last executing test programs: 36.798474053s ago: executing program 0 (id=1): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x109042, 0x108) sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc) syz_open_dev$ptys(0xc, 0x3, 0x1) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @empty, 0x9}}, 0x1, 0xff, 0x0, 0x1, 0x8a, 0x9}, 0x9c) bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r5, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) ioctl$USBDEVFS_BULK(r6, 0xc0185502, 0x0) write$cgroup_pid(r2, 0x0, 0x0) ioctl$MON_IOCH_MFLUSH(0xffffffffffffffff, 0x9208, 0xa3b) 31.853722915s ago: executing program 0 (id=7): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c0007800c00018008000140ac1414220c00028008000140"], 0x44}, 0x1, 0x0, 0x0, 0x30040043}, 0x240008c4) 26.159445052s ago: executing program 0 (id=9): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000280), 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) openat2(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x1614c0, 0x110, 0x10}, 0x18) 25.965696372s ago: executing program 2 (id=3): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000040)=0x7fffffff, 0x4) sendto$inet6(r0, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000b00)="4435c61b", 0x4, 0x850, 0x0, 0x0) 19.544698814s ago: executing program 0 (id=10): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000000)={0x2, 0x3, 0xb01, 0x0, 0x0, 0x0, 0x0}) 17.251919663s ago: executing program 3 (id=4): r0 = syz_usb_connect$cdc_ncm(0x2, 0x76, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902640002010000000904010001020d0000052406000105240000000d240f0100000000000000000006241a"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 16.533979854s ago: executing program 2 (id=12): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, [@call={0x85, 0x0, 0x0, 0x50}]}, &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) socket(0x2, 0x80805, 0x0) socket(0x2, 0x80805, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_9p2000}]}}) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="150000006bffff", @ANYRES16=r1, @ANYRESHEX=r2], 0x15) 15.853798888s ago: executing program 2 (id=14): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) connect$unix(0xffffffffffffffff, 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) r1 = socket$inet6(0xa, 0x1, 0x6) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000040)={{{@in=@loopback, @in=@broadcast, 0x4e22, 0x0, 0x4, 0x8, 0x2}, {}, {0x0, 0x0, 0x0, 0x200000000000000}, 0x0, 0x0, 0x1}, {{@in=@empty, 0xfffffffb, 0x32}, 0x2, @in=@local, 0xfffffffd, 0x4, 0x0, 0x0, 0x3, 0xfffffffd}}, 0xe8) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) 15.798817987s ago: executing program 4 (id=5): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xa4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000002140)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000800)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9ef104c95e999766bbf27d74ad5d8fa6", 0x87}], 0x1}}], 0x1, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000000b00)=""/4096, 0x1000, 0x1, 0x0}, &(0x7f0000000180)=0x40) sendto$inet(r0, &(0x7f0000000580)="04", 0x2bc, 0x10008095, 0x0, 0x0) 15.647866259s ago: executing program 1 (id=15): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000300)=@newsa={0x154, 0x10, 0x633, 0x0, 0x0, {{@in6=@private0, @in=@broadcast, 0xffff, 0x4000, 0x0, 0x8001, 0x0, 0x20}, {@in=@dev, 0x0, 0x32}, @in6=@dev={0xfe, 0x80, '\x00', 0xb}, {0x323}, {}, {}, 0x70bd29, 0x0, 0xa, 0x1, 0x0, 0x21}, [@algo_crypt={0x48, 0x2, {{'pcbc(fcrypt)\x00'}}}, @encap={0x1c, 0x20, {0x0, 0x4e1e, 0x0, @in6=@private2}}]}, 0x154}}, 0x0) 15.227016257s ago: executing program 2 (id=16): openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) 15.179602416s ago: executing program 1 (id=17): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380000000408010100000000000000000a00000a05000300880000000900010073797a3100000000060002"], 0x38}}, 0x20000000) 14.953663334s ago: executing program 4 (id=18): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = epoll_create(0x6) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)={0x1}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='fdinfo/4\x00') read$FUSE(r2, &(0x7f0000000700)={0x2020}, 0x2020) 13.456055087s ago: executing program 1 (id=19): setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="11002bbd7000fedbdf251b000000100002800600018008000100080000001800018014000200776c616e30"], 0x3c}}, 0x4000) 12.749469668s ago: executing program 3 (id=20): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 12.561617697s ago: executing program 4 (id=21): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000e00)={0x0, 0xffffff0a}, 0x8) 11.904685814s ago: executing program 1 (id=22): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) prlimit64(r0, 0xc, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_freezer_state(r4, &(0x7f0000000140), 0x2, 0x0) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) write$cgroup_freezer_state(r5, &(0x7f0000000040)='FROZEN\x00', 0x7) 10.573023454s ago: executing program 4 (id=23): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000006300)={0x0, 0x0, &(0x7f00000062c0)={&(0x7f0000000580)=@allocspi={0x1b8, 0x16, 0x1, 0x70bd2a, 0x25dfdbfe, {{{@in6=@mcast1, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e22, 0xa, 0x4e31, 0x0, 0x2, 0x0, 0x0, 0x2c}, {@in=@rand_addr=0x64010100, 0x4d5, 0x32}, @in6=@dev={0xfe, 0x80, '\x00', 0x1e}, {0x200000000000400, 0x4, 0x1c8e00, 0x200, 0x4, 0x5d728b93, 0x7ff, 0xa}, {0x1, 0xe, 0x8000000000000001, 0x7fffffff}, {0xfffffffe, 0x9, 0xfffffffb}, 0x70bd2d, 0x3507, 0x2, 0x0, 0x9, 0xaa}, 0x2, 0x7}, [@coaddr={0x14, 0xe, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @policy={0xac, 0x7, {{@in6=@private2, @in=@remote, 0x4e22, 0x4, 0x4e24, 0x0, 0xa, 0x0, 0x80, 0x1e}, {0xfff, 0xffffffff, 0x9, 0x2, 0x6, 0xb, 0x70, 0x5}, {0xf, 0x4, 0x7, 0x1}, 0x0, 0x6e6bbe, 0x2, 0x0, 0x1}}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x4000080}, 0x0) 10.073640926s ago: executing program 2 (id=24): creat(0x0, 0x28) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x200}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) landlock_restrict_self(0xffffffffffffffff, 0x0) landlock_create_ruleset(0x0, 0x0, 0x0) 1.395645088s ago: executing program 32 (id=10): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000000)={0x2, 0x3, 0xb01, 0x0, 0x0, 0x0, 0x0}) 1.351818153s ago: executing program 1 (id=26): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x2, 0x0) r1 = epoll_create1(0x0) ppoll(&(0x7f0000000080)=[{r1, 0x2df9}], 0x1, 0x0, 0x0, 0xfffffffffffffed8) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) 1.22039912s ago: executing program 3 (id=27): sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r0 = socket$inet6(0xa, 0x3, 0x3c) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x5000, 0x80000001, @remote, 0x7}, 0x1c) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1) 985.029393ms ago: executing program 4 (id=28): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x8080, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000080)=0xbc0) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)) r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x9) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) 489.095222ms ago: executing program 3 (id=29): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) syz_emit_ethernet(0x13, &(0x7f0000000080)={@empty, @random='\x00\x00\x00\x00C7', @val={@void, {0x8100, 0x0, 0x0, 0x2}}, {@generic={0x88f5, "1f"}}}, 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) chdir(&(0x7f00000001c0)='./bus\x00') rmdir(&(0x7f0000000380)='./file0/../file0\x00') 372.122518ms ago: executing program 4 (id=30): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_IOVA_RANGES(r0, 0x3b84, &(0x7f0000000100)={0x20, r1, 0x2, 0x0, &(0x7f0000000140)=[{}, {}]}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000200)={0x28, 0x7, r1, 0x0, &(0x7f0000000240)='LLLLLLLLLLLLLLLLLLLLLLLLL', 0x19, 0x1c}) ioctl$IOMMU_IOAS_UNMAP(r0, 0x3b86, 0x0) ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f00000003c0)={0x18, r1}) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, 0x0) ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, 0x0) ioctl$IOMMU_DESTROY$ioas(r0, 0x3b80, 0x0) ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, 0x0) ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(r0, 0x3b87, &(0x7f00000005c0)={0x18, 0x0, 0x1}) ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r0, 0x3b87, 0x0) ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f0000000640)={0x20, r1, 0x0, 0x0, &(0x7f0000000680)}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r1, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000007c0)={0x28, 0x7, r1, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1004000}) ioctl$IOMMU_IOAS_UNMAP(r0, 0x3b86, 0x0) ioctl$IOMMU_DESTROY$stdev(r0, 0x3b80, &(0x7f0000000940)={0x8, r2}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, r1, 0x0, 0x0, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r0, 0x3ba0, &(0x7f0000000a40)={0x48, 0x7, r3, 0x0, 0x0, 0x0, 0x0, 0x1000}) ioctl$IOMMU_TEST_OP_ACCESS_RW(r0, 0x3ba0, &(0x7f0000000ac0)={0x48, 0x8, r3, 0x0, 0x0, 0xd, &(0x7f0000000b40)='LLLLLLLLLLLLL'}) ioctl$IOMMU_TEST_OP_SET_TEMP_MEMORY_LIMIT(r0, 0x3ba0, &(0x7f0000000c80)={0x48, 0x9, 0x0, 0x0, 0x10}) 34.068867ms ago: executing program 1 (id=31): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000001180)={0xffffffffffffffff}, 0x111, 0x1}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f0000000000)={0x14, 0x88, 0xfa00, {r1, 0x10, 0x0, @in={0x2, 0x4e24, @empty}}}, 0x90) 0s ago: executing program 2 (id=32): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000940)=ANY=[@ANYBLOB], 0x9c}}, 0x0) socket$packet(0x11, 0x2, 0x300) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r4, &(0x7f0000000280)={0x2020}, 0x2020) r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r4, 0x80189439, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f0000002340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1b000000000000"], 0x50) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_HEADER(r6, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.242' (ED25519) to the list of known hosts. [ 162.231794][ T5771] cgroup: Unknown subsys name 'net' [ 162.360815][ T5771] cgroup: Unknown subsys name 'cpuset' [ 162.377404][ T5771] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 163.068915][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 163.075648][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 167.953437][ T5771] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 173.066994][ T5091] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 173.082635][ T5797] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 173.091976][ T5797] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 173.100642][ T5797] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 173.110122][ T5797] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 173.120485][ T5797] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 173.134890][ T5797] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 173.146076][ T5797] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 173.167259][ T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 173.182584][ T5793] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 173.213290][ T5799] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 173.250277][ T5091] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 173.259530][ T5091] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 173.282758][ T5091] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 173.302592][ T5797] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 173.312384][ T5797] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 173.313017][ T5091] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 173.321439][ T5797] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 173.340167][ T5797] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 173.359792][ T5797] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 173.416164][ T5799] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 173.425662][ T5799] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 173.435970][ T5799] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 173.448643][ T5799] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 173.460678][ T5799] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 174.644695][ T5791] chnl_net:caif_netlink_parms(): no params data found [ 174.733835][ T5796] chnl_net:caif_netlink_parms(): no params data found [ 174.804399][ T5794] chnl_net:caif_netlink_parms(): no params data found [ 175.174073][ T5801] chnl_net:caif_netlink_parms(): no params data found [ 175.215653][ T5799] Bluetooth: hci0: command tx timeout [ 175.221309][ T5797] Bluetooth: hci1: command tx timeout [ 175.374313][ T5797] Bluetooth: hci2: command tx timeout [ 175.461916][ T5797] Bluetooth: hci3: command tx timeout [ 175.534066][ T5797] Bluetooth: hci4: command tx timeout [ 175.576010][ T5802] chnl_net:caif_netlink_parms(): no params data found [ 175.705495][ T5791] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.713518][ T5791] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.723364][ T5791] bridge_slave_0: entered allmulticast mode [ 175.733062][ T5791] bridge_slave_0: entered promiscuous mode [ 175.840744][ T5791] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.848632][ T5791] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.857374][ T5791] bridge_slave_1: entered allmulticast mode [ 175.865933][ T5791] bridge_slave_1: entered promiscuous mode [ 175.876392][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.884020][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.891957][ T5796] bridge_slave_0: entered allmulticast mode [ 175.900440][ T5796] bridge_slave_0: entered promiscuous mode [ 175.945282][ T5794] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.953053][ T5794] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.971963][ T5794] bridge_slave_0: entered allmulticast mode [ 175.981268][ T5794] bridge_slave_0: entered promiscuous mode [ 176.039872][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.047682][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.056650][ T5796] bridge_slave_1: entered allmulticast mode [ 176.066142][ T5796] bridge_slave_1: entered promiscuous mode [ 176.077811][ T5794] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.085452][ T5794] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.095717][ T5794] bridge_slave_1: entered allmulticast mode [ 176.106582][ T5794] bridge_slave_1: entered promiscuous mode [ 176.306828][ T5791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 176.316667][ T5801] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.324403][ T5801] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.333434][ T5801] bridge_slave_0: entered allmulticast mode [ 176.341456][ T5801] bridge_slave_0: entered promiscuous mode [ 176.408410][ T5791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 176.418668][ T5801] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.426769][ T5801] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.434932][ T5801] bridge_slave_1: entered allmulticast mode [ 176.443467][ T5801] bridge_slave_1: entered promiscuous mode [ 176.484217][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 176.505196][ T5794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 176.588379][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 176.605286][ T5794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 176.660361][ T5802] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.668143][ T5802] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.676276][ T5802] bridge_slave_0: entered allmulticast mode [ 176.684696][ T5802] bridge_slave_0: entered promiscuous mode [ 176.747076][ T5791] team0: Port device team_slave_0 added [ 176.760737][ T5801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 176.771440][ T5802] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.779210][ T5802] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.787482][ T5802] bridge_slave_1: entered allmulticast mode [ 176.795843][ T5802] bridge_slave_1: entered promiscuous mode [ 176.901113][ T5791] team0: Port device team_slave_1 added [ 176.915497][ T5801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 176.956027][ T5796] team0: Port device team_slave_0 added [ 176.969067][ T5794] team0: Port device team_slave_0 added [ 177.048765][ T5796] team0: Port device team_slave_1 added [ 177.064551][ T5802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 177.081367][ T5794] team0: Port device team_slave_1 added [ 177.158700][ T5802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 177.192964][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 177.200084][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 177.226520][ T5791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 177.245829][ T5801] team0: Port device team_slave_0 added [ 177.292143][ T5797] Bluetooth: hci1: command tx timeout [ 177.292182][ T5799] Bluetooth: hci0: command tx timeout [ 177.330887][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 177.338058][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 177.364401][ T5791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 177.384011][ T5801] team0: Port device team_slave_1 added [ 177.392534][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 177.399583][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 177.425760][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 177.461248][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 177.461962][ T5797] Bluetooth: hci2: command tx timeout [ 177.468545][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 177.500113][ T5794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 177.531942][ T5797] Bluetooth: hci3: command tx timeout [ 177.556040][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 177.563338][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 177.589619][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 177.607970][ T5802] team0: Port device team_slave_0 added [ 177.613875][ T5797] Bluetooth: hci4: command tx timeout [ 177.616121][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 177.626885][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 177.653128][ T5794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 177.730160][ T5802] team0: Port device team_slave_1 added [ 177.757755][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 177.764965][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 177.791586][ T5801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 177.808198][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 177.815466][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 177.842138][ T5801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 177.951879][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 177.958994][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 177.985965][ T5802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 178.069724][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 178.077318][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 178.103589][ T5802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 178.128340][ T5791] hsr_slave_0: entered promiscuous mode [ 178.137170][ T5791] hsr_slave_1: entered promiscuous mode [ 178.209894][ T5794] hsr_slave_0: entered promiscuous mode [ 178.219354][ T5794] hsr_slave_1: entered promiscuous mode [ 178.227684][ T5794] debugfs: 'hsr0' already exists in 'hsr' [ 178.233772][ T5794] Cannot create hsr debugfs directory [ 178.273776][ T5796] hsr_slave_0: entered promiscuous mode [ 178.282526][ T5796] hsr_slave_1: entered promiscuous mode [ 178.290069][ T5796] debugfs: 'hsr0' already exists in 'hsr' [ 178.296176][ T5796] Cannot create hsr debugfs directory [ 178.374564][ T5801] hsr_slave_0: entered promiscuous mode [ 178.384241][ T5801] hsr_slave_1: entered promiscuous mode [ 178.393078][ T5801] debugfs: 'hsr0' already exists in 'hsr' [ 178.398986][ T5801] Cannot create hsr debugfs directory [ 178.780970][ T5802] hsr_slave_0: entered promiscuous mode [ 178.789580][ T5802] hsr_slave_1: entered promiscuous mode [ 178.798441][ T5802] debugfs: 'hsr0' already exists in 'hsr' [ 178.804519][ T5802] Cannot create hsr debugfs directory [ 179.372015][ T5797] Bluetooth: hci0: command tx timeout [ 179.372058][ T5799] Bluetooth: hci1: command tx timeout [ 179.531827][ T5797] Bluetooth: hci2: command tx timeout [ 179.611834][ T5797] Bluetooth: hci3: command tx timeout [ 179.693133][ T5797] Bluetooth: hci4: command tx timeout [ 179.855720][ T5791] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 179.885437][ T5791] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 179.908415][ T5791] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 179.927362][ T5791] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 180.059543][ T5794] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 180.094326][ T5794] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 180.116130][ T5794] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 180.152676][ T5794] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 180.308563][ T5796] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 180.344171][ T5796] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 180.367259][ T5796] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 180.409070][ T5796] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 180.650506][ T5801] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 180.713212][ T5801] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 180.743790][ T5801] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 180.768443][ T5801] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 180.931476][ T5802] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 180.959887][ T5802] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 180.990934][ T5802] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 181.034473][ T5802] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 181.264503][ T5791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.394912][ T5794] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.453475][ T5797] Bluetooth: hci0: command tx timeout [ 181.459189][ T5799] Bluetooth: hci1: command tx timeout [ 181.498309][ T5791] 8021q: adding VLAN 0 to HW filter on device team0 [ 181.576982][ T5794] 8021q: adding VLAN 0 to HW filter on device team0 [ 181.612973][ T5797] Bluetooth: hci2: command tx timeout [ 181.637062][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.654606][ T3002] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.662190][ T3002] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.678218][ T3002] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.685664][ T3002] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.694452][ T5797] Bluetooth: hci3: command tx timeout [ 181.701257][ T3002] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.708662][ T3002] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.771960][ T5797] Bluetooth: hci4: command tx timeout [ 181.779796][ T3002] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.787491][ T3002] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.935662][ T5796] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.155753][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.163229][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.209936][ T5801] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.262657][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.270080][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.297271][ T5802] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.456246][ T5801] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.491274][ T5802] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.571519][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.579099][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.666211][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.673758][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.731051][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.738841][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.775012][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.782621][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.397253][ T5791] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.909340][ T5794] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 184.163760][ T5791] veth0_vlan: entered promiscuous mode [ 184.356958][ T5791] veth1_vlan: entered promiscuous mode [ 184.452596][ T5794] veth0_vlan: entered promiscuous mode [ 184.530998][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 184.579007][ T5794] veth1_vlan: entered promiscuous mode [ 184.671175][ T5802] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 184.694307][ T5801] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 184.759341][ T5791] veth0_macvtap: entered promiscuous mode [ 184.818905][ T5791] veth1_macvtap: entered promiscuous mode [ 185.058568][ T5794] veth0_macvtap: entered promiscuous mode [ 185.139905][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 185.193259][ T5796] veth0_vlan: entered promiscuous mode [ 185.217768][ T5794] veth1_macvtap: entered promiscuous mode [ 185.270274][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 185.355002][ T5802] veth0_vlan: entered promiscuous mode [ 185.367374][ T2988] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.401359][ T2988] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.416261][ T2988] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.443668][ T5796] veth1_vlan: entered promiscuous mode [ 185.471517][ T2988] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.510014][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 185.530867][ T5802] veth1_vlan: entered promiscuous mode [ 185.663600][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 185.739720][ T54] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.784584][ T54] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.819620][ T54] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.873584][ T1150] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.978373][ T5796] veth0_macvtap: entered promiscuous mode [ 186.023782][ T5802] veth0_macvtap: entered promiscuous mode [ 186.095831][ T5796] veth1_macvtap: entered promiscuous mode [ 186.137852][ T5802] veth1_macvtap: entered promiscuous mode [ 186.394700][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 186.405175][ T5801] veth0_vlan: entered promiscuous mode [ 186.439196][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 186.480580][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 186.543084][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 186.598961][ T54] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.632844][ T5801] veth1_vlan: entered promiscuous mode [ 186.682490][ T54] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.746128][ T54] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.800460][ T54] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.856327][ T54] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.906753][ T54] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.953250][ T54] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.984724][ T54] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.073263][ T5801] veth0_macvtap: entered promiscuous mode [ 187.136828][ T5801] veth1_macvtap: entered promiscuous mode [ 187.336761][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 187.453449][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 187.553005][ T3002] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.604115][ T3002] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.654222][ T3002] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.733783][ T3002] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.575956][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.584669][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.819763][ T3002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.828781][ T3002] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 191.288338][ T5791] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 191.365183][ T2988] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 191.373736][ T2988] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 191.681611][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 191.689699][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 192.734066][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 192.932845][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 193.341814][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 193.372913][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 193.938117][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 193.957798][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 194.676494][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 194.813075][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 195.157127][ T3002] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 195.165134][ T3002] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 195.185762][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 195.189663][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 202.372196][ T1006] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.380224][ T1006] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.636329][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.644421][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.001158][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.009481][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 211.732651][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 211.740764][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 212.783966][ T1006] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 212.792749][ T1006] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 212.812088][ T31] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 213.009736][ T31] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 213.020339][ T31] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 213.029765][ T31] usb 4-1: config 1 has no interface number 0 [ 213.043806][ T6004] 9pnet: p9_errstr2errno: server reported unknown error 0x000000 [ 213.060729][ T31] usb 4-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 213.086685][ T31] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 213.096417][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.108259][ T31] usb 4-1: Product: syz [ 213.113755][ T31] usb 4-1: Manufacturer: syz [ 213.118540][ T31] usb 4-1: SerialNumber: syz [ 213.237753][ T31] usb 4-1: selecting invalid altsetting 1 [ 213.583352][ T6011] netlink: 'syz.1.15': attribute type 32 has an invalid length. [ 213.761250][ T31] cdc_ncm 4-1:1.1: failed GET_NTB_PARAMETERS [ 213.768156][ T31] cdc_ncm 4-1:1.1: bind() failure [ 213.932762][ T31] usb 4-1: USB disconnect, device number 2 [ 214.089366][ T6017] netlink: 8 bytes leftover after parsing attributes in process `syz.1.17'. [ 216.297948][ T6024] netlink: 'syz.1.19': attribute type 1 has an invalid length. [ 220.345254][ T6031] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 224.909668][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 224.916432][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 229.039024][ T6050] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 229.150431][ T6050] ===================================================== [ 229.158185][ T6050] BUG: KMSAN: uninit-value in pfn_reader_next+0x1d5a/0x3e50 [ 229.165863][ T6050] pfn_reader_next+0x1d5a/0x3e50 [ 229.170985][ T6050] pfn_reader_first+0xbcf/0xee0 [ 229.176232][ T6050] iopt_area_fill_domain+0x19b/0xc80 [ 229.185223][ T6050] iopt_table_add_domain+0xe15/0x1c00 [ 229.190768][ T6050] iommufd_hwpt_paging_alloc+0xd2b/0xea0 [ 229.197766][ T6050] iommufd_device_change_pt+0xe22/0x1920 [ 229.203772][ T6050] iommufd_device_attach+0x4a/0x170 [ 229.209157][ T6050] iommufd_test+0x5fd8/0xbc60 [ 229.214386][ T6050] iommufd_fops_ioctl+0x82a/0x9e0 [ 229.219585][ T6050] __se_sys_ioctl+0x23c/0x400 [ 229.224682][ T6050] __x64_sys_ioctl+0x97/0xe0 [ 229.229432][ T6050] x64_sys_call+0x18a7/0x3e70 [ 229.234453][ T6050] do_syscall_64+0xc9/0xf80 [ 229.239227][ T6050] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.245482][ T6050] [ 229.247870][ T6050] Local variable pfns created at: [ 229.253118][ T6050] iopt_area_fill_domain+0x44/0xc80 [ 229.258500][ T6050] iopt_table_add_domain+0xe15/0x1c00 [ 229.264165][ T6050] [ 229.266595][ T6050] CPU: 1 UID: 0 PID: 6050 Comm: syz.4.30 Not tainted syzkaller #0 PREEMPT(voluntary) [ 229.276452][ T6050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 229.290195][ T6050] ===================================================== [ 229.298342][ T6050] Disabling lock debugging due to kernel taint [ 229.304722][ T6050] Kernel panic - not syncing: kmsan.panic set ... [ 229.311258][ T6050] CPU: 1 UID: 0 PID: 6050 Comm: syz.4.30 Tainted: G B syzkaller #0 PREEMPT(voluntary) [ 229.322548][ T6050] Tainted: [B]=BAD_PAGE [ 229.326786][ T6050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 229.336965][ T6050] Call Trace: [ 229.340328][ T6050] [ 229.343336][ T6050] __dump_stack+0x26/0x30 [ 229.347836][ T6050] dump_stack_lvl+0x50/0x1c0 [ 229.352770][ T6050] ? dump_stack+0x12/0x25 [ 229.357275][ T6050] dump_stack+0x1e/0x25 [ 229.361579][ T6050] vpanic+0x435/0xd40 [ 229.365746][ T6050] panic+0x15d/0x160 [ 229.369879][ T6050] kmsan_report+0x31a/0x320 [ 229.374576][ T6050] ? __msan_warning+0x1b/0x30 [ 229.379439][ T6050] ? pfn_reader_next+0x1d5a/0x3e50 [ 229.384738][ T6050] ? pfn_reader_first+0xbcf/0xee0 [ 229.390190][ T6050] ? iopt_area_fill_domain+0x19b/0xc80 [ 229.395823][ T6050] ? iopt_table_add_domain+0xe15/0x1c00 [ 229.401528][ T6050] ? iommufd_hwpt_paging_alloc+0xd2b/0xea0 [ 229.407528][ T6050] ? iommufd_device_change_pt+0xe22/0x1920 [ 229.413597][ T6050] ? iommufd_device_attach+0x4a/0x170 [ 229.419151][ T6050] ? iommufd_test+0x5fd8/0xbc60 [ 229.424143][ T6050] ? iommufd_fops_ioctl+0x82a/0x9e0 [ 229.429591][ T6050] ? __se_sys_ioctl+0x23c/0x400 [ 229.434615][ T6050] ? __x64_sys_ioctl+0x97/0xe0 [ 229.439557][ T6050] ? x64_sys_call+0x18a7/0x3e70 [ 229.444590][ T6050] ? do_syscall_64+0xc9/0xf80 [ 229.449444][ T6050] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.455680][ T6050] ? kmsan_get_metadata+0xf1/0x160 [ 229.461000][ T6050] ? kmsan_get_metadata+0xf1/0x160 [ 229.466409][ T6050] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 229.472443][ T6050] ? pfn_reader_user_pin+0x1dac/0x20b0 [ 229.478103][ T6050] ? iopt_area_fill_domain+0x19b/0xc80 [ 229.483756][ T6050] ? iopt_table_add_domain+0xe15/0x1c00 [ 229.489453][ T6050] ? iommufd_hwpt_paging_alloc+0xd2b/0xea0 [ 229.495472][ T6050] ? iommufd_device_change_pt+0xe22/0x1920 [ 229.501481][ T6050] ? iommufd_device_attach+0x4a/0x170 [ 229.507023][ T6050] ? iommufd_test+0x5fd8/0xbc60 [ 229.512041][ T6050] ? kmsan_get_metadata+0xf1/0x160 [ 229.517373][ T6050] __msan_warning+0x1b/0x30 [ 229.522144][ T6050] pfn_reader_next+0x1d5a/0x3e50 [ 229.527273][ T6050] ? kmsan_get_metadata+0xf1/0x160 [ 229.532575][ T6050] ? kmsan_get_metadata+0xf1/0x160 [ 229.537936][ T6050] ? kmsan_get_metadata+0xf1/0x160 [ 229.543273][ T6050] pfn_reader_first+0xbcf/0xee0 [ 229.548331][ T6050] iopt_area_fill_domain+0x19b/0xc80 [ 229.553854][ T6050] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 229.560404][ T6050] iopt_table_add_domain+0xe15/0x1c00 [ 229.565987][ T6050] iommufd_hwpt_paging_alloc+0xd2b/0xea0 [ 229.571849][ T6050] iommufd_device_change_pt+0xe22/0x1920 [ 229.577702][ T6050] ? __pfx_iommufd_device_do_attach+0x10/0x10 [ 229.583990][ T6050] iommufd_device_attach+0x4a/0x170 [ 229.589467][ T6050] iommufd_test+0x5fd8/0xbc60 [ 229.594310][ T6050] ? should_fail_ex+0x45/0x8a0 [ 229.599248][ T6050] ? stack_depot_save_flags+0x35/0x790 [ 229.604880][ T6050] ? kmsan_get_metadata+0xf1/0x160 [ 229.610209][ T6050] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 229.616201][ T6050] ? __pfx_iommufd_test+0x10/0x10 [ 229.621447][ T6050] ? __pfx_iommufd_test+0x10/0x10 [ 229.626590][ T6050] iommufd_fops_ioctl+0x82a/0x9e0 [ 229.631837][ T6050] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 229.637548][ T6050] __se_sys_ioctl+0x23c/0x400 [ 229.642396][ T6050] __x64_sys_ioctl+0x97/0xe0 [ 229.647147][ T6050] x64_sys_call+0x18a7/0x3e70 [ 229.651985][ T6050] do_syscall_64+0xc9/0xf80 [ 229.656646][ T6050] ? clear_bhb_loop+0x40/0x90 [ 229.661464][ T6050] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.667513][ T6050] RIP: 0033:0x7f28b599acb9 [ 229.672047][ T6050] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 229.691808][ T6050] RSP: 002b:00007f28b68f0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 229.700380][ T6050] RAX: ffffffffffffffda RBX: 00007f28b5c15fa0 RCX: 00007f28b599acb9 [ 229.708464][ T6050] RDX: 0000200000000740 RSI: 0000000000003ba0 RDI: 0000000000000003 [ 229.716640][ T6050] RBP: 00007f28b5a08bf7 R08: 0000000000000000 R09: 0000000000000000 [ 229.724708][ T6050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 229.732770][ T6050] R13: 00007f28b5c16038 R14: 00007f28b5c15fa0 R15: 00007fffe8cfdf78 [ 229.740884][ T6050] [ 229.744406][ T6050] Kernel Offset: disabled [ 229.748865][ T6050] Rebooting in 86400 seconds..