last executing test programs: 9.668417521s ago: executing program 0 (id=257): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x123000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG_x86(r2, 0x4048ae9b, &(0x7f0000000140)={0x40000, 0x0, {[0x7, 0x1fb, 0xf, 0x6a, 0xffffffffffffff7f, 0xffffffff, 0x4, 0x40]}}) 9.371938075s ago: executing program 0 (id=260): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x1e00, 0x21}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14080, 0x10000}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r0}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x500000000000000, 0x0, 0x20000040}, 0x880) 8.970862076s ago: executing program 0 (id=264): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = eventfd2(0x4001, 0x800) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r2, 0xf445, 0x2, r2}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)={0x2e2f}) 8.458756426s ago: executing program 0 (id=270): mkdir(&(0x7f0000000000)='./file0\x00', 0x16a) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1a8) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@metacopy_on}]}) r0 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x47) mknodat$loop(r0, &(0x7f0000000200)='./file1\x00', 0x800, 0x1) chdir(&(0x7f0000000140)='./bus\x00') link(&(0x7f00000001c0)='./file1\x00', &(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') acct(&(0x7f00000005c0)='./file1\x00') 8.225329025s ago: executing program 0 (id=273): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4000000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000001200)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a8c000000030a0fdb00000000000000000a0000050900030073797a30000000000900010073797a31000000004c0008800c00024000deffff55c3dd9e0c00014000000000000000000c00024000000000000000000c00024000000000000000090c00014000000000000000060c000140000000000000026314000480080002403cb140bb080001400000000314000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) r1 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x5000, 0x0, @loopback, 0x5}, 0x1c) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1) 7.77781308s ago: executing program 0 (id=277): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) timerfd_create(0x0, 0x0) syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="02c93012000e00050014e80a"], 0x17) 7.280760749s ago: executing program 32 (id=277): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) timerfd_create(0x0, 0x0) syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="02c93012000e00050014e80a"], 0x17) 6.286362457s ago: executing program 1 (id=285): r0 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000140)=[@code={0xa, 0x77, {"640fc7a800000000c423791d2dc2d9000000b9070a0000b800000000ba000000800f3066b821008ec88fa9d89a910c00000066baf80cb8da999083ef66bafc0cecc4e131dfd466baf80cb862bd1385ef66bafc0c66b8552d66ef400f9578f02e660f38cf5049"}}], 0x77}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f00000ab000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000080)="470f23fc48b8e7320000000000000f21f80f23e1f8440f014a000f2221c7c4c3fd01ce002063800000002c24f30f556797c483fd005b02ea64267b470f1fcfcf666466430f3833af00580000", 0x4c}], 0x1, 0x3c, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = dup(r2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r3, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, 0x0}], 0x1, 0x4b, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000002c0)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 5.154179915s ago: executing program 1 (id=292): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$nl80211(0x0, r2) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001300)=@newqdisc={0x45c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r7, {0x10}, {}, {0x2, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x3, 0x0, 0x8, 0xbac8, 0x31e4, 0x7}, {0x48, 0x1, 0xfcbf, 0xfff7, 0x1ff, 0x5}, 0x4eef, 0x2, 0x19b0}}, @TCA_TBF_RTAB={0x404, 0x2, [0x1, 0xffffffff, 0x3, 0x9, 0x1, 0x800, 0x9c3, 0x4, 0x0, 0x8, 0xffffffff, 0x3, 0x8, 0x8, 0xfffffffd, 0x8, 0x8001, 0x100, 0x3, 0x0, 0x588e, 0x1, 0x1e00, 0x101, 0x7, 0x80000000, 0xf8f1, 0x0, 0x401, 0x10, 0x1, 0xc00000, 0xfffffff7, 0x400, 0x7f, 0x80000000, 0x3, 0x6ade, 0x0, 0x4, 0x77c8, 0x1, 0x5, 0x8, 0x1, 0x7, 0x3, 0x80, 0x7fffffff, 0x2, 0x9, 0x3, 0x80, 0x8, 0xe, 0x6, 0x0, 0x2, 0x4, 0xfffffffa, 0x4, 0x1, 0x4, 0x3, 0x1, 0x8, 0x2, 0xe757, 0xfffffff7, 0x8001, 0x45f, 0x1ff, 0xe, 0xd, 0x7d3, 0x4, 0xb, 0x58c4637b, 0x5, 0x0, 0x1, 0x2, 0x6, 0xb90, 0x203, 0x6, 0x842f, 0x7, 0x10000, 0x4, 0xffffff25, 0xa04, 0x78da, 0x0, 0x0, 0xffffffff, 0x80000001, 0x0, 0x5, 0x465, 0x1000006, 0xcd17, 0x9, 0x6, 0x2, 0xfffffffc, 0xfffffff7, 0x7f, 0x2, 0x6, 0x1, 0x40000, 0x6, 0x6, 0x0, 0x40, 0x8, 0x3, 0x23, 0x0, 0x6, 0x1, 0x2fe, 0x96, 0x0, 0x2, 0x5, 0x2, 0x9, 0x8, 0x0, 0x0, 0x7, 0x6, 0x80, 0x1, 0x7, 0x7f, 0x2, 0x200, 0x8, 0xe330fdc7, 0x9, 0x5, 0x7e, 0x2, 0x0, 0x5, 0xffff0000, 0x2, 0x1, 0x401, 0x7, 0x8, 0xffff669d, 0xffffff94, 0x7, 0x5, 0x10001, 0x7, 0x7, 0x4, 0x5, 0xb2fb, 0x1, 0x7ff, 0x85, 0xffffffff, 0x4ac, 0xfc9, 0x80000000, 0x1, 0xfb, 0x6, 0xb, 0x3, 0x40, 0x5, 0x2, 0x83, 0x6, 0x56a, 0x0, 0x9, 0x9, 0x1, 0x7, 0x9, 0x4, 0xe, 0x6, 0x6, 0x8, 0x0, 0xfffffffe, 0x5, 0x44, 0x4, 0x2, 0x3, 0xfffffff1, 0x6, 0x80000000, 0x4, 0x100, 0xfffffff7, 0x2a8, 0x2, 0x9, 0x7f, 0x4, 0x8, 0xffffffff, 0x6ed916d9, 0xfffffff8, 0x38, 0x3, 0x2, 0xd0, 0x36a0, 0xc, 0x3, 0x2, 0x1, 0x7df0, 0x9, 0x2009, 0x5, 0xfff, 0xc, 0x87, 0x8, 0x8, 0x80000000, 0x5, 0x3, 0x800, 0x1c43, 0x7, 0xa66, 0x6, 0x18000, 0x6, 0x4, 0x86f9, 0x6, 0x80, 0x200, 0x28000, 0x401, 0xffff, 0x4d, 0x2, 0xfc, 0x7, 0x2]}]}}]}, 0x45c}, 0x1, 0x0, 0x0, 0x4009c}, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r9 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r9, &(0x7f00000005c0)="24785466124cebc6c88735f544a9", 0xe, 0x440040c4, &(0x7f00000001c0)={0x11, 0xf8, r8, 0x1, 0xd8, 0x6, @remote}, 0x14) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendto$packet(0xffffffffffffffff, &(0x7f0000000240)="800000800000210ee7decd7a0000", 0xe, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r10, 0x1, 0xd8, 0x6, @broadcast}, 0x14) 4.398826845s ago: executing program 1 (id=294): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x29, 0x0, &(0x7f0000000240)="ae24a21f9a824666f9acf0e0163fa8d7ad3a0f8e52dfe78a4408100d6ccf068949dbe6ef096242a591", 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, 0x2003}, 0x50) syz_usb_connect(0x2, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="120100000c9768405e0483020b9901e4020109021b000100000000090400fb0160291d000905"], 0x0) r0 = syz_open_dev$audion(&(0x7f0000000000), 0x3, 0x1) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r0, &(0x7f0000000700)={0x4, 0x8}, 0x10) 3.751934036s ago: executing program 3 (id=296): bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000a842b75c640e93e1b7611916e1ae35ef000000000000000000000000000000000000b545ac330ccb4ce02c3876c5208746658082ab0500000000000000c23f7793adf14a5cecdeb5f0fa86f8bf7fae3f439d4fbd4d1aff96801c96e0969f318033480c58a952e7c59fbe76c2d4cea2bf8945d031888c2481c24ff87cf9bbd6244814c3f2be4d7517d64930ffc9705d5f87a1f25c969a2261c6c124731d5b00ac2eed2a4b166c52d2ad68ac20ba46ca4385a325b027daae24edc971b653b8253cc97049f6f86b3242da51ef3d91f81feabd6e673cd07e1b04b9d6856696679bd5fa89072dff"], 0x48) r0 = socket(0x400000000010, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r3, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r5, {0xf, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_fw]}, 0x3c}, 0x1, 0x0, 0x0, 0x880}, 0x20000800) 3.147937573s ago: executing program 2 (id=299): setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@private0, 0x800, 0x0, 0x103, 0x1}, 0x20) capget(0x0, &(0x7f0000000040)={0xc, 0xd, 0x174, 0x0, 0x9, 0x6}) ioctl(0xffffffffffffffff, 0xb8, &(0x7f0000000000)="15e0185428227964d1") r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x40300, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001940)=ANY=[], 0x1c}}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000340)={0x1fe, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x40000002, 0x9, 0xfffffffffffffff9, 0x85, 0x2, 0x0, 0x4002004c8, 0x1004, 0x45c2, 0xc595, 0x7, 0x5, 0x4, 0x0, 0x80000004000000, 0x200000000c], 0x100000, 0x2010d3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.876855365s ago: executing program 2 (id=300): syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0xb, 0x0, 0x2043}}}, 0x7) syz_emit_vhci(0x0, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x4, &(0x7f00000014c0)={0x2, 0x4e23, @remote}, 0x10) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000001500)={0x28, 0x0, 0xffffffff}, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000001580), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f0000001640)={&(0x7f0000001540)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000001600)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x0) syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x885}, 0x4048808) getsockopt$IP_VS_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x481, &(0x7f00000017c0), &(0x7f0000001800)=0xc) syz_emit_vhci(&(0x7f0000001840)=@HCI_ACLDATA_PKT={0x2, {0x1, 0x1, 0x2, 0x4}}, 0x9) syz_emit_vhci(&(0x7f0000001880)=@HCI_VENDOR_PKT, 0x2) syz_genetlink_get_family_id$gtp(&(0x7f0000001900), 0xffffffffffffffff) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x0) 2.772726893s ago: executing program 2 (id=301): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$nl80211(0x0, r2) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001300)=@newqdisc={0x45c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r7, {0x10}, {}, {0x2, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x3, 0x0, 0x8, 0xbac8, 0x31e4, 0x7}, {0x48, 0x1, 0xfcbf, 0xfff7, 0x1ff, 0x5}, 0x4eef, 0x2, 0x19b0}}, @TCA_TBF_RTAB={0x404, 0x2, [0x1, 0xffffffff, 0x3, 0x9, 0x1, 0x800, 0x9c3, 0x4, 0x0, 0x8, 0xffffffff, 0x3, 0x8, 0x8, 0xfffffffd, 0x8, 0x8001, 0x100, 0x3, 0x0, 0x588e, 0x1, 0x1e00, 0x101, 0x7, 0x80000000, 0xf8f1, 0x0, 0x401, 0x10, 0x1, 0xc00000, 0xfffffff7, 0x400, 0x7f, 0x80000000, 0x3, 0x6ade, 0x0, 0x4, 0x77c8, 0x1, 0x5, 0x8, 0x1, 0x7, 0x3, 0x80, 0x7fffffff, 0x2, 0x9, 0x3, 0x80, 0x8, 0xe, 0x6, 0x0, 0x2, 0x4, 0xfffffffa, 0x4, 0x1, 0x4, 0x3, 0x1, 0x8, 0x2, 0xe757, 0xfffffff7, 0x8001, 0x45f, 0x1ff, 0xe, 0xd, 0x7d3, 0x4, 0xb, 0x58c4637b, 0x5, 0x0, 0x1, 0x2, 0x6, 0xb90, 0x203, 0x6, 0x842f, 0x7, 0x10000, 0x4, 0xffffff25, 0xa04, 0x78da, 0x0, 0x0, 0xffffffff, 0x80000001, 0x0, 0x5, 0x465, 0x1000006, 0xcd17, 0x9, 0x6, 0x2, 0xfffffffc, 0xfffffff7, 0x7f, 0x2, 0x6, 0x1, 0x40000, 0x6, 0x6, 0x0, 0x40, 0x8, 0x3, 0x23, 0x0, 0x6, 0x1, 0x2fe, 0x96, 0x0, 0x2, 0x5, 0x2, 0x9, 0x8, 0x0, 0x0, 0x7, 0x6, 0x80, 0x1, 0x7, 0x7f, 0x2, 0x200, 0x8, 0xe330fdc7, 0x9, 0x5, 0x7e, 0x2, 0x0, 0x5, 0xffff0000, 0x2, 0x1, 0x401, 0x7, 0x8, 0xffff669d, 0xffffff94, 0x7, 0x5, 0x10001, 0x7, 0x7, 0x4, 0x5, 0xb2fb, 0x1, 0x7ff, 0x85, 0xffffffff, 0x4ac, 0xfc9, 0x80000000, 0x1, 0xfb, 0x6, 0xb, 0x3, 0x40, 0x5, 0x2, 0x83, 0x6, 0x56a, 0x0, 0x9, 0x9, 0x1, 0x7, 0x9, 0x4, 0xe, 0x6, 0x6, 0x8, 0x0, 0xfffffffe, 0x5, 0x44, 0x4, 0x2, 0x3, 0xfffffff1, 0x6, 0x80000000, 0x4, 0x100, 0xfffffff7, 0x2a8, 0x2, 0x9, 0x7f, 0x4, 0x8, 0xffffffff, 0x6ed916d9, 0xfffffff8, 0x38, 0x3, 0x2, 0xd0, 0x36a0, 0xc, 0x3, 0x2, 0x1, 0x7df0, 0x9, 0x2009, 0x5, 0xfff, 0xc, 0x87, 0x8, 0x8, 0x80000000, 0x5, 0x3, 0x800, 0x1c43, 0x7, 0xa66, 0x6, 0x18000, 0x6, 0x4, 0x86f9, 0x6, 0x80, 0x200, 0x28000, 0x401, 0xffff, 0x4d, 0x2, 0xfc, 0x7, 0x2]}]}}]}, 0x45c}, 0x1, 0x0, 0x0, 0x4009c}, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r9 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r9, &(0x7f00000005c0)="24785466124cebc6c88735f544a9", 0xe, 0x440040c4, &(0x7f00000001c0)={0x11, 0xf8, r8, 0x1, 0xd8, 0x6, @remote}, 0x14) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendto$packet(0xffffffffffffffff, &(0x7f0000000240)="800000800000210ee7decd7a0000", 0xe, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r10, 0x1, 0xd8, 0x6, @broadcast}, 0x14) 1.27183527s ago: executing program 3 (id=302): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000006280)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c71329afd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e6ef001881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452942200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa81a98b74de0a26cebf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2caa3c4d872744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de7007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4c62e217bd9e19460762f36c66bc948fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449ede7ba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c5789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e38ae665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2643508861a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9af741e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beae69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c3d2a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3386abdf69540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a579aeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0f58b12ca4dc131c381b49b42b570bcfc0dd663f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f95011a3ba1d2fd8086a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc08fee00308420121d4c7431b3cfb80f9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906918966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e710cfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935ae91f7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007db9976f351717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992febcc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c799a903f651b0d013f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d20969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dce05a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f2948fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db679c67ea59c1350b8442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e195464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b22c1727d4b6df01957cae47443b706d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda451852e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdcdbf3ac27265b779db4f49bade0128eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5042d2a6e78bbfe5ee146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cd2c44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af418075338328f24e7504341c22bef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a", 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(r1, 0x4068aea3, &(0x7f0000000180)={0x8f, 0x0, 0x8}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.230070154s ago: executing program 2 (id=303): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f00000000c0)="b9620b00000f323e430f350f72d0dec744240001000000c744240237d30000ff2c24440f20c03509000000440f22c00f5c08c4e37d6fc5008fa9d8914ae60fc7684ac4c24bf7f3", 0x47}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.200248576s ago: executing program 1 (id=304): r0 = socket$unix(0x1, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x1, 0x8155}}}}]}, 0x44}}, 0x0) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) close(0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r8, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)='\'', 0x1}], 0x1}, 0x4) 843.823794ms ago: executing program 3 (id=305): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)}) ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[0x0, 0x0], 0x2}) ioctl$DRM_IOCTL_MODE_SETPLANE(r1, 0xc03064b7, &(0x7f0000000a00)={r4, r2, r3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x3, 0x800000}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x83, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd71, 0xffffffffffffffff}, 0x78) syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040302"], 0x4) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) ioctl$EVIOCGPROP(r5, 0x40047438, &(0x7f0000000180)=""/246) writev(r5, &(0x7f0000000440)=[{&(0x7f0000000280)="c021", 0x1700}], 0x1) 644.807949ms ago: executing program 2 (id=306): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_TSC_KHZ_vm(r1, 0xaea2, 0x7) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f0000000100)="d8df0f23b3b9ce000000b807000000ba000000000f301b8154fea900c1210680320000c4e28ddc8dcd000000c182fd3f0000c8b950020000b801000400b9a6080000b80000010066b87a000f00d80f300f300fc79d53bf0000c4b9e16dc30101220f01c3", 0x64}], 0x1, 0x14, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 606.816302ms ago: executing program 3 (id=307): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat$tun(0xffffffffffffff9c, 0x0, 0x1c1842, 0x0) r0 = openat$autofs(0xffffffffffffff9c, 0x0, 0xc0a00, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0xc0189371, 0x0) shutdown(0xffffffffffffffff, 0x0) syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="02c9000e671408de"], 0x11) 343.893223ms ago: executing program 3 (id=308): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000440)={r4, 0x2, 0x0, 0x0, 0x0, [0x0], [0xfffffffe], [0x0, 0x0, 0x0, 0x6], [0x0, 0x0, 0xffffffffffffffff]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r5}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 343.593893ms ago: executing program 1 (id=309): r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1fffffff, 0x48800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000580)={0x0, 0x0, r1, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000ac0)={0x0, 0x0, r1, r2, 0xa002, 0x4a, 0x81d, 0x2, {0x0, 0xffff, 0x2, 0x9, 0x8, 0x0, 0x4, 0xffff, 0x8, 0x0, 0x5, 0x101, 0xfffffffb, 0x8, "0ae9ac7903f2dffb7c29af812bdb8e9844bec8bbab5a9a434a392c74aae37035"}}) 156.938388ms ago: executing program 1 (id=310): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$nl80211(0x0, r2) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001300)=@newqdisc={0x45c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r7, {0x10}, {}, {0x2, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x3, 0x0, 0x8, 0xbac8, 0x31e4, 0x7}, {0x48, 0x1, 0xfcbf, 0xfff7, 0x1ff, 0x5}, 0x4eef, 0x2, 0x19b0}}, @TCA_TBF_RTAB={0x404, 0x2, [0x1, 0xffffffff, 0x3, 0x9, 0x1, 0x800, 0x9c3, 0x4, 0x0, 0x8, 0xffffffff, 0x3, 0x8, 0x8, 0xfffffffd, 0x8, 0x8001, 0x100, 0x3, 0x0, 0x588e, 0x1, 0x1e00, 0x101, 0x7, 0x80000000, 0xf8f1, 0x0, 0x401, 0x10, 0x1, 0xc00000, 0xfffffff7, 0x400, 0x7f, 0x80000000, 0x3, 0x6ade, 0x0, 0x4, 0x77c8, 0x1, 0x5, 0x8, 0x1, 0x7, 0x3, 0x80, 0x7fffffff, 0x2, 0x9, 0x3, 0x80, 0x8, 0xe, 0x6, 0x0, 0x2, 0x4, 0xfffffffa, 0x4, 0x1, 0x4, 0x3, 0x1, 0x8, 0x2, 0xe757, 0xfffffff7, 0x8001, 0x45f, 0x1ff, 0xe, 0xd, 0x7d3, 0x4, 0xb, 0x58c4637b, 0x5, 0x0, 0x1, 0x2, 0x6, 0xb90, 0x203, 0x6, 0x842f, 0x7, 0x10000, 0x4, 0xffffff25, 0xa04, 0x78da, 0x0, 0x0, 0xffffffff, 0x80000001, 0x0, 0x5, 0x465, 0x1000006, 0xcd17, 0x9, 0x6, 0x2, 0xfffffffc, 0xfffffff7, 0x7f, 0x2, 0x6, 0x1, 0x40000, 0x6, 0x6, 0x0, 0x40, 0x8, 0x3, 0x23, 0x0, 0x6, 0x1, 0x2fe, 0x96, 0x0, 0x2, 0x5, 0x2, 0x9, 0x8, 0x0, 0x0, 0x7, 0x6, 0x80, 0x1, 0x7, 0x7f, 0x2, 0x200, 0x8, 0xe330fdc7, 0x9, 0x5, 0x7e, 0x2, 0x0, 0x5, 0xffff0000, 0x2, 0x1, 0x401, 0x7, 0x8, 0xffff669d, 0xffffff94, 0x7, 0x5, 0x10001, 0x7, 0x7, 0x4, 0x5, 0xb2fb, 0x1, 0x7ff, 0x85, 0xffffffff, 0x4ac, 0xfc9, 0x80000000, 0x1, 0xfb, 0x6, 0xb, 0x3, 0x40, 0x5, 0x2, 0x83, 0x6, 0x56a, 0x0, 0x9, 0x9, 0x1, 0x7, 0x9, 0x4, 0xe, 0x6, 0x6, 0x8, 0x0, 0xfffffffe, 0x5, 0x44, 0x4, 0x2, 0x3, 0xfffffff1, 0x6, 0x80000000, 0x4, 0x100, 0xfffffff7, 0x2a8, 0x2, 0x9, 0x7f, 0x4, 0x8, 0xffffffff, 0x6ed916d9, 0xfffffff8, 0x38, 0x3, 0x2, 0xd0, 0x36a0, 0xc, 0x3, 0x2, 0x1, 0x7df0, 0x9, 0x2009, 0x5, 0xfff, 0xc, 0x87, 0x8, 0x8, 0x80000000, 0x5, 0x3, 0x800, 0x1c43, 0x7, 0xa66, 0x6, 0x18000, 0x6, 0x4, 0x86f9, 0x6, 0x80, 0x200, 0x28000, 0x401, 0xffff, 0x4d, 0x2, 0xfc, 0x7, 0x2]}]}}]}, 0x45c}, 0x1, 0x0, 0x0, 0x4009c}, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r9 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r9, &(0x7f00000005c0)="24785466124cebc6c88735f544a9", 0xe, 0x440040c4, &(0x7f00000001c0)={0x11, 0xf8, r8, 0x1, 0xd8, 0x6, @remote}, 0x14) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendto$packet(0xffffffffffffffff, &(0x7f0000000240)="800000800000210ee7decd7a0000", 0xe, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r10, 0x1, 0xd8, 0x6, @broadcast}, 0x14) 146.366958ms ago: executing program 3 (id=311): r0 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff}) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) socket$key(0xf, 0x3, 0x2) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(r2, 0x8983, &(0x7f0000000140)) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="180000005600230d000001800000000000000000", @ANYRES32=0x0], 0x18}, 0x1, 0x0, 0x0, 0x408c4}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r5, @ANYBLOB="08002600940900000800b7"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="d80000", @ANYRES16=r3, @ANYBLOB], 0xd8}, 0x1, 0x0, 0x0, 0x40000004}, 0x24000000) sendmsg$nl_generic(r0, 0x0, 0x2400c011) openat$comedi(0xffffff9c, 0x0, 0x0, 0x0) 0s ago: executing program 2 (id=312): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x11) syz_usb_connect$hid(0x5, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100000000001000000000000000080001"], 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000002c0)=0x7e) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.16' (ED25519) to the list of known hosts. [ 71.551791][ T5755] cgroup: Unknown subsys name 'net' [ 71.719825][ T5755] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 73.470120][ T5755] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 75.137713][ T5766] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.152888][ T5777] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 75.161300][ T5777] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 75.170321][ T5777] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 75.178572][ T5777] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 75.187122][ T5777] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 75.195326][ T5777] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 75.206857][ T5777] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 75.215188][ T5777] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 75.222971][ T5777] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 75.232132][ T5778] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 75.233376][ T5777] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 75.247658][ T5771] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.249590][ T5777] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 75.262324][ T5780] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.262922][ T5777] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 75.282546][ T5777] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 75.286502][ T5780] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.292734][ T5777] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 75.297850][ T5780] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 75.307124][ T5777] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 75.316561][ T5780] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.319302][ T5777] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 75.333357][ T5777] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 75.824388][ T5764] chnl_net:caif_netlink_parms(): no params data found [ 75.885520][ T5773] chnl_net:caif_netlink_parms(): no params data found [ 76.034043][ T5765] chnl_net:caif_netlink_parms(): no params data found [ 76.045554][ T5769] chnl_net:caif_netlink_parms(): no params data found [ 76.077377][ T5764] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.084732][ T5764] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.092281][ T5764] bridge_slave_0: entered allmulticast mode [ 76.101297][ T5764] bridge_slave_0: entered promiscuous mode [ 76.127091][ T5773] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.134438][ T5773] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.141921][ T5773] bridge_slave_0: entered allmulticast mode [ 76.149135][ T5773] bridge_slave_0: entered promiscuous mode [ 76.162558][ T5773] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.169709][ T5773] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.177052][ T5773] bridge_slave_1: entered allmulticast mode [ 76.185413][ T5773] bridge_slave_1: entered promiscuous mode [ 76.194956][ T5764] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.202130][ T5764] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.210151][ T5764] bridge_slave_1: entered allmulticast mode [ 76.217289][ T5764] bridge_slave_1: entered promiscuous mode [ 76.317664][ T5764] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.340557][ T5773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.352199][ T5764] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.383179][ T5773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.464818][ T5764] team0: Port device team_slave_0 added [ 76.483485][ T5765] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.490705][ T5765] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.499231][ T5765] bridge_slave_0: entered allmulticast mode [ 76.506798][ T5765] bridge_slave_0: entered promiscuous mode [ 76.528404][ T5764] team0: Port device team_slave_1 added [ 76.535111][ T5769] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.542238][ T5769] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.549704][ T5769] bridge_slave_0: entered allmulticast mode [ 76.557621][ T5769] bridge_slave_0: entered promiscuous mode [ 76.566275][ T5769] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.574006][ T5769] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.581175][ T5769] bridge_slave_1: entered allmulticast mode [ 76.589419][ T5769] bridge_slave_1: entered promiscuous mode [ 76.597572][ T5765] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.605028][ T5765] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.612174][ T5765] bridge_slave_1: entered allmulticast mode [ 76.619915][ T5765] bridge_slave_1: entered promiscuous mode [ 76.639447][ T5773] team0: Port device team_slave_0 added [ 76.648891][ T5773] team0: Port device team_slave_1 added [ 76.728263][ T5769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.740728][ T5765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.755189][ T5765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.777891][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.785183][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.811678][ T5773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.824624][ T5764] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.831705][ T5764] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.858218][ T5764] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.873119][ T5769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.901308][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.909137][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.935558][ T5773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.947387][ T5764] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.954752][ T5764] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.981285][ T5764] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.062807][ T5765] team0: Port device team_slave_0 added [ 77.071395][ T5765] team0: Port device team_slave_1 added [ 77.093917][ T5769] team0: Port device team_slave_0 added [ 77.140271][ T5764] hsr_slave_0: entered promiscuous mode [ 77.147223][ T5764] hsr_slave_1: entered promiscuous mode [ 77.156732][ T5769] team0: Port device team_slave_1 added [ 77.178722][ T5773] hsr_slave_0: entered promiscuous mode [ 77.185610][ T5773] hsr_slave_1: entered promiscuous mode [ 77.191765][ T5773] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 77.200497][ T5773] Cannot create hsr debugfs directory [ 77.221433][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.228718][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.255671][ T5765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.280105][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.287223][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.314170][ T5777] Bluetooth: hci1: command tx timeout [ 77.314583][ T5769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.332781][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.339764][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.366472][ T5765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.382861][ T5777] Bluetooth: hci2: command tx timeout [ 77.388811][ T5777] Bluetooth: hci3: command tx timeout [ 77.394902][ T5774] Bluetooth: hci0: command tx timeout [ 77.416800][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.424028][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.452014][ T5769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.489976][ T5765] hsr_slave_0: entered promiscuous mode [ 77.497178][ T5765] hsr_slave_1: entered promiscuous mode [ 77.503816][ T5765] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 77.511590][ T5765] Cannot create hsr debugfs directory [ 77.650611][ T5769] hsr_slave_0: entered promiscuous mode [ 77.657770][ T5769] hsr_slave_1: entered promiscuous mode [ 77.664942][ T5769] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 77.673622][ T5769] Cannot create hsr debugfs directory [ 77.982233][ T5764] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 78.013958][ T5764] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 78.028411][ T5764] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 78.040794][ T5764] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 78.125017][ T5773] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 78.137361][ T5773] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 78.171161][ T5773] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 78.181564][ T5773] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 78.239742][ T5765] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 78.257888][ T5765] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 78.267649][ T5765] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 78.279107][ T5765] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 78.373379][ T5769] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 78.386589][ T5769] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 78.396971][ T5769] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 78.422202][ T5769] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 78.485239][ T5764] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.566283][ T5764] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.599847][ T2967] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.607268][ T2967] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.638517][ T2967] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.645915][ T2967] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.673997][ T5773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.735585][ T5765] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.750840][ T5773] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.790375][ T2915] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.797523][ T2915] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.821961][ T2947] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.829277][ T2947] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.847910][ T5769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.871310][ T5765] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.907193][ T998] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.914401][ T998] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.940546][ T5769] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.960211][ T5773] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 79.017910][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.025147][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.044535][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.051854][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.088737][ T2947] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.096170][ T2947] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.298763][ T5765] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 79.383350][ T5777] Bluetooth: hci1: command tx timeout [ 79.438461][ T5764] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.462991][ T5777] Bluetooth: hci3: command tx timeout [ 79.468481][ T5777] Bluetooth: hci0: command tx timeout [ 79.477684][ T5774] Bluetooth: hci2: command tx timeout [ 79.491025][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.690298][ T5764] veth0_vlan: entered promiscuous mode [ 79.712316][ T5764] veth1_vlan: entered promiscuous mode [ 79.725475][ T5773] veth0_vlan: entered promiscuous mode [ 79.737776][ T5769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.767888][ T5773] veth1_vlan: entered promiscuous mode [ 79.827504][ T5765] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.867753][ T5773] veth0_macvtap: entered promiscuous mode [ 79.884790][ T5764] veth0_macvtap: entered promiscuous mode [ 79.903726][ T5773] veth1_macvtap: entered promiscuous mode [ 79.916836][ T5764] veth1_macvtap: entered promiscuous mode [ 79.926428][ T5769] veth0_vlan: entered promiscuous mode [ 79.976202][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.988816][ T5764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.000217][ T5764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.014577][ T5764] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.024316][ T5769] veth1_vlan: entered promiscuous mode [ 80.043821][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.054555][ T5764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.066565][ T5764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.079902][ T5764] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.101535][ T5773] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.112649][ T5773] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.121751][ T5773] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.130708][ T5773] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.147135][ T5764] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.158328][ T5764] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.167704][ T5764] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.176776][ T5764] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.226767][ T5765] veth0_vlan: entered promiscuous mode [ 80.261613][ T5765] veth1_vlan: entered promiscuous mode [ 80.327729][ T5769] veth0_macvtap: entered promiscuous mode [ 80.369414][ T5769] veth1_macvtap: entered promiscuous mode [ 80.392503][ T2967] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.400586][ T2967] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.481145][ T5765] veth0_macvtap: entered promiscuous mode [ 80.502459][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.507322][ T5765] veth1_macvtap: entered promiscuous mode [ 80.510400][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.527971][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.545917][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.556317][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.567452][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.578840][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.592875][ T2947] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.600763][ T2947] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.617015][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.620749][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.637540][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.641569][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.657296][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.668813][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.681274][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.716862][ T5769] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.728163][ T5769] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.738902][ T5769] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.749692][ T5769] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.800662][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.817421][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.828751][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.839877][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.850182][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.860871][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.873414][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.925700][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.944840][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.965901][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.980904][ T28] audit: type=1326 audit(1765703366.209:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5853 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2b778f749 code=0x7ffc0000 [ 81.012524][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.026683][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.029185][ T28] audit: type=1326 audit(1765703366.209:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5853 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2b778f749 code=0x7ffc0000 [ 81.038779][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.078024][ T28] audit: type=1326 audit(1765703366.209:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5853 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7ff2b778f749 code=0x7ffc0000 [ 81.099778][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.129314][ T28] audit: type=1326 audit(1765703366.209:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5853 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2b778f749 code=0x7ffc0000 [ 81.197386][ T5765] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.211205][ T28] audit: type=1326 audit(1765703366.209:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5853 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2b778f749 code=0x7ffc0000 [ 81.218098][ T5765] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.251344][ T5765] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.267153][ T5765] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.463396][ T5777] Bluetooth: hci1: command tx timeout [ 81.477781][ T998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.498975][ T998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.542587][ T5777] Bluetooth: hci0: command tx timeout [ 81.548088][ T5777] Bluetooth: hci2: command tx timeout [ 81.554291][ T5774] Bluetooth: hci3: command tx timeout [ 81.639763][ T28] audit: type=1326 audit(1765703366.869:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5865 comm="syz.3.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 81.724228][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.726812][ T28] audit: type=1326 audit(1765703366.869:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5865 comm="syz.3.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 81.742739][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.768587][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.792669][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.809149][ T28] audit: type=1326 audit(1765703366.869:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5865 comm="syz.3.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 81.836386][ T28] audit: type=1326 audit(1765703366.869:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5865 comm="syz.3.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 81.902885][ T28] audit: type=1326 audit(1765703366.869:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5865 comm="syz.3.9" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 81.949672][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.986595][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.359803][ T5878] syz.0.1[5878]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 82.421751][ T5878] loop0: detected capacity change from 0 to 512 [ 82.501184][ T5878] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 82.547912][ T5878] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 82.727027][ T5878] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4031: comm syz.0.1: Allocating blocks 41-42 which overlap fs metadata [ 82.833439][ T5878] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4031: comm syz.0.1: Allocating blocks 41-42 which overlap fs metadata [ 82.865294][ T5878] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.1: Failed to acquire dquot type 1 [ 82.897827][ T5878] EXT4-fs error (device loop0): mb_free_blocks:1938: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 82.937115][ T5878] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #12: comm syz.0.1: corrupted inode contents [ 82.974910][ T5878] EXT4-fs error (device loop0): ext4_dirty_inode:6120: inode #12: comm syz.0.1: mark_inode_dirty error [ 83.010855][ T5878] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #12: comm syz.0.1: corrupted inode contents [ 83.048205][ T5878] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #12: comm syz.0.1: mark_inode_dirty error [ 83.097991][ T5878] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #12: comm syz.0.1: corrupted inode contents [ 83.163289][ T5878] EXT4-fs error (device loop0) in ext4_orphan_del:301: Corrupt filesystem [ 83.190810][ T5878] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #12: comm syz.0.1: corrupted inode contents [ 83.238853][ T5878] EXT4-fs error (device loop0): ext4_truncate:4294: inode #12: comm syz.0.1: mark_inode_dirty error [ 83.277044][ T5878] EXT4-fs error (device loop0) in ext4_process_orphan:343: Corrupt filesystem [ 83.318737][ T5878] EXT4-fs (loop0): 1 truncate cleaned up [ 83.351974][ T5878] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.404739][ T5878] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.543566][ T5777] Bluetooth: hci1: command tx timeout [ 83.627548][ T5777] Bluetooth: hci2: command tx timeout [ 83.634575][ T5774] Bluetooth: hci3: command tx timeout [ 83.634591][ T5780] Bluetooth: hci0: command tx timeout [ 84.020940][ T5904] loop0: detected capacity change from 0 to 512 [ 84.106922][ T5904] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 84.195170][ T5904] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 84.293747][ T5908] netlink: 100 bytes leftover after parsing attributes in process `syz.3.18'. [ 84.359775][ T5908] netlink: 4 bytes leftover after parsing attributes in process `syz.3.18'. [ 84.379795][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.653439][ T5915] loop0: detected capacity change from 0 to 512 [ 84.670815][ T5915] EXT4-fs: Ignoring removed i_version option [ 84.710003][ T5915] EXT4-fs: Ignoring removed bh option [ 84.787813][ T5915] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 84.835343][ T5915] ext4 filesystem being mounted at /3/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 86.274097][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.399073][ T5934] loop2: detected capacity change from 0 to 2048 [ 86.414323][ T5934] EXT4-fs: Ignoring removed mblk_io_submit option [ 86.426584][ T5934] EXT4-fs: Ignoring removed i_version option [ 86.516217][ T5934] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.685662][ T5944] capability: warning: `syz.1.28' uses deprecated v2 capabilities in a way that may be insecure [ 86.750269][ T11] Bluetooth: hci4: Frame reassembly failed (-84) [ 86.910783][ T5946] netlink: 24 bytes leftover after parsing attributes in process `syz.0.29'. [ 87.049138][ T5952] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 87.070814][ T786] cfg80211: failed to load regulatory.db [ 87.120505][ T5952] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 87.136760][ T787] IPVS: starting estimator thread 0... [ 87.167917][ T5952] loop0: detected capacity change from 0 to 512 [ 87.205491][ T5952] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 87.262683][ T5954] IPVS: using max 16 ests per chain, 38400 per kthread [ 87.280170][ T5952] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 87.371265][ T5952] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2872: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 87.410978][ T5952] EXT4-fs (loop0): 1 truncate cleaned up [ 87.418353][ T5952] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.645893][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.731383][ T28] kauditd_printk_skb: 13 callbacks suppressed [ 87.731400][ T28] audit: type=1326 audit(1765703372.959:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5969 comm="syz.3.40" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 87.831430][ T28] audit: type=1326 audit(1765703372.999:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5969 comm="syz.3.40" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 87.897880][ T28] audit: type=1326 audit(1765703372.999:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5969 comm="syz.3.40" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 87.951218][ T28] audit: type=1326 audit(1765703372.999:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5969 comm="syz.3.40" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 88.002183][ T28] audit: type=1326 audit(1765703372.999:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5969 comm="syz.3.40" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 88.059074][ T28] audit: type=1326 audit(1765703372.999:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5969 comm="syz.3.40" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 88.112454][ T28] audit: type=1326 audit(1765703372.999:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5969 comm="syz.3.40" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 88.162049][ T5980] loop1: detected capacity change from 0 to 512 [ 88.178786][ T28] audit: type=1326 audit(1765703372.999:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5969 comm="syz.3.40" exe="/root/syz-executor" sig=0 arch=c000003e syscall=438 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 88.232520][ T28] audit: type=1326 audit(1765703372.999:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5969 comm="syz.3.40" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 88.284488][ T5980] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 88.318314][ T28] audit: type=1326 audit(1765703373.009:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5969 comm="syz.3.40" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 88.367944][ T5980] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.426171][ T5980] ext4 filesystem being mounted at /18/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 88.664865][ T5991] loop0: detected capacity change from 0 to 1764 [ 88.667173][ T5764] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.742651][ T5777] Bluetooth: hci4: command 0x1003 tx timeout [ 88.743257][ T5780] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 88.916109][ T5765] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.157889][ T5997] serio: Serial port ttyS3 [ 89.348066][ T6004] loop0: detected capacity change from 0 to 512 [ 89.741497][ T6008] --map-set only usable from mangle table [ 90.068817][ T6008] syz.2.50 (6008) used greatest stack depth: 16592 bytes left [ 90.113961][ T6004] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 90.217039][ T6004] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 90.348964][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.751136][ T6030] loop0: detected capacity change from 0 to 764 [ 90.954821][ T6037] netlink: 'syz.2.64': attribute type 10 has an invalid length. [ 91.038251][ T6037] team0: Port device dummy0 added [ 91.072938][ T6038] netlink: 'syz.2.64': attribute type 10 has an invalid length. [ 91.133891][ T6038] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 91.275775][ T6038] team0: Failed to send options change via netlink (err -105) [ 91.293157][ T6038] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 91.294489][ T6038] team0: Port device dummy0 removed [ 91.300125][ T6038] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 91.508887][ T6051] syz.2.68[6051] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 91.509037][ T6051] syz.2.68[6051] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 92.274018][ T6073] syz.2.74[6073] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 92.292748][ T6073] syz.2.74[6073] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 92.601900][ T6079] loop3: detected capacity change from 0 to 512 [ 92.612106][ T6033] syz.1.61: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 92.640065][ T6033] CPU: 1 PID: 6033 Comm: syz.1.61 Not tainted syzkaller #0 [ 92.647327][ T6033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 92.657425][ T6033] Call Trace: [ 92.660736][ T6033] [ 92.663701][ T6033] dump_stack_lvl+0x16c/0x230 [ 92.668452][ T6033] ? show_regs_print_info+0x20/0x20 [ 92.673715][ T6033] ? load_image+0x3b0/0x3b0 [ 92.678284][ T6033] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 92.684778][ T6033] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 92.691341][ T6033] warn_alloc+0x210/0x300 [ 92.695731][ T6033] ? zone_watermark_ok_safe+0x230/0x230 [ 92.701340][ T6033] ? _raw_spin_unlock+0x28/0x40 [ 92.706441][ T6033] __vmalloc_node_range+0x662/0x1320 [ 92.711816][ T6033] ? free_vm_area+0x50/0x50 [ 92.716851][ T6033] ? _raw_spin_unlock+0x28/0x40 [ 92.721852][ T6033] ? __kasan_kmalloc+0x8f/0xa0 [ 92.726760][ T6033] __vmalloc_node_range+0x568/0x1320 [ 92.727201][ T6079] mmap: syz.3.76 (6079) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 92.732075][ T6033] ? hash_netiface_create+0x361/0xff0 [ 92.732108][ T6033] ? __asan_memset+0x22/0x40 [ 92.753878][ T6033] ? free_vm_area+0x50/0x50 [ 92.758430][ T6033] ? kvmalloc_node+0x70/0x180 [ 92.763179][ T6033] ? rcu_is_watching+0x15/0xb0 [ 92.768003][ T6033] ? kvmalloc_node+0x70/0x180 [ 92.772827][ T6033] ? trace_kmalloc+0x1f/0xa0 [ 92.777473][ T6033] kvmalloc_node+0x13f/0x180 [ 92.782121][ T6033] ? hash_netiface_create+0x361/0xff0 [ 92.787636][ T6033] hash_netiface_create+0x361/0xff0 [ 92.792987][ T6033] ? __lock_acquire+0x7c80/0x7c80 [ 92.798171][ T6033] ? __nla_parse+0x40/0x50 [ 92.802650][ T6033] ? hash_netport6_gc+0x570/0x570 [ 92.807732][ T6033] ip_set_create+0xa87/0x18e0 [ 92.812465][ T6033] ? ip_set_create+0x4b2/0x18e0 [ 92.817380][ T6033] ? ip_set_protocol+0x5d0/0x5d0 [ 92.822363][ T6033] ? trace_contention_end+0x39/0xe0 [ 92.827663][ T6033] nfnetlink_rcv_msg+0xb49/0x1130 [ 92.832832][ T6033] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 92.839038][ T6033] ? nfnetlink_rcv_msg+0x20e/0x1130 [ 92.844510][ T6033] ? nfnetlink_unbind+0x160/0x160 [ 92.849616][ T6033] ? __dev_queue_xmit+0x1a64/0x35a0 [ 92.854969][ T6033] ? __netlink_deliver_tap+0x5ab/0x830 [ 92.860647][ T6033] ? netlink_deliver_tap+0x19c/0x1b0 [ 92.865974][ T6033] ? netlink_unicast+0x72c/0x8d0 [ 92.870969][ T6033] ? netlink_sendmsg+0x8c1/0xbe0 [ 92.875962][ T6033] ? ____sys_sendmsg+0x5bf/0x950 [ 92.880947][ T6033] ? ___sys_sendmsg+0x220/0x290 [ 92.885894][ T6033] ? __se_sys_sendmsg+0x1a5/0x270 [ 92.890975][ T6033] ? do_syscall_64+0x55/0xb0 [ 92.895627][ T6033] netlink_rcv_skb+0x216/0x480 [ 92.900439][ T6033] ? nfnetlink_unbind+0x160/0x160 [ 92.905603][ T6033] ? netlink_ack+0x1110/0x1110 [ 92.910512][ T6033] ? apparmor_capable+0x137/0x1a0 [ 92.915674][ T6033] ? bpf_lsm_capable+0x9/0x10 [ 92.920408][ T6033] ? security_capable+0x89/0xb0 [ 92.925417][ T6033] nfnetlink_rcv+0x274/0x2180 [ 92.930278][ T6033] ? __local_bh_enable_ip+0x12e/0x1c0 [ 92.935720][ T6033] ? lockdep_hardirqs_on+0x98/0x150 [ 92.941071][ T6033] ? __local_bh_enable_ip+0x12e/0x1c0 [ 92.946509][ T6033] ? _local_bh_enable+0xa0/0xa0 [ 92.951425][ T6033] ? __dev_queue_xmit+0x245/0x35a0 [ 92.956603][ T6033] ? nfnetlink_net_exit_batch+0xa0/0xa0 [ 92.962216][ T6033] ? __dev_queue_xmit+0x245/0x35a0 [ 92.967393][ T6033] ? ref_tracker_free+0x634/0x7d0 [ 92.972546][ T6033] ? __copy_skb_header+0xa7/0x550 [ 92.977704][ T6033] ? refcount_inc+0x70/0x70 [ 92.982249][ T6033] ? __skb_clone+0x63/0x790 [ 92.986803][ T6033] ? __skb_clone+0x480/0x790 [ 92.991461][ T6033] ? __netlink_deliver_tap+0x7e8/0x830 [ 92.996973][ T6033] ? netlink_deliver_tap+0x2e/0x1b0 [ 93.002243][ T6033] ? __lock_acquire+0x7c80/0x7c80 [ 93.007333][ T6033] ? netlink_deliver_tap+0x2e/0x1b0 [ 93.012587][ T6033] netlink_unicast+0x751/0x8d0 [ 93.017516][ T6033] netlink_sendmsg+0x8c1/0xbe0 [ 93.022338][ T6033] ? netlink_getsockopt+0x580/0x580 [ 93.027759][ T6033] ? aa_sock_msg_perm+0x94/0x150 [ 93.032761][ T6033] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 93.038277][ T6033] ? security_socket_sendmsg+0x80/0xa0 [ 93.043785][ T6033] ? netlink_getsockopt+0x580/0x580 [ 93.049031][ T6033] ____sys_sendmsg+0x5bf/0x950 [ 93.053855][ T6033] ? __asan_memset+0x22/0x40 [ 93.058494][ T6033] ? __sys_sendmsg_sock+0x30/0x30 [ 93.063561][ T6033] ? __import_iovec+0x5f2/0x860 [ 93.068489][ T6033] ? import_iovec+0x73/0xa0 [ 93.073234][ T6033] ___sys_sendmsg+0x220/0x290 [ 93.077958][ T6033] ? __sys_sendmsg+0x270/0x270 [ 93.082926][ T6033] __se_sys_sendmsg+0x1a5/0x270 [ 93.087850][ T6033] ? __x64_sys_sendmsg+0x80/0x80 [ 93.093068][ T6033] ? lockdep_hardirqs_on+0x98/0x150 [ 93.098327][ T6033] do_syscall_64+0x55/0xb0 [ 93.102965][ T6033] ? clear_bhb_loop+0x40/0x90 [ 93.107699][ T6033] ? clear_bhb_loop+0x40/0x90 [ 93.112520][ T6033] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 93.118812][ T6033] RIP: 0033:0x7ff2b778f749 [ 93.123276][ T6033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.142936][ T6033] RSP: 002b:00007ff2b8549038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 93.151406][ T6033] RAX: ffffffffffffffda RBX: 00007ff2b79e5fa0 RCX: 00007ff2b778f749 [ 93.159428][ T6033] RDX: 0000000000000800 RSI: 0000200000000200 RDI: 0000000000000003 [ 93.167450][ T6033] RBP: 00007ff2b7813f91 R08: 0000000000000000 R09: 0000000000000000 [ 93.175476][ T6033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 93.183501][ T6033] R13: 00007ff2b79e6038 R14: 00007ff2b79e5fa0 R15: 00007ffd478bf898 [ 93.191550][ T6033] [ 93.209955][ T6033] Mem-Info: [ 93.213263][ T6033] active_anon:5584 inactive_anon:0 isolated_anon:0 [ 93.213263][ T6033] active_file:973 inactive_file:39882 isolated_file:0 [ 93.213263][ T6033] unevictable:768 dirty:524 writeback:0 [ 93.213263][ T6033] slab_reclaimable:9908 slab_unreclaimable:91651 [ 93.213263][ T6033] mapped:24100 shmem:1410 pagetables:533 [ 93.213263][ T6033] sec_pagetables:0 bounce:0 [ 93.213263][ T6033] kernel_misc_reclaimable:0 [ 93.213263][ T6033] free:1308083 free_pcp:10411 free_cma:0 [ 93.259721][ T6033] Node 0 active_anon:22252kB inactive_anon:0kB active_file:3892kB inactive_file:159356kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:96404kB dirty:2096kB writeback:0kB shmem:4160kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11188kB pagetables:2068kB sec_pagetables:0kB all_unreclaimable? no [ 93.293653][ T6033] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 93.344747][ T6033] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 93.410795][ T6033] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 93.418534][ T6033] Node 0 DMA32 free:1322008kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:22904kB inactive_anon:0kB active_file:3892kB inactive_file:158040kB unevictable:1536kB writepending:2096kB present:3129332kB managed:2589640kB mlocked:0kB bounce:0kB free_pcp:21128kB local_pcp:16580kB free_cma:0kB [ 93.453409][ T6033] lowmem_reserve[]: 0 0 1 1 1 [ 93.469168][ T6033] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1316kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 93.595329][ T6033] lowmem_reserve[]: 0 0 0 0 0 [ 93.601228][ T6033] Node 1 Normal free:3894000kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:21076kB local_pcp:10912kB free_cma:0kB [ 93.640492][ T6033] lowmem_reserve[]: 0 0 0 0 0 [ 93.692427][ T6033] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 93.761734][ T6033] Node 0 DMA32: 610*4kB (UM) 217*8kB (UME) 141*16kB (UME) 129*32kB (UME) 80*64kB (UME) 81*128kB (UME) 46*256kB (UME) 28*512kB (UME) 6*1024kB (U) 3*2048kB (M) 322*4096kB (UM) = 1383360kB [ 93.827347][ T6033] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 93.861065][ T6033] Node 1 Normal: 238*4kB (UME) 53*8kB (UME) 45*16kB (UME) 42*32kB (UME) 16*64kB (UME) 7*128kB (UME) 2*256kB (UM) 2*512kB (UE) 0*1024kB 2*2048kB (UE) 948*4096kB (M) = 3894000kB [ 93.887352][ T6033] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 93.917441][ T6033] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 93.941779][ T6033] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 93.961849][ T6033] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 93.989022][ T6033] 44736 total pagecache pages [ 94.007297][ T6033] 0 pages in swap cache [ 94.014943][ T6033] Free swap = 124996kB [ 94.019161][ T6033] Total swap = 124996kB [ 94.039672][ T6033] 2097051 pages RAM [ 94.049194][ T6033] 0 pages HighMem/MovableOnly [ 94.062477][ T6033] 416127 pages reserved [ 94.066697][ T6033] 0 pages cma reserved [ 94.573512][ T6099] netlink: 536 bytes leftover after parsing attributes in process `syz.0.84'. [ 94.685453][ T6101] syz.2.86[6101] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 94.685597][ T6101] syz.2.86[6101] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 94.856055][ T6107] loop3: detected capacity change from 0 to 512 [ 94.922231][ T6107] ======================================================= [ 94.922231][ T6107] WARNING: The mand mount option has been deprecated and [ 94.922231][ T6107] and is ignored by this kernel. Remove the mand [ 94.922231][ T6107] option from the mount to silence this warning. [ 94.922231][ T6107] ======================================================= [ 94.957815][ C0] vkms_vblank_simulate: vblank timer overrun [ 95.419455][ T6107] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.452734][ T6113] netlink: 8 bytes leftover after parsing attributes in process `syz.2.89'. [ 95.456290][ T6107] ext4 filesystem being mounted at /27/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 95.566100][ T5773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.948206][ T28] audit: type=1326 audit(1765703381.179:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6123 comm="syz.3.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 96.025964][ T28] audit: type=1326 audit(1765703381.199:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6123 comm="syz.3.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 96.052999][ T28] audit: type=1326 audit(1765703381.229:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6123 comm="syz.3.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 96.076896][ T28] audit: type=1326 audit(1765703381.229:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6123 comm="syz.3.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 96.107643][ T28] audit: type=1326 audit(1765703381.229:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6123 comm="syz.3.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 96.140644][ T28] audit: type=1326 audit(1765703381.229:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6123 comm="syz.3.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 96.180394][ T6126] (null): rxe_set_mtu: Set mtu to 1024 [ 96.207899][ T28] audit: type=1326 audit(1765703381.229:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6123 comm="syz.3.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 96.252426][ T28] audit: type=1326 audit(1765703381.239:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6123 comm="syz.3.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 96.285519][ T28] audit: type=1326 audit(1765703381.239:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6123 comm="syz.3.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 96.322498][ T28] audit: type=1326 audit(1765703381.239:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6123 comm="syz.3.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae298f749 code=0x7ffc0000 [ 96.484656][ T6126] infiniband syz0: set active [ 96.490007][ T6126] infiniband syz0: added bond_slave_0 [ 96.594862][ T6126] RDS/IB: syz0: added [ 96.599958][ T6126] smc: adding ib device syz0 with port count 1 [ 96.611380][ T6126] smc: ib device syz0 port 1 has pnetid [ 97.696443][ T6138] netlink: 8 bytes leftover after parsing attributes in process `syz.3.100'. [ 98.247435][ T6154] sctp: [Deprecated]: syz.1.106 (pid 6154) Use of int in max_burst socket option. [ 98.247435][ T6154] Use struct sctp_assoc_value instead [ 98.929379][ T6172] gre0: entered promiscuous mode [ 98.959087][ T6172] gre0: entered allmulticast mode [ 99.291976][ T6183] loop1: detected capacity change from 0 to 512 [ 99.368936][ T6183] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.419875][ T6183] ext4 filesystem being mounted at /30/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 99.443185][ T6180] loop0: detected capacity change from 0 to 8192 [ 99.611815][ T5764] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.661881][ T5769] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1) [ 99.673120][ T5769] FAT-fs (loop0): Filesystem has been set read-only [ 99.899206][ T6195] loop2: detected capacity change from 0 to 1024 [ 99.924220][ T6195] EXT4-fs: Ignoring removed bh option [ 99.924379][ T6199] loop0: detected capacity change from 0 to 128 [ 99.931136][ T6197] IPv6: Can't replace route, no match found [ 99.951381][ T6195] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 100.017867][ T2967] Bluetooth: hci4: Frame reassembly failed (-84) [ 100.039860][ T6195] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 100.377919][ T6207] loop3: detected capacity change from 0 to 4096 [ 100.396739][ T6207] EXT4-fs: Ignoring removed nomblk_io_submit option [ 100.453365][ T6207] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.539971][ T6207] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 100.732785][ T5765] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.735798][ T5773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.114808][ T6225] netlink: 24 bytes leftover after parsing attributes in process `syz.3.133'. [ 101.142098][ T6225] IPVS: Error connecting to the multicast addr [ 101.178881][ T28] kauditd_printk_skb: 90 callbacks suppressed [ 101.178896][ T28] audit: type=1326 audit(1765703386.409:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.2.134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa4b98f749 code=0x7ffc0000 [ 101.210402][ T28] audit: type=1326 audit(1765703386.409:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.2.134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa4b98f749 code=0x7ffc0000 [ 101.239461][ T28] audit: type=1326 audit(1765703386.409:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.2.134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7faa4b98f749 code=0x7ffc0000 [ 101.262976][ T28] audit: type=1326 audit(1765703386.409:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.2.134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa4b98f749 code=0x7ffc0000 [ 101.319253][ T28] audit: type=1326 audit(1765703386.409:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.2.134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa4b98f749 code=0x7ffc0000 [ 101.398850][ T6231] loop2: detected capacity change from 0 to 512 [ 101.450538][ T6231] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 101.487533][ T6231] EXT4-fs (loop2): warning: checktime reached, running e2fsck is recommended [ 101.497116][ T6231] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c02c, mo2=0102] [ 101.497236][ T6231] System zones: 0-2, 18-18, 34-34 [ 101.498014][ T6231] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.135: iget: bad i_size value: 360287970189639680 [ 101.499428][ T6231] EXT4-fs (loop2): Remounting filesystem read-only [ 101.500926][ T6231] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 101.586474][ T5765] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.679976][ T59] Bluetooth: hci5: Frame reassembly failed (-84) [ 101.759770][ T6238] loop3: detected capacity change from 0 to 2048 [ 101.816569][ T6238] loop3: p1 < > p4 [ 101.831471][ T6238] loop3: p4 size 8388608 extends beyond EOD, truncated [ 102.023049][ T5774] Bluetooth: hci4: command 0x1003 tx timeout [ 102.032782][ T5780] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 102.091045][ T6243] loop0: detected capacity change from 0 to 164 [ 102.139920][ T6243] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 102.201200][ T6243] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 102.217246][ T6243] Symlink component flag not implemented [ 102.221931][ T5767] udevd[5767]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 102.224461][ T6243] Symlink component flag not implemented [ 102.252621][ T6243] Symlink component flag not implemented (7) [ 102.258688][ T6243] Symlink component flag not implemented (116) [ 102.806063][ T6255] 9pnet_fd: Insufficient options for proto=fd [ 103.703034][ T5780] Bluetooth: hci5: command 0x1003 tx timeout [ 103.703295][ T5777] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 103.949039][ T6282] loop2: detected capacity change from 0 to 512 [ 104.011714][ T6282] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.038525][ T6282] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 104.128359][ T28] audit: type=1800 audit(1765703389.349:136): pid=6282 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.158" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 104.233492][ T6282] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 104.267424][ T6289] loop0: detected capacity change from 0 to 2048 [ 104.290821][ T6282] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 2 with error 28 [ 104.336135][ T6289] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.343303][ T6282] EXT4-fs (loop2): This should not happen!! Data will be lost [ 104.343303][ T6282] [ 104.369359][ T6282] EXT4-fs (loop2): Total free blocks count 0 [ 104.380196][ T6282] EXT4-fs (loop2): Free/Dirty block details [ 104.393271][ T6282] EXT4-fs (loop2): free_blocks=65280 [ 104.402770][ T6282] EXT4-fs (loop2): dirty_blocks=31 [ 104.417100][ T6282] EXT4-fs (loop2): Block reservation details [ 104.431540][ T6282] EXT4-fs (loop2): i_reserved_data_blocks=31 [ 104.455754][ T6282] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 104.531343][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.892505][ T28] audit: type=1326 audit(1765703390.029:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6305 comm="syz.1.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2b778f749 code=0x7ffc0000 [ 105.480144][ T28] audit: type=1326 audit(1765703390.029:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6305 comm="syz.1.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2b778f749 code=0x7ffc0000 [ 105.725664][ T28] audit: type=1326 audit(1765703390.039:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6305 comm="syz.1.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff2b778f749 code=0x7ffc0000 [ 105.725714][ T28] audit: type=1326 audit(1765703390.039:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6305 comm="syz.1.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2b778f749 code=0x7ffc0000 [ 105.887398][ T6319] syz.2.167[6319] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 105.887538][ T6319] syz.2.167[6319] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 106.369789][ T2947] Bluetooth: hci4: Frame reassembly failed (-84) [ 106.403263][ T6336] sg_write: data in/out 49276/1 bytes for SCSI command 0x1c-- guessing data in; [ 106.403263][ T6336] program syz.2.179 not setting count and/or reply_len properly [ 106.535929][ T6340] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 106.638265][ T6343] syzkaller0: entered promiscuous mode [ 106.644997][ T6343] syzkaller0: entered allmulticast mode [ 107.709821][ T6368] binder: 6367:6368 ioctl c0306201 200000004a40 returned -14 [ 108.422688][ T5780] Bluetooth: hci4: command 0x1003 tx timeout [ 108.423762][ T5777] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 108.871591][ T5777] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 108.879817][ T5777] Bluetooth: Wrong link type (-22) [ 108.885427][ T5777] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 108.892270][ T5777] Bluetooth: Wrong link type (-22) [ 110.599944][ T6380] tipc: Started in network mode [ 110.605394][ T6380] tipc: Node identity 129581fa8242, cluster identity 4711 [ 110.614015][ T6380] tipc: Enabled bearer , priority 0 [ 110.698427][ T6378] tipc: Resetting bearer [ 110.720696][ T6374] tipc: Resetting bearer [ 110.971778][ T6415] Bluetooth: MGMT ver 1.22 [ 111.782493][ T5777] Bluetooth: hci3: command tx timeout [ 111.990355][ T6443] vivid-000: ================= START STATUS ================= [ 112.008580][ T6443] vivid-000: Test Pattern: 75% Colorbar [ 112.017551][ T6443] vivid-000: Fill Percentage of Frame: 100 [ 112.038722][ T6443] vivid-000: Horizontal Movement: No Movement [ 112.067795][ T6443] vivid-000: Vertical Movement: No Movement [ 112.074264][ T6443] vivid-000: OSD Text Mode: All [ 112.079335][ T6443] vivid-000: Show Border: false [ 112.092020][ T6443] vivid-000: Show Square: false [ 112.098659][ T6443] vivid-000: Sensor Flipped Horizontally: false [ 112.123807][ T6443] vivid-000: Sensor Flipped Vertically: false [ 112.130154][ T6443] vivid-000: Insert SAV Code in Image: false [ 112.145208][ T6443] vivid-000: Insert EAV Code in Image: false [ 112.151386][ T6443] vivid-000: Insert Video Guard Band: false [ 112.160733][ T6443] vivid-000: Reduced Framerate: false [ 112.166733][ T6443] vivid-000: Enable Capture Cropping: true [ 112.172970][ T6443] vivid-000: Enable Capture Composing: true [ 112.178952][ T6443] vivid-000: Enable Capture Scaler: true [ 112.185500][ T6443] vivid-000: Timestamp Source: End of Frame [ 112.191604][ T6443] vivid-000: Colorspace: sRGB [ 112.196854][ T6443] vivid-000: Transfer Function: Default [ 112.204077][ T6443] vivid-000: Y'CbCr Encoding: Default [ 112.209996][ T6443] vivid-000: HSV Encoding: Hue 0-179 [ 112.215951][ T6443] vivid-000: Quantization: Default [ 112.221258][ T6443] vivid-000: Apply Alpha To Red Only: false [ 112.227624][ T6443] vivid-000: Standard Aspect Ratio: 4x3 [ 112.233330][ T6443] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 112.241998][ T6443] vivid-000: DV Timings: 640x480p59 inactive [ 112.249483][ T6443] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 112.260040][ T6443] vivid-000: Maximum EDID Blocks: 2 [ 112.265980][ T6443] vivid-000: Limited RGB Range (16-235): false [ 112.272304][ T6443] vivid-000: Rx RGB Quantization Range: Automatic [ 112.279285][ T6443] vivid-000: Power Present: 0x00000001 [ 112.285374][ T6443] tpg source WxH: 640x360 (Y'CbCr) [ 112.290753][ T6443] tpg field: 1 [ 112.307853][ T6443] tpg crop: 640x360@0x0 [ 112.312121][ T6443] tpg compose: 640x360@0x0 [ 112.321145][ T6443] tpg colorspace: 8 [ 112.326125][ T6443] tpg transfer function: 0/0 [ 112.331643][ T6443] tpg Y'CbCr encoding: 0/0 [ 112.339116][ T6443] tpg quantization: 0/0 [ 112.346624][ T6443] tpg RGB range: 0/2 [ 112.350766][ T6443] vivid-000: ================== END STATUS ================== [ 112.416135][ T787] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 112.618027][ T787] usb 3-1: Using ep0 maxpacket: 8 [ 112.638033][ T787] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 112.658726][ T787] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 112.697664][ T787] usb 3-1: config 0 interface 0 has no altsetting 0 [ 112.716808][ T787] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 112.739092][ T787] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.779704][ T787] usb 3-1: config 0 descriptor?? [ 113.233185][ T787] usbhid 3-1:0.0: can't add hid device: -71 [ 113.256113][ T787] usbhid: probe of 3-1:0.0 failed with error -71 [ 113.301632][ T787] usb 3-1: USB disconnect, device number 2 [ 114.337052][ T6374] tipc: Disabling bearer [ 114.452520][ T8] tipc: Node number set to 2430042618 [ 114.917724][ T6475] netlink: 8 bytes leftover after parsing attributes in process `syz.3.220'. [ 114.942776][ T6475] netlink: 4 bytes leftover after parsing attributes in process `syz.3.220'. [ 115.557582][ T6496] netlink: 28 bytes leftover after parsing attributes in process `syz.1.229'. [ 115.618418][ T6498] netlink: 12 bytes leftover after parsing attributes in process `syz.0.230'. [ 115.636680][ T6498] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 115.646108][ T6498] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 115.654936][ T6498] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 115.663971][ T6498] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 115.676066][ T6498] netlink: 12 bytes leftover after parsing attributes in process `syz.0.230'. [ 115.691285][ T6498] Zero length message leads to an empty skb [ 115.945393][ T6508] netlink: 'syz.3.233': attribute type 5 has an invalid length. [ 116.503538][ T5777] Bluetooth: hci2: unexpected subevent 0x19 length: 24 < 28 [ 116.649111][ T2947] Bluetooth: hci4: Frame reassembly failed (-84) [ 117.824192][ T6544] netlink: 256 bytes leftover after parsing attributes in process `syz.3.248'. [ 118.041833][ T6550] comedi comedi0: No channels found! [ 118.424322][ T6559] binder_alloc: 6558: binder_alloc_buf, no vma [ 118.663099][ T5780] Bluetooth: hci4: command 0x1003 tx timeout [ 118.670204][ T5777] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 119.069794][ T6576] overlayfs: missing 'lowerdir' [ 119.127914][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 119.127929][ T28] audit: type=1326 audit(1765703404.359:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6575 comm="syz.1.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2b778f749 code=0x7ffc0000 [ 119.197186][ T28] audit: type=1326 audit(1765703404.359:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6575 comm="syz.1.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2b778f749 code=0x7ffc0000 [ 119.219508][ C0] vkms_vblank_simulate: vblank timer overrun [ 119.227709][ T6578] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 119.240188][ T28] audit: type=1326 audit(1765703404.389:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6575 comm="syz.1.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff2b778f749 code=0x7ffc0000 [ 119.341309][ T28] audit: type=1326 audit(1765703404.389:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6575 comm="syz.1.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2b778f749 code=0x7ffc0000 [ 119.427115][ T28] audit: type=1326 audit(1765703404.389:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6575 comm="syz.1.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2b778f749 code=0x7ffc0000 [ 119.510091][ T28] audit: type=1326 audit(1765703404.389:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6575 comm="syz.1.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff2b778f749 code=0x7ffc0000 [ 119.572493][ T28] audit: type=1326 audit(1765703404.389:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6575 comm="syz.1.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2b778f749 code=0x7ffc0000 [ 119.600239][ T28] audit: type=1326 audit(1765703404.399:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6575 comm="syz.1.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff2b778f749 code=0x7ffc0000 [ 119.623053][ C0] vkms_vblank_simulate: vblank timer overrun [ 119.708692][ T28] audit: type=1326 audit(1765703404.399:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6575 comm="syz.1.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2b778f749 code=0x7ffc0000 [ 119.767109][ T28] audit: type=1326 audit(1765703404.399:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6575 comm="syz.1.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7ff2b778f749 code=0x7ffc0000 [ 119.789319][ C0] vkms_vblank_simulate: vblank timer overrun [ 120.128183][ T6605] Process accounting resumed [ 120.145677][ T6610] netlink: 8 bytes leftover after parsing attributes in process `syz.3.271'. [ 120.728159][ T49] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 120.762810][ T49] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.907253][ T49] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 120.932505][ T49] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.036454][ T49] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 121.058644][ T49] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.142043][ T49] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 121.159994][ T49] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.661513][ T5777] Bluetooth: Wrong link type (-22) [ 121.971318][ T6641] xt_connbytes: Forcing CT accounting to be enabled [ 122.018283][ T6641] Cannot find set identified by id 0 to match [ 122.403858][ T5780] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 122.441138][ T5780] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 122.464180][ T5780] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 122.484868][ T5780] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 122.495895][ T5780] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 122.517583][ T5780] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 123.427118][ T6675] syzkaller0: entered promiscuous mode [ 123.451975][ T6675] syzkaller0: entered allmulticast mode [ 124.452727][ T49] hsr_slave_0: left promiscuous mode [ 124.463777][ T49] hsr_slave_1: left promiscuous mode [ 124.481906][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 124.500334][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 124.525318][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 124.542541][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 124.579147][ T49] bridge_slave_1: left allmulticast mode [ 124.585091][ T5777] Bluetooth: hci2: command tx timeout [ 124.594262][ T49] bridge_slave_1: left promiscuous mode [ 124.601204][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.667026][ T49] bridge_slave_0: left allmulticast mode [ 124.702486][ T49] bridge_slave_0: left promiscuous mode [ 124.719887][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.845560][ T49] veth1_macvtap: left promiscuous mode [ 124.856838][ T49] veth0_macvtap: left promiscuous mode [ 124.876980][ T49] veth1_vlan: left promiscuous mode [ 124.886609][ T49] veth0_vlan: left promiscuous mode [ 124.922166][ T6709] netlink: 24 bytes leftover after parsing attributes in process `syz.3.296'. [ 125.565097][ T5777] Bluetooth: hci0: ACL packet for unknown connection handle 1 [ 125.985736][ T49] team0 (unregistering): Port device team_slave_1 removed [ 126.053355][ T49] team0 (unregistering): Port device team_slave_0 removed [ 126.146199][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 126.214979][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 126.429891][ T5777] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 126.441090][ T5777] Bluetooth: hci3: Injecting HCI hardware error event [ 126.450226][ T5780] Bluetooth: hci3: hardware error 0x00 [ 126.680441][ T5777] Bluetooth: hci2: command tx timeout [ 126.800608][ T49] bond0 (unregistering): Released all slaves [ 126.992875][ T6652] chnl_net:caif_netlink_parms(): no params data found [ 127.381556][ T6652] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.426189][ T6652] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.463827][ T6652] bridge_slave_0: entered allmulticast mode [ 127.471727][ T6652] bridge_slave_0: entered promiscuous mode [ 127.530401][ T6652] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.558000][ T6652] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.588170][ T6652] bridge_slave_1: entered allmulticast mode [ 127.611993][ T5777] Bluetooth: hci3: unexpected event 0x03 length: 1 < 11 [ 127.612132][ T6652] bridge_slave_1: entered promiscuous mode [ 127.875232][ T6652] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 127.902055][ T6652] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 127.911851][ T49] IPVS: stop unused estimator thread 0... [ 127.998992][ T6765] kvm: user requested TSC rate below hardware speed [ 128.115240][ T6652] team0: Port device team_slave_0 added [ 128.147023][ T6652] team0: Port device team_slave_1 added [ 128.349984][ T6652] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 128.371579][ T6652] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 128.397622][ C0] vkms_vblank_simulate: vblank timer overrun [ 128.420418][ T6652] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 128.434710][ T6652] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 128.441878][ T6652] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 128.468092][ C0] vkms_vblank_simulate: vblank timer overrun [ 128.485375][ T6652] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 128.506123][ T5780] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 128.586061][ T6787] ------------[ cut here ]------------ [ 128.592071][ T6787] WARNING: CPU: 1 PID: 6787 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 128.603525][ T6787] Modules linked in: [ 128.607470][ T6787] CPU: 1 PID: 6787 Comm: syz.3.311 Not tainted syzkaller #0 [ 128.614253][ T49] ------------[ cut here ]------------ [ 128.614855][ T6787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 128.621499][ T49] WARNING: CPU: 0 PID: 49 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 128.631468][ T6787] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 128.642406][ T49] Modules linked in: [ 128.642430][ T49] CPU: 0 PID: 49 Comm: kworker/u4:3 Not tainted syzkaller #0 [ 128.649800][ T6787] Code: 48 89 df e8 0a bf f0 f7 e9 dc fc ff ff e8 30 51 99 f7 eb 24 e8 29 51 99 f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 18 51 99 f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 0a 51 99 f7 48 8b 7c 24 08 4c 8b 7c [ 128.649829][ T6787] RSP: 0018:ffffc900036aee20 EFLAGS: 00010287 [ 128.649852][ T6787] RAX: ffffffff89ec3bae RBX: 0000000000000001 RCX: 0000000000080000 [ 128.649867][ T6787] RDX: ffffc9000db6e000 RSI: 0000000000008183 RDI: 0000000000008184 [ 128.649882][ T6787] RBP: dffffc0000000000 R08: ffffffff90d945c7 R09: 1ffffffff21b28b8 [ 128.649897][ T6787] R10: dffffc0000000000 R11: fffffbfff21b28b9 R12: 0000000000000001 [ 128.649911][ T6787] R13: ffff88805c87a5d9 R14: ffff88807d82ac70 R15: ffff88807d82ace8 [ 128.649927][ T6787] FS: 00007fcae38646c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 128.649945][ T6787] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.649960][ T6787] CR2: 00007fcd2340fe9c CR3: 00000000308af000 CR4: 00000000003506e0 [ 128.649979][ T6787] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083 [ 128.649994][ T6787] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 128.650011][ T6787] Call Trace: [ 128.650021][ T6787] [ 128.650046][ T6787] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 128.650088][ T6787] ieee80211_csa_finalize+0x59a/0xf00 [ 128.650121][ T6787] ? ieee80211_csa_finalize_work+0x140/0x140 [ 128.650148][ T6787] ? cfg80211_ch_switch_started_notify+0x253/0x490 [ 128.650182][ T6787] ieee80211_channel_switch+0xa8a/0xe30 [ 128.654112][ T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 128.654130][ T49] Workqueue: events_unbound cfg80211_wiphy_work [ 128.654159][ T49] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 128.654187][ T49] Code: 48 89 df e8 0a bf f0 f7 e9 dc fc ff ff e8 30 51 99 f7 eb 24 e8 29 51 99 f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 18 51 99 f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 0a 51 99 f7 48 8b 7c 24 08 4c 8b 7c [ 128.654206][ T49] RSP: 0018:ffffc90000ba7200 EFLAGS: 00010287 [ 128.654228][ T49] RAX: ffffffff89ec3bae RBX: 0000000000000001 RCX: 0000000000100000 [ 128.654245][ T49] RDX: ffffc90016b08000 RSI: 0000000000003a58 RDI: 0000000000003a59 [ 128.661666][ T6787] ? ieee80211_csa_finalize+0xf00/0xf00 [ 128.681389][ T49] RBP: dffffc0000000000 R08: ffffffff90d945c7 R09: 1ffffffff21b28b8 [ 128.681410][ T49] R10: dffffc0000000000 R11: fffffbfff21b28b9 R12: 0000000000000001 [ 128.681426][ T49] R13: ffff88805ca0e5d9 R14: ffff88807cb22c70 R15: ffff88807cb22ce8 [ 128.681443][ T49] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 128.681460][ T49] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.681581][ T49] CR2: 00002000000012c0 CR3: 00000000267f1000 CR4: 00000000003506f0 [ 128.681604][ T49] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083 [ 128.681620][ T49] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 128.687788][ T6787] ? mutex_lock_nested+0x20/0x20 [ 128.687822][ T6787] ? ieee80211_get_channel_khz+0x15b/0x8a0 [ 128.687856][ T6787] rdev_channel_switch+0xeb/0x240 [ 128.687887][ T6787] nl80211_channel_switch+0xa07/0x1040 [ 128.696676][ T49] Call Trace: [ 128.704227][ T6787] ? wake_up_q+0xca/0x100 [ 128.704277][ T6787] ? nl80211_set_coalesce+0x1310/0x1310 [ 128.712372][ T49] [ 128.720624][ T6787] ? __nla_parse+0x40/0x50 [ 128.729408][ T49] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 128.738014][ T6787] ? nl80211_pre_doit+0x4f1/0x930 [ 128.738053][ T6787] genl_family_rcv_msg_doit+0x209/0x2f0 [ 128.744802][ T49] ieee80211_csa_finalize+0x59a/0xf00 [ 128.744841][ T49] ? ieee80211_csa_finalize_work+0x140/0x140 [ 128.744869][ T49] ? cfg80211_ch_switch_started_notify+0x253/0x490 [ 128.744904][ T49] ieee80211_channel_switch+0xa8a/0xe30 [ 128.744949][ T49] ? ieee80211_csa_finalize+0xf00/0xf00 [ 128.753097][ T6787] ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0 [ 128.761171][ T49] ? rcu_is_watching+0x15/0xb0 [ 128.769186][ T6787] ? bpf_lsm_capable+0x9/0x10 [ 128.772603][ T49] ? ieee80211_get_channel_khz+0x15b/0x8a0 [ 128.775519][ T6787] ? security_capable+0x89/0xb0 [ 128.782396][ T49] ieee80211_ibss_process_chanswitch+0x938/0xb60 [ 128.787812][ T6787] genl_rcv_msg+0x60b/0x790 [ 128.793787][ T49] ? trace_drv_return_int+0x1c0/0x1c0 [ 128.793812][ T49] ? cfg80211_find_elem_match+0x1bc/0x1f0 [ 128.800311][ T6787] ? genl_bind+0x360/0x360 [ 128.800336][ T6787] ? nl80211_exit+0x30/0x30 [ 128.806010][ T49] ? mutex_lock_nested+0x20/0x20 [ 128.816100][ T6787] ? nl80211_set_coalesce+0x1310/0x1310 [ 128.822650][ T49] ieee80211_ibss_rx_queued_mgmt+0xf98/0x2ac0 [ 128.830278][ T6787] ? nl80211_pre_doit+0x930/0x930 [ 128.830311][ T6787] ? ref_tracker_free+0x634/0x7d0 [ 128.830335][ T6787] ? __copy_skb_header+0xa7/0x550 [ 128.830384][ T6787] netlink_rcv_skb+0x216/0x480 [ 128.830408][ T6787] ? genl_bind+0x360/0x360 [ 128.830435][ T6787] ? netlink_ack+0x1110/0x1110 [ 128.830473][ T6787] ? __lock_acquire+0x7c80/0x7c80 [ 128.830509][ T6787] ? down_read+0x1ac/0x2e0 [ 128.830536][ T6787] genl_rcv+0x28/0x40 [ 128.830560][ T6787] netlink_unicast+0x751/0x8d0 [ 128.830606][ T6787] netlink_sendmsg+0x8c1/0xbe0 [ 128.830641][ T6787] ? netlink_getsockopt+0x580/0x580 [ 128.830667][ T6787] ? aa_sock_msg_perm+0x94/0x150 [ 128.830696][ T6787] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 128.850596][ T49] ? verify_lock_unused+0x140/0x140 [ 128.856626][ T6787] ? security_socket_sendmsg+0x80/0xa0 [ 128.864652][ T49] ? rcu_is_watching+0x15/0xb0 [ 128.872672][ T6787] ? netlink_getsockopt+0x580/0x580 [ 128.878311][ T49] ? verify_lock_unused+0x140/0x140 [ 128.886404][ T6787] ____sys_sendmsg+0x5bf/0x950 [ 128.894551][ T49] ? ieee80211_ibss_rx_no_sta+0x7a0/0x7a0 [ 128.902951][ T6787] ? __asan_memset+0x22/0x40 [ 128.911762][ T49] ? mark_lock+0x94/0x320 [ 128.918431][ T6787] ? __sys_sendmsg_sock+0x30/0x30 [ 128.927325][ T49] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 128.935259][ T6787] ? __import_iovec+0x5f2/0x860 [ 128.935306][ T6787] ? import_iovec+0x73/0xa0 [ 128.943310][ T49] ? lock_chain_count+0x20/0x20 [ 128.943335][ T49] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 128.943367][ T49] ? kcov_remote_start+0x4cb/0x7f0 [ 128.943394][ T49] ? lockdep_hardirqs_on+0x98/0x150 [ 128.943424][ T49] ? kcov_remote_start+0x8f/0x7f0 [ 128.948362][ T6787] ___sys_sendmsg+0x220/0x290 [ 128.948393][ T6787] ? __sys_sendmsg+0x270/0x270 [ 128.954562][ T49] ieee80211_iface_work+0x717/0xc70 [ 128.959691][ T6787] __se_sys_sendmsg+0x1a5/0x270 [ 128.965168][ T49] ? _raw_spin_unlock_irq+0x23/0x50 [ 128.968516][ T6787] ? __x64_sys_sendmsg+0x80/0x80 [ 128.972979][ T49] cfg80211_wiphy_work+0x225/0x260 [ 128.973011][ T49] ? process_scheduled_works+0x957/0x15b0 [ 128.973037][ T49] process_scheduled_works+0xa45/0x15b0 [ 128.978873][ T6787] ? lockdep_hardirqs_on+0x98/0x150 [ 128.981934][ T49] ? assign_work+0x400/0x400 [ 128.986740][ T6787] do_syscall_64+0x55/0xb0 [ 128.986764][ T6787] ? clear_bhb_loop+0x40/0x90 [ 128.986789][ T6787] ? clear_bhb_loop+0x40/0x90 [ 128.986816][ T6787] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 128.993366][ T49] ? assign_work+0x39e/0x400 [ 128.993401][ T49] worker_thread+0xa55/0xfc0 [ 128.998516][ T6787] RIP: 0033:0x7fcae298f749 [ 128.998540][ T6787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.004173][ T49] kthread+0x2fa/0x390 [ 129.009538][ T6787] RSP: 002b:00007fcae3864038 EFLAGS: 00000246 [ 129.015581][ T49] ? pr_cont_work+0x560/0x560 [ 129.022232][ T6787] ORIG_RAX: 000000000000002e [ 129.027824][ T49] ? kthread_blkcg+0xd0/0xd0 [ 129.033906][ T6787] RAX: ffffffffffffffda RBX: 00007fcae2be6090 RCX: 00007fcae298f749 [ 129.033927][ T6787] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000008 [ 129.033942][ T6787] RBP: 00007fcae2a13f91 R08: 0000000000000000 R09: 0000000000000000 [ 129.033958][ T6787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 129.033973][ T6787] R13: 00007fcae2be6128 R14: 00007fcae2be6090 R15: 00007fff44225d28 [ 129.034010][ T6787] [ 129.034024][ T6787] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 129.034035][ T6787] CPU: 1 PID: 6787 Comm: syz.3.311 Not tainted syzkaller #0 [ 129.034055][ T6787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 129.034065][ T6787] Call Trace: [ 129.034073][ T6787] [ 129.034081][ T6787] dump_stack_lvl+0x16c/0x230 [ 129.034117][ T6787] ? show_regs_print_info+0x20/0x20 [ 129.034148][ T6787] ? load_image+0x3b0/0x3b0 [ 129.034191][ T6787] panic+0x2c0/0x710 [ 129.034220][ T6787] ? bpf_jit_dump+0xd0/0xd0 [ 129.034259][ T6787] __warn+0x2e0/0x470 [ 129.034278][ T6787] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 129.034303][ T6787] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 129.034323][ T6787] report_bug+0x2be/0x4f0 [ 129.034341][ T6787] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 129.034364][ T6787] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 129.034385][ T6787] ? ieee80211_vif_use_reserved_switch+0x10ea/0x28f0 [ 129.034406][ T6787] handle_bug+0xcf/0x120 [ 129.034424][ T6787] exc_invalid_op+0x1a/0x50 [ 129.034441][ T6787] asm_exc_invalid_op+0x1a/0x20 [ 129.034460][ T6787] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 129.034482][ T6787] Code: 48 89 df e8 0a bf f0 f7 e9 dc fc ff ff e8 30 51 99 f7 eb 24 e8 29 51 99 f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 18 51 99 f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 0a 51 99 f7 48 8b 7c 24 08 4c 8b 7c [ 129.034496][ T6787] RSP: 0018:ffffc900036aee20 EFLAGS: 00010287 [ 129.034512][ T6787] RAX: ffffffff89ec3bae RBX: 0000000000000001 RCX: 0000000000080000 [ 129.034524][ T6787] RDX: ffffc9000db6e000 RSI: 0000000000008183 RDI: 0000000000008184 [ 129.034536][ T6787] RBP: dffffc0000000000 R08: ffffffff90d945c7 R09: 1ffffffff21b28b8 [ 129.034548][ T6787] R10: dffffc0000000000 R11: fffffbfff21b28b9 R12: 0000000000000001 [ 129.034559][ T6787] R13: ffff88805c87a5d9 R14: ffff88807d82ac70 R15: ffff88807d82ace8 [ 129.034580][ T6787] ? ieee80211_vif_use_reserved_switch+0xcee/0x28f0 [ 129.034622][ T6787] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 129.034649][ T6787] ieee80211_csa_finalize+0x59a/0xf00 [ 129.034678][ T6787] ? ieee80211_csa_finalize_work+0x140/0x140 [ 129.034701][ T6787] ? cfg80211_ch_switch_started_notify+0x253/0x490 [ 129.034740][ T6787] ieee80211_channel_switch+0xa8a/0xe30 [ 129.034776][ T6787] ? ieee80211_csa_finalize+0xf00/0xf00 [ 129.034805][ T6787] ? mutex_lock_nested+0x20/0x20 [ 129.034826][ T6787] ? ieee80211_get_channel_khz+0x15b/0x8a0 [ 129.034853][ T6787] rdev_channel_switch+0xeb/0x240 [ 129.034877][ T6787] nl80211_channel_switch+0xa07/0x1040 [ 129.034902][ T6787] ? wake_up_q+0xca/0x100 [ 129.034936][ T6787] ? nl80211_set_coalesce+0x1310/0x1310 [ 129.035000][ T6787] ? __nla_parse+0x40/0x50 [ 129.035030][ T6787] ? nl80211_pre_doit+0x4f1/0x930 [ 129.035057][ T6787] genl_family_rcv_msg_doit+0x209/0x2f0 [ 129.035085][ T6787] ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0 [ 129.035113][ T6787] ? bpf_lsm_capable+0x9/0x10 [ 129.035134][ T6787] ? security_capable+0x89/0xb0 [ 129.035163][ T6787] genl_rcv_msg+0x60b/0x790 [ 129.035190][ T6787] ? genl_bind+0x360/0x360 [ 129.035206][ T6787] ? nl80211_exit+0x30/0x30 [ 129.035224][ T6787] ? nl80211_set_coalesce+0x1310/0x1310 [ 129.035246][ T6787] ? nl80211_pre_doit+0x930/0x930 [ 129.035267][ T6787] ? ref_tracker_free+0x634/0x7d0 [ 129.035283][ T6787] ? __copy_skb_header+0xa7/0x550 [ 129.035312][ T6787] netlink_rcv_skb+0x216/0x480 [ 129.035331][ T6787] ? genl_bind+0x360/0x360 [ 129.035350][ T6787] ? netlink_ack+0x1110/0x1110 [ 129.035379][ T6787] ? __lock_acquire+0x7c80/0x7c80 [ 129.035408][ T6787] ? down_read+0x1ac/0x2e0 [ 129.035428][ T6787] genl_rcv+0x28/0x40 [ 129.035445][ T6787] netlink_unicast+0x751/0x8d0 [ 129.035482][ T6787] netlink_sendmsg+0x8c1/0xbe0 [ 129.035508][ T6787] ? netlink_getsockopt+0x580/0x580 [ 129.035528][ T6787] ? aa_sock_msg_perm+0x94/0x150 [ 129.035550][ T6787] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 129.035569][ T6787] ? security_socket_sendmsg+0x80/0xa0 [ 129.035589][ T6787] ? netlink_getsockopt+0x580/0x580 [ 129.035605][ T6787] ____sys_sendmsg+0x5bf/0x950 [ 129.035632][ T6787] ? __asan_memset+0x22/0x40 [ 129.035653][ T6787] ? __sys_sendmsg_sock+0x30/0x30 [ 129.035670][ T6787] ? __import_iovec+0x5f2/0x860 [ 129.035703][ T6787] ? import_iovec+0x73/0xa0 [ 129.035738][ T6787] ___sys_sendmsg+0x220/0x290 [ 129.035760][ T6787] ? __sys_sendmsg+0x270/0x270 [ 129.035831][ T6787] __se_sys_sendmsg+0x1a5/0x270 [ 129.035854][ T6787] ? __x64_sys_sendmsg+0x80/0x80 [ 129.035891][ T6787] ? lockdep_hardirqs_on+0x98/0x150 [ 129.035916][ T6787] do_syscall_64+0x55/0xb0 [ 129.035931][ T6787] ? clear_bhb_loop+0x40/0x90 [ 129.035950][ T6787] ? clear_bhb_loop+0x40/0x90 [ 129.035972][ T6787] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 129.035992][ T6787] RIP: 0033:0x7fcae298f749 [ 129.036006][ T6787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.036020][ T6787] RSP: 002b:00007fcae3864038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 129.036037][ T6787] RAX: ffffffffffffffda RBX: 00007fcae2be6090 RCX: 00007fcae298f749 [ 129.036049][ T6787] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000008 [ 129.036060][ T6787] RBP: 00007fcae2a13f91 R08: 0000000000000000 R09: 0000000000000000 [ 129.036070][ T6787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 129.036080][ T6787] R13: 00007fcae2be6128 R14: 00007fcae2be6090 R15: 00007fff44225d28 [ 129.036109][ T6787] [ 129.040507][ T6787] Kernel Offset: disabled