last executing test programs: 5.206146915s ago: executing program 4 (id=77): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x40000000000000}}, {{@in=@rand_addr=0x64010102, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0xe8) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@loopback, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, 0xe8) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r2, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000002180)={&(0x7f0000002100)={0x2, 0x12, 0x4, 0x5, 0x2, 0x0, 0x70bd2b, 0x25dfdbfe}, 0x10}}, 0x800) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0) 4.998162491s ago: executing program 4 (id=80): mlock(&(0x7f0000fef000/0x11000)=nil, 0x11000) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = userfaultfd(0x1) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000004c0)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x3}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[], 0x0) clock_getres(0x7, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="100000000400000008000000", @ANYRES32], 0x48) 4.634720578s ago: executing program 0 (id=82): syz_emit_ethernet(0x4a, &(0x7f0000000500)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a9646", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x7}}}}}}}, 0x0) 4.397770675s ago: executing program 0 (id=84): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') open(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x0, 0x80) r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x2) mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) 4.106509149s ago: executing program 0 (id=85): openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) pipe(&(0x7f0000000100)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a843500140600fe80000000000000e5000000", @ANYRES32=0x41424344], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000001c0)="b9740b00000f32ea0000000021000f019e6f750000b906030000b800500000ba000000000f300f0e0f01c466660f38305c311366baa10066b8001066efb805000000b9800000000f01d9f2ac", 0x4c}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@ipv6_getroute={0x1c}, 0x1c}}, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) ioctl$KVM_RUN(r3, 0xae80, 0x0) 3.794039541s ago: executing program 1 (id=86): r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {0x0, 0xffff}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x842, 0x100}}}]}, 0x38}}, 0x0) r3 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x4, {0x0, 0x0, 0x12, r4, {0x0, 0x7}, {0xd, 0xffff}, {0xfff8}}}, 0x24}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r5 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r5, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 3.652658438s ago: executing program 0 (id=87): write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) clock_gettime(0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$netlink(0x10, 0x3, 0x8000000004) r5 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r5, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) setreuid(0x0, 0xee00) writev(r4, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001400add427323b472545b45602117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) socket$packet(0x11, 0x2, 0x300) 3.038632304s ago: executing program 3 (id=91): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00') socket$inet6_mptcp(0xa, 0x1, 0x106) preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000200)=""/233, 0xe9}], 0x1, 0xfff, 0x10000) ioctl$KVM_S390_VCPU_FAULT(r0, 0x4008ae52, &(0x7f0000000000)=0x4) pipe(&(0x7f0000000140)) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000040)='\b\x00\x00\x00', 0x4}, {0x0, 0x18}], 0x2) 3.007732056s ago: executing program 1 (id=92): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x2) syz_usb_disconnect(0xffffffffffffffff) ioctl$TIOCSTI(r0, 0x5437, 0x0) 2.807671617s ago: executing program 3 (id=94): syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_le_credits={{0x16, 0x4, 0x4}, {0xa, 0x100}}}}, 0x11) sendmsg$NLBL_MGMT_C_ADDDEF(0xffffffffffffffff, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 2.759645923s ago: executing program 2 (id=95): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000002000000fd0f000003"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) listen(r0, 0x3) syz_emit_ethernet(0x4a, &(0x7f0000000500)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a9646", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x7}}}}}}}, 0x0) 2.620785095s ago: executing program 2 (id=96): openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) setsockopt(0xffffffffffffffff, 0x1, 0x20, 0x0, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@file={0x0, '.\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$nl_route(0x10, 0x3, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socketpair(0x1, 0x2, 0x0, &(0x7f0000000300)) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r2}, 0x18) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000480)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0xff, 0x7fff0010}]}) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r3, 0x40082102, &(0x7f0000000080)) r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000000)={0x0, "f3c492eb0165203d36bec7080089b42c000004002231a110000000005900", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, 0x0) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2, r7}, 0x38) ioctl$TIOCL_SETSEL(r6, 0x4b52, &(0x7f0000000000)={0x2, {0x2, 0x8000, 0x0, 0x4}}) ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f0000000080)={"fe0d1acce4a37ef94acd000200"}) 2.55262141s ago: executing program 3 (id=97): openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) pipe(&(0x7f0000000100)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a843500140600fe80000000000000e5000000", @ANYRES32=0x41424344], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000001c0)="b9740b00000f32ea0000000021000f019e6f750000b906030000b800500000ba000000000f300f0e0f01c466660f38305c311366baa10066b8001066efb805000000b9800000000f01d9f2ac", 0x4c}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@ipv6_getroute={0x1c}, 0x1c}}, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2.367478341s ago: executing program 4 (id=98): write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) clock_gettime(0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0xfffffffffffffffd, 0xffffffffffffffff}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x8000000004) r4 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r4, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) writev(r3, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001400add427323b472545b45602117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) socket$packet(0x11, 0x2, 0x300) 2.215031392s ago: executing program 3 (id=99): pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r2 = add_key(&(0x7f0000000140)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) readv(r0, &(0x7f0000000540)=[{&(0x7f0000000000)=""/4, 0x4}], 0x1) syz_emit_ethernet(0x42, &(0x7f0000000240)=ANY=[@ANYBLOB="bbbbbbbbbbbb00000000000086dd6076b2af00062f00fc000004cba1414ec4b4b50000000000ff0200000000000000000000000000010000883e"], 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, r2, r1, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() getrlimit(0x8, &(0x7f0000000100)) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="02142000110000000040000000000000030005000000000002000000ffffffff0000000000000000080012000000010000000000000000000600000000000027b20e97a6a9ecae000000ee00000000000000000000000000fc020000000000000000000000000000030006000000000002000000e00000010000000000000000010018"], 0x88}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_exit\x00'}, 0x10) bpf$BPF_LINK_CREATE(0x15, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x7ff}}, 0x40) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x2, 0xf, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @broadcast}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x1, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@empty, @in6=@private2}}]}, 0x68}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 922.614834ms ago: executing program 1 (id=100): pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000140)={{0x6, @rose}, [@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r2, &(0x7f0000000300)={{0x6, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}, 0x48) close_range(r0, 0xffffffffffffffff, 0x0) 769.484992ms ago: executing program 4 (id=101): creat(&(0x7f00000002c0)='./file0\x00', 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x12, r0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = creat(0x0, 0x0) write(r2, &(0x7f0000000300)='(', 0x1) write$uinput_user_dev(r2, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x86, 0xc95a, 0x3, 0x3, 0x80, 0x2, 0x1, 0x7f, 0x5, 0x4d, 0xfffffff2, 0x2, 0xa, 0x3, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x3, 0x24, 0xffffffff, 0x1, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x7, 0x3, 0x7fff, 0x4c74, 0x8f00, 0x642, 0x3, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0x3, 0x5, 0x3c, 0x8f, 0x5, 0x6, 0x3, 0x5, 0x8, 0x3, 0x0, 0x80, 0x0, 0x5, 0xfffffff7, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf6, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffc, 0x3, 0x0, 0x7, 0x9, 0x2f, 0xe, 0x101, 0x78, 0xea4, 0xa, 0x4, 0x4, 0x8000, 0x800009, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0xffff, 0x9, 0x5f31, 0x0, 0x0, 0x6, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x2, 0x0, 0x1, 0x8000, 0xffff, 0x2, 0x7f, 0x9, 0x5, 0x3, 0x4, 0x1, 0x7, 0x6, 0xb, 0x48c93690, 0x2, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x6, 0x7fff, 0x0, 0x6, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1f0, 0x5, 0x8, 0x86, 0x8, 0x10000009, 0x3e7, 0x2, 0x2, 0x202, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x25, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x7, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0x54fe12d2, 0xbf, 0xb, 0x3, 0x400000, 0xfffffff9, 0x1, 0x1, 0x5, 0x1, 0x5, 0x0, 0x120000, 0x3, 0x6, 0x9, 0x5, 0x3], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x7, 0x5, 0x2, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x7, 0x60a7, 0x6, 0x6, 0xffffffff, 0x80000000, 0x805, 0x8, 0xc8, 0xca2, 0x3, 0xffff, 0x3, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x80000009, 0x1, 0x6c1b, 0x0, 0x4, 0x8, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1f, 0x1}}, 0x3c) mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000) 662.276425ms ago: executing program 4 (id=102): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000280)}, 0x20) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000340)) close(r0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) r2 = dup(r1) write$uinput_user_dev(r2, &(0x7f0000000380)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [], [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r2, 0x5501) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000002600)={'syz0\x00', {}, 0x2c, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13f12ef4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8c1, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3]}, 0x45c) 614.689128ms ago: executing program 2 (id=103): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x40000000000000}}, {{@in=@rand_addr=0x64010102, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0xe8) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@loopback, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, 0xe8) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r2, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000002180)={&(0x7f0000002100)={0x2, 0x12, 0x4, 0x5, 0x2, 0x0, 0x70bd2b, 0x25dfdbfe}, 0x10}}, 0x800) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0) 530.957827ms ago: executing program 1 (id=104): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x1, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file4\x00', 0x22440, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8f}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) sched_setscheduler(0x0, 0x2, &(0x7f0000000580)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) epoll_create1(0x80000) mkdirat(0xffffffffffffff9c, 0x0, 0x0) socket$inet6(0xa, 0x3, 0x3c) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)={0x2c, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}]}, 0x2c}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000440)={0x8c, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x66, 0x33, @probe_response={{{0x0, 0x0, 0x5, 0x0, 0x0, 0x1}, {0xaf}, @device_a, @device_a, @from_mac=@broadcast, {0x0, 0x4}}, 0x1, @default, 0x8100, @val={0x0, 0x6, @default_ibss_ssid}, @val, @val={0x3, 0x1, 0x9d}, @void, @val={0x6, 0x2, 0x8}, @val={0x2d, 0x1a, {0x8, 0x1, 0x2, 0x0, {0x3ff, 0x592, 0x0, 0x273, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x400, 0xf, 0x80}}, @void, @val={0x71, 0x7, {0x0, 0x1, 0xffffffffffffffff, 0x1, 0x2, 0x3, 0x30}}, [{0xdd, 0x6, "52d4ad5a6f5b"}]}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}]}, 0x8c}}, 0x0) 466.089304ms ago: executing program 3 (id=105): fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f8) close(0xffffffffffffffff) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b34, 0x0) mlockall(0x2) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006200)={0x2020, 0x0, 0x0}, 0x2020) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f}}, 0x50) listxattr(&(0x7f0000000900)='./file0\x00', 0x0, 0x8) syz_fuse_handle_req(r0, &(0x7f00000021c0)="3288151c2e977db5c4c54c1640c75f0d658d1684a3c105f5d7df4ca941ad8c3c420c6320a3ae9a96ebb15455d12a14888a901fcd9d3e363eae46911ac22f04e66bfb88ce22c7be17f6ff0d77ca56a15544534dd89a5ed6b61d79aed7f6e195559621ca5227d2853359d14f697b516f8ce0a4ec44f4adcb40d8a63bf0ca178d58f76b6a24485412150f4e61584ec1df79114e5068d473ca59ea9dd04aab44c49fd6519dafafb8fce478ac64924471e94a36128c889b64dd56ab61a120db803759efa4d6c70f73eb0806e66ba0d70e55c2f9d9a80a59a102f506fb8f819bacd9584e15ce425bd2059dad492c40111b3847fd73af275db6524be2ba56908959b9df98aaee1aabb43d9bdc819a209882f4790ac10a4b9760b8a82a307f5504eca89627288fb3bc779efc831a8c91b51428b8efa1cadf7d8b552c9e4a0f8a10aa526d4cd5f102763563237d85de37371136a3ecf41592d11f1281156622e8901fffcaa3138b2b8a87a98994ec3ce9dafff95bcd2206ed4075fdf4a0e78633242c27543f2251fd2f23ae2f096de8eceea5c7749ddb8f4ee9ac11e7e41f6635b7324b2f64a115db92028ae7133fdcc9d6528f78d017f88b7df97eb207d97b5890431e0e37d21043918ec64f806fb08427056a95c0251f8a3743bb808f40ada21c534c18446da38e0fa152cd085349c5860a87f6414ab245f6f465295eda585a34f22338eb6dcda667ce5bc195c03d6fa403794baada29f6fc62895add5dc8d5292b3ca8310d82ca635b4bb1b0ad0b0fe152c698213a64b166222b6ae8b2b1d20f5c003dc01cc92e956788f3d38170afa1ee4cf5dd0acfdda1e58d51b401dea12af9f3692c021144294ed4d747617c63b0ef2c6558b9982eed907d8168e0967d96673b3b683043a99bdb0ce9a6f43c585d38b4b1e45ff0ef3c65615c769a88ab1cf38c336f25a9b215a8c308e6f196318c58889083b17aaf3968b9a760c217d3ab6ba7269a9a6a1f5e032dd7845642f6a900cfffb3231604f15dcf9ef6bb5f7b9bb55e62002b4968de4a59cacff198fc64fccc5d6794d57802dafa3d6ad99df4094baa5d48def962fdf3d8ddd6c26c9dcb1e3c5a4a77f5680b4424062236e019f0db5c69f080a2386ae76a8f4048fda0e47eee3582da17dc6b665151ac402ea7bbbbab15adef7dbf836bc0d8b314f2c3ee48a4fdb06f4326e4e8b36bae2a12f9095acee5a0cb257b92df806ad34e2177231e72fe2a364ea8a4e1f7fe07c6b6804f5885548ee76c54a68b8c009bf5724c92bf1f2bdd3210c134f108ab33b57f4c02b0a50187d56166249f88dfe154d2c0bc5296782884b77ad12829d86e09da27508b232ba30fdc0437e3f14d949cabf1d2a4c77549a187ab955cf7cebe0a8a6622d1540f21052145279f8cd80cdea84e206329fb3d90793314ef313de935274f2faf2b30ff7c70677a8cc10e7d47a2744799c47a75406a775c7ba6dfb6511bfde0ea2d732d5abb87f6d194a476d2bb081f5b711d8e100ad97c2568facfedeb1af3309732a22669277ebe3359a5f506b5b143b2ed60603474b3e9951fb30c6e27b512808f6a7d15abf53faa482beb9ab6fd83a678bfcac222dd1b395dc79b244ba25fc6a30bad01b204f092a7ac13d598d316f1a68ff299d277d2f674b34dc882a892fce048a660a628bde4db2ca465213b4ea5820b57b3034bb2f03ce0c0f5fcb9b0bbc37b3ac9e1c8a5ff703aea6c8a167df17be53c3eca94b464592e2a1a42580ee02fa68d4a2387a1459dc3fb63e89fd783386e12f45dab89fc03729489c441ad979820e6438fdcd8f8182f8066b3a8b740afe2792caacf333422d0941a4ddfeec05e14e060c97b8a532a36f947c4fdb0e9e197435fade5c56f8a60d64d57bd7dbd7149d878e824d6ef37eb68ea5016c08effc6779e6b0179fb9d3242ea10005ba1facb5ac331678cc76be21fa93a46f26cca0760e620ef1946cd7f0c058a925aec97f861032c0948ab79a6c53b09c99095497e238a6c1856423fe8dbbb91547f2c9f950cb11d3e38abaa89a611b6ca4c8fad4f8ccd448edb2892063f9d6f7c0934464e30d246e2cb1cc48b0238191a2bafe6f9c9e36dc3bfa40737f16abbe39bd17f625190e55521b5004fa076ad027839bd61b74e7f148f4c79534348659844d80a0ed07819fd3368de5745554616d826c01dd86114b705b1662109a7b63ecbe3e3bebe7e648dc181c8bf7c86ecf2a76409009c8cf52573591235c0606a9651bf0be6b989864c729d7b6908256ebae679fb02c30c8cd85513d96d13b8190041f18d7c37df19f8c38779e5d5b631aac4d5173b36d21fad0d6c7dbdfd1d8a2573669a24c2e8dcf284bebda03a1424e603787ba7033b7f5172427b6791df2f3961c3376fe74b092a4bb0e735ee906cd4076c8c00ca806506d3575eb6f8cdc7c84adcfa2b6537c2843924547ea0f69bf32281f3101052b0621c28e45faf4dda79e1cfbb94fa7be85d5667511a0d893ed2d4426171fb2407b74b95684e17231f3fff588163c25d763df96b791db96483b43ec7e462c2d3c4cbee70499e4d410ef7d29ca1fbe6b929bab676eb508e93bd342f47c81ffd891219f21baff3dabedefad2d60b964abf13976b101c0d98a80042198a2e1ddb16351049751010f3cc671b527f9ae14552e864d06d4359d3c661d140f1d307a8e1af4d2de6570dff2396206a23eaf79bff4daa0038a27704c21a3a0f54fede836fcda2610f1e94ee91d2a1a475c1541fec5f5541a92ee451e2f6efc86089af0e534c8226e9e32a1ffe90c8760137e6c3fce8f1cd3f397e603314b93515e35b118527dccb06a361832b88f5dfba7a55133c5cf80e95ceaa9bb9166b0e2b4edf1f67933ea095502cd59fdebdfe74d86d2319634062f51f0e5fcded6ccfaca80d3007ec52658c71b9ba29e08ce88415143409b68fe8b2fb4bd6675c3aa7b9956ade547de95fbdaedcbb4a765906afaa1ab0e2de34cef26a506a87c157348f38c2e4cad4a2e4e4645f56fe40441b2498fe96f514697827cd556539e33f41139d72425a09ee15378f4c018a052db424b092850d6e70cef5a5d393ec163d85732386849125c003126d63d86f586cfa1a3bb7670abc3f40dd7826b95c4cb81b9f778561acc4b5691a17419d6be237e055dcc08e274c100a9fceb9e151a8559e8d3d6eb8e3a9f65d4bfc379bea58871fcf3aa643ee78ab9b88a6de75a7118c6d5b627d90938ece3b8afd608acaf2772e459a362a2892dfee87ca3ebc4274e5298a74a2ee891f3697c1ac17dc26953849cad80d44f38b2576ba0a12b0561c030edc952567e56bd2b8cd11ab98b1e03e0a624e90e6c6b1d351b0d8bb66f91c4b9c6721a63eb8992ac93740817489c7c0b0b5f3fb205b07ce0e5e011ec4d9b37e0cff865ad25ac102d9c1c61a977431b5dbe30e842c6c14c06501871de0bfbe35747d43ad1b9826618b7ee87f9272e6e814900a6e46972990d1201f050bd8b271f6283817ce9d1b06b451ee6bf320789e38b581bcd74a119523ac74ea08fe3c2229b35d85a23d7479f661adcedd777212788885d86d068da92e00c301f9b62567dc1dadbe161191d9bbb91c946f4749b5012fb08169f0e9cf786a6e4f4380babad8b8f5a88977abb8c9d1b1ea3d4d0beae76171389ed77aed76d13f0c4bf1dfcb4e2d25ea936ccf572c1a1b8e3d384bfcbd8831a862c3dd7a688777ad64af1dee6958426df879045169a2dcae5b45b71ac074d544bfa1f8fc20e8469f4e61f6976d58c224020cad6d5a7f18bc47a4669b032114bb6388e9a9b4d50d9c81f4aed86f714decd8a956747d14de43675718c5e41e97f38ffaccf553f5cf520753c91a784d53ee391a3a0d75357f75034c1dcd968e26cf0ce206932d81a754a5d660bab2d628c316e13927ccb3f976750d2bf146d945e29211ad436e9b3540baf3b5f7869c0f096a93c790bb9b639b7151221f8218d415c9d351d2b733e0d5f1bc00655578b4112e2ea653ea8fab0cbb25b89a10b47984d0d587b558978a933ce5a3a97724cf2a1b47cdd8387208daf7a379ff9a88d369d90b186ae0d2f891364fc5b9581f05c23cf092190466e8017857274c34048e6c968a59f3d933e099f1cf2ae0a53517c3ceded88fbecd0023c6e49a3f62466507178e3224286591c81363a7747898477ca0cf5ba276c681a64e6232b93bbd0233b38a7da82456cf443d84a3b42c05c4d6ac2924962c937643dccf1479d06b48734941e8486c7754434fb6cb29cd1ce9f929cde4df55f39c3fc8d68c3b9dc05a54302ba19e2854d0d9353442a06f8a86617ab97239c2571bc8b2a0dcca88900a55a0932398b0dba16f7323c31847bb2fa3b2e4d90624a69fd3f6695b391ad6358c5c3fc3c9005f7ab30af748e14e6d3a1cc1454e7d160565670aaef81c32fcfd3d31a8f0fcd8fb7401911c0b551c4746ea7b6ae5d324fc6668d98004c6e808a16fb226c00b8373b62b823212ff052aad18e3414322c58b1e1de6fcb91241176db59a48cc4e61fdd94b14a6b0e86c8730f873e7e55e3e43f4cf015e6065fda941a9407e49c429ee73e5556c519c117d2bfbadb7dce64a01042a8af49e6329014a8377a426457f7333c5a5d26681d193904b80f7ae43c884349be8b652cf4be2d84d81137699b463901e3377affcadebac32fe879f1fb2069838304df927be067e165b47aec52e91aa231b7cbb5518db7e4370dba199ce3051a5bb90f059a76e8a3b85b8780688cbfa44aa56240d0f429a4c6d9566907cf9d5efc136e98fbb9450cd2d6f88bd194c461f5bc0a57eb8420568d0f838ac983b96e553b33c8e6ef15c0fbdcc3d9c0705d25724dae5593f9c1ad09d5879aa9a2f7f71503acd23b47fae7ded6bf69bba501e5a0389a63037104288fd682104c169d8d1ef8ea54a7040f109038b52c53136d42a1ec617b885026c7e9ad2974e2a11f0ec3d7db885a0a0eac18507abb51a2b9af5fab4d5449840c418625034e4127f97f9aa4012c8c7379aa7d9b31bd6a95a4c47ff902acb67935e791dddb5ed5f3609df806630eabab01e60bd7b2fc475824bd5bcd302252c83dc2a407fdddb59a5d587f230f68bc1614fc88559230d102274a05c87b9be769167b4086a98cdfa240ac21b3691c1cd6a97ca780f348ee54dd20a2303d6581942f5cb869fa84a153414f8c0378b2e0fc398a6fbf390e9873aaa0a0817cc844a9d940ff396d26142a6d8c8c17f1300307429760f6122790a15e38a69981c1b91ef9b6fc23ce80da120b82909fca5d92c354d7331ee65fa00356b69edfbe3c292b72b6c74e85f77c2989faeab238c00c027721ea45add1bc1e03c721e4f7dbeb04eb8cd03c9297041384980f2b3c7165c06f65f612e9f95e1eccbab9f5a287f50f82f0e8fbf12591a9d294ea55ff52875a83d9ef766a1dfdcd31b5e4bd2034168e5abcc1899627ac57aadd5ca5b362c27760754cf66c55c4f8c6b7a5959b2c81f51acd0bf339dec9144be5c57af5605a04edfe9c87f034d308b433e39ca333fac7a9c9652182fe7957d8503581d2b945f985850123465d7dcbf5730757c8ca40a8e0709819c8c5f19d8df669af97074f2d5d81ac76b9d5a2c3ceb831ee58c2343cac1960c76f29f73df05a4c05228d7b0e1bcc8df4bf90159e74013eaaf7b5e1b329d1e6c6a9afd36971abf1d2a8951b3eec7e839b185667c94efc388917dcc9ddbf70f771e05784a41518dadec72323d5ecba638f965e3c05f934d0a98e3fe279e8ff3c8823360ffbabdba3945a599bf4201339ae1844390efc84814bd177b2be126d7708fb4cbf0ccbf58dc0458a4e252a731d3c34f7ca65f6fa78a9f9fcf6cec8f6aa5034ad7dce68616ba6c227affbaf88684db0a4646de8bbdec827abd98fec7fcc67d6d6383396ac4a569b5edefcbda591282dca46ae15342d65b4257183bc298d0f010be7db14649606b084d055a568c62a5aa9d828e793bee54b7e7065a89e1845f39987f37ff06bab0a75a8ddb9439a64105d7ec46ea28a896ab4119a5ac426888960e366de0004b75dd8a21b4d89911fc532237e1a123d6e9aed4ef48feba7f0b13c80d555db1429c91ad41c65207719a980f8e2dcbba25c9080321d8ce8ee22106060478899d49b07210347512c0e22d7d34966a24abb51d073751eaaf761cfa5947db2f9d736ba1bed8a29d00cb314eab76ac2c3edea859c208f29a20aafafd3490b5efe0615b51b6fcd5624bf09944982cc3a7922571e3eb72722fc88745963425e4702c311ce2aaef66d59dbf62685c49369e98b696a8ab1ed39b98f2f374fca21e18b61d9d0d8769ce209091ff954d5f4be82ca0a31333279eb22a16c000913be140ead0ea44595835e543516088ac6a23c27639d1edf053d42a71e751d5289a5572494345d32b0ad972f6bf77ce5f72ce8d9e557dd819e71828bd59359e5c6dfb17473c1c465ea0a9c763c5261c664005f8d87c97cfbfd577025d5e7d63390bef93d28b0d4ea1b8e5dda1addadc2360ed448c734cc40e8e43d1937e2a7d2bb3ccb12941d53f6fbb2618d3e828a160d5dccbf32505e96d5bb39aad77e936c7f5b7feb9ebca1b8b0066be4159a45fe1f4f0493cebfa3e50dd9a64561473cca598e78162cc6b167dabb574636369cad9c514acb841ef345dd5d08dac0e4f17334d15f6f774baee4c8d707acc6bb642f1a3028ec041bd3dddf4555e8a3595496d2945d1fee60cc58d33e19739aff1cb46d71a6dfdd7526502f157fde109cfceeb30a48e861ba387dae01faf8484692e7a937ca9b41f9f882b44469c0bc6af878cdc2315d7fec185261f426fb420ffdf3bdefb75523590d42e64fa32a8e72560b5e57804ff922d3e294db00c3c03a0833b2651dabc7a21b88fba5e921f0a3670eb59cecd44d7e82a4f2f421b6aa57b7d9f63946ed4ff2b83135e0424d252f33b6a6d2a397c36c29697ae2206a11e128146552382b8dfb5d31facd9344c247bab66e56d79e6869b6c4f8453ad253842f0013c020b2c17e9724dce9664eb7f5dc211b5f5b22024e2ad0d0072d058de5dfa8ee07a54d4a0cd7df63f289125c768ead2a692e2ef1b937339b357a14e23792e7630d0d7f76fcaf8380062aa1f7e4526f02b47479e1abafc5469c7f4bd44712c1722ce3c441cc44ea5ad7bb7a177f866d098ab32c6512d27f2fa64d62e0a5bfce6d7c54fb57a11f5acc4d16d867520901b1d1fe6463d7aea2c634a3e840970d2cad8a7ee3ed07f1d92fe7821f38ed9c81e90989b1e014e4dc3692d545196d895e2b9e76c23c1af021168580075a044d7ea9b7adcaaf1468a24bc2667eaf96f597b6f6603b61305826b0eb07f641f824b8c35e8f50ec62d568b04897ae226009e0b5429faec334ba9fa9256e62b4fb66ea4cded2c4c0257592e74e6694d1321be98ee80e8d8250d4f09c09a1f48411524f045de34409fbc597d5cfd6aebca2749dfc2f0cfceea59e350d418aeb6c2f01fc65db233a3628647a3ed74c60e89491fec05d700888e4e18d225f674030d5ca5792d19c6b1ff0b11dc1528482358b9ea09d2276b74848f0a1b4858ee0bc454c8262ba9c436c2409f288e5c0a1c78406768368a1cbe98a27ddb84612b4854d75c026e672e0ae1575afeb1adfca55cbc535c9a394dbbbd8a79910906381a001d657206cebf6be547d62254d70d2074807fb6e610cd123bc574ee1fefce4f0f59243ff3746595e3522fcf1c1bed8304a3bd71de10a470307fbd11ea96a9851896ecf7d9226ed2d55d9ad93daec18ca6cc55d1383cc22c78866ab83298b9bc414e8b2cc228fd1e9abca4fd2cc73c3e5bc25b7a13c89714f673db0556914a8e66758d2e4c3cd6556956a968a4813de7f8b3f25bc969de4a8dd5d31539525f456c4c5bd5e1b7f7246a3b5b1844f64e526008ea86f382ed677f7c015005a74e0f8b428c919bb5178707f7c9bd73eaa61285f2cbf9f703a03301ba789f8b387c89629f3092b07d29367895f7e6a3791f70b980ee7fd1abab4bcf2ffc0879694f749ec28deb07cd009fe8e47d73f5df344376fd043d3856843a7ddaf39bf3c15e8241059c9dd5cc560b8c25f2d8395d73d8bfe124fde6e2b2351501e42e483e0e7b5ccdc14e0a7f9ca2bab1c394813ee8405eae79a6df46452f82d86f02323d2361d07eb7f04c14e6b37302aa26de9982b32b9bcafa92c5de11241c28b3aeab2c5cc0a64f916309d65e424cffe08fd173708e0481e15847280aa013513bbe8aac8c9d6757c048f5b5e0a1e70347fca29f73672ae44955c9901d32ba451cb3643f8f6884f8306428c38d23d8f95e4e6f921836d5214f816b8401e1eb489dd521a06903a4b828ab2aa603b9485d6514514705d3818b356ab006b78590681ddc177c2ccd5ffa1c98985dab56e00c1230c28ca82e88cc5f137341842ef200c5cce4ebf9973f232fe6fc8c467a1c0381f7feddd7c2a96dd228f28aefae0901763a64a5c8af1ce4936415ed938d70ff95dc44e46b38af2a5b885734ec31380e4c2d7759e95dc3217f759eb12a7658fac3da3f5e98e250349e011a262278e7f1ca16ade8920d50dabe6ff85bc26353ec44ce9b2f31ff7d182da2087906ddff5de97739568b077bfc5a03c619fe673bed8ee97f175359f2388ffc0b212e660c9f36e0b55fe0c2f257a77153e72ad9d7b871e3f0a29a52c3ff0cf9fc3cb900ffde4fef98fdf88ec4046e8b58c1ed588a53ec1f1208991cf50082918a7433d88d5e96b87497b3512e566ced62d571f3e1a8ac132a69dc34b7e6ee9e86ffdd27583111ba7fd118eaba1967152afa487cf7b073b073f671eb62391a3286308d00f2bc8fba73883f76f33c1d5051290385a6efa4ef59d55f489e9bb53f1060bcc28a7879ff2cb8822ec59b322889f61dd0afac042c62bad0e6620059d5f9d82e056af3ee8438c19f9d7eed0a6a5726b3476ac02a278a85a873314dc0a1212d71c447823482dd178cfec1cc23a7d0af388420279c286079b4398121dba049f69bd6d63d1fcb0de1e7d111e385a4e2be943011337ecf63688a7b8cede96d50640b47018b661d104c6341a1556215d05a7e05ffe06e2162098cfd0fa65cb5b4626101a9c61277cc9fa50073b54977476b161adcd55a3957e7fede3678ac367d7f082c38fe5c1153bad1602de84b16621423b521b780814c9708ee0c0a9bd3992bdb33c495869551dcfa16a48be544d989ead65e58d0e101795bc10228a6ce5709ae93edc3ccbc6b85a2bf43ba334d9dbbb69dcf9ca93c8bd4e60bfa25aea56a0e2510d17578e8185b52100a91e6556240534a09eceaed611083490a5115fcf546d4bc49e1fa8fcd5235c458c5b1d58eb4bbe1c3dd5e7966494f3b281c547bdcbce070936c54138149d7785a00967a52746df3d099175e29a5c33806afe4a0ca05377c22db492cb8f575da554b5ce1c812c75f33465a024c414ce059cff76a8fd7387d63e957a778ee1107f96aaa22cfb2c99def37b0928e1ff8983902b1549976d222ba12b6109838aaf035dee9ff1ea859e0e4a9e24cb3ed0c955f39e147521b14229471a6187e4526ccf27a95f39487836687b0b4989deaf8ef16261d6fb90d627735f5104578b4cb8a186f1608a3c9fc903c9ad7f62547ba5aa53159ba4d7ae30fcfe056280da4bea125623ad8a0b28a1dc04525ebdf8947b44925c46d85f041450698a75e75a186778528a26725f9cb7aaceed154642d9bd3600d04c2364a77455a3ddc8a31e97814d75b45dd72f98d8f1c9798b7cd52303978b3d68f53807ad7e6bf1e5020c9434225101a3cc67d4da23d4c03d3b26168a72816ec7d0f3ad60fe167c9381ad83f0dad7d77c819c75b58a5ff11b7202d279229d50af3186a88a0da0e03bd7376f1097cbfa794122ea7e45538e2197923b436de1f4b39642aef5a6b4bc6f299172eaeebc24fb1a2d0211402039209220b4235734f304a56f6892c2c9927813843eb6ca55f9e65dbd0283f4d902e682d76930202c5a59488abf5348e98ab2ab1f7a8e743f048bbce703004c64f61a3c01692cbabc035d4047ce64eb246da76c7d99feb402f699ef76fc79f9dd779a9d7d16289a02cf6f970d48cb93e78aa3dda07ecde8e945ba17eede846e2037a675f18f573398600b0eb97095f059480b0131f623aca5f0939cfa6ca83c4d1ac7f60a4124e943b0c10829b3a968338dbd126e725c16cdaec7a32cb1b9aec40e12f816914682a01f85384fa37eec5f9139301f7a58193bf4f5c68855d593af26d2c6337aef7b8605f719a49aac9c09f649b0eeefd0a823a00144c2b8923a1c64d1333e5f7887ee32cdf88da4e84fe5aaa0af733133c9f1d72fffc20937864dc2bb5a030db246f57b437dbaef2e25104a0c7a0d767c8e0ecc4c43ce18cd9de70e55f18be8d082024389ad7e392c4766d68e0e8e6e3854641b4c95b87e36efe67df7861c0c9b6125e9f23ab59e7fc94ae1df15ea35b7bf8b6359ac36d64c953166fd08494629210e84ea81b61fcb726392c880c1eba1ad5745fa16276b5c9a42a80603a5ad4ac5f8fcc8f2a10ebd11b6b2f2121e71b987636a332094e16e784548c40fec1ba86ce719c22c5a91075d8c9cb1319fa7eebc370df6a4d128a54865eb1e0e531301e35694ea2dde25d441858438ef6a67ad408d29c26efe7ece815c37316fc779626206eb8104e223b6b8b6afe68ec73f3a406f5ab46a6e432f3840f12cb371fc53c11aa118b6a85c06e87679a9f2b923a57e316ecc7658292481b341d19ea550e46e72b2629ee2c3cf724a5627e76466d79ca70d6da6bf8f795c808778aec2b1b56d4768c0ac0e5b40f0826e817bb4c2c6f16b0c37af3d399358cc3164a68f1a55e409e4bbd46b8a2f262fe4021c82d7ba58358a41c184c66c30788dcec9e9ee966db0b48631e49c467107fa1473ada4615dbc92dc4fef1b089a9951407f38370bbc46c3014069507545f2f916648eaa0491a29131a0fadeff37952302a2b0e6db871c420cb0256718fe9070ec400486bfb7d3ea31e48a8662215c4d8a43209f40e1015e21fc12a7d6f20f19499fe223803000de9eadc6abc28ac6c9a80d200db1ea6fe493040ded3f7ed97a213c3dda058fb60077911c8defb60f594fed7da89f2b843888610104c52e880cf2b08e85f9080e8407254784fddbd72b995636ecfeb5cf74f5fb4ba7cf5f072136ebdff67bb744776882a535d19ec33dc894797709bc7cae89f28e5b5ea392d8ab721d0b9854a0462879fd2918063475d59df55369ccabbf27bffab10dc306f69c5d381232fa890d5a4eb01b7c3cfeff70208049058737aecd81ee6ee4537c68773aa4efe6972f906f3816b5f5a6acfff16fbaa7db03169d12f7c0c65162ca5da3c49e628432cd1668341b72016b96967491ed4f5cb8b4acdcd2f347a828d44e6f98c4ea16b45b347ec6ed71102c4ad32935bb9a806749c30ae94ece095f1777fb37a50ec9f8f85699642ca3359559e788844f3fbd6c24a02e45c6e0cf653a4838aa551ae91c5556a776dfdf862165b97cca29e0e80fe39f98e9490e3da48bcdaa5085713d5e1083df543e7ae0105023e4b8d833c", 0x2000, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x18, 0x0, 0x0, {0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 408.000101ms ago: executing program 0 (id=106): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000002000000fd0f000003"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) listen(r0, 0x3) syz_emit_ethernet(0x4a, &(0x7f0000000500)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a9646", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x7}}}}}}}, 0x0) 407.089511ms ago: executing program 2 (id=107): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000040)='\b\x00\x00\x00', 0x4}, {0x0, 0x18}], 0x2) 321.395594ms ago: executing program 3 (id=108): mlock(&(0x7f0000fef000/0x11000)=nil, 0x11000) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0xc) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = userfaultfd(0x1) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000004c0)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x3}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[], 0x0) clock_getres(0x7, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="100000000400000008000000", @ANYRES32], 0x48) 272.626204ms ago: executing program 4 (id=109): openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) pipe(&(0x7f0000000100)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a843500140600fe80000000000000e5000000", @ANYRES32=0x41424344], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000001c0)="b9740b00000f32ea0000000021000f019e6f750000b906030000b800500000ba000000000f300f0e0f01c466660f38305c311366baa10066b8001066efb805000000b9800000000f01d9f2ac", 0x4c}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@ipv6_getroute={0x1c}, 0x1c}}, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) ioctl$KVM_RUN(r3, 0xae80, 0x0) 272.149714ms ago: executing program 2 (id=110): bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x3, &(0x7f0000001300)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)={r0, r2, 0x3, 0x0, @void}, 0x62) connect$inet(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) 225.966577ms ago: executing program 0 (id=111): write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) clock_gettime(0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0xfffffffffffffffd, 0xffffffffffffffff}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x8000000004) r4 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r4, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) writev(r3, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001400add427323b472545b45602117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) socket$packet(0x11, 0x2, 0x300) 195.071721ms ago: executing program 1 (id=112): creat(&(0x7f00000002c0)='./file0\x00', 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x12, r0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = creat(0x0, 0x0) write(r2, &(0x7f0000000300)='(', 0x1) write$uinput_user_dev(r2, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x86, 0xc95a, 0x3, 0x3, 0x80, 0x2, 0x1, 0x7f, 0x5, 0x4d, 0xfffffff2, 0x2, 0xa, 0x3, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x3, 0x24, 0xffffffff, 0x1, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x7, 0x3, 0x7fff, 0x4c74, 0x8f00, 0x642, 0x3, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0x3, 0x5, 0x3c, 0x8f, 0x5, 0x6, 0x3, 0x5, 0x8, 0x3, 0x0, 0x80, 0x0, 0x5, 0xfffffff7, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf6, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffc, 0x3, 0x0, 0x7, 0x9, 0x2f, 0xe, 0x101, 0x78, 0xea4, 0xa, 0x4, 0x4, 0x8000, 0x800009, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0xffff, 0x9, 0x5f31, 0x0, 0x0, 0x6, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x2, 0x0, 0x1, 0x8000, 0xffff, 0x2, 0x7f, 0x9, 0x5, 0x3, 0x4, 0x1, 0x7, 0x6, 0xb, 0x48c93690, 0x2, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x6, 0x7fff, 0x0, 0x6, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1f0, 0x5, 0x8, 0x86, 0x8, 0x10000009, 0x3e7, 0x2, 0x2, 0x202, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x25, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x7, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0x54fe12d2, 0xbf, 0xb, 0x3, 0x400000, 0xfffffff9, 0x1, 0x1, 0x5, 0x1, 0x5, 0x0, 0x120000, 0x3, 0x6, 0x9, 0x5, 0x3], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x7, 0x5, 0x2, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x7, 0x60a7, 0x6, 0x6, 0xffffffff, 0x80000000, 0x805, 0x8, 0xc8, 0xca2, 0x3, 0xffff, 0x3, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x80000009, 0x1, 0x6c1b, 0x0, 0x4, 0x8, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1f, 0x1}}, 0x3c) mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000) 97.322899ms ago: executing program 2 (id=113): openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) setsockopt(0xffffffffffffffff, 0x1, 0x20, 0x0, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@file={0x0, '.\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$nl_route(0x10, 0x3, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socketpair(0x1, 0x2, 0x0, &(0x7f0000000300)) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r2}, 0x18) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000480)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0xff, 0x7fff0010}]}) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r3, 0x40082102, &(0x7f0000000080)) r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000000)={0x0, "f3c492eb0165203d36bec7080089b42c000004002231a110000000005900", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, 0x0) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2, r7}, 0x38) ioctl$TIOCL_SETSEL(r6, 0x4b52, &(0x7f0000000000)={0x2, {0x2, 0x8000, 0x0, 0x4}}) ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f0000000080)={"fe0d1acce4a37ef94acd000200"}) 0s ago: executing program 1 (id=114): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) socket$igmp(0x2, 0x3, 0x2) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(0xffffffffffffffff, 0x4068aea3, 0x0) fcntl$lock(0xffffffffffffffff, 0x26, 0x0) syz_open_dev$sg(0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x0, 0x1a, &(0x7f0000000240)=ANY=[@ANYBLOB="180510f1a1d739470d00"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018200000", @ANYRES32, @ANYBLOB="00000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000000500000010000000bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) write$UHID_CREATE2(r0, &(0x7f00000002c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SG_NEXT_CMD_LEN(r1, 0xc0481273, &(0x7f0000000000)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.148' (ED25519) to the list of known hosts. [ 54.233831][ T5837] cgroup: Unknown subsys name 'net' [ 54.366450][ T5837] cgroup: Unknown subsys name 'cpuset' [ 54.374402][ T5837] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 55.663544][ T5837] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 57.809544][ T5863] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 57.818712][ T5863] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 57.827432][ T5865] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 57.851111][ T5864] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 57.859416][ T5864] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 57.863168][ T5865] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 57.867687][ T5864] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 57.878018][ T5863] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 57.881427][ T5864] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 57.888690][ T5867] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 57.896443][ T5864] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 57.903369][ T5867] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 57.908966][ T5864] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 57.915288][ T5863] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 57.925567][ T5864] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 57.930039][ T5867] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 57.944371][ T5863] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 57.952916][ T5867] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 57.960926][ T5867] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 57.969009][ T5867] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 57.974520][ T5866] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 57.976552][ T5867] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 57.983353][ T5866] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 57.998651][ T5864] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 58.000572][ T5858] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 58.007186][ T5866] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 58.023978][ T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 58.027243][ T5866] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 58.031137][ T5858] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 58.041982][ T5866] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 58.478185][ T5848] chnl_net:caif_netlink_parms(): no params data found [ 58.505136][ T5849] chnl_net:caif_netlink_parms(): no params data found [ 58.546944][ T5852] chnl_net:caif_netlink_parms(): no params data found [ 58.562963][ T5861] chnl_net:caif_netlink_parms(): no params data found [ 58.715782][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 58.727989][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.736004][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.743991][ T5848] bridge_slave_0: entered allmulticast mode [ 58.750590][ T5848] bridge_slave_0: entered promiscuous mode [ 58.764352][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.771437][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.778657][ T5849] bridge_slave_0: entered allmulticast mode [ 58.785261][ T5849] bridge_slave_0: entered promiscuous mode [ 58.803363][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.810452][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.818096][ T5848] bridge_slave_1: entered allmulticast mode [ 58.825532][ T5848] bridge_slave_1: entered promiscuous mode [ 58.841615][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.848995][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.856188][ T5849] bridge_slave_1: entered allmulticast mode [ 58.862695][ T5849] bridge_slave_1: entered promiscuous mode [ 58.926331][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.936013][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.943706][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.950809][ T5852] bridge_slave_0: entered allmulticast mode [ 58.958130][ T5852] bridge_slave_0: entered promiscuous mode [ 58.971296][ T5861] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.978996][ T5861] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.986288][ T5861] bridge_slave_0: entered allmulticast mode [ 58.992777][ T5861] bridge_slave_0: entered promiscuous mode [ 59.001369][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.014229][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.038485][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.054873][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.062021][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.069640][ T5852] bridge_slave_1: entered allmulticast mode [ 59.076568][ T5852] bridge_slave_1: entered promiscuous mode [ 59.091445][ T5861] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.098686][ T5861] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.106046][ T5861] bridge_slave_1: entered allmulticast mode [ 59.112562][ T5861] bridge_slave_1: entered promiscuous mode [ 59.138408][ T5848] team0: Port device team_slave_0 added [ 59.183534][ T5848] team0: Port device team_slave_1 added [ 59.191328][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.203293][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.215188][ T5861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.226984][ T5861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.238375][ T5849] team0: Port device team_slave_0 added [ 59.287091][ T5849] team0: Port device team_slave_1 added [ 59.299581][ T5861] team0: Port device team_slave_0 added [ 59.305956][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.313274][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.320463][ T5847] bridge_slave_0: entered allmulticast mode [ 59.327760][ T5847] bridge_slave_0: entered promiscuous mode [ 59.335565][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.342518][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.370046][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.398665][ T5861] team0: Port device team_slave_1 added [ 59.411809][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.419450][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.427093][ T5847] bridge_slave_1: entered allmulticast mode [ 59.434589][ T5847] bridge_slave_1: entered promiscuous mode [ 59.442540][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.449791][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.475908][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.498069][ T5852] team0: Port device team_slave_0 added [ 59.506298][ T5852] team0: Port device team_slave_1 added [ 59.550662][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.557842][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.584849][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.598536][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.605584][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.632648][ T5861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.645112][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.652075][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.678076][ T5861] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.698048][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.711247][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.718302][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.744463][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.755995][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.762960][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.789204][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.815737][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.842640][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.849846][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.876346][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.900394][ T5861] hsr_slave_0: entered promiscuous mode [ 59.906904][ T5861] hsr_slave_1: entered promiscuous mode [ 59.933986][ T5848] hsr_slave_0: entered promiscuous mode [ 59.940645][ T5848] hsr_slave_1: entered promiscuous mode [ 59.947389][ T5848] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 59.955728][ T5848] Cannot create hsr debugfs directory [ 59.980906][ T5847] team0: Port device team_slave_0 added [ 59.989112][ T5847] team0: Port device team_slave_1 added [ 60.050507][ T5852] hsr_slave_0: entered promiscuous mode [ 60.057171][ T5852] hsr_slave_1: entered promiscuous mode [ 60.064056][ T5852] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 60.071621][ T5852] Cannot create hsr debugfs directory [ 60.094406][ T5866] Bluetooth: hci3: command tx timeout [ 60.094455][ T5854] Bluetooth: hci1: command tx timeout [ 60.100282][ T5866] Bluetooth: hci0: command tx timeout [ 60.105730][ T5858] Bluetooth: hci4: command tx timeout [ 60.117578][ T5855] Bluetooth: hci2: command tx timeout [ 60.118316][ T5849] hsr_slave_0: entered promiscuous mode [ 60.129564][ T5849] hsr_slave_1: entered promiscuous mode [ 60.135961][ T5849] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 60.143694][ T5849] Cannot create hsr debugfs directory [ 60.161164][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.168331][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.194480][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.226545][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.233697][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.259966][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.338211][ T5847] hsr_slave_0: entered promiscuous mode [ 60.344654][ T5847] hsr_slave_1: entered promiscuous mode [ 60.350652][ T5847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 60.358713][ T5847] Cannot create hsr debugfs directory [ 60.595193][ T5848] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 60.606888][ T5848] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 60.622440][ T5848] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 60.641017][ T5848] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 60.678617][ T5861] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 60.698952][ T5861] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 60.711556][ T5861] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 60.733868][ T5861] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 60.776819][ T5852] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 60.796858][ T5852] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 60.808332][ T5852] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 60.833751][ T5852] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 60.888352][ T5847] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 60.909317][ T5847] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 60.920622][ T5847] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 60.934656][ T5847] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 60.949393][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.000037][ T5849] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 61.012765][ T5849] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 61.032563][ T5849] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 61.049576][ T5848] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.061810][ T5849] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 61.090156][ T2972] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.097443][ T2972] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.115685][ T2966] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.122772][ T2966] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.207627][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.251715][ T5861] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.281175][ T5852] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.312631][ T5861] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.338843][ T2966] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.345990][ T2966] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.361871][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.388716][ T2966] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.395847][ T2966] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.405684][ T2966] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.412739][ T2966] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.464576][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.471711][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.500500][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.522232][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.544470][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.557423][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.564553][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.579990][ T5861] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 61.600535][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.607691][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.665174][ T5849] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.690070][ T5847] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 61.707223][ T5847] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 61.746710][ T2907] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.753917][ T2907] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.816460][ T2907] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.823633][ T2907] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.908519][ T5861] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.918001][ T5848] veth0_vlan: entered promiscuous mode [ 61.978048][ T5848] veth1_vlan: entered promiscuous mode [ 62.058172][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.102909][ T5848] veth0_macvtap: entered promiscuous mode [ 62.119722][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.139824][ T5848] veth1_macvtap: entered promiscuous mode [ 62.179549][ T5855] Bluetooth: hci2: command tx timeout [ 62.187955][ T5858] Bluetooth: hci4: command tx timeout [ 62.193603][ T5854] Bluetooth: hci1: command tx timeout [ 62.199126][ T54] Bluetooth: hci0: command tx timeout [ 62.199135][ T5866] Bluetooth: hci3: command tx timeout [ 62.224372][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.252008][ T5852] veth0_vlan: entered promiscuous mode [ 62.298526][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.321765][ T5852] veth1_vlan: entered promiscuous mode [ 62.338450][ T5848] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.348770][ T5848] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.358178][ T5848] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.367570][ T5848] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.382258][ T5847] veth0_vlan: entered promiscuous mode [ 62.394034][ T5847] veth1_vlan: entered promiscuous mode [ 62.405815][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.465461][ T5861] veth0_vlan: entered promiscuous mode [ 62.478227][ T5861] veth1_vlan: entered promiscuous mode [ 62.514799][ T5852] veth0_macvtap: entered promiscuous mode [ 62.536228][ T5852] veth1_macvtap: entered promiscuous mode [ 62.565996][ T5847] veth0_macvtap: entered promiscuous mode [ 62.591786][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.594752][ T5847] veth1_macvtap: entered promiscuous mode [ 62.607186][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.641972][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.652863][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.668504][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.680913][ T5849] veth0_vlan: entered promiscuous mode [ 62.701650][ T5861] veth0_macvtap: entered promiscuous mode [ 62.712046][ T5861] veth1_macvtap: entered promiscuous mode [ 62.726463][ T5852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.737745][ T5852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.749634][ T5852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.761001][ T5852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.772587][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.782433][ T5852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.794008][ T5852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.805084][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.816098][ T2907] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.816437][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.835271][ T2907] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.835716][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.852461][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.863258][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.874574][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.894054][ T5849] veth1_vlan: entered promiscuous mode [ 62.916000][ T5852] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.925393][ T5852] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.934936][ T5852] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.944046][ T5852] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.954703][ T5861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.965648][ T5861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.976930][ T5861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.987428][ T5861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.997874][ T5861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.008478][ T5861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.019723][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.049826][ T5861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.060811][ T5861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.071542][ T5861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.082538][ T5861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.092394][ T5861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.103026][ T5861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.115388][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.130871][ T5847] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.134839][ T5848] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 63.143272][ T5847] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.163755][ T5847] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.172473][ T5847] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.195795][ T5861] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.205038][ T5861] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.214052][ T5861] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.222751][ T5861] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.235849][ T5849] veth0_macvtap: entered promiscuous mode [ 63.316882][ T5849] veth1_macvtap: entered promiscuous mode [ 63.341357][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.353674][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.363584][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.374240][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.384841][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.395341][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.405377][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.415907][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.427194][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.475746][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.495012][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.505182][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.515990][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.526226][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.537466][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.547433][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.557957][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.569055][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.646045][ T5849] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.655926][ T5849] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.675989][ T5849] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.685230][ T5849] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.736252][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.746952][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.756079][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.760572][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.832222][ T2907] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.846167][ T2907] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.858451][ T2966] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.866460][ T2966] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.893459][ T3518] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.911111][ T3518] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.934021][ T836] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 64.010933][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.037878][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.113594][ T836] usb 4-1: Using ep0 maxpacket: 32 [ 64.129250][ T5943] wireguard0: entered promiscuous mode [ 64.135275][ T5943] wireguard0: entered allmulticast mode [ 64.141363][ T836] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 64.153549][ T836] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 64.157840][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.163056][ T836] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 64.183519][ T836] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 64.192598][ T836] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 64.202257][ T836] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.220294][ T836] usb 4-1: config 0 descriptor?? [ 64.230849][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.240301][ T2966] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.253423][ T5866] Bluetooth: hci3: command tx timeout [ 64.258860][ T5866] Bluetooth: hci4: command tx timeout [ 64.264835][ T5858] Bluetooth: hci0: command tx timeout [ 64.269132][ T2966] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.270239][ T5858] Bluetooth: hci2: command tx timeout [ 64.283884][ T54] Bluetooth: hci1: command tx timeout [ 64.386436][ T5948] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 64.406535][ T5948] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 64.496230][ T5939] usb 4-1: USB disconnect, device number 2 [ 64.528093][ T5955] xt_hashlimit: size too large, truncated to 1048576 [ 64.596523][ T5960] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 65.243854][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 65.252308][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 65.260966][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.334196][ T5858] Bluetooth: hci2: command tx timeout [ 66.339685][ T5855] Bluetooth: hci4: command tx timeout [ 66.345306][ T5866] Bluetooth: hci0: command tx timeout [ 66.350717][ T5866] Bluetooth: hci3: command tx timeout [ 67.301230][ T6011] syz.3.28: attempt to access beyond end of device [ 67.301230][ T6011] loop3: rw=0, sector=2, nr_sectors = 2 limit=0 [ 67.323217][ T6011] vxfs: unable to read disk superblock at 1 [ 67.364137][ T6011] syz.3.28: attempt to access beyond end of device [ 67.364137][ T6011] loop3: rw=0, sector=16, nr_sectors = 2 limit=0 [ 67.391434][ T6011] vxfs: unable to read disk superblock at 8 [ 67.422243][ T6011] vxfs: can't find superblock. [ 67.682235][ T5905] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 67.714250][ T5905] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz0 [ 68.494935][ T5866] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 68.503988][ T5866] Bluetooth: hci1: Injecting HCI hardware error event [ 68.512032][ T5866] Bluetooth: hci1: hardware error 0x00 [ 68.615771][ T29] audit: type=1326 audit(1730773169.585:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6036 comm="syz.0.37" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f55b977e719 code=0x0 [ 69.989868][ T6052] input: syz0 as /devices/virtual/input/input5 [ 70.061869][ T6054] loop3: detected capacity change from 0 to 1024 [ 70.092580][ T6054] EXT4-fs: Ignoring removed orlov option [ 70.121904][ T6054] EXT4-fs: Ignoring removed nomblk_io_submit option [ 70.144671][ T5851] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 70.210044][ T6054] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 70.384923][ T5851] usb 2-1: Using ep0 maxpacket: 8 [ 70.426747][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 70.631576][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 70.682490][ T5866] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 70.733364][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 70.903463][ T5851] usb 2-1: config index 0 descriptor too short (expected 5924, got 36) [ 70.918703][ T5851] usb 2-1: config 250 has an invalid interface number: 228 but max is -1 [ 70.931552][ T5851] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 70.942399][ T5851] usb 2-1: config 250 has no interface number 0 [ 70.957374][ T5851] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 70.970493][ T5851] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 70.982541][ T5851] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 70.994009][ T5851] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 71.004860][ T5851] usb 2-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 71.021866][ T5851] usb 2-1: config 250 interface 228 has no altsetting 0 [ 71.075920][ T5851] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 71.085262][ T5851] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 71.093567][ T5851] usb 2-1: Product: syz [ 71.097829][ T5851] usb 2-1: SerialNumber: syz [ 71.112061][ T5851] hub 2-1:250.228: bad descriptor, ignoring hub [ 71.123219][ T5851] hub 2-1:250.228: probe with driver hub failed with error -5 [ 71.519291][ T5851] usblp 2-1:250.228: usblp0: USB Bidirectional printer dev 2 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 71.544377][ T5848] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.607905][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.614709][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.126294][ T6049] usb 2-1: reset high-speed USB device number 2 using dummy_hcd [ 72.137207][ T6049] usb 2-1: device reset changed ep0 maxpacket size! [ 72.175524][ T5851] usb 2-1: USB disconnect, device number 2 [ 72.211201][ T5851] usblp0: removed [ 72.406446][ T5851] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 72.615685][ T5851] usb 2-1: Using ep0 maxpacket: 16 [ 72.647705][ T5851] usb 2-1: config 0 has no interfaces? [ 72.664312][ T5851] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 72.703698][ T5851] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 72.726687][ T5851] usb 2-1: Product: syz [ 72.730921][ T5851] usb 2-1: Manufacturer: syz [ 72.752502][ T5851] usb 2-1: SerialNumber: syz [ 72.774567][ T5851] usb 2-1: config 0 descriptor?? [ 73.015751][ T5851] usb 2-1: USB disconnect, device number 3 [ 73.525526][ T6109] input: syz0 as /devices/virtual/input/input6 [ 73.903534][ T6128] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 74.013501][ T5851] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 74.173291][ T5851] usb 4-1: Using ep0 maxpacket: 8 [ 74.188509][ T5851] usb 4-1: config 4 has an invalid interface number: 182 but max is 0 [ 74.211119][ T5851] usb 4-1: config 4 has no interface number 0 [ 74.230721][ T5851] usb 4-1: config 4 interface 182 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 74.263845][ T5851] usb 4-1: config 4 interface 182 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 74.286795][ T5851] usb 4-1: New USB device found, idVendor=0499, idProduct=1033, bcdDevice=5c.79 [ 74.305955][ T5851] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.327061][ T5851] usb 4-1: Product: syz [ 74.331272][ T5851] usb 4-1: Manufacturer: syz [ 74.348318][ T5851] usb 4-1: SerialNumber: syz [ 74.733592][ T6121] orangefs_mount: mount request failed with -4 [ 75.132741][ T5851] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 75.230705][ T5851] snd-usb-audio 4-1:4.182: probe with driver snd-usb-audio failed with error -2 [ 75.272264][ T5851] usb 4-1: USB disconnect, device number 3 [ 75.500651][ T5850] udevd[5850]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:4.182/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 75.693521][ T6156] input: syz0 as /devices/virtual/input/input7 [ 76.214835][ T836] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 76.242144][ T836] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz0] on syz0 [ 76.702828][ T8] cfg80211: failed to load regulatory.db [ 77.888790][ T6197] input: syz0 as /devices/virtual/input/input8 [ 77.974424][ T6190] netlink: 59 bytes leftover after parsing attributes in process `syz.1.86'. [ 78.188470][ T8] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 78.216548][ T8] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz0 [ 78.378084][ T12] Bluetooth: (null): Invalid header checksum [ 78.416586][ T12] Bluetooth: (null): Invalid header checksum [ 80.529021][ T6240] input: syz0 as /devices/virtual/input/input9 [ 80.611107][ T6242] loop1: detected capacity change from 0 to 1024 [ 80.618252][ T6242] EXT4-fs: Ignoring removed orlov option [ 80.624106][ T6242] EXT4-fs: Ignoring removed nomblk_io_submit option [ 80.701365][ T6244] fuse: Bad value for 'fd' [ 80.727609][ T6242] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 80.900028][ T6242] Unknown status report in ack skb [ 80.935903][ T5852] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.290093][ T6268] [ 81.292463][ T6268] ====================================================== [ 81.299480][ T6268] WARNING: possible circular locking dependency detected [ 81.306510][ T6268] 6.12.0-rc5-next-20241104-syzkaller #0 Not tainted [ 81.313094][ T6268] ------------------------------------------------------ [ 81.320108][ T6268] syz.1.114/6268 is trying to acquire lock: [ 81.326000][ T6268] ffff8880336bdbe0 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0xaa/0x120 [ 81.334922][ T6268] [ 81.334922][ T6268] but task is already holding lock: [ 81.342290][ T6268] ffff888026175680 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0xb0/0x1e0 [ 81.351633][ T6268] [ 81.351633][ T6268] which lock already depends on the new lock. [ 81.351633][ T6268] [ 81.362036][ T6268] [ 81.362036][ T6268] the existing dependency chain (in reverse order) is: [ 81.371051][ T6268] [ 81.371051][ T6268] -> #3 (&q->debugfs_mutex){+.+.}-{4:4}: [ 81.378891][ T6268] lock_acquire+0x1ed/0x550 [ 81.383932][ T6268] __mutex_lock+0x1ac/0xee0 [ 81.388972][ T6268] blk_mq_init_sched+0x3fa/0x830 [ 81.394436][ T6268] elevator_init_mq+0x1d8/0x2d0 [ 81.399814][ T6268] add_disk_fwnode+0x10d/0xf80 [ 81.405104][ T6268] sd_probe+0xba6/0x1100 [ 81.409960][ T6268] really_probe+0x2b8/0xad0 [ 81.415005][ T6268] __driver_probe_device+0x1a2/0x390 [ 81.420822][ T6268] driver_probe_device+0x50/0x430 [ 81.426381][ T6268] __device_attach_driver+0x2d6/0x530 [ 81.432286][ T6268] bus_for_each_drv+0x24e/0x2e0 [ 81.437667][ T6268] __device_attach_async_helper+0x22d/0x300 [ 81.444099][ T6268] async_run_entry_fn+0xa8/0x420 [ 81.449576][ T6268] process_scheduled_works+0xa63/0x1850 [ 81.455657][ T6268] worker_thread+0x870/0xd30 [ 81.460790][ T6268] kthread+0x2f0/0x390 [ 81.465388][ T6268] ret_from_fork+0x4b/0x80 [ 81.470331][ T6268] ret_from_fork_asm+0x1a/0x30 [ 81.475627][ T6268] [ 81.475627][ T6268] -> #2 (&q->q_usage_counter(io)#66){++++}-{0:0}: [ 81.484260][ T6268] lock_acquire+0x1ed/0x550 [ 81.489299][ T6268] blk_mq_submit_bio+0x1510/0x2490 [ 81.494925][ T6268] __submit_bio+0x2c2/0x560 [ 81.499935][ T6268] submit_bio_noacct_nocheck+0x4d3/0xe30 [ 81.506076][ T6268] ext4_bio_write_folio+0x123a/0x1d70 [ 81.511962][ T6268] mpage_submit_folio+0x1af/0x230 [ 81.517495][ T6268] ext4_do_writepages+0x1d1d/0x3d20 [ 81.523208][ T6268] ext4_writepages+0x213/0x3c0 [ 81.528497][ T6268] do_writepages+0x35d/0x870 [ 81.533600][ T6268] __writeback_single_inode+0x14f/0x10d0 [ 81.539783][ T6268] writeback_sb_inodes+0x80c/0x1370 [ 81.545523][ T6268] __writeback_inodes_wb+0x11b/0x260 [ 81.551350][ T6268] wb_writeback+0x42f/0xbd0 [ 81.556578][ T6268] wb_workfn+0xba1/0x1090 [ 81.561467][ T6268] process_scheduled_works+0xa63/0x1850 [ 81.567916][ T6268] worker_thread+0x870/0xd30 [ 81.573054][ T6268] kthread+0x2f0/0x390 [ 81.577658][ T6268] ret_from_fork+0x4b/0x80 [ 81.582608][ T6268] ret_from_fork_asm+0x1a/0x30 [ 81.587912][ T6268] [ 81.587912][ T6268] -> #1 (jbd2_handle){++++}-{0:0}: [ 81.595244][ T6268] lock_acquire+0x1ed/0x550 [ 81.600289][ T6268] start_this_handle+0x1eb4/0x2110 [ 81.605934][ T6268] jbd2__journal_start+0x2da/0x5d0 [ 81.611576][ T6268] __ext4_journal_start_sb+0x239/0x600 [ 81.617582][ T6268] ext4_dirty_inode+0x92/0x110 [ 81.622889][ T6268] __mark_inode_dirty+0x2ee/0xe90 [ 81.628452][ T6268] touch_atime+0x413/0x690 [ 81.633416][ T6268] ext4_file_mmap+0x18c/0x540 [ 81.638623][ T6268] __mmap_region+0x2204/0x2cd0 [ 81.643918][ T6268] mmap_region+0x226/0x2c0 [ 81.648864][ T6268] do_mmap+0x8f0/0x1000 [ 81.653550][ T6268] vm_mmap_pgoff+0x214/0x430 [ 81.658762][ T6268] ksys_mmap_pgoff+0x4eb/0x720 [ 81.664057][ T6268] do_syscall_64+0xf3/0x230 [ 81.669089][ T6268] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.675511][ T6268] [ 81.675511][ T6268] -> #0 (&mm->mmap_lock){++++}-{4:4}: [ 81.683095][ T6268] validate_chain+0x18ef/0x5920 [ 81.688487][ T6268] __lock_acquire+0x1397/0x2100 [ 81.693882][ T6268] lock_acquire+0x1ed/0x550 [ 81.698925][ T6268] __might_fault+0xc6/0x120 [ 81.703967][ T6268] _copy_from_user+0x2a/0xc0 [ 81.709096][ T6268] blk_trace_setup+0xd2/0x1e0 [ 81.714313][ T6268] sg_ioctl+0xa46/0x2e80 [ 81.719090][ T6268] __se_sys_ioctl+0xf9/0x170 [ 81.724221][ T6268] do_syscall_64+0xf3/0x230 [ 81.729257][ T6268] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.735688][ T6268] [ 81.735688][ T6268] other info that might help us debug this: [ 81.735688][ T6268] [ 81.745928][ T6268] Chain exists of: [ 81.745928][ T6268] &mm->mmap_lock --> &q->q_usage_counter(io)#66 --> &q->debugfs_mutex [ 81.745928][ T6268] [ 81.760045][ T6268] Possible unsafe locking scenario: [ 81.760045][ T6268] [ 81.767503][ T6268] CPU0 CPU1 [ 81.772873][ T6268] ---- ---- [ 81.778243][ T6268] lock(&q->debugfs_mutex); [ 81.782843][ T6268] lock(&q->q_usage_counter(io)#66); [ 81.790759][ T6268] lock(&q->debugfs_mutex); [ 81.797882][ T6268] rlock(&mm->mmap_lock); [ 81.802317][ T6268] [ 81.802317][ T6268] *** DEADLOCK *** [ 81.802317][ T6268] [ 81.810461][ T6268] 1 lock held by syz.1.114/6268: [ 81.815400][ T6268] #0: ffff888026175680 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0xb0/0x1e0 [ 81.825189][ T6268] [ 81.825189][ T6268] stack backtrace: [ 81.831094][ T6268] CPU: 0 UID: 0 PID: 6268 Comm: syz.1.114 Not tainted 6.12.0-rc5-next-20241104-syzkaller #0 [ 81.841172][ T6268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 81.851252][ T6268] Call Trace: [ 81.854557][ T6268] [ 81.857498][ T6268] dump_stack_lvl+0x241/0x360 [ 81.862202][ T6268] ? __pfx_dump_stack_lvl+0x10/0x10 [ 81.867415][ T6268] ? __pfx__printk+0x10/0x10 [ 81.872032][ T6268] print_circular_bug+0x13a/0x1b0 [ 81.877076][ T6268] check_noncircular+0x36a/0x4a0 [ 81.882037][ T6268] ? __pfx_check_noncircular+0x10/0x10 [ 81.887517][ T6268] ? lockdep_lock+0x123/0x2b0 [ 81.892216][ T6268] ? __pfx_validate_chain+0x10/0x10 [ 81.897435][ T6268] validate_chain+0x18ef/0x5920 [ 81.902316][ T6268] ? __pfx_validate_chain+0x10/0x10 [ 81.907540][ T6268] ? mark_lock+0x9a/0x360 [ 81.911888][ T6268] ? __lock_acquire+0x1397/0x2100 [ 81.916935][ T6268] ? mark_lock+0x9a/0x360 [ 81.921318][ T6268] __lock_acquire+0x1397/0x2100 [ 81.926181][ T6268] lock_acquire+0x1ed/0x550 [ 81.930690][ T6268] ? __might_fault+0xaa/0x120 [ 81.935377][ T6268] ? __pfx_lock_acquire+0x10/0x10 [ 81.940394][ T6268] ? __pfx___schedule+0x10/0x10 [ 81.945246][ T6268] ? __pfx___might_resched+0x10/0x10 [ 81.950528][ T6268] ? blk_trace_setup+0xb0/0x1e0 [ 81.955377][ T6268] ? __pfx___mutex_lock+0x10/0x10 [ 81.960400][ T6268] ? __might_fault+0xaa/0x120 [ 81.965106][ T6268] __might_fault+0xc6/0x120 [ 81.969609][ T6268] ? __might_fault+0xaa/0x120 [ 81.974286][ T6268] _copy_from_user+0x2a/0xc0 [ 81.978882][ T6268] blk_trace_setup+0xd2/0x1e0 [ 81.983588][ T6268] ? __pfx_blk_trace_setup+0x10/0x10 [ 81.988919][ T6268] ? sg_ioctl+0x1c4/0x2e80 [ 81.993347][ T6268] sg_ioctl+0xa46/0x2e80 [ 81.997596][ T6268] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 82.003935][ T6268] ? __pfx_sg_ioctl+0x10/0x10 [ 82.008606][ T6268] ? irqentry_exit+0x63/0x90 [ 82.013205][ T6268] ? lockdep_hardirqs_on+0x99/0x150 [ 82.018414][ T6268] ? __pfx_sg_ioctl+0x10/0x10 [ 82.023083][ T6268] ? __pfx_sg_ioctl+0x10/0x10 [ 82.027767][ T6268] ? do_vfs_ioctl+0x152/0x2e40 [ 82.032524][ T6268] ? __se_sys_ioctl+0x8f/0x170 [ 82.037281][ T6268] ? __se_sys_ioctl+0xea/0x170 [ 82.042046][ T6268] ? __pfx_sg_ioctl+0x10/0x10 [ 82.046714][ T6268] __se_sys_ioctl+0xf9/0x170 [ 82.051303][ T6268] do_syscall_64+0xf3/0x230 [ 82.055807][ T6268] ? clear_bhb_loop+0x35/0x90 [ 82.060487][ T6268] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.066370][ T6268] RIP: 0033:0x7fedd3f7e719 [ 82.070779][ T6268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 82.090383][ T6268] RSP: 002b:00007fedd4cd3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 82.098793][ T6268] RAX: ffffffffffffffda RBX: 00007fedd4135f80 RCX: 00007fedd3f7e719 [ 82.106758][ T6268] RDX: 0000000020000000 RSI: 00000000c0481273 RDI: 0000000000000005 [ 82.114722][ T6268] RBP: 00007fedd3ff139e R08: 0000000000000000 R09: 0000000000000000 [ 82.122683][ T6268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 82.130645][ T6268] R13: 0000000000000000 R14: 00007fedd4135f80 R15: 00007ffddef551e8 [ 82.138617][ T6268]