last executing test programs: 9.550384035s ago: executing program 4 (id=16): r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080)=0x80000003) ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000140)=0x3) 9.529460599s ago: executing program 0 (id=17): ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000040)=0x1) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000200)=0x1b) 9.378037965s ago: executing program 0 (id=18): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x114, 0x0, 0x0, 0x4) timer_create(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(0xffffffffffffffff, 0x1, 0x0) fchdir(r2) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 9.278223369s ago: executing program 4 (id=19): syz_open_dev$vim2m(0x0, 0x2000000f5, 0x2) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0xc048aeca, &(0x7f0000000080)) 8.736308735s ago: executing program 4 (id=20): userfaultfd(0x801) r0 = socket$l2tp6(0xa, 0x2, 0x73) syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60f91e2e00107300fc040000000000000000000000000000ff02000000000000000000000000000100000000ff"], 0x0) recvfrom(r0, 0x0, 0x0, 0x60, 0x0, 0x0) 8.617722361s ago: executing program 4 (id=21): prlimit64(0x0, 0xe, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, 0x0, 0x0) r2 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x1, 0x288}, &(0x7f0000000140)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r5 = socket(0x200000000000011, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'sit0\x00', 0x0}) bind$packet(r5, &(0x7f0000000080)={0x11, 0xd, r6, 0x1, 0x0, 0x6, @remote}, 0x14) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, 0x0, 0x0) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r5, 0x0, 0x0}) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) 7.346558072s ago: executing program 0 (id=26): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x27c}) read(r0, &(0x7f0000000180)=""/170, 0xaa) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) 5.660871219s ago: executing program 4 (id=31): userfaultfd(0x801) r0 = socket$l2tp6(0xa, 0x2, 0x73) syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60f91e2e00107300fc040000000000000000000000000000ff02000000000000000000000000000100000000ff"], 0x0) recvfrom(r0, 0x0, 0x0, 0x60, 0x0, 0x0) 5.55037277s ago: executing program 3 (id=32): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket(0x15, 0x5, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) 5.516862297s ago: executing program 4 (id=33): ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000000)={0x35, 0x80, {0xffffffffffffffff}, {0xee00}, 0x516a00ae, 0x1}) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x295c3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='ext4_da_write_pages_extent\x00', r3}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) r4 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r4, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x2404c854) r5 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000280)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64e9f4080003000601000004000200d700", 0x5a}, {&(0x7f0000000680)="ffaf", 0x2}], 0x2, 0x0, 0x0, 0x1f00c00e}, 0x4080) 5.42052454s ago: executing program 3 (id=34): r0 = landlock_create_ruleset(0x0, 0x0, 0x0) landlock_restrict_self(r0, 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000100)={0x2, r3}) sendmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="b5", 0x1}], 0x1}, 0x240408c1) 5.22506379s ago: executing program 3 (id=36): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b0009058b", @ANYRES8], 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) 4.858421909s ago: executing program 1 (id=38): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_EDITDEST(r0, 0x0, 0x489, &(0x7f0000000380)={{0x84, @multicast1, 0x4e20, 0x3, 'ovf\x00', 0x0, 0x60000000, 0xc}, {@rand_addr=0x64010102, 0x4e23, 0x12002, 0x84000000, 0x8001, 0x1}}, 0x44) 4.758059682s ago: executing program 1 (id=39): ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000040)=0x1) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000200)=0x1b) 4.469565621s ago: executing program 1 (id=40): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r1 = landlock_create_ruleset(0x0, 0x0, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000000)={0x292e, r0}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x4, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB='\t\x00\x00', @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000100"/28], 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8f}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) unlink(&(0x7f0000000000)='./file0\x00') sendto$inet6(r5, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="4000000010001fff000000000000000000060000", @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a005124deacb12e68d5b042fd94802e899d13e0374769b03ac3273b6ab1188023b587e473253682146a9f24b52e89b42d3c836c1702078fbba099e45a9ddb039922f65e595e5fb3172b8fc94fe9185633ff84974096e32e8d6ce93ad1488698052714e15b7763bfe3d117e145752db35e4553df3a7d153ee8c27ebc9342e6eecf4d1b92e4ac8c64700aec62c72fd06f652ebc960a30868729b4b249183381de3f1879286998f3493e664e", @ANYRES32], 0x40}}, 0x0) r7 = getpid() r8 = syz_pidfd_open(r7, 0x0) process_madvise(r8, &(0x7f00000015c0)=[{0x0, 0xb3c9de750fa141ee}, {&(0x7f0000001600)="7fe370522d6af6625215f1793293827ec1fbafd2669ec71d6ec4f18aaa71edae948611d70900e80e4116a3c114041430f19bd4f37e3c7238ed6e6d46979c2220bde96ffe55c88d2e697fd133e5733e1bbb159ba81a1e8e2fb2e51596", 0x1}, {&(0x7f0000001300)="0454c96113b0da138a30557b0c026d7c7ba28c5cf82e468ed91537d279936ddcf06ef737e0943554457a28db61aea38a154bf19b456388daf4df61c9febcd9b8a2b14929c6f097f4ff11e686a8a37381b9321ae19dd77be474863e35633dec7003568e91eab8e870a93a73b6dea475547a826b25021aecd727c201c9cea0bfba0122b00573c286b821d43d0b4e38ec90b7d08565bf81862bdf5115e75886e742c51e058d0752982da309d53a7c0d320fdbd38bfaa998ff981d15928f783b2728ecc210898685dfc72398e665b7892024c0ab0dcfe9d3fc", 0xd7}, {&(0x7f0000001400)="3e519bc4eb7b0a55b33bdb22cc7ca76aba33506ebcf89e67b16583e68404bbca008b995a73322a4cc7a3c436e94da49121c4f225ccd342612b46beb2f569a7a0423c0cf79f2d94c015b7b47bc11d5fe599214dbe7f92c8a14b6d254a8daa074ece2708f10e912eb72cb22efc14a0d0cc7cea79311ead3200c7aca0e920d83c8d7b92db", 0x83}, {&(0x7f00000017c0)="5b297eb99162bf8668778501ce5385511d7d796a0aed27798b84852b8a9e85799af33e5de7cedbf88498be3b0b5df9f8ef11583a3bc3bdb6a1e5875f7494479905ca1f1feab109950b1be9946ac49c25c786113854b30003b573000a764104358c8b5899a86d2c25b7a2886023cee43b19c199a7c14017514656dcfeca386529d78597365934ca776ce9b8ee9d9e8b6d8c0789555790eaf1c1e6d2707c80f2a1558e720cc345a467af3f378dba06074d8ad43d61a8707a864bf5b7ba049c2b5836366fac540084a1986d713c58a932892237198aef95b616eefe20457d0b28ab35b7e8beefe6990b9bbd1cbb0cda68fd1e20c91a6ccd555cfe9c51d4f7bf082301fc61db5c7afcaa0992098895487418b1e78576e7d8f0989c9f4aff953c2f76c014b559ff40416df4b460e7da2e299bc58c8f83c070a9cfd8e662bdf8e5169baa393b1f2bd2b7bdc7886c3002e81501cc20abbcf665957e1c4a514dd15634a07b5618fbf03d23a93d2829deaeec967fb8f7b05ab4944553e8b96c5700e388e55dc9c60c6948f9382583622a37b7c81dfa5cea56b8e060aac882d0117585e0508c929591a7f0be8dfa96204f7daf90ce74e1891ba5c3ddc17d42cfafc8e12ef4109b5ec4e687389e1f325a6f4325c0eb034306588050973a24d7bf0d0044243cdfd672f4acbc115e81a83170b43a03c713e61c6ba573ea54d59b49b516800d934ae5c48d51551af9ee1f6143f9c4924b842d43208d52e4a34b4ccf167f347608d9c69e3af1a9f5507e35c198be14cff8170c82daa48cea49bbc2db68d8e8bf5752f13ebd80d510799c54d0dbee1792499c71e5db084babf44a431a4728a0f6702b4ad93d1fb5ebfef6a24b1fa057a8511df4c022e818b7af2ec354b47d34653172f75498298f8dc9eca6f478b5f9dc78f7b60401cf27fe9b1eade2d6bf7f50cee7197cd507c2766cc6b2163bd511aaa8d69dcaea44a7f37401faa0979182e51c59cd7b3189d2e8956405a2f27ead1d48b5aa421f04fdd87ef4fb3125a7a84e98719a79608d4bc70424ddc55dab8cb2b144682bca8497add2445319aef1a6db595685f3e0b049da99940d2803bc1ecd976887476cfecbdc66eea6da65e0251cc881f3da972011f37d11bd8828bfb2be9940f2508dcfa8c0e34e9e7a3ea3e7bf04afffca71c03d978507d87ee84241e5dd781c0caa8ad5320f16ed28c89af73a9445fe4c425605f6b58653cbb0909cb9a857b0c0c115104e879e41a2e05ccfcd6866d24ebf622a85ab638eab2ee2a7cf2bbd017a1509d25f65af4f63ed5dcc9586b133d52fd487e4c5238adee5bed4811def93d6723a9d4093b717ffe89209b126feee98bb276851319c2bd94f8327019d130a282fc6cf26d14ed15da2d607937a117bb6ab67fe36fe01562669dd70c649f45cf13240eef58f86f5ef3ae28cdc3e43d9f9d2ba4325a76965a2975e8174503bdfa199a38e0b58db63bcf1e5eb12de33c64b2ef33669fc9949151d8ba011200c884c5be7b84c1754d1ca896ce4ee9d6fb2e6fd4ae106418c800f2f78a7aed2eacb6b70e5aa926d21508e946850d52fc33ca95d00a5ce212e7731228c2d42bfc2881fda943aa8410156694be406a5936ef6ebb26a0a60cdbd5fd960f52bc8e574e9acf24c4d73416d3ef68417a2fe221cfcbffbeb194cfcb9802a5204f01532f8970ede7b7f7b2e093ed20686b545ac67c8d0f628269b373502379f3f3a5bcf1bbf1181d3de177ff5f1e05783e959739468a351bf539913774349129cb27f8a30167d86d2659954ace32de6e92e3fad637031f8f4b75bbb419d30c44c8d35b3db0ec43e7aaeb826a20afd3419439dce1db6112b6c8c236f5d7d563b9f0233c78875e5502cccb45ef8cb6fbcc6da3882ba86e8daa6afbc70f5192e76151e9633069a7d6b94f7b44b95a62f01d554000558deac1bbac044267a4a544ab336e83db60ba9a828dd0cbdc709dd1147a9f5c4b29d1f40eb87b7bafe8a7e29fea3a0e586bf84bb5a2aeeaf6c389e7d48b52f77e53f5b6d30e4d37a19ec2739c6fc80773e29a74ad01d2862e9e249c54a3f845a3045d964e371350282d5ee63a33f5d9d5d2889e60677ad3a78d7e3936f0da3c2a26a7f74ab598a7a0da120c2fe531416750f7dac241fb94962db31a6de323931bd0645510eb72bbddf8ac9ecba6a4b2e4039e36b96354a12d34186c2cefeb434a273c9eba6cbe055527c59815b1ae0b1d845e6d7fa935d7240bb202d42327d45433f214d4e62cbb5b51f354c2d8d232ddeacb829c99c3f4366e4541003f25dda0dff6c38afba9f1eb0383d8d824aa43be4f9784fa9c5181f8a373c3a35c5151b0402399dde92d9a607dc2768b258c9014dfff807f8389f0b8bc913eb0eec400f986dbdce9c616b7b2f7c671625f6881a4350b04117c251f4cba880908a9b2c44b4e886a8f09f3f57da1b04d6f28dfe47e34f1f6d9f8cb23658ec21d36a48d2cc9348dbf4f067446b995138d9bf37f218ab4f5ccbc21f9bf8b904253764fc753113350b69c6701b72c98d2d3697f46431c9cce4c1d089e535fbb1904fa2ff17b3f611300b91316c7f150ae0c6fd2acdcff3b4f49dcabd4ad54632d3dd6ab48e75197c97a52b93a6d5b68acebddfc2bdad5bc0c5f4b2e8b77799e2051e7a6c3a869e0fa5ade0245881e196a9a09d39a638e8d13ee6e667e04128ad6c56d01f18c1f2f624e4dbcd35769de072db3d688d9d91e952666992f0d2717799ee42ebda848735da9fb6b5a99425b940290aa42046a915d952c551ac00215e7d3c6b25fce0f9ef6b6a015be9cb3f1ff234c672d9e34f5d90af85fd5d0660b82d4b7fe851b1e4028f0bf55646b0c0d7161f760a2e598c1703361edf16b0a337cf808eefafd75807bc8caf9599b5e4e13eeb34e574b45bba80dc87eed30555135278751b4f9577a330c832058c680aea14338eff9d74dc7ff736823f6be457f89d50d3a1ec6f3a7228a0f75438587667f4d1307fcb04859728bbc5e4dc08b0e731acef19f37bb3a111d4abdea5960162cfbf89c69a7ac0827a3be22a362bc26759779f516d49acb2bde5b2c6bc32bd822ec771b0d0f106d8cd1e7739407632bd0db40ebaadd0ddb237a0c83448a5f1a6c4c67b6619b930405ea33bf5f80f7979ca431c677f2d46164e890c646f5c385eecff870f61e0da713f15301a7b73027b5927f9db8ddde589fa6f425fa365e38721e0a448ea9fb0dd0988439462d27ad4c3240cb719c6c649e5a0978a5a462c0a4ef4771609f3270848d44f018a655d6571c8876029289de163717cc646ae2159e94505736332e49610d054e43ce5542bbd7f7c61cc30bcb773e79ec6aa05368fd15d88c5b998bf963eebbf934df25d9c9f59cea6b1df3a9000ee2ce057a695de1dc8a1534abc489862e25d9113a14792b271bfa079908bf08d0c6c4eaa4b35a32d56a16c2161fda15087a3fc9c0364915f997c0026ea6d9e7ef9b21d0ef700007aed76cc680990a3a6ea8980ace288f6c53e33b5ecb7c8d5ed3fc79376daa5221a687cc29f67fe85fc34f0eca6970aa4b5bc1ea0d154d7fe551be3659118537557979086791ec737ef6401323114dc7d7664cb7fcc72d48a7cc03ded28888cbafecdc92cfec2dc9f9babf1438b7ba5a947ba1a73f703e293734a2f39cdc9844f99383a604378862d91e86ed9cca7664ea5682d5724473574a206279b95fdbc6a4a3489aabb5847c0ed92c6b4774e3d0510604c379c129f7b23ee80594831d39b88d33e425b0c9aba6c87ddffe6acb9e85693e4f0e8c260786094e7eaf91d8b5cc641715c1455108227104cd8330144d3f300f88edc5bd4264148dcdb55136b596290194804ab82965943dd8e26bfdf31ad6a066a471caaa17752c82e16ad4457b64e05cd30ac3a4310d069fdbf3941ff99b9b9ea0c4c1abb6aaefbad1f6419396c266def91d82ca41dcd5423dbc3d6612a65513e5756d1fed8b8994ad822bba044f1cae538fdb2332eb7b536fca10256fd1a34485944d82a28a71060a0c4da91a8cec97c54d17421a9a365abacd045de779313c83d2901819cd348113eb02f882f49b117f6d4243ffce69a896d0fd27f8f57eca27181a12d60851c21faa3588cfa8777562ac41ae84f73ef0bbea69645630f34686bf8eefd2be84e24ad0705a32d5c064723cd587149b47924cf4e4949dc42a33d8dd10d846ac5d7f6de6a9115307bc6b1269bf2121101db29ceb2af0ab33037ca283f3c828485233435bc9dfcf94ebe51278fb40c83d5e3dcd05e40f7c876ee7e5ebc9dc74f7d1e1449f4dc6f563b26db4b09ed6b430dab97b184f579d2e92693daff76aa9dcfeb631bdbc3514ea131b947e7fa78e86138452c611980df77a6b79d00d2a072f54b2c10a1c41dbe7addd4af58c9d55f1994b6f7aa688f4dc76e9bd02bd0ca3c8d08f6c300459c7508198de70460f1e59e067a261b2da5ecfbc97e89ca5fa1ff3ad3c312f9c9d04d5883ea654d213dd951c8a89d9f4da04614fa6f590d588d337facbdd443f62f7d9e6f78e0f1257fe69ac21bcb1456ab0c5ab32a8f5842fb77704f0e218cb9947e65ec5e96d591fb16317a4e441b6fa1767db363c3c6171601925a245ba14e37def27392d6c2f9a80a628509e0efa5f490dd3fa713870814a06bbfddfa5cbb06383ad303d46e3fc4d89b5552158dc8cf704ec903371f302eb320e801aa1cde570aeb322b3f5c95cfed7b5e1222fa0c71bb550b79d5f18971cab1904ef371b9cfcee444d764d744e270dcf30a6552a15dd67865ea21ca1334845ac7b31b11e3d5b6bab70073fcd0ed9891b1e4ba9a616f01c74671e4b80239a97fe8df9de1bb7196b7e0017b3cfe8d58b570cf641450c7eb82a0dd2f3e784ae4e9b1696c7731f56e10914f40ce2f0231982a588d19216dc29166aca1e272c2532eab01cbfb9c85f5bd72a9ffb4973ee111fabd1ef30b49eb6b085ddf3802f180335375f29da76a29edd3de27deaf6789f09d19caf1e6b146125adf8ac5bf259158863211e692d250962462746cf851c9198f8e2c43a69748db7760d4e2f3a98aaf9233bca7a3f94b36fff09e2a3241308f49b7b45a26918842b65a6a7bde1a5511af94cec0f706bf79a633088afe0c46ae8d61ac33688245bd63a293019e94608ff03cff41c1f798fd54b1f30e35564130f27838108bb6bfdd4e91ffe9a76dbc83f4ccbf7eebb01032808e58de30eb9be1c51440b6619be93d6e7d014ddc7183a4e1817128310e42c9575035f914d76378a0a914d5077ebdddab617a10996b8f398eee59d3b59775dc1e4db102d358615aa9d11cf9a08980be3bfc745f559779b5d40cb6e7c459a16f556eab0175dc4349dcf0143f3dee7f245d2ceb806ce2e636ae725cc0216450b68b3bd0b044a6bf5473524767929e2d03c1b4bab7676fc21928b11ae6d825fc35390d3566dd0adb04fdd74f2c491976fe99c3b6b64133d48ab3a45802920484fcd48c1c6424e97cda1a908373b487e3fe20baba119e9e78058c87bd6739a0bc18c03711d2c67630b5e106cac711324562008bd1243de9762a319c95166896a1f1098ded95b894e91b9516c6ccefa7061cab567fe150fb9c2c30b885fa85307f2d14d35446304d4d77af46d312860887a7b3781b492d98322b2cbbbbf7aabd3974de1e5e4afe31fd401e4989bb42b75ebc4d0306b43c7cd7493a46b2d86b374160bfb63972edae4ce984392007afafdb424d85ad234b59c5f4b248674634acfe10739dfb1a829d7a118f3b8b7e2ee4f5b6622d1d43", 0x1000}, {&(0x7f00000014c0)="6b553f4de4ed875c9fadc16852f54981bcd646a5262fc3900592194638585e3d2e79f074f796720749ddc1a2661dcb2471a47d963fb4d817dfdb5f52dc8ab642030c2c771646051d08609527b36368b80794b8cb63fe817c3379951a047c5026c2e99eae6dc05c6845529fb603666d78c0e1e5f7bca8f1d8584b7409ccaf0da598af64d7bdd2ae21ac4fb4e07dee96a92a8dddecee7ccbede2d0a7d4f2da90dc3eb4ae8895091f05db58a786519f6fc924a465cc46ae6a9b8705de0705b8bab4f10cddc7756c53eadf4aa6e2379fd85e9c5e7bfc", 0xd4}], 0x6, 0x9, 0x0) 3.25911537s ago: executing program 3 (id=45): lsm_get_self_attr(0x64, 0x0, 0x0, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000001180)=0x2000000) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r0, 0x0) syz_io_uring_setup(0x31d7, &(0x7f0000000600)={0x0, 0x8000000, 0x800, 0x1000000, 0xa2}, &(0x7f00000002c0), &(0x7f0000ffe000)) 2.91247031s ago: executing program 3 (id=47): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_AUTHENTICATE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x60, r2, 0x11, 0x70bd25, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @key_params=[@NL80211_ATTR_KEY_IDX={0x5}], @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x3}, @key_params=[@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "bac904fc3c65f1a259e8f0dea5"}]]}, 0x60}}, 0x0) 2.670584966s ago: executing program 3 (id=49): socket$can_bcm(0x1d, 0x2, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6(0xa, 0x3, 0xff) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000000)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="020500020e00000000000000072e9eca7bd039bd7a41d0d999000e000a004e24fffffffdfc010000000002000000988500000000003df3684f00000004d400810005000500000000000a004e22fffff800fc017f8100000000000000004000"/105], 0x70}, 0x1, 0x400000000000000}, 0x0) r4 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100, 0x3}, &(0x7f0000002000)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) syz_emit_ethernet(0x2a, &(0x7f0000000280)=ANY=[@ANYBLOB="9b4307000001aaaaaaaaaa000800bc41d14286078bff0001907800000000ffffffffe0009078fffd000062c272fabd74b471b3729d9d2a"], 0x0) io_uring_enter(r4, 0x48e9, 0x0, 0x2, 0x0, 0x0) connect$inet6(r2, &(0x7f0000000480)={0xa, 0xfffe, 0x3, @mcast1, 0x5}, 0x1c) syz_open_dev$vivid(&(0x7f0000000080), 0x3, 0x2) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) r7 = dup2(r2, r2) r8 = socket(0x2b, 0x1, 0x1) r9 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r9, 0x29, 0x20, &(0x7f0000000180)={@loopback, 0x8000000, 0x0, 0xff, 0x1}, 0x20) futex(&(0x7f00000000c0)=0x1, 0x5, 0x2, &(0x7f0000000100)={0x0, 0x3938700}, &(0x7f0000000140)=0x2, 0x1) r10 = socket(0x2b, 0x1, 0x1) bind$inet6(r10, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @mcast1, 0xb}, 0x1c) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x8000000, 0x0, 0xff, 0x0, 0x4}, 0x20) sendmmsg$unix(r7, &(0x7f0000008380), 0x400000000000174, 0x4008890) r11 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r12 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r12, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) close_range(r11, 0xffffffffffffffff, 0x0) 2.552295817s ago: executing program 1 (id=50): socket$inet_smc(0x2b, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000680)={'wlan0\x00', 0x0}) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=r1, @ANYBLOB="a4280400000000001400350076657468305f746f5f626f6e6400000008000a00", @ANYRES32=r3], 0x3c}, 0x1, 0x0, 0x0, 0x4008800}, 0x8000) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'veth1\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4c000000100003041b00"/20, @ANYRES32=0x0, @ANYBLOB="46060900000000001c00128009000100766c616e000000000c000280060001000400000008000500", @ANYRES32=r9, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r7], 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0) 2.451294041s ago: executing program 2 (id=51): sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x2c, 0x1, 0x4, 0x101, 0x0, 0x0, {0x7, 0x0, 0x6}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_NLBUFSIZ={0x8}, @NFULA_CFG_QTHRESH={0x8, 0x5, 0x1, 0x0, 0x80000001}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x4) 2.339644049s ago: executing program 0 (id=52): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) writev(0xffffffffffffffff, &(0x7f0000000840), 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff), 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) shutdown(0xffffffffffffffff, 0x2) r2 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0xa0) fallocate(r2, 0x0, 0x0, 0x1000f4) 2.172039962s ago: executing program 2 (id=53): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000001c00010429bd", @ANYRES32=r1, @ANYBLOB="02128c0a0a000200aa"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x24040040) 1.765456839s ago: executing program 1 (id=54): userfaultfd(0x801) bind$l2tp6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x20) syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60f91e2e00107300fc040000000000000000000000000000ff02000000000000000000000000000100000000ff"], 0x0) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x60, 0x0, 0x0) 1.698090898s ago: executing program 2 (id=55): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(camellia-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="f84c05853a0878f3b5e3f3f2dbf21eb5eb", 0x11) 1.61995066s ago: executing program 0 (id=56): r0 = socket$inet_sctp(0x2, 0x1, 0x84) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0) r1 = socket(0xb, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, r1) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x0, 0x0}) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000001c0), 0x13f, 0x1}}, 0x20) r4 = add_key$user(&(0x7f0000000040), &(0x7f0000000180)={'syz', 0x1}, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffb) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SCROLLCONSOLE(r5, 0x541c, &(0x7f0000000000)) pipe2$watch_queue(0x0, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r4, 0xffffffffffffffff, 0x100000000000f7) keyctl$revoke(0x3, r4) socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$IMADDTIMER(r6, 0x80044940, &(0x7f0000000280)=0x14) read(r6, &(0x7f00000019c0)=""/4097, 0x1001) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r5, 0x80089419, &(0x7f00000000c0)) r7 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x5) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, r7, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffdd5}, 0x94) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @private=0xa010102, 0x4e23, 0x3, 'sh\x00', 0x1, 0x7, 0x49}, 0x2c) setsockopt$IP_VS_SO_SET_EDITDEST(r0, 0x0, 0x489, &(0x7f0000000380)={{0x84, @multicast1, 0x4e23, 0x3, 'sed\x00', 0x10, 0x60000000, 0xc}, {@empty, 0x4e21, 0x12002, 0xf, 0xe1b2, 0x10001}}, 0x44) 1.55053605s ago: executing program 1 (id=57): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x400, 0x2, 0xb, 0xd6}, 0x3a, [0x8000, 0xc95a, 0x100f, 0x8, 0x8, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x7ff80, 0x3, 0x0, 0x5, 0x4, 0x0, 0x9, 0x3c5b, 0x7, 0x24, 0x6, 0x1, 0x5, 0xffffffff, 0xe661, 0x3, 0x400b, 0x3, 0x10008, 0x4874, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x4eb, 0x7, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x0, 0x5, 0xf2, 0x8, 0x400, 0x7d, 0x0, 0x5, 0x6, 0x8, 0x4, 0xfffffffe, 0x40], [0x10020007, 0x9, 0x10000, 0x6, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xfffffff7, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x802, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x9, 0x420, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x2, 0xb, 0x4, 0x9, 0x8, 0x9, 0xb, 0x2, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x4, 0x101, 0xbc45, 0x1, 0x42, 0x3], [0x7, 0x408, 0x4, 0x1, 0xfffffffe, 0x100, 0xbbb, 0x9, 0x0, 0x2, 0x0, 0x1, 0xb, 0x4, 0x0, 0x1, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0x7, 0x5, 0x2, 0x2, 0x4000003, 0x20000008, 0x10004, 0x6d01, 0xa, 0x3b, 0x800003, 0x200, 0x80, 0x5, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x5, 0xa9, 0x5, 0x9, 0xac8, 0xbf, 0xc, 0x3, 0x7ff, 0x12b, 0x1000004, 0x1, 0x0, 0x0, 0x5, 0x1c, 0x120200, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0x80b, 0x5, 0x938, 0x10000006, 0x6, 0x0, 0x7, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x3, 0x101, 0xf142, 0x4, 0x7fff, 0x5, 0x2000a620, 0x2, 0x5, 0x8001, 0x2, 0x5, 0xe7, 0x6, 0x16, 0xffffbfff, 0x80000003, 0x5, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0x7, 0x8, 0x7, 0x10000226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6e1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x1fd, 0xffff343e, 0xfff]}, 0x45c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, 0x0, 0x4008800) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt(0xffffffffffffffff, 0x84, 0x81, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x23, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, 0x0, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r5 = accept4(r4, 0x0, 0x0, 0x0) sendto$inet6(r5, &(0x7f0000000380)='O', 0x1, 0x800, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 809.186213ms ago: executing program 2 (id=58): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$BTRFS_IOC_QGROUP_ASSIGN(r0, 0x40189429, 0x0) pwritev(r0, &(0x7f0000001340)=[{&(0x7f0000000080)}, {&(0x7f00000000c0)="e0620e3623b6d927092754eb48e6652477290e3713cb6058ce5dd9104c4f54f52345e96e4de74d7a87af854a06248c624a89c1638aa44d1940818998fe79cb0094358aa8e74b2b716b08f1c14e04276906de01a24217e5be4116f9b2e270e96874478aaffe869780672d072a86a9427e00a53486778c21cfb4c178b252fd32eb24426d9d29970d29c507555530385b81bb08715bddc7e2e84df6c78efff8cde921955c5119a930faa3e01696c0cda76b7e8ccecfd3647d421f79cbd4f78aad94566ec2746de20f4c22912834aadc64bcfc240826541686f33f2a7154a09362de61166891a74f93b8d9677c6d4278a859d5f95f", 0xf3}, {0x0}], 0x3, 0x200, 0xd3b) ioctl$VIDIOC_S_STD(r0, 0x40085618, &(0x7f00000013c0)=0x10) 388.008712ms ago: executing program 2 (id=59): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_AUTHENTICATE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x60, r2, 0x11, 0x70bd25, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @key_params=[@NL80211_ATTR_KEY_IDX={0x5}], @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x3}, @key_params=[@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "bac904fc3c65f1a259e8f0dea5"}]]}, 0x60}}, 0x0) 26.789173ms ago: executing program 0 (id=60): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$kcm(0x10, 0x2, 0x0) connect$pppoe(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x0, {0x4, @random="45e3f364e554", 'sit0\x00'}}, 0x1e) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './mnt\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x35, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x6, 0x8, 0x0, 0x3}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000040)) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{}], 0x1}, 0x0) 0s ago: executing program 2 (id=61): r0 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x180862) r1 = syz_open_dev$loop(&(0x7f0000000100), 0xd5d1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, 0x0, 0x0) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x1, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108590000224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}}) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000880)='/sys/kernel/address_bits', 0x40000, 0x2d) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r3) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.109' (ED25519) to the list of known hosts. [ 71.824702][ T5849] cgroup: Unknown subsys name 'net' [ 71.968608][ T5849] cgroup: Unknown subsys name 'cpuset' [ 71.977450][ T5849] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 73.417783][ T5849] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 75.727566][ T5860] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.746256][ T5860] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.764085][ T5860] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.787456][ T5860] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.799846][ T5860] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.814388][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 75.823415][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 75.832211][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 75.840620][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 75.849015][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 75.974634][ T5860] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 75.986559][ T5860] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 75.995430][ T5860] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.010267][ T5860] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.020933][ T5860] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.070127][ T5860] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.078844][ T5860] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.087735][ T5860] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.097099][ T5860] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.107772][ T5860] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 76.109972][ T5864] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.123670][ T5860] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 76.131315][ T5860] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 76.145330][ T5860] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 76.167755][ T5860] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 76.677071][ T5866] chnl_net:caif_netlink_parms(): no params data found [ 76.738295][ T5867] chnl_net:caif_netlink_parms(): no params data found [ 76.926685][ T5872] chnl_net:caif_netlink_parms(): no params data found [ 76.940485][ T5874] chnl_net:caif_netlink_parms(): no params data found [ 77.069162][ T5875] chnl_net:caif_netlink_parms(): no params data found [ 77.102796][ T5866] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.110505][ T5866] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.118660][ T5866] bridge_slave_0: entered allmulticast mode [ 77.126367][ T5866] bridge_slave_0: entered promiscuous mode [ 77.169004][ T5866] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.176302][ T5866] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.183659][ T5866] bridge_slave_1: entered allmulticast mode [ 77.191492][ T5866] bridge_slave_1: entered promiscuous mode [ 77.228417][ T5867] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.235801][ T5867] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.243031][ T5867] bridge_slave_0: entered allmulticast mode [ 77.251096][ T5867] bridge_slave_0: entered promiscuous mode [ 77.310258][ T5867] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.317736][ T5867] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.325136][ T5867] bridge_slave_1: entered allmulticast mode [ 77.332416][ T5867] bridge_slave_1: entered promiscuous mode [ 77.370423][ T5874] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.377663][ T5874] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.385412][ T5874] bridge_slave_0: entered allmulticast mode [ 77.392950][ T5874] bridge_slave_0: entered promiscuous mode [ 77.420393][ T5866] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.437324][ T5872] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.445523][ T5872] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.452933][ T5872] bridge_slave_0: entered allmulticast mode [ 77.461265][ T5872] bridge_slave_0: entered promiscuous mode [ 77.468975][ T5874] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.476753][ T5874] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.484207][ T5874] bridge_slave_1: entered allmulticast mode [ 77.491249][ T5874] bridge_slave_1: entered promiscuous mode [ 77.513573][ T5866] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.539838][ T5872] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.547283][ T5872] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.555004][ T5872] bridge_slave_1: entered allmulticast mode [ 77.562062][ T5872] bridge_slave_1: entered promiscuous mode [ 77.585478][ T5867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.635621][ T5875] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.642983][ T5875] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.650627][ T5875] bridge_slave_0: entered allmulticast mode [ 77.660465][ T5875] bridge_slave_0: entered promiscuous mode [ 77.694717][ T5874] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.706040][ T5867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.719836][ T5866] team0: Port device team_slave_0 added [ 77.728256][ T5866] team0: Port device team_slave_1 added [ 77.750738][ T5875] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.759970][ T5875] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.767491][ T5875] bridge_slave_1: entered allmulticast mode [ 77.775753][ T5875] bridge_slave_1: entered promiscuous mode [ 77.796205][ T5874] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.862411][ T5872] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.900748][ T5867] team0: Port device team_slave_0 added [ 77.904944][ T51] Bluetooth: hci0: command tx timeout [ 77.914546][ T5866] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.921619][ T5866] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.948162][ T5866] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.975417][ T5872] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.984537][ T51] Bluetooth: hci1: command tx timeout [ 77.992305][ T5874] team0: Port device team_slave_0 added [ 78.000612][ T5867] team0: Port device team_slave_1 added [ 78.021955][ T5866] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.029454][ T5866] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.056026][ T5866] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.069934][ T5875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.074054][ T51] Bluetooth: hci2: command tx timeout [ 78.097249][ T5874] team0: Port device team_slave_1 added [ 78.136245][ T5875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.155635][ T51] Bluetooth: hci3: command tx timeout [ 78.191840][ T5872] team0: Port device team_slave_0 added [ 78.200783][ T5872] team0: Port device team_slave_1 added [ 78.208142][ T5867] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.215898][ T5867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.242716][ T5867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.246783][ T51] Bluetooth: hci4: command tx timeout [ 78.256189][ T5867] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.266426][ T5867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.292599][ T5867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.317899][ T5874] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.325427][ T5874] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.352663][ T5874] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.365771][ T5874] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.372762][ T5874] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.399553][ T5874] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.437596][ T5875] team0: Port device team_slave_0 added [ 78.447931][ T5875] team0: Port device team_slave_1 added [ 78.483428][ T5872] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.490866][ T5872] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.517006][ T5872] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.565645][ T5872] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.572795][ T5872] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.600281][ T5872] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.652717][ T5866] hsr_slave_0: entered promiscuous mode [ 78.659922][ T5866] hsr_slave_1: entered promiscuous mode [ 78.674439][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.681519][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.707633][ T5875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.731922][ T5874] hsr_slave_0: entered promiscuous mode [ 78.739215][ T5874] hsr_slave_1: entered promiscuous mode [ 78.745923][ T5874] debugfs: 'hsr0' already exists in 'hsr' [ 78.751764][ T5874] Cannot create hsr debugfs directory [ 78.779212][ T5867] hsr_slave_0: entered promiscuous mode [ 78.786119][ T5867] hsr_slave_1: entered promiscuous mode [ 78.792468][ T5867] debugfs: 'hsr0' already exists in 'hsr' [ 78.798354][ T5867] Cannot create hsr debugfs directory [ 78.808193][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.815392][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.841442][ T5875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.958985][ T5872] hsr_slave_0: entered promiscuous mode [ 78.965941][ T5872] hsr_slave_1: entered promiscuous mode [ 78.972207][ T5872] debugfs: 'hsr0' already exists in 'hsr' [ 78.978110][ T5872] Cannot create hsr debugfs directory [ 79.105873][ T5875] hsr_slave_0: entered promiscuous mode [ 79.112596][ T5875] hsr_slave_1: entered promiscuous mode [ 79.119257][ T5875] debugfs: 'hsr0' already exists in 'hsr' [ 79.126217][ T5875] Cannot create hsr debugfs directory [ 79.618007][ T5866] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 79.631257][ T5866] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 79.664810][ T5866] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 79.677595][ T5866] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 79.753691][ T5867] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 79.776733][ T5867] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 79.809952][ T5867] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 79.822506][ T5867] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 79.891207][ T5874] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 79.906648][ T5874] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 79.919232][ T5874] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 79.930806][ T5874] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 79.985004][ T51] Bluetooth: hci0: command tx timeout [ 80.064516][ T51] Bluetooth: hci1: command tx timeout [ 80.087947][ T5872] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 80.099148][ T5872] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 80.111295][ T5872] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 80.144106][ T51] Bluetooth: hci2: command tx timeout [ 80.165228][ T5872] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 80.198476][ T5866] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.234962][ T51] Bluetooth: hci3: command tx timeout [ 80.255601][ T5875] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 80.270940][ T5875] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 80.301974][ T5875] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 80.314191][ T51] Bluetooth: hci4: command tx timeout [ 80.319106][ T5875] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 80.348144][ T5866] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.388518][ T1141] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.395896][ T1141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.430169][ T5867] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.460293][ T5038] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.467452][ T5038] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.534803][ T5874] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.546236][ T5867] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.590456][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.597792][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.641989][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.649162][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.666468][ T5874] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.692709][ T1141] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.699891][ T1141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.748198][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.755435][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.781371][ T5872] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.879893][ T5875] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.897236][ T5872] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.930961][ T5866] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.941657][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.948841][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.993027][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.000189][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.028002][ T5867] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.047058][ T5875] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.078842][ T5038] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.086154][ T5038] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.098509][ T5038] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.105677][ T5038] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.176979][ T5874] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.320801][ T5867] veth0_vlan: entered promiscuous mode [ 81.334974][ T5866] veth0_vlan: entered promiscuous mode [ 81.366945][ T5867] veth1_vlan: entered promiscuous mode [ 81.389139][ T5866] veth1_vlan: entered promiscuous mode [ 81.425366][ T5875] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.442906][ T5872] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.470007][ T5874] veth0_vlan: entered promiscuous mode [ 81.500759][ T5874] veth1_vlan: entered promiscuous mode [ 81.546229][ T5867] veth0_macvtap: entered promiscuous mode [ 81.610876][ T5867] veth1_macvtap: entered promiscuous mode [ 81.632629][ T5866] veth0_macvtap: entered promiscuous mode [ 81.645586][ T5875] veth0_vlan: entered promiscuous mode [ 81.660962][ T5872] veth0_vlan: entered promiscuous mode [ 81.669409][ T5866] veth1_macvtap: entered promiscuous mode [ 81.678910][ T5875] veth1_vlan: entered promiscuous mode [ 81.718199][ T5872] veth1_vlan: entered promiscuous mode [ 81.732733][ T5874] veth0_macvtap: entered promiscuous mode [ 81.750737][ T5866] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.770057][ T5866] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.800509][ T5874] veth1_macvtap: entered promiscuous mode [ 81.818811][ T60] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.831379][ T60] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.866807][ T5867] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.879562][ T60] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.903692][ T5874] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.928957][ T5867] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.941594][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.962632][ T5874] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.002517][ T60] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.013172][ T5872] veth0_macvtap: entered promiscuous mode [ 82.031721][ T5875] veth0_macvtap: entered promiscuous mode [ 82.042239][ T60] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.057721][ T60] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.082312][ T51] Bluetooth: hci0: command tx timeout [ 82.096185][ T5872] veth1_macvtap: entered promiscuous mode [ 82.116330][ T5875] veth1_macvtap: entered promiscuous mode [ 82.143296][ T60] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.154201][ T51] Bluetooth: hci1: command tx timeout [ 82.166729][ T1141] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.210592][ T1141] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.222876][ T1141] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.238478][ T51] Bluetooth: hci2: command tx timeout [ 82.278972][ T1141] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.293160][ T5872] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.304139][ T51] Bluetooth: hci3: command tx timeout [ 82.314468][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.368742][ T5872] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.387605][ T51] Bluetooth: hci4: command tx timeout [ 82.390798][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.420726][ T1141] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.429809][ T1141] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.474124][ T60] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.510634][ T60] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.520143][ T60] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.533051][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.541823][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.555424][ T60] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.564653][ T60] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.604615][ T60] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.613573][ T60] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.650455][ T5038] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.673974][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.682218][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.739903][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.750730][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.775845][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.785952][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.855844][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.879732][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.909042][ T5866] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 82.944865][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.956714][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.049259][ T5038] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.076207][ T5038] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.237393][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.264565][ T30] audit: type=1326 audit(1755013566.771:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5950 comm="syz.1.2" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf702e539 code=0x0 [ 83.296853][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.449699][ T5038] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.479839][ T5038] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.135035][ T5966] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 84.144758][ T51] Bluetooth: hci0: command tx timeout [ 84.195713][ T5976] usb usb8: usbfs: interface 0 claimed by hub while 'syz.4.10' resets device [ 84.224707][ T51] Bluetooth: hci1: command tx timeout [ 84.285600][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 84.304969][ T51] Bluetooth: hci2: command tx timeout [ 84.533302][ T51] Bluetooth: hci3: command tx timeout [ 84.538868][ T51] Bluetooth: hci4: command tx timeout [ 84.574637][ T5966] usb 1-1: Using ep0 maxpacket: 16 [ 84.588567][ T5966] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 84.618978][ T5966] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 84.644450][ T5966] usb 1-1: config 0 interface 0 has no altsetting 0 [ 84.651228][ T5966] usb 1-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00 [ 84.699682][ T5966] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.093853][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 85.603873][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 85.871243][ T5966] usb 1-1: config 0 descriptor?? [ 85.919665][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 86.175644][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 86.254615][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.263057][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.381558][ T5966] kye 0003:0458:0138.0001: unknown main item tag 0x0 [ 86.394246][ T0] NOHZ tick-stop error: local softirq work is pending, handler #41!!! [ 86.408227][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 86.494151][ T5993] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 86.507671][ T24] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 86.582898][ T5966] kye 0003:0458:0138.0001: unknown main item tag 0x0 [ 86.624233][ T5966] kye 0003:0458:0138.0001: unknown main item tag 0x0 [ 86.675290][ T5966] kye 0003:0458:0138.0001: unknown main item tag 0x0 [ 86.682572][ T5966] kye 0003:0458:0138.0001: unknown main item tag 0x0 [ 86.697334][ T5966] kye 0003:0458:0138.0001: unknown main item tag 0x0 [ 86.719949][ T24] usb 4-1: config 1 interface 0 has no altsetting 0 [ 86.730529][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 86.734934][ T24] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 86.753813][ T5966] kye 0003:0458:0138.0001: unknown main item tag 0x0 [ 86.972991][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.974472][ T3425] cfg80211: failed to load regulatory.db [ 86.985357][ T5966] kye 0003:0458:0138.0001: unknown main item tag 0x0 [ 87.004326][ T24] usb 4-1: Product: syz [ 87.008792][ T24] usb 4-1: Manufacturer: syz [ 87.013588][ T5966] kye 0003:0458:0138.0001: unknown main item tag 0x0 [ 87.029456][ T24] usb 4-1: SerialNumber: syz [ 87.036702][ T5966] kye 0003:0458:0138.0001: unknown main item tag 0x0 [ 87.090516][ T5966] kye 0003:0458:0138.0001: collection stack underflow [ 87.107666][ T5966] kye 0003:0458:0138.0001: item 0 0 0 12 parsing failed [ 87.128420][ T5966] kye 0003:0458:0138.0001: parse failed [ 87.145395][ T5966] kye 0003:0458:0138.0001: probe with driver kye failed with error -22 [ 87.215931][ T5966] usb 1-1: USB disconnect, device number 2 [ 87.512830][ T24] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 87.554869][ T6004] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 89.213913][ T5921] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 89.218611][ T5966] usb 4-1: USB disconnect, device number 2 [ 89.245194][ T5966] usblp0: removed [ 89.441046][ T5921] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 89.454331][ T5921] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.462725][ T5921] usb 2-1: Product: syz [ 89.469629][ T5921] usb 2-1: Manufacturer: syz [ 89.477307][ T5921] usb 2-1: SerialNumber: syz [ 89.541238][ T5921] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 89.555601][ T6027] openvswitch: netlink: Flow key attr not present in new flow. [ 89.581991][ T5863] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 90.896694][ T5921] usb 2-1: USB disconnect, device number 2 [ 90.908275][ T5863] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 90.930059][ T5863] ath9k_htc: Failed to initialize the device [ 90.973884][ T5921] usb 2-1: ath9k_htc: USB layer deinitialized [ 91.843879][ T24] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 92.174347][ T24] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 92.203842][ T24] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 92.214552][ T24] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 92.263909][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.725780][ T24] aiptek 4-1:17.0: Aiptek using 400 ms programming speed [ 92.761501][ T24] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input5 [ 92.987933][ T24] input: failed to attach handler kbd to device input5, error: -5 [ 93.064091][ T24] usb 4-1: USB disconnect, device number 3 [ 93.265078][ T6069] wireguard0: entered promiscuous mode [ 93.271027][ T6069] wireguard0: entered allmulticast mode [ 93.994477][ T6081] random: crng reseeded on system resumption [ 94.250185][ T6087] netlink: 'syz.1.50': attribute type 1 has an invalid length. [ 94.449795][ T6089] vlan2: entered allmulticast mode [ 94.455260][ T6089] veth1: entered allmulticast mode [ 94.930279][ T6096] netlink: 12 bytes leftover after parsing attributes in process `syz.2.53'. [ 96.105306][ T6124] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 96.924761][ T6138] [ 96.927154][ T6138] ====================================================== [ 96.934179][ T6138] WARNING: possible circular locking dependency detected [ 96.941349][ T6138] 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 Not tainted [ 96.948465][ T6138] ------------------------------------------------------ [ 96.955479][ T6138] syz.2.61/6138 is trying to acquire lock: [ 96.961273][ T6138] ffff88801b2ffa20 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0x9e/0x450 [ 96.971553][ T6138] [ 96.971553][ T6138] but task is already holding lock: [ 96.978907][ T6138] ffff888142b300a8 (&q->q_usage_counter(io)#24){++++}-{0:0}, at: lo_ioctl+0x17f2/0x1d00 [ 96.988759][ T6138] [ 96.988759][ T6138] which lock already depends on the new lock. [ 96.988759][ T6138] [ 96.999155][ T6138] [ 96.999155][ T6138] the existing dependency chain (in reverse order) is: [ 97.008254][ T6138] [ 97.008254][ T6138] -> #2 (&q->q_usage_counter(io)#24){++++}-{0:0}: [ 97.016967][ T6138] lock_acquire+0x120/0x360 [ 97.022369][ T6138] blk_alloc_queue+0x538/0x620 [ 97.027648][ T6138] __blk_mq_alloc_disk+0x15c/0x340 [ 97.033277][ T6138] loop_add+0x411/0xad0 [ 97.038123][ T6138] loop_init+0xd9/0x170 [ 97.042799][ T6138] do_one_initcall+0x233/0x820 [ 97.048166][ T6138] do_initcall_level+0x104/0x190 [ 97.053621][ T6138] do_initcalls+0x59/0xa0 [ 97.058806][ T6138] kernel_init_freeable+0x334/0x4b0 [ 97.064605][ T6138] kernel_init+0x1d/0x1d0 [ 97.069453][ T6138] ret_from_fork+0x3f9/0x770 [ 97.074570][ T6138] ret_from_fork_asm+0x1a/0x30 [ 97.080025][ T6138] [ 97.080025][ T6138] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 97.087228][ T6138] lock_acquire+0x120/0x360 [ 97.092252][ T6138] fs_reclaim_acquire+0x72/0x100 [ 97.097708][ T6138] kmem_cache_alloc_noprof+0x44/0x3c0 [ 97.103777][ T6138] __kernfs_iattrs+0xd9/0x320 [ 97.109085][ T6138] kernfs_iop_setattr+0xea/0x3f0 [ 97.114572][ T6138] notify_change+0xb33/0xe40 [ 97.119773][ T6138] do_truncate+0x1a4/0x220 [ 97.124703][ T6138] path_openat+0x306c/0x3830 [ 97.129804][ T6138] do_filp_open+0x1fa/0x410 [ 97.134814][ T6138] do_sys_openat2+0x121/0x1c0 [ 97.140270][ T6138] __x64_sys_openat+0x138/0x170 [ 97.145719][ T6138] do_syscall_64+0xfa/0x3b0 [ 97.150735][ T6138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.157220][ T6138] [ 97.157220][ T6138] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}: [ 97.165754][ T6138] validate_chain+0xb9b/0x2140 [ 97.171035][ T6138] __lock_acquire+0xab9/0xd20 [ 97.176395][ T6138] lock_acquire+0x120/0x360 [ 97.181409][ T6138] down_read+0x46/0x2e0 [ 97.186082][ T6138] kernfs_iop_getattr+0x9e/0x450 [ 97.191537][ T6138] vfs_getattr_nosec+0x2de/0x430 [ 97.196985][ T6138] loop_assign_backing_file+0x222/0x400 [ 97.203058][ T6138] lo_ioctl+0x1860/0x1d00 [ 97.207981][ T6138] lo_compat_ioctl+0x298/0x330 [ 97.213262][ T6138] compat_blkdev_ioctl+0x5d1/0x780 [ 97.219070][ T6138] __ia32_compat_sys_ioctl+0x543/0x840 [ 97.225133][ T6138] __do_fast_syscall_32+0xb6/0x2b0 [ 97.230768][ T6138] do_fast_syscall_32+0x34/0x80 [ 97.236396][ T6138] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 97.243324][ T6138] [ 97.243324][ T6138] other info that might help us debug this: [ 97.243324][ T6138] [ 97.253620][ T6138] Chain exists of: [ 97.253620][ T6138] &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#24 [ 97.253620][ T6138] [ 97.268137][ T6138] Possible unsafe locking scenario: [ 97.268137][ T6138] [ 97.275577][ T6138] CPU0 CPU1 [ 97.281017][ T6138] ---- ---- [ 97.286377][ T6138] lock(&q->q_usage_counter(io)#24); [ 97.291750][ T6138] lock(fs_reclaim); [ 97.298324][ T6138] lock(&q->q_usage_counter(io)#24); [ 97.306379][ T6138] rlock(&root->kernfs_iattr_rwsem); [ 97.311739][ T6138] [ 97.311739][ T6138] *** DEADLOCK *** [ 97.311739][ T6138] [ 97.320389][ T6138] 3 locks held by syz.2.61/6138: [ 97.325482][ T6138] #0: ffff888142b1f400 (&lo->lo_mutex){+.+.}-{4:4}, at: lo_ioctl+0xfbf/0x1d00 [ 97.334791][ T6138] #1: ffff888142b300a8 (&q->q_usage_counter(io)#24){++++}-{0:0}, at: lo_ioctl+0x17f2/0x1d00 [ 97.344969][ T6138] #2: ffff888142b300e0 (&q->q_usage_counter(queue)#19){+.+.}-{0:0}, at: lo_ioctl+0x17f2/0x1d00 [ 97.355421][ T6138] [ 97.355421][ T6138] stack backtrace: [ 97.361401][ T6138] CPU: 0 UID: 0 PID: 6138 Comm: syz.2.61 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) [ 97.361419][ T6138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 97.361435][ T6138] Call Trace: [ 97.361443][ T6138] [ 97.361450][ T6138] dump_stack_lvl+0x189/0x250 [ 97.361473][ T6138] ? __pfx_dump_stack_lvl+0x10/0x10 [ 97.361489][ T6138] ? __pfx__printk+0x10/0x10 [ 97.361512][ T6138] print_circular_bug+0x2ee/0x310 [ 97.361530][ T6138] check_noncircular+0x134/0x160 [ 97.361547][ T6138] validate_chain+0xb9b/0x2140 [ 97.361562][ T6138] ? tomoyo_path_perm+0x1e3/0x4b0 [ 97.361587][ T6138] __lock_acquire+0xab9/0xd20 [ 97.361608][ T6138] ? kernfs_iop_getattr+0x9e/0x450 [ 97.361623][ T6138] lock_acquire+0x120/0x360 [ 97.361642][ T6138] ? kernfs_iop_getattr+0x9e/0x450 [ 97.361659][ T6138] down_read+0x46/0x2e0 [ 97.361681][ T6138] ? kernfs_iop_getattr+0x9e/0x450 [ 97.361696][ T6138] kernfs_iop_getattr+0x9e/0x450 [ 97.361712][ T6138] vfs_getattr_nosec+0x2de/0x430 [ 97.361727][ T6138] loop_assign_backing_file+0x222/0x400 [ 97.361748][ T6138] ? __pfx_loop_assign_backing_file+0x10/0x10 [ 97.361764][ T6138] ? schedule+0x91/0x360 [ 97.361785][ T6138] ? percpu_ref_kill_and_confirm+0xa3/0x130 [ 97.361811][ T6138] lo_ioctl+0x1860/0x1d00 [ 97.361831][ T6138] ? __pfx_lo_ioctl+0x10/0x10 [ 97.361847][ T6138] ? __lock_acquire+0xab9/0xd20 [ 97.361869][ T6138] ? __lock_acquire+0xab9/0xd20 [ 97.361894][ T6138] ? is_bpf_text_address+0x26/0x2b0 [ 97.361916][ T6138] ? is_bpf_text_address+0x292/0x2b0 [ 97.361934][ T6138] ? is_bpf_text_address+0x26/0x2b0 [ 97.361954][ T6138] ? kernel_text_address+0xa5/0xe0 [ 97.361974][ T6138] ? __kernel_text_address+0xd/0x40 [ 97.361997][ T6138] ? unwind_get_return_address+0x4d/0x90 [ 97.362014][ T6138] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 97.362031][ T6138] ? arch_stack_walk+0xfc/0x150 [ 97.362051][ T6138] ? stack_trace_save+0x9c/0xe0 [ 97.362066][ T6138] ? __pfx_stack_trace_save+0x10/0x10 [ 97.362083][ T6138] ? __lock_acquire+0xab9/0xd20 [ 97.362104][ T6138] ? __lock_acquire+0xab9/0xd20 [ 97.362126][ T6138] ? __lock_acquire+0xab9/0xd20 [ 97.362148][ T6138] ? __lock_acquire+0xab9/0xd20 [ 97.362172][ T6138] ? is_bpf_text_address+0x26/0x2b0 [ 97.362192][ T6138] ? is_bpf_text_address+0x292/0x2b0 [ 97.362211][ T6138] ? is_bpf_text_address+0x26/0x2b0 [ 97.362231][ T6138] ? kernel_text_address+0xa5/0xe0 [ 97.362250][ T6138] ? __kernel_text_address+0xd/0x40 [ 97.362268][ T6138] ? unwind_get_return_address+0x4d/0x90 [ 97.362282][ T6138] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 97.362298][ T6138] ? arch_stack_walk+0xfc/0x150 [ 97.362317][ T6138] ? stack_trace_save+0x9c/0xe0 [ 97.362332][ T6138] ? __pfx_stack_trace_save+0x10/0x10 [ 97.362347][ T6138] ? stack_depot_save_flags+0x40/0x860 [ 97.362368][ T6138] ? kasan_save_track+0x4f/0x80 [ 97.362385][ T6138] ? kasan_save_track+0x3e/0x80 [ 97.362400][ T6138] ? kasan_save_free_info+0x46/0x50 [ 97.362414][ T6138] ? __kasan_slab_free+0x5b/0x80 [ 97.362431][ T6138] ? kfree+0x18e/0x440 [ 97.362446][ T6138] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 97.362463][ T6138] ? security_file_ioctl_compat+0xcb/0x2d0 [ 97.362481][ T6138] ? __ia32_compat_sys_ioctl+0x128/0x840 [ 97.362497][ T6138] ? __do_fast_syscall_32+0xb6/0x2b0 [ 97.362517][ T6138] ? do_fast_syscall_32+0x34/0x80 [ 97.362535][ T6138] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 97.362558][ T6138] ? __asan_memset+0x22/0x50 [ 97.362573][ T6138] ? blk_get_meta_cap+0x140/0x710 [ 97.362593][ T6138] lo_compat_ioctl+0x298/0x330 [ 97.362610][ T6138] ? __pfx_lo_compat_ioctl+0x10/0x10 [ 97.362625][ T6138] ? kasan_quarantine_put+0xdd/0x220 [ 97.362643][ T6138] ? blkdev_common_ioctl+0xff7/0x2550 [ 97.362664][ T6138] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 97.362682][ T6138] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 97.362701][ T6138] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 97.362720][ T6138] ? do_vfs_ioctl+0xbe8/0x1430 [ 97.362737][ T6138] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 97.362756][ T6138] ? __lock_acquire+0xab9/0xd20 [ 97.362779][ T6138] ? __pfx_lo_compat_ioctl+0x10/0x10 [ 97.362794][ T6138] compat_blkdev_ioctl+0x5d1/0x780 [ 97.362814][ T6138] ? __fget_files+0x2a/0x420 [ 97.362827][ T6138] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 97.362846][ T6138] ? __fget_files+0x2a/0x420 [ 97.362858][ T6138] ? bpf_lsm_file_ioctl_compat+0x9/0x20 [ 97.362878][ T6138] __ia32_compat_sys_ioctl+0x543/0x840 [ 97.362895][ T6138] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 97.362914][ T6138] ? __se_sys_futex_time32+0x360/0x3e0 [ 97.362937][ T6138] ? lockdep_hardirqs_on+0x9c/0x150 [ 97.362955][ T6138] __do_fast_syscall_32+0xb6/0x2b0 [ 97.362976][ T6138] do_fast_syscall_32+0x34/0x80 [ 97.363001][ T6138] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 97.363017][ T6138] RIP: 0023:0xf709e539 [ 97.363034][ T6138] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 97.363046][ T6138] RSP: 002b:00000000f548e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 97.363061][ T6138] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000004c06 [ 97.363071][ T6138] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000000 [ 97.363079][ T6138] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 97.363087][ T6138] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 97.363096][ T6138] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 97.363108][ T6138] [ 98.087962][ T6142] Zero length message leads to an empty skb