last executing test programs: 40.387927305s ago: executing program 3 (id=12): openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) syz_usb_connect$cdc_ecm(0x0, 0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001, 0x0, r0}, 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r1}, 0x38) socket(0x400000000010, 0x3, 0x0) 39.228657663s ago: executing program 3 (id=13): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x20004, r0, 0x2}) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_smc(0x2b, 0x1, 0x0) pipe(&(0x7f0000000280)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x9) socket$kcm(0x2, 0xa, 0x2) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$can_bcm(0x1d, 0x2, 0x2) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r2], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 36.030318398s ago: executing program 3 (id=16): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r2 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r2, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc) pread64(r1, 0x0, 0x0, 0x10000) close_range(r1, r2, 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000000)={0x28, 0x0, 0xffffffff}, 0xfffffff4) epoll_wait(0xffffffffffffffff, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}], 0x6, 0x7) syz_open_procfs$namespace(0x0, 0x0) socket(0x40000000015, 0x5, 0x0) ioctl$sock_proto_private(r0, 0x89e7, 0x0) 34.92290141s ago: executing program 3 (id=19): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[], 0x44}}, 0x0) r0 = syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_control_io(r0, 0x0, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000019100)='net/fib_trie\x00') pread64(r1, &(0x7f0000000080)=""/102356, 0x18fd4, 0x1c) 31.537603076s ago: executing program 3 (id=25): socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x33, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) geteuid() r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r3, 0x0, 0xcc, &(0x7f0000000140)={@multicast2, @multicast1, 0x0, "aaa517d60f2811d48c8a2cc60c4380bc23b510d442ff13482864280a9c0f4eb5", 0x0, 0xcc, 0xffffffff}, 0x3c) gettid() timer_settime(0x0, 0x0, 0x0, 0x0) r4 = socket(0x40000000015, 0x5, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, 0x0, &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r5, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) bind$inet(r4, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) recvmmsg(r4, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x60010000, 0x0) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) pipe(&(0x7f0000000080)) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000040)='fd', &(0x7f00000000c0)='2', 0x0) 30.614532995s ago: executing program 3 (id=27): r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000140)='3', 0x1}, {0x0}], 0x2) 21.803504083s ago: executing program 4 (id=37): socket$inet_udp(0x2, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0) ioctl$CEC_TRANSMIT(0xffffffffffffffff, 0xc0386105, 0x0) bind$rds(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000340)=[{0x20, 0xc, 0x77, 0xfffff034}, {0x28, 0x80, 0x0, 0x4}, {0x6, 0x0, 0x0, 0x2}]}, 0x8) sendmmsg(r2, 0x0, 0x0, 0x40840) sendmsg$rds(0xffffffffffffffff, &(0x7f0000001380)={&(0x7f00000000c0)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@rdma_map={0x2c, 0x10c, 0x3, {{0x0}, 0x0, 0x10}}, @cswp={0x58, 0x114, 0x7, {{0x7ff80000, 0x101}, 0x0, 0x0, 0x89, 0x4, 0xeb, 0x10000000008a, 0x22, 0x77}}], 0x84}, 0x0) set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x80000001}, 0x50) socket$kcm(0x29, 0x2, 0x0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r4, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0x0, 0x4}, 0x8) 16.852976962s ago: executing program 2 (id=44): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, 0x0, 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000340)) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) ioctl$TCXONC(r3, 0x540a, 0x1) 14.314716561s ago: executing program 32 (id=27): r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000140)='3', 0x1}, {0x0}], 0x2) 14.216172371s ago: executing program 0 (id=48): syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603) ioctl$I2C_RDWR(r0, 0x707, &(0x7f00000000c0)={&(0x7f00000002c0)=[{0x1e, 0x7a00, 0x0, 0x0}, {0x7, 0xa001, 0x0, 0x0}], 0x2}) 14.161227828s ago: executing program 2 (id=49): r0 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ptrace$ARCH_SET_GS(0x1e, r1, &(0x7f0000000040), 0x1001) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000280)={0x1, 0x0, @ioapic={0xe000, 0x4, 0xfffffff7, 0x6, 0x0, [{0x6, 0x49, 0x2d, '\x00', 0x9}, {0x0, 0x6, 0x5b, '\x00', 0x5}, {0x0, 0x2, 0xfe, '\x00', 0x9}, {0xfa, 0x2, 0x5, '\x00', 0x2}, {0x0, 0x6, 0x1, '\x00', 0x2}, {0x32, 0x40, 0x4, '\x00', 0x37}, {0x28, 0x1, 0xf0, '\x00', 0x1}, {0x4, 0x0, 0x1, '\x00', 0x2}, {0x80, 0x7b, 0x80}, {0x95, 0x6, 0x2f}, {0x2, 0x1, 0xf}, {0x80, 0x7, 0x4, '\x00', 0x1}, {0x3, 0x2, 0xf4, '\x00', 0x5}, {0x0, 0x62, 0x9, '\x00', 0x2a}, {0xc, 0x9, 0x9, '\x00', 0x1}, {0x4, 0x4, 0x3, '\x00', 0x2}, {0x4, 0x2, 0x7, '\x00', 0xff}, {0x76, 0x2, 0xf, '\x00', 0x5}, {0x10, 0x9, 0x41, '\x00', 0x8}, {0x8, 0x8, 0x10, '\x00', 0xff}, {0x9, 0x85, 0x8, '\x00', 0x9}, {0x8b, 0x53, 0x81, '\x00', 0xe}, {0x0, 0x3, 0x8, '\x00', 0x1}, {0x2, 0x9, 0x4, '\x00', 0x3}]}}) ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f0000000140)={0x8, 0x48}) socket$inet6(0xa, 0x3, 0x1) unshare(0x6a040000) r6 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000300)=@o_path={&(0x7f00000000c0)='./file0/file0\x00', r0, 0x4000, r6}, 0x14) quotactl$Q_QUOTAOFF(0xffffffff80000302, &(0x7f0000000100)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) ioctl$USBDEVFS_IOCTL(r6, 0xc0105500, &(0x7f0000000000)=@usbdevfs_connect={0x6a0}) socket$inet6_tcp(0xa, 0x1, 0x0) munmap(&(0x7f00007fd000/0x800000)=nil, 0x800000) 11.099311497s ago: executing program 1 (id=51): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x439, 0xffffffff, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801, 0x20401}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_OKEY={0x8, 0x5, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x40008c0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip_mr_vif\x00') preadv(r3, &(0x7f0000004300)=[{&(0x7f0000000040)=""/130, 0x82}], 0x1, 0x78, 0xc) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$bt_hci(r6, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9) r7 = epoll_create1(0x0) ppoll(&(0x7f0000000980)=[{r7, 0x1}], 0x1, 0x0, 0x0, 0x0) r8 = socket$packet(0x11, 0x2, 0x300) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r8, &(0x7f0000000140)={0x4}) fstat(r0, &(0x7f0000000680)) getpriority(0x2, r1) stat(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740)) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000007c0), &(0x7f0000000800)=0xc) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) 10.833529729s ago: executing program 0 (id=52): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) readv(r0, &(0x7f0000000000)=[{&(0x7f0000000580)=""/73, 0x49}], 0x1) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000000/0x1000)=nil, 0x4000}) 10.749626914s ago: executing program 4 (id=53): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000004c0), 0xa8201, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000200)=0x8000) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000001c0), 0x9640, 0x0) ppoll(&(0x7f0000000380)=[{r1}], 0x1, 0x0, 0x0, 0x0) write$dsp(r0, &(0x7f0000002200)="44e211a385424bf02640ba0d3a219de1033222bea86d14dc6bc540f652f0873cec4d2b540364b6e4ff506bf40b976a8485725d9cfab14bb4c91a5fd888b8b983ef960999942529696b90b853c1f1a3b01af9b0cdc6a605c13de44b58eaf66b597768a5a9bccdb34c1aa1c48b2484cf0f1d68f8b5c1d9f6179459a466a2e865c2a66274717ef95f59fcf4d5b05c4540a35bb64a8fab9af3ad51f3c648121e933ea77809f3901ca59ed3e990ff80d87a814eb6fb68e3305fd9420d4a163ad5654ce60386346b6d1154ecef0f4a782c4459c0a8ca7278655e6f806c4bc2e870000bfcb1346232b0ccce39ee18152165cf3f85e87ae23c4113586cf300b39d7589b28372e554f7d748b618bca2a4298d82864e0d8212f4fbd80fd854691ccac21279bb85aacac8a3301ad2ece3d6061dbcc63e4af0fefc68fab6e5319f6d9e6a2708e41e60b2673d62ec952bae35b854fe7e87bc78e2d1a56cc383e5a1783ce35eaa20868d97eb1198ecae2d6375d7cd6992883aa3bbbdcb93b92b6eca3d6cde5baa92a6adda4540d5fce6d4772e5711b3744210587c05833966b300da0a378787ad06e9d5cba6e569b14c013b8428dad38eb6d2bc547615dac42aca90ac891e6db4d1dd029fe628170433f9229a286a814d39afd5a019db11c185b72c34e01ea5e82a5008a059e6791c9b807c4aab4e9807a5a7896a4c5bfa42f15284c1481618461ce3501cf24a722e74923d01bd7d586eec5d5ccba03eee1c8fc83bc5d73675a11eaaebdcd25fb806155f5e669ed8af3267b214f7d23cf8600ab7e909e7347783b94f235ea797d2c1bd83c7f499c04532f2b63a55b336fa9e5305a4a22cdde74360995ffd241c9592043df3dc99dac462dd43443604ffed04b1ee23b6665e0955e0b38fa71f73af930a9762d6d4d762e11df043a78b90f49f1645acffe61094a20b4caaeca22feca5f66c549cfcda38a1a7b6b79b71aba7a696975a257a94344bf65b7b79212a61f465ee55b530582e8b1dc993c379dd40ab5dd860c5828e2c27afae20539978340db55a68897920c1019e75e0b43b4c93cb1061c98f683f8d407fae9b1a87f2f9cd2b8252059ac39766fc174c344c5224b43bbea978d722c93e727292c738b293da0b9f12b4f11c8f354ae91d644131ce3873612146d79fe3ace49c1446a79e0a324f23cc0b6fb673fc6c34315fa0baf03fb5bd36656a2272c9a4d80a312dfbec125af5aacd2faf633650e3ab54f9fd2c6ee76d5abd9fac547fe7880d0dd9341ac0f095c529d3232447a0d1b28c101a2a95c4a9040041fbdf47ff7da3abe4ee7d8acac57b6553e58f1c5f832e7b920ef3708b98e4917f5b855928344da2ad0a9755d3f90d31f3e427bc869a163844b5e38c62302cc2938b03c132caa4d8044ed92680d406b7d635026f38082b26d6d3dfe80e8f659f1101cec8ea74418699a4fedfcd4ce6f2693cce43123c03122f61b62497bc2fdc2307786943feb7325d645657ae5e58d1e2587003ed4712aba34973199238d3f3d29704ba86538a764abb4d69b9efabcd956fa688536e0661a2a2e0fc84d3e4152187fd90dfbd5023aa12e964d1f3bff4e2c2915f2600a3ab701b177bda95ba8203a45182e03cc07db3b20342cd45d4f8954edebb32fb7fdf49d1952477da9ead5d4ba6de96c42f5923e3dce7188b9e9ec1862dd2fd39d256e1de8cd0906f67a8423b29f0b5bf81539828a1f8ae7e747e6b43bd639c6d6a52a29a0e4944f6b07390fc390770154135acf448ed23c507009af66d20b175723069f8eef06c2cd3edc86bd80ebbe2f5cd56c379d655632b62794aa3757ea10fb232414a9477277261879e88c49e8eb5253c91551c13ed725f3551939533d7c131109d10b4300e24db600f8020b10e9aac24d8572873fac24d149398a3306707c5c3de875eca837e140d23b02637ef888d539b6f0c7fd6d97fd8b9edf9a82bf19d75cec625237a6b9716ac0003d1b8c8db5d04f5231bed4aac9e93da9b6bfea002af81eb77a3ef8cab9878fac2574742277e5403e44844e50e64d1471213c724cf14142291a44ff108c1334fd2aa086aff52cdf1e7c53a3c9757a6717ad360137a50c4968865083c132abfc3a5eba97a4387bd5affdf091f8396b443dad822a15150d68a0d9728c548fb793e6c9d5420561fe683b8b5e89227d357873891e95d87db4a33056f3af5aabdffa3cbaacc44bdbcca971d8e84586545ae5b0e5eb5c7fada201db84c3faf06eb3812c560d7b0c680e9c4908837c5fb10627eb828dc34718004c066b8d999d34fe25b831771eda169c2bd54aab176e851db66c2623a01b8ef09c006c9aeb2fc87502231f75f5e4e01cc2674847c4c4eef86afee4ae3646b25d11d885befe01c43a34d60eff675eabefceba4664fbc211b3f014e315ea8e4c95f5088b82c590695616127cf63ebcee2fd78f3856443d3cb529376d34db3db1a6949cb7c80bc403ba92952b694dec72c540763ce3901d262087bf5a16a89c4151ce2d2d97eb77dce3d93d99e087bc5352cbda39935c686cf294c3ba66fab0135acb713281c90d562fc473df7133df5af7d42e183e4b860ee7b624038141ee757cb14db143ef8e8617eb6cb24a0eb73ef230e417d543f4afc5858c43ad20819bf6eda31bd5c258e66e9703a9b1daa8b34f9db16cae43b131ef258da25272320e2b357357b1d12fd87d9a00551185f3d494426d3f33b0ee84e1ae65508b9916fec12805783a857ac5d70a661fce59088437cf991821d3cf5b0db477dc8f6bb38c8455bb628e563ca45cb65383db9ecfc80386cd05f92ab32bf825a0953c101609ca8239b6ef1fb5a7fcc55642f9b2911df108d64b8c72c5bd31645955056968d4917cbab525ae5994b5dcbd33de392081819012a16be8c1b4f164fa6a1c2d88fd957bd62f28a3e87ba1ffcf644116ffdcf26937d4e64b4e87bd4771b9e0a8d8eba4605a8eac0f8e320b1204eeab358a5a5b2caf3e534c28f9da5598fedc5f13b4a7930a569439c3bc43ac5f5195a29280042278f194f84f8e5ee210223f8a486d568fe4a51bf8ef813c1bd02a669e4e0ea79d1e6bad48257ace2e7feba18123a5e67fd7212a341f92061df472db87f1158b0a2088e48a3680edc29ce3d3156108c04e3b16a1cf18cd70c5f5eeeb59824fb869906679eceb4a6ab8ec8733e72db06403f357e128e3383e2b35269b20f032cc21da717ba3febe02fba9f4893074ee2fd98e85499e36ffe2077348bc541548a34bc32fa0f7c00d84cabfd31e5c75b6769a1ba5770c5217cb03d1f0a8c91ba8d524b42c7365e09d94d95cf43f7ec896718f210fd0ba4ef91a5262daf7cd2bae3c2aad3e2eb925bec9ca7c1b874776dc28784a3719cb191cc317ff897698b2667081cc9db30c96c6510766b65c55c5fd4b8564faca924e6f52c2b181561ee5403184a822f0a207d747602f616c5513cabfe55e525b2bce4d662ae0b9ea68c015d6ca87bc752ed3e527826191a36d23e8032e15f65b3d60a517f16c4ece8bc8b09681bad96a5300f7e30e6848612d67ad853bc1523799c568e46b1dfe0d37cbc202c1332718cfadd4d6938bc0bfb21fc15ad19a0506f669d5c8790b685d81c4acbdb8e1b06918e934b459e3f2b46fe0999e6eae4185edac1cb3e85e8b61de24794d339014c03a285a3d7ba91e00bed2d63b0edb933c290ddd62fb1c56b6d08cb99f47dabd72a667805d63a7784450a1bd1af6dfc2ec785ddb8b86fe4a44a7c8f86c4b19a61fdb701a81bd720bb70f8657e256b0f531ab7848b6206ba7cd4c32b866735a4b46091a0bb6c47c923a3efa99a09c0344228ed412f94c4eca96e6bf6ee75f23a1ae8415a892ff19bd190e1d67b8e1212be638eb179176e4074435ed381a7c2faaee9acbcf873823abd906e92f308b36c6c259e43d13b328ded6bf3c1f4a93a76e9a6d0483875456cf8f30eda231d9f26d6b3861a3f2db165758b0d7aacb7b5a8e9f4d775798556cee8dbe8a94fae8df837f71d66a0aaa48df5c36afa9033ec5283e713806d5a07f82729f9e888d309b713db36256757292443f00f1af08058057373ae710d90cefa5872bbeac931ddd145ba9a64997c0bc53cc59a954f8ee2670caac75e2a63b5a1ca6ca6e3f9287f080b271f34b2e63be2ad4c2b85b7c9683245b12491d221314ab2685e2a44787733af58502245e19af646f65dd26b44dda320d583d9ddd6567d6021dc2d7d731963d6cc790d8b082889045cb749de9857ee4388d0f3c2ef83d405d0a2328bd7f76fa4d3d0a2e8238c979babe572ab3e8ae2768ca212bad33249523fa89fc0498f5f29a68aa7aae681e41284f46b47cc996679c4f1d9936647cb9b47ca8dac8e161b5cc0ff29f48f4a42b6a567f1116a5c239e67069b96862e2ba0cb3d424d4c4810cc1f3da1c61f39e7cca3e519159c057a440db9838f9f14351f64ec24c70a21a874da100af89d4753d274bd87c6574de363d44ee5aa37bb360b3acf347b3a72fac5e66c939daf4c6cbfacb43ab73229cc0badacc30b6c771bee9a7a8e36a5839cf5d68ffac084e69cb7bb34f71fc2244e5d16d056f97f581e3c50112e81d8410b6aa6b33b924cbafbc8dcb163f22f0e7b618ecd22296328e3fafdc2366e49a7ab08fa0d5b55c8aaffa8c9fc2899c07cabcf35748b0f30edb03a8a55807b6c73cd0b64cdd1a77ec0dcb8be359715b284a9476a0013d69c825274f45b6ffa59df58ca07756af102a6bb0efa1b4b356f89c504097cf79c76ca07d325375bfac4d7c8483cabd8d7c9141c96948c32ec87c231b69d6776160b8b31dada7e0837b4c2dc2ecb28f9b0400589c12cde99dc7db30a9d4c4f8a904f6b2f2fba1d0c36544f84db803bef904ec5b1f976345f67688df6e2d866d9eda4a87395b8953c0dc1e93ca742d2141b3591bb0bfdb56a0f8eabf710a3479d8b8f7e3f0e73a6fd29fc946909f77a6ad3044495e4d6e661bc633f4eb63204dd9f47ee85676ec0aa8b713819a280c27f086445d62f258379ffd77ced5d2c8cdf7d87135d6806f340a111f42b042058b96daa2633a6975dc0c5580f93a38e3daba8fdfb21fd94ebb30a2e165a75c1788c1cfe2687af2c3d3908514722e19afb385a74d6ac8cb12ca6232cde2e99d4ac651b280e65b3b897e39984a64d55eb4f65ab0912675c3f334d7c7ce6ecd84044125d98ef9eb6cf46c5d5d01b3ba01fa4bb5ff70ba1d18cba8b28f3980fca9c75441ada9122d497ac2e779277edece11bd175bf79657c37b982acb078591520792cf8278b75177ad1aad8133b2e4a61c561b42f6ab11ff8227d75303720d121ad3f3ad2e350b4cbfb6c5476e0f73e58dd25a18f3b50d0b30a629b2f5e053422c5a18decb3ad311ca978dcb53d44c64f43ceec7f803370a9b4b91e837371c4ed274d636423cb", 0xf00) r2 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0xc00, 0x0, 0x374}, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)) io_uring_enter(r2, 0x742f, 0x77ae, 0x1, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r3, 0x5b02, 0x0) read$char_usb(r3, 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) 10.605484046s ago: executing program 1 (id=54): syz_usb_connect$uac2(0x3, 0x0, 0x0, 0x0) syz_usb_control_io$uac3(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x2, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x10}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffffffff, 0xfffffff5}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x240080c1}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0x6}, {0x2, 0xb}, {0xffe0, 0xb}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0xb, 0x5, 0xcac, 0xc}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2404c0f1}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 9.915536451s ago: executing program 2 (id=55): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="340000001100050000000000feffffff07000000", @ANYRES32=r1, @ANYBLOB="003000000000000014001a80100005800c0009"], 0x34}, 0x1, 0x0, 0x0, 0x800c000}, 0x0) 9.801347182s ago: executing program 0 (id=56): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.numa_stat\x00', 0x26e1, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000001c0)=0x3) ioctl$TCSETS(0xffffffffffffffff, 0x5434, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0) mkdir(0x0, 0x22) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) r2 = socket$inet6(0xa, 0x3, 0x3) openat$sysfs(0xffffffffffffff9c, 0x0, 0x103080, 0x103) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000280)={0x0, 0x1, r1, 0x1, 0x80000}) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$IP_VS_SO_SET_TIMEOUT(0xffffffffffffffff, 0x0, 0x48a, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0xffe0) 9.001065403s ago: executing program 4 (id=57): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000200), 0x4, r1}) pipe(&(0x7f0000000200)) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000400)={0x0, &(0x7f0000000140)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000240)={&(0x7f0000000040)=[r3], 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000500)={0x200, 0x1, &(0x7f0000000180)=[r1], &(0x7f0000000200), &(0x7f0000000580)=[r2], &(0x7f0000000040)}) 8.877397224s ago: executing program 4 (id=58): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, 0x0, &(0x7f00000003c0)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000340)) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) ioctl$TCXONC(r3, 0x540a, 0x1) 8.820995333s ago: executing program 2 (id=59): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="00200000f6ffffffff3f0000"], 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={0xffffffffffffffff, 0x18000000000002a0, 0x8, 0x0, &(0x7f00000002c0)="d2ff060060010000", 0x0, 0x40d5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x2108080, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44000) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) pipe(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x101121) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) r5 = syz_io_uring_setup(0x1c58, &(0x7f0000000300)={0x0, 0x84ac1, 0x10000, 0x2, 0x3f, 0x0, r4}, &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)) io_uring_enter(r5, 0x2dec, 0x4800, 0x2, 0x0, 0x0) pselect6(0x2a, 0x0, 0x0, &(0x7f00000002c0)={0x3ff, 0x1000000, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) unshare(0x26020480) 6.727200678s ago: executing program 4 (id=60): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"}) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x103000, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x4, r2, 0x80000}) ioctl$DMA_BUF_SET_NAME_A(r4, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') ioctl$DMA_BUF_IOCTL_SYNC(r4, 0x40086200, &(0x7f0000000540)=0x1) close_range(r2, r3, 0x0) 6.56164107s ago: executing program 1 (id=61): r0 = openat(0xffffffffffffffff, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x20) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x4, 0x4, 0x39c, 0xffffffff, 0x0, 0x0, 0x0, 0xfeffffff, 0xffffffff, 0x2d4, 0x2d4, 0x2d4, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xfc, 0x120, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'team0\x00', {0x6d, 0x6, 0x81, 0x9, 0x8, 0xf, 0x5, 0x20, 0x80}, {0x7}}}]}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x5}}}, {{@uncond, 0x0, 0xa4, 0xc8}, @REJECT={0x24}}, {{@uncond, 0x0, 0xc8, 0xec, 0x0, {}, [@common=@inet=@dscp={{0x24}, {0x4, 0x1}}]}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x6}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x40c) setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f00000004c0)=ANY=[@ANYBLOB="891e000000000000050200014e3f13ecc03c42ca011fa547d27b85e27c3405a6218efb4655c432114884992a8e108c1d20a632895ea921c99a27173b390c23c12e8d38b5bfdc96bfa7bbbafb8001050000000000050200020401030189ced2cdacb01fdd79dbe0296bdcba0dc7d8d119da1577c33fc5f42c02f249f9207fe8104a62acd544a54455d70f4df32f2937665f7133b50dd65f40b05bb91972c5bfd6548f54fcd96d560784abc4312f78ab548b047d9f07185003a05dd2b34a1e9a3ff77c5277239ef62e97657b71b837af150a545314ff8869f4b5ef5b18a5e1825bb2847a6e7196c910fc0100000000000000000000000000000502000400010000"], 0x100) epoll_pwait2(r0, 0x0, 0x0, 0x0, 0x0, 0x0) preadv(r0, &(0x7f0000001b00)=[{&(0x7f00000009c0)=""/239, 0xef}], 0x1, 0x2, 0x0) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x35c, 0x0) socket(0x2, 0x80805, 0x0) r2 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000680)=ANY=[@ANYBLOB="12011001000000405e049d000000000000010902240001000040110904ff0082030001000921fd6f100122eb00090581031000fc00b617e9d967bf381bbac19bab77d1f98f3403cc8b053655b17e33218e5eb374275fcbffc7010fcd8b5df730c4ca01350d5fa9a61ad6d19790b9c856c6d6d0549ea5b2ee911c1050d4a0a96687cc50233dd0066cb649633ad79d82fa9642deba4cd423a560c818dc3730d61e2b4171592254c52acbe2c57db0f4224e694c3a258ffe62a363b84cc33dadb8225187cc5a88a8b54b8c86e1de4f1d84d80b4689ab27181f845a040fe7d990b5b540f2a8193835efc61b1a639453d1"], 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x371, {0x9}}}, &(0x7f0000000080)={0xffffffffffffffeb, 0x0, 0x0, 0x0, 0x0, 0x0}) 6.408773952s ago: executing program 4 (id=62): socket$inet_udp(0x2, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0) ioctl$CEC_TRANSMIT(0xffffffffffffffff, 0xc0386105, 0x0) bind$rds(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000340)=[{0x20, 0xc, 0x77, 0xfffff034}, {0x28, 0x80, 0x0, 0x4}, {0x6, 0x0, 0x0, 0x2}]}, 0x8) sendmmsg(r2, 0x0, 0x0, 0x40840) sendmsg$rds(0xffffffffffffffff, &(0x7f0000001380)={&(0x7f00000000c0)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@rdma_map={0x2c, 0x10c, 0x3, {{0x0}, 0x0, 0x10}}, @cswp={0x58, 0x114, 0x7, {{0x7ff80000, 0x101}, 0x0, 0x0, 0x89, 0x4, 0xeb, 0x10000000008a, 0x22, 0x77}}], 0x84}, 0x0) set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x80000001}, 0x50) socket$kcm(0x29, 0x2, 0x0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r4, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0x0, 0x4}, 0x8) 5.529768566s ago: executing program 2 (id=63): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, 0x0) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000600)) r3 = dup(r1) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x220002, 0x0) r5 = fcntl$dupfd(r0, 0x0, r4) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/251, 0x0, 0xe000}) ioctl$VHOST_NET_SET_BACKEND(r5, 0x4008af30, &(0x7f0000000080)={0x0, r3}) 4.528912354s ago: executing program 0 (id=64): r0 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ptrace$ARCH_SET_GS(0x1e, r1, &(0x7f0000000040), 0x1001) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000280)={0x1, 0x0, @ioapic={0xe000, 0x4, 0xfffffff7, 0x6, 0x0, [{0x6, 0x49, 0x2d, '\x00', 0x9}, {0x0, 0x6, 0x5b, '\x00', 0x5}, {0x0, 0x2, 0xfe, '\x00', 0x9}, {0xfa, 0x2, 0x5, '\x00', 0x2}, {0x0, 0x6, 0x1, '\x00', 0x2}, {0x32, 0x40, 0x4, '\x00', 0x37}, {0x28, 0x1, 0xf0, '\x00', 0x1}, {0x4, 0x0, 0x1, '\x00', 0x2}, {0x80, 0x7b, 0x80}, {0x95, 0x6, 0x2f}, {0x2, 0x1, 0xf}, {0x80, 0x7, 0x4, '\x00', 0x1}, {0x3, 0x2, 0xf4, '\x00', 0x5}, {0x0, 0x62, 0x9, '\x00', 0x2a}, {0xc, 0x9, 0x9, '\x00', 0x1}, {0x4, 0x4, 0x3, '\x00', 0x2}, {0x4, 0x2, 0x7, '\x00', 0xff}, {0x76, 0x2, 0xf, '\x00', 0x5}, {0x10, 0x9, 0x41, '\x00', 0x8}, {0x8, 0x8, 0x10, '\x00', 0xff}, {0x9, 0x85, 0x8, '\x00', 0x9}, {0x8b, 0x53, 0x81, '\x00', 0xe}, {0x0, 0x3, 0x8, '\x00', 0x1}, {0x2, 0x9, 0x4, '\x00', 0x3}]}}) ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f0000000140)={0x8, 0x48}) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000c40)=@mangle={'mangle\x00', 0x64, 0x6, 0x5b4, 0xc8, 0x2e4, 0x2e4, 0x40c, 0x0, 0x4ec, 0x4ec, 0x4ec, 0x4ec, 0x4ec, 0x6, 0x0, {[{{@uncond, 0x0, 0xa4, 0xc8}, @unspec=@CHECKSUM={0x24}}, {{@ipv6={@mcast1, @local, [0x0, 0xffffffff], [], 'macvtap0\x00', 'vlan0\x00', {}, {}, 0x6, 0x0, 0x0, 0x51}, 0x0, 0xc8, 0x104, 0x0, {}, [@common=@inet=@socket3={{0x24}, 0x4}]}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@local, @loopback, [], [], 'vlan0\x00', 'syzkaller0\x00', {0xff}}, 0x0, 0xf4, 0x118, 0x0, {}, [@common=@unspec=@connmark={{0x2c}}, @inet=@rpfilter={{0x24}, {0x4}}]}, @HL={0x24, 'HL\x00', 0x0, {0x2, 0x8}}}, {{@uncond, 0x0, 0x104, 0x128, 0x0, {}, [@common=@ah={{0x30}, {[0x4d6, 0x4d6], 0x4, 0xf, 0x3}}, @common=@frag={{0x30}, {[0x4, 0xb99], 0x5, 0x1, 0x1}}]}, @HL={0x24, 'HL\x00', 0x0, {0x3, 0x81}}}, {{@uncond, 0x0, 0xa4, 0xe0}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0xfc}, 0x3}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x610) unshare(0x6a040000) r6 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000300)=@o_path={&(0x7f00000000c0)='./file0/file0\x00', r0, 0x4000, r6}, 0x14) quotactl$Q_QUOTAOFF(0xffffffff80000302, &(0x7f0000000100)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) ioctl$USBDEVFS_IOCTL(r6, 0xc0105500, &(0x7f0000000000)=@usbdevfs_connect={0x6a0}) socket$inet6_tcp(0xa, 0x1, 0x0) munmap(&(0x7f00007fd000/0x800000)=nil, 0x800000) 3.109172521s ago: executing program 1 (id=65): socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)) syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x0) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f00000001c0)={0x6, 0x2fc, 0x0, 0x0}) unshare(0x22020600) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) 2.318662935s ago: executing program 2 (id=66): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000004c0), 0xa8201, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000200)=0x8000) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000001c0), 0x9640, 0x0) ppoll(&(0x7f0000000380)=[{r1}], 0x1, 0x0, 0x0, 0x0) write$dsp(r0, &(0x7f0000002200)="44e211a385424bf02640ba0d3a219de1033222bea86d14dc6bc540f652f0873cec4d2b540364b6e4ff506bf40b976a8485725d9cfab14bb4c91a5fd888b8b983ef960999942529696b90b853c1f1a3b01af9b0cdc6a605c13de44b58eaf66b597768a5a9bccdb34c1aa1c48b2484cf0f1d68f8b5c1d9f6179459a466a2e865c2a66274717ef95f59fcf4d5b05c4540a35bb64a8fab9af3ad51f3c648121e933ea77809f3901ca59ed3e990ff80d87a814eb6fb68e3305fd9420d4a163ad5654ce60386346b6d1154ecef0f4a782c4459c0a8ca7278655e6f806c4bc2e870000bfcb1346232b0ccce39ee18152165cf3f85e87ae23c4113586cf300b39d7589b28372e554f7d748b618bca2a4298d82864e0d8212f4fbd80fd854691ccac21279bb85aacac8a3301ad2ece3d6061dbcc63e4af0fefc68fab6e5319f6d9e6a2708e41e60b2673d62ec952bae35b854fe7e87bc78e2d1a56cc383e5a1783ce35eaa20868d97eb1198ecae2d6375d7cd6992883aa3bbbdcb93b92b6eca3d6cde5baa92a6adda4540d5fce6d4772e5711b3744210587c05833966b300da0a378787ad06e9d5cba6e569b14c013b8428dad38eb6d2bc547615dac42aca90ac891e6db4d1dd029fe628170433f9229a286a814d39afd5a019db11c185b72c34e01ea5e82a5008a059e6791c9b807c4aab4e9807a5a7896a4c5bfa42f15284c1481618461ce3501cf24a722e74923d01bd7d586eec5d5ccba03eee1c8fc83bc5d73675a11eaaebdcd25fb806155f5e669ed8af3267b214f7d23cf8600ab7e909e7347783b94f235ea797d2c1bd83c7f499c04532f2b63a55b336fa9e5305a4a22cdde74360995ffd241c9592043df3dc99dac462dd43443604ffed04b1ee23b6665e0955e0b38fa71f73af930a9762d6d4d762e11df043a78b90f49f1645acffe61094a20b4caaeca22feca5f66c549cfcda38a1a7b6b79b71aba7a696975a257a94344bf65b7b79212a61f465ee55b530582e8b1dc993c379dd40ab5dd860c5828e2c27afae20539978340db55a68897920c1019e75e0b43b4c93cb1061c98f683f8d407fae9b1a87f2f9cd2b8252059ac39766fc174c344c5224b43bbea978d722c93e727292c738b293da0b9f12b4f11c8f354ae91d644131ce3873612146d79fe3ace49c1446a79e0a324f23cc0b6fb673fc6c34315fa0baf03fb5bd36656a2272c9a4d80a312dfbec125af5aacd2faf633650e3ab54f9fd2c6ee76d5abd9fac547fe7880d0dd9341ac0f095c529d3232447a0d1b28c101a2a95c4a9040041fbdf47ff7da3abe4ee7d8acac57b6553e58f1c5f832e7b920ef3708b98e4917f5b855928344da2ad0a9755d3f90d31f3e427bc869a163844b5e38c62302cc2938b03c132caa4d8044ed92680d406b7d635026f38082b26d6d3dfe80e8f659f1101cec8ea74418699a4fedfcd4ce6f2693cce43123c03122f61b62497bc2fdc2307786943feb7325d645657ae5e58d1e2587003ed4712aba34973199238d3f3d29704ba86538a764abb4d69b9efabcd956fa688536e0661a2a2e0fc84d3e4152187fd90dfbd5023aa12e964d1f3bff4e2c2915f2600a3ab701b177bda95ba8203a45182e03cc07db3b20342cd45d4f8954edebb32fb7fdf49d1952477da9ead5d4ba6de96c42f5923e3dce7188b9e9ec1862dd2fd39d256e1de8cd0906f67a8423b29f0b5bf81539828a1f8ae7e747e6b43bd639c6d6a52a29a0e4944f6b07390fc390770154135acf448ed23c507009af66d20b175723069f8eef06c2cd3edc86bd80ebbe2f5cd56c379d655632b62794aa3757ea10fb232414a9477277261879e88c49e8eb5253c91551c13ed725f3551939533d7c131109d10b4300e24db600f8020b10e9aac24d8572873fac24d149398a3306707c5c3de875eca837e140d23b02637ef888d539b6f0c7fd6d97fd8b9edf9a82bf19d75cec625237a6b9716ac0003d1b8c8db5d04f5231bed4aac9e93da9b6bfea002af81eb77a3ef8cab9878fac2574742277e5403e44844e50e64d1471213c724cf14142291a44ff108c1334fd2aa086aff52cdf1e7c53a3c9757a6717ad360137a50c4968865083c132abfc3a5eba97a4387bd5affdf091f8396b443dad822a15150d68a0d9728c548fb793e6c9d5420561fe683b8b5e89227d357873891e95d87db4a33056f3af5aabdffa3cbaacc44bdbcca971d8e84586545ae5b0e5eb5c7fada201db84c3faf06eb3812c560d7b0c680e9c4908837c5fb10627eb828dc34718004c066b8d999d34fe25b831771eda169c2bd54aab176e851db66c2623a01b8ef09c006c9aeb2fc87502231f75f5e4e01cc2674847c4c4eef86afee4ae3646b25d11d885befe01c43a34d60eff675eabefceba4664fbc211b3f014e315ea8e4c95f5088b82c590695616127cf63ebcee2fd78f3856443d3cb529376d34db3db1a6949cb7c80bc403ba92952b694dec72c540763ce3901d262087bf5a16a89c4151ce2d2d97eb77dce3d93d99e087bc5352cbda39935c686cf294c3ba66fab0135acb713281c90d562fc473df7133df5af7d42e183e4b860ee7b624038141ee757cb14db143ef8e8617eb6cb24a0eb73ef230e417d543f4afc5858c43ad20819bf6eda31bd5c258e66e9703a9b1daa8b34f9db16cae43b131ef258da25272320e2b357357b1d12fd87d9a00551185f3d494426d3f33b0ee84e1ae65508b9916fec12805783a857ac5d70a661fce59088437cf991821d3cf5b0db477dc8f6bb38c8455bb628e563ca45cb65383db9ecfc80386cd05f92ab32bf825a0953c101609ca8239b6ef1fb5a7fcc55642f9b2911df108d64b8c72c5bd31645955056968d4917cbab525ae5994b5dcbd33de392081819012a16be8c1b4f164fa6a1c2d88fd957bd62f28a3e87ba1ffcf644116ffdcf26937d4e64b4e87bd4771b9e0a8d8eba4605a8eac0f8e320b1204eeab358a5a5b2caf3e534c28f9da5598fedc5f13b4a7930a569439c3bc43ac5f5195a29280042278f194f84f8e5ee210223f8a486d568fe4a51bf8ef813c1bd02a669e4e0ea79d1e6bad48257ace2e7feba18123a5e67fd7212a341f92061df472db87f1158b0a2088e48a3680edc29ce3d3156108c04e3b16a1cf18cd70c5f5eeeb59824fb869906679eceb4a6ab8ec8733e72db06403f357e128e3383e2b35269b20f032cc21da717ba3febe02fba9f4893074ee2fd98e85499e36ffe2077348bc541548a34bc32fa0f7c00d84cabfd31e5c75b6769a1ba5770c5217cb03d1f0a8c91ba8d524b42c7365e09d94d95cf43f7ec896718f210fd0ba4ef91a5262daf7cd2bae3c2aad3e2eb925bec9ca7c1b874776dc28784a3719cb191cc317ff897698b2667081cc9db30c96c6510766b65c55c5fd4b8564faca924e6f52c2b181561ee5403184a822f0a207d747602f616c5513cabfe55e525b2bce4d662ae0b9ea68c015d6ca87bc752ed3e527826191a36d23e8032e15f65b3d60a517f16c4ece8bc8b09681bad96a5300f7e30e6848612d67ad853bc1523799c568e46b1dfe0d37cbc202c1332718cfadd4d6938bc0bfb21fc15ad19a0506f669d5c8790b685d81c4acbdb8e1b06918e934b459e3f2b46fe0999e6eae4185edac1cb3e85e8b61de24794d339014c03a285a3d7ba91e00bed2d63b0edb933c290ddd62fb1c56b6d08cb99f47dabd72a667805d63a7784450a1bd1af6dfc2ec785ddb8b86fe4a44a7c8f86c4b19a61fdb701a81bd720bb70f8657e256b0f531ab7848b6206ba7cd4c32b866735a4b46091a0bb6c47c923a3efa99a09c0344228ed412f94c4eca96e6bf6ee75f23a1ae8415a892ff19bd190e1d67b8e1212be638eb179176e4074435ed381a7c2faaee9acbcf873823abd906e92f308b36c6c259e43d13b328ded6bf3c1f4a93a76e9a6d0483875456cf8f30eda231d9f26d6b3861a3f2db165758b0d7aacb7b5a8e9f4d775798556cee8dbe8a94fae8df837f71d66a0aaa48df5c36afa9033ec5283e713806d5a07f82729f9e888d309b713db36256757292443f00f1af08058057373ae710d90cefa5872bbeac931ddd145ba9a64997c0bc53cc59a954f8ee2670caac75e2a63b5a1ca6ca6e3f9287f080b271f34b2e63be2ad4c2b85b7c9683245b12491d221314ab2685e2a44787733af58502245e19af646f65dd26b44dda320d583d9ddd6567d6021dc2d7d731963d6cc790d8b082889045cb749de9857ee4388d0f3c2ef83d405d0a2328bd7f76fa4d3d0a2e8238c979babe572ab3e8ae2768ca212bad33249523fa89fc0498f5f29a68aa7aae681e41284f46b47cc996679c4f1d9936647cb9b47ca8dac8e161b5cc0ff29f48f4a42b6a567f1116a5c239e67069b96862e2ba0cb3d424d4c4810cc1f3da1c61f39e7cca3e519159c057a440db9838f9f14351f64ec24c70a21a874da100af89d4753d274bd87c6574de363d44ee5aa37bb360b3acf347b3a72fac5e66c939daf4c6cbfacb43ab73229cc0badacc30b6c771bee9a7a8e36a5839cf5d68ffac084e69cb7bb34f71fc2244e5d16d056f97f581e3c50112e81d8410b6aa6b33b924cbafbc8dcb163f22f0e7b618ecd22296328e3fafdc2366e49a7ab08fa0d5b55c8aaffa8c9fc2899c07cabcf35748b0f30edb03a8a55807b6c73cd0b64cdd1a77ec0dcb8be359715b284a9476a0013d69c825274f45b6ffa59df58ca07756af102a6bb0efa1b4b356f89c504097cf79c76ca07d325375bfac4d7c8483cabd8d7c9141c96948c32ec87c231b69d6776160b8b31dada7e0837b4c2dc2ecb28f9b0400589c12cde99dc7db30a9d4c4f8a904f6b2f2fba1d0c36544f84db803bef904ec5b1f976345f67688df6e2d866d9eda4a87395b8953c0dc1e93ca742d2141b3591bb0bfdb56a0f8eabf710a3479d8b8f7e3f0e73a6fd29fc946909f77a6ad3044495e4d6e661bc633f4eb63204dd9f47ee85676ec0aa8b713819a280c27f086445d62f258379ffd77ced5d2c8cdf7d87135d6806f340a111f42b042058b96daa2633a6975dc0c5580f93a38e3daba8fdfb21fd94ebb30a2e165a75c1788c1cfe2687af2c3d3908514722e19afb385a74d6ac8cb12ca6232cde2e99d4ac651b280e65b3b897e39984a64d55eb4f65ab0912675c3f334d7c7ce6ecd84044125d98ef9eb6cf46c5d5d01b3ba01fa4bb5ff70ba1d18cba8b28f3980fca9c75441ada9122d497ac2e779277edece11bd175bf79657c37b982acb078591520792cf8278b75177ad1aad8133b2e4a61c561b42f6ab11ff8227d75303720d121ad3f3ad2e350b4cbfb6c5476e0f73e58dd25a18f3b50d0b30a629b2f5e053422c5a18decb3ad311ca978dcb53d44c64f43ceec7f803370a9b4b91e837371c4ed274d636423cb", 0xf00) r2 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0xc00, 0x0, 0x374}, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)) io_uring_enter(r2, 0x742f, 0x77ae, 0x1, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r3, 0x5b02, 0x0) read$char_usb(r3, 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) 2.156061289s ago: executing program 0 (id=67): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000200), 0x4, r1}) pipe(&(0x7f0000000200)) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000400)={0x0, &(0x7f0000000140)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000240)={&(0x7f0000000040)=[r3], 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000500)={0x200, 0x1, &(0x7f0000000180)=[r1], &(0x7f0000000200), &(0x7f0000000580)=[r2], &(0x7f0000000040)}) 1.969538231s ago: executing program 1 (id=68): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="340000001100050000000000feffffff07000000", @ANYRES32=r1, @ANYBLOB="003000000000000014001a80100005800c0009"], 0x34}, 0x1, 0x0, 0x0, 0x800c000}, 0x0) 1.823753309s ago: executing program 0 (id=69): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, 0x0, &(0x7f00000003c0)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000340)) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) ioctl$TCXONC(r3, 0x540a, 0x1) 0s ago: executing program 1 (id=70): bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x33, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) geteuid() r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r3, 0x0, 0xcc, &(0x7f0000000140)={@multicast2, @multicast1, 0x0, "aaa517d60f2811d48c8a2cc60c4380bc23b510d442ff13482864280a9c0f4eb5", 0x0, 0xcc, 0xffffffff}, 0x3c) r4 = socket(0x23, 0x5, 0x0) listen(r4, 0x0) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) accept4$inet6(r4, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.73' (ED25519) to the list of known hosts. [ 81.197165][ T5809] cgroup: Unknown subsys name 'net' [ 81.437999][ T5809] cgroup: Unknown subsys name 'cpuset' [ 81.493072][ T5809] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.431772][ T5809] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.870016][ T5824] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.883746][ T5824] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.887392][ T5824] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.890744][ T5824] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.921223][ T60] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.924177][ T60] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.937472][ T60] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.942240][ T60] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.946527][ T5143] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.968335][ T60] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.057882][ T60] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.066087][ T60] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.068460][ T60] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.073474][ T60] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.074781][ T60] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.150064][ T5833] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.159842][ T5833] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.162446][ T5833] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.167392][ T5833] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.170516][ T5833] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.174354][ T5833] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 86.179216][ T5833] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 86.180775][ T5833] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 86.196122][ T5824] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 86.200239][ T5824] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 87.195985][ T822] cfg80211: failed to load regulatory.db [ 87.406096][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 87.486659][ T5822] chnl_net:caif_netlink_parms(): no params data found [ 87.629406][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 87.640906][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 87.717032][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 87.974290][ T5824] Bluetooth: hci0: command tx timeout [ 87.987736][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.989244][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.989536][ T5826] bridge_slave_0: entered allmulticast mode [ 87.993293][ T5826] bridge_slave_0: entered promiscuous mode [ 88.021169][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.021367][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.021539][ T5822] bridge_slave_0: entered allmulticast mode [ 88.034819][ T5822] bridge_slave_0: entered promiscuous mode [ 88.062375][ T5824] Bluetooth: hci1: command tx timeout [ 88.081911][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.082126][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.083061][ T5826] bridge_slave_1: entered allmulticast mode [ 88.086678][ T5826] bridge_slave_1: entered promiscuous mode [ 88.111665][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.111858][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.112033][ T5822] bridge_slave_1: entered allmulticast mode [ 88.118773][ T5822] bridge_slave_1: entered promiscuous mode [ 88.206319][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.206611][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.206776][ T5827] bridge_slave_0: entered allmulticast mode [ 88.208925][ T5827] bridge_slave_0: entered promiscuous mode [ 88.213003][ T5824] Bluetooth: hci2: command tx timeout [ 88.214533][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.214833][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.215091][ T5830] bridge_slave_0: entered allmulticast mode [ 88.219848][ T5830] bridge_slave_0: entered promiscuous mode [ 88.289434][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.289804][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.289990][ T5827] bridge_slave_1: entered allmulticast mode [ 88.292083][ T5827] bridge_slave_1: entered promiscuous mode [ 88.296009][ T5824] Bluetooth: hci4: command tx timeout [ 88.297405][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.297793][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.298051][ T5830] bridge_slave_1: entered allmulticast mode [ 88.301483][ T5830] bridge_slave_1: entered promiscuous mode [ 88.302990][ T5824] Bluetooth: hci3: command tx timeout [ 88.317120][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.317520][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.317817][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.318062][ T5831] bridge_slave_0: entered allmulticast mode [ 88.323986][ T5831] bridge_slave_0: entered promiscuous mode [ 88.344543][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.405048][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.405448][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.405694][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.405858][ T5831] bridge_slave_1: entered allmulticast mode [ 88.407897][ T5831] bridge_slave_1: entered promiscuous mode [ 88.415641][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.518503][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.529813][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.588922][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.593384][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.601148][ T5826] team0: Port device team_slave_0 added [ 88.609771][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.622694][ T5822] team0: Port device team_slave_0 added [ 88.663784][ T5826] team0: Port device team_slave_1 added [ 88.667556][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.670453][ T5822] team0: Port device team_slave_1 added [ 88.761135][ T5827] team0: Port device team_slave_0 added [ 88.767030][ T5830] team0: Port device team_slave_0 added [ 88.838805][ T5827] team0: Port device team_slave_1 added [ 88.841733][ T5830] team0: Port device team_slave_1 added [ 88.845194][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.845209][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.845240][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.858903][ T5831] team0: Port device team_slave_0 added [ 88.862903][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.862917][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.862939][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.919663][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.919680][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.919704][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.925685][ T5831] team0: Port device team_slave_1 added [ 88.927944][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.927957][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.927979][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.045927][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.045941][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.045957][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.048672][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.048684][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.048699][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.092684][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.092701][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.092724][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.099562][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.099577][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.099599][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.105247][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.105261][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.105282][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.167854][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.167870][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.167894][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.680693][ T5826] hsr_slave_0: entered promiscuous mode [ 89.683063][ T5826] hsr_slave_1: entered promiscuous mode [ 89.700820][ T5822] hsr_slave_0: entered promiscuous mode [ 89.702802][ T5822] hsr_slave_1: entered promiscuous mode [ 89.704687][ T5822] debugfs: 'hsr0' already exists in 'hsr' [ 89.704790][ T5822] Cannot create hsr debugfs directory [ 89.805275][ T5827] hsr_slave_0: entered promiscuous mode [ 89.806696][ T5827] hsr_slave_1: entered promiscuous mode [ 89.807877][ T5827] debugfs: 'hsr0' already exists in 'hsr' [ 89.807902][ T5827] Cannot create hsr debugfs directory [ 89.843727][ T5830] hsr_slave_0: entered promiscuous mode [ 89.845198][ T5830] hsr_slave_1: entered promiscuous mode [ 89.846320][ T5830] debugfs: 'hsr0' already exists in 'hsr' [ 89.846345][ T5830] Cannot create hsr debugfs directory [ 89.924712][ T5831] hsr_slave_0: entered promiscuous mode [ 89.926201][ T5831] hsr_slave_1: entered promiscuous mode [ 89.927320][ T5831] debugfs: 'hsr0' already exists in 'hsr' [ 89.927345][ T5831] Cannot create hsr debugfs directory [ 90.054056][ T5824] Bluetooth: hci0: command tx timeout [ 90.132384][ T5824] Bluetooth: hci1: command tx timeout [ 90.292803][ T5824] Bluetooth: hci2: command tx timeout [ 90.373579][ T5143] Bluetooth: hci4: command tx timeout [ 90.373690][ T5824] Bluetooth: hci3: command tx timeout [ 91.065981][ T5826] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 91.107534][ T5826] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 91.121762][ T5826] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 91.158682][ T5826] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 91.170709][ T5826] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 91.197711][ T5826] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 91.219122][ T5826] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 91.246667][ T5826] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 91.349817][ T5830] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 91.398740][ T5830] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 91.404097][ T5830] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 91.446509][ T5830] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 91.462857][ T5830] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 91.501025][ T5830] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 91.527446][ T5830] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 91.556877][ T5830] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 91.709598][ T5822] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 91.754436][ T5822] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 91.776514][ T5822] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 91.807389][ T5822] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 91.816722][ T5822] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 91.848745][ T5822] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 91.875721][ T5822] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 91.909386][ T5822] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 92.120299][ T5831] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.133634][ T5824] Bluetooth: hci0: command tx timeout [ 92.159294][ T5831] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 92.172058][ T5831] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.207406][ T5831] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 92.212991][ T5824] Bluetooth: hci1: command tx timeout [ 92.222987][ T5831] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.257009][ T5831] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 92.287437][ T5831] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.328542][ T5831] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 92.372428][ T5824] Bluetooth: hci2: command tx timeout [ 92.453671][ T5824] Bluetooth: hci3: command tx timeout [ 92.453693][ T5143] Bluetooth: hci4: command tx timeout [ 92.535614][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.575891][ T5827] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.628192][ T5827] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 92.635360][ T5827] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.680237][ T5827] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 92.710859][ T5827] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 92.747683][ T5827] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 92.764613][ T5827] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 92.806405][ T5827] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 92.887872][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.929659][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.979735][ T1120] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.979948][ T1120] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.063119][ T151] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.063368][ T151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.119833][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.184293][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.195608][ T151] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.195761][ T151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.254682][ T151] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.256880][ T151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.350345][ T5822] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.396794][ T1117] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.396968][ T1117] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.443195][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.471441][ T151] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.471546][ T151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.667639][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.788847][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.797203][ T1120] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.797434][ T1120] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.899971][ T94] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.900073][ T94] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.025048][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.104827][ T1120] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.105035][ T1120] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.135733][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.212782][ T5824] Bluetooth: hci0: command tx timeout [ 94.233644][ T2231] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.233826][ T2231] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.292457][ T5824] Bluetooth: hci1: command tx timeout [ 94.454090][ T5824] Bluetooth: hci2: command tx timeout [ 94.470843][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.533221][ T5824] Bluetooth: hci4: command tx timeout [ 94.533256][ T5824] Bluetooth: hci3: command tx timeout [ 94.779228][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.098019][ T5830] veth0_vlan: entered promiscuous mode [ 95.141868][ T5826] veth0_vlan: entered promiscuous mode [ 95.186224][ T5830] veth1_vlan: entered promiscuous mode [ 95.210883][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.227921][ T5826] veth1_vlan: entered promiscuous mode [ 95.300362][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.300914][ T5822] veth0_vlan: entered promiscuous mode [ 95.376840][ T5822] veth1_vlan: entered promiscuous mode [ 95.430477][ T5830] veth0_macvtap: entered promiscuous mode [ 95.467016][ T5826] veth0_macvtap: entered promiscuous mode [ 95.499352][ T5830] veth1_macvtap: entered promiscuous mode [ 95.533038][ T5826] veth1_macvtap: entered promiscuous mode [ 95.569851][ T5831] veth0_vlan: entered promiscuous mode [ 95.655263][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.676812][ T5831] veth1_vlan: entered promiscuous mode [ 95.684392][ T5827] veth0_vlan: entered promiscuous mode [ 95.691309][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.705544][ T5822] veth0_macvtap: entered promiscuous mode [ 95.730421][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.761484][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.765516][ T5822] veth1_macvtap: entered promiscuous mode [ 95.800332][ T151] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.818528][ T5827] veth1_vlan: entered promiscuous mode [ 95.826677][ T215] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.851217][ T215] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.866381][ T215] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.870824][ T215] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.894768][ T215] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.950658][ T215] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.971593][ T215] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.990998][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.190089][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.314522][ T5831] veth0_macvtap: entered promiscuous mode [ 96.451211][ T215] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.497815][ T5831] veth1_macvtap: entered promiscuous mode [ 96.504443][ T215] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.521751][ T215] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.546218][ T215] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.585731][ T5827] veth0_macvtap: entered promiscuous mode [ 96.705322][ T5827] veth1_macvtap: entered promiscuous mode [ 96.710179][ T2231] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.710203][ T2231] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.884737][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.909243][ T151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.909265][ T151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.037141][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.095186][ T151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.095210][ T151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.172135][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.207643][ T151] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.237384][ T151] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.239314][ T1117] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.239332][ T1117] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.247761][ T151] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.249880][ T151] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.327746][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.502099][ T151] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.508151][ T151] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.509204][ T151] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.514784][ T151] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.541140][ T72] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.541182][ T72] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.986072][ T2231] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.986094][ T2231] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.456128][ T151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.456151][ T151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.996865][ T72] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.996888][ T72] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.159511][ T5948] trusted_key: encrypted_key: insufficient parameters specified [ 99.258794][ T1120] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.258810][ T1120] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.295957][ T5882] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 99.562535][ T5882] usb 4-1: Using ep0 maxpacket: 8 [ 99.638175][ T5882] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 99.671192][ T5955] ±ÿÿÿÿa–ïD: renamed from lo (while UP) [ 99.679918][ T5882] usb 4-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 99.679939][ T5882] usb 4-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 99.679951][ T5882] usb 4-1: Product: syz [ 99.679959][ T5882] usb 4-1: Manufacturer: syz [ 99.679967][ T5882] usb 4-1: SerialNumber: syz [ 99.794833][ T5900] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 100.045168][ T5900] usb 5-1: Using ep0 maxpacket: 32 [ 100.063220][ T94] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.063241][ T94] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.343991][ T5900] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 100.344063][ T5900] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 100.344154][ T5900] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0 [ 100.344174][ T5900] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88 [ 100.344199][ T5900] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 100.344224][ T5900] usb 5-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4 [ 100.541228][ T5882] usb 4-1: palm_os_3_probe - error -110 getting connection information [ 100.541397][ T5882] visor 4-1:1.0: probe with driver visor failed with error -110 [ 100.594432][ T5900] usb 5-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 100.594453][ T5900] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=7 [ 100.594465][ T5900] usb 5-1: Product: syz [ 100.594473][ T5900] usb 5-1: Manufacturer: syz [ 100.594481][ T5900] usb 5-1: SerialNumber: syz [ 100.817541][ T5961] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'. [ 100.956659][ T5900] usb 5-1: config 0 descriptor?? [ 101.317164][ T5963] process 'syz.1.7' launched './file2' with NULL argv: empty string added [ 101.323791][ T5900] usb 5-1: no audio or video endpoints found [ 101.455178][ T37] audit: type=1326 audit(1777019488.987:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5957 comm="syz.1.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8876a4cdd9 code=0x7ffc0000 [ 101.455232][ T37] audit: type=1326 audit(1777019489.047:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5957 comm="syz.1.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8876a4cdd9 code=0x7ffc0000 [ 101.526875][ T5811] usb 4-1: USB disconnect, device number 2 [ 101.760698][ T5966] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3'. [ 101.760726][ T5966] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3'. [ 101.834500][ T37] audit: type=1326 audit(1777019489.407:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5957 comm="syz.1.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f8876a4cdd9 code=0x7ffc0000 [ 101.834542][ T37] audit: type=1326 audit(1777019489.417:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5957 comm="syz.1.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f8876a4cb42 code=0x7ffc0000 [ 102.518635][ T37] audit: type=1326 audit(1777019490.097:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5957 comm="syz.1.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f8876a4cb42 code=0x7ffc0000 [ 102.588931][ T5975] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 102.625460][ T37] audit: type=1326 audit(1777019490.217:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5957 comm="syz.1.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8876a4cdd9 code=0x7ffc0000 [ 102.625514][ T37] audit: type=1326 audit(1777019490.217:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5957 comm="syz.1.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8876a4cdd9 code=0x7ffc0000 [ 102.884397][ T37] audit: type=1326 audit(1777019490.447:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5957 comm="syz.1.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7f8876a4cdd9 code=0x7ffc0000 [ 102.925614][ T37] audit: type=1326 audit(1777019490.477:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5957 comm="syz.1.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8876a4cdd9 code=0x7ffc0000 [ 102.971527][ T37] audit: type=1326 audit(1777019490.517:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5957 comm="syz.1.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=243 compat=0 ip=0x7f8876a4cdd9 code=0x7ffc0000 [ 103.367371][ T5985] smc: net device bond0 applied user defined pnetid SYZ2 [ 104.270574][ T5990] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11'. [ 104.802058][ T5998] syz.3.13 uses obsolete (PF_INET,SOCK_PACKET) [ 105.182632][ T10] usb 5-1: USB disconnect, device number 2 [ 108.454226][ T5900] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 108.593831][ T5900] usb 3-1: device descriptor read/64, error -71 [ 108.865655][ T5900] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 109.013957][ T5900] usb 3-1: device descriptor read/64, error -71 [ 109.090699][ T6019] syzkaller0: entered promiscuous mode [ 109.090727][ T6019] syzkaller0: entered allmulticast mode [ 109.128714][ T5900] usb usb3-port1: attempt power cycle [ 109.292391][ T5882] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 109.462313][ T5882] usb 4-1: Using ep0 maxpacket: 32 [ 109.500605][ T5882] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 109.500653][ T5882] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 109.500693][ T5882] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 109.500719][ T5882] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 109.500743][ T5882] usb 4-1: config 0 interface 0 has no altsetting 0 [ 109.570525][ T5900] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 109.571048][ T5882] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 109.571074][ T5882] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 109.571094][ T5882] usb 4-1: Product: syz [ 109.571109][ T5882] usb 4-1: Manufacturer: syz [ 109.571123][ T5882] usb 4-1: SerialNumber: syz [ 109.620489][ T5900] usb 3-1: device descriptor read/8, error -71 [ 109.654679][ T5882] usb 4-1: config 0 descriptor?? [ 109.730772][ T5882] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 109.800144][ T5882] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 109.882355][ T5900] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 109.914220][ T5900] usb 3-1: device descriptor read/8, error -71 [ 110.025045][ T5900] usb usb3-port1: unable to enumerate USB device [ 112.075762][ T5912] usb 4-1: USB disconnect, device number 3 [ 112.164834][ T5912] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 112.232383][ T32] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 112.394056][ T32] usb 2-1: Using ep0 maxpacket: 16 [ 112.408864][ T32] usb 2-1: unable to get BOS descriptor or descriptor too short [ 112.421282][ T32] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 511 [ 112.479199][ T32] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 112.479231][ T32] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.479251][ T32] usb 2-1: Product: syz [ 112.479265][ T32] usb 2-1: Manufacturer: syz [ 112.479278][ T32] usb 2-1: SerialNumber: syz [ 113.167160][ T5912] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 113.392409][ T5912] usb 3-1: Using ep0 maxpacket: 16 [ 113.397599][ T5912] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 246, changing to 11 [ 113.397689][ T5912] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 113.397733][ T5912] usb 3-1: New USB device found, idVendor=04d9, idProduct=a067, bcdDevice= 0.00 [ 113.397765][ T5912] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.576064][ T5912] usb 3-1: config 0 descriptor?? [ 117.044240][ T5912] usbhid 3-1:0.0: can't add hid device: -71 [ 117.044448][ T5912] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 117.408940][ T5912] usb 3-1: USB disconnect, device number 6 [ 118.819741][ T32] cdc_ncm 2-1:1.0: bind() failure [ 118.898011][ T32] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 118.898043][ T32] cdc_ncm 2-1:1.1: bind() failure [ 119.253118][ T6075] syzkaller0: entered promiscuous mode [ 119.253147][ T6075] syzkaller0: entered allmulticast mode [ 119.441301][ T9] usb 2-1: USB disconnect, device number 2 [ 119.963401][ T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 120.122760][ T9] usb 2-1: device descriptor read/64, error -71 [ 120.362435][ T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 120.497027][ T9] usb 2-1: device descriptor read/64, error -71 [ 120.603372][ T9] usb usb2-port1: attempt power cycle [ 120.742771][ T10] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 120.892355][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 120.928903][ T10] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 120.928977][ T10] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 120.928999][ T10] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 120.929024][ T10] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 120.929048][ T10] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 120.929090][ T10] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 120.929113][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.774238][ T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 123.080580][ T9] usb 2-1: device descriptor read/8, error -71 [ 123.260508][ T10] usb 3-1: usb_control_msg returned -71 [ 123.260584][ T10] usbtmc 3-1:16.0: can't read capabilities [ 123.689421][ T10] usb 3-1: USB disconnect, device number 7 [ 124.299182][ T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 124.316166][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 124.321064][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 246, changing to 11 [ 124.321096][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 124.321134][ T9] usb 2-1: New USB device found, idVendor=04d9, idProduct=a067, bcdDevice= 0.00 [ 124.321154][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.418358][ T9] usb 2-1: config 0 descriptor?? [ 124.910441][ T6121] netlink: 16 bytes leftover after parsing attributes in process `syz.1.40'. [ 127.240185][ T9] usbhid 2-1:0.0: can't add hid device: -71 [ 127.240311][ T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 128.443801][ T9] usb 2-1: USB disconnect, device number 6 [ 128.625704][ T6055] syz.3.27 (6055): drop_caches: 3 [ 131.574705][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 131.782328][ T9] usb 1-1: device descriptor read/64, error -71 [ 132.022322][ T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 132.175685][ T9] usb 1-1: device descriptor read/64, error -71 [ 132.304252][ T9] usb usb1-port1: attempt power cycle [ 132.334608][ T5824] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 132.386296][ T5824] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 132.391555][ T5824] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 132.408453][ T5824] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 132.411569][ T5824] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 132.661142][ T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 132.905257][ T9] usb 1-1: device descriptor read/8, error -71 [ 133.260635][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.260783][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.321563][ T6167] syzkaller0: entered promiscuous mode [ 133.321590][ T6167] syzkaller0: entered allmulticast mode [ 134.325737][ T215] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.533715][ T5143] Bluetooth: hci5: command tx timeout [ 136.679379][ T5143] Bluetooth: hci5: command tx timeout [ 137.002193][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 137.548646][ T215] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.724468][ T5900] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 137.925949][ T5900] usb 2-1: config 0 has an invalid interface number: 255 but max is 0 [ 137.925968][ T5900] usb 2-1: config 0 has no interface number 0 [ 137.925987][ T5900] usb 2-1: too many endpoints for config 0 interface 255 altsetting 0: 130, using maximum allowed: 30 [ 137.926010][ T5900] usb 2-1: config 0 interface 255 altsetting 0 endpoint 0x81 has an invalid bInterval 252, changing to 11 [ 137.926026][ T5900] usb 2-1: config 0 interface 255 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 130 [ 137.926052][ T5900] usb 2-1: New USB device found, idVendor=045e, idProduct=009d, bcdDevice= 0.00 [ 137.926065][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.059250][ T5900] usb 2-1: config 0 descriptor?? [ 138.659603][ T5900] microsoft 0003:045E:009D.0001: unknown main item tag 0x0 [ 138.659649][ T5900] microsoft 0003:045E:009D.0001: unknown main item tag 0x0 [ 138.659674][ T5900] microsoft 0003:045E:009D.0001: unknown main item tag 0x0 [ 138.659698][ T5900] microsoft 0003:045E:009D.0001: unknown main item tag 0x0 [ 138.659722][ T5900] microsoft 0003:045E:009D.0001: unknown main item tag 0x0 [ 138.659746][ T5900] microsoft 0003:045E:009D.0001: unknown main item tag 0x0 [ 138.659767][ T5900] microsoft 0003:045E:009D.0001: unknown main item tag 0x0 [ 138.659791][ T5900] microsoft 0003:045E:009D.0001: unknown main item tag 0x0 [ 138.659813][ T5900] microsoft 0003:045E:009D.0001: unknown main item tag 0x0 [ 138.659837][ T5900] microsoft 0003:045E:009D.0001: unknown main item tag 0x0 [ 138.694382][ T5143] Bluetooth: hci5: command tx timeout [ 138.870036][ T5900] microsoft 0003:045E:009D.0001: hidraw0: USB HID v6f.fd Device [HID 045e:009d] on usb-dummy_hcd.1-1/input255 [ 138.870073][ T5900] microsoft 0003:045E:009D.0001: no inputs found [ 138.870086][ T5900] microsoft 0003:045E:009D.0001: could not initialize ff, continuing anyway [ 138.935270][ T5900] usb 2-1: USB disconnect, device number 7 [ 139.175973][ T215] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.258873][ T5143] Bluetooth: hci5: command tx timeout [ 141.726661][ T6208] fido_id[6208]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 141.888399][ T215] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.010904][ T6154] chnl_net:caif_netlink_parms(): no params data found [ 144.131531][ T6220] ================================================================== [ 144.131551][ T6220] BUG: KASAN: slab-use-after-free in rt_spin_lock+0x83/0x400 [ 144.131587][ T6220] Read of size 1 at addr ffff88803878f200 by task syz.2.66/6220 [ 144.131604][ T6220] [ 144.131620][ T6220] CPU: 0 UID: 0 PID: 6220 Comm: syz.2.66 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 144.131648][ T6220] Tainted: [L]=SOFTLOCKUP [ 144.131655][ T6220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 144.131667][ T6220] Call Trace: [ 144.131676][ T6220] [ 144.131685][ T6220] dump_stack_lvl+0xe8/0x150 [ 144.131708][ T6220] print_address_description+0x55/0x1e0 [ 144.131730][ T6220] ? rt_spin_lock+0x83/0x400 [ 144.131752][ T6220] print_report+0x58/0x70 [ 144.131772][ T6220] kasan_report+0x117/0x150 [ 144.131803][ T6220] ? rt_spin_lock+0x83/0x400 [ 144.131829][ T6220] ? __wake_up_common_lock+0x2f/0x1e0 [ 144.131854][ T6220] __kasan_check_byte+0x2a/0x40 [ 144.131882][ T6220] lock_acquire+0x84/0x350 [ 144.131914][ T6220] rt_spin_lock+0x83/0x400 [ 144.131936][ T6220] ? __wake_up_common_lock+0x2f/0x1e0 [ 144.131961][ T6220] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 144.131985][ T6220] ? __pfx_rt_spin_lock+0x10/0x10 [ 144.132008][ T6220] ? rt_spin_unlock+0x14f/0x200 [ 144.132033][ T6220] ? rt_spin_unlock+0x160/0x200 [ 144.132057][ T6220] __wake_up_common_lock+0x2f/0x1e0 [ 144.132085][ T6220] snd_pcm_stop+0x428/0x550 [ 144.132109][ T6220] loopback_trigger+0x11ff/0x1cf0 [ 144.132145][ T6220] snd_pcm_start+0x43d/0x5d0 [ 144.132168][ T6220] __snd_pcm_lib_xfer+0x175a/0x1d10 [ 144.132202][ T6220] ? __pfx_interleaved_copy+0x10/0x10 [ 144.132230][ T6220] ? __pfx_default_write_copy+0x10/0x10 [ 144.132260][ T6220] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 144.132290][ T6220] ? __pfx___snd_pcm_lib_xfer+0x10/0x10 [ 144.132316][ T6220] ? rt_mutex_slowunlock+0x1cb/0x300 [ 144.132339][ T6220] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 144.132364][ T6220] ? snd_pcm_oss_write3+0x191/0x300 [ 144.132392][ T6220] snd_pcm_oss_write3+0x1ab/0x300 [ 144.132420][ T6220] snd_pcm_oss_write2+0x2c2/0x440 [ 144.132457][ T6220] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 144.132484][ T6220] ? rt_spin_unlock+0x14f/0x200 [ 144.132508][ T6220] ? rt_spin_unlock+0x160/0x200 [ 144.132533][ T6220] snd_pcm_oss_sync1+0x180/0x520 [ 144.132565][ T6220] ? __pfx_snd_pcm_oss_sync1+0x10/0x10 [ 144.132594][ T6220] ? __pfx_default_wake_function+0x10/0x10 [ 144.132625][ T6220] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 144.132653][ T6220] ? __asan_memset+0x22/0x50 [ 144.132677][ T6220] ? snd_pcm_format_set_silence+0x11c/0x2d0 [ 144.132709][ T6220] snd_pcm_oss_sync+0xab2/0xfc0 [ 144.132740][ T6220] snd_pcm_oss_release+0x102/0x250 [ 144.132767][ T6220] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 144.132794][ T6220] __fput+0x461/0xa70 [ 144.132822][ T6220] task_work_run+0x1d9/0x270 [ 144.132853][ T6220] ? __pfx_task_work_run+0x10/0x10 [ 144.132883][ T6220] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.132905][ T6220] exit_to_user_mode_loop+0xed/0x480 [ 144.132929][ T6220] ? rcu_is_watching+0x15/0xb0 [ 144.132958][ T6220] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.132978][ T6220] do_syscall_64+0x33e/0xf80 [ 144.133008][ T6220] ? clear_bhb_loop+0x40/0x90 [ 144.133031][ T6220] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.133052][ T6220] RIP: 0033:0x7f18ba27cdd9 [ 144.133071][ T6220] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 144.133088][ T6220] RSP: 002b:00007fff1fba2d28 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 144.133113][ T6220] RAX: 0000000000000000 RBX: 00007f18ba4f7da0 RCX: 00007f18ba27cdd9 [ 144.133128][ T6220] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 144.133140][ T6220] RBP: 00007f18ba4f7da0 R08: 0000000000000006 R09: 0000000000000000 [ 144.133154][ T6220] R10: 00007f18ba4f7cb0 R11: 0000000000000246 R12: 0000000000022f4d [ 144.133168][ T6220] R13: 00007f18ba4f609c R14: 0000000000022b12 R15: 00007fff1fba2e30 [ 144.133190][ T6220] [ 144.133198][ T6220] [ 144.133203][ T6220] Allocated by task 6222: [ 144.133213][ T6220] kasan_save_track+0x3e/0x80 [ 144.133237][ T6220] __kasan_kmalloc+0x93/0xb0 [ 144.133262][ T6220] __kmalloc_cache_noprof+0x3a6/0x690 [ 144.133288][ T6220] snd_pcm_attach_substream+0x5b7/0xb20 [ 144.133317][ T6220] snd_pcm_open_substream+0xbd/0x2420 [ 144.133338][ T6220] snd_pcm_oss_open+0xf90/0x1c20 [ 144.133361][ T6220] chrdev_open+0x4d0/0x5f0 [ 144.133378][ T6220] do_dentry_open+0x83d/0x13e0 [ 144.133397][ T6220] vfs_open+0x3b/0x350 [ 144.133416][ T6220] path_openat+0x2e43/0x38a0 [ 144.133449][ T6220] do_file_open+0x23e/0x4a0 [ 144.133474][ T6220] do_sys_openat2+0x113/0x200 [ 144.133494][ T6220] __x64_sys_openat+0x138/0x170 [ 144.133515][ T6220] do_syscall_64+0x15f/0xf80 [ 144.133540][ T6220] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.133558][ T6220] [ 144.133563][ T6220] Freed by task 6222: [ 144.133572][ T6220] kasan_save_track+0x3e/0x80 [ 144.133595][ T6220] kasan_save_free_info+0x46/0x50 [ 144.133614][ T6220] __kasan_slab_free+0x5c/0x80 [ 144.133637][ T6220] kfree+0x1c5/0x6c0 [ 144.133660][ T6220] snd_pcm_detach_substream+0x1c8/0x270 [ 144.133687][ T6220] snd_pcm_oss_release+0x184/0x250 [ 144.133709][ T6220] __fput+0x461/0xa70 [ 144.133729][ T6220] task_work_run+0x1d9/0x270 [ 144.133754][ T6220] exit_to_user_mode_loop+0xed/0x480 [ 144.133776][ T6220] do_syscall_64+0x33e/0xf80 [ 144.133802][ T6220] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.133820][ T6220] [ 144.133824][ T6220] The buggy address belongs to the object at ffff88803878f000 [ 144.133824][ T6220] which belongs to the cache kmalloc-2k of size 2048 [ 144.133841][ T6220] The buggy address is located 512 bytes inside of [ 144.133841][ T6220] freed 2048-byte region [ffff88803878f000, ffff88803878f800) [ 144.133861][ T6220] [ 144.133867][ T6220] The buggy address belongs to the physical page: [ 144.133877][ T6220] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803878b000 pfn:0x38788 [ 144.133897][ T6220] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 144.133913][ T6220] flags: 0x80000000000240(workingset|head|node=0|zone=1) [ 144.133931][ T6220] page_type: f5(slab) [ 144.133950][ T6220] raw: 0080000000000240 ffff88813fe15000 ffffea0000eea610 ffffea0000e1e810 [ 144.133967][ T6220] raw: ffff88803878b000 0000000800080007 00000000f5000000 0000000000000000 [ 144.133985][ T6220] head: 0080000000000240 ffff88813fe15000 ffffea0000eea610 ffffea0000e1e810 [ 144.134002][ T6220] head: ffff88803878b000 0000000800080007 00000000f5000000 0000000000000000 [ 144.134019][ T6220] head: 0080000000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff [ 144.134034][ T6220] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 144.134044][ T6220] page dumped because: kasan: bad access detected [ 144.134054][ T6220] page_owner tracks the page as allocated [ 144.134061][ T6220] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5822, tgid 5822 (syz-executor), ts 86965700223, free_ts 73921620478 [ 144.134097][ T6220] post_alloc_hook+0x231/0x280 [ 144.134122][ T6220] get_page_from_freelist+0x27d6/0x2850 [ 144.134140][ T6220] __alloc_frozen_pages_noprof+0x18d/0x380 [ 144.134157][ T6220] allocate_slab+0x77/0x660 [ 144.134176][ T6220] refill_objects+0x33c/0x3d0 [ 144.134194][ T6220] __pcs_replace_empty_main+0x373/0x720 [ 144.134215][ T6220] __kmalloc_cache_noprof+0x44e/0x690 [ 144.134241][ T6220] rtnl_newlink+0x136/0x1bb0 [ 144.134266][ T6220] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 144.134290][ T6220] netlink_rcv_skb+0x232/0x4b0 [ 144.134316][ T6220] netlink_unicast+0x780/0x920 [ 144.134338][ T6220] netlink_sendmsg+0x813/0xb40 [ 144.134365][ T6220] sock_sendmsg_nosec+0x112/0x150 [ 144.134386][ T6220] __sys_sendto+0x402/0x590 [ 144.134412][ T6220] __x64_sys_sendto+0xde/0x100 [ 144.134436][ T6220] do_syscall_64+0x15f/0xf80 [ 144.134472][ T6220] page last free pid 5740 tgid 5740 stack trace: [ 144.134483][ T6220] __free_frozen_pages+0xf9b/0x10f0 [ 144.134508][ T6220] __slab_free+0x252/0x2a0 [ 144.134533][ T6220] qlist_free_all+0x99/0x100 [ 144.134555][ T6220] kasan_quarantine_reduce+0x148/0x160 [ 144.134579][ T6220] __kasan_slab_alloc+0x22/0x80 [ 144.134604][ T6220] kmem_cache_alloc_noprof+0x33b/0x680 [ 144.134629][ T6220] __anon_vma_prepare+0xcb/0x4a0 [ 144.134654][ T6220] do_pte_missing+0x1d67/0x2950 [ 144.134671][ T6220] handle_mm_fault+0xdb5/0x14c0 [ 144.134695][ T6220] do_user_addr_fault+0xa73/0x1340 [ 144.134715][ T6220] exc_page_fault+0x6a/0xc0 [ 144.134738][ T6220] asm_exc_page_fault+0x26/0x30 [ 144.134756][ T6220] [ 144.134761][ T6220] Memory state around the buggy address: [ 144.134772][ T6220] ffff88803878f100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 144.134785][ T6220] ffff88803878f180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 144.134798][ T6220] >ffff88803878f200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 144.134808][ T6220] ^ [ 144.134819][ T6220] ffff88803878f280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 144.134832][ T6220] ffff88803878f300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 144.134842][ T6220] ================================================================== [ 144.146327][ T6220] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 144.146353][ T6220] CPU: 0 UID: 0 PID: 6220 Comm: syz.2.66 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 144.146383][ T6220] Tainted: [L]=SOFTLOCKUP [ 144.146390][ T6220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 144.146402][ T6220] Call Trace: [ 144.146411][ T6220] [ 144.146419][ T6220] vpanic+0x56c/0xa60 [ 144.146457][ T6220] ? __pfx_vpanic+0x10/0x10 [ 144.146481][ T6220] ? __pfx___schedule+0x10/0x10 [ 144.146511][ T6220] panic+0xc5/0xd0 [ 144.146533][ T6220] ? __pfx_panic+0x10/0x10 [ 144.146557][ T6220] ? preempt_schedule_common+0x82/0xd0 [ 144.146586][ T6220] ? rt_spin_lock+0x83/0x400 [ 144.146608][ T6220] check_panic_on_warn+0x89/0xb0 [ 144.146636][ T6220] ? rt_spin_lock+0x83/0x400 [ 144.146657][ T6220] end_report+0x73/0x170 [ 144.146686][ T6220] ? rt_spin_lock+0x83/0x400 [ 144.146705][ T6220] kasan_report+0x128/0x150 [ 144.146735][ T6220] ? rt_spin_lock+0x83/0x400 [ 144.146760][ T6220] ? __wake_up_common_lock+0x2f/0x1e0 [ 144.146784][ T6220] __kasan_check_byte+0x2a/0x40 [ 144.146813][ T6220] lock_acquire+0x84/0x350 [ 144.146845][ T6220] rt_spin_lock+0x83/0x400 [ 144.146866][ T6220] ? __wake_up_common_lock+0x2f/0x1e0 [ 144.146891][ T6220] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 144.146915][ T6220] ? __pfx_rt_spin_lock+0x10/0x10 [ 144.146938][ T6220] ? rt_spin_unlock+0x14f/0x200 [ 144.146963][ T6220] ? rt_spin_unlock+0x160/0x200 [ 144.146988][ T6220] __wake_up_common_lock+0x2f/0x1e0 [ 144.147015][ T6220] snd_pcm_stop+0x428/0x550 [ 144.147040][ T6220] loopback_trigger+0x11ff/0x1cf0 [ 144.147074][ T6220] snd_pcm_start+0x43d/0x5d0 [ 144.147098][ T6220] __snd_pcm_lib_xfer+0x175a/0x1d10 [ 144.147131][ T6220] ? __pfx_interleaved_copy+0x10/0x10 [ 144.147160][ T6220] ? __pfx_default_write_copy+0x10/0x10 [ 144.147190][ T6220] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 144.147221][ T6220] ? __pfx___snd_pcm_lib_xfer+0x10/0x10 [ 144.147247][ T6220] ? rt_mutex_slowunlock+0x1cb/0x300 [ 144.147271][ T6220] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 144.147297][ T6220] ? snd_pcm_oss_write3+0x191/0x300 [ 144.147326][ T6220] snd_pcm_oss_write3+0x1ab/0x300 [ 144.147354][ T6220] snd_pcm_oss_write2+0x2c2/0x440 [ 144.147383][ T6220] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 144.147409][ T6220] ? rt_spin_unlock+0x14f/0x200 [ 144.147434][ T6220] ? rt_spin_unlock+0x160/0x200 [ 144.147465][ T6220] snd_pcm_oss_sync1+0x180/0x520 [ 144.147497][ T6220] ? __pfx_snd_pcm_oss_sync1+0x10/0x10 [ 144.147526][ T6220] ? __pfx_default_wake_function+0x10/0x10 [ 144.147556][ T6220] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 144.147586][ T6220] ? __asan_memset+0x22/0x50 [ 144.147609][ T6220] ? snd_pcm_format_set_silence+0x11c/0x2d0 [ 144.147642][ T6220] snd_pcm_oss_sync+0xab2/0xfc0 [ 144.147673][ T6220] snd_pcm_oss_release+0x102/0x250 [ 144.147699][ T6220] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 144.147725][ T6220] __fput+0x461/0xa70 [ 144.147754][ T6220] task_work_run+0x1d9/0x270 [ 144.147789][ T6220] ? __pfx_task_work_run+0x10/0x10 [ 144.147820][ T6220] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.147842][ T6220] exit_to_user_mode_loop+0xed/0x480 [ 144.147867][ T6220] ? rcu_is_watching+0x15/0xb0 [ 144.147896][ T6220] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.147917][ T6220] do_syscall_64+0x33e/0xf80 [ 144.147947][ T6220] ? clear_bhb_loop+0x40/0x90 [ 144.147970][ T6220] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.147990][ T6220] RIP: 0033:0x7f18ba27cdd9 [ 144.148009][ T6220] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 144.148027][ T6220] RSP: 002b:00007fff1fba2d28 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 144.148051][ T6220] RAX: 0000000000000000 RBX: 00007f18ba4f7da0 RCX: 00007f18ba27cdd9 [ 144.148066][ T6220] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 144.148079][ T6220] RBP: 00007f18ba4f7da0 R08: 0000000000000006 R09: 0000000000000000 [ 144.148092][ T6220] R10: 00007f18ba4f7cb0 R11: 0000000000000246 R12: 0000000000022f4d [ 144.148106][ T6220] R13: 00007f18ba4f609c R14: 0000000000022b12 R15: 00007fff1fba2e30 [ 144.148128][ T6220] [ 144.148947][ T6220] Kernel Offset: disabled