last executing test programs: 15.333648596s ago: executing program 0 (id=38): socket$xdp(0x2c, 0x3, 0x0) openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141121) socket$rxrpc(0x21, 0x2, 0xa) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x305e, &(0x7f00000005c0)={0x0, 0xbc23, 0x10000, 0x2, 0x403f, 0x0, r1}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) ioctl$TUNSETQUEUE(r1, 0x400454d9, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r0, 0x0, 0x0, 0x0, {0x40}}) io_uring_enter(r2, 0x2def, 0x4000, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xffffffff00000000, 0x60aea753, 0xfffffffffffffffc, 0x4}, 0x0, &(0x7f00000002c0)={0x3ff, 0x2, 0x3, 0x9, 0x1, 0x8, 0x7fffffff}, 0x0, 0x0) 14.95985196s ago: executing program 0 (id=41): syz_usb_connect(0x2, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000fdc01a40f30c74"], 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x0, 0xbea, &(0x7f00000007c0)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0x83c0550b, 0x0) 14.29689764s ago: executing program 1 (id=43): setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x4e20, 0x2, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) 13.96387048s ago: executing program 1 (id=45): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(0x3) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x200000, 0x1000}, 0x20) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'sit0\x00', 0x0}) setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x0, r3}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={0x0}, 0x1, 0x0, 0x0, 0x4000851}, 0x40) 13.776549027s ago: executing program 1 (id=46): syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', &(0x7f0000000840), &(0x7f0000000880)="22cff5", 0x3, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x4, 0x9, 0x8, 0x0, 0x3}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x20, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e24, @remote}]}, &(0x7f0000000080)=0x10) 13.111740683s ago: executing program 4 (id=49): r0 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_WOWLAN(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x28}}, 0x0) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14) sendmsg$nl_route(r1, 0x0, 0x20044002) r3 = socket(0x10, 0x803, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r5}, [@IFA_LOCAL={0x14, 0x2, @ipv4}]}, 0x2c}}, 0x0) r6 = socket(0x10, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r7}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x681}]}, 0x34}}, 0x0) 12.973938324s ago: executing program 4 (id=50): openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x0, 0x0, 0x0, 0x80000001, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$ptys(0xc, 0x3, 0x1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c000000020601000000000600000000000000000e0003006269746d61703a69700000000500040000ffed000900020073797a3200000000240007800c00028008000140ffffffff0c0001800800014080ffffff050014000200000005000500020000000500010006"], 0x6c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d40)={0x1c, 0x3, 0x6, 0x801, 0x0, 0x0, {0x2, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40004}, 0x40080d0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r3, 0xfffffffc) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x1000000) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r5 = socket$rxrpc(0x21, 0x2, 0x2) setsockopt$RXRPC_SECURITY_KEYRING(r5, 0x110, 0x2, &(0x7f0000000000), 0xfd71) syz_io_uring_setup(0xb, &(0x7f00000002c0)={0x0, 0x200002f, 0x800, 0x1, 0x100020b}, 0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r7 = syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) close(0x3) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02) syz_usb_disconnect(r7) r8 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) read$snapshot(r8, 0x0, 0xffffffbf) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0xc000000, &(0x7f0000000000)=[{0x0}], 0x1, 0x12}) 11.183762244s ago: executing program 0 (id=52): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) close(0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb9f6e4f78dd09c7d2d6ca3c8a5d0d26ccbe576f44a1bc94194817"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e088641100050000210057ac141440e0", 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x48) 9.562902079s ago: executing program 0 (id=55): r0 = syz_usb_connect(0x1, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000400)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x40, 0x13, 0x6, @remote}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000340)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)={0x40, 0x19, 0x2, "8000"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f00000001c0)={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000000380)={0x14, &(0x7f0000000200)={0x40, 0x9, 0xfd, {0xfd, 0xd, "0bb98fc311966a5f406a049f7725b468df8b660b0a6d836cfaf9147917bc44be578f798d7d7cfb8f60759d72869231b25dd11f2680dadf88b71f2130bf052173c19d926b27ed00238a0d96dc524a446e3b0b6acf72b90a5afa86cf05203657d49157880622f6e8b1724eb64544b619a5e5b10a5752ce8ee91e3fa1c34a3912c2b56e0928504adc11950219470dfddd45693022785470760c27d3df888dc722f3357b99397463d9b0217207daa4229f119ff0a353521065d7b32ba9130f947de7bfbb845cf914cffa39d1a2944cc60662beacc21ebbe7f46200877783ac41ab07de0faf5b0ab1490a26badf8d1e88e7c06ab960234823fd2b26e2b2"}}, &(0x7f0000000340)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3409}}}, 0x0) 9.091867559s ago: executing program 2 (id=56): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(0x3) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x200000, 0x1000}, 0x20) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'sit0\x00', 0x0}) setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x0, r3}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={0x0}, 0x1, 0x0, 0x0, 0x4000851}, 0x40) 8.823055726s ago: executing program 2 (id=57): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x0) 8.567369486s ago: executing program 3 (id=59): socket$nl_route(0x10, 0x3, 0x0) r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$mixer(0xffffffffffffff9c, 0x0, 0x101403, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) r3 = syz_io_uring_setup(0x9e, &(0x7f0000000000)={0x0, 0x88ad, 0x0, 0x2, 0x40000333}, &(0x7f0000000240)=0x0, &(0x7f0000000480)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x6007, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r3, 0x47ba, 0x0, 0x0, 0x0, 0x0) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000000)) 7.787494022s ago: executing program 1 (id=60): r0 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_WOWLAN(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x28}}, 0x0) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14) sendmsg$nl_route(r1, 0x0, 0x20044002) r3 = socket(0x10, 0x803, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r2, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40}, [@IFA_LOCAL={0x14, 0x2, @ipv4}]}, 0x2c}}, 0x0) r5 = socket(0x10, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r6}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x681}]}, 0x34}}, 0x0) 7.678520322s ago: executing program 4 (id=61): socket$netlink(0x10, 0x3, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000140)={'wg2\x00', 0x0}) connect$packet(r0, &(0x7f0000000240)={0x11, 0x5, r1, 0x1, 0x4, 0x6, @broadcast}, 0x14) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="043b0afffffffffffffaffffffc84bd06d423141125839584cb4bd6c1381efbe1a6917a72dc52a35f90ee4e032cc489b987036ec4cd09c28f056796041e3e8d11e1e07489e6940b83fb2b6894a1c510b531250a66a872bbbcd3aa5f358b1b380c4938c2dab152901ebfe3306f9544c60a18fb6e3fce22d076dd941d7285c65053572750035aaf23c03ccaeaef9e30cc74001678a5f030e7d58b05690f3bde02f4c903fafe231b385b98b78e3d8c6b4fde84baa2e5142ad129f3af9b010eb1705403c25e4da25df270cc6c24f5d527b6ce1696f1986f500"/227], 0xd) 7.403925241s ago: executing program 1 (id=62): syz_usb_connect(0x2, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc000000"], 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x0, 0xbea, &(0x7f00000007c0)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0x83c0550b, 0x0) 7.291799139s ago: executing program 2 (id=63): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="000080000000000000", @ANYRES32, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x2000015e, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0x5c, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r2}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="090000000200000002f988054147eceb34000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r6, 0x4020aeb2, &(0x7f0000000080)={0x0, 0x12c, @ioapic={0x5000, 0x3, 0x2, 0x0, 0x0, [{0x5, 0x8, 0x6, '\x00', 0x9}, {0x3, 0x1, 0xd1, '\x00', 0x3}, {0xfe, 0x5, 0x3, '\x00', 0x69}, {0x0, 0x4, 0x19, '\x00', 0xff}, {0x1, 0xd, 0x2, '\x00', 0x7}, {0x1, 0x27, 0x3, '\x00', 0x7}, {0xc, 0x9, 0x2, '\x00', 0x4}, {0x85, 0x1, 0x6, '\x00', 0x7}, {0x9, 0x9, 0x1, '\x00', 0x6}, {0x8, 0x4, 0xd, '\x00', 0x5}, {0xff, 0xb6, 0x3, '\x00', 0x80}, {0x7, 0x0, 0x81, '\x00', 0x3}, {0x8, 0x1, 0x4, '\x00', 0x2}, {0x8, 0xfe, 0x60, '\x00', 0x1}, {0x7, 0x3, 0x3, '\x00', 0x10}, {0x9, 0x6, 0x4, '\x00', 0x2}, {0x8, 0x4, 0xec, '\x00', 0x5}, {0x8, 0x8}, {0x8, 0x8, 0x5, '\x00', 0x1}, {0x3, 0x8, 0x6, '\x00', 0x4}, {0x7, 0x3, 0xf, '\x00', 0x7}, {0x2, 0x0, 0xf1, '\x00', 0xcf}, {0x2, 0x9, 0x5, '\x00', 0x7}, {0x2, 0x0, 0x9, '\x00', 0x7}]}}) socket$nl_route(0x10, 0x3, 0x0) select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xfffffffffffffffe}) getpeername$unix(r4, &(0x7f0000000300), &(0x7f0000000000)=0x6e) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) 5.985598794s ago: executing program 2 (id=64): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socket$packet(0x11, 0x3, 0x300) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) socket$packet(0x11, 0x2, 0x300) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x6, 0x50, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x80000001, 0xfffffe0000000003, 0x4000fa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) pipe(&(0x7f0000000380)) sendto$inet(0xffffffffffffffff, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) shutdown(0xffffffffffffffff, 0x1) recvfrom(0xffffffffffffffff, &(0x7f0000000000)=""/116, 0xffffffdd, 0x734, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4) setsockopt$inet_tcp_int(r3, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r3, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10) 5.948372236s ago: executing program 0 (id=65): openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x2102, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000300)={0x2, @win={{0x5, 0x6, 0x46, 0x1}, 0x5, 0x5, 0x0, 0xfffffeff, 0x0, 0x5f}}) bind$alg(0xffffffffffffffff, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000001280), 0x0) syz_open_dev$usbmon(0x0, 0x3f3, 0x101000) r2 = socket(0x40000000015, 0x5, 0x0) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) bind$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[], 0x1a000}}, 0x0) 4.48178971s ago: executing program 3 (id=66): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000780)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x1, 0x32}, 0x9c) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)='\x00', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000b80)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c400943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf45b665d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4c", 0x357}, {&(0x7f00000009c0)="f6c90cdedc37cdb39eae133fb46bb0b986be85321a17fc6e8ea85f018f6e81d55fa08f68960887cd420ea0c8ec111c66ec2c3baa2e4800207807a82a4559bad7736a5423c2d786f76c4aea14258d0bef41454167a1d439b5d9cfb6c508cd6b2fbbc751c26b5d345d2afa25b68d5d26612cc4af16ff3084f83682ac9b1e4dec81ac3bec3d01ca9c55e546bb09bdbc0534b04938b7a47cc4aa9f754b42d9012c35374c5576d7a1e7d5e64ced4d846135f8173ba207da142ad73646af1fcf1ec66859f0d2cf9fa2e6dbf733425eeb9b05ff7b1a3bfff2130084f8d175354899c362361d83c3025aa3df6db80e6187ca5ddc3a288a5405", 0xf5}, {&(0x7f0000000180)="1b0ad65e03f9915bfddf26c24e848a70b9d041082765acf5bbcc6657aea857184012783975c51c2f", 0x28}, {&(0x7f00000010c0)="547dc1cc8a8f2d3c1090633730f90ce80c98ab81e96e74e5549758ddcdda7779e05956aaeb2faec77b1345220ebb01281e29631ac1074bd184d6af1edf9319f2228346838301fbb3da884fcf06194382992e635a1ab4fa313d592b467fe61027c6597bea5c3f53c4880c7604b031f151ddbd35e1f7bc81d2a8111e367cb7c1794507414adf32e780f7a769299c70d32b833c4ccebbf967590d638c59606b09cb8d3c6c9588191bad2a638070a357f8e864fe450910b67a9d7111bdcb733cf5e8d4d3c6fcd09f7a86dfe22a35a69c2fb75645e21770b61ff50438ae0836699431ccde0693d34c5745bd401257ce9cbf089d380a6ad57f58b758ff49d4b28ceae53aeb0f082bdecb48583ae7ba5b7ff69e2b31dd4ce3251d20907639dd90204257c43c77634e605b303478a0fdf895679c3fc7ad4b45f7b0946158dc3a18d7c7e00455f616b96f1b8b85ef8769a59d184c0d3a7fb4122c61fd43490a242ea7a9ac18a2b5309d2954c31e4e759132ac22ba550f599c6364e87d09e1c74e781b861513b5442c4d42a696f8361c0d77c2f9291b1a41f723afe8ac89c41399e464c29697e171aaf8b51f1ee66a89ed86251a1fcbbdc064cb0bc6b7cc7850011cde4335e92f9b9bef5671845b2d16f27bbc74ad8c5098719c45ebbd5fe00f5f6df3f2a58ef72cb7febda36d7a656ea61f710b9b0ce008dec91afc7614db077ab1be6e8fa8401fe56208c1b6a2f405484fccc8ead84eeb9400fd530091f2fe49f17802baa085d4bcb99c337ea75ad31518b8ab965c28159f7f5937ba342e0afcfbd7bb2aeac4521d041639b9bbc604d2f5e53d1f8facad0e56cce855004b0bb69af4b36cc9cf060a443f68718da6803a1e3b8fb644c3239f9f110fa95a772c426ca9250214acb945cb112b63914e04d5097a43a43e76d0053499132a6da754fba091b51bac619dc5f91f62c335d89319b328e65bc4fa3c8c5ef3e75c7812b009", 0x2bc}], 0x4}}], 0x2, 0x4048884) 4.07013432s ago: executing program 3 (id=67): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(0x3) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x200000, 0x1000}, 0x20) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'sit0\x00', 0x0}) setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x0, r3}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={0x0}, 0x1, 0x0, 0x0, 0x4000851}, 0x40) 4.023482125s ago: executing program 1 (id=68): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r0, 0x29, 0xcf, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) sendmsg$NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, 0x0, 0x24010819) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="1400000016000b63d25a80648c2566e506bce1e8", 0x14}], 0x1}, 0x0) io_setup(0x8, &(0x7f00000001c0)) ioprio_set$uid(0x3, 0x0, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x5, 0x0, 0x400, 0x0, 0x0, 0x0, 0x1}, 0x0) r4 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000"], 0x0) syz_usb_control_io(r4, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="56cc85862650ea7fb897b2be00030400000036d6f504"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$uac1(r4, &(0x7f0000001840)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB]}, 0x0) syz_usb_control_io(r4, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000740)={0x20, 0x3, 0x2, "b23b"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = getpid() r6 = syz_pidfd_open(r5, 0x0) pidfd_getfd(r6, 0xffffffffffffffff, 0x0) r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r7, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r8, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$NONE(r7, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r9, r8, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r7, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r8, 0x0, &(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x8}) ioctl$IOMMU_DESTROY$hwpt(r7, 0x3b80, &(0x7f0000000340)={0x8, r10}) 3.751855895s ago: executing program 3 (id=69): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x2046}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000800)=""/213, 0xd5}, {&(0x7f0000000900)=""/242, 0xf2}, {0x0}, {&(0x7f00000006c0)=""/229, 0xe5}], 0x4}, 0x101}, {{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001900)=""/229, 0xe5}, {&(0x7f0000001a00)=""/4109, 0x100d}, {&(0x7f0000006080)=""/4085, 0xff5}, {&(0x7f0000000240)=""/112, 0x70}, {&(0x7f0000000040)=""/113, 0x71}], 0x5}, 0x4db}, {{0x0, 0x0, 0x0}, 0x8}], 0x8, 0x40010020, 0x0) 3.263658172s ago: executing program 4 (id=70): syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, {0xcd73}, 0x1}) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge0\x00'}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[], 0x48}}, 0x0) 3.143388473s ago: executing program 3 (id=71): r0 = socket$nl_route(0x10, 0x3, 0x0) socket(0x28, 0x1, 0x0) socket(0x10, 0x803, 0x0) socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000600)) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000c00)={0x1c, r3, 0x1, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x20008040) close(0xffffffffffffffff) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r1}, &(0x7f0000000840), &(0x7f0000000880)=r2}, 0x20) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r5, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$inet_int(r5, 0x0, 0x12, &(0x7f0000000040)=0xa3, 0x4) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000004, 0x0, {0x0, 0x0, 0x0, r6, {0xa}, {}, {0xfff1}}}, 0x24}}, 0x0) 2.797495674s ago: executing program 2 (id=72): r0 = socket(0x2b, 0x1, 0x1) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e20, 0x2, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={0x0}, 0x1, 0x0, 0x0, 0x4004}, 0x4) 2.678575919s ago: executing program 2 (id=73): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000280)="32780f64", 0x4, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='bbr\x00', 0x4) shutdown(r0, 0x1) 2.677631242s ago: executing program 4 (id=74): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="000080000000000000", @ANYRES32, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x2000015e, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0x5c, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r2}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="090000000200000002f988054147eceb34000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r6, 0x4020aeb2, &(0x7f0000000080)={0x0, 0x12c, @ioapic={0x5000, 0x3, 0x2, 0x0, 0x0, [{0x5, 0x8, 0x6, '\x00', 0x9}, {0x3, 0x1, 0xd1, '\x00', 0x3}, {0xfe, 0x5, 0x3, '\x00', 0x69}, {0x0, 0x4, 0x19, '\x00', 0xff}, {0x1, 0xd, 0x2, '\x00', 0x7}, {0x1, 0x27, 0x3, '\x00', 0x7}, {0xc, 0x9, 0x2, '\x00', 0x4}, {0x85, 0x1, 0x6, '\x00', 0x7}, {0x9, 0x9, 0x1, '\x00', 0x6}, {0x8, 0x4, 0xd, '\x00', 0x5}, {0xff, 0xb6, 0x3, '\x00', 0x80}, {0x7, 0x0, 0x81, '\x00', 0x3}, {0x8, 0x1, 0x4, '\x00', 0x2}, {0x8, 0xfe, 0x60, '\x00', 0x1}, {0x7, 0x3, 0x3, '\x00', 0x10}, {0x9, 0x6, 0x4, '\x00', 0x2}, {0x8, 0x4, 0xec, '\x00', 0x5}, {0x8, 0x8}, {0x8, 0x8, 0x5, '\x00', 0x1}, {0x3, 0x8, 0x6, '\x00', 0x4}, {0x7, 0x3, 0xf, '\x00', 0x7}, {0x2, 0x0, 0xf1, '\x00', 0xcf}, {0x2, 0x9, 0x5, '\x00', 0x7}, {0x2, 0x0, 0x9, '\x00', 0x7}]}}) socket$nl_route(0x10, 0x3, 0x0) select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xfffffffffffffffe}) getpeername$unix(r4, &(0x7f0000000300), &(0x7f0000000000)=0x6e) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) 1.296732432s ago: executing program 0 (id=75): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f00000001c0)=0x2) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000200)={'\x00', 0x401, 0x8, 0x1, 0x6, 0x5, 0x0}) fcntl$lock(r2, 0x24, &(0x7f0000000280)={0x2, 0x1, 0x0, 0x2, r4}) r5 = socket$can_bcm(0x1d, 0x2, 0x2) sendmsg$can_bcm(r5, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r9, &(0x7f0000001ff0), 0x10) sendmsg$can_raw(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000ff0)={&(0x7f0000000580)=@canfd={{0x1}, 0x13, 0x3, 0x0, 0x0, "0327e1b22b5fcef7539c699f5ff986ca08990039576a7d0100bdac3fa80acf584ecb5fee496e686637fa76b5ee00000000000000004e2f9663a9189b0b00"}, 0x48}, 0xee, 0x0, 0x0, 0x40041}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_BEACONS(r8, &(0x7f0000003900)={0x0, 0x0, &(0x7f00000038c0)={&(0x7f0000001500)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010007bd7000fddbdf2555000000080001006400000008000300", @ANYRES32=r10, @ANYBLOB="0c0099020b00000900000000"], 0x30}, 0x1, 0x0, 0x0, 0x40000a0}, 0x810) sendmsg$NL80211_CMD_REGISTER_BEACONS(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002bbd7000fedbdf2555000000080001005c00000008000300", @ANYRES32=r10], 0x30}, 0x1, 0x0, 0x0, 0x40895}, 0x4040040) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_BEACONS(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010026bd5000f8dbdf2555000000080001004f00000008000300", @ANYRES32=r10], 0x24}, 0x1, 0x0, 0x0, 0x20044040}, 0x24008004) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 1.082030362s ago: executing program 4 (id=76): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000140)={@val={0x8, 0x800}, @val={0x2, 0x3, 0x9, 0x68, 0x8000, 0x9}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0x7d, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @local}, {0x4f20, 0x4e22, 0x69, 0x0, @gue={{0x2, 0x0, 0x3, 0x2}, "6279cb22459ff50866ff829694a603d3c443eead410baf7b35c112fa15932138ee8f6a6d2afdde33d5a4ff97f976b3ac6d8c10e10601a959b4bf18b7d52cd3b5a4c19759c5eb55c033fbf5a6b311de39874510aa6af127d5df"}}}}, 0x8b) 0s ago: executing program 3 (id=77): socket$inet6(0xa, 0x1, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x20902, 0x0) read$sequencer(r0, &(0x7f0000000040)=""/135, 0x87) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r3, 0x1, 0x2f, &(0x7f0000000140), 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) chdir(&(0x7f0000000480)='./cgroup\x00') mkdir(&(0x7f0000000000)='./control\x00', 0x0) open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, 0x0, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}}], {0x14}}, 0x3c}}, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = inotify_init() inotify_add_watch(r6, &(0x7f0000000000)='.\x00', 0x400017e) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) utimensat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_REG(r5, 0x0, 0x14) rmdir(&(0x7f0000000040)='./control\x00') kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.3' (ED25519) to the list of known hosts. [ 79.861446][ T5835] cgroup: Unknown subsys name 'net' [ 80.080013][ T5835] cgroup: Unknown subsys name 'cpuset' [ 80.136095][ T5835] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 81.699610][ T9] cfg80211: failed to load regulatory.db [ 81.841152][ T5835] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 84.642304][ T5852] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.659782][ T5861] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.664518][ T5862] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.668635][ T5862] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 84.671796][ T5862] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 84.676248][ T5862] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 84.677491][ T5862] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 84.679497][ T5862] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 84.679878][ T5862] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.681398][ T5862] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 84.681800][ T5862] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.682620][ T5862] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 84.709158][ T5856] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 84.736523][ T5864] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.783418][ T5861] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 84.825799][ T5861] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 84.830582][ T5861] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 84.833678][ T5861] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 84.843749][ T5856] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 84.850049][ T5861] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 84.866749][ T5863] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 84.869245][ T5861] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 84.871338][ T5861] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 84.871568][ T5861] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 84.872410][ T5852] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.673528][ T5853] chnl_net:caif_netlink_parms(): no params data found [ 85.966695][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 85.976966][ T5848] chnl_net:caif_netlink_parms(): no params data found [ 86.015052][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 86.061462][ T5850] chnl_net:caif_netlink_parms(): no params data found [ 86.635243][ T5853] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.635332][ T5853] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.638614][ T5853] bridge_slave_0: entered allmulticast mode [ 86.641379][ T5853] bridge_slave_0: entered promiscuous mode [ 86.694228][ T5853] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.694381][ T5853] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.694520][ T5853] bridge_slave_1: entered allmulticast mode [ 86.717910][ T5853] bridge_slave_1: entered promiscuous mode [ 86.737137][ T5855] Bluetooth: hci4: command tx timeout [ 86.817846][ T5855] Bluetooth: hci0: command tx timeout [ 86.895768][ T5855] Bluetooth: hci2: command tx timeout [ 86.975845][ T5864] Bluetooth: hci3: command tx timeout [ 86.976141][ T5855] Bluetooth: hci1: command tx timeout [ 87.226933][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.227072][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.227236][ T5846] bridge_slave_0: entered allmulticast mode [ 87.229928][ T5846] bridge_slave_0: entered promiscuous mode [ 87.397154][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.397319][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.397497][ T5848] bridge_slave_0: entered allmulticast mode [ 87.400286][ T5848] bridge_slave_0: entered promiscuous mode [ 87.403902][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.404044][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.404241][ T5846] bridge_slave_1: entered allmulticast mode [ 87.411234][ T5846] bridge_slave_1: entered promiscuous mode [ 87.427085][ T5853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.428485][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.428620][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.428809][ T5847] bridge_slave_0: entered allmulticast mode [ 87.431701][ T5847] bridge_slave_0: entered promiscuous mode [ 87.558689][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.558767][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.558907][ T5848] bridge_slave_1: entered allmulticast mode [ 87.560429][ T5848] bridge_slave_1: entered promiscuous mode [ 87.632145][ T5853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.632383][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.632530][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.633084][ T5847] bridge_slave_1: entered allmulticast mode [ 87.635190][ T5847] bridge_slave_1: entered promiscuous mode [ 87.637315][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.637481][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.637970][ T5850] bridge_slave_0: entered allmulticast mode [ 87.640515][ T5850] bridge_slave_0: entered promiscuous mode [ 87.906485][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.906629][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.906750][ T5850] bridge_slave_1: entered allmulticast mode [ 87.908274][ T5850] bridge_slave_1: entered promiscuous mode [ 88.050140][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.319322][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.321778][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.324433][ T5853] team0: Port device team_slave_0 added [ 88.329497][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.413320][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.490763][ T5853] team0: Port device team_slave_1 added [ 88.506705][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.511130][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.790445][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.825706][ T5855] Bluetooth: hci4: command tx timeout [ 88.870375][ T5846] team0: Port device team_slave_0 added [ 88.896077][ T5855] Bluetooth: hci0: command tx timeout [ 88.975825][ T5855] Bluetooth: hci2: command tx timeout [ 89.055737][ T5855] Bluetooth: hci1: command tx timeout [ 89.055770][ T5855] Bluetooth: hci3: command tx timeout [ 89.080947][ T5848] team0: Port device team_slave_0 added [ 89.083193][ T5846] team0: Port device team_slave_1 added [ 89.084328][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.084337][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.084351][ T5853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.283374][ T5847] team0: Port device team_slave_0 added [ 89.360501][ T5848] team0: Port device team_slave_1 added [ 89.421290][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.421305][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.421319][ T5853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.423203][ T5847] team0: Port device team_slave_1 added [ 89.426216][ T5850] team0: Port device team_slave_0 added [ 89.699284][ T5850] team0: Port device team_slave_1 added [ 89.778607][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.778622][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.778639][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.957883][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.957898][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.957921][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.960398][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.960410][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.960432][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.963170][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.963182][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.963199][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.055255][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.055270][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.055289][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.208009][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.208023][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.208046][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.209718][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.209730][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.209752][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.399811][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.399826][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.399845][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.412579][ T5853] hsr_slave_0: entered promiscuous mode [ 90.414136][ T5853] hsr_slave_1: entered promiscuous mode [ 90.842744][ T5846] hsr_slave_0: entered promiscuous mode [ 90.843559][ T5846] hsr_slave_1: entered promiscuous mode [ 90.844239][ T5846] debugfs: 'hsr0' already exists in 'hsr' [ 90.844331][ T5846] Cannot create hsr debugfs directory [ 90.895830][ T5864] Bluetooth: hci4: command tx timeout [ 90.975969][ T5864] Bluetooth: hci0: command tx timeout [ 90.994181][ T5848] hsr_slave_0: entered promiscuous mode [ 90.994967][ T5848] hsr_slave_1: entered promiscuous mode [ 90.996639][ T5848] debugfs: 'hsr0' already exists in 'hsr' [ 90.996665][ T5848] Cannot create hsr debugfs directory [ 91.023129][ T5847] hsr_slave_0: entered promiscuous mode [ 91.024567][ T5847] hsr_slave_1: entered promiscuous mode [ 91.025389][ T5847] debugfs: 'hsr0' already exists in 'hsr' [ 91.025411][ T5847] Cannot create hsr debugfs directory [ 91.055722][ T5864] Bluetooth: hci2: command tx timeout [ 91.135700][ T5864] Bluetooth: hci3: command tx timeout [ 91.135731][ T5864] Bluetooth: hci1: command tx timeout [ 91.251608][ T5850] hsr_slave_0: entered promiscuous mode [ 91.252387][ T5850] hsr_slave_1: entered promiscuous mode [ 91.252917][ T5850] debugfs: 'hsr0' already exists in 'hsr' [ 91.252934][ T5850] Cannot create hsr debugfs directory [ 92.961851][ T5853] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 92.975615][ T5855] Bluetooth: hci4: command tx timeout [ 92.989472][ T5853] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 93.030025][ T5853] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 93.055661][ T5855] Bluetooth: hci0: command tx timeout [ 93.097386][ T5853] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 93.135755][ T5855] Bluetooth: hci2: command tx timeout [ 93.226255][ T5855] Bluetooth: hci1: command tx timeout [ 93.226286][ T5855] Bluetooth: hci3: command tx timeout [ 93.255587][ T5846] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.289480][ T5846] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 93.332516][ T5846] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 93.388993][ T5846] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 93.531434][ T5848] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.570539][ T5848] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 93.607858][ T5848] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 93.666948][ T5848] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 93.823092][ T5847] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.855613][ T5847] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.893138][ T5847] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.939695][ T5847] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.020315][ T5853] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.115709][ T5850] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.163222][ T5850] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.191334][ T5850] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.239236][ T5853] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.241078][ T5850] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.324785][ T1355] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.325269][ T1355] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.391142][ T1356] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.391348][ T1356] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.427689][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.533190][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.591413][ T1365] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.591623][ T1365] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.624911][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.648150][ T1365] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.648475][ T1365] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.774957][ T5848] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.801894][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.862253][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.862815][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.920348][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.920522][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.989350][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.012526][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.041065][ T1357] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.041265][ T1357] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.084540][ T1357] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.084756][ T1357] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.188679][ T5850] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.230769][ T1356] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.230984][ T1356] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.298683][ T5853] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.342764][ T1365] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.345692][ T1365] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.622404][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.949020][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.989126][ T5846] veth0_vlan: entered promiscuous mode [ 96.088277][ T5846] veth1_vlan: entered promiscuous mode [ 96.267717][ T5848] veth0_vlan: entered promiscuous mode [ 96.278961][ T5853] veth0_vlan: entered promiscuous mode [ 96.298561][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.314508][ T5846] veth0_macvtap: entered promiscuous mode [ 96.332782][ T5853] veth1_vlan: entered promiscuous mode [ 96.343188][ T5848] veth1_vlan: entered promiscuous mode [ 96.366998][ T5846] veth1_macvtap: entered promiscuous mode [ 96.457142][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.474615][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.511618][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.562469][ T5853] veth0_macvtap: entered promiscuous mode [ 96.563724][ T67] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.591204][ T5848] veth0_macvtap: entered promiscuous mode [ 96.602019][ T67] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.626354][ T67] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.628637][ T5847] veth0_vlan: entered promiscuous mode [ 96.643816][ T67] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.645044][ T5853] veth1_macvtap: entered promiscuous mode [ 96.670809][ T5848] veth1_macvtap: entered promiscuous mode [ 96.755071][ T5847] veth1_vlan: entered promiscuous mode [ 96.931103][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.963106][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.983707][ T5850] veth0_vlan: entered promiscuous mode [ 96.993291][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.023026][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.077379][ T1359] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.082849][ T1359] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.098211][ T1359] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.102008][ T1355] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.102031][ T1355] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.136941][ T1359] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.137704][ T5850] veth1_vlan: entered promiscuous mode [ 97.151499][ T1359] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.175357][ T1359] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.193790][ T1359] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.268222][ T1359] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.341816][ T5847] veth0_macvtap: entered promiscuous mode [ 97.353314][ T85] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.353332][ T85] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.470285][ T5847] veth1_macvtap: entered promiscuous mode [ 97.712060][ T5850] veth0_macvtap: entered promiscuous mode [ 97.724543][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.760221][ T1357] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.760240][ T1357] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.844402][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.845350][ T5850] veth1_macvtap: entered promiscuous mode [ 97.892484][ T1355] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.892504][ T1355] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.924997][ T5969] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 97.969107][ T1357] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.991093][ T1357] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.013141][ T1357] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.038733][ T1357] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.056055][ T85] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.056073][ T85] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.151305][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.179016][ T1355] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.179035][ T1355] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.254813][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.414510][ T1356] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.428134][ T1356] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.448801][ T1356] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.456738][ T1356] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.781474][ T1503] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.781495][ T1503] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.065538][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 99.532976][ T1359] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.532990][ T1359] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.685540][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 99.739894][ T1357] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.739915][ T1357] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.995554][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.022195][ T5980] mmap: syz.1.2 (5980) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 100.124140][ T1359] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.124159][ T1359] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.855496][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 101.275506][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 101.552700][ T6001] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 101.645507][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 101.847244][ T5940] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 102.065980][ T5849] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 102.195892][ T5940] usb 5-1: Using ep0 maxpacket: 32 [ 102.225401][ T5940] usb 5-1: New USB device found, idVendor=17cc, idProduct=1020, bcdDevice=b4.bf [ 102.225724][ T5849] usb 4-1: Using ep0 maxpacket: 16 [ 102.227725][ T5940] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.227746][ T5940] usb 5-1: Product: syz [ 102.227759][ T5940] usb 5-1: Manufacturer: syz [ 102.227771][ T5940] usb 5-1: SerialNumber: syz [ 102.230587][ T5849] usb 4-1: config 0 has an invalid interface number: 161 but max is 0 [ 102.230609][ T5849] usb 4-1: config 0 has no interface number 0 [ 102.294495][ T5849] usb 4-1: New USB device found, idVendor=0bfd, idProduct=0102, bcdDevice=9a.fd [ 102.294513][ T5849] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.294522][ T5849] usb 4-1: Product: syz [ 102.294529][ T5849] usb 4-1: Manufacturer: syz [ 102.294535][ T5849] usb 4-1: SerialNumber: syz [ 102.365947][ T5849] usb 4-1: config 0 descriptor?? [ 102.430870][ T5849] kvaser_usb 4-1:0.161: error -ENODEV: Cannot get usb endpoint(s) [ 102.437905][ T5940] usb 5-1: config 0 descriptor?? [ 102.694950][ T5859] usb 4-1: USB disconnect, device number 2 [ 103.221610][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 103.495679][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 103.496913][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 103.497083][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 103.547892][ T5940] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -110 [ 104.472846][ T5940] usb 5-1: USB disconnect, device number 2 [ 106.906733][ T5996] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 107.057196][ T5996] usb 3-1: no configurations [ 107.057213][ T5996] usb 3-1: can't read configurations, error -22 [ 107.123378][ T6052] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 107.257260][ T5996] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 107.423268][ T5996] usb 3-1: no configurations [ 107.423287][ T5996] usb 3-1: can't read configurations, error -22 [ 107.423787][ T5996] usb usb3-port1: attempt power cycle [ 107.849341][ T5996] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 107.868689][ T5996] usb 3-1: no configurations [ 107.868706][ T5996] usb 3-1: can't read configurations, error -22 [ 108.055556][ T5996] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 108.126323][ T5996] usb 3-1: no configurations [ 108.126335][ T5996] usb 3-1: can't read configurations, error -22 [ 108.128296][ T5996] usb usb3-port1: unable to enumerate USB device [ 109.935511][ T37] audit: type=1326 audit(1756953518.047:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6082 comm="syz.2.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1987ebe9 code=0x7ffc0000 [ 109.935566][ T37] audit: type=1326 audit(1756953518.047:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6082 comm="syz.2.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1987ebe9 code=0x7ffc0000 [ 110.002992][ T37] audit: type=1326 audit(1756953518.057:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6082 comm="syz.2.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=129 compat=0 ip=0x7ffb1987ebe9 code=0x7ffc0000 [ 110.003052][ T37] audit: type=1326 audit(1756953518.057:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6082 comm="syz.2.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ffb19875ba7 code=0x7ffc0000 [ 110.003088][ T37] audit: type=1326 audit(1756953518.057:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6082 comm="syz.2.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ffb1981adb9 code=0x7ffc0000 [ 110.003122][ T37] audit: type=1326 audit(1756953518.057:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6082 comm="syz.2.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1987ebe9 code=0x7ffc0000 [ 110.003157][ T37] audit: type=1326 audit(1756953518.057:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6082 comm="syz.2.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1987ebe9 code=0x7ffc0000 [ 110.978423][ T6102] netlink: 20 bytes leftover after parsing attributes in process `syz.2.36'. [ 111.229211][ T6106] Zero length message leads to an empty skb [ 111.445669][ T45] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 111.527734][ T5932] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 111.681127][ T5932] usb 1-1: no configurations [ 111.681139][ T5932] usb 1-1: can't read configurations, error -22 [ 111.788360][ T45] usb 4-1: Using ep0 maxpacket: 16 [ 111.815639][ T5932] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 111.912975][ T45] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 111.912990][ T45] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 3 [ 111.953263][ T45] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 111.953280][ T45] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.953290][ T45] usb 4-1: Product: syz [ 111.953296][ T45] usb 4-1: Manufacturer: syz [ 111.953303][ T45] usb 4-1: SerialNumber: syz [ 111.966538][ T5932] usb 1-1: no configurations [ 111.966555][ T5932] usb 1-1: can't read configurations, error -22 [ 111.967023][ T5932] usb usb1-port1: attempt power cycle [ 112.325639][ T5932] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 112.347442][ T5932] usb 1-1: no configurations [ 112.347459][ T5932] usb 1-1: can't read configurations, error -22 [ 112.475665][ T5932] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 112.497680][ T5932] usb 1-1: no configurations [ 112.497697][ T5932] usb 1-1: can't read configurations, error -22 [ 112.498042][ T5932] usb usb1-port1: unable to enumerate USB device [ 114.654703][ T5932] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 114.670103][ T6137] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 114.906802][ T5932] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 114.906823][ T5932] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 114.906847][ T5932] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 114.906858][ T5932] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.088775][ T6136] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 115.194679][ T5932] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 115.609957][ T5932] usb 5-1: USB disconnect, device number 3 [ 117.115574][ T45] usb 1-1: new low-speed USB device number 6 using dummy_hcd [ 117.256711][ T5932] usb 4-1: USB disconnect, device number 3 [ 117.278232][ T45] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 117.278249][ T45] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.281345][ T45] usb 1-1: config 0 descriptor?? [ 118.163490][ T45] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 118.163873][ T45] asix 1-1:0.0: probe with driver asix failed with error -61 [ 120.025517][ T5996] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 120.059677][ T45] usb 1-1: USB disconnect, device number 6 [ 120.188084][ T5996] usb 2-1: no configurations [ 120.188102][ T5996] usb 2-1: can't read configurations, error -22 [ 120.357530][ T5996] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 120.786240][ T5996] usb 2-1: no configurations [ 120.786253][ T5996] usb 2-1: can't read configurations, error -22 [ 120.786612][ T5996] usb usb2-port1: attempt power cycle [ 121.135806][ T5996] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 121.183804][ T5996] usb 2-1: no configurations [ 121.183822][ T5996] usb 2-1: can't read configurations, error -22 [ 121.316942][ T5996] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 121.338375][ T5996] usb 2-1: no configurations [ 121.338392][ T5996] usb 2-1: can't read configurations, error -22 [ 121.338757][ T5996] usb usb2-port1: unable to enumerate USB device [ 122.725584][ T5996] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 122.905852][ T5996] usb 2-1: Using ep0 maxpacket: 16 [ 122.951437][ T5996] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 122.951453][ T5996] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 3 [ 122.996397][ T5996] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 122.996416][ T5996] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.996425][ T5996] usb 2-1: Product: syz [ 122.996432][ T5996] usb 2-1: Manufacturer: syz [ 122.996439][ T5996] usb 2-1: SerialNumber: syz [ 123.338773][ T6214] netlink: 4 bytes leftover after parsing attributes in process `syz.3.71'. [ 125.513121][ T6234] netlink: 12 bytes leftover after parsing attributes in process `syz.0.75'. [ 125.624920][ T6233] page: refcount:515 mapcount:0 mapping:ffff888144ea1318 index:0x200 pfn:0x40800 [ 125.624953][ T6233] head: order:9 mapcount:1 entire_mapcount:1 nr_pages_mapped:0 pincount:0 [ 125.624976][ T6233] aops:hugetlbfs_aops ino:23c6 dentry name(?):"anon_hugepage" [ 125.625006][ T6233] flags: 0x80000000000041(locked|head|node=0|zone=1) [ 125.625025][ T6233] page_type: f4(hugetlb) [ 125.625042][ T6233] raw: 0080000000000041 ffffea0008eb0008 ffffea0000ff0008 ffff888144ea1318 [ 125.625056][ T6233] raw: 0000000000000200 0000000000000000 00000203f4000000 0000000000000000 [ 125.625072][ T6233] head: 0080000000000041 ffffea0008eb0008 ffffea0000ff0008 ffff888144ea1318 [ 125.625086][ T6233] head: 0000000000000200 0000000000000000 00000203f4000000 0000000000000000 [ 125.625100][ T6233] head: 0080000000000009 ffffea0001020001 0000000000000000 0000000000000000 [ 125.625114][ T6233] head: 00000007fe442e56 0000000000000000 00000000ffffffff 0000000000000200 [ 125.625123][ T6233] page dumped because: VM_BUG_ON_FOLIO(folio_mapped(folio)) [ 125.625137][ T6233] page_owner tracks the page as allocated [ 125.625143][ T6233] page last allocated via order 9, migratetype Movable, gfp_mask 0x146cca(GFP_HIGHUSER_MOVABLE|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP), pid 6135, tgid 6130 (syz.4.50), ts 113388526337, free_ts 83533997883 [ 125.625173][ T6233] post_alloc_hook+0x240/0x2a0 [ 125.625198][ T6233] get_page_from_freelist+0x2119/0x21b0 [ 125.625214][ T6233] __alloc_frozen_pages_noprof+0x181/0x370 [ 125.625230][ T6233] alloc_buddy_hugetlb_folio+0xdf/0x1c0 [ 125.625253][ T6233] only_alloc_fresh_hugetlb_folio+0x8c/0x280 [ 125.625268][ T6233] alloc_surplus_hugetlb_folio+0x103/0x430 [ 125.625282][ T6233] alloc_hugetlb_folio+0xb31/0x16c0 [ 125.625299][ T6233] hugetlb_fault+0x1de1/0x2990 [ 125.625316][ T6233] handle_mm_fault+0x20c8/0x3400 [ 125.625336][ T6233] __get_user_pages+0x16e4/0x2b60 [ 125.625353][ T6233] populate_vma_page_range+0x29f/0x3a0 [ 125.625371][ T6233] __mm_populate+0x24c/0x380 [ 125.625388][ T6233] vm_mmap_pgoff+0x38a/0x4d0 [ 125.625406][ T6233] ksys_mmap_pgoff+0x551/0x720 [ 125.905024][ T6233] do_syscall_64+0xfa/0x3b0 [ 125.905057][ T6233] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.905073][ T6233] page last free pid 5835 tgid 5835 stack trace: [ 125.905084][ T6233] free_unref_folios+0xd66/0x1460 [ 125.905106][ T6233] folios_put_refs+0x569/0x670 [ 125.905120][ T6233] free_pages_and_swap_cache+0x277/0x520 [ 125.905134][ T6233] tlb_flush_mmu+0x3a0/0x680 [ 125.905148][ T6233] tlb_finish_mmu+0xc3/0x1d0 [ 125.905162][ T6233] vms_clear_ptes+0x42c/0x540 [ 125.905179][ T6233] vms_complete_munmap_vmas+0x206/0x8a0 [ 125.905194][ T6233] do_vmi_align_munmap+0x369/0x440 [ 125.905209][ T6233] do_vmi_munmap+0x253/0x2e0 [ 125.905224][ T6233] __vm_munmap+0x23b/0x3d0 [ 125.905240][ T6233] __x64_sys_munmap+0x60/0x70 [ 125.905259][ T6233] do_syscall_64+0xfa/0x3b0 [ 125.905277][ T6233] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.905499][ T6233] ------------[ cut here ]------------ [ 125.905507][ T6233] kernel BUG at mm/filemap.c:154! [ 126.063584][ T6233] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 126.063630][ T6233] CPU: 1 UID: 0 PID: 6233 Comm: syz.0.75 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 126.063651][ T6233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 126.063661][ T6233] RIP: 0010:filemap_unaccount_folio+0x44f/0x4a0 [ 126.063689][ T6233] Code: 9d c9 ff 48 89 df 48 c7 c6 60 4b 14 8b e8 49 eb 32 ff 90 0f 0b e8 b1 9d c9 ff 48 89 df 48 c7 c6 a0 4a 14 8b e8 32 eb 32 ff 90 <0f> 0b e8 9a 9d c9 ff 48 89 df 48 c7 c6 60 4b 14 8b e8 1b eb 32 ff [ 126.063709][ T6233] RSP: 0018:ffffc90005bb6e60 EFLAGS: 00010246 [ 126.063732][ T6233] RAX: 2d121d5ca9ab8200 RBX: ffffea0001020000 RCX: 2d121d5ca9ab8200 [ 126.063746][ T6233] RDX: 0000000000000007 RSI: ffffffff8d219506 RDI: ffff888024568000 [ 126.063758][ T6233] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 126.063769][ T6233] R10: dffffc0000000000 R11: ffffed1017124863 R12: 0000000000000040 [ 126.063781][ T6233] R13: 1ffffd4000204000 R14: 1ffffd4000204001 R15: ffffea0001020008 [ 126.063795][ T6233] FS: 00007f9030c116c0(0000) GS:ffff8881269c1000(0000) knlGS:0000000000000000 [ 126.063810][ T6233] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 126.063822][ T6233] CR2: 0000200000291030 CR3: 000000003487a000 CR4: 00000000003526f0 [ 126.063838][ T6233] Call Trace: [ 126.063845][ T6233] [ 126.063853][ T6233] __filemap_remove_folio+0xc3/0x500 [ 126.063878][ T6233] ? __pfx___filemap_remove_folio+0x10/0x10 [ 126.063898][ T6233] ? rt_spin_lock+0x223/0x2c0 [ 126.063917][ T6233] ? __pfx_rt_spin_lock+0x10/0x10 [ 126.063932][ T6233] ? rt_mutex_slowunlock+0x239/0x2e0 [ 126.063950][ T6233] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 126.063971][ T6233] filemap_remove_folio+0xe6/0x200 [ 126.063992][ T6233] remove_inode_hugepages+0x593/0x1100 [ 126.064022][ T6233] ? __pfx_remove_inode_hugepages+0x10/0x10 [ 126.064052][ T6233] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 126.064077][ T6233] ? hugetlbfs_fallocate+0xbbc/0x1110 [ 126.064100][ T6233] hugetlbfs_fallocate+0xbd4/0x1110 [ 126.064121][ T6233] ? trace_sched_exit_tp+0x36/0x110 [ 126.064144][ T6233] ? __schedule+0x1709/0x4c20 [ 126.064168][ T6233] ? __pfx_hugetlbfs_fallocate+0x10/0x10 [ 126.064200][ T6233] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 126.064221][ T6233] vfs_fallocate+0x672/0x7f0 [ 126.064242][ T6233] ? lockdep_hardirqs_on+0x9c/0x150 [ 126.064266][ T6233] ? __pfx_vfs_fallocate+0x10/0x10 [ 126.064290][ T6233] madvise_vma_behavior+0x3156/0x3a00 [ 126.064317][ T6233] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 126.064345][ T6233] ? finish_task_switch+0x266/0x950 [ 126.064367][ T6233] ? lockdep_hardirqs_on+0x9c/0x150 [ 126.064388][ T6233] ? finish_task_switch+0x266/0x950 [ 126.064410][ T6233] ? rcu_is_watching+0x15/0xb0 [ 126.064434][ T6233] ? trace_sched_exit_tp+0x36/0x110 [ 126.064455][ T6233] ? __schedule+0x1709/0x4c20 [ 126.064485][ T6233] ? mas_prev_slot+0xb34/0xbb0 [ 126.064510][ T6233] ? find_vma_prev+0xfc/0x170 [ 126.064530][ T6233] ? __pfx_find_vma_prev+0x10/0x10 [ 126.064558][ T6233] madvise_walk_vmas+0x51c/0xa30 [ 126.064584][ T6233] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 126.064608][ T6233] ? blk_start_plug+0x6f/0x1b0 [ 126.064624][ T6233] madvise_do_behavior+0x38e/0x550 [ 126.064648][ T6233] ? __pfx_madvise_do_behavior+0x10/0x10 [ 126.064670][ T6233] ? down_read+0x181/0x1f0 [ 126.064706][ T6233] do_madvise+0x183/0x230 [ 126.064732][ T6233] ? __pfx_do_madvise+0x10/0x10 [ 126.064762][ T6233] __x64_sys_madvise+0xa7/0xc0 [ 126.064784][ T6233] do_syscall_64+0xfa/0x3b0 [ 126.064807][ T6233] ? lockdep_hardirqs_on+0x9c/0x150 [ 126.064827][ T6233] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.064844][ T6233] ? clear_bhb_loop+0x60/0xb0 [ 126.064862][ T6233] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.064879][ T6233] RIP: 0033:0x7f9032e0ebe9 [ 126.064901][ T6233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 126.064915][ T6233] RSP: 002b:00007f9030c11038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 126.064934][ T6233] RAX: ffffffffffffffda RBX: 00007f9033046270 RCX: 00007f9032e0ebe9 [ 126.064948][ T6233] RDX: 0000000000000009 RSI: 0000000000600002 RDI: 0000200000000000 [ 126.064960][ T6233] RBP: 00007f9032e91e19 R08: 0000000000000000 R09: 0000000000000000 [ 126.064971][ T6233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 126.064982][ T6233] R13: 00007f9033046308 R14: 00007f9033046270 R15: 00007ffcce43ca88 [ 126.065002][ T6233] [ 126.065008][ T6233] Modules linked in: [ 126.065039][ T6233] ---[ end trace 0000000000000000 ]--- [ 126.065128][ T6233] RIP: 0010:filemap_unaccount_folio+0x44f/0x4a0 [ 126.065155][ T6233] Code: 9d c9 ff 48 89 df 48 c7 c6 60 4b 14 8b e8 49 eb 32 ff 90 0f 0b e8 b1 9d c9 ff 48 89 df 48 c7 c6 a0 4a 14 8b e8 32 eb 32 ff 90 <0f> 0b e8 9a 9d c9 ff 48 89 df 48 c7 c6 60 4b 14 8b e8 1b eb 32 ff [ 126.065169][ T6233] RSP: 0018:ffffc90005bb6e60 EFLAGS: 00010246 [ 126.065184][ T6233] RAX: 2d121d5ca9ab8200 RBX: ffffea0001020000 RCX: 2d121d5ca9ab8200 [ 126.065198][ T6233] RDX: 0000000000000007 RSI: ffffffff8d219506 RDI: ffff888024568000 [ 126.065211][ T6233] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 126.065221][ T6233] R10: dffffc0000000000 R11: ffffed1017124863 R12: 0000000000000040 [ 126.065234][ T6233] R13: 1ffffd4000204000 R14: 1ffffd4000204001 R15: ffffea0001020008 [ 126.065247][ T6233] FS: 00007f9030c116c0(0000) GS:ffff8881269c1000(0000) knlGS:0000000000000000 [ 126.065262][ T6233] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 126.065274][ T6233] CR2: 0000200000291030 CR3: 000000003487a000 CR4: 00000000003526f0 [ 126.065291][ T6233] Kernel panic - not syncing: Fatal exception [ 126.065531][ T6233] Kernel Offset: disabled