last executing test programs: 18.758427086s ago: executing program 3 (id=37): sched_setscheduler(0x0, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioperm(0x0, 0x2, 0x7e) timer_create(0xb, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syslog(0x2, &(0x7f00000001c0)=""/229, 0xe5) 17.850483111s ago: executing program 2 (id=40): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDGKBENT(r0, 0x4b46, &(0x7f0000000200)={0x1, 0x80, 0x2}) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800b1170000000000b317f60000000000000001b295000000000000000000004681b9090089"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000340)='locks_get_lock_context\x00', r4}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r5, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000640)=[{0x6, 0x83, 0xfc, 0xfffffffe}]}, 0x10) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') stat(&(0x7f0000000280)='./file0\x00', 0x0) r7 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="38000000031401002dbd7000000000000900020073797a30000000000800410073697700140033006c6f"], 0xffaf}, 0x1, 0x0, 0x0, 0x40814}, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x0, 0x31, 0x7d, 0x55}}]}}]}}, 0x0) 17.556551113s ago: executing program 3 (id=41): dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$video(&(0x7f00000001c0), 0x40000000000007, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet(0x2, 0x4000000000000001, 0x0) mount(&(0x7f0000000280)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='.\x00', &(0x7f0000000240)='f2fs\x00', 0x0, 0x0) 15.421629328s ago: executing program 3 (id=43): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x6, @remote, 0xfffffffc}}, 0x0, 0x0, 0x6, 0x0, "3f114438efdaca16d374b49a365be44d5e860ea3ba676c0b5047b80e2c3535d5bd9db3c8572560f4d1be5cd41f7716082ee3589f099942e6f1c395ddb8160381baadf27900"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x0, 0x20000000, @remote}}, 0x0, 0x0, 0x0, 0x0, "ddfd3b7ed7c6a1c172a987ae5ce3cafd64c9a736831a5912d606798fb75c9981c4b3ac0e06891ff18bc5543ed57215a3c45f9154dfa319e52a15a2b9acf80c07fb1a854dad742eef6187f2304844c296"}, 0xd8) sendto$inet6(r0, 0x0, 0x0, 0x20004002, &(0x7f0000b63fe4)={0xa, 0x2, 0x80000000}, 0x1c) 14.991757733s ago: executing program 3 (id=46): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) kexec_load(0x1000d0ffc2, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x3e0000}], 0x0) 13.471377267s ago: executing program 2 (id=48): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SET_MM(0x23, 0x5, &(0x7f0000351000/0x2000)=nil) r4 = syz_open_procfs(0x0, 0x0) preadv(r4, 0x0, 0x0, 0x4000, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) fcntl$lock(r5, 0x26, &(0x7f00000001c0)={0x1, 0x1, 0x10000000000000a, 0x10000}) fcntl$lock(r5, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x2f, 0x9}) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x182800, 0x0) ioctl$RTC_AIE_ON(r6, 0x7001) ioctl$RTC_UIE_ON(r6, 0x7003) mincore(&(0x7f0000352000/0x1000)=nil, 0x1000, &(0x7f0000000340)=""/207) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3d, 0x0, &(0x7f0000000300)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@ipv4_newrule={0x30, 0x20, 0x1, 0x70bd2b, 0x25dfdbfd, {0x2, 0x10, 0x0, 0x6, 0x4, 0x0, 0x0, 0x8, 0x10012}, [@FRA_TUN_ID={0xc, 0xc, 0x1, 0x0, 0x9}, @FRA_GENERIC_POLICY=@FRA_TABLE={0x8, 0xf, 0xa}]}, 0x30}}, 0x0) 12.063453965s ago: executing program 2 (id=52): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r0, &(0x7f0000000d00)=[{{0x0, 0x1e, &(0x7f0000002c00)=[{&(0x7f0000001500)="b25b365c0254a7c6fc7ea6155a71b613b02d1645aab67271075189c3540c4dd19ebfb3c4acf87f2eeb258e62cc6ae96db360d874500cb86b4185ee533bf708", 0x3f}, {&(0x7f0000002800)="cf", 0x1}, {&(0x7f0000000380)="08e0ac8fb1d99df61d7b518d0a62071e7ec69f658d5a52d7eb7ea31db43f8cf570f335a80860ac4cc240dc149d8468493db8aad089f590d62e0bcb9d1dcee636ee311ee51839b7201745baef82209b2ab741dc5ea481ae9dcebe39b1101a42a8c82de46107541c240ad0d9ee4a9340cffd72aaea692a60993637c81d23a0d0ebbae66f1eb2771df2482c043d8715ae788b56cc91eaa4d6bbdec82d8f91eb822d0b5f3ebd86", 0x1}, {&(0x7f0000000180)="8a", 0x1}, {&(0x7f0000002b40)='-', 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000002f00)=[{&(0x7f0000001580)="ce90bfdbcfb8a86a74f6799f98c36e23e210f053830ac8e978a0785884001a7099c4b9016f1a65a57390caf78c272cbf9711f94505dd525af1ff7d013438df5b844226f41b81e58eb73366", 0x4b}, {&(0x7f0000000540)="f2e659a0b00d26c2ee15", 0xa}, {&(0x7f0000002e40)="d4", 0x1}], 0x3}}, {{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000003000)="e1", 0x1}, {&(0x7f00000010c0)="fa", 0x1}, {&(0x7f0000001680)="d8", 0x1}, {&(0x7f0000001600)="f2964dd16e01d56b414499264923beda58d7da0313c1ccafe53965750f25bdaa6b56a87307ec23d48b6f35ce49a813a2bc3cb23fdf42826bdc16788ff466919594de5bf8a1fa5d825947271ade4a95efeb170c", 0xfffffd57}, {&(0x7f0000001340)="b8", 0x1}, {&(0x7f0000000500)="01", 0x1}, {&(0x7f0000000280)="87", 0x1}], 0x7}}, {{0x0, 0x0, &(0x7f0000001540)=[{&(0x7f0000000140), 0x1}, {&(0x7f0000000340)="e4", 0xfffffec2}], 0x2, 0x0, 0xffffff84}}], 0x5f, 0x4000000) 10.388449989s ago: executing program 4 (id=56): bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000009c0)="ad56b6c5820fae9d6dcd3292ea54c7be8bbdadbb1632ea5704cae881ef915d374c90c200", 0x24) r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) sendmmsg$alg(r0, &(0x7f0000000c00)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x40040}], 0x1, 0x8040) syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), r0) 10.146505845s ago: executing program 4 (id=59): mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x1, &(0x7f0000000ac0)=ANY=[@ANYBLOB="e7e4861f4bcfc6ea1143faf5be5b5e6bb7fabe3baafc310136a16290571ae8331b4e694ced800eb58807a40c5e77fb570e73ce84643ade9bd61334c3db831aa9838138efc968d22a37602fe9fbd34248422a878423c342d2dacc0f31a82f8b8dd66eb41a31a685e98b308061b43aa0a114ee48904e4a283fed6662fb8bbd784924805e94080330dd54bc14a2dc49b72daa262ae10d2414a9ebc017b52b313305e763e76f", @ANYBLOB=',rootmode=00000000000', @ANYRESDEC=0x0, @ANYBLOB=',group_i', @ANYBLOB=',']) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x0, 0x0) getpeername$qrtr(0xffffffffffffffff, &(0x7f0000000280), &(0x7f0000000500)=0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 9.971949723s ago: executing program 2 (id=60): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket(0x2b, 0x80801, 0x1) connect$inet6(r0, 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100}, &(0x7f0000000200)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r4, r5, 0x0) io_uring_enter(r3, 0x2ded, 0xef92, 0x0, 0x0, 0x0) msgsnd(0x0, &(0x7f0000000340)={0x3}, 0x2000, 0x0) 7.948670227s ago: executing program 2 (id=63): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000101c1b021b00000000000109022400010000400009040000010300400009"], 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18) socketpair$unix(0x1, 0x1, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x1, "374abed2"}]}}, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000008c0)={0x84, &(0x7f00000003c0)={0x0, 0x15, 0x28, "0000000000a680bacd05988275a7df8eebbc776e30a1f9bffddb9733209be40174a8715db80e8e71"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 7.321556589s ago: executing program 4 (id=65): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d00000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x200000, @empty, 0x1}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = accept(r1, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r4, 0x400, 0x70bd2b, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x240400c1}, 0x40055) 6.967827115s ago: executing program 0 (id=67): mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) chdir(&(0x7f00000001c0)='./bus\x00') rmdir(&(0x7f0000000380)='./file0/../file0\x00') symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') 6.877004021s ago: executing program 1 (id=68): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_io_uring_setup(0x4d5, &(0x7f0000000480)={0x0, 0x404525, 0x80, 0x2, 0x12d}, &(0x7f0000000100)=0x0, &(0x7f0000000640)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffff8, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2f, 0x28, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_TEE={0x21, 0xda1a0b6210925d15, 0x0, @fd_index, 0x0, 0x0, 0x1, 0x1}) io_uring_enter(r1, 0x22d0, 0x20, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x40d0}, 0x0) userfaultfd(0x80801) openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) read$FUSE(r5, &(0x7f0000002140)={0x2020}, 0x205a) 6.229126408s ago: executing program 3 (id=69): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000080)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000002"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_connect(0x1, 0x231, &(0x7f0000000600)=ANY=[@ANYBLOB="12015002d8324fdf3d1b0301bedd0102030109021f02020700805b0904f5bc07ccff40f709050d10400009b40430067b087e91e14a73958cf72cc389cd93b70018551400aa1850f53ab30e3f1658b6b7008845485f2a426c752f9d7c9f09050110080073030207250183030c0009050d0010000306f602230725010007020009055d0440000f02037431cff68d240971a07cf1bcc9ef25b2f2258e8a37b28547045ca5d175b82f336d5b8ad98223dbd42176a027c4cf204f3cdd3de6de3dc7046c9750847b402ef5587ffe71c837f88820e412270187b9a25e67dd8c17040e2f2e1b02915488716f97cfee7dc5c9d7ae32b6d3afc7072790053d770c4223a290d854da9def09050c030800a40703072501020704000725010302030009050c04080001027f09050f00cb14020602090432690390e3680609054300100000640b09050903080003210209050200ff03010502e830fcee5cba47a943dd89e4cec57dc739a82c7cd365a4a259c4056dad8680bbe488167a9ba57bd869e65922ef8c89dc1bbcf46fa3891b80c66fd110bfae2b49da4664dd201a314c333aa2c9141374ce210772881b043100ce59c244f56a0100ee5d652be69cdf4b5d1415d0012d5cd48a56883f4d66dc96118357b23c37cc349812c7ee5e96acf358cac8b86c083d626781b73c8e0450932fddba85d986c0671208473c"], 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000540), 0xffffffffffffffff) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_WANTLQI(r1, 0x0, 0x3, 0x0, 0x0) syz_usb_ep_write(r0, 0x81, 0xffffff75, &(0x7f00000002c0)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c356484e46fd66e3f2c7807e8773eed7b94fa099ab84feadec2ea95f65bba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e4800448aab0000000000000d75f34bb50d8d7084") 5.656516998s ago: executing program 0 (id=70): r0 = msgget$private(0x0, 0x80) msgrcv(r0, 0x0, 0x0, 0x1, 0x2000) msgrcv(r0, 0x0, 0x0, 0x3, 0x2000) msgctl$IPC_RMID(r0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x14) syz_pidfd_open(0x0, 0x0) ioctl$SCSI_IOCTL_GET_PCI(0xffffffffffffffff, 0x5309, 0x0) epoll_create(0x52261838) mlockall(0x3) mlockall(0x2) r1 = shmget$private(0x0, 0x400000, 0x8, &(0x7f000000e000/0x400000)=nil) shmat(r1, &(0x7f0000ffd000/0x1000)=nil, 0x7000) syz_io_uring_setup(0x28a2, 0x0, &(0x7f0000000200), 0x0) 5.559111705s ago: executing program 4 (id=71): r0 = syz_io_uring_setup(0x22f, &(0x7f0000000140)={0x0, 0x5325, 0x10000, 0x3, 0x100002cf}, &(0x7f0000000100)=0x0, &(0x7f0000000040)=0x0) bind$x25(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(r0, 0x7a98, 0x9257, 0x48, 0x0, 0xffffff29) 5.557979589s ago: executing program 1 (id=72): 5.402641179s ago: executing program 1 (id=73): r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) timer_create(0x0, 0x0, &(0x7f00000010c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000006b40)={0x2020}, 0x2020) socket(0xa, 0x3, 0x3a) syz_emit_ethernet(0xee, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, 0x0, 0x4058880) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r3) 4.204279661s ago: executing program 2 (id=74): gettid() bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x10000000001, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce) r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) r2 = socket$inet(0x2, 0x2, 0x1) setsockopt$inet_mreqn(r2, 0x0, 0x20, 0x0, 0x300) mmap(&(0x7f0000fa2000/0x4000)=nil, 0x4000, 0x2000004, 0x110, r2, 0x3000) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6000000002060103000000000000000000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a30000000000500040000000000050005000a00000014000780050015000000000008001240"], 0x60}, 0x1, 0x0, 0x0, 0x40004}, 0x0) 3.975446307s ago: executing program 4 (id=75): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=ANY=[@ANYBLOB="02030003130000002cbd7000fbdbdf2503000900800000001cdc0dca1d9f68846960e56de42944af05000600000000000a004e2400000004ff010000000000000000000000000001000000000000000002000100000000000000070c0100000005000500000000000a00012400000009000000000000000000000000000000000600000000000000020013000300"], 0x98}, 0x1, 0x7}, 0x0) 3.510220831s ago: executing program 0 (id=76): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0x40045304, &(0x7f0000000180)={0x81, 0x5, 0x1, 'queue1\x00', 0xfffffffe}) 3.280571919s ago: executing program 1 (id=77): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x40000000000002, 0x7, 0xeab, 0x180, 0x0, 0x0, 0xf2, 0x9, 0x8, 0x5, 0x0, 0x400, 0x0, 0x0, 0x0, 0x4], 0x1, 0x3c4212}) syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.193461697s ago: executing program 0 (id=78): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000140)='htcp', 0x4) sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12) 2.85993745s ago: executing program 4 (id=79): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) kexec_load(0x1000d0ffc2, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x3e0000}], 0x0) 1.896676948s ago: executing program 0 (id=80): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\b\x00\x00', &(0x7f0000000300)=""/8, 0x6c00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 1.82617472s ago: executing program 3 (id=81): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pipe2$watch_queue(0x0, 0x80) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) socket(0x80000000000000a, 0x2, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) close_range(r2, 0xffffffffffffffff, 0x0) 782.769457ms ago: executing program 0 (id=82): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d00000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x200000, @empty, 0x1}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = accept(r1, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r4, 0x400, 0x70bd2b, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x240400c1}, 0x40055) 372.698319ms ago: executing program 1 (id=83): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) ioctl$EVIOCGPROP(r0, 0x40047438, &(0x7f0000000180)=""/246) writev(r0, &(0x7f0000000440)=[{&(0x7f0000000280)="c021", 0x1700}], 0x1) 0s ago: executing program 1 (id=84): r0 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SYS_SET(r3, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000001100)={0x10, 0x1407, 0x1, 0x70bd27, 0x25dfdbff}, 0x10}, 0x1, 0x0, 0x0, 0x40}, 0x40844) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r4 = syz_open_dev$dri(&(0x7f0000000180), 0x78, 0x802) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r4, 0x100000000) mremap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f00003eb000/0x1000)=nil) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x4, [@var={0x2, 0x0, 0x0, 0x11, 0x3, 0xffffffff}, @const={0x0, 0x0, 0x0, 0x2}, @func_proto={0x2, 0x0, 0x0, 0x8, 0x2}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x44}, 0x20) socket$netlink(0x10, 0x3, 0x12) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$FUSE_ATTR(r5, &(0x7f0000005340)={0x78, 0x0, 0x0, {0x2000000007, 0x400, 0x0, {0x6, 0xfffe000000000000, 0xfffffffffffffffb, 0xff, 0x694, 0x3, 0x7f, 0x9, 0x800, 0x2000, 0x2, 0x0, 0x0, 0xb, 0x8, 0x1000000}}}, 0x78) lremovexattr(0x0, &(0x7f00000001c0)=@known='system.posix_acl_default\x00') sendmsg$NL80211_CMD_CONNECT(r0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) syz_usb_connect$printer(0x0, 0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="0d01000009000008250592d20700006a3b010902241700fa0074980904e4ff11070103000905010200ffe0000009058202", @ANYRESDEC=0x0], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.19' (ED25519) to the list of known hosts. [ 91.587099][ T5788] cgroup: Unknown subsys name 'net' [ 91.830328][ T5788] cgroup: Unknown subsys name 'cpuset' [ 91.883348][ T5788] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 92.224604][ T9] cfg80211: failed to load regulatory.db [ 93.867783][ T5788] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 98.288596][ T5801] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 98.300039][ T5801] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 98.302506][ T5801] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 98.334973][ T5118] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 98.338923][ T5118] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 98.339804][ T5118] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 98.362804][ T5118] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 98.363442][ T5118] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 98.372098][ T5118] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 98.376891][ T5118] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 98.377372][ T5118] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 98.380689][ T5118] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 98.383076][ T5808] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 98.427498][ T61] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 98.429750][ T61] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 98.473244][ T5804] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 98.475790][ T5801] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 98.493336][ T5801] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 98.499286][ T5801] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 98.500218][ T5801] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 98.605734][ T5806] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 98.607613][ T5806] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 98.608473][ T5806] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 98.609700][ T5806] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 98.610500][ T5806] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 99.702147][ T5811] chnl_net:caif_netlink_parms(): no params data found [ 99.758345][ T5800] chnl_net:caif_netlink_parms(): no params data found [ 99.924117][ T5805] chnl_net:caif_netlink_parms(): no params data found [ 99.930233][ T5803] chnl_net:caif_netlink_parms(): no params data found [ 100.095835][ T5816] chnl_net:caif_netlink_parms(): no params data found [ 100.454017][ T61] Bluetooth: hci0: command tx timeout [ 100.533318][ T61] Bluetooth: hci3: command tx timeout [ 100.533345][ T5806] Bluetooth: hci2: command tx timeout [ 100.612708][ T61] Bluetooth: hci1: command tx timeout [ 100.664335][ T5811] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.664441][ T5811] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.664878][ T5811] bridge_slave_0: entered allmulticast mode [ 100.667088][ T5811] bridge_slave_0: entered promiscuous mode [ 100.692631][ T61] Bluetooth: hci4: command tx timeout [ 100.825522][ T5811] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.825616][ T5811] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.825778][ T5811] bridge_slave_1: entered allmulticast mode [ 100.827698][ T5811] bridge_slave_1: entered promiscuous mode [ 100.983727][ T5800] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.983863][ T5800] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.984006][ T5800] bridge_slave_0: entered allmulticast mode [ 100.986106][ T5800] bridge_slave_0: entered promiscuous mode [ 101.273608][ T5800] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.273753][ T5800] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.273949][ T5800] bridge_slave_1: entered allmulticast mode [ 101.276196][ T5800] bridge_slave_1: entered promiscuous mode [ 101.363742][ T5805] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.363888][ T5805] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.364083][ T5805] bridge_slave_0: entered allmulticast mode [ 101.366240][ T5805] bridge_slave_0: entered promiscuous mode [ 101.463825][ T5803] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.463951][ T5803] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.464088][ T5803] bridge_slave_0: entered allmulticast mode [ 101.466027][ T5803] bridge_slave_0: entered promiscuous mode [ 101.547302][ T5811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.547588][ T5805] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.547718][ T5805] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.547898][ T5805] bridge_slave_1: entered allmulticast mode [ 101.550315][ T5805] bridge_slave_1: entered promiscuous mode [ 101.635816][ T5803] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.635943][ T5803] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.636113][ T5803] bridge_slave_1: entered allmulticast mode [ 101.638159][ T5803] bridge_slave_1: entered promiscuous mode [ 101.717030][ T5811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.824592][ T5816] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.824746][ T5816] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.824941][ T5816] bridge_slave_0: entered allmulticast mode [ 101.831259][ T5816] bridge_slave_0: entered promiscuous mode [ 101.946831][ T5800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.203801][ T5816] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.203958][ T5816] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.204145][ T5816] bridge_slave_1: entered allmulticast mode [ 102.206385][ T5816] bridge_slave_1: entered promiscuous mode [ 102.276329][ T5800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.360447][ T5805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.447138][ T5803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.525916][ T5811] team0: Port device team_slave_0 added [ 102.529178][ T5805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.532930][ T61] Bluetooth: hci0: command tx timeout [ 102.612667][ T61] Bluetooth: hci2: command tx timeout [ 102.612705][ T61] Bluetooth: hci3: command tx timeout [ 102.616944][ T5803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.685782][ T5811] team0: Port device team_slave_1 added [ 102.692637][ T61] Bluetooth: hci1: command tx timeout [ 102.772739][ T61] Bluetooth: hci4: command tx timeout [ 102.777425][ T5816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.865359][ T5800] team0: Port device team_slave_0 added [ 103.027230][ T5816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.107404][ T5800] team0: Port device team_slave_1 added [ 103.185672][ T5805] team0: Port device team_slave_0 added [ 103.495661][ T5803] team0: Port device team_slave_0 added [ 103.564980][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.564994][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 103.565012][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.568546][ T5805] team0: Port device team_slave_1 added [ 103.705616][ T5803] team0: Port device team_slave_1 added [ 103.794220][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.794238][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 103.794266][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.915378][ T5816] team0: Port device team_slave_0 added [ 103.994309][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.994324][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 103.994342][ T5800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.155560][ T5816] team0: Port device team_slave_1 added [ 104.245633][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.245652][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.245679][ T5800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.248906][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.248918][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.248936][ T5805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.364036][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.364052][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.364070][ T5803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.374088][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.374108][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.374139][ T5805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.504314][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.504333][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.504361][ T5803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.611192][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.611206][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.611231][ T5816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.614674][ T61] Bluetooth: hci0: command tx timeout [ 104.692656][ T61] Bluetooth: hci3: command tx timeout [ 104.692693][ T61] Bluetooth: hci2: command tx timeout [ 104.727710][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.727725][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.727744][ T5816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.776477][ T5806] Bluetooth: hci1: command tx timeout [ 104.812001][ T5811] hsr_slave_0: entered promiscuous mode [ 104.814421][ T5811] hsr_slave_1: entered promiscuous mode [ 104.852769][ T5806] Bluetooth: hci4: command tx timeout [ 105.059842][ T5800] hsr_slave_0: entered promiscuous mode [ 105.060844][ T5800] hsr_slave_1: entered promiscuous mode [ 105.061709][ T5800] debugfs: 'hsr0' already exists in 'hsr' [ 105.061804][ T5800] Cannot create hsr debugfs directory [ 105.281165][ T5805] hsr_slave_0: entered promiscuous mode [ 105.282157][ T5805] hsr_slave_1: entered promiscuous mode [ 105.283653][ T5805] debugfs: 'hsr0' already exists in 'hsr' [ 105.283684][ T5805] Cannot create hsr debugfs directory [ 105.370312][ T5803] hsr_slave_0: entered promiscuous mode [ 105.371363][ T5803] hsr_slave_1: entered promiscuous mode [ 105.372089][ T5803] debugfs: 'hsr0' already exists in 'hsr' [ 105.372108][ T5803] Cannot create hsr debugfs directory [ 105.800651][ T5816] hsr_slave_0: entered promiscuous mode [ 105.801635][ T5816] hsr_slave_1: entered promiscuous mode [ 105.802329][ T5816] debugfs: 'hsr0' already exists in 'hsr' [ 105.802349][ T5816] Cannot create hsr debugfs directory [ 106.692711][ T5806] Bluetooth: hci0: command tx timeout [ 106.772659][ T5806] Bluetooth: hci2: command tx timeout [ 106.772700][ T5806] Bluetooth: hci3: command tx timeout [ 106.853671][ T5806] Bluetooth: hci1: command tx timeout [ 106.933411][ T5806] Bluetooth: hci4: command tx timeout [ 107.183750][ T5811] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 107.220731][ T5811] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 107.237146][ T5811] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 107.311853][ T5811] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 107.445322][ T5800] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 107.479551][ T5800] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 107.501088][ T5800] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 107.558027][ T5800] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 107.682803][ T5805] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 107.723985][ T5805] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 107.759884][ T5805] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 107.815924][ T5805] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 107.980087][ T5803] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 108.025510][ T5803] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 108.069872][ T5803] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 108.127568][ T5803] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 108.242133][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.275679][ T5816] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 108.333510][ T5816] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 108.380631][ T5816] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 108.422762][ T5816] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 108.495846][ T5811] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.540462][ T1178] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.541017][ T1178] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.581581][ T5800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.595542][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.595660][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.685587][ T5800] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.725141][ T5805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.742154][ T1507] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.744130][ T1507] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.785083][ T1507] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.785199][ T1507] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.838654][ T5805] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.866619][ T5803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.895757][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.896696][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.949941][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.950121][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.019480][ T5803] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.065467][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.072014][ T1378] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.072230][ T1378] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.127829][ T1378] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.128066][ T1378] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.229185][ T5816] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.292983][ T1507] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.293200][ T1507] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.339007][ T1507] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.339505][ T1507] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.403281][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.667294][ T5800] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.722228][ T5811] veth0_vlan: entered promiscuous mode [ 109.784480][ T5811] veth1_vlan: entered promiscuous mode [ 109.890880][ T5805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.963364][ T5800] veth0_vlan: entered promiscuous mode [ 110.010355][ T5811] veth0_macvtap: entered promiscuous mode [ 110.028599][ T5800] veth1_vlan: entered promiscuous mode [ 110.047071][ T5803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.051544][ T5811] veth1_macvtap: entered promiscuous mode [ 110.161617][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.195859][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.197839][ T5805] veth0_vlan: entered promiscuous mode [ 110.240766][ T5816] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.269855][ T58] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.284408][ T58] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.287896][ T5800] veth0_macvtap: entered promiscuous mode [ 110.289888][ T58] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.322240][ T58] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.344851][ T5805] veth1_vlan: entered promiscuous mode [ 110.359424][ T5800] veth1_macvtap: entered promiscuous mode [ 110.439682][ T5803] veth0_vlan: entered promiscuous mode [ 110.520362][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.566488][ T5803] veth1_vlan: entered promiscuous mode [ 110.593242][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.652775][ T58] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.672073][ T58] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.684787][ T58] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.686410][ T5805] veth0_macvtap: entered promiscuous mode [ 110.691312][ T58] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.801076][ T5805] veth1_macvtap: entered promiscuous mode [ 110.864426][ T3616] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.864446][ T3616] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.979395][ T5803] veth0_macvtap: entered promiscuous mode [ 111.034811][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.034832][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.071959][ T5803] veth1_macvtap: entered promiscuous mode [ 111.081327][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.149264][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.150890][ T820] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.150910][ T820] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.221130][ T820] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.231275][ T820] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.240788][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.264543][ T820] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.297144][ T820] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.317474][ T5816] veth0_vlan: entered promiscuous mode [ 111.329050][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.334464][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.334488][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.436054][ T1378] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.484931][ T1378] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.515173][ T5816] veth1_vlan: entered promiscuous mode [ 111.521471][ T3616] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.530947][ T3616] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.814756][ T5921] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6'. [ 111.814782][ T5921] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6'. [ 111.814822][ T5921] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6'. [ 111.814943][ T5921] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6'. [ 111.944333][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.944356][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.030987][ T5816] veth0_macvtap: entered promiscuous mode [ 112.727382][ T5921] syz.2.6 (5921) used greatest stack depth: 14552 bytes left [ 112.784690][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!! [ 112.784726][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!! [ 113.038579][ T5816] veth1_macvtap: entered promiscuous mode [ 113.282718][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.342721][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.382498][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.382526][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.582478][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.832537][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.832574][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.833470][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.879230][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.879255][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.262281][ T5935] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.262304][ T5935] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.170465][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 115.245558][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 115.370545][ T5934] syz.2.9 (5934): drop_caches: 2 [ 115.381389][ T1220] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.402179][ T1220] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.426432][ T1220] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.427719][ T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.427739][ T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.475998][ T1220] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.177682][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.177703][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.192873][ T991] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 116.413147][ T5957] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 116.642859][ T991] usb 1-1: Using ep0 maxpacket: 8 [ 117.668171][ T991] usb 1-1: unable to get BOS descriptor or descriptor too short [ 117.696817][ T991] usb 1-1: config 0 has no interfaces? [ 117.723165][ T991] usb 1-1: New USB device found, idVendor=6d79, idProduct=4f80, bcdDevice=d7.15 [ 117.723197][ T991] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.723218][ T991] usb 1-1: Product: syz [ 117.723233][ T991] usb 1-1: Manufacturer: syz [ 117.723248][ T991] usb 1-1: SerialNumber: syz [ 117.847928][ T991] usb 1-1: config 0 descriptor?? [ 118.900897][ T5935] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.900955][ T5935] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.246788][ T5975] dummy0: entered promiscuous mode [ 121.647505][ T5978] Zero length message leads to an empty skb [ 121.655918][ T5978] netlink: 'syz.3.20': attribute type 10 has an invalid length. [ 121.738397][ T5980] netlink: 4 bytes leftover after parsing attributes in process `syz.3.20'. [ 121.852628][ T5868] usb 1-1: USB disconnect, device number 2 [ 122.236402][ T5978] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.268653][ T5978] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.303039][ T5978] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.303202][ T5978] bridge0: port 2(bridge_slave_1) entered forwarding state [ 122.304861][ T5978] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.305034][ T5978] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.445109][ T5978] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 122.445554][ T5980] bridge_slave_1: left allmulticast mode [ 122.445575][ T5980] bridge_slave_1: left promiscuous mode [ 122.445763][ T5980] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.609081][ T5980] bridge_slave_0: left allmulticast mode [ 123.609104][ T5980] bridge_slave_0: left promiscuous mode [ 123.609286][ T5980] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.350952][ T6001] rtc_cmos 00:00: Alarms can be up to one day in the future [ 125.230273][ T5980] bond0: (slave bridge0): Releasing backup interface [ 125.602703][ T1829] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 126.461729][ T1829] usb 2-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x7F, changing to 0xF [ 126.461754][ T1829] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10 [ 126.461773][ T1829] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 29949, setting to 64 [ 126.461792][ T1829] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 126.461811][ T1829] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 126.467856][ T1829] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 126.467878][ T1829] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 126.467892][ T1829] usb 2-1: SerialNumber: syz [ 126.576766][ T5997] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 126.577118][ T5997] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 126.753193][ T991] usb 3-1: new low-speed USB device number 2 using dummy_hcd [ 126.925905][ T991] usb 3-1: config index 0 descriptor too short (expected 1307, got 27) [ 126.925937][ T991] usb 3-1: config 0 has an invalid interface number: 0 but max is -1 [ 126.925958][ T991] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 126.925996][ T991] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 126.926042][ T991] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 126.926066][ T991] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 126.955779][ T991] usb 3-1: string descriptor 0 read error: -22 [ 126.955964][ T991] usb 3-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 126.955991][ T991] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.966894][ T991] usb 3-1: config 0 descriptor?? [ 126.968203][ T6010] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 127.055107][ T991] hub 3-1:0.0: bad descriptor, ignoring hub [ 127.055148][ T991] hub 3-1:0.0: probe with driver hub failed with error -5 [ 127.237163][ T991] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input5 [ 129.572759][ T991] usb 3-1: USB disconnect, device number 2 [ 129.572767][ C0] usb_acecad 3-1:0.0: can't resubmit intr, dummy_hcd.2-1/input0, status -19 [ 132.390130][ T5868] usb 2-1: USB disconnect, device number 2 [ 132.870765][ T6054] lo speed is unknown, defaulting to 1000 [ 132.879070][ T6054] lo speed is unknown, defaulting to 1000 [ 133.019026][ T6054] lo speed is unknown, defaulting to 1000 [ 133.114065][ T6054] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 133.257615][ T6054] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 133.494242][ T6054] lo speed is unknown, defaulting to 1000 [ 133.497694][ T6054] lo speed is unknown, defaulting to 1000 [ 133.501473][ T6054] lo speed is unknown, defaulting to 1000 [ 133.505206][ T6054] lo speed is unknown, defaulting to 1000 [ 133.508296][ T6054] lo speed is unknown, defaulting to 1000 [ 133.739527][ T5888] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 134.262534][ T6057] F2FS-fs (nbd3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 134.262554][ T6057] F2FS-fs (nbd3): Can't find valid F2FS filesystem in 1th superblock [ 134.262761][ T6057] F2FS-fs (nbd3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 134.262774][ T6057] F2FS-fs (nbd3): Can't find valid F2FS filesystem in 2th superblock [ 134.342556][ T5888] usb 3-1: Using ep0 maxpacket: 32 [ 134.366372][ T5888] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 134.366401][ T5888] usb 3-1: config 0 has no interface number 0 [ 134.371184][ T5888] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 134.371213][ T5888] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.371234][ T5888] usb 3-1: Product: syz [ 134.371249][ T5888] usb 3-1: Manufacturer: syz [ 134.371264][ T5888] usb 3-1: SerialNumber: syz [ 134.444555][ T5888] usb 3-1: config 0 descriptor?? [ 134.449778][ T5888] smsc95xx v2.0.0 [ 134.449791][ T5888] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 134.449975][ T5888] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -22 [ 135.942312][ T5868] usb 3-1: USB disconnect, device number 3 [ 136.778944][ T6084] rtc_cmos 00:00: Alarms can be up to one day in the future [ 138.883656][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.883755][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 139.344405][ T6092] overlayfs: failed to resolve './file0': -2 [ 142.872615][ T5868] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 143.022812][ T5868] usb 3-1: Using ep0 maxpacket: 16 [ 143.025429][ T5868] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 143.025487][ T5868] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 143.025532][ T5868] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 143.025555][ T5868] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.110315][ T5868] usb 3-1: config 0 descriptor?? [ 143.122269][ T5868] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 143.146716][ T6127] overlayfs: failed to resolve './file0': -2 [ 144.512523][ T5889] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 145.362030][ T5889] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.362088][ T5889] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 145.362105][ T5889] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.458922][ T5889] usb 4-1: config 0 descriptor?? [ 145.673811][ T5866] usb 3-1: USB disconnect, device number 4 [ 145.984445][ T5889] keytouch 0003:0926:3333.0001: fixing up Keytouch IEC report descriptor [ 146.115909][ T6136] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 146.116343][ T6136] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 146.146886][ T5889] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0001/input/input6 [ 146.821183][ T5889] keytouch 0003:0926:3333.0001: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 146.859065][ T5889] usb 4-1: USB disconnect, device number 2 [ 147.831017][ C0] vkms_vblank_simulate: vblank timer overrun [ 147.982262][ T6154] syz.2.74: vmalloc error: size 35651584, failed to allocated page array size 69632, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 148.010328][ T6154] CPU: 0 UID: 0 PID: 6154 Comm: syz.2.74 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 148.010360][ T6154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 148.010384][ T6154] Call Trace: [ 148.010397][ T6154] [ 148.010407][ T6154] dump_stack_lvl+0x189/0x250 [ 148.010451][ T6154] ? lockdep_hardirqs_on+0x9c/0x150 [ 148.010488][ T6154] ? __pfx_dump_stack_lvl+0x10/0x10 [ 148.010536][ T6154] warn_alloc+0x22e/0x3b0 [ 148.010573][ T6154] ? __pfx_warn_alloc+0x10/0x10 [ 148.010610][ T6154] ? __get_vm_area_node+0x2bc/0x350 [ 148.010643][ T6154] ? hash_netiface_create+0x354/0xf90 [ 148.010672][ T6154] __vmalloc_node_range_noprof+0x690/0x12d0 [ 148.010698][ T6154] ? __alloc_frozen_pages_noprof+0x9f/0x370 [ 148.010755][ T6154] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 148.010783][ T6154] ? rcu_is_watching+0x15/0xb0 [ 148.010818][ T6154] __kvmalloc_node_noprof+0x4a3/0x920 [ 148.010845][ T6154] ? hash_netiface_create+0x354/0xf90 [ 148.010867][ T6154] ? hash_netiface_create+0x354/0xf90 [ 148.010898][ T6154] hash_netiface_create+0x354/0xf90 [ 148.010931][ T6154] ? __nla_parse+0x40/0x60 [ 148.010966][ T6154] ? __pfx_hash_netiface_create+0x10/0x10 [ 148.010992][ T6154] ip_set_create+0xa9c/0x1940 [ 148.011018][ T6154] ? ip_set_create+0x4a7/0x1940 [ 148.011055][ T6154] ? __pfx_ip_set_create+0x10/0x10 [ 148.011104][ T6154] ? __pfx_ip_set_create+0x10/0x10 [ 148.011141][ T6154] nfnetlink_rcv_msg+0xb69/0x1150 [ 148.011172][ T6154] ? nfnetlink_rcv_msg+0x212/0x1150 [ 148.011224][ T6154] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 148.011250][ T6154] ? kasan_save_track+0x4f/0x80 [ 148.011301][ T6154] ? lockdep_hardirqs_on+0x9c/0x150 [ 148.011361][ T6154] netlink_rcv_skb+0x208/0x470 [ 148.011396][ T6154] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 148.011427][ T6154] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 148.011474][ T6154] ? bpf_lsm_capable+0x9/0x20 [ 148.011505][ T6154] ? security_capable+0x7e/0x2e0 [ 148.011548][ T6154] nfnetlink_rcv+0x282/0x2590 [ 148.011586][ T6154] ? __dev_queue_xmit+0x1d3d/0x3b70 [ 148.011620][ T6154] ? __dev_queue_xmit+0x26f/0x3b70 [ 148.011671][ T6154] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 148.011699][ T6154] ? __pfx___dev_queue_xmit+0x10/0x10 [ 148.011739][ T6154] ? ref_tracker_free+0x61e/0x7c0 [ 148.011772][ T6154] ? __asan_memcpy+0x40/0x70 [ 148.011816][ T6154] ? __pfx_ref_tracker_free+0x10/0x10 [ 148.011847][ T6154] ? __skb_clone+0x63/0x7a0 [ 148.011875][ T6154] ? __skb_clone+0x483/0x7a0 [ 148.011905][ T6154] ? skb_clone+0x246/0x3a0 [ 148.011932][ T6154] ? __netlink_deliver_tap+0x807/0x850 [ 148.011964][ T6154] ? netlink_deliver_tap+0x2e/0x1b0 [ 148.012004][ T6154] ? netlink_deliver_tap+0x2e/0x1b0 [ 148.012046][ T6154] netlink_unicast+0x846/0xa10 [ 148.012087][ T6154] ? __pfx_netlink_unicast+0x10/0x10 [ 148.012118][ T6154] ? netlink_sendmsg+0x642/0xb30 [ 148.012148][ T6154] ? skb_put+0x11b/0x210 [ 148.012187][ T6154] netlink_sendmsg+0x805/0xb30 [ 148.012232][ T6154] ? __pfx_netlink_sendmsg+0x10/0x10 [ 148.012273][ T6154] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 148.012297][ T6154] ? __pfx_netlink_sendmsg+0x10/0x10 [ 148.012330][ T6154] __sock_sendmsg+0x21c/0x270 [ 148.012361][ T6154] ____sys_sendmsg+0x508/0x820 [ 148.012395][ T6154] ? __pfx_____sys_sendmsg+0x10/0x10 [ 148.012427][ T6154] ? import_iovec+0x74/0xa0 [ 148.012456][ T6154] ___sys_sendmsg+0x21f/0x2a0 [ 148.012481][ T6154] ? __pfx____sys_sendmsg+0x10/0x10 [ 148.012546][ T6154] ? __fget_files+0x2a/0x420 [ 148.012570][ T6154] ? __fget_files+0x3a6/0x420 [ 148.012607][ T6154] __x64_sys_sendmsg+0x1a1/0x260 [ 148.012641][ T6154] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 148.012684][ T6154] ? do_syscall_64+0xbe/0xfa0 [ 148.012725][ T6154] do_syscall_64+0xfa/0xfa0 [ 148.012760][ T6154] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.012780][ T6154] ? asm_sysvec_call_function_single+0x1a/0x20 [ 148.012803][ T6154] ? clear_bhb_loop+0x60/0xb0 [ 148.012831][ T6154] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.012853][ T6154] RIP: 0033:0x7f6dcb51eec9 [ 148.012884][ T6154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.012903][ T6154] RSP: 002b:00007f6dc9765038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 148.012928][ T6154] RAX: ffffffffffffffda RBX: 00007f6dcb776090 RCX: 00007f6dcb51eec9 [ 148.012944][ T6154] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000007 [ 148.012958][ T6154] RBP: 00007f6dcb5a1f91 R08: 0000000000000000 R09: 0000000000000000 [ 148.012971][ T6154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 148.012984][ T6154] R13: 00007f6dcb776128 R14: 00007f6dcb776090 R15: 00007ffd208c0fb8 [ 148.013020][ T6154] [ 148.015860][ T6154] Mem-Info: [ 148.054341][ T6154] active_anon:253 inactive_anon:6555 isolated_anon:0 [ 148.054341][ T6154] active_file:5102 inactive_file:38924 isolated_file:0 [ 148.054341][ T6154] unevictable:768 dirty:394 writeback:0 [ 148.054341][ T6154] slab_reclaimable:11320 slab_unreclaimable:100247 [ 148.054341][ T6154] mapped:29921 shmem:1990 pagetables:1243 [ 148.054341][ T6154] sec_pagetables:0 bounce:0 [ 148.054341][ T6154] kernel_misc_reclaimable:0 [ 148.054341][ T6154] free:1337814 free_pcp:2892 free_cma:0 [ 148.054417][ T6154] Node 0 active_anon:1012kB inactive_anon:26220kB active_file:20212kB inactive_file:155696kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119684kB dirty:1572kB writeback:0kB shmem:6424kB kernel_stack:12860kB pagetables:4832kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 148.054453][ T6154] Node 1 active_anon:0kB inactive_anon:0kB active_file:196kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 148.054485][ T6154] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 148.054531][ T6154] lowmem_reserve[]: 0 2514 2515 2515 2515 [ 148.054558][ T6154] Node 0 DMA32 free:1435156kB boost:0kB min:3940kB low:6484kB high:9028kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1012kB inactive_anon:26220kB active_file:20212kB inactive_file:155696kB unevictable:1536kB writepending:1572kB zspages:0kB present:3129332kB managed:2574612kB mlocked:0kB bounce:0kB free_pcp:11568kB local_pcp:10416kB free_cma:0kB [ 148.054605][ T6154] lowmem_reserve[]: 0 0 1 1 1 [ 148.054632][ T6154] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 148.054678][ T6154] lowmem_reserve[]: 0 0 0 0 0 [ 148.054703][ T6154] Node 1 Normal free:3900740kB boost:0kB min:6360kB low:10468kB high:14576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:196kB inactive_file:0kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 148.054747][ T6154] lowmem_reserve[]: 0 0 0 0 0 [ 148.054772][ T6154] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 148.055106][ T6154] Node 0 DMA32: 3*4kB (UME) 805*8kB (UE) 406*16kB (UE) 134*32kB (UE) 29*64kB (UME) 11*128kB (UME) 26*256kB (UME) 10*512kB (UM) 10*1024kB (ME) 6*2048kB (M) 337*4096kB (M) = 1435156kB [ 148.055239][ T6154] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 148.055429][ T6154] Node 1 Normal: 179*4kB (UME) 55*8kB (UME) 40*16kB (UME) 209*32kB (UME) 77*64kB (UME) 26*128kB (UME) 14*256kB (UME) 3*512kB (UM) 2*1024kB (ME) 1*2048kB (E) 946*4096kB (M) = 3900772kB [ 148.055572][ T6154] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 148.055584][ T6154] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 148.055596][ T6154] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 148.055608][ T6154] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 148.055621][ T6154] 46012 total pagecache pages [ 148.055631][ T6154] 0 pages in swap cache [ 148.055636][ T6154] Free swap = 124996kB [ 148.055642][ T6154] Total swap = 124996kB [ 148.055648][ T6154] 2097051 pages RAM [ 148.055654][ T6154] 0 pages HighMem/MovableOnly [ 148.055659][ T6154] 421436 pages reserved [ 148.055664][ T6154] 0 pages cma reserved [ 148.341101][ T6168] fido_id[6168]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 148.533987][ C0] vkms_vblank_simulate: vblank timer overrun [ 150.427354][ T6192] ================================================================== [ 150.427374][ T6192] BUG: KASAN: slab-out-of-bounds in change_page_attr_set_clr+0x625/0xfc0 [ 150.427417][ T6192] Read of size 8 at addr ffff888028abc088 by task syz.1.84/6192 [ 150.427437][ T6192] [ 150.427449][ T6192] CPU: 1 UID: 0 PID: 6192 Comm: syz.1.84 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 150.427475][ T6192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 150.427490][ T6192] Call Trace: [ 150.427498][ T6192] [ 150.427509][ T6192] dump_stack_lvl+0x189/0x250 [ 150.427540][ T6192] ? __kasan_check_byte+0x12/0x40 [ 150.427566][ T6192] ? __pfx_dump_stack_lvl+0x10/0x10 [ 150.427593][ T6192] ? lock_release+0x4b/0x3e0 [ 150.427621][ T6192] ? __virt_addr_valid+0x4a5/0x5c0 [ 150.427651][ T6192] print_report+0xca/0x240 [ 150.427685][ T6192] ? change_page_attr_set_clr+0x625/0xfc0 [ 150.427727][ T6192] kasan_report+0x118/0x150 [ 150.427753][ T6192] ? change_page_attr_set_clr+0x625/0xfc0 [ 150.427794][ T6192] change_page_attr_set_clr+0x625/0xfc0 [ 150.427834][ T6192] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 150.427869][ T6192] ? __pfx_pagerange_is_ram_callback+0x10/0x10 [ 150.427899][ T6192] ? memtype_reserve+0x874/0xb30 [ 150.427938][ T6192] _set_pages_array+0x145/0x270 [ 150.427961][ T6192] drm_gem_shmem_get_pages_locked+0x2d0/0x440 [ 150.427990][ T6192] ? drm_gem_shmem_mmap+0x18b/0x450 [ 150.428019][ T6192] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 150.428047][ T6192] ? __pfx_drm_gem_shmem_object_mmap+0x10/0x10 [ 150.428083][ T6192] drm_gem_shmem_mmap+0x193/0x450 [ 150.428113][ T6192] drm_gem_mmap_obj+0x18a/0x4e0 [ 150.428137][ T6192] drm_gem_mmap+0x38d/0x640 [ 150.428159][ T6192] ? __pfx_drm_gem_mmap+0x10/0x10 [ 150.428182][ T6192] ? __mas_set_range+0x12f/0x3c0 [ 150.428258][ T6192] mmap_region+0x18c9/0x20f0 [ 150.428301][ T6192] ? __pfx_mmap_region+0x10/0x10 [ 150.428332][ T6192] ? trace_sched_exit_tp+0x36/0x110 [ 150.428358][ T6192] ? __schedule+0x1709/0x4c20 [ 150.428432][ T6192] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 150.428481][ T6192] ? bpf_lsm_mmap_addr+0x9/0x20 [ 150.428509][ T6192] ? security_mmap_addr+0x71/0x270 [ 150.428539][ T6192] ? shmem_mapping+0xd/0x50 [ 150.428573][ T6192] ? memfd_check_seals_mmap+0xcb/0x210 [ 150.428605][ T6192] do_mmap+0xc23/0x10c0 [ 150.428637][ T6192] ? __pfx_do_mmap+0x10/0x10 [ 150.428656][ T6192] ? rwbase_write_lock+0x56f/0x750 [ 150.428682][ T6192] ? __lock_acquire+0xab9/0xd20 [ 150.428708][ T6192] vm_mmap_pgoff+0x2a9/0x4d0 [ 150.428750][ T6192] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 150.428786][ T6192] ? __fget_files+0x2a/0x420 [ 150.428813][ T6192] ? __fget_files+0x3a6/0x420 [ 150.428836][ T6192] ? __fget_files+0x2a/0x420 [ 150.428862][ T6192] ksys_mmap_pgoff+0x4e9/0x720 [ 150.428884][ T6192] ? __x64_sys_mmap+0x7f/0x140 [ 150.428921][ T6192] do_syscall_64+0xfa/0xfa0 [ 150.428956][ T6192] ? lockdep_hardirqs_on+0x9c/0x150 [ 150.428991][ T6192] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.429014][ T6192] ? clear_bhb_loop+0x60/0xb0 [ 150.429040][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.429063][ T6192] RIP: 0033:0x7fb4a2adeec9 [ 150.429082][ T6192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.429102][ T6192] RSP: 002b:00007fb4a0d04038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 150.429126][ T6192] RAX: ffffffffffffffda RBX: 00007fb4a2d36180 RCX: 00007fb4a2adeec9 [ 150.429143][ T6192] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000 [ 150.429157][ T6192] RBP: 00007fb4a2b61f91 R08: 0000000000000007 R09: 0000000100000000 [ 150.429172][ T6192] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 150.429186][ T6192] R13: 00007fb4a2d36218 R14: 00007fb4a2d36180 R15: 00007ffe6f6d0398 [ 150.429220][ T6192] [ 150.429229][ T6192] [ 150.429245][ T6192] Allocated by task 6192: [ 150.429256][ T6192] kasan_save_track+0x3e/0x80 [ 150.429274][ T6192] __kasan_kmalloc+0x93/0xb0 [ 150.429293][ T6192] __kvmalloc_node_noprof+0x3fd/0x920 [ 150.429315][ T6192] drm_gem_get_pages+0x169/0xa30 [ 150.429349][ T6192] drm_gem_shmem_get_pages_locked+0x201/0x440 [ 150.429374][ T6192] drm_gem_shmem_mmap+0x193/0x450 [ 150.429397][ T6192] drm_gem_mmap_obj+0x18a/0x4e0 [ 150.429415][ T6192] drm_gem_mmap+0x38d/0x640 [ 150.429433][ T6192] mmap_region+0x18c9/0x20f0 [ 150.429460][ T6192] do_mmap+0xc23/0x10c0 [ 150.429476][ T6192] vm_mmap_pgoff+0x2a9/0x4d0 [ 150.429507][ T6192] ksys_mmap_pgoff+0x4e9/0x720 [ 150.429524][ T6192] do_syscall_64+0xfa/0xfa0 [ 150.429556][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.429575][ T6192] [ 150.429580][ T6192] The buggy address belongs to the object at ffff888028abc000 [ 150.429580][ T6192] which belongs to the cache kmalloc-192 of size 192 [ 150.429598][ T6192] The buggy address is located 0 bytes to the right of [ 150.429598][ T6192] allocated 136-byte region [ffff888028abc000, ffff888028abc088) [ 150.429620][ T6192] [ 150.429626][ T6192] The buggy address belongs to the physical page: [ 150.429642][ T6192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28abc [ 150.429662][ T6192] flags: 0x80000000000000(node=0|zone=1) [ 150.429678][ T6192] page_type: f5(slab) [ 150.429698][ T6192] raw: 0080000000000000 ffff88813ff263c0 ffffea0000c36ac0 dead000000000004 [ 150.429716][ T6192] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 150.429727][ T6192] page dumped because: kasan: bad access detected [ 150.429742][ T6192] page_owner tracks the page as allocated [ 150.429751][ T6192] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 58, tgid 58 (kworker/u8:3), ts 16253742564, free_ts 16252113312 [ 150.429787][ T6192] post_alloc_hook+0x240/0x2a0 [ 150.429814][ T6192] get_page_from_freelist+0x28c0/0x2960 [ 150.429840][ T6192] __alloc_frozen_pages_noprof+0x181/0x370 [ 150.429865][ T6192] alloc_pages_mpol+0xd1/0x380 [ 150.429886][ T6192] allocate_slab+0x96/0x3a0 [ 150.429914][ T6192] ___slab_alloc+0xb12/0x13f0 [ 150.429938][ T6192] __slab_alloc+0xc6/0x1f0 [ 150.429962][ T6192] __kmalloc_noprof+0x14b/0x7d0 [ 150.429981][ T6192] blk_rq_map_kern+0x1b7/0x650 [ 150.430004][ T6192] scsi_execute_cmd+0x2fb/0x1130 [ 150.430023][ T6192] scsi_probe_and_add_lun+0x55d/0x4580 [ 150.430052][ T6192] __scsi_scan_target+0x1dd/0xd10 [ 150.430082][ T6192] scsi_scan_host_selected+0x375/0x690 [ 150.430111][ T6192] do_scan_async+0x124/0x760 [ 150.430139][ T6192] async_run_entry_fn+0xa8/0x3f0 [ 150.430175][ T6192] process_scheduled_works+0xae1/0x17b0 [ 150.430209][ T6192] page last free pid 9 tgid 9 stack trace: [ 150.430227][ T6192] __free_frozen_pages+0xfb6/0x1140 [ 150.430247][ T6192] vfree+0x2ad/0x470 [ 150.430264][ T6192] delayed_vfree_work+0x55/0x80 [ 150.430286][ T6192] process_scheduled_works+0xae1/0x17b0 [ 150.430316][ T6192] worker_thread+0x8a0/0xda0 [ 150.430334][ T6192] kthread+0x711/0x8a0 [ 150.430355][ T6192] ret_from_fork+0x4bc/0x870 [ 150.430386][ T6192] ret_from_fork_asm+0x1a/0x30 [ 150.430416][ T6192] [ 150.430421][ T6192] Memory state around the buggy address: [ 150.430432][ T6192] ffff888028abbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 150.430448][ T6192] ffff888028abc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 150.430462][ T6192] >ffff888028abc080: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 150.430475][ T6192] ^ [ 150.430486][ T6192] ffff888028abc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 150.430501][ T6192] ffff888028abc180: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 150.430512][ T6192] ================================================================== [ 150.430647][ T6192] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 150.430666][ T6192] CPU: 1 UID: 0 PID: 6192 Comm: syz.1.84 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 150.430690][ T6192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 150.430705][ T6192] Call Trace: [ 150.430714][ T6192] [ 150.430723][ T6192] dump_stack_lvl+0x99/0x250 [ 150.430754][ T6192] ? __asan_memcpy+0x40/0x70 [ 150.430788][ T6192] ? __pfx_dump_stack_lvl+0x10/0x10 [ 150.430816][ T6192] ? __pfx__printk+0x10/0x10 [ 150.430852][ T6192] vpanic+0x237/0x6d0 [ 150.430875][ T6192] ? __pfx_vpanic+0x10/0x10 [ 150.430895][ T6192] ? preempt_schedule+0xae/0xc0 [ 150.430929][ T6192] ? __pfx_preempt_schedule+0x10/0x10 [ 150.430968][ T6192] panic+0xb9/0xc0 [ 150.430988][ T6192] ? __pfx_panic+0x10/0x10 [ 150.431012][ T6192] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 150.431055][ T6192] ? change_page_attr_set_clr+0x625/0xfc0 [ 150.431092][ T6192] check_panic_on_warn+0x89/0xb0 [ 150.431121][ T6192] ? change_page_attr_set_clr+0x625/0xfc0 [ 150.431155][ T6192] end_report+0x78/0x160 [ 150.431179][ T6192] kasan_report+0x129/0x150 [ 150.431205][ T6192] ? change_page_attr_set_clr+0x625/0xfc0 [ 150.431253][ T6192] change_page_attr_set_clr+0x625/0xfc0 [ 150.431292][ T6192] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 150.431329][ T6192] ? __pfx_pagerange_is_ram_callback+0x10/0x10 [ 150.431361][ T6192] ? memtype_reserve+0x874/0xb30 [ 150.431399][ T6192] _set_pages_array+0x145/0x270 [ 150.431424][ T6192] drm_gem_shmem_get_pages_locked+0x2d0/0x440 [ 150.431453][ T6192] ? drm_gem_shmem_mmap+0x18b/0x450 [ 150.431483][ T6192] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 150.431512][ T6192] ? __pfx_drm_gem_shmem_object_mmap+0x10/0x10 [ 150.431555][ T6192] drm_gem_shmem_mmap+0x193/0x450 [ 150.431587][ T6192] drm_gem_mmap_obj+0x18a/0x4e0 [ 150.431611][ T6192] drm_gem_mmap+0x38d/0x640 [ 150.431633][ T6192] ? __pfx_drm_gem_mmap+0x10/0x10 [ 150.431656][ T6192] ? __mas_set_range+0x12f/0x3c0 [ 150.431692][ T6192] mmap_region+0x18c9/0x20f0 [ 150.431736][ T6192] ? __pfx_mmap_region+0x10/0x10 [ 150.431767][ T6192] ? trace_sched_exit_tp+0x36/0x110 [ 150.431794][ T6192] ? __schedule+0x1709/0x4c20 [ 150.431868][ T6192] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 150.431917][ T6192] ? bpf_lsm_mmap_addr+0x9/0x20 [ 150.431945][ T6192] ? security_mmap_addr+0x71/0x270 [ 150.431976][ T6192] ? shmem_mapping+0xd/0x50 [ 150.432011][ T6192] ? memfd_check_seals_mmap+0xcb/0x210 [ 150.432042][ T6192] do_mmap+0xc23/0x10c0 [ 150.432067][ T6192] ? __pfx_do_mmap+0x10/0x10 [ 150.432086][ T6192] ? rwbase_write_lock+0x56f/0x750 [ 150.432113][ T6192] ? __lock_acquire+0xab9/0xd20 [ 150.432139][ T6192] vm_mmap_pgoff+0x2a9/0x4d0 [ 150.432179][ T6192] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 150.432225][ T6192] ? __fget_files+0x2a/0x420 [ 150.432252][ T6192] ? __fget_files+0x3a6/0x420 [ 150.432275][ T6192] ? __fget_files+0x2a/0x420 [ 150.432302][ T6192] ksys_mmap_pgoff+0x4e9/0x720 [ 150.432325][ T6192] ? __x64_sys_mmap+0x7f/0x140 [ 150.432363][ T6192] do_syscall_64+0xfa/0xfa0 [ 150.432400][ T6192] ? lockdep_hardirqs_on+0x9c/0x150 [ 150.432435][ T6192] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.432456][ T6192] ? clear_bhb_loop+0x60/0xb0 [ 150.432480][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.432502][ T6192] RIP: 0033:0x7fb4a2adeec9 [ 150.432521][ T6192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.432540][ T6192] RSP: 002b:00007fb4a0d04038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 150.432563][ T6192] RAX: ffffffffffffffda RBX: 00007fb4a2d36180 RCX: 00007fb4a2adeec9 [ 150.432581][ T6192] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000 [ 150.432597][ T6192] RBP: 00007fb4a2b61f91 R08: 0000000000000007 R09: 0000000100000000 [ 150.432612][ T6192] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 150.432626][ T6192] R13: 00007fb4a2d36218 R14: 00007fb4a2d36180 R15: 00007ffe6f6d0398 [ 150.432654][ T6192] [ 150.433046][ T6192] Kernel Offset: disabled