last executing test programs: 7.191109462s ago: executing program 0 (id=5): r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e22}, 0x6e) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000002200)={0x0, 0x0, {0x0, @struct, 0x0}, {0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0) ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000001080)={0x4, 0x1, {0x4, @struct={0x1, 0x9}, r1, 0x4, 0x6, 0xb6, 0x80000001, 0x7ff, 0x0, @struct={0x80000001}, 0x203, 0x6, [0x4, 0x7, 0x1, 0xffffffffffffffff, 0x4, 0x1]}, {0x100, @usage=0x40, 0x0, 0x401, 0x6, 0x2, 0x7ff, 0x0, 0x0, @usage=0xff, 0x6, 0x100, [0xee, 0x4, 0x1, 0x8000000000000000, 0x6, 0x258b6064]}, {0x0, @usage=0xff0, 0x0, 0x10, 0x800, 0xe1, 0x2, 0x7, 0x4, @struct={0x7f, 0x8}, 0xc0000000, 0xd, [0x7, 0x7, 0x8, 0xa118930, 0x8, 0xf8]}, {0xfffffffffffff1ac, 0x21f, 0x100}}) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x4a102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r3, 0xfffffffc) sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x0, 0x7, 0x60}, 0x14}}, 0x4040) shmat(0x0, &(0x7f0000001000/0x3000)=nil, 0xc000) msync(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x4) syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00') madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) 6.910972814s ago: executing program 3 (id=6): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x4, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0xffffffff, 0x0, 0x1, 0x0, 0x6}, [@tmpl={0x44, 0x5, [{{@in6=@ipv4={'\x00', '\xff\xff', @private=0xa010101}, 0x0, 0x3c}, 0x2, @in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x6, 0x4, 0x3}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4008000}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, 0x0}, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e20, 0xeb, @remote, 0x4}, 0x1c) 5.398062727s ago: executing program 0 (id=7): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) recvmmsg(r0, &(0x7f0000005880)=[{{&(0x7f00000007c0)=@pppoe={0x18, 0x0, {0x0, @random}}, 0x80, 0x0}, 0x80000001}], 0x1, 0x40000000, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000006, 0x4132, 0xffffffffffffffff, 0x0) write$bt_hci(r0, &(0x7f0000000000)=ANY=[], 0x6) 5.259226854s ago: executing program 3 (id=8): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001f6c0)=""/102400, 0x19000) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, 0x0, 0x0) 4.855986022s ago: executing program 0 (id=9): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000086a82, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x3554000) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) fadvise64(r1, 0x85f5, 0x4000000005, 0x4) 4.830329495s ago: executing program 1 (id=2): r0 = syz_usb_connect$cdc_ncm(0x0, 0x8f, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109027d0002010080000904000001020d0000052406000105240000000d240f0103050000fd0000000406241aff072908241c0101090000142413099f33760bf14377323063f9c8a04d113905241510000905810300020800040904010000020d00000904010102020d0000090582020002e1ad00090503020002"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_open_dev$sg(0x0, 0x0, 0x401) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000000)={0xfffffffffffffee0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x20, 0x80, 0x1c, {0xff, 0x2070, 0x1000, 0x9, 0x4, 0x8000, 0xfffd, 0xec, 0x3906, 0xfffc, 0x3, 0xfb}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000900)={0x14, 0x0, &(0x7f00000008c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000e80)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)={0x20, 0x87, 0x2, 0xfff}, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) 4.622184451s ago: executing program 2 (id=3): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000001000)=[{{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000002300)="27cb1547d73d51", 0x7}], 0x1}}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000140)="91790da0bd1c560e30633259f42abd712cb00cd5f83f5f8fd4be4ff744c36a3b11e84fb8d6e6ca9d8831796fb98a386d3ad837a9e92affe1ba18adfbe1ea97dfdc3e665f3d20948ea7a1f32fc8b737b8dbbad63cfea88639ec022f58243597a6a8f892a5bc1680da9111e2eefeaaa73f48fd9cb40256f609234533d1860d9694bdef8fb9152b0d6387dbbf25b8dbc5daf811a32c6dabce201eecc67cc65a2b6a95c7d696bb6087d6b2f347adf0a15f0d61cc543e33b70bd51768ef036cc9fe1513dfdf4e2668bc05d99df6e75a76a3cb006d987aca0b729f6700", 0xda}], 0x1}}], 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 4.136882045s ago: executing program 3 (id=10): r0 = openat$comedi(0xffffff9c, &(0x7f0000000100)='/dev/comedi0\x00', 0x101001, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000140)={'dac02\x00', [0x7, 0x2, 0x7fffffff, 0x84e1, 0x6f8c, 0x2006, 0x9, 0x8, 0x80ffa, 0x0, 0x6, 0x84fe, 0x1003, 0x1000004, 0xc, 0x10000, 0xffffffa8, 0x7ffffffd, 0x1ff, 0x9ea, 0x10, 0x200, 0x7, 0x5, 0xa, 0x8, 0x400, 0x8, 0xfffd, 0x4, 0x7ffd]}) 3.820249522s ago: executing program 3 (id=11): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000140)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x3, 'wrr\x00', 0x1, 0x0, 0x78}, 0x2c) r1 = socket$kcm(0xa, 0x2, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, 0x0, 0x0) sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @loopback}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 3.658985105s ago: executing program 2 (id=12): syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0x1, 0x4}, {0x7f, 0x4}}}}, 0x11) r0 = openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x802, 0x0) ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, 0x0) 3.369514401s ago: executing program 3 (id=13): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) inotify_init1(0x0) r0 = getpid() r1 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0xf4}, 0x1, 0x0, 0x0, 0x40}, 0x8001) syz_open_procfs$namespace(r0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = fcntl$dupfd(r2, 0x406, r1) read$alg(r3, &(0x7f0000000940)=""/245, 0xf5) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, 0x0, 0x4040050) sendmsg$IPCTNL_MSG_CT_GET_DYING(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x14, 0x6, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x2404c031}, 0x20000000) prctl$PR_SCHED_CORE(0x3e, 0x3, r0, 0x2, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0xd231c4f959ad4849) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x0, &(0x7f0000006680)=0x1) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) madvise(&(0x7f00008e0000/0x2000)=nil, 0x2000, 0x4) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600707, 0x18) 3.347119953s ago: executing program 2 (id=14): sched_setscheduler(0x0, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000340)='nilfs2\x00', 0x800000, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004080}, 0x48810) recvmsg(r0, &(0x7f000000c1c0)={0x0, 0x0, 0x0}, 0x20) 3.262923843s ago: executing program 0 (id=15): r0 = syz_open_dev$loop(&(0x7f0000000040), 0xffffffff80000001, 0x1680a2) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/rcu_normal', 0x82802, 0x8) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x4, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf900000080149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d665f985881a350000ddffffff00", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "715237601aaba5b07dce141802c4dacf162e43ac6126c370ec00000000a04100", [0xffffffff7ffffce8, 0xa]}}) landlock_restrict_self(0xffffffffffffffff, 0xc) 2.11973457s ago: executing program 0 (id=16): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)) socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) listxattr(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15) pwrite64(r3, &(0x7f0000000140), 0x0, 0xe7c) r4 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) ftruncate(r5, 0x2000009) 1.985700487s ago: executing program 3 (id=17): socket$nl_generic(0x10, 0x3, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$phonet_pipe(0x23, 0x5, 0x2) ptrace$cont(0xf7aef61bbe72383, 0x0, 0x276, 0x401) r0 = socket$kcm(0x23, 0x5, 0x0) listen(r0, 0x800) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000200)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a7ef595105ea1698fa51f60a64c9f408000000e786a6d0bdbdc3d44bd70011b6c0504bb9189d9193e9bd00"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x240040c4) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r2, &(0x7f0000000040)={0x23, 0x0, 0x58}, 0x10) accept4(r0, 0x0, 0x0, 0x80000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r3 = syz_open_dev$sndmidi(0x0, 0x2, 0x143102) writev(r3, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$kcm(0xa, 0x1, 0x106) sendmsg$kcm(r4, 0x0, 0xe07e872420dfefca) 146.767608ms ago: executing program 2 (id=18): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x2}]}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x9}}}, 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a400000000c0a01010000000000f9ff000a0000090900020073797a31000000200900010073797a310000000014000380100000800c00018006000100582e0000"], 0x68}, 0x1, 0x0, 0x0, 0x4004850}, 0x40) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x2c, 0xd, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) 0s ago: executing program 0 (id=19): ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, &(0x7f0000000140)={'dac02\x00', [0x7, 0x2, 0x7fffffff, 0x84e1, 0x6f8c, 0x2006, 0x9, 0x8, 0x80ffa, 0x0, 0x6, 0x84fe, 0x1003, 0x1000004, 0xc, 0x10000, 0xffffffa8, 0x7ffffffd, 0x1ff, 0x9ea, 0x10, 0x200, 0x7, 0x5, 0xa, 0x8, 0x400, 0x8, 0xfffd, 0x4, 0x7ffd]}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.203' (ED25519) to the list of known hosts. [ 71.892442][ T5596] cgroup: Unknown subsys name 'net' [ 72.133147][ T5596] cgroup: Unknown subsys name 'cpuset' [ 72.189411][ T5596] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 73.787706][ T5596] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 76.162201][ T5614] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.164444][ T5621] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.172431][ T5621] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.210642][ T5618] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.211131][ T5618] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.217460][ T5621] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.218279][ T5621] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.220769][ T5621] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.221537][ T5621] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.241493][ T5623] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.253151][ T5612] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.270153][ T5621] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.273075][ T5621] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.273978][ T5621] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.275628][ T5621] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.277845][ T5612] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.283403][ T5621] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.288904][ T5623] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.297948][ T4924] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.301673][ T4924] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 78.057048][ T5610] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.057778][ T5610] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.057924][ T5610] bridge_slave_0: entered allmulticast mode [ 78.061456][ T5610] bridge_slave_0: entered promiscuous mode [ 78.107240][ T5610] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.107473][ T5610] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.107737][ T5610] bridge_slave_1: entered allmulticast mode [ 78.110019][ T5610] bridge_slave_1: entered promiscuous mode [ 78.248458][ T5610] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.248825][ T5607] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.250324][ T5607] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.250541][ T5607] bridge_slave_0: entered allmulticast mode [ 78.253517][ T5607] bridge_slave_0: entered promiscuous mode [ 78.261039][ T5614] Bluetooth: hci1: command tx timeout [ 78.302376][ T5610] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.302725][ T5607] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.302894][ T5607] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.303250][ T5607] bridge_slave_1: entered allmulticast mode [ 78.305478][ T5607] bridge_slave_1: entered promiscuous mode [ 78.339380][ T5614] Bluetooth: hci2: command tx timeout [ 78.360829][ T5608] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.361100][ T5608] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.361921][ T5608] bridge_slave_0: entered allmulticast mode [ 78.363582][ T5608] bridge_slave_0: entered promiscuous mode [ 78.400929][ T5609] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.401095][ T5609] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.401231][ T5609] bridge_slave_0: entered allmulticast mode [ 78.402879][ T5609] bridge_slave_0: entered promiscuous mode [ 78.408188][ T5608] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.408448][ T5608] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.408654][ T5608] bridge_slave_1: entered allmulticast mode [ 78.413490][ T5608] bridge_slave_1: entered promiscuous mode [ 78.419204][ T4924] Bluetooth: hci3: command tx timeout [ 78.419359][ T5614] Bluetooth: hci0: command tx timeout [ 78.480638][ T5609] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.480904][ T5609] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.481122][ T5609] bridge_slave_1: entered allmulticast mode [ 78.483206][ T5609] bridge_slave_1: entered promiscuous mode [ 78.511069][ T5610] team0: Port device team_slave_0 added [ 78.519784][ T5607] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.557078][ T5610] team0: Port device team_slave_1 added [ 78.561145][ T5607] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.582988][ T5608] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.753703][ T5609] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.757521][ T5608] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.793981][ T5609] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.811493][ T5610] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.811503][ T5610] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.811517][ T5610] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.814991][ T5607] team0: Port device team_slave_0 added [ 78.859553][ T5610] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.859567][ T5610] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.859591][ T5610] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.865563][ T5607] team0: Port device team_slave_1 added [ 78.894573][ T5608] team0: Port device team_slave_0 added [ 78.946751][ T5609] team0: Port device team_slave_0 added [ 78.951042][ T5608] team0: Port device team_slave_1 added [ 78.976072][ T5609] team0: Port device team_slave_1 added [ 78.992828][ T5607] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.992836][ T5607] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.992850][ T5607] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.083782][ T5607] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.083793][ T5607] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.083807][ T5607] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.108779][ T5608] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.108794][ T5608] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.108817][ T5608] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.161097][ T5609] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.161112][ T5609] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.161135][ T5609] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.164654][ T5608] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.164667][ T5608] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.164690][ T5608] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.187742][ T5610] hsr_slave_0: entered promiscuous mode [ 79.191292][ T5610] hsr_slave_1: entered promiscuous mode [ 79.202347][ T5609] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.202361][ T5609] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.202384][ T5609] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.348441][ T5607] hsr_slave_0: entered promiscuous mode [ 79.350260][ T5607] hsr_slave_1: entered promiscuous mode [ 79.351794][ T5607] debugfs: 'hsr0' already exists in 'hsr' [ 79.351892][ T5607] Cannot create hsr debugfs directory [ 79.405342][ T5608] hsr_slave_0: entered promiscuous mode [ 79.406522][ T5608] hsr_slave_1: entered promiscuous mode [ 79.407399][ T5608] debugfs: 'hsr0' already exists in 'hsr' [ 79.407421][ T5608] Cannot create hsr debugfs directory [ 79.432967][ T5609] hsr_slave_0: entered promiscuous mode [ 79.434098][ T5609] hsr_slave_1: entered promiscuous mode [ 79.435040][ T5609] debugfs: 'hsr0' already exists in 'hsr' [ 79.435069][ T5609] Cannot create hsr debugfs directory [ 80.339638][ T5614] Bluetooth: hci1: command tx timeout [ 80.420268][ T5614] Bluetooth: hci2: command tx timeout [ 80.434107][ T5610] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 80.472337][ T5610] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.477566][ T5610] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 80.499144][ T4924] Bluetooth: hci3: command tx timeout [ 80.499397][ T5614] Bluetooth: hci0: command tx timeout [ 80.502979][ T5610] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.511045][ T5610] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 80.543177][ T5610] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 80.565253][ T5610] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 80.593683][ T5610] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 80.716418][ T5607] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 80.765097][ T5607] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.772865][ T5607] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 80.803357][ T5607] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.805478][ T5607] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 80.842235][ T5607] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 80.865492][ T5607] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 80.904590][ T5607] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 81.027632][ T5609] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 81.073350][ T5609] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 81.087568][ T5609] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 81.128274][ T5609] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 81.138544][ T5609] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 81.184538][ T5609] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 81.213429][ T5609] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 81.247114][ T5609] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 81.363015][ T5608] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 81.404997][ T5608] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 81.408613][ T5608] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 81.455271][ T5608] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 81.466135][ T5608] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 81.493142][ T5608] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 81.504304][ T5608] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 81.532345][ T5608] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 81.556236][ T50] cfg80211: failed to load regulatory.db [ 81.688195][ T5610] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.849419][ T5610] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.906532][ T3856] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.907494][ T3856] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.970249][ T5607] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.973900][ T3856] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.974003][ T3856] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.082461][ T5607] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.122318][ T5609] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.140056][ T3839] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.140294][ T3839] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.175238][ T3839] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.175774][ T3839] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.243145][ T5609] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.266063][ T5608] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.317501][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.317589][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.358171][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.358399][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.418421][ T5608] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.419199][ T5614] Bluetooth: hci1: command tx timeout [ 82.466017][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.466162][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.499159][ T5614] Bluetooth: hci2: command tx timeout [ 82.527192][ T151] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.527281][ T151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.580535][ T4924] Bluetooth: hci3: command tx timeout [ 82.580613][ T5614] Bluetooth: hci0: command tx timeout [ 83.406399][ T5610] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.607537][ T5607] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.762159][ T5610] veth0_vlan: entered promiscuous mode [ 83.843095][ T5610] veth1_vlan: entered promiscuous mode [ 83.968811][ T5608] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.976886][ T5607] veth0_vlan: entered promiscuous mode [ 83.994408][ T5609] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.032112][ T5607] veth1_vlan: entered promiscuous mode [ 84.067793][ T5610] veth0_macvtap: entered promiscuous mode [ 84.097223][ T5610] veth1_macvtap: entered promiscuous mode [ 84.218089][ T5610] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.237861][ T5608] veth0_vlan: entered promiscuous mode [ 84.244198][ T5607] veth0_macvtap: entered promiscuous mode [ 84.252168][ T5609] veth0_vlan: entered promiscuous mode [ 84.256533][ T5610] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.281403][ T5607] veth1_macvtap: entered promiscuous mode [ 84.298416][ T3856] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.312906][ T5608] veth1_vlan: entered promiscuous mode [ 84.323789][ T3856] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.334559][ T5609] veth1_vlan: entered promiscuous mode [ 84.349690][ T3856] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.362825][ T3839] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.449966][ T5607] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.499301][ T5614] Bluetooth: hci1: command tx timeout [ 84.580593][ T5614] Bluetooth: hci2: command tx timeout [ 84.584291][ T5607] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.662797][ T5614] Bluetooth: hci0: command tx timeout [ 84.662825][ T5614] Bluetooth: hci3: command tx timeout [ 84.694786][ T3856] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.711559][ T3856] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.718722][ T3856] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.749334][ T5608] veth0_macvtap: entered promiscuous mode [ 84.755130][ T3856] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.795431][ T5609] veth0_macvtap: entered promiscuous mode [ 84.800682][ T5608] veth1_macvtap: entered promiscuous mode [ 84.845106][ T3856] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.845130][ T3856] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.950857][ T5609] veth1_macvtap: entered promiscuous mode [ 85.187044][ T5608] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.200070][ T1129] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.200087][ T1129] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.217678][ T5609] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.232470][ T5608] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.345231][ T5609] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.371535][ T3839] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.374008][ T3839] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.374620][ T151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.374636][ T151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.383960][ T3839] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.444009][ T151] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.447706][ T151] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.453229][ T151] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.453732][ T151] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.455870][ T151] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.773322][ T151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.773342][ T151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.608511][ T3856] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.608530][ T3856] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.716287][ T5763] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4'. [ 86.753328][ T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.753345][ T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.220800][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.220818][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.367024][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.367046][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.813372][ T5791] comedi comedi0: dac02: I/O base address or length out of range [ 90.140420][ T5712] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 90.320857][ T32] IPVS: starting estimator thread 0... [ 90.449555][ T5797] IPVS: using max 11 ests per chain, 26400 per kthread [ 90.540240][ T5712] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 90.540272][ T5712] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.540292][ T5712] usb 2-1: Product: syz [ 90.540306][ T5712] usb 2-1: Manufacturer: syz [ 90.540321][ T5712] usb 2-1: SerialNumber: syz [ 90.844269][ T5803] loop9: detected capacity change from 0 to 7 [ 90.998659][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 90.998750][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 91.021674][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 91.021699][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 91.021880][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 91.021899][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 91.022043][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 91.022061][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 91.022223][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 91.022241][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 91.177878][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 91.177918][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 91.180210][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 91.180240][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 91.180387][ T5803] ldm_validate_partition_table(): Disk read failed. [ 91.180622][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 91.180716][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 91.191832][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 91.191863][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 91.210220][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 91.210252][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 91.214447][ T5803] Dev loop9: unable to read RDB block 0 [ 91.244142][ T5803] loop9: unable to read partition table [ 91.244484][ T5803] loop9: partition table beyond EOD, truncated [ 91.244515][ T5803] loop_reread_partitions: partition scan of loop9 (ъщ) failed (rc=-5) [ 91.871411][ T5812] netlink: 'syz.3.17': attribute type 2 has an invalid length. [ 91.995806][ T5712] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 93.735664][ C0] [ 93.735675][ C0] ====================================================== [ 93.735682][ C0] WARNING: possible circular locking dependency detected [ 93.735696][ C0] syzkaller #0 Not tainted [ 93.735706][ C0] ------------------------------------------------------ [ 93.735713][ C0] syz.3.17/5811 is trying to acquire lock: [ 93.735724][ C0] ffff88805f62c8a0 (slock-AF_PHONET/1){+.+.}-{3:3}, at: __sk_receive_skb+0x1bf/0x9e0 [ 93.735775][ C0] [ 93.735775][ C0] but task is already holding lock: [ 93.735782][ C0] ffff88805f62da20 (slock-AF_PHONET){+...}-{3:3}, at: __sk_receive_skb+0x1f1/0x9e0 [ 93.735822][ C0] [ 93.735822][ C0] which lock already depends on the new lock. [ 93.735822][ C0] [ 93.735828][ C0] [ 93.735828][ C0] the existing dependency chain (in reverse order) is: [ 93.735834][ C0] [ 93.735834][ C0] -> #1 (slock-AF_PHONET){+...}-{3:3}: [ 93.735860][ C0] rt_spin_lock+0x83/0x400 [ 93.735879][ C0] __sk_receive_skb+0x1f1/0x9e0 [ 93.735895][ C0] phonet_rcv+0x781/0xc40 [ 93.735913][ C0] process_backlog+0x5e1/0xc60 [ 93.735931][ C0] __napi_poll+0xab/0x550 [ 93.735946][ C0] net_rx_action+0x696/0xe00 [ 93.735962][ C0] handle_softirqs+0x1de/0x6d0 [ 93.735986][ C0] __local_bh_enable_ip+0x170/0x2b0 [ 93.736007][ C0] netif_rx+0xb9/0xf0 [ 93.736028][ C0] pn_send+0x62a/0x8e0 [ 93.736044][ C0] pn_skb_send+0x218/0x530 [ 93.736061][ C0] pipe_snd_status+0x1f1/0x320 [ 93.736088][ C0] pipe_do_rcv+0xf15/0x16a0 [ 93.736107][ C0] __sk_receive_skb+0x962/0x9e0 [ 93.736124][ C0] pep_do_rcv+0x685/0xaa0 [ 93.736144][ C0] __release_sock+0x2a9/0x3d0 [ 93.736167][ C0] release_sock+0x1be/0x290 [ 93.736184][ C0] pep_sock_accept+0xd47/0x11e0 [ 93.736204][ C0] pn_socket_accept+0xc1/0x310 [ 93.736220][ C0] do_accept+0x6ca/0x930 [ 93.736238][ C0] __sys_accept4+0x139/0x230 [ 93.736256][ C0] __x64_sys_accept4+0x9a/0xb0 [ 93.736274][ C0] do_syscall_64+0x15f/0xf80 [ 93.736297][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.736314][ C0] [ 93.736314][ C0] -> #0 (slock-AF_PHONET/1){+.+.}-{3:3}: [ 93.736343][ C0] __lock_acquire+0x15a5/0x2d10 [ 93.736360][ C0] lock_acquire+0x106/0x350 [ 93.736375][ C0] rt_spin_lock_nested+0x81/0x3f0 [ 93.736393][ C0] __sk_receive_skb+0x1bf/0x9e0 [ 93.736409][ C0] pep_do_rcv+0x685/0xaa0 [ 93.736428][ C0] __sk_receive_skb+0x962/0x9e0 [ 93.736444][ C0] phonet_rcv+0x781/0xc40 [ 93.736462][ C0] process_backlog+0x5e1/0xc60 [ 93.736479][ C0] __napi_poll+0xab/0x550 [ 93.736493][ C0] net_rx_action+0x696/0xe00 [ 93.736510][ C0] handle_softirqs+0x1de/0x6d0 [ 93.736532][ C0] __local_bh_enable_ip+0x170/0x2b0 [ 93.736552][ C0] netif_rx+0xb9/0xf0 [ 93.736572][ C0] pn_send+0x62a/0x8e0 [ 93.736589][ C0] pn_skb_send+0x218/0x530 [ 93.736607][ C0] pep_sock_close+0x2c1/0x5b0 [ 93.736625][ C0] pn_socket_release+0x9b/0xc0 [ 93.736640][ C0] __sock_release+0xb9/0x250 [ 93.736654][ C0] sock_close+0x1c/0x30 [ 93.736677][ C0] __fput+0x461/0xa70 [ 93.736695][ C0] task_work_run+0x1d9/0x270 [ 93.736712][ C0] exit_to_user_mode_loop+0xed/0x4d0 [ 93.736741][ C0] [ 93.736741][ C0] other info that might help us debug this: [ 93.736741][ C0] [ 93.736747][ C0] Possible unsafe locking scenario: [ 93.736747][ C0] [ 93.736752][ C0] CPU0 CPU1 [ 93.736757][ C0] ---- ---- [ 93.736763][ C0] lock(slock-AF_PHONET); [ 93.736775][ C0] lock(slock-AF_PHONET/1); [ 93.736793][ C0] lock(slock-AF_PHONET); [ 93.736805][ C0] lock(slock-AF_PHONET/1); [ 93.736820][ C0] [ 93.736820][ C0] *** DEADLOCK *** [ 93.736820][ C0] [ 93.736825][ C0] 7 locks held by syz.3.17/5811: [ 93.736836][ C0] #0: ffff8880339be138 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: __sock_release+0x89/0x250 [ 93.736883][ C0] #1: ffff88805f62d218 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: pep_sock_close+0x86/0x5b0 [ 93.736929][ C0] #2: ffffffff8e1c8300 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 93.736976][ C0] #3: ffffffff8e1c8300 (rcu_read_lock){....}-{1:3}, at: process_backlog+0x271/0xc60 [ 93.737020][ C0] #4: ffff88805f62da20 (slock-AF_PHONET){+...}-{3:3}, at: __sk_receive_skb+0x1f1/0x9e0 [ 93.737064][ C0] #5: ffffffff8e1c8300 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 93.737114][ C0] #6: ffff88805f62dad8 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: phonet_rcv+0x781/0xc40 [ 93.737160][ C0] [ 93.737160][ C0] stack backtrace: [ 93.737184][ C0] CPU: 0 UID: 0 PID: 5811 Comm: syz.3.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 93.737208][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 93.737224][ C0] Call Trace: [ 93.737234][ C0] [ 93.737242][ C0] dump_stack_lvl+0xe8/0x150 [ 93.737264][ C0] print_circular_bug+0x2e1/0x300 [ 93.737287][ C0] check_noncircular+0x12e/0x150 [ 93.737310][ C0] __lock_acquire+0x15a5/0x2d10 [ 93.737328][ C0] ? try_to_take_rt_mutex+0x840/0xb00 [ 93.737355][ C0] ? __sk_receive_skb+0x1bf/0x9e0 [ 93.737373][ C0] lock_acquire+0x106/0x350 [ 93.737389][ C0] ? __sk_receive_skb+0x1bf/0x9e0 [ 93.737408][ C0] ? sk_filter_trim_cap+0x8f1/0xce0 [ 93.737436][ C0] rt_spin_lock_nested+0x81/0x3f0 [ 93.737456][ C0] ? __sk_receive_skb+0x1bf/0x9e0 [ 93.737474][ C0] ? __pfx_sk_filter_trim_cap+0x10/0x10 [ 93.737497][ C0] ? __lock_acquire+0x6b5/0x2d10 [ 93.737513][ C0] ? __pfx_rt_spin_lock_nested+0x10/0x10 [ 93.737533][ C0] ? rt_spin_lock+0x1e0/0x400 [ 93.737553][ C0] __sk_receive_skb+0x1bf/0x9e0 [ 93.737575][ C0] pep_do_rcv+0x685/0xaa0 [ 93.737597][ C0] ? __pfx_pep_do_rcv+0x10/0x10 [ 93.737622][ C0] ? __pfx_pep_do_rcv+0x10/0x10 [ 93.737642][ C0] ? phonet_rcv+0x781/0xc40 [ 93.737662][ C0] __sk_receive_skb+0x962/0x9e0 [ 93.737684][ C0] phonet_rcv+0x781/0xc40 [ 93.737703][ C0] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 93.737731][ C0] ? __pfx_phonet_rcv+0x10/0x10 [ 93.737753][ C0] ? process_backlog+0x271/0xc60 [ 93.737771][ C0] ? process_backlog+0x271/0xc60 [ 93.737789][ C0] ? __pfx_phonet_rcv+0x10/0x10 [ 93.737809][ C0] process_backlog+0x5e1/0xc60 [ 93.737834][ C0] __napi_poll+0xab/0x550 [ 93.737852][ C0] net_rx_action+0x696/0xe00 [ 93.737876][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 93.737894][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 93.737921][ C0] ? __pfx_sched_clock_cpu+0x10/0x10 [ 93.737942][ C0] ? enqueue_to_backlog+0x340/0xcb0 [ 93.737972][ C0] handle_softirqs+0x1de/0x6d0 [ 93.737998][ C0] __local_bh_enable_ip+0x170/0x2b0 [ 93.738022][ C0] netif_rx+0xb9/0xf0 [ 93.738044][ C0] pn_send+0x62a/0x8e0 [ 93.738064][ C0] pn_skb_send+0x218/0x530 [ 93.738090][ C0] pep_sock_close+0x2c1/0x5b0 [ 93.738117][ C0] pn_socket_release+0x9b/0xc0 [ 93.738133][ C0] __sock_release+0xb9/0x250 [ 93.738159][ C0] ? __pfx_sock_close+0x10/0x10 [ 93.738184][ C0] sock_close+0x1c/0x30 [ 93.738209][ C0] __fput+0x461/0xa70 [ 93.738231][ C0] task_work_run+0x1d9/0x270 [ 93.738251][ C0] ? __pfx_task_work_run+0x10/0x10 [ 93.738272][ C0] exit_to_user_mode_loop+0xed/0x4d0 [ 93.738296][ C0] ? rcu_is_watching+0x15/0xb0 [ 93.738316][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.738335][ C0] ? do_syscall_64+0x33e/0xf80 [ 93.738357][ C0] ? trace_irq_disable+0x3b/0x140 [ 93.738381][ C0] ? clear_bhb_loop+0x40/0x90 [ 93.738400][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.738422][ C0] [ 93.906435][ T5712] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 93.945412][ T5712] usb 2-1: USB disconnect, device number 2 [ 93.950027][ T5712] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM (NO ZLP)