last executing test programs: 1.681737863s ago: executing program 0 (id=1): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) syz_open_dev$evdev(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) time(0xfffffffffffffffc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00'}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)) r4 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000001900)=ANY=[@ANYBLOB="61106800000000006113740000000000bfa00000000000000700000008ffffffd503010017740040950000000000000069163a0000000000bf67000000000000350607000fff07201706000020190000160300000ee60060bf050000000000007b650000000000006507f9ff01000000070700004d83dde4c375000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f17540faf80250aa20c669a5e12814cb1cea5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369226066812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20ceddf4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f6746a9709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c1d926a0f6a5480a55c22fe3a5ac00000000000000000000000500002000000000fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e14d90deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b06ff7f0000000000007f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a1f37302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089e0b1c23c0f3cdad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a1a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631d22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4c6ea9604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a09d8be0fc5beecf153236c19740be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead000000000000000000000000000000000000000000000000001386866b311bd144bc32e059658c9f8342c90c1ade31b78072841b8b5a943d62a44cea6b050c42e3c205fad6a23fb43c93da0f49d911877265e6ee443e37397ecf89021e7f579e8d3a74c12b52938d91e9de07fc8eeeb9505f4a9c26266bf5449484ccc1317c7476"], &(0x7f0000000100)='GPL\x00'}, 0x48) 431.587231ms ago: executing program 0 (id=6): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@ipv4_newroute={0x24, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@RTA_FLOW={0x8, 0xb, 0xf3}]}, 0x24}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=@bridge_newneigh={0x24, 0x1c, 0x310, 0x70bd29, 0x25dfdbfc, {0xa, 0x0, 0x0, 0x0, 0x40, 0x80, 0x3}, [@NDA_FLAGS_EXT={0x8, 0xf, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000004}, 0x4004001) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB="2400000017f9dd8d000000000000008002000000e50000060000000008000b00f3000000"], 0x24}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x2, 0x2000000000000007, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r0], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f0000000640)=""/195, 0x0, 0x0, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x90) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xb, &(0x7f00000009c0)=@framed={{}, [@printk={@llx, {0x3, 0x3, 0x3, 0xa, 0x0}, {0x5}, {0x7, 0x0, 0x5}, {}, {}, {0x85, 0x0, 0x0, 0x19}}]}, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff6ffc}]}) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)='ns/pid_for_children\x00') setreuid(0x0, 0x0) statx(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x2000, 0x2, &(0x7f0000000100)) getegid() mount$9p_rdma(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0), 0x4400, 0xfffffffffffffffe) r3 = dup(r1) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000020000008004"]) fcntl$setown(r2, 0x8, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$nl_route(r0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)=@ipv4_delrule={0x58, 0x21, 0x100, 0x70bd28, 0x25dfdbfd, {0x2, 0x20, 0x10, 0x59, 0x0, 0x0, 0x0, 0x7}, [@FRA_SRC={0x8, 0x2, @multicast1}, @FRA_TUN_ID={0xc}, @FRA_GENERIC_POLICY=@FRA_IP_PROTO={0x5, 0x16, 0x16}, @FRA_FLOW={0x8, 0xb, 0x1ff}, @FRA_FLOW={0x8, 0xb, 0x8}, @FRA_GENERIC_POLICY=@FRA_FWMASK={0x8, 0x10, 0x4}, @FRA_GENERIC_POLICY=@FRA_GOTO={0x8, 0x4, 0x2}]}, 0x58}, 0x1, 0x0, 0x0, 0x8045}, 0x4000001) socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet(0x2, 0x3, 0x100) bind$inet(r4, &(0x7f0000000000)={0x2, 0x0, @local}, 0x3c) socket$inet_udp(0x2, 0x2, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x100}}, 0x1c}}, 0x0) 337.675622ms ago: executing program 2 (id=3): r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pidfd_send_signal(r0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x1008002, &(0x7f0000000c00), 0x1, 0x5ec, &(0x7f0000001440)="$eJzs3c9vVFUbAOD3TKelpXxfCzEqLqSJMZAoLS1giHEBW0Ma/BE3bqy0IFKgoTVaNKEkuDExbowxceVC/C+UyJaVrly4cWVIiBqWJo6Z6dzSae+0dGjnFuZ5kqH33jOX895O354zp+fcCaBjDVX/KUXsjYiZFDGQFpbKylEvHFp83r2/PzldfaSoVN74M0WqH8uen+pf++sn90bEzz+l2NO1ut7Z+SvnJ6anpy7X90fmLsyMzM5fOXjuwsTZqbNTF8deGjt29MjRY6OHWrquqznHTl5//8OBz8bf/u6bf9Lo97+Npzger9afuPw6NstQDNW+J2l1Uf+xza6sIF31n5PlL3EqFxgQG5K9ft0R8VQMRFfcf/EG4tPXCg0O2FKVFFFZ27pPAB5VqSG9y8UFArRZ1g/I3tuvfB9cKqRXArTD3ROLAwCr87+8ODYYvbWxgZ33Uiwf1kkR0drIXKNdEXH71vj1M7fGr8cWjcMB+RauRcTTefmfavk/GL0xWMv/UkP+V/sFp+pfq8dfb7H+lUPF8h/aZzH/e9fM/2iS/+8sy/93W6x/6P7me30N+d/X6iUBAAAAAABAx7p5IiJezPv7f2lp/k/kzP/pj4jjm1D/0Ir91X//L93ZhGqAHHdPRLySO/+3lM3+Heyqb/2vNh+gO505Nz11KCL+HxEHontHdX90jToOfr7n62ZlQ/X5f9mjWv/t+lzAehx3yjsaz5mcmJt42OsGIu5ei3gmd/5vWmr/U077X/19MPOAdex5/sapZmXr5z+wVSrfRuzPbf/v37UirX1/jpFaf2Ak6xWs9uzHX/zQrP5W898tJuDhVdv/nWvn/2Bafr+e2Y3XcXi+XGlW1mr/vye9WbvlTE/92EcTc3OXRyN60smu6tGG42MbjxkeR1k+ZPlSzf8Dz609/pfX/++LiIUV/3f6q3FNcebJf/t/bxaP/j8Up5r/kxtq/ze+MXZj8Mdm9T9Y+3+k1tYfqB8x/geLvsrStKfxeE46lvOK2h0vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwOShGxK1JpeGm7VBoejuiPiCdiZ2n60uzcC2cufXBxslpW+/z/UvZJvwOL+yn7/P/BZftjK/YPR8TuiPiyq6+2P3z60vRk0RcPAAAAAAAAAAAAAAAAAAAA20R/k/X/VX90FR0dsOXKRQcAFCYn/38pIg6g/fLb/562xwG0n/4/dC75D51L/kPnkv/QueQ/dC75D51L/gMAAAAAwGNl976bv6aIWHi5r/aIZQt/uguNDNhqpaIDAArjFj/QuUz9gc7lPT6Q1invbXrSemeuZeb0Q5wMAAAAAAAAAAAAAB1n/17r/6FTWf8Pncv6f+hc2fr/fQXHAbSf9/hArLOSP3f9/7pnAQAAAAAAAAAAAACbaXb+yvmJ6empyzbeaums3u0RfGsblUrlavWnYLvE84hvZFPht0s8KzaytX4PdlZxv5MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBG/wUAAP//tJYhbg==") r2 = creat(&(0x7f0000000100)='./bus\x00', 0x0) write$binfmt_script(r2, &(0x7f0000001c40)={'#! ', './file0', [], 0xa, "5dc72f2d0c418fb20b8d5b23051846cbc68df3052ac0c4597fe556df7232ddd2dfb3ba88e528fbe2752010ea076bfe57b0ca1972ed939fffe09a5c612d639a73160e8c265c0f47e8461cc48d3680cbf4354fa2408510db7d3607108c1eab77fb6384140d4603da3ff2da053ab236b599248548819ab2213998f8773272d4d5bdf911149f20e1bd96a79f412a854ab8adef267d844c3e2aabf38cc9df483d2ec8c06b444520f562bcec59fee1aac8700860038b6a0ae1ff6a5a"}, 0xc4) write$binfmt_elf64(r2, &(0x7f0000001a40)=ANY=[@ANYBLOB="fff274d8b3f471f756813b570aff2bb7773db695d45d9fe13b91215164d3cec4916be1b8e668ace653379622f7e10c85248a9c4b743348c581a69766f0618eda503b0c075bc9bc24cdc18ad24ea1c687655a14e66a1be9c360eef0118681464cd17996497134225f21c684c27931a442b1a4758e1d3edfb608a1e70d9c77b2297a82ee3e46c67766f4e5cb2584ee649340d18c0a932aca835f817e7cb76243cc5edc04c8c42dda6bf1c39e47e6c2793be0cf859d69362e4f897a54059619450dbb2861ffb97c6951652fd2510ce54689ab7dc66640ba3a7749d2afb673b82c912864f33074739d6142"], 0xfd14) syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000001ec0)={[{@noinit_itable}, {@i_version}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x3f6}}, {@min_batch_time={'min_batch_time', 0x3d, 0x5}}, {@nobarrier}, {@noquota}, {@jqfmt_vfsold}], [{@uid_lt}, {@subj_role={'subj_role', 0x3d, '#-:!+:'}}, {@context={'context', 0x3d, 'unconfined_u'}}, {@fowner_eq}, {@obj_role={'obj_role', 0x3d, 'max_dir_size_kb'}}, {@subj_role={'subj_role', 0x3d, '(!$\\'}}, {@dont_measure}, {@hash}, {@audit}]}, 0x0, 0x401, &(0x7f00000022c0)="$eJzs209oHFUYAPBvZpNUm9bEWv+1VbcNYkBNmkSFgJeKioLgQW8eJDRpKW6a0qzYFg8qgqfixZOePOnBoxcPgnj3JHiydykEKZ5lZXZnmm2yGzfprms7vx9M+97MW9578+bbvHkzG0BpVbN/kogDEfF7REy0srcWqLb+++vGh6ezLYlG460/k2a5LF8ULT43nmem04j00ySOdqh3/fKV95ZqtZWLeX62vnphdv3ylWfPrS6dXTm7cn5h8fmT8wuLLywu9KObY1nbrt449tvaV2/+/fmJa+MvXX335WzfgbxAez/6pRrVW89lmyf7XdmQHWxLJyNDbAi7UomIbLhGm/E/EZXYHLyJeOWToTYOGKhGo9HY1/3wRw3gLpbEsFsADEfxh764tx/EffD/2cap1g3Q9v6PRJqXGd1yf9tP1Yi49M5nP2ZbDGgdAgCg3U/Z/OeZTvOfNB5qK3df/mxoMiLuj4hDEfFARByOiAcjmmUfjohHdll/dUt++/wnvb6njvUom/+92HH+W8z+YrKS5w42+z+anDlXWzmZn5PpGN2X5ed2qOPX17/9ptux9vlftmX1F3PBvB3XR7Ys0C0v1Zdup8/tNj6OONJx/pvcfBKQRMSjEXFkj3X8cKrxZbdj/97/wWp8HfFUx/HffHKX7Px8crZ5PcwWV8V2xz64sNyt/mH3Pxv//Tv3fzJpf167vvs6vp88vtHt2F6v/7Hk7WZ6LN93aalevzgXMZa8sX3//OZni3xRPuv/9FTn+D8Um2fiaDaOEfFYRDweEU/kbT8eESciYmqH/r869dpK1/7fExFDHf/vxlupXsd/94nV+Z9/6VZ/b+P/XDM1ne/p5fuv1wbu+cQBAADAHSRtvgOfpDM302k6M9N6h/9w7E9ra+v1p8+svX9+ufWu/GSMpsVK10TbeuhcvjZc5Oe35BfydeMvKvc28zOn12pdF8WA/8R4l/jP/FEZduuAgfN7LSgv8Q/lJf6hvMQ/lJf4h/IS/1BS1yriH0pM/EN5iX8oL/EPpXQ7v+uXkJC4WxPD/mYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoj38CAAD//2Gy3iA=") read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) gettid() syz_emit_vhci(&(0x7f0000001b40)=ANY=[@ANYBLOB="040903ffc9b960a24e3200a7dbe9413a934b301dd646bd9acc92bfeff03258548910ce90e307a906c576b1cc0290bb79b61e9ea61e7a50c4f1ec410c4de4e05b93138e05209a0a58c6c825831b835e516fe790cec92c1e03d3b8edc9db9b4bc5391672881254e7a8709b81cab391c5f0112b96e6a53fb9d09a9bf52b12e5360527a81c22be248dc7d3384e3f7feac80b4a878a143b9dbbc1bb5195f8f463e3c98d5905a79ddaeee4afdb18cc3f8ccb2fed83251046d74fd3ee55be25533d26d29e9adf089b293d244b5ce7d20e3b8547ae6bac18f4"], 0x6) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0xa, &(0x7f0000000040)=0x2, 0x4) setsockopt$inet6_tcp_int(r4, 0x6, 0xa, &(0x7f0000000080)=0x6, 0x4) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0xde02}) close(0xffffffffffffffff) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) preadv(r3, &(0x7f0000000400)=[{&(0x7f00000004c0)=""/248, 0xf8}], 0x1, 0x0, 0x0) creat(&(0x7f0000000380)='./bus\x00', 0x0) socket$inet6(0xa, 0x401000000001, 0x0) 0s ago: executing program 0 (id=7): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x9) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000040)={&(0x7f0000001500)=ANY=[@ANYBLOB='(\a\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7000fcdbdf250f0000000c00990001000000010000000500a2000300000008007e000100000010001b80040003000500010020000000640017800500030010000000000000000500030011000000000000000c000400dbc664a68095ac70050006000900000000000000050006000700000000000000050002001400000000000000050003000f000000000000000500030012000000000000000a00340001010101010100000500a200040000000800a10001000000080026006c0900000800a1002185000008007e0001000000a4000e809f00030068982f9c25efcb8782f177d21f1966e6577813a0237652f63d062b57a03bb63b7d52f807bb811ff85d4ae0e626871d7720031be25b59e5f26560627654387aeaa5c47252b26eabf42dd9cb40e06da2b1a3db6abb3c94be1434533b2f4989ecf0ddf8de27aee706079c9ef48a0793308130b2f6bb997709fef1490ba1a8bb94139c3e37592e7628d3012cb94768eddca8800a24883f867ed312e02e004a000f0076067a81410001006804f00a9000841cde02000802110000000000000000000008021100000000000000000004060901f7ff09008c10e70c7e23ec1a47b77d43ce2415c51b23000074020e80a200020015844d2118112f84919e6455887919db52f577acbb39de32169154665ea589073f55ddc2477bf58023482f3e0e7d8b0dce1a5d7a5e60aef246b19329efa1503d24386c60b4eb7ee71812d54cc83cdd09bc8b754b0aabf9e209799e39c5a733c5ba9822ddf8ad8bb5bf288fa3d919985488ce63071e1566a603d8ad3140f3d3b0598839a4abb3ce92e12bcc40baf9313743cea1620551adc9e66d277ea6a10000c6000200b41765091a3da40ff88665a528f2a19cd3278dca69f84a402346428f8314cc51f48783a1d806f988fa29933de0087d909b4980de200e0674077dafb0e4b7ec4315e43eb1789ee11d2ca1d6659b7a497717da829b866c5239fdfc4b091397bfdbdcb1e369810e91a5b2504bb0ebadfb92f964a5744394ca1e853dbc72b2edd34364a853f0f066dac90b4bd237aed158782be0ab91a51213b6c1fff55d2ce88044d2d7744f16bc038966f6cda8dd5fefa7de06e486a39a31ceaa121dc43043a9ec6c0d000002010200963d7c9cfa4f1a1f6c42ca9c01ead55072481b32966e7b2ec9003bc1d45cdcdb187ce5b6fa787a202da4fc9a3f0194f57f7eaa77a0937e9bb63dbcf0609d87918031aa0397abedc9634aa32473a1fa0d9609edfb2fe81362c0766d95e22c2a8107b90d8a762407f0b948c4ed6fb9a8ef64264a40de6d92c9bd36292d49fff7b55b88773d4325976de2015cc0b2f39271cf755aecc6d376c18763b5d1533b66432815008bab081715f910ba63aa48b42209cd8c9a50e301973ccea3b567f8a9d6a8f8eaa90ee7c7333e90a979c87b721ded5f82854feeb620b71126b4cffc98c5f93e977a018f8086c024c8efa71cb238c49baa8fa4ba0d79028caec078930000cd027f0005fb02a70815b62744faccbc0b9c680328f39478a1dcda6c7662fdc4d6087eef28aa54ad7ff6eed80a63bc5cf03f749bc85713218bdae7ffa95ab4458a04fe26c75f96ad380a61d6e947ed577d3d7ab81411c21e808f27bd7b6b5e81cd0bef2675f604369f5d8deb530d7a3a3144485cd4090860dc1b5870e03b3309e355394e2ee2f7baec9b74d644a7e9a90283d600287e305eafb22a0d222ff9862f4639e5bf0c2d7e93eef1a18e179568d8b342933762d84dce5a0bb5596518c8123cbc4b04f17483aebfec86c8e6dfa568e78577864b4029adb271c2479dd08dbccac154631a12852e7e1bd5cb7de213f2023134e9f2390e4771435c9e5928d793000824930db4e08072b1821a0000000000000008021100000000000000000000000000000000680409003f00ddd1ca7290433734520c6afe851aceafe0fe9990f968fe64add8a18a3fcab4d11f9c99d2076a5be7a80adf31a3189215e597779613138ada3432c72fb970ab3636f32d83f99d383cde56c7d95773d66a7dffc9618f224cc610673dd1a35ceeaaa99f4d60b127764031bcfc23d3a678dfa90ddb3c1d936413f69ad847297b95d3dfbb641e7dbdcee2a124a3581733f6f49a6d028ca7a107f147ec54880337bf5a60134c6192ed0e80d2cde0f53759ce061520cad3faf7f552065c8087a71ac0f1d863b862cefffe3db060bf14ccc604b84a66f5dda69b3a0d8aa3b6815e402f2eb701206b45ef9cac3b086dfda12fff651deeeb1cad4f359fcdebc1861f2efb94384cc8737355c9e1a33725f861793853c81e1f0f39260d5d70275a7559434aa855adb28543e563563256cfcacfb2f7e6fc307f4074bcbd9152cc8920560dcdfaa83ab494a3b297af9d26b1877b9b5cace932ba99fac5273164411389b81ec65209d2c26b3da536f0a271da86b227f9d882441a9ec2eb167563e5cc7e15c60402ffffffffffff07000000fc0000000000000068040008c2f9bd06ffffffffffff0000001c00a6800a00060008021100000000000a000600ffffffffffff00005b2e637863a8165465f1fbb39c2e654ea39351ef86b3345cb9dd6363f05be81c6837028fbd3bdc15c095c50292117a7c2ddae9b0b8426d4ae386eeca99c75b8f8cf8bc2169b5bb070cdbbf08a8c6f7fba847f5a91162efb2c5c6eebff288368648edbce749eed8f643335a5f1696b43fed409938d6d173b25e4bc7d9ec9b465c02cc7ef665236d0e1500e86eb5b5bb1cc0d84ce8a94f4afa"], 0x728}, 0x1, 0x0, 0x0, 0x24008851}, 0x20044001) socket$inet(0x2, 0x4000000000000001, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x2c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98f}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x2c}}, 0x0) sendmsg$NL80211_CMD_GET_STATION(r3, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x30, r6, 0x100, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0x4, 0x4}}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x43e}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x30}, 0x1, 0x0, 0x0, 0x20040000}, 0x40000) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) r11 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r3) sendmsg$BATADV_CMD_SET_HARDIF(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000e00)={0x2c, r11, 0x18fe2a01ed25d92f, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r9}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r10}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}]}, 0x2c}}, 0x0) r12 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_BEGIN_FF_ERASE(r12, 0x4004556b, &(0x7f0000000000)) syz_usbip_server_init(0x5) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.103' (ED25519) to the list of known hosts. [ 57.986785][ T5213] cgroup: Unknown subsys name 'net' [ 58.125370][ T5213] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 59.644939][ T5213] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 61.951841][ T4621] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 61.961126][ T4621] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 61.969045][ T4621] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 61.977194][ T4621] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 61.984588][ T4621] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 61.993080][ T4621] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 62.001425][ T4621] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 62.009181][ T4621] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 62.018002][ T5234] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 62.025755][ T5234] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 62.034174][ T5234] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 62.047449][ T5234] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 62.055274][ T5234] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 62.060276][ T5243] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 62.070037][ T5234] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 62.070977][ T5243] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 62.078331][ T5234] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 62.084591][ T5243] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 62.091478][ T5234] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 62.106738][ T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 62.115860][ T5244] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 62.116012][ T5240] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 62.137702][ T5234] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 62.147740][ T5244] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 62.154907][ T5244] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 62.176654][ T5234] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 62.185783][ T5244] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 62.198547][ T5244] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 62.217527][ T4621] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 62.224976][ T5244] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 62.599512][ T5226] chnl_net:caif_netlink_parms(): no params data found [ 62.657289][ T5225] chnl_net:caif_netlink_parms(): no params data found [ 62.709095][ T5238] chnl_net:caif_netlink_parms(): no params data found [ 62.818807][ T5225] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.826165][ T5225] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.834921][ T5225] bridge_slave_0: entered allmulticast mode [ 62.842036][ T5225] bridge_slave_0: entered promiscuous mode [ 62.868583][ T5226] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.875727][ T5226] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.883829][ T5226] bridge_slave_0: entered allmulticast mode [ 62.890796][ T5226] bridge_slave_0: entered promiscuous mode [ 62.932724][ T5225] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.940010][ T5225] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.947501][ T5225] bridge_slave_1: entered allmulticast mode [ 62.954227][ T5225] bridge_slave_1: entered promiscuous mode [ 62.961808][ T5226] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.969617][ T5226] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.977712][ T5226] bridge_slave_1: entered allmulticast mode [ 62.984828][ T5226] bridge_slave_1: entered promiscuous mode [ 63.059037][ T5230] chnl_net:caif_netlink_parms(): no params data found [ 63.071316][ T5225] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.086145][ T5226] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.114724][ T5238] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.122356][ T5238] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.130206][ T5238] bridge_slave_0: entered allmulticast mode [ 63.137251][ T5238] bridge_slave_0: entered promiscuous mode [ 63.145822][ T5225] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.169906][ T5226] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.191841][ T5238] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.199319][ T5238] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.206676][ T5238] bridge_slave_1: entered allmulticast mode [ 63.213764][ T5238] bridge_slave_1: entered promiscuous mode [ 63.220615][ T5241] chnl_net:caif_netlink_parms(): no params data found [ 63.270976][ T5226] team0: Port device team_slave_0 added [ 63.301702][ T5225] team0: Port device team_slave_0 added [ 63.313702][ T5225] team0: Port device team_slave_1 added [ 63.323611][ T5226] team0: Port device team_slave_1 added [ 63.345692][ T5238] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.392128][ T5226] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.399322][ T5226] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.425386][ T5226] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.441075][ T5238] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.478610][ T5226] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.485596][ T5226] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.511975][ T5226] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.544063][ T5230] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.551594][ T5230] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.559101][ T5230] bridge_slave_0: entered allmulticast mode [ 63.565932][ T5230] bridge_slave_0: entered promiscuous mode [ 63.573795][ T5230] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.581268][ T5230] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.588776][ T5230] bridge_slave_1: entered allmulticast mode [ 63.595465][ T5230] bridge_slave_1: entered promiscuous mode [ 63.602792][ T5225] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.610075][ T5225] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.636688][ T5225] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.670511][ T5238] team0: Port device team_slave_0 added [ 63.682885][ T5238] team0: Port device team_slave_1 added [ 63.696187][ T5225] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.706822][ T5225] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.733206][ T5225] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.777141][ T5226] hsr_slave_0: entered promiscuous mode [ 63.783890][ T5226] hsr_slave_1: entered promiscuous mode [ 63.826556][ T5238] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.833519][ T5238] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.859761][ T5238] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.872970][ T5230] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.885219][ T5230] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.922925][ T5238] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.930140][ T5238] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.956526][ T5238] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.995597][ T5241] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.004689][ T5241] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.012223][ T5241] bridge_slave_0: entered allmulticast mode [ 64.019706][ T5241] bridge_slave_0: entered promiscuous mode [ 64.034516][ T5230] team0: Port device team_slave_0 added [ 64.043193][ T5230] team0: Port device team_slave_1 added [ 64.052148][ T5225] hsr_slave_0: entered promiscuous mode [ 64.058884][ T5225] hsr_slave_1: entered promiscuous mode [ 64.065087][ T5225] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.072977][ T5225] Cannot create hsr debugfs directory [ 64.080013][ T5241] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.087321][ T5241] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.094493][ T5241] bridge_slave_1: entered allmulticast mode [ 64.101809][ T5241] bridge_slave_1: entered promiscuous mode [ 64.157436][ T5244] Bluetooth: hci0: command tx timeout [ 64.181181][ T5230] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.188304][ T5230] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.214377][ T5230] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.236706][ T5244] Bluetooth: hci3: command tx timeout [ 64.242421][ T5244] Bluetooth: hci2: command tx timeout [ 64.266090][ T5230] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.274069][ T5230] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.300059][ T5230] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.317343][ T5227] Bluetooth: hci4: command tx timeout [ 64.319115][ T5241] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.323103][ T5244] Bluetooth: hci1: command tx timeout [ 64.341037][ T5241] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.355124][ T5238] hsr_slave_0: entered promiscuous mode [ 64.361753][ T5238] hsr_slave_1: entered promiscuous mode [ 64.368838][ T5238] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.376579][ T5238] Cannot create hsr debugfs directory [ 64.428005][ T5241] team0: Port device team_slave_0 added [ 64.484654][ T5241] team0: Port device team_slave_1 added [ 64.501868][ T5230] hsr_slave_0: entered promiscuous mode [ 64.508334][ T5230] hsr_slave_1: entered promiscuous mode [ 64.514643][ T5230] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.523012][ T5230] Cannot create hsr debugfs directory [ 64.584119][ T5241] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.591637][ T5241] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.618191][ T5241] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.651188][ T5241] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.659066][ T5241] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.685810][ T5241] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.837453][ T5241] hsr_slave_0: entered promiscuous mode [ 64.843935][ T5241] hsr_slave_1: entered promiscuous mode [ 64.853313][ T5241] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.861235][ T5241] Cannot create hsr debugfs directory [ 64.877305][ T5226] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.913843][ T5226] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.946820][ T5226] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 64.963264][ T5226] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.007553][ T5225] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 65.024938][ T5225] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 65.042856][ T5225] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 65.073913][ T5225] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 65.157561][ T5238] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 65.181257][ T5238] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 65.210274][ T5238] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 65.228452][ T5238] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 65.256938][ T5226] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.310578][ T5230] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 65.338713][ T5230] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 65.359092][ T5226] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.389416][ T5230] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 65.417381][ T5230] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 65.433137][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.440454][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.464512][ T5241] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 65.483032][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.490193][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.514432][ T5241] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 65.547497][ T5241] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 65.576010][ T5241] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 65.619701][ T5225] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.635650][ T5238] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.668455][ T5225] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.701892][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.709083][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.750686][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.758324][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.775202][ T5238] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.809677][ T1051] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.816922][ T1051] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.834598][ T1051] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.841793][ T1051] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.940349][ T5230] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.013209][ T5230] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.029711][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.037054][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.052067][ T5226] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.063563][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.070711][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.123393][ T5241] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.239246][ T5244] Bluetooth: hci0: command tx timeout [ 66.282220][ T5241] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.312042][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.319247][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.334106][ T5244] Bluetooth: hci2: command tx timeout [ 66.337261][ T5227] Bluetooth: hci3: command tx timeout [ 66.355688][ T5226] veth0_vlan: entered promiscuous mode [ 66.371884][ T5226] veth1_vlan: entered promiscuous mode [ 66.397130][ T5227] Bluetooth: hci1: command tx timeout [ 66.397886][ T5244] Bluetooth: hci4: command tx timeout [ 66.438634][ T5238] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.461321][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.468494][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.489608][ T5225] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.517170][ T5226] veth0_macvtap: entered promiscuous mode [ 66.570974][ T5226] veth1_macvtap: entered promiscuous mode [ 66.645823][ T5238] veth0_vlan: entered promiscuous mode [ 66.670542][ T5226] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.689906][ T5238] veth1_vlan: entered promiscuous mode [ 66.730273][ T5226] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.761324][ T5230] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.792543][ T5238] veth0_macvtap: entered promiscuous mode [ 66.811816][ T5226] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.823691][ T5226] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.832839][ T5226] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.844896][ T5226] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.863556][ T5238] veth1_macvtap: entered promiscuous mode [ 66.943740][ T5238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.961433][ T5238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.974821][ T5238] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.002800][ T5238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.013865][ T5238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.026069][ T5238] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.084489][ T5241] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.094036][ T5238] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.103287][ T5238] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.112417][ T5238] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.122188][ T5238] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.151300][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.163092][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.212490][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.221726][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.235559][ T5230] veth0_vlan: entered promiscuous mode [ 67.293426][ T5230] veth1_vlan: entered promiscuous mode [ 67.333054][ T5225] veth0_vlan: entered promiscuous mode [ 67.372736][ T5225] veth1_vlan: entered promiscuous mode [ 67.398519][ T5241] veth0_vlan: entered promiscuous mode [ 67.474178][ T5241] veth1_vlan: entered promiscuous mode [ 67.491486][ T5230] veth0_macvtap: entered promiscuous mode [ 67.558855][ T5230] veth1_macvtap: entered promiscuous mode [ 67.577736][ T2895] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.585609][ T2895] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.662504][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.676734][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.688505][ T5241] veth0_macvtap: entered promiscuous mode [ 68.130122][ T5230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.202304][ T5230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.417460][ T5227] Bluetooth: hci3: command tx timeout [ 68.423011][ T5227] Bluetooth: hci2: command tx timeout [ 68.428715][ T5244] Bluetooth: hci0: command tx timeout [ 68.447928][ T5230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.473946][ T5230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.485048][ T4621] Bluetooth: hci4: command tx timeout [ 68.490643][ T5244] Bluetooth: hci1: command tx timeout [ 68.505896][ T5230] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.547681][ T5230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.568201][ T5230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.582227][ T5230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.609633][ T5230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.622207][ T5230] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.631626][ T5241] veth1_macvtap: entered promiscuous mode [ 68.656053][ T5225] veth0_macvtap: entered promiscuous mode [ 68.692109][ T5230] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.712621][ T5230] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.721862][ T5230] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.740108][ T5230] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.758107][ T5241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.769697][ T5241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.781062][ T5241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.792135][ T5315] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 68.793379][ T5241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.818009][ T5241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.828505][ T5241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.848383][ T5241] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.858252][ T5241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.869157][ T5241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.879102][ T5241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.889638][ T5241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.899513][ T5241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.910617][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 68.920387][ T5318] loop2: detected capacity change from 0 to 1024 [ 68.929617][ T5241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.941043][ T5241] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.949183][ T5225] veth1_macvtap: entered promiscuous mode [ 68.976644][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 68.981675][ T5318] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 68.984940][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 69.052533][ T5241] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.066746][ T5241] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.075477][ T5241] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.104229][ T5316] kernel tr[ 69.104229][ T5316] kernel tried to execute NX-protected page - exploit attempt? (uid: 0) [ 69.106089][ T5316] ================================================================== ** 1 printk messages dropped ** [ 69.106104][ T5316] BUG: KASAN: stack-out-of-bounds in insn_decode+0x51/0x4c0 [ 69.106141][ T5316] Write of size 88 at addr ffffc90003fc7610 by task syz.2.3/5316 [ 69.106147][ T5316] Oops: general protection fault, probably for non-canonical address 0xdfff0c60ffffff09: 0000 [#2] PREEMPT SMP KASAN PTI [ 69.106159][ T5316] [ 69.106179][ T5316] CPU: 0 UID: 0 PID: 5316 Comm: syz.2.3 Not tainted 6.11.0-rc4-next-20240820-syzkaller #0 [ 69.106178][ T5316] CPU: 1 UID: 0 PID: 5316 Comm: syz.2.3 Not tainted 6.11.0-rc4-next-20240820-syzkaller #0 [ 69.106201][ T5316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 69.106203][ T5316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 69.106215][ T5316] Call Trace: [ 69.106224][ T5316] [ 69.106220][ T5316] RIP: 1020:0xfffffffd [ 69.106244][ T5316] Code: Unable to access opcode bytes at 0xffffffd3. [ 69.106233][ T5316] dump_stack_lvl+0x241/0x360 [ 69.106253][ T5316] RSP: 1060:ffffffffffffffff EFLAGS: 8bb4c90100000000 ORIG_RAX: ffffc90003fc6630 [ 69.106278][ T5316] RAX: 1ffff920007f8cb0 RBX: 0f21f29fdf63b900 RCX: ffffc90003fc67ee [ 69.106271][ T5316] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.106293][ T5316] RDX: ffffc90003fc6874 RSI: 0000000045e0360e RDI: ffffffff8e063723 [ 69.106302][ T5316] ? __pfx__printk+0x10/0x10 [ 69.106309][ T5316] RBP: ffffc90083fc6873 R08: 0000000000000000 R09: ffffc90003fc67f4 [ 69.106323][ T5316] R10: 0000000000000018 R11: ffffc90003fc6877 R12: ffffc90003fc6620 [ 69.106329][ T5316] ? _printk+0xd5/0x120 [ 69.106337][ T5316] R13: dffffc0000000000 R14: ffff1060ffffff09 R15: ffffffff8bb47b6f [ 69.106353][ T5316] FS: 0000555576129500(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 [ 69.106370][ T5316] CS: ff09 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.106361][ T5316] ? __pfx_lock_acquire+0x10/0x10 [ 69.106384][ T5316] CR2: 0000000000000082 CR3: 0000000000000082 CR4: 00000000003506f0 [ 69.106400][ T5316] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.106398][ T5316] print_report+0x169/0x550 [ 69.106412][ T5316] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.106429][ T5316] BUG: unable to handle page fault for address: ffffc90083fc67eb [ 69.106440][ T5316] #PF: supervisor instruction fetch in kernel mode [ 69.106428][ T5316] ? arch_uprobe_exception_notify+0xda/0x110 [ 69.106450][ T5316] #PF: error_code(0x0010) - not-present page [ 69.106461][ T5316] PGD 15800067 P4D 15800067 [ 69.106462][ T5316] ? __virt_addr_valid+0xbd/0x530 [ 69.106475][ T5316] PUD 0 [ 69.106485][ T5316] Oops: Oops: 0010 [#3] PREEMPT SMP KASAN PTI [ 69.106488][ T5316] ? insn_decode+0x51/0x4c0 [ 69.106501][ T5316] CPU: 0 UID: 0 PID: 5316 Comm: syz.2.3 Not tainted 6.11.0-rc4-next-20240820-syzkaller #0 [ 69.106512][ T5316] kasan_report+0x143/0x180 [ 69.106532][ T5316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 69.106543][ T5316] RIP: 6430:0xffff1060ffffff09 [ 69.106541][ T5316] ? insn_decode+0x51/0x4c0 [ 69.106561][ T5316] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 69.106571][ T5316] RSP: 0000:00000000fffffff8 EFLAGS: ffffffff8bb4d3ce [ 69.106569][ T5316] kasan_check_range+0x282/0x290 [ 69.106584][ T5316] ORIG_RAX: ffffc90003fc63a0 [ 69.106593][ T5316] RAX: ffffffff8c0d4a0a RBX: ffffc90003fc63a0 RCX: 0000000000000000 [ 69.106601][ T5316] __asan_memset+0x23/0x50 [ 69.106612][ T5316] RDX: ffffc90003fc67f8 RSI: ffffc90003fc63a0 RDI: ffffffff81fc4893 [ 69.106623][ T5316] insn_decode+0x51/0x4c0 [ 69.106628][ T5316] RBP: 01fffc0000000000 R08: 0000000000000018 R09: 1ffff1101720519a [ 69.106642][ T5316] R10: dffffc0000000000 R11: ffffed101720519b R12: ffff1060ffffff09 [ 69.106646][ T5316] ? copy_from_kernel_nofault+0x1f2/0x2e0 [ 69.106657][ T5316] R13: ffffc90003fc6430 R14: ffffffff8bb4d3ce R15: 00000000fffffff8 [ 69.106672][ T5316] FS: 0000555576129500(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 [ 69.106674][ T5316] exc_general_protection+0x454/0x5d0 [ 69.106690][ T5316] CS: 6430 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.106703][ T5316] CR2: ffffffffffffffd6 CR3: 000000002ca64000 CR4: 00000000003506f0 [ 69.106720][ T5316] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.106718][ T5316] asm_exc_general_protection+0x26/0x30 [ 69.106732][ T5316] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.106745][ T5316] Call Trace: [ 69.106751][ T5316] [ 69.106751][ T5316] RIP: 0010:__pv_queued_spin_lock_slowpath+0x830/0xdb0 [ 69.106757][ T5316] ? __die_body+0x5f/0xb0 [ 69.106781][ T5316] Code: e9 6e ff ff ff 48 8d 8c 24 b0 00 00 00 80 e1 07 fe c1 38 c1 7c 97 48 8d bc 24 b0 00 00 00 e8 a7 03 37 f6 eb 88 48 8b 44 24 10 <42> 0f b6 04 28 84 c0 0f 85 d3 00 00 00 4c 8b 64 24 48 41 c6 04 24 [ 69.106777][ T5316] ? page_fault_oops+0x8e4/0xcc0 [ 69.106800][ T5316] RSP: 0018:ffffc90003fc77e0 EFLAGS: 00010056 [ 69.106819][ T5316] RAX: ffffc90003fc7800 RBX: 1ffff920007f8f12 RCX: ffffc90003fc7801 [ 69.106808][ T5316] ? __pfx_page_fault_oops+0x10/0x10 [ 69.106836][ T5316] RDX: 0000000000000001 RSI: 0000000000000002 RDI: ffff8880b903ea42 [ 69.106851][ T5316] RBP: ffffc90003fc7918 R08: ffff8880b903ea43 R09: 1ffff11017207d48 [ 69.106850][ T5316] ? is_prefetch+0x4ed/0x780 [ 69.106867][ T5316] R10: dffffc0000000000 R11: ffffed1017207d49 R12: 0000000000000000 [ 69.106883][ T5316] R13: dffffc0000000000 R14: ffff8880b903ea40 R15: ffffc90003fc78a0 [ 69.106882][ T5316] ? vprintk_emit+0x1fb/0x7c0 [ 69.107009][ T5316] ------------[ cut here ]------------ [ 69.107017][ T5316] WARNING: CPU: 1 PID: 5316 at kernel/rcu/tree_plugin.h:442 __rcu_read_unlock+0x94/0x110 [ 69.107055][ T5316] Modules linked in: [ 69.107066][ T5316] CPU: 1 UID: 0 PID: 5316 Comm: syz.2.3 Not tainted 6.11.0-rc4-next-20240820-syzkaller #0 [ 69.107089][ T5316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 69.107100][ T5316] RIP: 0010:__rcu_read_unlock+0x94/0x110 [ 69.107129][ T5316] Code: 41 83 3f 00 75 29 42 0f b6 04 23 84 c0 75 62 41 8b 45 00 3d 00 00 00 40 73 0f 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 90 <0f> 0b 90 eb eb 4c 89 f7 e8 7f 00 00 00 eb cd 44 89 e9 80 e1 07 80 [ 69.107146][ T5316] RSP: 0018:ffffc90003fc71a0 EFLAGS: 00010086 [ 69.107164][ T5316] RAX: 00000000ffffffff RBX: 1ffff1100f819448 RCX: ffffffff81703b60 [ 69.107180][ T5316] RDX: 0000000000000000 RSI: ffffffff8c609e00 RDI: ffffffff8c609dc0 [ 69.107195][ T5316] RBP: 00000000ffffffff R08: ffffffff9018c76f R09: 1ffffffff20318ed [ 69.107211][ T5316] R10: dffffc0000000000 R11: fffffbfff20318ee R12: dffffc0000000000 [ 69.107227][ T5316] R13: ffff88807c0ca244 R14: ffff88807c0c9e00 R15: ffffffffffffffff [ 69.107244][ T5316] FS: 0000555576129500(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 69.107262][ T5316] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.107277][ T5316] CR2: 00007faac6feb550 CR3: 000000002ca64000 CR4: 00000000003506f0 [ 69.107296][ T5316] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.107309][ T5316] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.107322][ T5316] Call Trace: [ 69.107329][ T5316] [ 69.107433][ T5316] ? __warn+0x163/0x4e0 [ 69.107549][ T5316] ? __rcu_read_unlock+0x94/0x110 [ 69.108216][ T5316] ? report_bug+0x2b3/0x500 [ 69.108332][ T5316] ? __rcu_read_unlock+0x94/0x110 [ 69.108364][ T5316] ? vsnprintf+0x948/0x1da0 [ 69.109182][ T5316] ? handle_bug+0x60/0x90 [ 69.109217][ T5316] ? vsnprintf+0x1ccd/0x1da0 [ 69.109306][ T5316] ? exc_invalid_op+0x1a/0x50 [ 69.109339][ T5316] ? vsnprintf+0x948/0x1da0 [ 69.109529][ T5316] ? asm_exc_invalid_op+0x1a/0x20 [ 69.110476][ T5316] ? __pfx_vsnprintf+0x10/0x10 [ 69.110510][ T5316] ? vsnprintf+0x1ccd/0x1da0 [ 69.110575][ T5316] ? lock_release+0xb0/0xa30 [ 69.110979][ T5316] ? __rcu_read_unlock+0x94/0x110 [ 69.111918][ T5316] is_bpf_text_address+0x285/0x2a0 [ 69.111915][ T5316] ? sprintf+0xda/0x120 [ 69.111941][ T5316] ? is_bpf_text_address+0x26/0x2a0 [ 69.112486][ T5316] ? __sprint_symbol+0x1f7/0x3a0 [ 69.112600][ T5316] kernel_text_address+0xa7/0xe0 [ 69.112800][ T5316] ? __pfx_sprintf+0x10/0x10 [ 69.112899][ T5316] __kernel_text_address+0xd/0x40 [ 69.113016][ T5316] show_trace_log_lvl+0x2ed/0x410 [ 69.113468][ T5316] ? kallsyms_lookup_buildid+0x534/0x690 [ 69.114613][ T5316] ? __sprint_symbol+0x2f6/0x3a0 [ 69.114801][ T5316] ? __pv_queued_spin_lock_slowpath+0x830/0xdb0 [ 69.115103][ T5316] ? __pv_queued_spin_lock_slowpath+0x830/0xdb0 [ 69.115495][ T5316] ? __pfx___sprint_symbol+0x10/0x10 [ 69.115655][ T5316] dump_stack_lvl+0x241/0x360 [ 69.116235][ T5316] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.116560][ T5316] ? __pfx__printk+0x10/0x10 [ 69.116949][ T5316] ? _printk+0xd5/0x120 [ 69.117159][ T5316] ? __pfx_lock_acquire+0x10/0x10 [ 69.117190][ T5316] ? kasan_check_range+0x282/0x290 [ 69.117310][ T5316] ? widen_string+0x3a/0x310 [ 69.117329][ T5316] ? symbol_string+0x2cb/0x3b0 [ 69.117901][ T5316] ? symbol_string+0x2f9/0x3b0 [ 69.118289][ T5316] print_report+0x169/0x550 [ 69.118605][ T5316] ? arch_uprobe_exception_notify+0xda/0x110 [ 69.118733][ T5316] ? __virt_addr_valid+0xbd/0x530 [ 69.118833][ T5316] ? __pfx_symbol_string+0x10/0x10 [ 69.119398][ T5316] ? insn_decode+0x51/0x4c0 [ 69.119605][ T5316] kasan_report+0x143/0x180 [ 69.120184][ T5316] ? insn_decode+0x51/0x4c0 [ 69.121402][ T5316] kasan_check_range+0x282/0x290 [ 69.121888][ T5316] __asan_memset+0x23/0x50 [ 69.122184][ T5316] insn_decode+0x51/0x4c0 [ 69.122300][ T5316] ? copy_from_kernel_nofault+0x1f2/0x2e0 [ 69.122975][ T5316] exc_general_protection+0x454/0x5d0 [ 69.123172][ T5316] ? desc_read+0x200/0x3f0 [ 69.124031][ T5316] ? desc_read+0x1a2/0x3f0 [ 69.125348][ T5316] ? prb_first_seq+0x131/0x210 [ 69.125940][ T5316] ? __pfx_prb_first_seq+0x10/0x10 [ 69.126308][ T5316] asm_exc_general_protection+0x26/0x30 [ 69.126344][ T5316] RIP: 0010:__pv_queued_spin_lock_slowpath+0x830/0xdb0 [ 69.126381][ T5316] Code: e9 6e ff ff ff 48 8d 8c 24 b0 00 00 00 80 e1 07 fe c1 38 c1 7c 97 48 8d bc 24 b0 00 00 00 e8 a7 03 37 f6 eb 88 48 8b 44 24 10 <42> 0f b6 04 28 84 c0 0f 85 d3 00 00 00 4c 8b 64 24 48 41 c6 04 24 [ 69.126399][ T5316] RSP: 0018:ffffc90003fc77e0 EFLAGS: 00010056 [ 69.126418][ T5316] RAX: ffffc90003fc7800 RBX: 1ffff920007f8f12 RCX: ffffc90003fc7801 [ 69.126435][ T5316] RDX: 0000000000000001 RSI: 0000000000000002 RDI: ffff8880b903ea42 [ 69.126450][ T5316] RBP: ffffc90003fc7918 R08: ffff8880b903ea43 R09: 1ffff11017207d48 [ 69.126466][ T5316] R10: dffffc0000000000 R11: ffffed1017207d49 R12: 0000000000000000 [ 69.126482][ T5316] R13: dffffc0000000000 R14: ffff8880b903ea40 R15: ffffc90003fc78a0 [ 69.126763][ T5316] ? this_cpu_in_panic+0x4f/0x80 [ 69.126969][ T5316] ? _prb_read_valid+0xa39/0xac0 [ 69.129020][ T5316] ? __pfx__prb_read_valid+0x10/0x10 [ 69.129588][ T5316] ? vsnprintf+0x948/0x1da0 [ 69.129928][ T5316] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 69.129980][ T5316] ? __pfx__prb_read_valid+0x10/0x10 [ 69.130511][ T5316] ? select_task_rq_rt+0x68/0x310 [ 69.130563][ T5316] ? vsnprintf+0x948/0x1da0 [ 69.131426][ T5316] ? vsnprintf+0x1ccd/0x1da0 [ 69.131820][ T5316] queued_spin_lock_slowpath+0x42/0x50 [ 69.132039][ T5316] do_raw_spin_lock+0x272/0x370 [ 69.132252][ T5316] ? __pfx_lock_release+0x10/0x10 [ 69.132936][ T5316] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 69.133329][ T5316] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 69.133569][ T5316] ? rcu_is_watching+0x15/0xb0 [ 69.133867][ T5316] ? lock_release+0xbf/0xa30 [ 69.134368][ T5316] raw_spin_rq_lock_nested+0xb0/0x140 [ 69.134915][ T5316] ? do_raw_spin_lock+0x14f/0x370 [ 69.135038][ T5316] try_to_wake_up+0x804/0x1480 [ 69.135038][ T5316] ? __pfx_lock_release+0x10/0x10 [ 69.135976][ T5316] ? __pfx_plist_check_list+0x10/0x10 [ 69.136177][ T5316] ? do_raw_spin_unlock+0x13c/0x8b0 [ 69.136289][ T5316] ? __pfx_try_to_wake_up+0x10/0x10 [ 69.136608][ T5316] ? __pfx_lock_release+0x10/0x10 [ 69.136853][ T5316] ? plist_del+0x3f1/0x410 [ 69.137892][ T5316] ? do_raw_spin_unlock+0x13c/0x8b0 [ 69.138030][ T5316] ? rcu_is_watching+0x15/0xb0 [ 69.138327][ T5316] ? lock_release+0xbf/0xa30 [ 69.138564][ T5316] wake_up_q+0xc8/0x120 [ 69.138918][ T5316] ? __pfx_lock_acquire+0x10/0x10 [ 69.139047][ T5316] futex_wake+0x523/0x5c0 [ 69.139598][ T5316] ? __pfx_lock_release+0x10/0x10 [ 69.139637][ T5316] ? do_raw_spin_lock+0x14f/0x370 [ 69.140360][ T5316] ? __pfx_futex_wake+0x10/0x10 [ 69.141111][ T5316] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 69.141227][ T5316] ? irq_work_queue+0xd1/0x150 [ 69.141328][ T5316] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 69.141718][ T5316] ? find_bug+0x68/0x390 [ 69.141727][ T5316] ? ktime_get+0x3c/0xb0 [ 69.142374][ T5316] ? __rcu_read_unlock+0x94/0x110 [ 69.142392][ T5316] do_futex+0x392/0x560 [ 69.142493][ T5316] ? report_bug+0x128/0x500 [ 69.142615][ T5316] ? rcu_is_watching+0x15/0xb0 [ 69.143340][ T5316] ? __pfx_do_futex+0x10/0x10 [ 69.143456][ T5316] ? handle_bug+0x60/0x90 [ 69.143580][ T5316] ? exc_invalid_op+0x1a/0x50 [ 69.143800][ T5316] ? asm_exc_invalid_op+0x1a/0x20 [ 69.144743][ T5316] __se_sys_futex+0x3f9/0x480 [ 69.144847][ T5316] ? lock_release+0xb0/0xa30 [ 69.145244][ T5316] ? __rcu_read_unlock+0x94/0x110 [ 69.145785][ T5316] ? __pfx___se_sys_futex+0x10/0x10 [ 69.146108][ T5316] ? is_bpf_text_address+0x285/0x2a0 [ 69.146107][ T5316] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 69.146129][ T5316] ? is_bpf_text_address+0x26/0x2a0 [ 69.146511][ T5316] ? do_syscall_64+0x100/0x230 [ 69.146791][ T5316] ? kernel_text_address+0xa7/0xe0 [ 69.146996][ T5316] ? __x64_sys_futex+0x21/0xf0 [ 69.147091][ T5316] ? __kernel_text_address+0xd/0x40 [ 69.147208][ T5316] ? show_trace_log_lvl+0x2ed/0x410 [ 69.147657][ T5316] do_syscall_64+0xf3/0x230 [ 69.147873][ T5316] ? clear_bhb_loop+0x35/0x90 [ 69.148347][ T5316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.148388][ T5316] RIP: 0033:0x7f412cb79e79 [ 69.148589][ T5316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.148606][ T5316] RSP: 002b:00007ffed6982a18 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 69.148629][ T5316] RAX: ffffffffffffffda RBX: 00007f412cd16058 RCX: 00007f412cb79e79 [ 69.148645][ T5316] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f412cd16060 [ 69.148659][ T5316] RBP: 00007f412cd16064 R08: 00007f412cd15f80 R09: 00007ffed6982cff [ 69.148675][ T5316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 69.148688][ T5316] R13: 00007f412cd16058 R14: 0000000000000003 R15: 00000000000012a6 [ 69.149940][ T5316] ? __warn+0x163/0x4e0 [ 69.150059][ T5316] ? __rcu_read_unlock+0x94/0x110 [ 69.150636][ T5316] [ 69.150648][ T5316] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 70.295568][ T5316] Shutting down cpus with NMI [ 70.295900][ T5316] Kernel Offset: disabled