last executing test programs: 19.047306867s ago: executing program 4 (id=5): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r0 = syz_io_uring_setup(0x204, &(0x7f0000000480)={0x0, 0xf67c, 0x8}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x55d7, 0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x2000000000, 0x0, 0x0, 0xa, 0x1, {0xfffe, r5}}) io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0) 17.95808148s ago: executing program 4 (id=13): r0 = socket(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) sched_setscheduler(0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x78, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x5}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0xca9, 0x0, 0x0, 0x0, 0xf407}, 0x0, 0x0, 0x2, 0x1, 0x1, 0x0, 0x5, 0x11, 0x3, 0x1ff, {0x4, 0x0, 0x0, 0x803, 0x30000000}}}}]}, 0x78}}, 0x0) 17.06207691s ago: executing program 0 (id=15): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r1, &(0x7f0000000040)=""/33, 0x21) 11.181423995s ago: executing program 0 (id=29): r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) shmget$private(0x0, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x54) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x40) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$AUTOFS_IOC_FAIL(r0, 0x4c80, 0xffffffffffffffb6) 6.481094359s ago: executing program 0 (id=34): syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') socket$inet_mptcp(0x2, 0x1, 0x106) socket$inet_tcp(0x2, 0x1, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$tipc(0x1e, 0x5, 0x0) io_uring_setup(0x1329, &(0x7f0000000700)={0x0, 0x92b5, 0x10, 0x2, 0x3a0}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet(0x2, 0x3, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) socket(0x15, 0x5, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9}, {0x800, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004cb], 0x0, 0x200}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 6.179482638s ago: executing program 1 (id=37): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x2}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000f80)={'wlan1\x00', &(0x7f0000000400)=@ethtool_stats={0x12}}) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$video(0x0, 0x9, 0x0) pipe2$watch_queue(0x0, 0x80) 5.090833838s ago: executing program 1 (id=39): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mkdirat(0xffffffffffffff9c, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_int(r2, 0x6, 0x24, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r2, &(0x7f0000000240)={0xa, 0x4001, 0x0, @loopback}, 0x1c) recvmmsg(r2, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000500)=""/4097, 0x1001}], 0x1}}], 0x1, 0x0, 0x0) pidfd_getfd(0xffffffffffffffff, r2, 0x0) splice(0xffffffffffffffff, &(0x7f0000000300)=0x3, 0xffffffffffffffff, &(0x7f0000000340)=0x80000000, 0x6, 0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x13}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) syz_emit_ethernet(0x32, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000008004900e5add009c500240000000000879078ac1414bbac1414358907efe000000186060000"], 0x0) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0xe2600, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000040)={0xc}) syz_80211_inject_frame(0x0, 0x0, 0x262) 4.120268786s ago: executing program 0 (id=43): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000000000)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe05000000000000000000009500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r4, 0x0, 0x6}, 0x18) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000003c0)={r2, r5, 0x0, 0x0, 0x0}, 0x30) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000080)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0xc, 0x0, 0x0, 0x0, 0x0, "8000"}, 0x0, 0x2, {}, 0x18603}) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000200)={0x60, 0x0, &(0x7f0000245000/0x2000)=nil, &(0x7f00004c7000/0x1000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21}) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x54}}, 0x0) sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, 0x0, 0x0) 3.957368687s ago: executing program 3 (id=44): open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0xfffffffffffffeb1, &(0x7f00000001c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) time(0xfffffffffffffffc) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_int(r3, 0x0, 0xf, 0x0, 0x0) ioperm(0x0, 0x444, 0xb1f) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000000300)=@newtaction={0x4c, 0x58, 0x284f, 0x0, 0x0, {}, [{0x38, 0x1, [@m_connmark={0x34, 0x0, 0x0, 0x0, {{0xd}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x4c}}, 0x0) ioctl$EXT4_IOC_SETFSUUID(r3, 0x4008662c, &(0x7f00000002c0)={0x0, 0x0, "f8cb3c8e56d17ad13810aaaeb6935d29"}) setitimer(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61158800000000006113500000000000bfa000000000000007000000ee0016055e15010000000000160500000000000069163e0000000000bf07000000000000260507000fff07206706000020000000150600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405a211e8833e1ba523cde51d04a7ca6732"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, &(0x7f0000000040)={0x3, 0x0, 0x9, 0x3}) 3.690029669s ago: executing program 1 (id=45): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = fanotify_init(0xf00, 0x0) fanotify_mark(r1, 0x1, 0x5000001b, r0, 0x0) 3.602650374s ago: executing program 1 (id=46): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x40, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000a00)={0x1, 0x1, 0xeeef0000, 0x2000, &(0x7f0000ffe000/0x2000)=nil, 0x4}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, 0x0) open_tree(0xffffffffffffff9c, 0x0, 0x81000) socket$inet_mptcp(0x2, 0x1, 0x106) close_range(r0, 0xffffffffffffffff, 0x0) 2.532570762s ago: executing program 32 (id=13): r0 = socket(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) sched_setscheduler(0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x78, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x5}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0xca9, 0x0, 0x0, 0x0, 0xf407}, 0x0, 0x0, 0x2, 0x1, 0x1, 0x0, 0x5, 0x11, 0x3, 0x1ff, {0x4, 0x0, 0x0, 0x803, 0x30000000}}}}]}, 0x78}}, 0x0) 2.484595609s ago: executing program 0 (id=49): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0x4) accept(r0, &(0x7f0000000080)=@can, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, 0x0, 0x0) sendmmsg$inet6(r1, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x0) 2.482632402s ago: executing program 3 (id=50): openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x1) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) r1 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) ioctl$SG_GET_VERSION_NUM(r1, 0x2284, &(0x7f0000000080)) 2.426454621s ago: executing program 1 (id=51): r0 = syz_open_dev$video(&(0x7f0000000100), 0x8002, 0x0) ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f00000001c0)={0x1, 0x102, 0x4, {0x4, 0xf7fff4f6, 0x770d0365, 0xb9c5a9dd}}) 2.253596825s ago: executing program 2 (id=53): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_COMPAT_GET(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e80)={0x28, 0x0, 0xb, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_COMPAT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4c000}, 0x8050) 2.061420737s ago: executing program 3 (id=54): ioprio_set$uid(0x3, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5}, 0x0) r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x6a020}], 0x1, 0x7000, 0x0, 0x3) 2.016808723s ago: executing program 2 (id=55): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x4250) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040e07000220"], 0xa) 1.930662116s ago: executing program 0 (id=56): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xa, 0x86, 0xf3, 0x40, 0x1110, 0x9024, 0xdb24, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0xe9, 0x50, 0x9, [{{0x9, 0x4, 0x62, 0x4, 0x0, 0x6f, 0x6f, 0x49, 0x5}}]}}]}}, 0x0) syz_usb_disconnect(r0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6161, 0x4d15, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}}}]}}]}}, 0x0) 1.829432028s ago: executing program 1 (id=57): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0xc) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x20, 0x3, 0x8, 0x3, 0x0, 0x0, {0x0, 0x0, 0x7fe}, [@CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @tcp}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}]}, 0x20}}, 0x0) 1.612578487s ago: executing program 3 (id=58): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000000000)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe05000000000000000000009500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r4, 0x0, 0x6}, 0x18) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000003c0)={r2, r5, 0x0, 0x0, 0x0}, 0x30) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000080)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0xc, 0x0, 0x0, 0x0, 0x0, "8000"}, 0x0, 0x2, {}, 0x18603}) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000200)={0x60, 0x0, &(0x7f0000245000/0x2000)=nil, &(0x7f00004c7000/0x1000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21}) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x54}}, 0x0) sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, 0x0, 0x0) 982.138766ms ago: executing program 2 (id=59): r0 = socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000400)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) sendmsg$inet(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)='P', 0x1}], 0x1}, 0x0) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r6, 0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xb, 0xc, 0x4, 0xc4f, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000100), 0x6c7, r9}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000440), 0x23, r9}, 0x38) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYRES8=r0, @ANYRES32=r0, @ANYRES32=r0], 0x6c}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) 358.915421ms ago: executing program 3 (id=60): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) syz_open_dev$sndpcmp(0x0, 0x3, 0x0) r2 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000100)="84", 0xffdf}], 0x1) 358.172799ms ago: executing program 2 (id=61): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="6112b0000000000061134c0000000000bf20000000000000160005003f1b48013d030100000000009500000000000000bc26000000000000bf67000000000000070600000fff07006702000003000000360600000ee600f0bf052000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 153.579266ms ago: executing program 2 (id=62): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, 0x0, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000380)=0x3, 0x4) 14.75543ms ago: executing program 2 (id=63): socket$inet(0x2, 0x6, 0x0) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r0, &(0x7f0000002a00)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000040)=""/43, 0x2b, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0x120) write$UHID_DESTROY(r0, &(0x7f0000000140), 0x4) write$UHID_SET_REPORT_REPLY(r0, 0x0, 0xb1) r1 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setsig(r1, 0xa, 0x13) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$cgroup_pid(r2, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, 0x0) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) fcntl$setlease(r1, 0x400, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{}, {0x0, 0x3938700}}, 0x0) truncate(&(0x7f0000000140)='./file0\x00', 0x0) 0s ago: executing program 3 (id=64): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r3}, 0x18) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) fsopen(&(0x7f0000000040)='afs\x00', 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$netlink(r5, &(0x7f0000002a80)={0x0, 0x0, 0x0}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000640)={0x2020, 0x0, 0x0, 0x0}, 0x2020) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) ioctl$TCXONC(r7, 0x540a, 0x0) sendfile(r7, r8, 0x0, 0x20000023896) ioctl$VHOST_VDPA_GET_DEVICE_ID(r8, 0x8004af70, &(0x7f0000000000)) mount$afs(&(0x7f0000000040)=@cell={0x23, 'syz1:', 'syz0'}, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={[], [{@uid_lt={'uid<', r6}}, {@uid_lt={'uid<', r6}}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@euid_lt={'euid<', r6}}, {@audit}]}) r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xaece, 0x0) close_range(r9, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.228' (ED25519) to the list of known hosts. [ 55.942944][ T5824] cgroup: Unknown subsys name 'net' [ 56.092444][ T5824] cgroup: Unknown subsys name 'cpuset' [ 56.100433][ T5824] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 57.365483][ T5824] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 59.612432][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 59.639555][ T5850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 59.646847][ T5850] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 59.655398][ T5850] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 59.664552][ T5850] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 59.673537][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 59.682687][ T5850] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 59.690478][ T5850] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 59.698497][ T5850] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 59.706107][ T5850] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 59.709661][ T5852] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 59.713966][ T5850] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 59.729835][ T5850] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 59.730340][ T5852] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 59.737435][ T5850] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 59.744899][ T5851] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 59.761820][ T5850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 59.763705][ T5851] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 59.776799][ T5851] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 59.779245][ T5850] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 59.784791][ T5836] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 59.798847][ T5851] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 59.806718][ T5836] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 59.812124][ T5854] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 59.823206][ T5854] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 59.833747][ T5854] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 59.847405][ T5836] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 59.860375][ T5846] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 59.872506][ T5836] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 59.879891][ T5836] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 60.256665][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 60.394334][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 60.404714][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 60.437048][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 60.452936][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 60.500151][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.507872][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.518111][ T5834] bridge_slave_0: entered allmulticast mode [ 60.525290][ T5834] bridge_slave_0: entered promiscuous mode [ 60.534915][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.542476][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.549710][ T5834] bridge_slave_1: entered allmulticast mode [ 60.556277][ T5834] bridge_slave_1: entered promiscuous mode [ 60.636037][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.647622][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.773126][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.783549][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.791924][ T5838] bridge_slave_0: entered allmulticast mode [ 60.799095][ T5838] bridge_slave_0: entered promiscuous mode [ 60.806685][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.814253][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.822237][ T5838] bridge_slave_1: entered allmulticast mode [ 60.829489][ T5838] bridge_slave_1: entered promiscuous mode [ 60.843835][ T5834] team0: Port device team_slave_0 added [ 60.852228][ T5834] team0: Port device team_slave_1 added [ 60.863730][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.871019][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.878178][ T5847] bridge_slave_0: entered allmulticast mode [ 60.885639][ T5847] bridge_slave_0: entered promiscuous mode [ 60.892423][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.903301][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.910566][ T5844] bridge_slave_0: entered allmulticast mode [ 60.917131][ T5844] bridge_slave_0: entered promiscuous mode [ 60.933634][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.941067][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.948224][ T5839] bridge_slave_0: entered allmulticast mode [ 60.955198][ T5839] bridge_slave_0: entered promiscuous mode [ 60.962321][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.969567][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.976731][ T5839] bridge_slave_1: entered allmulticast mode [ 60.983604][ T5839] bridge_slave_1: entered promiscuous mode [ 60.994997][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.002362][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.009680][ T5847] bridge_slave_1: entered allmulticast mode [ 61.016176][ T5847] bridge_slave_1: entered promiscuous mode [ 61.022939][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.030687][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.037875][ T5844] bridge_slave_1: entered allmulticast mode [ 61.044699][ T5844] bridge_slave_1: entered promiscuous mode [ 61.068102][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.086164][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.093478][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.119786][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.155167][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.165542][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.186434][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.196486][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.206708][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.235873][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.249505][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.261072][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.285809][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.304103][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.350741][ T5844] team0: Port device team_slave_0 added [ 61.369526][ T5847] team0: Port device team_slave_0 added [ 61.377164][ T5838] team0: Port device team_slave_0 added [ 61.385848][ T5838] team0: Port device team_slave_1 added [ 61.393212][ T5844] team0: Port device team_slave_1 added [ 61.423568][ T5847] team0: Port device team_slave_1 added [ 61.456376][ T5839] team0: Port device team_slave_0 added [ 61.479188][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.486163][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.512853][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.524939][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.532109][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.558157][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.579138][ T5839] team0: Port device team_slave_1 added [ 61.587619][ T5834] hsr_slave_0: entered promiscuous mode [ 61.594325][ T5834] hsr_slave_1: entered promiscuous mode [ 61.610172][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.617134][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.643935][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.662205][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.669318][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.695636][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.722197][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.729375][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.755533][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.772993][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.780311][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.806974][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.830377][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.837460][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.863537][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.891532][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.895371][ T5836] Bluetooth: hci4: command tx timeout [ 61.898801][ T53] Bluetooth: hci0: command tx timeout [ 61.904118][ T5846] Bluetooth: hci1: command tx timeout [ 61.909979][ T53] Bluetooth: hci2: command tx timeout [ 61.921497][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.948187][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.968622][ T53] Bluetooth: hci3: command tx timeout [ 61.996864][ T5847] hsr_slave_0: entered promiscuous mode [ 62.003333][ T5847] hsr_slave_1: entered promiscuous mode [ 62.011855][ T5847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.020096][ T5847] Cannot create hsr debugfs directory [ 62.034431][ T5838] hsr_slave_0: entered promiscuous mode [ 62.041102][ T5838] hsr_slave_1: entered promiscuous mode [ 62.047096][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.055114][ T5838] Cannot create hsr debugfs directory [ 62.103602][ T5844] hsr_slave_0: entered promiscuous mode [ 62.112995][ T5844] hsr_slave_1: entered promiscuous mode [ 62.119317][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.126875][ T5844] Cannot create hsr debugfs directory [ 62.190914][ T5839] hsr_slave_0: entered promiscuous mode [ 62.197402][ T5839] hsr_slave_1: entered promiscuous mode [ 62.203659][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.212576][ T5839] Cannot create hsr debugfs directory [ 62.501787][ T5834] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 62.515740][ T5834] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 62.526174][ T5834] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 62.546939][ T5834] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 62.580488][ T5847] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 62.599534][ T5847] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 62.610694][ T5847] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 62.621533][ T5847] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 62.683445][ T5838] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 62.695980][ T5838] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 62.710008][ T5838] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 62.733823][ T5838] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 62.776423][ T5839] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 62.805019][ T5839] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 62.830870][ T5839] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 62.855914][ T5844] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 62.870763][ T5839] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 62.889996][ T5844] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 62.904727][ T5844] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 62.921366][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.928239][ T5844] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 62.981095][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.021976][ T2906] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.029265][ T2906] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.048931][ T2906] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.056046][ T2906] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.087161][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.159773][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.181645][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.213580][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.220732][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.254702][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.267953][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.275177][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.305109][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.321228][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.355636][ T2906] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.362841][ T2906] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.381985][ T2906] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.389191][ T2906] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.406651][ T2906] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.413827][ T2906] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.432761][ T2906] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.439918][ T2906] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.453012][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.504131][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.514930][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.559557][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.566668][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.599934][ T2906] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.607601][ T2906] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.623661][ T5838] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 63.733069][ T5834] veth0_vlan: entered promiscuous mode [ 63.830528][ T5834] veth1_vlan: entered promiscuous mode [ 63.953004][ T5834] veth0_macvtap: entered promiscuous mode [ 63.973403][ T5834] veth1_macvtap: entered promiscuous mode [ 63.977605][ T53] Bluetooth: hci4: command tx timeout [ 63.979783][ T5836] Bluetooth: hci1: command tx timeout [ 63.985620][ T53] Bluetooth: hci0: command tx timeout [ 63.990745][ T5846] Bluetooth: hci2: command tx timeout [ 64.022306][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.034351][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.048851][ T53] Bluetooth: hci3: command tx timeout [ 64.097283][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.136704][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.167841][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.187413][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.213831][ T5834] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.223778][ T5834] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.233102][ T5834] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.242085][ T5834] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.258201][ T5839] veth0_vlan: entered promiscuous mode [ 64.274604][ T5847] veth0_vlan: entered promiscuous mode [ 64.288313][ T5838] veth0_vlan: entered promiscuous mode [ 64.305798][ T5839] veth1_vlan: entered promiscuous mode [ 64.321549][ T5847] veth1_vlan: entered promiscuous mode [ 64.332256][ T5838] veth1_vlan: entered promiscuous mode [ 64.414875][ T5838] veth0_macvtap: entered promiscuous mode [ 64.441190][ T5839] veth0_macvtap: entered promiscuous mode [ 64.470195][ T5838] veth1_macvtap: entered promiscuous mode [ 64.483903][ T5839] veth1_macvtap: entered promiscuous mode [ 64.509421][ T5847] veth0_macvtap: entered promiscuous mode [ 64.541446][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.554119][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.565823][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.587875][ T5847] veth1_macvtap: entered promiscuous mode [ 64.600907][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.612370][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.623273][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.634824][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.646362][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.657950][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.669217][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.677172][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.684581][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.698263][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.714966][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.725729][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.736057][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.746587][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.757565][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.781661][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.793191][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.803465][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.814138][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.824038][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.834757][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.845586][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.857755][ T5838] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.870949][ T5838] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.880049][ T5838] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.888871][ T5838] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.905401][ T5839] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.914782][ T5839] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.923666][ T5839] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.933464][ T5839] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.950214][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.960887][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.971027][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.981813][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.993125][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.004045][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.014966][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.065257][ T5847] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.075135][ T5847] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.084434][ T5847] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.093365][ T5847] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.111604][ T3553] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.119612][ T3553] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.184872][ T5844] veth0_vlan: entered promiscuous mode [ 65.205373][ T5844] veth1_vlan: entered promiscuous mode [ 65.235778][ T5834] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 65.253670][ T2906] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.281237][ T2906] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.320417][ T2906] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.328300][ T2906] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.330368][ T5844] veth0_macvtap: entered promiscuous mode [ 65.345730][ T5844] veth1_macvtap: entered promiscuous mode [ 65.367574][ T3553] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.377694][ T3553] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.388030][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.404410][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.434525][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.446348][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.456493][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.472530][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.484022][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.510726][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.535732][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.555895][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.575888][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.595068][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.605902][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.621605][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.634298][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.648044][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.666280][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.677372][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.853401][ T5844] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.862659][ T5844] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.871609][ T5844] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.883363][ T5844] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.930426][ T2906] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.952252][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 65.968111][ T2906] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.050450][ T53] Bluetooth: hci2: command tx timeout [ 66.050859][ T5846] Bluetooth: hci1: command tx timeout [ 66.057189][ T53] Bluetooth: hci4: command tx timeout [ 66.062725][ T5846] Bluetooth: hci0: command tx timeout [ 66.132354][ T5846] Bluetooth: hci3: command tx timeout [ 66.355069][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.368872][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.503352][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.535306][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.560819][ T29] audit: type=1800 audit(1732437227.096:2): pid=5929 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.8" name="file1" dev="overlay" ino=45 res=0 errno=0 [ 66.826483][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.882425][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.591697][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 67.638789][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 67.679850][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.687774][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.898423][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 67.907537][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 68.173278][ T5854] Bluetooth: hci4: command tx timeout [ 68.173313][ T53] Bluetooth: hci1: command tx timeout [ 68.189218][ T53] Bluetooth: hci2: command tx timeout [ 68.199991][ T5846] Bluetooth: hci0: command tx timeout [ 68.210347][ T53] Bluetooth: hci3: command tx timeout [ 68.512329][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 68.615090][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 68.784207][ T5947] netlink: 36 bytes leftover after parsing attributes in process `syz.1.10'. [ 68.798412][ T5947] netlink: 16 bytes leftover after parsing attributes in process `syz.1.10'. [ 68.875816][ T5947] netlink: 36 bytes leftover after parsing attributes in process `syz.1.10'. [ 69.669897][ T5947] netlink: 36 bytes leftover after parsing attributes in process `syz.1.10'. [ 69.722871][ T5955] netlink: 'syz.0.11': attribute type 2 has an invalid length. [ 69.731943][ T5955] netlink: 244 bytes leftover after parsing attributes in process `syz.0.11'. [ 69.861414][ T5960] dvmrp1: entered allmulticast mode [ 70.048943][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 70.058959][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 70.129498][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 71.104376][ T5929] evm: overlay not supported [ 71.197603][ T5972] syz.2.17 uses obsolete (PF_INET,SOCK_PACKET) [ 71.297392][ T5973] Bluetooth: MGMT ver 1.23 [ 71.887452][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.898926][ T5892] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 72.059991][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.155925][ T5978] syz.1.18 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 72.212302][ T5892] usb 1-1: Using ep0 maxpacket: 8 [ 72.280550][ T5892] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 72.310639][ T5892] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 72.368013][ T5892] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 72.389580][ T5892] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 72.427580][ T5892] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 72.467008][ T5892] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 72.507441][ T5892] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 72.785467][ T5892] usb 1-1: usb_control_msg returned -32 [ 72.799921][ T5892] usbtmc 1-1:16.0: can't read capabilities [ 73.077489][ T5991] Zero length message leads to an empty skb [ 73.244475][ T5991] afs: Unknown parameter 'uid<00000000000000000000' [ 73.360373][ T5993] usbtmc 1-1:16.0: send_request_dev_dep_msg_in returned -90 [ 75.632834][ T5920] usb 1-1: USB disconnect, device number 2 [ 76.899992][ T6020] warning: `syz.3.28' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 80.117515][ T5959] sched: DL replenish lagged too much [ 80.472487][ T6030] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 80.791954][ T6030] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 81.000344][ T6041] kvm: pic: non byte read [ 81.007808][ T6041] kvm: pic: non byte read [ 81.819531][ T6041] kvm: pic: single mode not supported [ 81.820064][ T6041] kvm: pic: non byte read [ 82.310285][ T6049] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 82.355046][ T970] cfg80211: failed to load regulatory.db [ 82.582058][ T6054] netlink: 16 bytes leftover after parsing attributes in process `syz.3.40'. [ 85.268465][ T5920] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 85.380668][ T5854] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 85.390219][ T5854] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 85.403136][ T5854] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 85.412072][ T5854] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 85.423406][ T5920] usb 1-1: config 0 has an invalid interface number: 98 but max is 0 [ 85.431973][ T5854] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 85.439517][ T5854] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 85.448431][ T5920] usb 1-1: config 0 has no interface number 0 [ 85.454659][ T5920] usb 1-1: config 0 interface 98 has no altsetting 0 [ 85.467822][ T5920] usb 1-1: New USB device found, idVendor=1110, idProduct=9024, bcdDevice=db.24 [ 85.477151][ T5920] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 85.486131][ T5920] usb 1-1: Product: syz [ 85.490810][ T5920] usb 1-1: Manufacturer: syz [ 85.495439][ T5920] usb 1-1: SerialNumber: syz [ 85.503485][ T5920] usb 1-1: config 0 descriptor?? [ 85.866510][ T5920] usb 1-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9024) Rev (0XDB24): Eagle II [ 86.005772][ T6096] chnl_net:caif_netlink_parms(): no params data found [ 86.312464][ T6096] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.324788][ T6096] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.346183][ T6096] bridge_slave_0: entered allmulticast mode [ 86.355450][ T6096] bridge_slave_0: entered promiscuous mode [ 86.377637][ T6096] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.393582][ T6096] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.403193][ T6096] bridge_slave_1: entered allmulticast mode [ 86.416107][ T6096] bridge_slave_1: entered promiscuous mode [ 86.582944][ T5920] usb 1-1: reset high-speed USB device number 3 using dummy_hcd [ 86.713811][ T6096] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.745099][ T6096] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.845475][ T62] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.971495][ T5920] usb 1-1: failed to restore interface 98 altsetting 4 (error=-71) [ 87.002622][ T5920] usb 1-1: [ueagle-atm] pre-firmware device, uploading firmware [ 87.032960][ T6096] team0: Port device team_slave_0 added [ 87.050289][ T6096] team0: Port device team_slave_1 added [ 87.191596][ T62] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.207175][ T5920] usb 1-1: [ueagle-atm] loading firmware ueagle-atm/eagleII.fw [ 87.222559][ T5892] usb 1-1: Direct firmware load for ueagle-atm/eagleII.fw failed with error -2 [ 87.233504][ T5892] usb 1-1: Falling back to sysfs fallback for: ueagle-atm/eagleII.fw [ 87.243911][ T5920] usb 1-1: USB disconnect, device number 3 [ 87.469049][ T6128] afs: Unknown parameter 'uid<00000000000000000000' [ 87.526518][ T5892] ================================================================== [ 87.534628][ T5892] BUG: KASAN: slab-use-after-free in kernfs_get+0x20/0x90 [ 87.541774][ T5892] Read of size 4 at addr ffff8880123de5a0 by task kworker/0:4/5892 [ 87.549673][ T5892] [ 87.552018][ T5892] CPU: 0 UID: 0 PID: 5892 Comm: kworker/0:4 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 87.562444][ T5892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 87.572522][ T5892] Workqueue: events request_firmware_work_func [ 87.578707][ T5892] Call Trace: [ 87.581991][ T5892] [ 87.584931][ T5892] dump_stack_lvl+0x241/0x360 [ 87.589626][ T5892] ? __pfx_dump_stack_lvl+0x10/0x10 [ 87.594834][ T5892] ? __pfx__printk+0x10/0x10 [ 87.599437][ T5892] ? _printk+0xd5/0x120 [ 87.603606][ T5892] ? __virt_addr_valid+0x183/0x530 [ 87.608738][ T5892] ? __virt_addr_valid+0x183/0x530 [ 87.613854][ T5892] print_report+0x169/0x550 [ 87.618358][ T5892] ? __virt_addr_valid+0x183/0x530 [ 87.623473][ T5892] ? __virt_addr_valid+0x183/0x530 [ 87.628587][ T5892] ? __virt_addr_valid+0x45f/0x530 [ 87.633701][ T5892] ? __phys_addr+0xba/0x170 [ 87.638211][ T5892] ? kernfs_get+0x20/0x90 [ 87.642544][ T5892] kasan_report+0x143/0x180 [ 87.647054][ T5892] ? kernfs_get+0x20/0x90 [ 87.651389][ T5892] kasan_check_range+0x282/0x290 [ 87.656332][ T5892] kernfs_get+0x20/0x90 [ 87.660494][ T5892] kobject_add_internal+0x4ba/0x8d0 [ 87.665707][ T5892] kobject_add+0x152/0x220 [ 87.670143][ T5892] ? __pfx_kobject_add+0x10/0x10 [ 87.675090][ T5892] ? device_add+0x3e7/0xbf0 [ 87.679603][ T5892] ? __pfx_kobject_add+0x10/0x10 [ 87.684578][ T5892] ? kobject_init+0x83/0x1f0 [ 87.689186][ T5892] ? get_device_parent+0x3dd/0x410 [ 87.694321][ T5892] device_add+0x4e5/0xbf0 [ 87.698670][ T5892] firmware_fallback_sysfs+0x307/0x9e0 [ 87.704157][ T5892] ? _request_firmware+0xd5a/0x13b0 [ 87.709387][ T5892] ? kmem_cache_free+0x1a2/0x420 [ 87.714440][ T5892] _request_firmware+0xdf7/0x13b0 [ 87.719491][ T5892] ? __pfx__request_firmware+0x10/0x10 [ 87.724981][ T5892] request_firmware_work_func+0x12a/0x280 [ 87.730730][ T5892] ? __pfx_request_firmware_work_func+0x10/0x10 [ 87.737006][ T5892] ? process_scheduled_works+0x976/0x1850 [ 87.742842][ T5892] process_scheduled_works+0xa63/0x1850 [ 87.748423][ T5892] ? __pfx_process_scheduled_works+0x10/0x10 [ 87.754432][ T5892] ? assign_work+0x364/0x3d0 [ 87.759049][ T5892] worker_thread+0x870/0xd30 [ 87.763652][ T5892] ? __kthread_parkme+0x169/0x1d0 [ 87.768696][ T5892] ? __pfx_worker_thread+0x10/0x10 [ 87.773825][ T5892] kthread+0x2f0/0x390 [ 87.777915][ T5892] ? __pfx_worker_thread+0x10/0x10 [ 87.783042][ T5892] ? __pfx_kthread+0x10/0x10 [ 87.787651][ T5892] ret_from_fork+0x4b/0x80 [ 87.792079][ T5892] ? __pfx_kthread+0x10/0x10 [ 87.796678][ T5892] ret_from_fork_asm+0x1a/0x30 [ 87.801462][ T5892] [ 87.804486][ T5892] [ 87.806809][ T5892] Allocated by task 5892: [ 87.811224][ T5892] kasan_save_track+0x3f/0x80 [ 87.815923][ T5892] __kasan_slab_alloc+0x66/0x80 [ 87.820792][ T5892] kmem_cache_alloc_noprof+0x135/0x2a0 [ 87.826270][ T5892] __kernfs_new_node+0xd8/0x870 [ 87.831151][ T5892] kernfs_new_node+0x137/0x240 [ 87.835927][ T5892] kernfs_create_dir_ns+0x43/0x120 [ 87.841049][ T5892] sysfs_create_dir_ns+0x189/0x3a0 [ 87.846171][ T5892] kobject_add_internal+0x435/0x8d0 [ 87.851407][ T5892] kobject_add+0x152/0x220 [ 87.855848][ T5892] device_add+0x4e5/0xbf0 [ 87.860210][ T5892] firmware_fallback_sysfs+0x307/0x9e0 [ 87.865686][ T5892] _request_firmware+0xdf7/0x13b0 [ 87.870744][ T5892] request_firmware_work_func+0x12a/0x280 [ 87.876488][ T5892] process_scheduled_works+0xa63/0x1850 [ 87.882063][ T5892] worker_thread+0x870/0xd30 [ 87.886672][ T5892] kthread+0x2f0/0x390 [ 87.890768][ T5892] ret_from_fork+0x4b/0x80 [ 87.895198][ T5892] ret_from_fork_asm+0x1a/0x30 [ 87.899968][ T5892] [ 87.902281][ T5892] Freed by task 16: [ 87.906112][ T5892] kasan_save_track+0x3f/0x80 [ 87.910815][ T5892] kasan_save_free_info+0x40/0x50 [ 87.915851][ T5892] __kasan_slab_free+0x59/0x70 [ 87.920625][ T5892] kmem_cache_free+0x1a2/0x420 [ 87.925404][ T5892] rcu_core+0xaaa/0x17a0 [ 87.929662][ T5892] handle_softirqs+0x2c5/0x980 [ 87.934453][ T5892] run_ksoftirqd+0xca/0x130 [ 87.938978][ T5892] smpboot_thread_fn+0x544/0xa30 [ 87.943950][ T5892] kthread+0x2f0/0x390 [ 87.948039][ T5892] ret_from_fork+0x4b/0x80 [ 87.952467][ T5892] ret_from_fork_asm+0x1a/0x30 [ 87.957242][ T5892] [ 87.959564][ T5892] Last potentially related work creation: [ 87.965282][ T5892] kasan_save_stack+0x3f/0x60 [ 87.969982][ T5892] __kasan_record_aux_stack+0xac/0xc0 [ 87.975388][ T5892] call_rcu+0x167/0xa70 [ 87.979559][ T5892] kernfs_put+0x1dc/0x370 [ 87.983898][ T5892] __kernfs_remove+0x768/0x870 [ 87.988674][ T5892] kernfs_remove+0x7a/0xa0 [ 87.993104][ T5892] __kobject_del+0xe2/0x310 [ 87.997633][ T5892] kobject_del+0x45/0x60 [ 88.001991][ T5892] device_del+0x7ff/0x9b0 [ 88.006336][ T5892] usb_disconnect+0x60b/0x950 [ 88.011028][ T5892] hub_event+0x1ebc/0x5150 [ 88.015477][ T5892] process_scheduled_works+0xa63/0x1850 [ 88.021046][ T5892] worker_thread+0x870/0xd30 [ 88.025638][ T5892] kthread+0x2f0/0x390 [ 88.029705][ T5892] ret_from_fork+0x4b/0x80 [ 88.034222][ T5892] ret_from_fork_asm+0x1a/0x30 [ 88.038982][ T5892] [ 88.041297][ T5892] The buggy address belongs to the object at ffff8880123de5a0 [ 88.041297][ T5892] which belongs to the cache kernfs_node_cache of size 176 [ 88.055863][ T5892] The buggy address is located 0 bytes inside of [ 88.055863][ T5892] freed 176-byte region [ffff8880123de5a0, ffff8880123de650) [ 88.069486][ T5892] [ 88.071812][ T5892] The buggy address belongs to the physical page: [ 88.078223][ T5892] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123de [ 88.086979][ T5892] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 88.094097][ T5892] page_type: f5(slab) [ 88.098070][ T5892] raw: 00fff00000000000 ffff88801c6c8140 dead000000000122 0000000000000000 [ 88.106646][ T5892] raw: 0000000000000000 0000000080110011 00000001f5000000 0000000000000000 [ 88.115214][ T5892] page dumped because: kasan: bad access detected [ 88.121624][ T5892] page_owner tracks the page as allocated [ 88.127358][ T5892] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5920, tgid 5920 (kworker/0:5), ts 87218511063, free_ts 86670893109 [ 88.146631][ T5892] post_alloc_hook+0x1f3/0x230 [ 88.151391][ T5892] get_page_from_freelist+0x363e/0x3790 [ 88.156929][ T5892] __alloc_pages_noprof+0x292/0x710 [ 88.162117][ T5892] alloc_pages_mpol_noprof+0x3e8/0x680 [ 88.167585][ T5892] alloc_slab_page+0x6a/0x140 [ 88.172280][ T5892] allocate_slab+0x5a/0x2f0 [ 88.176802][ T5892] ___slab_alloc+0xcd1/0x14b0 [ 88.181479][ T5892] __slab_alloc+0x58/0xa0 [ 88.185892][ T5892] kmem_cache_alloc_noprof+0x1c1/0x2a0 [ 88.191357][ T5892] __kernfs_new_node+0xd8/0x870 [ 88.196229][ T5892] kernfs_new_node+0x137/0x240 [ 88.200990][ T5892] __kernfs_create_file+0x49/0x2e0 [ 88.206113][ T5892] sysfs_add_file_mode_ns+0x24a/0x310 [ 88.211507][ T5892] sysfs_merge_group+0x1fd/0x450 [ 88.216462][ T5892] dpm_sysfs_add+0xd3/0x280 [ 88.220974][ T5892] device_add+0x5bc/0xbf0 [ 88.225305][ T5892] page last free pid 6117 tgid 6116 stack trace: [ 88.231618][ T5892] free_unref_folios+0xf21/0x1a10 [ 88.236656][ T5892] folios_put_refs+0x76c/0x860 [ 88.241426][ T5892] free_pages_and_swap_cache+0x5c8/0x690 [ 88.247062][ T5892] tlb_flush_mmu+0x3a3/0x680 [ 88.251655][ T5892] tlb_finish_mmu+0xd4/0x200 [ 88.256250][ T5892] exit_mmap+0x496/0xc40 [ 88.260483][ T5892] __mmput+0x115/0x380 [ 88.264547][ T5892] exit_mm+0x220/0x310 [ 88.268608][ T5892] do_exit+0x9b2/0x28e0 [ 88.272755][ T5892] do_group_exit+0x207/0x2c0 [ 88.277339][ T5892] get_signal+0x16b2/0x1750 [ 88.281837][ T5892] arch_do_signal_or_restart+0x96/0x860 [ 88.287383][ T5892] syscall_exit_to_user_mode+0xce/0x340 [ 88.293008][ T5892] do_syscall_64+0x100/0x230 [ 88.297591][ T5892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.303485][ T5892] [ 88.305798][ T5892] Memory state around the buggy address: [ 88.311415][ T5892] ffff8880123de480: fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00 [ 88.319481][ T5892] ffff8880123de500: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 88.327553][ T5892] >ffff8880123de580: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb [ 88.335604][ T5892] ^ [ 88.340704][ T5892] ffff8880123de600: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 88.348777][ T5892] ffff8880123de680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 88.356852][ T5892] ================================================================== [ 88.396069][ T5836] Bluetooth: hci5: command tx timeout [ 88.413791][ T5892] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 88.421030][ T5892] CPU: 0 UID: 0 PID: 5892 Comm: kworker/0:4 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 88.431456][ T5892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 88.441543][ T5892] Workqueue: events request_firmware_work_func [ 88.447729][ T5892] Call Trace: [ 88.451013][ T5892] [ 88.453949][ T5892] dump_stack_lvl+0x241/0x360 [ 88.458641][ T5892] ? __pfx_dump_stack_lvl+0x10/0x10 [ 88.463849][ T5892] ? __pfx__printk+0x10/0x10 [ 88.468469][ T5892] ? preempt_schedule+0xe1/0xf0 [ 88.473358][ T5892] ? vscnprintf+0x5d/0x90 [ 88.477703][ T5892] panic+0x349/0x880 [ 88.481622][ T5892] ? check_panic_on_warn+0x21/0xb0 [ 88.486757][ T5892] ? __pfx_panic+0x10/0x10 [ 88.491197][ T5892] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 88.497194][ T5892] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 88.503541][ T5892] ? print_report+0x502/0x550 [ 88.508246][ T5892] check_panic_on_warn+0x86/0xb0 [ 88.513237][ T5892] ? kernfs_get+0x20/0x90 [ 88.517594][ T5892] end_report+0x77/0x160 [ 88.521957][ T5892] kasan_report+0x154/0x180 [ 88.526565][ T5892] ? kernfs_get+0x20/0x90 [ 88.530918][ T5892] kasan_check_range+0x282/0x290 [ 88.535880][ T5892] kernfs_get+0x20/0x90 [ 88.540057][ T5892] kobject_add_internal+0x4ba/0x8d0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 88.545302][ T5892] kobject_add+0x152/0x220 [ 88.549732][ T5892] ? __pfx_kobject_add+0x10/0x10 [ 88.554684][ T5892] ? device_add+0x3e7/0xbf0 [ 88.559204][ T5892] ? __pfx_kobject_add+0x10/0x10 [ 88.564164][ T5892] ? kobject_init+0x83/0x1f0 [ 88.568771][ T5892] ? get_device_parent+0x3dd/0x410 [ 88.573905][ T5892] device_add+0x4e5/0xbf0 [ 88.578259][ T5892] firmware_fallback_sysfs+0x307/0x9e0 [ 88.583741][ T5892] ? _request_firmware+0xd5a/0x13b0 [ 88.588964][ T5892] ? kmem_cache_free+0x1a2/0x420 [ 88.593930][ T5892] _request_firmware+0xdf7/0x13b0 [ 88.598987][ T5892] ? __pfx__request_firmware+0x10/0x10 [ 88.604490][ T5892] request_firmware_work_func+0x12a/0x280 [ 88.610245][ T5892] ? __pfx_request_firmware_work_func+0x10/0x10 [ 88.616508][ T5892] ? process_scheduled_works+0x976/0x1850 [ 88.622253][ T5892] process_scheduled_works+0xa63/0x1850 [ 88.627836][ T5892] ? __pfx_process_scheduled_works+0x10/0x10 [ 88.633837][ T5892] ? assign_work+0x364/0x3d0 [ 88.638434][ T5892] worker_thread+0x870/0xd30 [ 88.643030][ T5892] ? __kthread_parkme+0x169/0x1d0 [ 88.648047][ T5892] ? __pfx_worker_thread+0x10/0x10 [ 88.653149][ T5892] kthread+0x2f0/0x390 [ 88.657208][ T5892] ? __pfx_worker_thread+0x10/0x10 [ 88.662315][ T5892] ? __pfx_kthread+0x10/0x10 [ 88.666893][ T5892] ret_from_fork+0x4b/0x80 [ 88.671298][ T5892] ? __pfx_kthread+0x10/0x10 [ 88.675879][ T5892] ret_from_fork_asm+0x1a/0x30 [ 88.680647][ T5892] [ 88.683903][ T5892] Kernel Offset: disabled [ 88.688224][ T5892] Rebooting in 86400 seconds..