last executing test programs: 13.277733171s ago: executing program 0 (id=236): sendmsg$netlink(0xffffffffffffffff, 0x0, 0x24044010) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x4) setreuid(0x0, 0xee01) writev(r0, &(0x7f0000000300)=[{&(0x7f0000000340)="580000001400192340834b80040d8c5602117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000b0c10000000224e224e0000", 0x58}], 0x1) 12.114034171s ago: executing program 0 (id=239): r0 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10) truncate(&(0x7f00000000c0)='./file1\x00', 0x6) 11.877458196s ago: executing program 0 (id=242): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @sk_msg}, 0x94) syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket(0x40000000015, 0x5, 0x0) connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r3, &(0x7f0000000340)={0x2, 0x4e23, @loopback}, 0x10) sendmsg$NL80211_CMD_JOIN_MESH(r3, 0x0, 0x0) sendmsg$rds(r3, &(0x7f0000001180)={0x0, 0x0, 0x0}, 0x0) 10.366841458s ago: executing program 0 (id=246): r0 = fanotify_init(0x0, 0x101000) ioctl$SNDRV_TIMER_IOCTL_GINFO(0xffffffffffffffff, 0xc0f85403, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x40001e0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) fanotify_mark(r0, 0x39, 0x1a, r4, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fdinfo/3\x00') read$FUSE(r5, &(0x7f00000020c0)={0x2020}, 0x2020) 9.768785062s ago: executing program 3 (id=249): sendmsg$netlink(0xffffffffffffffff, 0x0, 0x24044010) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) r0 = socket$netlink(0x10, 0x3, 0x4) setreuid(0x0, 0xee01) writev(r0, &(0x7f0000000300)=[{&(0x7f0000000340)="580000001400192340834b80040d8c5602117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000b0c10000000224e224e0000", 0x58}], 0x1) 8.7532558s ago: executing program 3 (id=251): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, 0x0) 8.668876469s ago: executing program 3 (id=252): ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20008b}, 0x0) epoll_create1(0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) read$msr(r2, &(0x7f000001aa40)=""/102400, 0x19000) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, 0x0) write$UHID_INPUT(r1, &(0x7f0000002080)={0xc, {"a2e3ad204fc752f91b5d34f70b06d038e7ff7fc6e5539b3d5d098b089b3b08381a090890e0878f0e1ac6e7049b3344959b5d9a240d5b67f3988f7e0319520100ffe8d178708c523c921b1b5b31330d095d0636cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08c4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e800ba9abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40d4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889632b3570243f989cce3803f465e41e610c2021d653a5520094ec79553299388b0000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c2d88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d606495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07840900000000000000f5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b19bb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0545359bafffa45237f104b98110403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae2d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e709000000000000004fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83000000000000010058b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c000003716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff7544130700000000000000f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc6c71737b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f9354b9094f22b625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c558069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e0090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c73144f8e4a737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c10613d17ca51075f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb401000000608d6f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655bff4801784c416b22f73d32d678e2724f43f1fe687c7e8a605fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d7000bdbfc43c10ec23ea6283994a7dde4dcb61fea6b611fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f4820000000000000900a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2e0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47afed367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15f2dbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af500ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x100f}}, 0x1006) socket$inet6_tcp(0xa, 0x1, 0x0) 7.493197765s ago: executing program 1 (id=253): mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x2}, &(0x7f0000001fee)='R\x10rust\xe3c*s\xa8rVid8\xc4e', 0x0) r0 = socket$igmp(0x2, 0x3, 0x2) ioctl$SIOCGETMIFCNT_IN6(r0, 0x89e0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2}, 0x94) bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r1, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7}) ioctl$sock_netdev_private(r1, 0x8943, &(0x7f0000000000)) 7.355283964s ago: executing program 1 (id=254): ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000380)={0x4c, 0x0, &(0x7f0000000200)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000180)={0x30, 0x30, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) r0 = syz_io_uring_setup(0x74d, &(0x7f0000000100)={0x0, 0x59c4, 0x800, 0x1000, 0x5cc}, &(0x7f0000000300)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, 0x0, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, 0xffffffffffffffff, 0x0, r0}) io_uring_enter(r0, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5) 7.299732637s ago: executing program 3 (id=255): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(r3, 0x0, 0x2d, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000480)=0x10000000002) ioctl$sock_SIOCSIFBR(0xffffffffffffffff, 0x8941, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={0x0}, 0x18) r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1) fsconfig$FSCONFIG_SET_PATH(r4, 0x3, &(0x7f0000000000)='ramfs\x00', &(0x7f0000000040)='./file0\x00', 0xffffffffffffffff) 7.271879137s ago: executing program 4 (id=256): r0 = socket(0xa, 0x1, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000300)=ANY=[@ANYRES8, @ANYBLOB="144da006cf097a6bd712d7a94993fd"], 0x90) r1 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_ERR_FILTER(r1, 0x65, 0x2, &(0x7f0000000040)=0xd50, 0x4) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) ioctl$TCSETAF(r2, 0x5408, &(0x7f00000000c0)={0xcf47, 0x4cc, 0xffff, 0x9dff, 0xf, "800300"}) write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0xfffffff9, 0x7fff, 0x16, "0062ba7d82000000000000000000f7ffffff00"}) r3 = dup3(0xffffffffffffffff, r2, 0x0) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x17) 7.135549889s ago: executing program 1 (id=257): unshare(0x28020480) r0 = socket$unix(0x1, 0x5, 0x0) getsockopt$sock_linger(r0, 0x1, 0xd, 0x0, &(0x7f00000000c0)=0x5a) 5.957338336s ago: executing program 3 (id=259): bpf$MAP_CREATE(0x0, 0x0, 0x50) openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0) dup(0xffffffffffffffff) openat$ptmx(0xffffffffffffff9c, 0x0, 0x2000, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000440)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10) r1 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r1, &(0x7f0000000700)={0xa, 0x4e22, 0x0, @loopback, 0x4}, 0x1c) sendmsg(r1, &(0x7f00000000c0)={0x0, 0x9504, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4) 5.904192956s ago: executing program 1 (id=260): io_setup(0x490, &(0x7f0000000000)=0x0) r1 = eventfd2(0x4000004, 0x80001) r2 = syz_io_uring_setup(0x2ddd, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f0000000380)=0x0) syz_io_uring_setup(0x5e2, 0x0, &(0x7f0000000040)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0xa3d, 0x0, 0x0, 0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000000540)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x8, r1, 0x0, 0x0, 0x9, 0x0, 0x1, r1}]) 5.715461531s ago: executing program 4 (id=261): syz_pidfd_open(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) syz_clone3(&(0x7f0000000000)={0x170e4000, 0x0, 0x0, 0x0, {0x22}, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[0x0], 0x1}, 0x58) 5.715238183s ago: executing program 2 (id=262): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, 0x0) 5.385040471s ago: executing program 2 (id=263): timer_create(0x3, 0x0, &(0x7f0000000300)) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0) fanotify_mark(0xffffffffffffffff, 0x10f, 0x20000011, 0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0x14, 0x0, 0x0) connect$unix(r2, 0x0, 0x0) r4 = socket$inet6(0xa, 0x80002, 0x0) semop(0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff) sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x20, 0x4001c00) socket$unix(0x1, 0x1, 0x0) socket$unix(0x1, 0x1, 0x0) r5 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) ioctl$SOUND_MIXER_READ_VOLUME(r5, 0x80044d02, 0x0) 3.964771853s ago: executing program 4 (id=264): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x18) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r4, &(0x7f0000001fc0)=""/184, 0x20002078) 3.258316641s ago: executing program 0 (id=265): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{}, 0x0, 0x0}, 0x20) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = gettid() timer_create(0x0, &(0x7f0000000400)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) unshare(0x26020480) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r2, 0x6, &(0x7f0000002000)={0x1}) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x40000) io_setup(0x4, &(0x7f0000000080)) 2.190109032s ago: executing program 2 (id=266): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc1105518, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x1, [0x327cf3e4, 0xfffffffffffffffc, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000004, 0x0, 0x0, 0x0, 0x3883, 0x0, 0x100000000000, 0x0, 0x100000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x200000000, 0x0, 0x0, 0x5, 0x3, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200400, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0xa, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0xffffffffffffffff]}) 1.74377149s ago: executing program 4 (id=267): ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000380)={0x4c, 0x0, &(0x7f0000000200)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000180)={0x30, 0x30, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) r0 = syz_io_uring_setup(0x74d, &(0x7f0000000100)={0x0, 0x59c4, 0x800, 0x1000, 0x5cc}, &(0x7f0000000300)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, 0x0, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, 0xffffffffffffffff, 0x0, r0}) io_uring_enter(r0, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5) 1.742660111s ago: executing program 3 (id=268): syz_usb_connect(0x0, 0x24, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ftruncate(0xffffffffffffffff, 0x2007ffc) r3 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x40942, 0x0) copy_file_range(0xffffffffffffffff, 0x0, r3, 0x0, 0xfffffbffa003e45b, 0x700000000000000) 1.668365802s ago: executing program 2 (id=269): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) bind$ax25(0xffffffffffffffff, &(0x7f0000000040)={{0x3, @bcast, 0x1}, [@null={0x40, 0x10}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48) 1.640539131s ago: executing program 1 (id=270): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000080"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r0, 0x0, 0x5}, 0x18) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 417.39048ms ago: executing program 0 (id=271): r0 = socket(0xa, 0x1, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000300)=ANY=[@ANYRES8, @ANYBLOB="144da006cf097a6bd712d7a94993fd"], 0x90) r1 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_ERR_FILTER(r1, 0x65, 0x2, &(0x7f0000000040)=0xd50, 0x4) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) ioctl$TCSETAF(r2, 0x5408, &(0x7f00000000c0)={0xcf47, 0x4cc, 0xffff, 0x9dff, 0xf, "800300"}) write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0xfffffff9, 0x7fff, 0x16, "0062ba7d82000000000000000000f7ffffff00"}) r3 = dup3(0xffffffffffffffff, r2, 0x0) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x17) 253.766847ms ago: executing program 1 (id=272): socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000007c0), 0x241, 0x0) pwrite64(r1, 0x0, 0x0, 0xdefd) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x8, 0xf}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000006080)=@newtfilter={0x3c, 0x2c, 0xd2b, 0x803, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x6}, {}, {0x7, 0xf}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_IIF={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2404c044}, 0x895d12c55078532c) openat$rtc(0xffffffffffffff9c, &(0x7f00000008c0), 0x0, 0x0) r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)={0x5c, 0x2d, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x810}, @nested={0x45, 0x11, 0x0, 0x1, [@generic="9e15c00619065e963eba3ef94d765eb501e2e4bea6b8d14b16632741a5bb965f9065d9dca5cb4f685e14d59f0d0241320e02933e8a83c309d150d620aa585af62c"]}]}, 0x5c}], 0x1, 0x0, 0x0, 0x90}, 0x300) 253.163579ms ago: executing program 2 (id=273): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, 0x0) 139.554693ms ago: executing program 4 (id=274): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000140)=0x7, 0x4) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001280)=@newtaction={0x18, 0x31, 0x3d, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0xcc, 0x30, 0xffff, 0x70bd27, 0x0, {}, [{0xb8, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x10000, 0x10000000, 0x0, 0x1000000, 0x0, {0x0, 0x2, 0x0, 0x0, 0xfffe}, {0x0, 0x0, 0x0, 0x0, 0xfffd}}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_gact={0x48, 0x2, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x1}}]}, {0x4}, {0xc, 0x3}, {0xc}}}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000700)={0x0, 0x1e5, &(0x7f00000006c0)={&(0x7f0000000440)=@deltaction={0x28, 0x31, 0x101, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}]}]}, 0x28}}, 0x0) 29.41089ms ago: executing program 2 (id=275): r0 = fanotify_init(0x0, 0x101000) ioctl$SNDRV_TIMER_IOCTL_GINFO(0xffffffffffffffff, 0xc0f85403, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x40001e0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) fanotify_mark(r0, 0x39, 0x1a, r4, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fdinfo/3\x00') read$FUSE(r5, &(0x7f00000020c0)={0x2020}, 0x2020) 0s ago: executing program 4 (id=276): timer_create(0x3, 0x0, &(0x7f0000000300)) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0) fanotify_mark(0xffffffffffffffff, 0x10f, 0x20000011, 0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0x14, 0x0, 0x0) connect$unix(r2, 0x0, 0x0) r4 = socket$inet6(0xa, 0x80002, 0x0) semop(0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x20, 0x4001c00) socket$unix(0x1, 0x1, 0x0) socket$unix(0x1, 0x1, 0x0) r5 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) ioctl$SOUND_MIXER_READ_VOLUME(r5, 0x80044d02, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.236' (ED25519) to the list of known hosts. [ 80.959609][ T5789] cgroup: Unknown subsys name 'net' [ 81.210896][ T5789] cgroup: Unknown subsys name 'cpuset' [ 81.276455][ T5789] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.074407][ T5789] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.758058][ T9] cfg80211: failed to load regulatory.db [ 87.636277][ T5811] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.638176][ T5811] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.642988][ T5811] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.646425][ T5810] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.651305][ T5810] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.657192][ T5810] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.659436][ T5820] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.660958][ T5820] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.661820][ T5820] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.733892][ T5820] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.737416][ T5821] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.743691][ T5821] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.766804][ T5821] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.769288][ T5810] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.795983][ T5813] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.796698][ T5818] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.797970][ T5818] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.799143][ T5818] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.799953][ T5818] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.804081][ T5119] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.915260][ T5818] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.927626][ T5818] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.928366][ T5818] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.929768][ T5818] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.936158][ T5818] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.707442][ T5817] chnl_net:caif_netlink_parms(): no params data found [ 88.733084][ T5806] chnl_net:caif_netlink_parms(): no params data found [ 88.856250][ T5807] chnl_net:caif_netlink_parms(): no params data found [ 89.026942][ T5814] chnl_net:caif_netlink_parms(): no params data found [ 89.167192][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 89.697532][ T5818] Bluetooth: hci0: command tx timeout [ 89.757337][ T5817] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.757426][ T5817] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.757816][ T5817] bridge_slave_0: entered allmulticast mode [ 89.759567][ T5817] bridge_slave_0: entered promiscuous mode [ 89.762914][ T5806] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.763042][ T5806] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.763212][ T5806] bridge_slave_0: entered allmulticast mode [ 89.765371][ T5806] bridge_slave_0: entered promiscuous mode [ 89.856299][ T5818] Bluetooth: hci1: command tx timeout [ 89.857961][ T5816] Bluetooth: hci2: command tx timeout [ 89.885421][ T5817] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.885569][ T5817] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.885697][ T5817] bridge_slave_1: entered allmulticast mode [ 89.889128][ T5817] bridge_slave_1: entered promiscuous mode [ 89.894345][ T5806] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.894482][ T5806] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.894660][ T5806] bridge_slave_1: entered allmulticast mode [ 89.898474][ T5806] bridge_slave_1: entered promiscuous mode [ 89.936029][ T5818] Bluetooth: hci3: command tx timeout [ 90.017010][ T5818] Bluetooth: hci4: command tx timeout [ 90.368446][ T5807] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.368588][ T5807] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.368754][ T5807] bridge_slave_0: entered allmulticast mode [ 90.370540][ T5807] bridge_slave_0: entered promiscuous mode [ 90.536805][ T5814] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.536951][ T5814] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.537122][ T5814] bridge_slave_0: entered allmulticast mode [ 90.538938][ T5814] bridge_slave_0: entered promiscuous mode [ 90.543651][ T5807] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.543777][ T5807] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.543952][ T5807] bridge_slave_1: entered allmulticast mode [ 90.556596][ T5807] bridge_slave_1: entered promiscuous mode [ 90.650083][ T5817] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.653213][ T5806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.653454][ T5814] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.653586][ T5814] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.653749][ T5814] bridge_slave_1: entered allmulticast mode [ 90.655561][ T5814] bridge_slave_1: entered promiscuous mode [ 90.789465][ T5817] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.791586][ T5806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.927778][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.928721][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.928853][ T5825] bridge_slave_0: entered allmulticast mode [ 90.930387][ T5825] bridge_slave_0: entered promiscuous mode [ 91.260247][ T5807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.260577][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.260701][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.260929][ T5825] bridge_slave_1: entered allmulticast mode [ 91.262822][ T5825] bridge_slave_1: entered promiscuous mode [ 91.410071][ T5814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.412613][ T5807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.478085][ T5817] team0: Port device team_slave_0 added [ 91.480095][ T5806] team0: Port device team_slave_0 added [ 91.482754][ T5814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.608838][ T5817] team0: Port device team_slave_1 added [ 91.610586][ T5806] team0: Port device team_slave_1 added [ 91.769927][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.786074][ T5818] Bluetooth: hci0: command tx timeout [ 91.945980][ T5818] Bluetooth: hci1: command tx timeout [ 91.946013][ T5818] Bluetooth: hci2: command tx timeout [ 91.998603][ T5807] team0: Port device team_slave_0 added [ 92.001282][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.015978][ T5816] Bluetooth: hci3: command tx timeout [ 92.096236][ T5816] Bluetooth: hci4: command tx timeout [ 92.159101][ T5814] team0: Port device team_slave_0 added [ 92.161450][ T5807] team0: Port device team_slave_1 added [ 92.227772][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.227783][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.227796][ T5817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.488950][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.488962][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.488976][ T5806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.491019][ T5814] team0: Port device team_slave_1 added [ 92.688083][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.688098][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.688121][ T5817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.689237][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.689245][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.689258][ T5806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.868712][ T5825] team0: Port device team_slave_0 added [ 92.947745][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.947761][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.947784][ T5807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.950117][ T5825] team0: Port device team_slave_1 added [ 92.953424][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.953436][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.953448][ T5814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.957449][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.957462][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.957484][ T5807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.054725][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.054741][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.054765][ T5814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.308303][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.308314][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.308330][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.518523][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.518539][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.518557][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.524199][ T5817] hsr_slave_0: entered promiscuous mode [ 93.528441][ T5817] hsr_slave_1: entered promiscuous mode [ 93.540437][ T5806] hsr_slave_0: entered promiscuous mode [ 93.541707][ T5806] hsr_slave_1: entered promiscuous mode [ 93.542816][ T5806] debugfs: 'hsr0' already exists in 'hsr' [ 93.542933][ T5806] Cannot create hsr debugfs directory [ 93.856016][ T5816] Bluetooth: hci0: command tx timeout [ 93.878833][ T5807] hsr_slave_0: entered promiscuous mode [ 93.880718][ T5807] hsr_slave_1: entered promiscuous mode [ 93.881258][ T5807] debugfs: 'hsr0' already exists in 'hsr' [ 93.881282][ T5807] Cannot create hsr debugfs directory [ 93.981864][ T5814] hsr_slave_0: entered promiscuous mode [ 93.982739][ T5814] hsr_slave_1: entered promiscuous mode [ 93.983327][ T5814] debugfs: 'hsr0' already exists in 'hsr' [ 93.983346][ T5814] Cannot create hsr debugfs directory [ 94.016189][ T5816] Bluetooth: hci2: command tx timeout [ 94.016222][ T5816] Bluetooth: hci1: command tx timeout [ 94.096083][ T5818] Bluetooth: hci3: command tx timeout [ 94.176034][ T5818] Bluetooth: hci4: command tx timeout [ 94.442001][ T5825] hsr_slave_0: entered promiscuous mode [ 94.442847][ T5825] hsr_slave_1: entered promiscuous mode [ 94.443445][ T5825] debugfs: 'hsr0' already exists in 'hsr' [ 94.443463][ T5825] Cannot create hsr debugfs directory [ 95.659689][ T5817] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 95.694735][ T5817] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 95.710796][ T5817] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 95.742038][ T5817] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.829124][ T5807] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 95.874634][ T5807] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 95.910222][ T5807] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 95.946764][ T5818] Bluetooth: hci0: command tx timeout [ 95.950768][ T5807] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 96.063450][ T5806] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 96.097690][ T5816] Bluetooth: hci2: command tx timeout [ 96.097731][ T5818] Bluetooth: hci1: command tx timeout [ 96.119600][ T5806] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 96.164882][ T5806] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 96.176036][ T5818] Bluetooth: hci3: command tx timeout [ 96.216688][ T5806] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 96.256862][ T5818] Bluetooth: hci4: command tx timeout [ 96.334871][ T5814] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 96.375896][ T5814] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 96.409547][ T5814] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 96.464992][ T5814] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 96.546950][ T5817] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.589389][ T5825] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 96.638107][ T5825] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 96.681645][ T5825] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 96.724893][ T5825] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 96.783588][ T5817] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.817796][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.818313][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.843518][ T5807] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.864960][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.865066][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.935708][ T5807] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.949318][ T5806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.982919][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.983049][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.020113][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.020499][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.065149][ T5806] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.107513][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.107637][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.130610][ T5814] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.162624][ T1000] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.162762][ T1000] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.264567][ T5814] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.296993][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.302894][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.306085][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.355401][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.370672][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.448824][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.511370][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.511613][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.548982][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.549121][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.565213][ T5817] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.605036][ T5814] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 97.813955][ T5807] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.886307][ T5817] veth0_vlan: entered promiscuous mode [ 97.945077][ T5817] veth1_vlan: entered promiscuous mode [ 98.059752][ T5806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.098873][ T5814] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.112816][ T5807] veth0_vlan: entered promiscuous mode [ 98.122141][ T5817] veth0_macvtap: entered promiscuous mode [ 98.145701][ T5817] veth1_macvtap: entered promiscuous mode [ 98.163985][ T5807] veth1_vlan: entered promiscuous mode [ 98.232202][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.261367][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.300795][ T1000] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.302099][ T5806] veth0_vlan: entered promiscuous mode [ 98.323277][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.323479][ T1000] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.341545][ T1000] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.358064][ T5807] veth0_macvtap: entered promiscuous mode [ 98.362503][ T5814] veth0_vlan: entered promiscuous mode [ 98.362943][ T1000] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.439701][ T5807] veth1_macvtap: entered promiscuous mode [ 98.443276][ T5806] veth1_vlan: entered promiscuous mode [ 98.465737][ T5814] veth1_vlan: entered promiscuous mode [ 98.629949][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.682323][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.737190][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.745042][ T1000] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.745064][ T1000] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.755379][ T5806] veth0_macvtap: entered promiscuous mode [ 98.767069][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.776320][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.785212][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.790237][ T5814] veth0_macvtap: entered promiscuous mode [ 98.801437][ T5806] veth1_macvtap: entered promiscuous mode [ 98.862230][ T5814] veth1_macvtap: entered promiscuous mode [ 99.024442][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.024471][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.058436][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.069064][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.111677][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.112052][ T5825] veth0_vlan: entered promiscuous mode [ 99.155015][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.203958][ T57] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.209099][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.209117][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.233527][ T57] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.246833][ T57] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.257250][ T5825] veth1_vlan: entered promiscuous mode [ 99.270842][ T57] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.286947][ T57] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.331862][ T57] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.339500][ T57] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.404592][ T57] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.473291][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.473310][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.666156][ T5825] veth0_macvtap: entered promiscuous mode [ 100.686633][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.686652][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.739895][ T5825] veth1_macvtap: entered promiscuous mode [ 100.821514][ T2232] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.821534][ T2232] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.982106][ T89] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.982125][ T89] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.084696][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.174956][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.174976][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.177818][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.995971][ T89] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.007747][ T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.016691][ T57] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.024936][ T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.465876][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 102.465920][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 102.465953][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 102.465987][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 102.466020][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 102.466053][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 102.466087][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 102.466120][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 102.466160][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 102.466194][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 104.289720][ T5952] syzkaller0: entered promiscuous mode [ 104.289746][ T5952] syzkaller0: entered allmulticast mode [ 104.790900][ T5971] netlink: 4 bytes leftover after parsing attributes in process `syz.2.17'. [ 104.808753][ T5969] Bluetooth: MGMT ver 1.23 [ 104.808789][ T5969] Bluetooth: hci0: unsupported parameter 512 [ 104.808804][ T5969] Bluetooth: hci0: invalid length 0, exp 2 for type 11 [ 105.050526][ T5975] netlink: 'syz.0.18': attribute type 4 has an invalid length. [ 105.301488][ T5818] Bluetooth: hci0: unexpected event 0x05 length: 5 > 4 [ 105.516521][ T5865] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 105.812852][ T89] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.812873][ T89] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.987576][ T5865] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 105.987656][ T5865] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 105.987729][ T5865] usb 1-1: config 220 has 2 interfaces, different from the descriptor's value: 3 [ 105.987810][ T5865] usb 1-1: config 220 has no interface number 1 [ 105.987918][ T5865] usb 1-1: config 220 interface 0 has no altsetting 0 [ 105.987986][ T5865] usb 1-1: config 220 interface 76 has no altsetting 0 [ 106.490625][ T5865] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 106.490707][ T5865] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.490776][ T5865] usb 1-1: Product: syz [ 106.490790][ T5865] usb 1-1: Manufacturer: syz [ 106.490803][ T5865] usb 1-1: SerialNumber: syz [ 108.384948][ T5990] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.384967][ T5990] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.901645][ T5865] uvcvideo 1-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 108.901683][ T5865] uvcvideo 1-1:220.0: No valid video chain found. [ 108.971588][ T5865] usb 1-1: USB disconnect, device number 2 [ 112.743402][ T6037] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 113.068522][ T6039] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 113.069108][ T6039] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 113.078182][ T6039] vhci_hcd vhci_hcd.0: Device attached [ 113.591592][ T6041] vhci_hcd: connection closed [ 113.663069][ T5893] usb 39-1: new high-speed USB device number 2 using vhci_hcd [ 113.712828][ T43] vhci_hcd: stop threads [ 113.714093][ T43] vhci_hcd: release socket [ 113.760822][ T43] vhci_hcd: disconnect device [ 118.382425][ T6092] Bluetooth: hci0: unsupported parameter 512 [ 118.382448][ T6092] Bluetooth: hci0: invalid length 0, exp 2 for type 3 [ 118.806095][ T5893] vhci_hcd: vhci_device speed not set [ 121.777397][ T6145] Bluetooth: hci0: unsupported parameter 512 [ 121.777411][ T6145] Bluetooth: hci0: invalid len left 32, exp >= 258 [ 122.141862][ T6149] netlink: 68 bytes leftover after parsing attributes in process `syz.3.69'. [ 124.895249][ T6172] netlink: 48 bytes leftover after parsing attributes in process `syz.0.73'. [ 125.109200][ T6178] capability: warning: `syz.0.77' uses deprecated v2 capabilities in a way that may be insecure [ 125.612910][ T6190] netlink: 68 bytes leftover after parsing attributes in process `syz.3.82'. [ 127.879991][ T6209] Bluetooth: hci0: unsupported parameter 512 [ 127.880012][ T6209] Bluetooth: hci0: invalid length 0, exp 2 for type 10 [ 131.112404][ T6232] netlink: 'syz.3.95': attribute type 4 has an invalid length. [ 131.604627][ T989] kernel write not supported for file bpf-prog (pid: 989 comm: kworker/0:2) [ 133.246221][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.247762][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.447114][ T6268] netlink: 8 bytes leftover after parsing attributes in process `syz.0.104'. [ 133.452829][ T6270] netlink: 40 bytes leftover after parsing attributes in process `syz.3.105'. [ 133.519818][ T6272] netlink: 'syz.1.107': attribute type 4 has an invalid length. [ 134.789899][ T37] audit: type=1326 audit(1760622853.865:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6281 comm="syz.0.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f143c14eec9 code=0x7ffc0000 [ 134.790223][ T37] audit: type=1326 audit(1760622853.875:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6281 comm="syz.0.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=99 compat=0 ip=0x7f143c14eec9 code=0x7ffc0000 [ 134.790504][ T37] audit: type=1326 audit(1760622853.875:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6281 comm="syz.0.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f143c14eec9 code=0x7ffc0000 [ 134.790896][ T37] audit: type=1326 audit(1760622853.875:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6281 comm="syz.0.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f143c14eec9 code=0x7ffc0000 [ 134.794162][ T37] audit: type=1326 audit(1760622853.875:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6281 comm="syz.0.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f143c14eec9 code=0x7ffc0000 [ 134.794429][ T37] audit: type=1326 audit(1760622853.885:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6281 comm="syz.0.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f143c14eec9 code=0x7ffc0000 [ 134.795715][ T37] audit: type=1326 audit(1760622853.885:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6281 comm="syz.0.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f143c14eec9 code=0x7ffc0000 [ 134.910744][ T37] audit: type=1326 audit(1760622853.885:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6281 comm="syz.0.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f143c14eec9 code=0x7ffc0000 [ 134.910793][ T37] audit: type=1326 audit(1760622853.885:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6281 comm="syz.0.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f143c14eec9 code=0x7ffc0000 [ 134.910833][ T37] audit: type=1326 audit(1760622853.885:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6281 comm="syz.0.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f143c14eec9 code=0x7ffc0000 [ 139.928494][ T6322] netlink: 40 bytes leftover after parsing attributes in process `syz.4.120'. [ 147.047355][ T6357] netlink: 40 bytes leftover after parsing attributes in process `syz.0.132'. [ 147.126487][ T6363] netlink: 'syz.1.134': attribute type 1 has an invalid length. [ 147.126505][ T6363] netlink: 4 bytes leftover after parsing attributes in process `syz.1.134'. [ 151.189477][ T6408] netlink: 40 bytes leftover after parsing attributes in process `syz.2.148'. [ 152.422262][ T6417] netlink: 8 bytes leftover after parsing attributes in process `syz.3.152'. [ 152.422284][ T6417] netlink: 4 bytes leftover after parsing attributes in process `syz.3.152'. [ 153.133507][ T6417] netlink: 8 bytes leftover after parsing attributes in process `syz.3.152'. [ 153.133530][ T6417] netlink: 4 bytes leftover after parsing attributes in process `syz.3.152'. [ 153.186322][ T6417] Zero length message leads to an empty skb [ 155.372602][ T6440] warning: `syz.2.158' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 155.968417][ T6443] netlink: 40 bytes leftover after parsing attributes in process `syz.3.161'. [ 157.919066][ T6473] Bluetooth: hci0: unsupported parameter 512 [ 157.919087][ T6473] Bluetooth: hci0: invalid length 0, exp 2 for type 9 [ 158.473447][ T6480] binder: BINDER_SET_CONTEXT_MGR already set [ 158.473458][ T6480] binder: 6478:6480 ioctl 4018620d 200000004a80 returned -16 [ 160.622541][ T6511] Bluetooth: hci0: unsupported parameter 512 [ 160.622561][ T6511] Bluetooth: hci0: invalid length 0, exp 2 for type 9 [ 160.722369][ T6516] binder_alloc: 6514: binder_alloc_buf, no vma [ 165.464363][ T6553] netlink: 44 bytes leftover after parsing attributes in process `syz.3.199'. [ 166.162345][ T44] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 166.342886][ T44] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 166.342911][ T44] usb 1-1: config 0 has no interface number 0 [ 166.346292][ T44] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 166.346317][ T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.346335][ T44] usb 1-1: Product: syz [ 166.346348][ T44] usb 1-1: Manufacturer: syz [ 166.346361][ T44] usb 1-1: SerialNumber: syz [ 166.353197][ T44] usb 1-1: config 0 descriptor?? [ 166.659787][ T44] usb 1-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 166.668388][ T44] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 166.668898][ T44] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 166.668982][ T44] usb 1-1: media controller created [ 166.841050][ T44] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 167.020515][ T6549] kexec: Could not allocate swap buffer [ 167.043053][ T44] i2c i2c-1: ec100: i2c rd failed=-32 reg=33 [ 167.249555][ T44] usb 1-1: USB disconnect, device number 3 [ 170.647470][ T6595] netlink: 'syz.2.213': attribute type 4 has an invalid length. [ 173.076202][ T5997] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 174.216084][ T5997] usb 3-1: device descriptor read/all, error -71 [ 175.666419][ T6623] netlink: 8 bytes leftover after parsing attributes in process `syz.2.223'. [ 175.666440][ T6623] netlink: 4 bytes leftover after parsing attributes in process `syz.2.223'. [ 175.781514][ T6623] netlink: 8 bytes leftover after parsing attributes in process `syz.2.223'. [ 175.781537][ T6623] netlink: 4 bytes leftover after parsing attributes in process `syz.2.223'. [ 178.627853][ C1] vkms_vblank_simulate: vblank timer overrun [ 179.542137][ C1] vkms_vblank_simulate: vblank timer overrun [ 180.235564][ C1] vkms_vblank_simulate: vblank timer overrun [ 180.509660][ C1] vkms_vblank_simulate: vblank timer overrun [ 181.289862][ C1] vkms_vblank_simulate: vblank timer overrun [ 181.477058][ T6685] netlink: 12 bytes leftover after parsing attributes in process `syz.2.245'. [ 182.823223][ C1] vkms_vblank_simulate: vblank timer overrun [ 189.164639][ T6739] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 189.164919][ T6739] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 191.607614][ T6762] netlink: 'syz.4.274': attribute type 3 has an invalid length. [ 191.618486][ T6762] netlink: 'syz.4.274': attribute type 3 has an invalid length. [ 194.588974][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.589884][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.842552][ C1] ------------[ cut here ]------------ [ 194.842568][ C1] refcount_t: addition on 0; use-after-free. [ 194.843142][ C1] WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 [ 194.843190][ C1] Modules linked in: [ 194.843227][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 194.843253][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 194.843269][ C1] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 194.843294][ C1] Code: 00 00 e8 b9 5e 3e fd 5b 41 5e c3 cc cc cc cc cc e8 ab 5e 3e fd c6 05 4f 15 61 0a 01 90 48 c7 c7 20 9f 3e 8b e8 17 a7 02 fd 90 <0f> 0b 90 90 eb d7 e8 8b 5e 3e fd c6 05 30 15 61 0a 01 90 48 c7 c7 [ 194.843313][ C1] RSP: 0018:ffffc90000a3f830 EFLAGS: 00010246 [ 194.843333][ C1] RAX: 4d857a8db39f5c00 RBX: 0000000000000002 RCX: ffff88801c2e1e00 [ 194.843349][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 194.843363][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100 [ 194.843376][ C1] R10: dffffc0000000000 R11: ffffed101712487b R12: 1ffff92000147f18 [ 194.843392][ C1] R13: ffff88802fa09358 R14: ffff88802fa08f80 R15: dffffc0000000000 [ 194.843408][ C1] FS: 0000000000000000(0000) GS:ffff888126cc9000(0000) knlGS:0000000000000000 [ 194.843425][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.843440][ C1] CR2: 000020000025c030 CR3: 0000000035892000 CR4: 00000000003526f0 [ 194.843459][ C1] Call Trace: [ 194.843471][ C1] [ 194.843480][ C1] mptcp_schedule_work+0x164/0x1a0 [ 194.843506][ C1] mptcp_tout_timer+0x21/0xa0 [ 194.843540][ C1] call_timer_fn+0x17e/0x5f0 [ 194.843564][ C1] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 194.843593][ C1] ? __pfx_preempt_schedule+0x10/0x10 [ 194.843622][ C1] ? call_timer_fn+0xbe/0x5f0 [ 194.843644][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 194.843675][ C1] ? preempt_schedule_thunk+0x16/0x30 [ 194.843712][ C1] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 194.843744][ C1] __run_timer_base+0x648/0x970 [ 194.843795][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 194.843847][ C1] run_timer_softirq+0xb7/0x180 [ 194.843869][ C1] handle_softirqs+0x22f/0x710 [ 194.843913][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 194.843957][ C1] run_ktimerd+0xcf/0x190 [ 194.843979][ C1] ? __pfx_run_ktimerd+0x10/0x10 [ 194.844005][ C1] ? schedule+0x91/0x360 [ 194.844042][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 194.844061][ C1] smpboot_thread_fn+0x542/0xa60 [ 194.844084][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 194.844115][ C1] kthread+0x711/0x8a0 [ 194.844145][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 194.844165][ C1] ? __pfx_kthread+0x10/0x10 [ 194.844187][ C1] ? rt_spin_unlock+0x150/0x200 [ 194.844219][ C1] ? rt_spin_unlock+0x161/0x200 [ 194.844244][ C1] ? __pfx_kthread+0x10/0x10 [ 194.844271][ C1] ret_from_fork+0x4bc/0x870 [ 194.844306][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 194.844347][ C1] ? __switch_to_asm+0x39/0x70 [ 194.844374][ C1] ? __switch_to_asm+0x33/0x70 [ 194.844400][ C1] ? __pfx_kthread+0x10/0x10 [ 194.844427][ C1] ret_from_fork_asm+0x1a/0x30 [ 194.844475][ C1] [ 194.844490][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 194.844506][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 194.844531][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 194.844542][ C1] Call Trace: [ 194.844551][ C1] [ 194.844559][ C1] dump_stack_lvl+0x99/0x250 [ 194.844584][ C1] ? __asan_memcpy+0x40/0x70 [ 194.844616][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 194.844642][ C1] ? __pfx__printk+0x10/0x10 [ 194.844684][ C1] vpanic+0x237/0x6d0 [ 194.844706][ C1] ? __pfx_vpanic+0x10/0x10 [ 194.844739][ C1] panic+0xb9/0xc0 [ 194.844765][ C1] ? __pfx_panic+0x10/0x10 [ 194.844805][ C1] __warn+0x31b/0x4b0 [ 194.844824][ C1] ? refcount_warn_saturate+0xfa/0x1d0 [ 194.844850][ C1] ? refcount_warn_saturate+0xfa/0x1d0 [ 194.844872][ C1] report_bug+0x2be/0x4f0 [ 194.844903][ C1] ? refcount_warn_saturate+0xfa/0x1d0 [ 194.844926][ C1] ? refcount_warn_saturate+0xfa/0x1d0 [ 194.844949][ C1] ? refcount_warn_saturate+0xfc/0x1d0 [ 194.844971][ C1] handle_bug+0x84/0x160 [ 194.845006][ C1] exc_invalid_op+0x1a/0x50 [ 194.845029][ C1] asm_exc_invalid_op+0x1a/0x20 [ 194.845050][ C1] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 194.845073][ C1] Code: 00 00 e8 b9 5e 3e fd 5b 41 5e c3 cc cc cc cc cc e8 ab 5e 3e fd c6 05 4f 15 61 0a 01 90 48 c7 c7 20 9f 3e 8b e8 17 a7 02 fd 90 <0f> 0b 90 90 eb d7 e8 8b 5e 3e fd c6 05 30 15 61 0a 01 90 48 c7 c7 [ 194.845090][ C1] RSP: 0018:ffffc90000a3f830 EFLAGS: 00010246 [ 194.845108][ C1] RAX: 4d857a8db39f5c00 RBX: 0000000000000002 RCX: ffff88801c2e1e00 [ 194.845123][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 194.845136][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100 [ 194.845149][ C1] R10: dffffc0000000000 R11: ffffed101712487b R12: 1ffff92000147f18 [ 194.845166][ C1] R13: ffff88802fa09358 R14: ffff88802fa08f80 R15: dffffc0000000000 [ 194.845205][ C1] mptcp_schedule_work+0x164/0x1a0 [ 194.845234][ C1] mptcp_tout_timer+0x21/0xa0 [ 194.845266][ C1] call_timer_fn+0x17e/0x5f0 [ 194.845288][ C1] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 194.845317][ C1] ? __pfx_preempt_schedule+0x10/0x10 [ 194.845345][ C1] ? call_timer_fn+0xbe/0x5f0 [ 194.845367][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 194.845398][ C1] ? preempt_schedule_thunk+0x16/0x30 [ 194.845434][ C1] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 194.845467][ C1] __run_timer_base+0x648/0x970 [ 194.845518][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 194.845570][ C1] run_timer_softirq+0xb7/0x180 [ 194.845592][ C1] handle_softirqs+0x22f/0x710 [ 194.845634][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 194.845677][ C1] run_ktimerd+0xcf/0x190 [ 194.845699][ C1] ? __pfx_run_ktimerd+0x10/0x10 [ 194.845720][ C1] ? schedule+0x91/0x360 [ 194.845757][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 194.845776][ C1] smpboot_thread_fn+0x542/0xa60 [ 194.845799][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 194.845832][ C1] kthread+0x711/0x8a0 [ 194.845856][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 194.845876][ C1] ? __pfx_kthread+0x10/0x10 [ 194.845899][ C1] ? rt_spin_unlock+0x150/0x200 [ 194.845931][ C1] ? rt_spin_unlock+0x161/0x200 [ 194.845955][ C1] ? __pfx_kthread+0x10/0x10 [ 194.845982][ C1] ret_from_fork+0x4bc/0x870 [ 194.846023][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 194.846063][ C1] ? __switch_to_asm+0x39/0x70 [ 194.846089][ C1] ? __switch_to_asm+0x33/0x70 [ 194.846116][ C1] ? __pfx_kthread+0x10/0x10 [ 194.846142][ C1] ret_from_fork_asm+0x1a/0x30 [ 194.846191][ C1] [ 194.846460][ C1] Kernel Offset: disabled