to the virtual mapping at [ 69.586417][ T5340] [ffffc900043c0000, ffffc900043c9000) created by: [ 69.586417][ T5340] copy_process+0x5d1/0x3d50 [ 69.610276][ T5340] [ 69.612716][ T5340] The buggy address belongs to the physical page: [ 69.619782][ T5340] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802e8a7a80 pfn:0x2e8a7 [ 69.630221][ T5340] memcg:ffff88801f74a402 [ 69.634659][ T5340] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 69.642191][ T5340] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 69.652010][ T5340] raw: ffff88802e8a7a80 0000000000000000 00000001ffffffff ffff88801f74a402 [ 69.661542][ T5340] page dumped because: kasan: bad access detected [ 69.668498][ T5340] page_owner tracks the page as allocated [ 69.674789][ T5340] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 5330, tgid 5330 (syz.3.6), ts 66477630305, free_ts 66052987407 [ 69.693670][ T5340] post_alloc_hook+0x1f3/0x230 [ 69.698993][ T5340] get_page_from_freelist+0x3004/0x30c0 [ 69.705061][ T5340] __alloc_pages_noprof+0x29e/0x780 [ 69.710521][ T5340] alloc_pages_mpol_noprof+0x3e8/0x680 [ 69.717040][ T5340] __vmalloc_node_range_noprof+0xa40/0x1400 [ 69.722958][ T5340] dup_task_struct+0x444/0x8c0 [ 69.727712][ T5340] copy_process+0x5d1/0x3d50 [ 69.733001][ T5340] kernel_clone+0x226/0x8f0 [ 69.737507][ T5340] __se_sys_clone3+0x2cb/0x350 [ 69.742471][ T5340] do_syscall_64+0xf3/0x230 [ 69.747027][ T5340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.753715][ T5340] page last free pid 5240 tgid 5240 stack trace: [ 69.760290][ T5340] free_unref_page+0xc07/0xd90 [ 69.765041][ T5340] __slab_free+0x31b/0x3d0 [ 69.769527][ T5340] qlist_free_all+0x9e/0x140 [ 69.774186][ T5340] kasan_quarantine_reduce+0x14f/0x170 [ 69.779832][ T5340] __kasan_slab_alloc+0x23/0x80 [ 69.785151][ T5340] __kmalloc_node_noprof+0x1d2/0x440 [ 69.790486][ T5340] qdisc_alloc+0x97/0xa80 [ 69.794980][ T5340] qdisc_create_dflt+0x62/0x4b0 [ 69.800358][ T5340] dev_activate+0x3c0/0x1240 [ 69.805233][ T5340] __dev_open+0x352/0x450 [ 69.810511][ T5340] __dev_change_flags+0x1e2/0x6f0 [ 69.816309][ T5340] dev_change_flags+0x8b/0x1a0 [ 69.821426][ T5340] do_setlink+0xcd0/0x41f0 [ 69.826034][ T5340] rtnl_newlink+0x180d/0x20a0 [ 69.830708][ T5340] rtnetlink_rcv_msg+0x73f/0xcf0 [ 69.836130][ T5340] netlink_rcv_skb+0x1e3/0x430 [ 69.841320][ T5340] [ 69.843651][ T5340] Memory state around the buggy address: [ 69.849350][ T5340] ffffc900043c7600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 69.857480][ T5340] ffffc900043c7680: f1 f1 f1 f1 00 f2 f2 f2 00 f2 f2 f2 00 f2 f2 f2 [ 69.866401][ T5340] >ffffc900043c7700: 00 f2 f2 f2 f2 f2 f2 f2 04 f2 00 00 00 f2 f2 f2 [ 69.874710][ T5340] ^ [ 69.880192][ T5340] ffffc900043c7780: f2 f2 00 f2 f2 f2 00 00 00 f3 f3 f3 f3 f3 f3 f3 [ 69.889125][ T5340] ffffc900043c7800: f2 f2 00 00 00 f3 f3 f3 f3 f3 f3 f3 00 00 00 00 [ 69.897541][ T5340] ================================================================== [ 69.906828][ T5340] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 69.915081][ T5340] CPU: 1 UID: 0 PID: 5340 Comm: syz.3.8 Not tainted 6.11.0-rc4-next-20240820-syzkaller #0 [ 69.926535][ T5340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 69.937475][ T5340] Call Trace: [ 69.940817][ T5340] [ 69.946463][ T5340] dump_stack_lvl+0x241/0x360 [ 69.951684][ T5340] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.956964][ T5340] ? __pfx__printk+0x10/0x10 [ 69.961733][ T5340] ? rcu_is_watching+0x15/0xb0 [ 69.966507][ T5340] ? lock_release+0xbf/0xa30 [ 69.971216][ T5340] ? vscnprintf+0x5d/0x90 [ 69.975663][ T5340] panic+0x349/0x870 [ 69.979557][ T5340] ? check_panic_on_warn+0x21/0xb0 [ 69.985490][ T5340] ? __pfx_panic+0x10/0x10 [ 69.989924][ T5340] ? do_raw_spin_unlock+0x13c/0x8b0 [ 69.995325][ T5340] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 70.001271][ T5340] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 70.007600][ T5340] ? print_report+0x502/0x550 [ 70.012396][ T5340] check_panic_on_warn+0x86/0xb0 [ 70.017429][ T5340] ? vprintk_store+0x103/0x1160 [ 70.022371][ T5340] end_report+0x77/0x160 [ 70.026610][ T5340] kasan_report+0x154/0x180 [ 70.031102][ T5340] ? vprintk_store+0x103/0x1160 [ 70.036598][ T5340] kasan_check_range+0x282/0x290 [ 70.041984][ T5340] __asan_memset+0x23/0x50 [ 70.046923][ T5340] vprintk_store+0x103/0x1160 [ 70.051613][ T5340] ? vprintk_store+0xd2a/0x1160 [ 70.056625][ T5340] ? vprintk_store+0xdb3/0x1160 [ 70.061466][ T5340] ? __pfx_vprintk_store+0x10/0x10 [ 70.066562][ T5340] ? __pfx_vprintk_store+0x10/0x10 [ 70.071656][ T5340] ? is_bpf_text_address+0x26/0x2a0 [ 70.076854][ T5340] ? __pfx_lock_release+0x10/0x10 [ 70.083582][ T5340] ? unwind_next_frame+0x18e6/0x22d0 [ 70.089074][ T5340] ? preempt_count_add+0x93/0x190 [ 70.094214][ T5340] vprintk_emit+0x1e0/0x7c0 [ 70.099229][ T5340] ? __pfx_vprintk_emit+0x10/0x10 [ 70.104701][ T5340] ? vprintk_emit+0x1e0/0x7c0 [ 70.110768][ T5340] ? __pfx_vprintk_emit+0x10/0x10 [ 70.116494][ T5340] _printk+0xd5/0x120 [ 70.120822][ T5340] ? report_bug+0x25e/0x500 [ 70.125315][ T5340] ? __pfx__printk+0x10/0x10 [ 70.130262][ T5340] ? _printk+0xd5/0x120 [ 70.134679][ T5340] ? __pfx__printk+0x10/0x10 [ 70.139442][ T5340] ? find_bug+0xa3/0x390 [ 70.143787][ T5340] ? lockdep_hardirqs_on_prepare+0x497/0x780 [ 70.150297][ T5340] report_bug+0x346/0x500 [ 70.156213][ T5340] ? lockdep_hardirqs_on_prepare+0x497/0x780 [ 70.162548][ T5340] handle_bug+0x60/0x90 [ 70.168104][ T5340] exc_invalid_op+0x1a/0x50 [ 70.173237][ T5340] asm_exc_invalid_op+0x1a/0x20 [ 70.178696][ T5340] RIP: e300:lockdep_hardirqs_on_prepare+0x497/0x780 [ 70.185737][ T5340] Code: 00 00 65 48 8b 04 25 28 00 00 00 48 3b 44 24 60 0f 85 ab 02 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 90 <0f> 0b 90 48 c7 c7 40 ce 0a 8c e8 ea a1 4b 0a 48 ba 00 00 00 00 00 [ 70.206249][ T5340] RSP: 0018:ffffc900043c7ba0 EFLAGS: 00010097 [ 70.212394][ T5340] RAX: 0000000000000000 RBX: ffffffffffffffff RCX: 1ffff92000878f34 [ 70.220809][ T5340] RDX: dffffc0000000000 RSI: 00000000000000ee RDI: 00000000000000ef [ 70.228867][ T5340] RBP: 1ffff92000878f78 R08: ffffffff81324838 R09: 1ffff110045e9000 [ 70.237029][ T5340] R10: dffffc0000000000 R11: ffffed10045e9001 R12: 0000000000000000 [ 70.245256][ T5340] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffff92000878f78 [ 70.253858][ T5340] ? __switch_to+0x768/0x1c30 [ 70.259514][ T5340] ? futex_wake+0x1e8/0x5c0 [ 70.264744][ T5340] ? __pfx_futex_wake+0x10/0x10 [ 70.272157][ T5340] ? getname_flags+0x3f0/0x540 [ 70.277774][ T5340] ? do_futex+0x392/0x560 [ 70.282355][ T5340] ? __pfx_do_futex+0x10/0x10 [ 70.289307][ T5340] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 70.295965][ T5340] ? __se_sys_futex+0x3f9/0x480 [ 70.301192][ T5340] ? __pfx___se_sys_futex+0x10/0x10 [ 70.308086][ T5340] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 70.315985][ T5340] ? do_syscall_64+0x100/0x230 [ 70.321474][ T5340] ? __x64_sys_futex+0x21/0xf0 [ 70.326493][ T5340] ? do_syscall_64+0xf3/0x230 [ 70.331262][ T5340] ? clear_bhb_loop+0x35/0x90 [ 70.335997][ T5340] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.343251][ T5340] [ 71.422933][ T5340] Shutting down cpus with NMI [ 71.429102][ T5340] Kernel Offset: disabled [ 71.433424][ T5340] Rebooting in 86400 seconds..