last executing test programs: 1m45.316823507s ago: executing program 1 (id=32): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() restart_syscall() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file2\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x9) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@uuid_off}]}) r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r3, &(0x7f0000000000)='./file0\x00', 0x80, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r3, &(0x7f0000000100)='./file1\x00', r3, &(0x7f0000000240)='./file0\x00', 0x0) link(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='./file1\x00') chroot(&(0x7f0000000040)='./file1\x00') r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb}) mlockall(0x3) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f0000000080)={0x0, 0xfc00}, &(0x7f0000000180)=0x8) syz_open_dev$sg(0x0, 0x0, 0x8002) 1m41.928608433s ago: executing program 1 (id=37): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800"], 0x48) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b80000001900"], 0xb8}}, 0x4004) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x11}, 0x80) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) setsockopt$inet_tcp_int(r2, 0x6, 0x11, &(0x7f0000000540)=0x8, 0x4) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00', @ANYBLOB="010000000000000000004400000008000300", @ANYRES32, @ANYBLOB="08002700851600000a0018000000000000000000"], 0x4c}}, 0x4000804) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 1m40.437185319s ago: executing program 1 (id=41): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x2, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) r4 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="38000000031401002dbd7000000000000900020073797a30000000000800410073697700140033006c"], 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={0xffffffffffffffff, 0x0, 0x0}, 0x10) connect$inet(r3, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000000c0)='veno\x00', 0x5) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4) preadv(0xffffffffffffffff, 0x0, 0x0, 0x91, 0x0) r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_SUBDEV_G_EDID(r5, 0xc0285628, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x0, 0x0, &(0x7f0000000640)='syzkaller\x00', 0xfffffff6, 0x71, &(0x7f0000000680)=""/113, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000700)={0x0, 0x3}, 0x8, 0x10, &(0x7f0000000740)={0x5, 0x9, 0x2a211361, 0x2}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000780)=[0xffffffffffffffff, 0xffffffffffffffff, 0x1], 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000900)={0xffffffffffffffff, 0xffffffffffffffff, 0x4, r6}, 0x10) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) 1m37.779868592s ago: executing program 1 (id=45): sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() restart_syscall() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file2\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x9) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@uuid_off}]}) r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r3, &(0x7f0000000000)='./file0\x00', 0x80, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r3, &(0x7f0000000100)='./file1\x00', r3, &(0x7f0000000240)='./file0\x00', 0x0) link(&(0x7f00000000c0)='./file0\x00', 0x0) chroot(&(0x7f0000000040)='./file1\x00') r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x67b}]}, 0x10) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb}) mlockall(0x3) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f0000000080)={0x0, 0xfc00}, &(0x7f0000000180)=0x8) syz_open_dev$sg(0x0, 0x0, 0x8002) 1m35.702819765s ago: executing program 1 (id=50): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() restart_syscall() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file2\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x9) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@uuid_off}]}) r3 = open(0x0, 0x0, 0x0) mknodat$loop(r3, &(0x7f0000000000)='./file0\x00', 0x80, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r3, &(0x7f0000000100)='./file1\x00', r3, &(0x7f0000000240)='./file0\x00', 0x0) link(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='./file1\x00') chroot(&(0x7f0000000040)='./file1\x00') r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb}) mlockall(0x3) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f0000000080)={0x0, 0xfc00}, &(0x7f0000000180)=0x8) syz_open_dev$sg(0x0, 0x0, 0x8002) 1m33.536054398s ago: executing program 1 (id=54): mkdir(&(0x7f0000000080)='./file1\x00', 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x3, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_SMAC={0x0, 0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x13}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8e}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r0, 0x901f0000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd) keyctl$read(0xb, 0x0, &(0x7f0000000240)=""/112, 0x349b7f55) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0xc, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x401, 0x0, 0x0, {0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}], {0x14}}, 0x7c}}, 0x0) remap_file_pages(&(0x7f0000a31000/0x2000)=nil, 0x2000, 0x2000005, 0x20, 0x0) symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00') mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) r4 = socket$inet(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r4, 0x0, 0x43, 0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000300)=@newlink={0x50, 0x10, 0x503, 0x70bd2c, 0x25d7dbfb, {0x0, 0x0, 0x0, 0x0, 0x80, 0x10200}, [@IFLA_LINKMODE={0x5, 0x11, 0x2}, @IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x4, 0x2, 0x0, 0x1, @void}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x40) 1m17.280607068s ago: executing program 32 (id=54): mkdir(&(0x7f0000000080)='./file1\x00', 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x3, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_SMAC={0x0, 0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x13}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8e}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r0, 0x901f0000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd) keyctl$read(0xb, 0x0, &(0x7f0000000240)=""/112, 0x349b7f55) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0xc, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x401, 0x0, 0x0, {0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}], {0x14}}, 0x7c}}, 0x0) remap_file_pages(&(0x7f0000a31000/0x2000)=nil, 0x2000, 0x2000005, 0x20, 0x0) symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00') mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) r4 = socket$inet(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r4, 0x0, 0x43, 0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000300)=@newlink={0x50, 0x10, 0x503, 0x70bd2c, 0x25d7dbfb, {0x0, 0x0, 0x0, 0x0, 0x80, 0x10200}, [@IFLA_LINKMODE={0x5, 0x11, 0x2}, @IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x4, 0x2, 0x0, 0x1, @void}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x40) 18.051524782s ago: executing program 5 (id=176): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) r0 = syz_open_dev$vim2m(&(0x7f0000000440), 0x8, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x3, 0x2, 0x4}) ioctl$vim2m_VIDIOC_EXPBUF(r0, 0xc0405668, &(0x7f0000000100)={0x18, 0x3, 0x2, 0x880}) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r1, 0x4b6a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000500)=[{&(0x7f0000000000)='0', 0x1}], 0x1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f00000000c0)='./file0\x00') mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) syz_open_dev$video(&(0x7f0000000000), 0x3, 0x4002) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4000080) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x1}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x8, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000001000000bca30000000000002403000040feffff720af0ff0000000071a4f0ff000000001f030000000000002e0a0200000000002600000000ff000e61145000000000001d430000000000007a0a00fe00581c1f61144c0000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fdb6153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff46248843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae543d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80aba439772bf60a1db18c472dafc5569adc2c406f39f82928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fb705b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08a1a4b94cb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f1d2156befec432e8e993c79027b7ef285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdc0500000000000000b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb87d9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e28488b0522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b2676c07bb0fd14020a66718378825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e508f45e3f10857038a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a72faacf80346b3b669615f2710eb8df39fc8c04d2c9c196fa6facfea613569a35cde6451f2edf55ce25c7d72ec7ea85a92458c0559ca3a94727d495bd4671a55a70bc544d71d8e0257707a31936f1adf224077310a86bf447ec92c650acca8c6b0721020894b06178c32f4472d17174d6eb2b067030c5d2c12583f46d2da7fba42d4083259c7cdc8bf1f4299c248865d3c809356c3ed"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r7}, &(0x7f0000000240), &(0x7f00000003c0)=r2}, 0x20) 12.215684072s ago: executing program 2 (id=188): openat$uhid(0xffffffffffffff9c, &(0x7f0000000300), 0x802, 0x0) (async) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00') r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB="a3f48d2086b8ef39fd449adaa5cc962f9c42b6d03d122752e0dfc9865ba70c1f0ad6f7195ad406c8a8f31af9eae33dd4fd0e5284296fc2ee8a99b910f9f2a1a80498611466a45ec20b6afb202ead73d4f66b9853fdd9a3cfc568e24ed225369353cd6f99268157129bac524ebe2baca9987a3b012c96d8ea25"]) (async) r2 = socket$netlink(0x10, 0x3, 0x0) (async) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x4}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x58}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockname$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000100)=0x5c) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="70010000100001080300"/20, @ANYRES32=r6, @ANYBLOB="0b0000000000000050011a8018000a8014000700fe8000000000000000000000000000aa300002"], 0x170}}, 0x0) 11.794823076s ago: executing program 0 (id=189): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() restart_syscall() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file2\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x9) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@uuid_off}]}) r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r3, 0x0, 0x80, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r3, &(0x7f0000000100)='./file1\x00', r3, &(0x7f0000000240)='./file0\x00', 0x0) chroot(&(0x7f0000000040)='./file1\x00') r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x67b}]}, 0x10) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb}) mlockall(0x3) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f0000000080)={0x0, 0xfc00}, &(0x7f0000000180)=0x8) syz_open_dev$sg(0x0, 0x0, 0x8002) 11.588444066s ago: executing program 4 (id=190): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_ifreq(r0, 0x8995, &(0x7f0000000100)={'bond0\x00', @ifru_names='veth0_to_hsr\x00'}) r1 = socket(0x840000000002, 0x3, 0x101) sendmmsg$inet(r1, &(0x7f0000001dc0)=[{{&(0x7f00000001c0)={0x2, 0x2, @remote}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000240)="a9050000000074640001000000000000", 0x10}, {&(0x7f0000000040)="82a0993c", 0x4}], 0x2}}], 0x1, 0x24004044) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) syz_usb_connect(0x5, 0x51, &(0x7f0000000000)=ANY=[@ANYBLOB="120101024cf1c50863070210845f0102030109023f0001000000000904000005ff87e7000905ee63dd0000000009050300000000000009050cf2010002060209050f0000004000000905d8"], &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0}) poll(&(0x7f00000000c0)=[{r2, 0x12}], 0x1, 0x7) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_PREPARE_BUF(r3, 0xc058565d, &(0x7f00000004c0)=@multiplanar_overlay={0x4, 0x3, 0x4, 0x20, 0x4000000, {}, {0x3, 0x0, 0x8, 0xc0, 0x2c, 0x1, "ccabbc84"}, 0x7fff, 0x3, {0x0}, 0x8}) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="110000000400000004000000f7ffffff40100000", @ANYRES32, @ANYBLOB="000000000000000000000000000000000000001a", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r6 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x7) lseek(r6, 0x0, 0x1) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r4, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0x2, 0xfffd}, &(0x7f0000000300)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x85, &(0x7f0000000880)={r7, @in6={{0xa, 0x4e22, 0x1, @mcast2, 0x1f8}}, 0x1, 0x1ba0}, 0x90) r8 = socket$inet6(0xa, 0x2, 0x0) syz_emit_ethernet(0x6a, &(0x7f0000000340)={@broadcast, @dev, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x3, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x6558, 0x0, 0x0, [0x0]}, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x800, [0x0]}, {}, {0xdd86}}}}}}, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000005c0)={r2, 0x58, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000840)={0xffffffffffffffff, 0x20, &(0x7f0000000780)={&(0x7f0000000640)=""/213, 0xd5, 0x0, &(0x7f0000000740)}}, 0x10) r11 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000940)='fd/3\x00') bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0xc, 0xa, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0xffff}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r5}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}]}, &(0x7f0000000440)='GPL\x00', 0x5, 0x8a, &(0x7f0000000480)=""/138, 0x41000, 0x0, '\x00', r9, @fallback=0x1d, 0xffffffffffffffff, 0x8, &(0x7f0000000600)={0xa, 0x3}, 0x8, 0x10, 0x0, 0x0, r10, 0xffffffffffffffff, 0x6, &(0x7f0000000980)=[r5, r11, r2], &(0x7f0000000a40)=[{0x4, 0x4, 0xf, 0x5}, {0x2, 0x5, 0x7, 0x1}, {0x4, 0x5, 0x5, 0x7}, {0x5, 0x1, 0xe, 0x8}, {0x2, 0x5, 0x1, 0x3}, {0x0, 0x5, 0x7, 0xa}], 0x10, 0x5, @void, @value}, 0x94) sendmmsg$inet6(r8, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000180)="aabbcc", 0x3}], 0x1}}, {{&(0x7f00000001c0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, &(0x7f0000000200)}}], 0x2, 0x0) 10.695217711s ago: executing program 2 (id=192): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x242, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'virt_wifi0\x00', 0x1003}) syz_emit_ethernet(0x4a, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6004000000140600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="6eaf40e006ed4825"], 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106a05310300000000000109022400010000800009040002010300010009210000000122f80409058103"], 0x0) syz_emit_ethernet(0xae, &(0x7f0000000240)={@random="01008040000b", @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x78, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x5, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1803"}, {0x0, 0x1, "00e9fff8fef50000000000a2"}, {0x1, 0x1, "fe906d26efe3"}]}}}}}}, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={0xffffffffffffffff, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x40) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002040)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="184ee3b12570d7cc74"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0xf, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x34, r2, 0x1, 0x0, 0x0, {0x2, 0x2, 0x2}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'nicvf0\x00'}]}, 0x34}, 0x1, 0x40030000000000}, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r5, &(0x7f0000000100), 0x208e24b) r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_G_FMT(r6, 0xc0d05604, &(0x7f0000000400)={0x9, @win={{0x5, 0xffffffff, 0x0, 0x1000000}, 0x7, 0x10000, 0x0, 0x6, 0x0, 0x5}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0) preadv(r5, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000056f000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x14) r7 = add_key$user(&(0x7f00000000c0), &(0x7f0000000180)={'syz', 0x2}, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffb) ioctl$TUNSETOFFLOAD(r5, 0x400454d0, 0x1) pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r7, r8, 0x100000000000f7) fsconfig$FSCONFIG_SET_PATH_EMPTY(r8, 0x4, &(0x7f0000000240)='\x00', &(0x7f0000000280)='./file0\x00', 0xffffffffffffff9c) add_key(0x0, &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) 10.680852757s ago: executing program 0 (id=193): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000400000008"], 0x48) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xb8}}, 0x4004) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x11}, 0x80) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYRES16=r2, @ANYRES32], 0x54}, 0x1, 0x0, 0x0, 0x4010}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x11, &(0x7f0000000540)=0x8, 0x4) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="a800000000010904000500000000000002000000240001801400018008000100e000000108000200ac1e01010c000280050001000000090024000280"], 0xa8}}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00', @ANYBLOB="010000000000000000004400000008000300", @ANYRES32, @ANYBLOB="08002700851600000a0018000000000000000000"], 0x4c}}, 0x4000804) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 10.550200933s ago: executing program 5 (id=194): syz_io_uring_setup(0x110, 0x0, 0x0, 0x0) syz_open_dev$vcsn(&(0x7f0000000180), 0x0, 0x26642) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0xffffffb3, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_open_pts(r3, 0x0) io_setup(0x7, &(0x7f0000000000)) close_range(r3, 0xffffffffffffffff, 0x0) 9.665400196s ago: executing program 3 (id=195): mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f0000000400)=""/132, 0x84) 8.83509419s ago: executing program 0 (id=196): r0 = socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000008881dc5d3bac9500000000000000bf91000000000000b7020000030000008500000084000000b7000000000000009500"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r6 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x1e, &(0x7f0000000040)=0x1, 0x4) r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r7, 0xc0045005, &(0x7f0000001180)=0x2000000) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r7, 0x0) epoll_create1(0x0) ioctl$SNDCTL_DSP_GETOPTR(r7, 0x5008, 0x0) ioctl$SNDCTL_DSP_SYNC(r7, 0x5001, 0x0) r8 = socket$inet6(0xa, 0x2, 0x3a) sendmmsg$inet6(r8, 0x0, 0x0, 0x240000d4) ioctl$SNDCTL_DSP_GETOSPACE(r7, 0x8010500c, &(0x7f00000000c0)) prctl$PR_SCHED_CORE(0x3e, 0x4, r1, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x40, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00, 0x0, 0x157f}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @multicast}]}, 0x40}}, 0x0) socket$inet6(0xa, 0x6, 0xb4de) 8.776444568s ago: executing program 3 (id=197): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() restart_syscall() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file2\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x9) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@uuid_off}]}) r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r3, &(0x7f0000000000)='./file0\x00', 0x80, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r3, &(0x7f0000000100)='./file1\x00', r3, &(0x7f0000000240)='./file0\x00', 0x0) link(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='./file1\x00') chroot(&(0x7f0000000040)='./file1\x00') r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x67b}]}, 0x10) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb}) mlockall(0x3) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f0000000080)={0x0, 0xfc00}, &(0x7f0000000180)=0x8) syz_open_dev$sg(0x0, 0x0, 0x8002) 8.632731574s ago: executing program 5 (id=198): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x35c, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x280, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000045c33f08ac05470223b0001e00010902120001000000000904ac0000100200"], 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/pmtu_disc\x00', 0x2, 0x0) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r1, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES16=r2, @ANYBLOB="00082cbd7000fcdbdf25420000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000d0087006c325f64726f70730000000005008300000000000e0001006e657464657673696d0000000f0802006e657464657673696d3000000d0087006c325f64726f7073000000000500830001000000080001007063690011000200303030303a30303a31302e30000000000d0087006c325f64726f7073000000000500830001000000"], 0xb8}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000800) syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000080)=0x90e, 0x4) sendto$inet(r3, &(0x7f0000000100)="1ce0", 0xffeb, 0x0, &(0x7f0000001100)={0x2, 0x0, @private}, 0x10) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f0000000240)=[@mss, @sack_perm, @timestamp, @mss={0x2, 0x1}, @window, @window={0x3, 0x0, 0xfffc}, @timestamp, @timestamp], 0x8) migrate_pages(0x0, 0x7, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000140)='cdg\x00', 0x4) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0), 0xc7) sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11) recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) r5 = socket$nl_route(0x10, 0x3, 0x0) listen(r5, 0xffff) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) 7.532698383s ago: executing program 0 (id=199): sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file2\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x9) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r3, &(0x7f0000000000)='./file0\x00', 0x80, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r3, &(0x7f0000000100)='./file1\x00', r3, &(0x7f0000000240)='./file0\x00', 0x0) link(0x0, &(0x7f0000000140)='./file1\x00') chroot(&(0x7f0000000040)='./file1\x00') setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x67b}]}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) mlockall(0x3) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000080)={0x0, 0xfc00}, &(0x7f0000000180)=0x8) syz_open_dev$sg(0x0, 0x0, 0x8002) 7.371438224s ago: executing program 3 (id=200): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() restart_syscall() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file2\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x9) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@uuid_off}]}) r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r3, &(0x7f0000000000)='./file0\x00', 0x80, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r3, &(0x7f0000000100)='./file1\x00', r3, &(0x7f0000000240)='./file0\x00', 0x0) link(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='./file1\x00') chroot(&(0x7f0000000040)='./file1\x00') r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x0, &(0x7f0000000340)}, 0x10) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 7.370246054s ago: executing program 4 (id=201): mkdir(&(0x7f0000000080)='./file1\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x901f0000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffe) 5.624354267s ago: executing program 0 (id=202): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r0, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000140)={0x30, 0x1, 0x8, 0x801, 0x0, 0x0, {0x2, 0x0, 0x3}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x2f}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x3a}]}, 0x30}, 0x1, 0x0, 0x0, 0x40800}, 0x4) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x1c, 0x2, 0x3, 0x201, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x2, 0x0, 0x2a}}]}, 0x1c}}, 0x4000040) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000200000000001200000085000000230000003f0000000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) (async) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r2, &(0x7f0000000240)={0x24, &(0x7f0000000480)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) syz_usb_control_io$hid(r2, 0x0, 0x0) (async, rerun: 32) read$FUSE(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 32) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0) (async) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) (async) creat(0x0, 0x0) (async) syz_io_uring_setup(0x49a, 0x0, &(0x7f0000000340), 0x0) (async) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000000c0)='dctcp\x00', 0x6) (async) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) (async) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) (async) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000180)='htcp\x00', 0x5) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async, rerun: 32) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async, rerun: 32) mknod(0x0, 0x800, 0x5) (async, rerun: 32) r4 = getpid() (rerun: 32) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async, rerun: 64) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) (rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 5.055976147s ago: executing program 4 (id=203): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@upperdir={'upperdir', 0x3d, './file1'}}]}) 4.151294435s ago: executing program 5 (id=204): r0 = socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000002200)=ANY=[@ANYRESOCT=r2, @ANYRESHEX=r2, @ANYRES64], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000900000000000000000000001811"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_int(r5, 0x6, 0x1e, &(0x7f0000000040)=0x1, 0x4) r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r6, 0xc0045005, &(0x7f0000001180)=0x2000000) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r6, 0x0) epoll_create1(0x0) ioctl$SNDCTL_DSP_GETOPTR(r6, 0x5008, 0x0) ioctl$SNDCTL_DSP_SYNC(r6, 0x5001, 0x0) r7 = socket$inet6(0xa, 0x2, 0x3a) setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, 0x0, 0x0) ioctl$SNDCTL_DSP_GETOSPACE(r6, 0x8010500c, &(0x7f00000000c0)) prctl$PR_SCHED_CORE(0x3e, 0x4, r1, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00, 0x0, 0x157f}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}]}, 0x34}}, 0x0) socket$inet6(0xa, 0x6, 0xb4de) 4.141254182s ago: executing program 3 (id=205): r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180)=0xffffffffffffffff, 0x4) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f00000004c0)=@assoc_value={0x0}, &(0x7f00000001c0)=0x8) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000f00)={'wlan0\x00', &(0x7f0000000500)=@ethtool_test={0x1a, 0x5, 0x9, 0x6, [0x6, 0x6593, 0x81, 0x40, 0x7fffffff, 0xd]}}) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r2, 0x84, 0x70, &(0x7f0000000240)={r4, @in6={{0xa, 0x4e20, 0x5, @remote, 0x9}}, [0xbdb, 0x5, 0x6, 0xffffffffffffffff, 0x10001, 0x0, 0x8, 0x1, 0x80000001, 0x5, 0x1ff, 0x0, 0x7, 0x5, 0xfff]}, &(0x7f0000000000)=0x100) getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000480)={r4, 0x4, 0x9, 0x800001, 0x10001, 0x3}, &(0x7f0000000200)=0x14) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_time\x00', 0x26e1, 0x0) close(r6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) ioctl$SIOCSIFHWADDR(r6, 0x8b04, &(0x7f0000000000)={'wlan1\x00', @random="c300"}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000d0ff00000000000000000000851000000600000018000000", @ANYRESOCT, @ANYRES8], &(0x7f0000000000)='GPL\x00', 0xfffffff8, 0xde, &(0x7f0000000340)=""/222, 0x0, 0xc, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000440), 0x781003, 0x0) 4.135226798s ago: executing program 2 (id=206): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000400000008"], 0x48) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4004) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x11}, 0x80) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYRES16=r3, @ANYRES32], 0x54}, 0x1, 0x0, 0x0, 0x4010}, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x11, &(0x7f0000000540)=0x8, 0x4) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="a800000000010904000500000000000002000000240001801400018008000100e000000108000200ac1e01010c000280050001000000090024000280"], 0xa8}}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00', @ANYBLOB="010000000000000000004400000008000300", @ANYRES32, @ANYBLOB="08002700851600000a0018000000000000000000"], 0x4c}}, 0x4000804) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 3.897947921s ago: executing program 4 (id=207): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4ccb6902f3f19b660a2a4679c84be7a5147ff2e90979412570b3b95b00f3765da1e52fa7c4710fde634777648a2e91194548eb807a1208003ba0a62a1bc0653fbffa47996937952a428042984f093c47a2f6a2ed15d5515068ffbc69dcc3225439925d81", @ANYRESOCT=r0], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000300)={0x18, 0x0, 0x0, {0xfffffffffffffffa}}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="10"], 0x10) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="a8"], 0xa8) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000000580)={r2, 0x1, {0x0, 0x0, 0x0, 0x5dcc, 0x5, 0x0, 0x2, 0x1a, 0xc, "0510cc2580d144ae2f2c4707d1dd833a5eee64d04cec855a649406350c41aa7a231ec210d7ce3799375e448c889f0eaa4fb3454b68ae64f8b778ad21702d127e", "793b091b622e50d04dc9dc571cc648009a7ff9e9140c0f562f0c0710bebaa7ba8c42c9ec0d0672cf91720ceba7df2197f8e156a7eeed71be604221e919306cc5", "99465bf2014c78ab87588163c3dfb703000000000000009dc3a0d122edb17a9a", [0xd, 0xd9]}}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000100)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)) 3.022487881s ago: executing program 2 (id=208): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800"], 0x48) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b80000001900"], 0xb8}}, 0x4004) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x11}, 0x80) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x11, &(0x7f0000000540)=0x8, 0x4) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="a800000000010904000500000000000002000000240001801400018008000100e000000108000200ac1e01010c000280050001000000090024000280"], 0xa8}}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00', @ANYBLOB="010000000000000000004400000008000300", @ANYRES32, @ANYBLOB="08002700851600000a0018000000000000000000"], 0x4c}}, 0x4000804) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r3, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2.849544917s ago: executing program 5 (id=209): r0 = socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000008881dc5d3bac9500000000000000bf91000000000000b7020000030000008500000084000000b7000000000000009500"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r6 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x1e, &(0x7f0000000040)=0x1, 0x4) r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r7, 0xc0045005, &(0x7f0000001180)=0x2000000) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r7, 0x0) epoll_create1(0x0) ioctl$SNDCTL_DSP_GETOPTR(r7, 0x5008, 0x0) ioctl$SNDCTL_DSP_SYNC(r7, 0x5001, 0x0) r8 = socket$inet6(0xa, 0x2, 0x3a) sendmmsg$inet6(r8, 0x0, 0x0, 0x240000d4) ioctl$SNDCTL_DSP_GETOSPACE(r7, 0x8010500c, &(0x7f00000000c0)) prctl$PR_SCHED_CORE(0x3e, 0x4, r1, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x40, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00, 0x0, 0x157f}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @multicast}]}, 0x40}}, 0x0) socket$inet6(0xa, 0x6, 0xb4de) 2.650230854s ago: executing program 3 (id=210): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) r1 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(r1, 0xc0189376, &(0x7f0000000300)={{0x1, 0x1, 0x18, r0, {0xfffffffe}}, './file0\x00'}) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000240)={0x3, {{0x2, 0xffff, @multicast1}}}, 0x88) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000000)={0x1, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @remote}}}, 0x108) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f00000003c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @local}}}, 0x108) 2.418421563s ago: executing program 2 (id=211): r0 = socket$xdp(0x2c, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth1_to_batadv\x00', 0x0}) bind$xdp(r0, &(0x7f00000001c0)={0x2c, 0x8, r2}, 0x10) 1.254653429s ago: executing program 4 (id=212): setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, 0x0) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000)) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) syz_init_net_socket$ax25(0x3, 0x3, 0xcb) ioctl$sock_ifreq(r5, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000200)={'gre0\x00', &(0x7f0000000040)={'gre0\x00', 0x0, 0x40, 0x10, 0x7fff, 0x9, {{0x6, 0x4, 0x3, 0x3c, 0x18, 0x66, 0x0, 0x6b, 0x29, 0x0, @broadcast, @remote, {[@lsrr={0x83, 0x3, 0x23}]}}}}}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r6, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r7 = socket$phonet_pipe(0x23, 0x5, 0x2) accept4$phonet_pipe(r7, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4e, '\x00', 0x0, @cgroup_skb=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 729.869444ms ago: executing program 3 (id=213): r0 = socket(0x1e, 0x4, 0x0) recvmmsg(r0, &(0x7f00000003c0)=[{{0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000700)=""/199, 0xc7}, 0x5e63b621}], 0x1, 0x60000062, 0x0) sendmsg$tipc(r0, &(0x7f0000000200)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x3, {0x1, 0x1, 0x2}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000500)="e8", 0x1}], 0x1}, 0x4800) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9", 0x32, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$TCXONC(r3, 0x540a, 0x36296a1bc94b44d2) mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0) r4 = open(&(0x7f0000000100)='./bus\x00', 0x143142, 0xa2) write$FUSE_INIT(r4, &(0x7f0000000140)={0x50}, 0xffd3) write$fb(r4, &(0x7f00000006c0)="33c2aaa88c843884e1889402645c0915d89de3d16af1f8bb653db9bbfe953bf5e331630b38f362cc8dd4a58de197", 0x2e) r5 = syz_open_dev$vim2m(&(0x7f0000000080), 0x255f, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000380)={0x1, 0x1, 0x0, "c8010000000a0001000012e25c2299230600", 0x4745504d}) r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r6, 0x4008af60, &(0x7f0000000400)={@host}) ioctl$VHOST_VSOCK_SET_GUEST_CID(r6, 0x4008af60, &(0x7f0000000040)={@my=0x0}) epoll_create1(0x80000) read$FUSE(r4, &(0x7f00000079c0)={0x2020}, 0x2020) r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x17, 0x0, 0x8400, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={0xffffffffffffffff, 0x0, &(0x7f0000001780)=""/4096}, 0x20) r8 = dup(r7) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000001a00010028bd7000fedbdf25818880000000000000000000140002"], 0x30}}, 0x884) write$P9_RLERRORu(r8, &(0x7f0000000540)=ANY=[@ANYBLOB="7e0000000700007100b1c81d0e312cf7d91d7e0fc5ce503f36d5350000b0a34dc92dee34255ced5490f0e88277415dd2578566ba182e73e810a9895de433603153a931ca0e8143f1f3a254081a1bb94b88320d620a4b13fed58ccdde68d14909342c680000000000000000000000c8000000278f9330e64647a9cc7d60fad7076d934bb8e9d86300"/149], 0x7e) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff000000004d040000000000002d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4400ae8f, &(0x7f0000000000)=@arm64={0x9, 0xfc, 0x2, '\x00', 0x8001}) 728.037166ms ago: executing program 5 (id=214): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b8000000190001"], 0xb8}}, 0x4004) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x11}, 0x80) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYRES16=r3, @ANYRES32], 0x54}, 0x1, 0x0, 0x0, 0x4010}, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x11, &(0x7f0000000540)=0x8, 0x4) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="a800000000010904000500000000000002000000240001801400018008000100e000000108000200ac1e01010c000280050001000000090024000280"], 0xa8}}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00', @ANYBLOB="010000000000000000004400000008000300", @ANYRES32, @ANYBLOB], 0x4c}}, 0x4000804) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 726.947598ms ago: executing program 2 (id=215): openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) munlockall() (fail_nth: 1) 671.977414ms ago: executing program 0 (id=216): openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_procfs(r0, &(0x7f0000000400)='ns\x00') prctl$PR_SCHED_CORE(0x3e, 0x2, r0, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000500)="17cf9457cb5c2093316c9db748df44857f8e7e81eb0dbc584de4b827a21ccd2c2a6dee94a4db50af9b2c5f6ea2cd6200bbaf33586a06cf268fba82587e6ad91e6b13986cb973d75ddf069235def93d4b9f8c02cc394f970fb4595830a7634e761b798a756a53cebc34a91fc01f91ae9e237ce33c96260d52704cdfcf83ca502f27a51c0551f6abecff603cd837c7ad1b0830ba91c135a1074d1727fca60718a8f343bf5f76a2a2bfc10034741efab418fc477068bee78ec4dbdd445dc67506ae65a1a1e195cc11f582ed3dd4279cc1ea99d263151e069f40ea1b2366553b454c5589d9e877adc91f083b683008c415d9d93ea76374f5dca420c9a001fc6c4f22688481f3fe73c3418df1253ec43328e49de261900ee59aa223ec5d6e956d20dcc945337ce8308d94d2375d30a747d75905473b9a56b8006db13b078203abbfece3d46f7da47afed52fdb2b5c472ef44b0572b842298d57803b4fcf797211761f8b59e506af0f72acf357bde778a9983bb202e81864cfbe8e71b0a22f43411a2b04310806af33c7b8fc9b153bcb481989fa0a74c2b611daf14135a3e9cce27bb8c5b7a5e93ffde044c4194a4bcd7d33d8ec499c14bf39d85a841b4f2c911935db8344e9b5043dd4714b9ef9851d16c7676a58705a9536ef0d811cfaa2da4720561ba878d32e0ebbe1d4ee220c4c432a9ab7245b2608433fd1011a71247ab684f21b597ee2b7a69a9fb21a2145c18e32bfd685329a3075e449d36597d67a4958bc5357c40713fe07aae39e6da174e11d2c26b88704b9bc13f8d5d84f9eb8cc0d91a01b8f1b51f9f547874be0b165ceb712849934974bbd4e330599dd0c0a4fcb0c1a99ca839f492188ecd9061858b696f6ae0adbd0146c67bf90ac7f5f0445d5c2a8a1968cf4b47f5abad11e44fda641d6db3789730d7e5956737ef393a6a567849c92772d368d6eb9f7d36b82e30a2e1b45c784df38d70d959e1d49f2ae1bf44e5276be06688df60d03a4db6fbd40b85857678080db118f45bd2a6e7c4f6e45ee0d875ec2514022ee6dbdf5316a88622987d63a3a09cf1509f9fcebc91365ec1edd7683d1c8aa0200d2358e901f2ecf81398bc23dca456a757cf777e8bac73d97607867c767416b6736113abf733c33f18eb66de20db33ff1c60705c3ddba2e73b5ffa0ffb182dc1b343e085863cea5e6d0487f04112e9e1611284ddd1eb5f02097058d330a0ffedc252bd8a23f323469ee7c2ad86939eb457549479c857992603be186c300a2013af7eedd26a7db9eda0ae43bed44f4223096c25422efbd9225aa4ab42eed0b5489319edb3bc29bf06cf654d5a0bb8d0eaa09c74ddd935a2ab9742ace33efab8301ec5b04c19c4657a7503a8f22d6271c68bda5d31eb0d86bbc8a606d2fb3a2c98be0d3663ac568f740f9814a14d32b31642411a7c114e54127e02dbf7a37ea14da224447b946473ed8677a8b430ba105871b216120a9540a52c52340c67a9fb6b614767c95fe822fa8f0d0d2fcfd564fec8330b3150693934f9a078a9bf1c99413e0e91451070754e5971126a842f054dd36a562820fe8c0c0404f2b37aaabce5030326e0f6b5174c7a6c9a0bea8ef58d241bd0252eb97ef87c1b2833dd770e4cfe4e3ebbc7da3a5b918c3e53f80149ad612478c96f2b46d3ff699008de63a3ba97c7774b9f1a7d016bfdee200eb3c3f59220fabe68a8da70b06c0d874e9dc16fb830fdfa5942a50d8c350fae39f566a14ad6cbb080771090048e7c683d75581d639dbead1c5f2ae46f413d37bae0df93c0ad4660ddf2cec93d370ae80a242e529388f948acc430186ef640df852457fb2f76b36f5d43a96904f2681f3d101ae082bf6901f6062ac62b946a31cd80ae474e082f2cb0343713c2f4e92233c2045bdaa78621d9d68bd1b26d441936b07d28d10cbb227b7f426325c1be2ee5345f02612c43681b1de69fa4c038cf67c14214b48a81a28d6a8e9d53f0d90070013568fe37c7c758f1f897e3e2e9591f11662aad6e9a7c876ab165bb9b9c397c25c2fce141ba0f064989b3d88759d11bb85504cd2c954926ee1c7671c4d11ed10ea186485fbb1ea19bff69687309942aed5228b44cbab641e268a8cb94a13fb85a09162028b9362e4a54c13e483d40b78f98517988dfeda8e57175991a942c18702962adbe60f28a8d098e3e8a811690eb1eceff0856d28e5f6fd76b0bd98fca3d6466c0efc2cd23c2ce1e6cade48571bed696baeff1541f7cc1f36c2277657bea295c54747bcb833fb846bbd7963664f6c8469cf513a7703df909e48e54f797d7fe1f4d15784f96ff5cc8dace75eed9058cc0c4874e5e0d6bb302f1d8dca079533ca35c1c43e18ab0550daa611098e5e4f00dac096918209236f2385c8ca875a852a4394eb3baed0cb91ad6cdf62058816396574779eafd82459dc8cb3ac47bd89d6817f41d8bfe4e3a96d31bc0bbadc69bc5a21874d9d820846b7490a6e70b292a4066e30872908c4e0a3509e8a930f1f77a4aa8f21861751e542ade511bb46b4a3018e0c46ef815e6ed73873aa2dfdc65cb93a86cc9ab650db9fa4c01cfb4624ac70fecf2a015235cec1c6aba038520eeaf3d8c9053444452c2ace916120ad9cc4a34799d0da33a612134a96a32464b7de9f99ae549ce4208f57dc6bf906a83598bcf963dc06ba05667f0356dda2bffd32d860084c593305851bb32edb30ef3e61f702d9934642821eea75c0a9a21179a7abb7b48f425c1d427f29383546aea30caa5223b42feac73e95f8c75c358e2d133a0e4612f2a2f6feedc94fceb54a783d4c2aaaf9508d421fa5df19a9295cded51e2a9969af67cdb8e87bc2c40cce33f89fd69dfdddbc0c8684e6de9c5f87153d7bf015f9fed41e20995c13364df03fee8cbf4a7f851eb28e6db84af6cc41970176cbe39fb5d149c68a244a60ba18162be1b4ec70e55aace662d03d02cbd068b0f03caa344928dcc2870bd9a725d9e470ec7e6b2ce9da905911ada39cda1a33b45d3045745e324a00a3bc8c582a26fbe2b985a9d7fc6c7d0477ffedd507b795248841668bc1fcb77b173d9b528178056940d48ddb898515ec4ffafc86f61e59aa10f6181a8b1261b9e012ec186845a63feff2746cc33de08900f88c9f85b5320ddbfc8d9ab80e7a65877a4841dab56f22e592933f82e76f84aad5273d5e0d178585c0108acf0bbe713d32aa203f5d261396e368b215b5b7a75efa8450225bce0db836681f06012c2f0c4db066f7e5b158d1662bc4caca66cc8c78be18be6329a462035df958aa778e1b216592b456171980b7a4a284987ab7f74730043d23d4714d690289f3eda0642f6d3eaeb55d756f1f21c4d43c0d087f1226966db64550881a7ca0f2433abfd306f6be5ee38ebd34436a7735f5bda022381766ba56f183b51d4052448d4c471da8381ce81b2c630623586b68ddf7cb7941c3ddd3a58f62f94109dac11fceb23fbae15b1d3393e2fcf1a9c6f34e3224740477b5117c202346d99d461051e4cc37656bf19247ba4dee073ed89355bd75fa68dd58ea00d7e74882eedfec73876d8b38d9b1582c9d6f0e885f5456cc5229a9e7fedb4d32b904d2cb4b73aa0f33f837d09730cafec5687960dcea970ace40c128d3aae6f424f9ec6718791e67c1c85495dc46736337a176cf0dfdae869ac91d6e35cb8fee922b36431a21540951506232ba0b3cd3701c7348eb66e046ff74254a0e099e35cb9af060351ac2a95a2da1dc255ce35df633dc4764fb2510f6c92d8b50ed8ba07a8f340026092c063f832b46837821d26c1c646909b0379e3933aaede53be7b984dc5442ce8db490bab952851b6a03ac89004f77ad35c39bb027c3ed5d7d363766483f2c371d25259933c83190cfdf387802ddcc8374437dcfe943375341f94adddfd6306dca9a900d388c370430d9620540271d10c968728973bd85355fa87685477f05a07adf682e0b0abbd3164492d9f8f4c43fb737e7f0bcf82f5d36b58031d34375ed77a2a68533c73c7015849c6447df7efa57fb06d645732abd19a5817abc2636df98ccb9450b064f18550aec15a6c219abcd370ac1f9af5cb60a2d98a27ed5a9b00b6de1722f8072fb740084e7246c578cfae48d0f27ba1a9a3e1b47879b96e0a55e54cf8885e54ff1e2a1e2b79310eba5c88dc580f67b727788b544a6de6ace6c93a4253f9e62172b94f0452ef3fc7506a2c9c2993acc791b892148fd111acc179f79fe5b832eb9acbc61c4f59b8ba9a36c13e2c6bb6bdf984b25d1bb2d201d1fc70290c4ec917b543b5d25ade3022f9cd6a7925b867a4f15d8d568c5fe8231f7d1e93624c92d9ee052923b59823829cb93c8128da20f8271e49364b51fd1920b50091bb328216421f07e70cd20da824e81cc5f1b809ca5945b155c84accacd5de6cb8273617e4cdb154542f18944868a36651fe3eef3052b6688c3f1e7710d8c56dc6a02f8ca468c8109f3001bdeb19447153b213457541de268257ed38b84d1aa61a65563bc96600ea152e8fd6aa3dd53e4ee99a6f31a1a80d1330eeed62a0dfad2df16e328357eb45b26611a2655344cdaa39a65e87121cac9bcdf1e543190c94b24ef3b16f1d6ffe6177bd9587fc73db06fc8880e7ea6385cdb54299cb2b3d0735265f102ee57b91d92ed20972ace56663bc36fd977b63cf4e1020225d0bc5067624cae0b96b918855e6915763066ba6d995ee8b78b1c1789f98399ae7047f1b9614556d4a051511c0b6793ec54064ecdd804f75f74a51a3a5b4fa450484de912da98a8b7a1d56ebe1b9dabc9da96c55954f631e6b3ac838ccb89718ee5006a9e932beea9c61b6ff861bbe5acb1c5c33dcc26fa28277d42013ac64491cc2837ee9b6fe970c869a17ecc6c5d5286dcccb137ebc98d79af05901c0f0f344a3baa0d2af9a0f50c70246ce6d9d00782f7440494d9c540de40ac4cfea436c4d660a22e4dd31ad8e4e5224fb0e04b76e02b75565a4baa55b130f1476eb211bafede1b0d39f4add70061481a146f6414427b4195f449e16479770dfec47058ee03bd727ca6da2686050ba78122d5fe772c738613009c1827271fda60827083e18ed0dfb9c81d8ca163477ddb7e940f4252dd5bd37f1cb1366cec7722d83887b10b1c08df92c49673b4b00240e83f52d3ec1ef57b6e6113f8cc79abd7831920ddc0ac80fc7d1e23cfc7053fbfe54dc29b5979c87d2c363b711aabaed3ae818d77b702cedff1f4485e4917fbb2cf5ba1c6e04ef5970a1b0b8f05247ffd0279372ab06ca74f25996916698ef54882a55395bf80a0c9f118eca52172f8e85dce4bdd93d8d4ae078da30ccd604a9f4c1a83e8591e76de4f812b6ff5c64e48cd846ccf478a8d1bacbe0740b6c0d143306b1cb59752c30aa6dfe7c8f280337b2902468e213c4e21abd87117e32ed2335fdf97ad23509716160bc397a8d0d5646041293008f5beaa033cb20afd2705f2dc5cc903a9cb814f81512c0b489ca4592fa830c1f62250ae39711fa08e250a0a10f8d0b17f628344a2019e0d29f0a5e442ea65238f3d8557c71d6da9b2e4fe0a40999050437b1a1a5b66d5afebde8f38437efc32e34a322ac2830adbc36cc8b93a416de27e06d0a6e4e954bd046452560273abe914c961d02fb2d3ac6573e29a9bae4211c176c6fc45567f1dc2ed1bc1d1f33339962a1f34f4e0c2b3c0906b59a4437afca35716a1d501b5ca891061856690ab4f11900d114d39f1f3d996451bb52ad7f2ab143bc407754c80f0bc50ee533fa066f0415fed0447d5f438", 0x1000}], 0x100000000000016e) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) socket$nl_generic(0x10, 0x3, 0x10) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000040)=0x7) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) ioctl$KVM_NMI(r6, 0xae9a) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, &(0x7f0000000140)=@x86={0x3, 0x8, 0x6, 0x0, 0x0, 0x5, 0x9, 0xfe, 0x1, 0x12, 0xfe, 0x0, 0x0, 0x4, 0xa, 0x0, 0xfe, 0x9, 0x3, '\x00', 0x4, 0x8000000000002}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c00000006000000040000000000000e0400000000000000000000000100000d0000000004000000040000000000000000000010040000000000000000001309030000000000000061008144064bb00b4aee42d13cd4e26b400524c6ba471647e0b7a23d461a9a"], 0x0, 0x5a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) munlockall() 0s ago: executing program 4 (id=217): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000003600)=[{{&(0x7f0000000300)={0xa, 0x4e21, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7}, 0x1c, &(0x7f0000000cc0)=[{&(0x7f00000000c0)='O', 0x1}], 0x1}}, {{&(0x7f0000000340)={0xa, 0x4e21, 0xab7, @private2, 0x7}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000002440)=']', 0x1}], 0x1}}], 0x2, 0x0) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000080)={0x0, 0x81, 0x100, 0x8, 0xfff, 0xeb}, 0x14) syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201060005d0d3087d07aa04d85b0102030109021b000f000000000904000001dbcc7a000905777f"], 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.163' (ED25519) to the list of known hosts. [ 90.107721][ T5810] cgroup: Unknown subsys name 'net' [ 90.237286][ T5810] cgroup: Unknown subsys name 'cpuset' [ 90.246527][ T5810] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 91.943024][ T5810] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 96.063961][ T5829] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 96.072316][ T5829] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 96.080499][ T5829] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 96.088880][ T5829] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 96.096787][ T5829] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 96.135531][ T5142] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 96.146456][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 96.154317][ T5837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 96.162086][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 96.170304][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 96.178746][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 96.207738][ T5834] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 96.215743][ T5834] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 96.231545][ T5834] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 96.239325][ T5834] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 96.292458][ T5829] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 96.301230][ T5837] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 96.311936][ T5837] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 96.319680][ T5829] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 96.327248][ T5837] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 96.334867][ T5829] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 96.343184][ T5829] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 96.351095][ T5829] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 96.358898][ T5837] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 96.374437][ T5829] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 96.769430][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 97.074297][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 97.098116][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 97.146547][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.154713][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.162120][ T5826] bridge_slave_0: entered allmulticast mode [ 97.170062][ T5826] bridge_slave_0: entered promiscuous mode [ 97.186845][ T24] cfg80211: failed to load regulatory.db [ 97.232769][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 97.246554][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.254030][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.261249][ T5826] bridge_slave_1: entered allmulticast mode [ 97.268817][ T5826] bridge_slave_1: entered promiscuous mode [ 97.316653][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.384467][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.438466][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 97.467997][ T5826] team0: Port device team_slave_0 added [ 97.482407][ T5826] team0: Port device team_slave_1 added [ 97.621183][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.628517][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.636165][ T5833] bridge_slave_0: entered allmulticast mode [ 97.643729][ T5833] bridge_slave_0: entered promiscuous mode [ 97.651367][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.658612][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.666414][ T5830] bridge_slave_0: entered allmulticast mode [ 97.673866][ T5830] bridge_slave_0: entered promiscuous mode [ 97.681879][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.689152][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.715118][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.728519][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.735574][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.761808][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.798927][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.806354][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.813686][ T5833] bridge_slave_1: entered allmulticast mode [ 97.820990][ T5833] bridge_slave_1: entered promiscuous mode [ 97.828146][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.835389][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.842538][ T5830] bridge_slave_1: entered allmulticast mode [ 97.850914][ T5830] bridge_slave_1: entered promiscuous mode [ 97.885118][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.892376][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.899840][ T5839] bridge_slave_0: entered allmulticast mode [ 97.911533][ T5839] bridge_slave_0: entered promiscuous mode [ 97.972511][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.982271][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.989715][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.997056][ T5839] bridge_slave_1: entered allmulticast mode [ 98.005523][ T5839] bridge_slave_1: entered promiscuous mode [ 98.055670][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.094316][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.106443][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.156657][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.164459][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.171620][ T5840] bridge_slave_0: entered allmulticast mode [ 98.180579][ T5840] bridge_slave_0: entered promiscuous mode [ 98.207059][ T5826] hsr_slave_0: entered promiscuous mode [ 98.213984][ T5829] Bluetooth: hci0: command tx timeout [ 98.218477][ T5826] hsr_slave_1: entered promiscuous mode [ 98.243929][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.255082][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.262239][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.269595][ T5840] bridge_slave_1: entered allmulticast mode [ 98.277726][ T5840] bridge_slave_1: entered promiscuous mode [ 98.293593][ T5829] Bluetooth: hci1: command tx timeout [ 98.303383][ T5829] Bluetooth: hci2: command tx timeout [ 98.305596][ T5833] team0: Port device team_slave_0 added [ 98.319169][ T5830] team0: Port device team_slave_0 added [ 98.327824][ T5830] team0: Port device team_slave_1 added [ 98.337172][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.389240][ T5833] team0: Port device team_slave_1 added [ 98.453979][ T5829] Bluetooth: hci4: command tx timeout [ 98.453986][ T5142] Bluetooth: hci3: command tx timeout [ 98.476553][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.484150][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.510723][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.539049][ T5839] team0: Port device team_slave_0 added [ 98.550102][ T5839] team0: Port device team_slave_1 added [ 98.558627][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.581069][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.588494][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.614490][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.626536][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.633988][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.659929][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.685464][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.724519][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.731507][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.757654][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.801854][ T5840] team0: Port device team_slave_0 added [ 98.823682][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.830657][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.858366][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.871672][ T5840] team0: Port device team_slave_1 added [ 98.915715][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.922690][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.953743][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.034160][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.041153][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.067757][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.082684][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.089773][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.116151][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.158797][ T5833] hsr_slave_0: entered promiscuous mode [ 99.165588][ T5833] hsr_slave_1: entered promiscuous mode [ 99.171726][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.179800][ T5833] Cannot create hsr debugfs directory [ 99.240791][ T5830] hsr_slave_0: entered promiscuous mode [ 99.247587][ T5830] hsr_slave_1: entered promiscuous mode [ 99.254732][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.262317][ T5830] Cannot create hsr debugfs directory [ 99.309119][ T5839] hsr_slave_0: entered promiscuous mode [ 99.316281][ T5839] hsr_slave_1: entered promiscuous mode [ 99.322446][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.330440][ T5839] Cannot create hsr debugfs directory [ 99.458310][ T5840] hsr_slave_0: entered promiscuous mode [ 99.465748][ T5840] hsr_slave_1: entered promiscuous mode [ 99.471964][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.481037][ T5840] Cannot create hsr debugfs directory [ 99.665145][ T5826] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 99.704444][ T5826] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 99.769552][ T5826] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 99.807212][ T5826] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 100.022484][ T5833] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 100.036369][ T5833] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 100.050994][ T5833] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 100.068960][ T5833] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 100.131925][ T5830] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 100.149353][ T5830] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 100.190371][ T5830] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 100.200889][ T5830] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 100.293434][ T5829] Bluetooth: hci0: command tx timeout [ 100.308918][ T5839] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 100.319364][ T5839] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 100.356180][ T5839] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 100.369184][ T5839] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 100.376570][ T5829] Bluetooth: hci2: command tx timeout [ 100.376582][ T5142] Bluetooth: hci1: command tx timeout [ 100.457324][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.482641][ T5840] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 100.495052][ T5840] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 100.534410][ T5829] Bluetooth: hci3: command tx timeout [ 100.539989][ T5142] Bluetooth: hci4: command tx timeout [ 100.540597][ T5840] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 100.557984][ T5840] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 100.631343][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.656627][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.669962][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.700888][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.708158][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.725476][ T2940] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.732623][ T2940] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.772016][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.791662][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.833804][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.840949][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.861359][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.881736][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.888925][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.918970][ T2940] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.926122][ T2940] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.941046][ T2940] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.948260][ T2940] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.040939][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.129446][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.136638][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.156200][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.185472][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.192658][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.260844][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.306855][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.314080][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.401037][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.408729][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.558995][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.771372][ T5826] veth0_vlan: entered promiscuous mode [ 101.862825][ T5826] veth1_vlan: entered promiscuous mode [ 101.903688][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.990577][ T5826] veth0_macvtap: entered promiscuous mode [ 102.061611][ T5826] veth1_macvtap: entered promiscuous mode [ 102.090219][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.138126][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.179484][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.192545][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.245549][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.272559][ T5826] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.282901][ T5826] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.294374][ T5826] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.303453][ T5826] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.374021][ T5142] Bluetooth: hci0: command tx timeout [ 102.454487][ T5142] Bluetooth: hci2: command tx timeout [ 102.459950][ T5142] Bluetooth: hci1: command tx timeout [ 102.467267][ T5833] veth0_vlan: entered promiscuous mode [ 102.522745][ T5839] veth0_vlan: entered promiscuous mode [ 102.542673][ T5840] veth0_vlan: entered promiscuous mode [ 102.561859][ T5833] veth1_vlan: entered promiscuous mode [ 102.595133][ T1165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.603634][ T1165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.614536][ T5829] Bluetooth: hci3: command tx timeout [ 102.620139][ T5142] Bluetooth: hci4: command tx timeout [ 102.629740][ T5839] veth1_vlan: entered promiscuous mode [ 102.640208][ T5840] veth1_vlan: entered promiscuous mode [ 102.700581][ T2994] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.712123][ T5833] veth0_macvtap: entered promiscuous mode [ 102.720697][ T2994] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.764265][ T5840] veth0_macvtap: entered promiscuous mode [ 102.777319][ T5833] veth1_macvtap: entered promiscuous mode [ 102.798597][ T5840] veth1_macvtap: entered promiscuous mode [ 102.828755][ T5826] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 102.866875][ T5839] veth0_macvtap: entered promiscuous mode [ 102.877788][ T5830] veth0_vlan: entered promiscuous mode [ 102.892042][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.907700][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.935585][ T5839] veth1_macvtap: entered promiscuous mode [ 102.967645][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.986899][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.011130][ T5830] veth1_vlan: entered promiscuous mode [ 103.021165][ T5840] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.031212][ T5840] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.040827][ T5840] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.049804][ T5840] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.062987][ T5833] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.073746][ T5833] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.082482][ T5833] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.101279][ T5833] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.171829][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.259825][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.271038][ T5839] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.280754][ T5839] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.289656][ T5839] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.299036][ T5839] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.288154][ T5830] veth0_macvtap: entered promiscuous mode [ 104.324433][ T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.332298][ T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.348410][ T5830] veth1_macvtap: entered promiscuous mode [ 104.401671][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.415428][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.426845][ T5830] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.436182][ T5830] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.445472][ T5830] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.456702][ T5830] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.479853][ T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.503286][ T5142] Bluetooth: hci0: command tx timeout [ 104.533576][ T5142] Bluetooth: hci1: command tx timeout [ 104.539039][ T5142] Bluetooth: hci2: command tx timeout [ 104.544771][ T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.592454][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.606428][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.696129][ T5142] Bluetooth: hci3: command tx timeout [ 104.701767][ T5829] Bluetooth: hci4: command tx timeout [ 105.285315][ T5916] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.298090][ T5916] bond0: (slave rose0): Enslaving as an active interface with an up link [ 105.373992][ T2994] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.402351][ T2994] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.476734][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.502736][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.486478][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.503486][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.603583][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.611575][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.796269][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.838882][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.751621][ T5934] overlayfs: failed to resolve './file0': -2 [ 109.440803][ T5961] netlink: 20 bytes leftover after parsing attributes in process `syz.1.9'. [ 112.538285][ T5977] netlink: 20 bytes leftover after parsing attributes in process `syz.1.12'. [ 113.873163][ T5970] lo speed is unknown, defaulting to 1000 [ 113.879254][ T5970] lo speed is unknown, defaulting to 1000 [ 115.131738][ T5984] batadv1: entered promiscuous mode [ 115.161094][ T5970] lo speed is unknown, defaulting to 1000 [ 115.232942][ T5970] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 115.251834][ T5970] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 115.311060][ T5970] lo speed is unknown, defaulting to 1000 [ 115.319351][ T5970] lo speed is unknown, defaulting to 1000 [ 115.330062][ T5970] lo speed is unknown, defaulting to 1000 [ 115.338006][ T5970] lo speed is unknown, defaulting to 1000 [ 115.345981][ T5970] lo speed is unknown, defaulting to 1000 [ 115.706017][ T5995] siw: device registration error -23 [ 116.782529][ T6000] netlink: 'syz.3.18': attribute type 1 has an invalid length. [ 117.108757][ T5994] siw: device registration error -23 [ 117.116467][ T6000] netlink: 228 bytes leftover after parsing attributes in process `syz.3.18'. [ 118.294496][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 118.304955][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 118.373351][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 118.382077][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 118.390655][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 118.399696][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 118.487963][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 119.283627][ T6025] siw: device registration error -23 [ 124.768555][ T6059] overlayfs: missing 'workdir' [ 125.210116][ T6061] siw: device registration error -23 [ 127.322832][ T6068] batadv1: entered promiscuous mode [ 129.158962][ T6092] siw: device registration error -23 [ 131.343958][ T6104] mmap: syz.4.38 (6104) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 131.366163][ T6112] siw: device registration error -23 [ 131.412955][ T6104] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 131.458268][ T6104] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 132.885338][ T6131] netlink: 'syz.3.42': attribute type 1 has an invalid length. [ 132.903327][ T6131] netlink: 228 bytes leftover after parsing attributes in process `syz.3.42'. [ 133.033937][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 133.043909][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 133.054781][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 133.745520][ T6136] siw: device registration error -23 [ 135.958186][ T6150] overlayfs: failed to resolve './file1': -2 [ 136.903018][ T6170] overlayfs: failed to resolve './file0': -2 [ 136.909798][ T6171] overlayfs: failed to resolve './file0': -2 [ 137.223888][ T6172] overlayfs: missing 'lowerdir' [ 138.141383][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.154874][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 139.870910][ T6190] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 140.836224][ T6206] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 140.933545][ T6207] netlink: 'syz.2.57': attribute type 1 has an invalid length. [ 141.003446][ T6206] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 141.217136][ T6207] netlink: 228 bytes leftover after parsing attributes in process `syz.2.57'. [ 144.593606][ T6232] siw: device registration error -23 [ 146.252306][ T6241] batadv1: entered promiscuous mode [ 147.207680][ T6252] batadv1: entered promiscuous mode [ 147.216518][ T6252] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 149.119659][ T6256] overlayfs: missing 'lowerdir' [ 157.251194][ T6306] batadv1: entered promiscuous mode [ 158.422953][ T6322] overlayfs: failed to resolve './file1': -2 [ 159.341703][ T6331] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 159.350560][ T6331] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 159.412168][ T5142] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 159.446452][ T5142] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 159.455095][ T5142] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 159.476102][ T5142] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 159.490905][ T5142] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 159.820687][ T6329] batadv1: entered promiscuous mode [ 160.858988][ T989] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.002156][ T6327] lo speed is unknown, defaulting to 1000 [ 161.574492][ T5829] Bluetooth: hci2: command tx timeout [ 161.896751][ T6355] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 161.905723][ T6355] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 161.948580][ T989] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.841793][ T6348] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 162.921886][ T989] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.703277][ T5829] Bluetooth: hci2: command tx timeout [ 163.750190][ T6369] overlayfs: failed to resolve './file1': -2 [ 164.015685][ T989] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.009562][ T5829] Bluetooth: hci2: command tx timeout [ 166.621711][ T6383] siw: device registration error -23 [ 168.398548][ T5829] Bluetooth: hci2: command tx timeout [ 168.440434][ T6396] batadv1: entered promiscuous mode [ 170.197580][ T6327] chnl_net:caif_netlink_parms(): no params data found [ 170.714014][ T6406] batadv2: entered promiscuous mode [ 170.725697][ T6406] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 172.333644][ T989] bridge_slave_1: left allmulticast mode [ 172.339475][ T989] bridge_slave_1: left promiscuous mode [ 172.537382][ T989] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.741219][ T989] bridge_slave_0: left allmulticast mode [ 173.459537][ T989] bridge_slave_0: left promiscuous mode [ 173.465731][ T989] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.457990][ T6444] netlink: 8 bytes leftover after parsing attributes in process `syz.0.106'. [ 177.467046][ T6444] netlink: 8 bytes leftover after parsing attributes in process `syz.0.106'. [ 177.562208][ T6445] siw: device registration error -23 [ 178.103659][ T989] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 178.117437][ T989] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 178.135402][ T989] bond0 (unregistering): Released all slaves [ 178.646666][ T6415] batadv3: entered promiscuous mode [ 178.864460][ T6421] batadv1: entered promiscuous mode [ 179.304814][ T6459] FAULT_INJECTION: forcing a failure. [ 179.304814][ T6459] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 179.348795][ T6459] CPU: 0 UID: 0 PID: 6459 Comm: syz.3.109 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 179.348824][ T6459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 179.348841][ T6459] Call Trace: [ 179.348853][ T6459] [ 179.348863][ T6459] dump_stack_lvl+0x189/0x250 [ 179.348910][ T6459] ? __pfx____ratelimit+0x10/0x10 [ 179.348932][ T6459] ? __pfx_dump_stack_lvl+0x10/0x10 [ 179.348963][ T6459] ? __pfx__printk+0x10/0x10 [ 179.348996][ T6459] should_fail_ex+0x414/0x560 [ 179.349023][ T6459] _copy_to_user+0x31/0xb0 [ 179.349054][ T6459] simple_read_from_buffer+0xe1/0x170 [ 179.349088][ T6459] proc_fail_nth_read+0x1df/0x250 [ 179.349114][ T6459] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 179.349139][ T6459] ? rw_verify_area+0x258/0x650 [ 179.349166][ T6459] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 179.349190][ T6459] vfs_read+0x1fd/0x980 [ 179.349222][ T6459] ? __pfx___mutex_lock+0x10/0x10 [ 179.349246][ T6459] ? __pfx_vfs_read+0x10/0x10 [ 179.349274][ T6459] ? __fget_files+0x2a/0x420 [ 179.349297][ T6459] ? __fget_files+0x3a0/0x420 [ 179.349314][ T6459] ? __fget_files+0x2a/0x420 [ 179.349342][ T6459] ksys_read+0x145/0x250 [ 179.349372][ T6459] ? __pfx_ksys_read+0x10/0x10 [ 179.349405][ T6459] ? do_syscall_64+0xbe/0x3b0 [ 179.349432][ T6459] do_syscall_64+0xfa/0x3b0 [ 179.349452][ T6459] ? lockdep_hardirqs_on+0x9c/0x150 [ 179.349473][ T6459] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.349493][ T6459] ? clear_bhb_loop+0x60/0xb0 [ 179.349518][ T6459] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.349538][ T6459] RIP: 0033:0x7fb58fb8d37c [ 179.349562][ T6459] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 179.349580][ T6459] RSP: 002b:00007fb5909a4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 179.349605][ T6459] RAX: ffffffffffffffda RBX: 00007fb58fdb5fa0 RCX: 00007fb58fb8d37c [ 179.349621][ T6459] RDX: 000000000000000f RSI: 00007fb5909a40a0 RDI: 0000000000000003 [ 179.349634][ T6459] RBP: 00007fb5909a4090 R08: 0000000000000000 R09: 0000000000000000 [ 179.349646][ T6459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 179.349658][ T6459] R13: 0000000000000001 R14: 00007fb58fdb5fa0 R15: 00007ffe8bc7e9e8 [ 179.349690][ T6459] [ 179.632377][ T6327] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.683350][ T6327] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.690643][ T6327] bridge_slave_0: entered allmulticast mode [ 179.742221][ T6327] bridge_slave_0: entered promiscuous mode [ 180.454796][ T6480] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 180.463795][ T6480] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 180.654559][ T6483] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 180.663662][ T6483] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 181.453331][ T6327] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.473820][ T6327] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.733696][ T6327] bridge_slave_1: entered allmulticast mode [ 181.752302][ T6327] bridge_slave_1: entered promiscuous mode [ 182.669292][ T6496] overlayfs: missing 'lowerdir' [ 184.580656][ T989] hsr_slave_0: left promiscuous mode [ 184.589817][ T989] hsr_slave_1: left promiscuous mode [ 184.601202][ T989] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 184.608807][ T989] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 184.625109][ T989] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 184.643631][ T989] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 185.275087][ T6511] FAULT_INJECTION: forcing a failure. [ 185.275087][ T6511] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 185.297301][ T6511] CPU: 1 UID: 0 PID: 6511 Comm: syz.0.120 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 185.297330][ T6511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 185.297341][ T6511] Call Trace: [ 185.297348][ T6511] [ 185.297357][ T6511] dump_stack_lvl+0x189/0x250 [ 185.297392][ T6511] ? __pfx____ratelimit+0x10/0x10 [ 185.297414][ T6511] ? __pfx_dump_stack_lvl+0x10/0x10 [ 185.297443][ T6511] ? __pfx__printk+0x10/0x10 [ 185.297464][ T6511] ? __might_fault+0xb0/0x130 [ 185.297507][ T6511] should_fail_ex+0x414/0x560 [ 185.297534][ T6511] _copy_from_user+0x2d/0xb0 [ 185.297564][ T6511] get_nodes+0x29c/0x390 [ 185.297588][ T6511] ? __pfx_get_nodes+0x10/0x10 [ 185.297611][ T6511] ? ksys_write+0x1cb/0x250 [ 185.297643][ T6511] __se_sys_mbind+0x18d/0xc30 [ 185.297677][ T6511] ? __pfx_vfs_write+0x10/0x10 [ 185.297705][ T6511] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 185.297728][ T6511] ? __pfx___se_sys_mbind+0x10/0x10 [ 185.297755][ T6511] ? __fget_files+0x3a0/0x420 [ 185.297778][ T6511] ? fput+0xa0/0xd0 [ 185.297797][ T6511] ? ksys_write+0x22a/0x250 [ 185.297834][ T6511] ? __x64_sys_mbind+0x21/0xf0 [ 185.297863][ T6511] do_syscall_64+0xfa/0x3b0 [ 185.297883][ T6511] ? lockdep_hardirqs_on+0x9c/0x150 [ 185.297902][ T6511] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.297921][ T6511] ? clear_bhb_loop+0x60/0xb0 [ 185.297945][ T6511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.297963][ T6511] RIP: 0033:0x7f0fdfb8e969 [ 185.297997][ T6511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 185.298014][ T6511] RSP: 002b:00007f0fdd9f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 185.298036][ T6511] RAX: ffffffffffffffda RBX: 00007f0fdfdb5fa0 RCX: 00007f0fdfb8e969 [ 185.298052][ T6511] RDX: 0000000000004002 RSI: 0000000000002000 RDI: 0000200000ffc000 [ 185.298065][ T6511] RBP: 00007f0fdd9f6090 R08: 0000000000000003 R09: 0000000000000000 [ 185.298077][ T6511] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 185.298089][ T6511] R13: 0000000000000001 R14: 00007f0fdfdb5fa0 R15: 00007ffc5f05dfc8 [ 185.298119][ T6511] [ 185.539528][ T989] veth1_macvtap: left promiscuous mode [ 185.545701][ T989] veth0_macvtap: left promiscuous mode [ 185.551414][ T989] veth1_vlan: left promiscuous mode [ 185.556920][ T989] veth0_vlan: left promiscuous mode [ 186.535783][ T6520] overlayfs: missing 'lowerdir' [ 187.454012][ T989] team0 (unregistering): Port device team_slave_1 removed [ 187.492640][ T989] team0 (unregistering): Port device team_slave_0 removed [ 187.799261][ T6327] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 187.851112][ T6506] batadv1: entered promiscuous mode [ 187.876223][ T6518] batadv1: entered promiscuous mode [ 187.967645][ T6327] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 189.034970][ T6535] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 189.043905][ T6535] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 189.944197][ T6327] team0: Port device team_slave_0 added [ 190.359354][ T6327] team0: Port device team_slave_1 added [ 192.912946][ T6553] batadv3: entered promiscuous mode [ 193.325507][ T6327] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 193.369887][ T6564] overlayfs: failed to resolve './file1': -2 [ 193.496843][ T6327] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 193.523713][ T6327] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 193.536461][ T6327] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 193.543458][ T6327] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 193.569925][ T6327] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 193.647293][ T6572] FAULT_INJECTION: forcing a failure. [ 193.647293][ T6572] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 193.703479][ T6572] CPU: 0 UID: 0 PID: 6572 Comm: syz.2.135 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 193.703512][ T6572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 193.703524][ T6572] Call Trace: [ 193.703533][ T6572] [ 193.703542][ T6572] dump_stack_lvl+0x189/0x250 [ 193.703578][ T6572] ? __pfx____ratelimit+0x10/0x10 [ 193.703619][ T6572] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.703650][ T6572] ? __pfx__printk+0x10/0x10 [ 193.703687][ T6572] ? __might_fault+0xb0/0x130 [ 193.703730][ T6572] should_fail_ex+0x414/0x560 [ 193.703758][ T6572] _copy_from_user+0x2d/0xb0 [ 193.703789][ T6572] ___sys_sendmsg+0x158/0x2a0 [ 193.703823][ T6572] ? __pfx____sys_sendmsg+0x10/0x10 [ 193.703891][ T6572] ? __fget_files+0x2a/0x420 [ 193.703910][ T6572] ? __fget_files+0x3a0/0x420 [ 193.703939][ T6572] __x64_sys_sendmsg+0x19b/0x260 [ 193.703973][ T6572] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 193.704014][ T6572] ? __pfx_ksys_write+0x10/0x10 [ 193.704041][ T6572] ? rcu_is_watching+0x15/0xb0 [ 193.704071][ T6572] ? do_syscall_64+0xbe/0x3b0 [ 193.704098][ T6572] do_syscall_64+0xfa/0x3b0 [ 193.704119][ T6572] ? lockdep_hardirqs_on+0x9c/0x150 [ 193.704139][ T6572] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.704160][ T6572] ? clear_bhb_loop+0x60/0xb0 [ 193.704191][ T6572] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.704223][ T6572] RIP: 0033:0x7fc13ab8e969 [ 193.704240][ T6572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.704256][ T6572] RSP: 002b:00007fc13bad6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 193.704277][ T6572] RAX: ffffffffffffffda RBX: 00007fc13adb5fa0 RCX: 00007fc13ab8e969 [ 193.704291][ T6572] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 193.704303][ T6572] RBP: 00007fc13bad6090 R08: 0000000000000000 R09: 0000000000000000 [ 193.704315][ T6572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 193.704326][ T6572] R13: 0000000000000000 R14: 00007fc13adb5fa0 R15: 00007ffda74d8158 [ 193.704356][ T6572] [ 194.081556][ T6575] overlayfs: missing 'lowerdir' [ 194.964767][ T6327] hsr_slave_0: entered promiscuous mode [ 194.981956][ T6327] hsr_slave_1: entered promiscuous mode [ 195.013020][ T6591] siw: device registration error -23 [ 195.287582][ T6327] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 195.322474][ T6327] Cannot create hsr debugfs directory [ 196.022032][ T6605] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 196.031169][ T6605] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 196.643803][ T5901] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 196.853129][ T5901] usb 3-1: Using ep0 maxpacket: 32 [ 196.882269][ T5901] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 196.932562][ T5901] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 196.970909][ T5901] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 196.990384][ T5901] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 197.004307][ T6586] batadv1: entered promiscuous mode [ 197.019291][ T5901] usb 3-1: Product: syz [ 197.029497][ T5901] usb 3-1: Manufacturer: syz [ 197.218620][ T5901] hub 3-1:4.0: USB hub found [ 197.406986][ T5901] hub 3-1:4.0: 3 ports detected [ 197.427963][ T6327] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 197.472328][ T6327] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 197.703516][ T6327] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 197.721033][ T6327] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 198.552908][ T5901] hub 3-1:4.0: hub_hub_status failed (err = -71) [ 198.559982][ T5901] hub 3-1:4.0: config failed, can't get hub status (err -71) [ 198.609667][ T5901] usb 3-1: USB disconnect, device number 2 [ 199.651607][ T6327] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.705159][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.711485][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.778253][ T6327] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.869216][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.876479][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 200.004251][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.011470][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.794488][ T6657] ======================================================= [ 202.794488][ T6657] WARNING: The mand mount option has been deprecated and [ 202.794488][ T6657] and is ignored by this kernel. Remove the mand [ 202.794488][ T6657] option from the mount to silence this warning. [ 202.794488][ T6657] ======================================================= [ 202.945248][ T5901] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 203.141462][ T5901] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 203.205186][ T5901] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 203.268870][ T5901] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 203.343810][ T5901] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 203.435571][ T6667] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 203.444617][ T6667] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 204.034170][ T5901] usb 4-1: config 0 descriptor?? [ 204.534417][ T6676] batadv1: entered promiscuous mode [ 204.871598][ T30] audit: type=1326 audit(1748563107.343:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6651 comm="syz.3.149" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb58fb8e969 code=0x0 [ 204.892474][ C0] vkms_vblank_simulate: vblank timer overrun [ 205.047979][ T6680] FAULT_INJECTION: forcing a failure. [ 205.047979][ T6680] name failslab, interval 1, probability 0, space 0, times 1 [ 205.072299][ T6680] CPU: 1 UID: 0 PID: 6680 Comm: syz.2.154 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 205.072327][ T6680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 205.072339][ T6680] Call Trace: [ 205.072347][ T6680] [ 205.072355][ T6680] dump_stack_lvl+0x189/0x250 [ 205.072389][ T6680] ? __pfx____ratelimit+0x10/0x10 [ 205.072409][ T6680] ? __pfx_dump_stack_lvl+0x10/0x10 [ 205.072438][ T6680] ? __pfx__printk+0x10/0x10 [ 205.072462][ T6680] ? __pfx___might_resched+0x10/0x10 [ 205.072485][ T6680] ? fs_reclaim_acquire+0x7d/0x100 [ 205.072510][ T6680] should_fail_ex+0x414/0x560 [ 205.072535][ T6680] should_failslab+0xa8/0x100 [ 205.072567][ T6680] kmem_cache_alloc_noprof+0x73/0x3c0 [ 205.072595][ T6680] ? getname_flags+0xb8/0x540 [ 205.072617][ T6680] getname_flags+0xb8/0x540 [ 205.072640][ T6680] __se_sys_acct+0x3d/0x800 [ 205.072675][ T6680] do_syscall_64+0xfa/0x3b0 [ 205.072696][ T6680] ? lockdep_hardirqs_on+0x9c/0x150 [ 205.072715][ T6680] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.072734][ T6680] ? clear_bhb_loop+0x60/0xb0 [ 205.072757][ T6680] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.072776][ T6680] RIP: 0033:0x7fc13ab8e969 [ 205.072792][ T6680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.072808][ T6680] RSP: 002b:00007fc13bad6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 [ 205.072832][ T6680] RAX: ffffffffffffffda RBX: 00007fc13adb5fa0 RCX: 00007fc13ab8e969 [ 205.072846][ T6680] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000040 [ 205.072858][ T6680] RBP: 00007fc13bad6090 R08: 0000000000000000 R09: 0000000000000000 [ 205.072870][ T6680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 205.072881][ T6680] R13: 0000000000000000 R14: 00007fc13adb5fa0 R15: 00007ffda74d8158 [ 205.072909][ T6680] [ 205.286889][ T6327] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 206.324202][ T5901] usbhid 4-1:0.0: can't add hid device: -71 [ 206.370135][ T5901] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 206.481729][ T5901] usb 4-1: USB disconnect, device number 2 [ 207.046388][ T6713] ieee802154 phy0 wpan0: encryption failed: -22 [ 207.088434][ T6327] veth0_vlan: entered promiscuous mode [ 207.139269][ T6327] veth1_vlan: entered promiscuous mode [ 207.255969][ T6327] veth0_macvtap: entered promiscuous mode [ 207.278418][ T6327] veth1_macvtap: entered promiscuous mode [ 207.303321][ T6327] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 207.333396][ T43] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 207.502344][ T6327] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 207.519275][ T6327] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 207.566180][ T6327] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 207.611356][ T6327] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 207.643434][ T6327] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 208.672935][ T43] usb 1-1: config 48 has an invalid interface number: 4 but max is 0 [ 208.715190][ T43] usb 1-1: config 48 has an invalid descriptor of length 0, skipping remainder of the config [ 208.915984][ T6732] batadv1: entered promiscuous mode [ 209.522103][ T43] usb 1-1: config 48 has no interface number 0 [ 209.543143][ T43] usb 1-1: config 48 interface 4 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 10 [ 209.573576][ T43] usb 1-1: config 48 interface 4 has no altsetting 0 [ 209.589714][ T43] usb 1-1: New USB device found, idVendor=1235, idProduct=0001, bcdDevice= b.d4 [ 209.613202][ T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.621239][ T43] usb 1-1: Product: syz [ 209.633252][ T43] usb 1-1: Manufacturer: syz [ 209.638218][ T43] usb 1-1: SerialNumber: syz [ 209.663276][ T6189] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 209.710726][ T6189] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 209.783246][ T1210] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 209.812137][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 209.836290][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 209.889219][ T43] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 209.985307][ T1210] usb 3-1: config 0 interface 0 has no altsetting 0 [ 210.000478][ T1210] usb 3-1: New USB device found, idVendor=045e, idProduct=00f9, bcdDevice= 0.00 [ 210.041564][ T1210] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.051715][ T43] snd-usb-audio 1-1:48.4: probe with driver snd-usb-audio failed with error -2 [ 210.098554][ T43] usb 1-1: USB disconnect, device number 2 [ 210.154378][ T1210] usb 3-1: config 0 descriptor?? [ 210.349786][ T5835] udevd[5835]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:48.4/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 211.381015][ T1210] microsoft 0003:045E:00F9.0001: hidraw0: USB HID v0.02 Device [HID 045e:00f9] on usb-dummy_hcd.2-1/input0 [ 211.863409][ T1210] microsoft 0003:045E:00F9.0001: no inputs found [ 211.876819][ T1210] microsoft 0003:045E:00F9.0001: could not initialize ff, continuing anyway [ 211.904750][ T1210] usb 3-1: USB disconnect, device number 3 [ 213.648005][ T6759] fido_id[6759]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 214.580212][ T6776] fuse: Bad value for 'fd' [ 214.601964][ T6773] FAULT_INJECTION: forcing a failure. [ 214.601964][ T6773] name failslab, interval 1, probability 0, space 0, times 0 [ 214.683181][ T6773] CPU: 1 UID: 0 PID: 6773 Comm: syz.0.175 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 214.683213][ T6773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 214.683225][ T6773] Call Trace: [ 214.683234][ T6773] [ 214.683243][ T6773] dump_stack_lvl+0x189/0x250 [ 214.683280][ T6773] ? __pfx____ratelimit+0x10/0x10 [ 214.683301][ T6773] ? __pfx_dump_stack_lvl+0x10/0x10 [ 214.683332][ T6773] ? __pfx__printk+0x10/0x10 [ 214.683369][ T6773] ? __pfx___might_resched+0x10/0x10 [ 214.683390][ T6773] ? fs_reclaim_acquire+0x7d/0x100 [ 214.683416][ T6773] should_fail_ex+0x414/0x560 [ 214.683442][ T6773] should_failslab+0xa8/0x100 [ 214.683474][ T6773] kmem_cache_alloc_noprof+0x73/0x3c0 [ 214.683502][ T6773] ? getname_flags+0xb8/0x540 [ 214.683525][ T6773] getname_flags+0xb8/0x540 [ 214.683548][ T6773] do_sys_openat2+0xbc/0x1c0 [ 214.683573][ T6773] ? __pfx_do_sys_openat2+0x10/0x10 [ 214.683595][ T6773] ? ksys_write+0x22a/0x250 [ 214.683624][ T6773] ? __pfx_ksys_write+0x10/0x10 [ 214.683648][ T6773] ? rcu_is_watching+0x15/0xb0 [ 214.683675][ T6773] __x64_sys_openat+0x138/0x170 [ 214.683702][ T6773] do_syscall_64+0xfa/0x3b0 [ 214.683724][ T6773] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.683743][ T6773] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 214.683762][ T6773] ? clear_bhb_loop+0x60/0xb0 [ 214.683786][ T6773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.683804][ T6773] RIP: 0033:0x7f0fdfb8e969 [ 214.683822][ T6773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 214.683838][ T6773] RSP: 002b:00007f0fdd9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 214.683859][ T6773] RAX: ffffffffffffffda RBX: 00007f0fdfdb5fa0 RCX: 00007f0fdfb8e969 [ 214.683873][ T6773] RDX: 0000000000000000 RSI: 0000200000002180 RDI: ffffffffffffff9c [ 214.683887][ T6773] RBP: 00007f0fdd9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 214.683899][ T6773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 214.683910][ T6773] R13: 0000000000000000 R14: 00007f0fdfdb5fa0 R15: 00007ffc5f05dfc8 [ 214.683947][ T6773] [ 215.459200][ T6785] batadv1: entered promiscuous mode [ 215.617207][ T6786] capability: warning: `syz.5.176' uses deprecated v2 capabilities in a way that may be insecure [ 215.979095][ T6187] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 216.999905][ T6799] batadv1: entered promiscuous mode [ 217.709948][ T6804] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 217.788240][ T6808] overlayfs: failed to resolve './file1': -2 [ 218.441527][ T6827] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 220.164235][ T6837] 9pnet_fd: Insufficient options for proto=fd [ 220.188200][ T6844] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 221.068089][ T5811] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 221.395461][ T5877] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 221.664087][ T5877] usb 3-1: Using ep0 maxpacket: 16 [ 221.873556][ T5877] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 221.953889][ T5811] usb 5-1: Using ep0 maxpacket: 8 [ 221.968051][ T5811] usb 5-1: unable to get BOS descriptor or descriptor too short [ 222.113323][ T5877] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 222.154749][ T6838] Bluetooth: hci1: command 0x0406 tx timeout [ 222.160813][ T6838] Bluetooth: hci0: command 0x0406 tx timeout [ 222.172465][ T6838] Bluetooth: hci3: command 0x0406 tx timeout [ 222.177986][ T5811] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E [ 222.207017][ T5811] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 222.226537][ T6838] Bluetooth: hci4: command 0x0406 tx timeout [ 222.228443][ T5811] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 222.249713][ T5811] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1 [ 222.277095][ T5811] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 222.448143][ T5811] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88 [ 222.587602][ T5811] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 222.739563][ T5811] usb 5-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 222.827798][ T5877] usb 3-1: config 0 interface 0 has no altsetting 0 [ 222.853954][ T5877] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 222.893297][ T5811] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.901349][ T5811] usb 5-1: Product: syz [ 222.905923][ T5811] usb 5-1: Manufacturer: syz [ 222.910546][ T5811] usb 5-1: SerialNumber: syz [ 222.924651][ T5877] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.939313][ T5811] usb 5-1: config 0 descriptor?? [ 222.972369][ T6847] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 222.988876][ T5877] usb 3-1: config 0 descriptor?? [ 223.131471][ T5811] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 223.577393][ T6881] batadv1: entered promiscuous mode [ 225.807575][ T5877] usbhid 3-1:0.0: can't add hid device: -71 [ 225.824197][ T5877] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 226.514372][ T5877] usb 3-1: USB disconnect, device number 4 [ 226.563247][ T9] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 226.680433][ T5811] usb 5-1: USB disconnect, device number 2 [ 227.658300][ T6904] overlayfs: failed to resolve './file1': -2 [ 227.759012][ T5844] udevd[5844]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 228.113242][ T5877] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 228.326900][ T6919] batadv1: entered promiscuous mode [ 228.337346][ T6919] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 228.753863][ T6914] warning: `syz.3.205' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 229.163161][ T5877] usb 1-1: Using ep0 maxpacket: 32 [ 229.170240][ T5877] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 229.189618][ T5877] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 230.151535][ T6934] batadv2: entered promiscuous mode [ 230.169535][ T5877] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 230.178843][ T5877] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 230.189929][ T5877] usb 1-1: config 0 descriptor?? [ 230.653414][ T1165] batman_adv: batadv2: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 230.682459][ T5877] hub 1-1:0.0: USB hub found [ 230.704776][ T5877] hub 1-1:0.0: 1 port detected [ 231.078400][ T5877] hub 1-1:0.0: hub_hub_status failed (err = -71) [ 231.158898][ T6948] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 231.623559][ T5877] hub 1-1:0.0: config failed, can't get hub status (err -71) [ 231.692220][ T5877] usbhid 1-1:0.0: can't add hid device: -71 [ 231.714392][ T5877] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 231.853710][ T5877] usb 1-1: USB disconnect, device number 3 [ 232.425142][ T6965] FAULT_INJECTION: forcing a failure. [ 232.425142][ T6965] name failslab, interval 1, probability 0, space 0, times 0 [ 232.438131][ T6965] CPU: 1 UID: 0 PID: 6965 Comm: syz.2.215 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 232.438158][ T6965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 232.438171][ T6965] Call Trace: [ 232.438181][ T6965] [ 232.438191][ T6965] dump_stack_lvl+0x189/0x250 [ 232.438228][ T6965] ? __pfx____ratelimit+0x10/0x10 [ 232.438251][ T6965] ? __pfx_dump_stack_lvl+0x10/0x10 [ 232.438291][ T6965] ? __pfx__printk+0x10/0x10 [ 232.438319][ T6965] ? __pfx___might_resched+0x10/0x10 [ 232.438349][ T6965] should_fail_ex+0x414/0x560 [ 232.438377][ T6965] should_failslab+0xa8/0x100 [ 232.438412][ T6965] kmem_cache_alloc_noprof+0x73/0x3c0 [ 232.438443][ T6965] ? mas_alloc_nodes+0x2e9/0x8e0 [ 232.438468][ T6965] mas_alloc_nodes+0x2e9/0x8e0 [ 232.438498][ T6965] mas_preallocate+0x542/0x8b0 [ 232.438537][ T6965] ? __pfx_mas_preallocate+0x10/0x10 [ 232.438579][ T6965] ? __asan_memset+0x22/0x50 [ 232.438614][ T6965] commit_merge+0x1f1/0x6e0 [ 232.438638][ T6965] ? __vma_enter_locked+0x1f4/0x380 [ 232.438677][ T6965] ? __pfx_commit_merge+0x10/0x10 [ 232.438712][ T6965] ? vma_merge_existing_range+0xb8f/0x15b0 [ 232.438754][ T6965] vma_merge_existing_range+0x10b7/0x15b0 [ 232.438804][ T6965] vma_modify+0x76/0x460 [ 232.438839][ T6965] vma_modify_flags+0x1e8/0x230 [ 232.438868][ T6965] ? __pfx_vma_modify_flags+0x10/0x10 [ 232.438914][ T6965] mlock_fixup+0x22a/0x360 [ 232.438944][ T6965] apply_mlockall_flags+0x2f0/0x3c0 [ 232.438974][ T6965] ? __pfx_apply_mlockall_flags+0x10/0x10 [ 232.439009][ T6965] ? __pfx_down_write_killable+0x10/0x10 [ 232.439044][ T6965] __ia32_sys_munlockall+0x10a/0x220 [ 232.439072][ T6965] do_syscall_64+0xfa/0x3b0 [ 232.439096][ T6965] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.439115][ T6965] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 232.439135][ T6965] ? clear_bhb_loop+0x60/0xb0 [ 232.439158][ T6965] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.439178][ T6965] RIP: 0033:0x7fc13ab8e969 [ 232.439197][ T6965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 232.439214][ T6965] RSP: 002b:00007fc13ba94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000098 [ 232.439235][ T6965] RAX: ffffffffffffffda RBX: 00007fc13adb6160 RCX: 00007fc13ab8e969 [ 232.439250][ T6965] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 232.439262][ T6965] RBP: 00007fc13ba94090 R08: 0000000000000000 R09: 0000000000000000 [ 232.439275][ T6965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 232.439287][ T6965] R13: 0000000000000001 R14: 00007fc13adb6160 R15: 00007ffda74d8158 [ 232.439320][ T6965] [ 232.439398][ T6965] vmg ffffc90003a0fc40 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 232.712775][ T6965] vmg ffffc90003a0fc40 state: mm ffff888029a93f00 pgoff 200000000 [ 232.712775][ T6965] vmi ffffc90003a0fde0 [200000000000,200000800000) [ 232.712775][ T6965] prev ffff88807ab51280 middle ffff88807ab51280 next 0000000000000000 target 0000000000000000 [ 232.712775][ T6965] start 200000000000 end 200000800000 flags 8100077 [ 232.712775][ T6965] file 0000000000000000 anon_vma ffff888034b6fee0 policy 0000000000000000 [ 232.712775][ T6965] uffd_ctx 0000000000000000 [ 232.712775][ T6965] anon_name 0000000000000000 [ 232.712775][ T6965] state 0 [ 232.712775][ T6965] just_expand 0 [ 232.712775][ T6965] __adjust_middle_start 0 __adjust_next_start 0 [ 232.712775][ T6965] __remove_middle 0 __remove_next 0 [ 232.778247][ T6965] vmg ffffc90003a0fc40 mm: [ 232.783022][ T6965] mm ffff888029a93f00 task_size 140737488351232 [ 232.783022][ T6965] mmap_base 140467906670592 mmap_legacy_base 47164888498176 [ 232.783022][ T6965] pgd ffff888061d7a000 mm_users 4 mm_count 1 pgtables_bytes 131072 map_count 36 [ 232.783022][ T6965] hiwater_rss 14ed hiwater_vm 5f8c total_vm 5fef locked_vm 800 [ 232.783022][ T6965] pinned_vm 0 data_vm 23fb exec_vm 1a4 stack_vm 21 [ 232.783022][ T6965] start_code 7fc13aa49000 end_code 7fc13abeadf9 start_data 7fc13ad90000 end_data 7fc13ad90000 [ 232.783022][ T6965] start_brk 555579564000 brk 555579598000 start_stack 7ffda74d89c0 [ 232.783022][ T6965] arg_start 7ffda74d9f6d arg_end 7ffda74d9f81 env_start 7ffda74d9f81 env_end 7ffda74d9fe9 [ 232.783022][ T6965] binfmt ffffffff8e2b2d40 flags 800007fd [ 232.783022][ T6965] ioctx_table 0000000000000000 [ 232.783022][ T6965] owner ffff888020fb1e00 exe_file ffff88802d690fc0 [ 232.783022][ T6965] notifier_subscriptions 0000000000000000 [ 232.783022][ T6965] numa_next_scan 4294960378 numa_scan_offset 0 numa_scan_seq 0 [ 232.783022][ T6965] tlb_flush_pending 0 [ 232.783022][ T6965] def_flags: 0x0() [ 232.884281][ T6965] vmg ffffc90003a0fc40 prev: [ 232.888998][ T6965] vma ffff88807ab51280 start 0000200000000000 end 0000200000800000 mm ffff888029a93f00 [ 232.888998][ T6965] prot 25 anon_vma ffff888034b6fee0 vm_ops 0000000000000000 [ 232.888998][ T6965] pgoff 200000000 file 0000000000000000 private_data 0000000000000000 [ 232.888998][ T6965] refcnt 1 [ 232.888998][ T6965] flags: 0x8102077(read|write|exec|mayread|maywrite|mayexec|locked|account|softdirty) [ 232.926518][ T6965] vmg ffffc90003a0fc40 middle: [ 232.931375][ T6965] vma ffff88807ab51280 start 0000200000000000 end 0000200000800000 mm ffff888029a93f00 [ 232.931375][ T6965] prot 25 anon_vma ffff888034b6fee0 vm_ops 0000000000000000 [ 232.931375][ T6965] pgoff 200000000 file 0000000000000000 private_data 0000000000000000 [ 232.931375][ T6965] refcnt 1 [ 232.931375][ T6965] flags: 0x8102077(read|write|exec|mayread|maywrite|mayexec|locked|account|softdirty) [ 232.968688][ T6965] vmg ffffc90003a0fc40 next: (NULL) [ 232.974021][ T6965] vmg ffffc90003a0fc40 vmi: [ 232.978601][ T6965] MAS: tree=ffff888029a93f40 enode=ffff8880119eb00c [ 232.978709][ T6965] (ma_active) [ 232.985692][ T6965] Store Type: [ 232.989218][ T6965] node_store [ 232.995889][ T6965] [6/10] index=200000000000 last=2000007fffff [ 233.002040][ T6965] min=0 max=555579585fff alloc=0000000000000000, depth=1, flags=0 [ 233.010419][ T6965] maple_tree(ffff888029a93f40) flags 30B, height 2 root ffff8880119ea41e [ 233.018974][ T6965] 0-ffffffffffffffff: node ffff8880119ea400 depth 0 type 3 parent ffff888029a93f41 contents: 355578563000 2a6bbf45f000 186000 ffff800258b26000 0 0 0 0 0 0 | 03 03| ffff8880119eb00c 555579585FFF ffff888033a20a0c 7FC13A9FFFFF ffff888075db9e0c 7FC13BA95FFF ffff8880119eba0c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 233.057325][ T6965] 0-555579585fff: node ffff8880119eb000 depth 1 type 1 parent ffff8880119ea406 contents: 0000000000000000 110C22FFFF ffff88807ab51780 110E22FFFF 0000000000000000 1B2F91FFFF ffff88807ab51140 1B2F95FFFF 0000000000000000 1FFFFFFFEFFF ffff88807ab518c0 1FFFFFFFFFFF ffff88807ab51280 2000007FFFFF ffff888031195500 200000FFFFFF ffff88807ab51a00 200001000FFF 0000000000000000 555579563FFF ffff88807ab51b40 555579585FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 233.104778][ T6965] 0-110c22ffff: 0000000000000000 [ 233.110246][ T6965] 110c230000-110e22ffff: ffff88807ab51780 [ 233.116708][ T6965] 110e230000-1b2f91ffff: 0000000000000000 [ 233.122945][ T6965] 1b2f920000-1b2f95ffff: ffff88807ab51140 [ 233.129198][ T6965] 1b2f960000-1fffffffefff: 0000000000000000 [ 233.135581][ T6965] 1ffffffff000-1fffffffffff: ffff88807ab518c0 [ 233.142149][ T6965] 200000000000-2000007fffff: ffff88807ab51280 [ 233.148769][ T6965] 200000800000-200000ffffff: ffff888031195500 [ 233.155340][ T6965] 200001000000-200001000fff: ffff88807ab51a00 [ 233.161915][ T6965] 200001001000-555579563fff: 0000000000000000 [ 233.168476][ T6965] 555579564000-555579585fff: ffff88807ab51b40 [ 233.175084][ T6965] 555579586000-7fc13a9fffff: node ffff888033a20a00 depth 1 type 1 parent ffff8880119ea40e contents: ffff88807ab51c80 555579597FFF 0000000000000000 7FC1389F6FFF ffff888079967280 7FC1389F7FFF ffff888079967140 7FC1391F7FFF ffff88802f997b40 7FC1391F8FFF ffff88802f9973c0 7FC1399F8FFF ffff88807c249b40 7FC1399FAFFF ffff888031902a00 7FC139DFAFFF ffff8880319028c0 7FC139DFCFFF ffff888031902640 7FC13A1FCFFF ffff88803107fdc0 7FC13A1FEFFF ffff88803107fa00 7FC13A5FEFFF ffff888033254500 7FC13A5FFFFF ffff88802faffa00 7FC13A9FFFFF 0000000000000000 0 000000000000000d [ 233.226832][ T6965] 555579586000-555579597fff: ffff88807ab51c80 [ 233.233591][ T6965] 555579598000-7fc1389f6fff: 0000000000000000 [ 233.240158][ T6965] 7fc1389f7000-7fc1389f7fff: ffff888079967280 [ 233.246722][ T6965] 7fc1389f8000-7fc1391f7fff: ffff888079967140 [ 233.253278][ T6965] 7fc1391f8000-7fc1391f8fff: ffff88802f997b40 [ 233.259808][ T6965] 7fc1391f9000-7fc1399f8fff: ffff88802f9973c0 [ 233.266417][ T6965] 7fc1399f9000-7fc1399fafff: ffff88807c249b40 [ 233.272951][ T6965] 7fc1399fb000-7fc139dfafff: ffff888031902a00 [ 233.279512][ T6965] 7fc139dfb000-7fc139dfcfff: ffff8880319028c0 [ 233.286148][ T6965] 7fc139dfd000-7fc13a1fcfff: ffff888031902640 [ 233.292878][ T6965] 7fc13a1fd000-7fc13a1fefff: ffff88803107fdc0 [ 233.299555][ T6965] 7fc13a1ff000-7fc13a5fefff: ffff88803107fa00 [ 233.306081][ T6965] 7fc13a5ff000-7fc13a5fffff: ffff888033254500 [ 233.312591][ T6965] 7fc13a600000-7fc13a9fffff: ffff88802faffa00 [ 233.319158][ T6965] 7fc13aa00000-7fc13ba95fff: node ffff888075db9e00 depth 1 type 1 parent ffff8880119ea416 contents: ffff88802faffb40 7FC13AA48FFF ffff88802a8f4140 7FC13ABEAFFF ffff8880316f5640 7FC13AC97FFF ffff88802f23a280 7FC13AD7CFFF ffff88802f23a140 7FC13AD85FFF 0000000000000000 7FC13AD8FFFF ffff88802f23a780 7FC13B8EDFFF 0000000000000000 7FC13BA73FFF ffff888031b9e000 7FC13BA74FFF ffff88803570ea00 7FC13BA94FFF ffff888031b9e3c0 7FC13BA95FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 233.367854][ T6965] 7fc13aa00000-7fc13aa48fff: ffff88802faffb40 [ 233.374441][ T6965] 7fc13aa49000-7fc13abeafff: ffff88802a8f4140 [ 233.380996][ T6965] 7fc13abeb000-7fc13ac97fff: ffff8880316f5640 [ 233.387588][ T6965] 7fc13ac98000-7fc13ad7cfff: ffff88802f23a280 [ 233.394328][ T6965] 7fc13ad7d000-7fc13ad85fff: ffff88802f23a140 [ 233.400783][ T6965] 7fc13ad86000-7fc13ad8ffff: 0000000000000000 [ 233.407569][ T6965] 7fc13ad90000-7fc13b8edfff: ffff88802f23a780 [ 233.414134][ T6965] 7fc13b8ee000-7fc13ba73fff: 0000000000000000 [ 233.420674][ T6965] 7fc13ba74000-7fc13ba74fff: ffff888031b9e000 [ 233.427322][ T6965] 7fc13ba75000-7fc13ba94fff: ffff88803570ea00 [ 233.433904][ T6965] 7fc13ba95000-7fc13ba95fff: ffff888031b9e3c0 [ 233.440442][ T6965] 7fc13ba96000-ffffffffffffffff: node ffff8880119eba00 depth 1 type 1 parent ffff8880119ea41e contents: ffff888064b54500 7FC13BAB5FFF ffff88803570e000 7FC13BAB6FFF ffff888064b543c0 7FC13BAD6FFF ffff88802f23a500 7FC13BADAFFF ffff888026e75c80 7FC13BADCFFF ffff888026e75000 7FC13BADEFFF 0000000000000000 7FFDA74B8FFF ffff888026e75500 7FFDA74D9FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 233.487343][ T6965] 7fc13ba96000-7fc13bab5fff: ffff888064b54500 [ 233.494566][ T6965] 7fc13bab6000-7fc13bab6fff: ffff88803570e000 [ 233.501458][ T6965] 7fc13bab7000-7fc13bad6fff: ffff888064b543c0 [ 233.508218][ T6965] 7fc13bad7000-7fc13badafff: ffff88802f23a500 [ 233.514787][ T6965] 7fc13badb000-7fc13badcfff: ffff888026e75c80 [ 233.521335][ T6965] 7fc13badd000-7fc13badefff: ffff888026e75000 [ 233.527968][ T6965] 7fc13badf000-7ffda74b8fff: 0000000000000000 [ 233.534735][ T6965] 7ffda74b9000-7ffda74d9fff: ffff888026e75500 [ 233.541322][ T6965] 7ffda74da000-ffffffffffffffff: 0000000000000000 [ 233.548543][ T6965] ------------[ cut here ]------------ [ 233.554055][ T6965] WARNING: CPU: 1 PID: 6965 at mm/vma.c:768 vma_merge_existing_range+0x1257/0x15b0 [ 233.563417][ T6965] Modules linked in: [ 233.567522][ T6965] CPU: 1 UID: 0 PID: 6965 Comm: syz.2.215 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 233.579204][ T6965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 233.589339][ T6965] RIP: 0010:vma_merge_existing_range+0x1257/0x15b0 [ 233.595925][ T6965] Code: 0b 90 e9 52 f0 ff ff e8 87 12 ad ff 90 0f 0b 90 e9 87 ef ff ff e8 79 12 ad ff 48 89 df 48 c7 c6 40 74 96 8b e8 fa a7 f2 ff 90 <0f> 0b 90 e9 ff ef ff ff e8 5c 12 ad ff e9 04 f1 ff ff e8 52 12 ad [ 233.615848][ T6965] RSP: 0018:ffffc90003a0faf8 EFLAGS: 00010286 [ 233.621952][ T6965] RAX: ffffffff8b5567cd RBX: ffffc90003a0fc40 RCX: ffff8880248b9e00 [ 233.630192][ T6965] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: ffffffffffffffff [ 233.638221][ T6965] RBP: 0000200000800000 R08: 0000000000000003 R09: 0000000000000004 [ 233.646268][ T6965] R10: dffffc0000000000 R11: fffffbfff1bfa66c R12: ffff88807ab51280 [ 233.654322][ T6965] R13: 1ffff92000741f8c R14: 0000200000000000 R15: 0000200000000000 [ 233.662322][ T6965] FS: 00007fc13ba946c0(0000) GS:ffff888125d98000(0000) knlGS:0000000000000000 [ 233.671319][ T6965] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 233.677951][ T6965] CR2: 00007f0fdfda6b60 CR3: 0000000061d7a000 CR4: 00000000003526f0 [ 233.686004][ T6965] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 233.694129][ T6965] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 233.702328][ T6965] Call Trace: [ 233.705857][ T6965] [ 233.708844][ T6965] vma_modify+0x76/0x460 [ 233.713179][ T6965] vma_modify_flags+0x1e8/0x230 [ 233.718074][ T6965] ? __pfx_vma_modify_flags+0x10/0x10 [ 233.723531][ T6965] mlock_fixup+0x22a/0x360 [ 233.727991][ T6965] apply_mlockall_flags+0x2f0/0x3c0 [ 233.733257][ T6965] ? __pfx_apply_mlockall_flags+0x10/0x10 [ 233.739023][ T6965] ? __pfx_down_write_killable+0x10/0x10 [ 233.744739][ T6965] __ia32_sys_munlockall+0x10a/0x220 [ 233.750062][ T6965] do_syscall_64+0xfa/0x3b0 [ 233.754643][ T6965] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.760737][ T6965] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 233.766434][ T6965] ? clear_bhb_loop+0x60/0xb0 [ 233.771144][ T6965] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.777112][ T6965] RIP: 0033:0x7fc13ab8e969 [ 233.781558][ T6965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.801241][ T6965] RSP: 002b:00007fc13ba94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000098 [ 233.809959][ T6965] RAX: ffffffffffffffda RBX: 00007fc13adb6160 RCX: 00007fc13ab8e969 [ 233.818196][ T6965] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 233.826226][ T6965] RBP: 00007fc13ba94090 R08: 0000000000000000 R09: 0000000000000000 [ 233.834283][ T6965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 233.842281][ T6965] R13: 0000000000000001 R14: 00007fc13adb6160 R15: 00007ffda74d8158 [ 233.850323][ T6965] [ 233.853403][ T6965] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 233.860705][ T6965] CPU: 1 UID: 0 PID: 6965 Comm: syz.2.215 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 233.872276][ T6965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 233.882349][ T6965] Call Trace: [ 233.885652][ T6965] [ 233.888608][ T6965] dump_stack_lvl+0x99/0x250 [ 233.893236][ T6965] ? __asan_memcpy+0x40/0x70 [ 233.897856][ T6965] ? __pfx_dump_stack_lvl+0x10/0x10 [ 233.903097][ T6965] ? __pfx__printk+0x10/0x10 [ 233.907727][ T6965] panic+0x2db/0x790 [ 233.911666][ T6965] ? __pfx_panic+0x10/0x10 [ 233.916141][ T6965] __warn+0x31b/0x4b0 [ 233.920155][ T6965] ? vma_merge_existing_range+0x1257/0x15b0 [ 233.926080][ T6965] ? vma_merge_existing_range+0x1257/0x15b0 [ 233.932004][ T6965] report_bug+0x2be/0x4f0 [ 233.936357][ T6965] ? vma_merge_existing_range+0x1257/0x15b0 [ 233.942288][ T6965] ? vma_merge_existing_range+0x1257/0x15b0 [ 233.948215][ T6965] ? vma_merge_existing_range+0x1259/0x15b0 [ 233.954141][ T6965] handle_bug+0x84/0x160 [ 233.958425][ T6965] exc_invalid_op+0x1a/0x50 [ 233.962961][ T6965] asm_exc_invalid_op+0x1a/0x20 [ 233.967835][ T6965] RIP: 0010:vma_merge_existing_range+0x1257/0x15b0 [ 233.974378][ T6965] Code: 0b 90 e9 52 f0 ff ff e8 87 12 ad ff 90 0f 0b 90 e9 87 ef ff ff e8 79 12 ad ff 48 89 df 48 c7 c6 40 74 96 8b e8 fa a7 f2 ff 90 <0f> 0b 90 e9 ff ef ff ff e8 5c 12 ad ff e9 04 f1 ff ff e8 52 12 ad [ 233.994006][ T6965] RSP: 0018:ffffc90003a0faf8 EFLAGS: 00010286 [ 234.000100][ T6965] RAX: ffffffff8b5567cd RBX: ffffc90003a0fc40 RCX: ffff8880248b9e00 [ 234.008095][ T6965] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: ffffffffffffffff [ 234.016090][ T6965] RBP: 0000200000800000 R08: 0000000000000003 R09: 0000000000000004 [ 234.024087][ T6965] R10: dffffc0000000000 R11: fffffbfff1bfa66c R12: ffff88807ab51280 [ 234.032080][ T6965] R13: 1ffff92000741f8c R14: 0000200000000000 R15: 0000200000000000 [ 234.040084][ T6965] ? mt_dump_node+0x18cd/0x26b0 [ 234.044975][ T6965] ? vma_merge_existing_range+0x1256/0x15b0 [ 234.050921][ T6965] vma_modify+0x76/0x460 [ 234.055375][ T6965] vma_modify_flags+0x1e8/0x230 [ 234.060264][ T6965] ? __pfx_vma_modify_flags+0x10/0x10 [ 234.065696][ T6965] mlock_fixup+0x22a/0x360 [ 234.070148][ T6965] apply_mlockall_flags+0x2f0/0x3c0 [ 234.075384][ T6965] ? __pfx_apply_mlockall_flags+0x10/0x10 [ 234.081144][ T6965] ? __pfx_down_write_killable+0x10/0x10 [ 234.086825][ T6965] __ia32_sys_munlockall+0x10a/0x220 [ 234.092151][ T6965] do_syscall_64+0xfa/0x3b0 [ 234.096686][ T6965] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.102775][ T6965] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 234.108434][ T6965] ? clear_bhb_loop+0x60/0xb0 [ 234.113136][ T6965] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.119051][ T6965] RIP: 0033:0x7fc13ab8e969 [ 234.123487][ T6965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 234.143130][ T6965] RSP: 002b:00007fc13ba94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000098 [ 234.151577][ T6965] RAX: ffffffffffffffda RBX: 00007fc13adb6160 RCX: 00007fc13ab8e969 [ 234.159575][ T6965] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 234.167567][ T6965] RBP: 00007fc13ba94090 R08: 0000000000000000 R09: 0000000000000000 [ 234.175560][ T6965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 234.183548][ T6965] R13: 0000000000000001 R14: 00007fc13adb6160 R15: 00007ffda74d8158 [ 234.191555][ T6965] [ 234.194730][ T6965] Kernel Offset: disabled [ 234.199057][ T6965] Rebooting in 86400 seconds..