last executing test programs: 20m56.964235949s ago: executing program 1 (id=20): syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd60083ff200140600fe8000000000000000000000bbfe8000000000000000000000000000aa00004e22000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50c2000490780008"], 0x0) socket$phonet_pipe(0x23, 0x5, 0x2) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={0x0, 0x100}, 0x1, 0x0, 0x0, 0x20040080}, 0x0) mount(0x0, 0x0, 0x0, 0x260420, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) fsopen(&(0x7f0000000280)='ceph\x00', 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000280)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x800, 0x0, 0x103, 0x1}, 0x20) socket$inet6_udp(0xa, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00') pread64(r3, &(0x7f0000002640)=""/4107, 0x100b, 0x535) 20m56.063217668s ago: executing program 1 (id=25): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) open(0x0, 0x121342, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00'}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x25, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x78}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, 0x0, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 20m53.573017875s ago: executing program 1 (id=27): sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x118}, 0x1, 0x0, 0x0, 0x20044010}, 0x4000000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0xf, 0x9, 0x0, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a2c000000060a01010000000000000000000000090900010073797a31000000000c00034000000000000000050c010000180a01020000000000000000000000000900020073797a300000000014000380080002400000000708"], 0x1d4}, 0x1, 0x0, 0x0, 0x4000}, 0x4004090) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "df"}]}], {0x14}}, 0x54}}, 0x840) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYRES32=r3, @ANYBLOB="0000000000000000480012800e0001006970366772657461700000003400028008000100", @ANYRES32, @ANYBLOB="14000600fe800000000000000000000000000015140007"], 0x68}}, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000680)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xc0, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = accept4(r1, 0x0, 0x0, 0x80800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 20m52.591100204s ago: executing program 1 (id=29): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000009006000000000000000000000a44000000090a0000000000fa82a3fa211411fa0008000a40000000000900020073797a31000000000900010073797a30000000000800054000000000080008400000000014000000110001"], 0x6c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x18) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000100000000000000000000fc000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c0003802800008008000340000000021c00028018000280080001"], 0xec}}, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 20m50.697356038s ago: executing program 1 (id=33): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) dup(r3) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) r5 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r5, 0x0, 0x0, 0x2, 0x0) write(r0, &(0x7f0000000040)="05000000010001", 0x7) 20m48.127172518s ago: executing program 1 (id=35): socket$key(0xf, 0x3, 0x2) openat$vimc1(0xffffff9c, &(0x7f0000000200), 0x2, 0x0) r0 = shmget$private(0x0, 0x9000, 0x0, &(0x7f0000ff7000/0x9000)=nil) shmat(r0, &(0x7f0000ff9000/0x1000)=nil, 0x5000) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f00007b1000/0x1000)=nil) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r2 = memfd_create(&(0x7f00000004c0)='+\x03\x00\x00\x00\x00\x00\x00\x00(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8sm\x95\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf9\xff\x90\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3) write$binfmt_elf64(r2, &(0x7f0000000000)=ANY=[], 0x78) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8) sendfile(r1, r2, &(0x7f00000001c0), 0x10001) fcntl$addseals(r2, 0x409, 0x8) 20m30.932469393s ago: executing program 32 (id=35): socket$key(0xf, 0x3, 0x2) openat$vimc1(0xffffff9c, &(0x7f0000000200), 0x2, 0x0) r0 = shmget$private(0x0, 0x9000, 0x0, &(0x7f0000ff7000/0x9000)=nil) shmat(r0, &(0x7f0000ff9000/0x1000)=nil, 0x5000) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f00007b1000/0x1000)=nil) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r2 = memfd_create(&(0x7f00000004c0)='+\x03\x00\x00\x00\x00\x00\x00\x00(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8sm\x95\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf9\xff\x90\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3) write$binfmt_elf64(r2, &(0x7f0000000000)=ANY=[], 0x78) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8) sendfile(r1, r2, &(0x7f00000001c0), 0x10001) fcntl$addseals(r2, 0x409, 0x8) 16m7.057396881s ago: executing program 4 (id=539): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = syz_usb_connect(0x6, 0x36, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/ip6_tables_matches\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) syz_open_procfs(0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) getrlimit(0x1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 16m3.770102835s ago: executing program 4 (id=541): r0 = syz_open_dev$video4linux(0x0, 0x92e2, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r0, 0xc040564a, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$kcm(0x11, 0x3, 0x0) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, &(0x7f0000000080)=0x219b, 0x4) setsockopt$sock_attach_bpf(r5, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r5, &(0x7f0000000040)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x12}, 0x80, &(0x7f0000000140)=[{&(0x7f00000006c0)="62042712590200000000002f1eafbcf706e12b30087f5c582d26116642c47a5f8786ee601e65ab3c06d4b8bf4a81cb3e247345af215542f41ddf82f618438a34f90186cee8441e2305e495d04ad68ab8fef69df82de6456fbb48b63f60c9c9097be968ea872c4801e5d0711b4373c7224ed7a9cbd49d40f82bdb6afc0036824be26fc96e49a70e90797e6caa1b38ddacb3cb2b3eac7c068a185b644582f25edfa3d6a46e2a894ca809a422a6a29bd7145bb6e7992570484d6a710292ea0c3f97b7cbff701684b13c5593262534a7af9eab48f2ca2d74d9a4de33", 0xda}, {&(0x7f0000000c00)="294f28dfe56d2c8ba23606bc7ecd1f634665cb5bed07bac5684da6eb21da1d6926910c5a0c653b0106869a804dd2a44ce42557b2e32e2bd367e9d01a5e7380cc4fc8e7c9044cc4115b978ca7427d749beaefdf2e48b369cb169ad7b1ced26bb161297c7e56a3e83e91b379c179017f8b4657d1b22eca6bca33036d33e1a684059c53cea91ca6637ac780ab2bcfc22a666cd4e5876f11e9aee4724b7cb59731c97e70ebd7f7483994eb07de2f3c6a9448c3206cff6d290b433f331c2399e99ee3bdecf5689eddc3e549966c1106a933bbc47b65ca6e9d7efbee6e3b1dbe87313111e85336d6890002db17751b6044f964dc90ea466f90856112be7f0a54b39a3f66cc4c39544300093158af39cdde429f50d8c750", 0x114}, {&(0x7f0000000a40)="0a985d7879f1bbff16c7d66e33657e452299fd0ef8c2afda588eb05891b7da030e01452a7986bea19b59c98dc2996c0ea09604d00ea48336d0c813d83025aca8623a5915ddddce2c11c5e374f2e0f387d2398fe0b899ff60dc7a73addcf253cf32aafbe2b9f90799e7fc583bdd9b564697ba988080270bdceb4714219a2d4c229fffb0d86fb286e3553a8b3ac02badc66ada5fceabe5f63c79da96e641a45901128063d6e1e31b11bcfbc3e70bd3c8c6c0be9f653f977f16", 0xfff0}, {&(0x7f0000000840)="6f4720baeb54", 0x6}], 0x4}, 0x0) 16m1.666758437s ago: executing program 4 (id=545): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$can_j1939(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, {}, 0x1}, 0x18) syz_genetlink_get_family_id$devlink(&(0x7f0000000880), 0xffffffffffffffff) pipe(&(0x7f0000000080)) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r5, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x3000c041) r6 = socket$kcm(0x10, 0x2, 0x4) ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(r1, 0x4068aea3, &(0x7f0000000180)={0xc1, 0x0, 0x1}) recvmsg$kcm(r6, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x2002) sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080000000000000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0) 15m59.976092748s ago: executing program 4 (id=549): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) io_setup(0x3ff, 0x0) socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6(0xa, 0x2, 0x3a) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e27, 0x0, @local, 0xb}, 0x1c) 15m58.687934193s ago: executing program 4 (id=553): bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x4, @loopback}, 0x1c) r5 = memfd_secret(0x0) ftruncate(r5, 0x51a9497) sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0x0) 15m55.907868311s ago: executing program 4 (id=555): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, &(0x7f0000000080)={0x5, 0x2}) ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) io_submit(0x0, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}]) ioctl$TCFLSH(r0, 0x400455c8, 0x4) mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@uname={'uname', 0x3d, '\xd0\xae\xde\xc1\xaa \xff\xd8\x1d\x1b\xf8\x93)!|\xb0X\xa3\x96\xed\xa2\xab@\xa2m\x93\xdd\b<\x00t\xdc\xabl\xab!\xae\x16\xc4\xcd\xf9{\xdc5_;A\xd2{eC\x014\\\xb3\xc4\xce\xc3yS2-\x01\xbe\xaarW\x96O\xd3\x0f\xe2\xd7/\x17\x1d\xa7.8\x9f8-\xea<\x8d\x91\x90j\xea\xd5\xd5\xae\xcc\xc0\x97\xef\x10\x92\xea\x98|+\x00\x00\x00\x00\x00\x00\x00\x00'}}]}}) 15m39.549386912s ago: executing program 33 (id=555): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, &(0x7f0000000080)={0x5, 0x2}) ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) io_submit(0x0, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}]) ioctl$TCFLSH(r0, 0x400455c8, 0x4) mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@uname={'uname', 0x3d, '\xd0\xae\xde\xc1\xaa \xff\xd8\x1d\x1b\xf8\x93)!|\xb0X\xa3\x96\xed\xa2\xab@\xa2m\x93\xdd\b<\x00t\xdc\xabl\xab!\xae\x16\xc4\xcd\xf9{\xdc5_;A\xd2{eC\x014\\\xb3\xc4\xce\xc3yS2-\x01\xbe\xaarW\x96O\xd3\x0f\xe2\xd7/\x17\x1d\xa7.8\x9f8-\xea<\x8d\x91\x90j\xea\xd5\xd5\xae\xcc\xc0\x97\xef\x10\x92\xea\x98|+\x00\x00\x00\x00\x00\x00\x00\x00'}}]}}) 4m26.010564634s ago: executing program 5 (id=1514): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x693, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f00000015c0)={0x0, 0x0, 0x0}, 0x6a) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) bpf$MAP_LOOKUP_BATCH(0x19, 0x0, 0x0) sendmsg$NL80211_CMD_EXTERNAL_AUTH(r4, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2844}, 0x1) uname(&(0x7f0000000080)=""/185) syz_emit_ethernet(0x0, 0x0, 0x0) r6 = getpid() openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x6ee80, 0x0) timer_create(0x3, &(0x7f0000000300)={0x0, 0x13, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000340)) sched_setscheduler(r6, 0x2, 0x0) 4m24.781763562s ago: executing program 5 (id=1518): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @log={{0x8}, @void}}, {0x14, 0x1, 0x0, 0x1, @dynset={{0xb}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x4048040) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x8, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@cipso={0x86, 0xc, 0x3, [{0x1, 0x6, '\x00\x00\x00\x00'}]}]}}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, @broadcast, @multicast1}}}}}}, 0x0) writev(r2, &(0x7f0000000000)=[{&(0x7f0000000640)="f3", 0xf000}], 0x1) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x4000001, 0x13, r1, 0x48079000) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x1d, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000cae982b926ba2ad405ba4d00f9ffffff000000009c"], &(0x7f0000000040)='GPL\x00', 0x2, 0x1000, &(0x7f00000007c0)=""/4096, 0x41000, 0x61, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) r4 = dup2(r3, r0) getsockopt$SO_TIMESTAMP(r4, 0x1, 0x23, &(0x7f00000000c0), &(0x7f0000000100)=0x4) r5 = syz_clone(0x80080000, &(0x7f0000000140)="a7f64ef32f2b8df52e116117419448db4aa4447c833dc5b116bc7e1f850d3b090e98846402f46cf0406badbed97f82f82985", 0x32, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f00000004c0)="5dbe48d4fcb0c64c05697cc64c1c509f92524c050d9de8cb93c47dda0f1ee4fe62d05cd15ffea89a3e0aa32cecfabe347d2de7397a5d22cc8f0c7f43ad7bfb3cf988d5ac26869513ae8f74298e1ef3b25e7b6e4596c10e217a2ff7c0c490346e26f63c41389a434e7c0448ea5ce87f58ba3fbd830660f03dcc77d02862f2bea1d4794ba01ee14cbd5a4f8efa4189f918f4a62ead419a9912684433") getpgrp(r5) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000002, 0x100010, r3, 0x7c2a6000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x101800, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) mmap$KVM_VCPU(&(0x7f0000005000/0x3000)=nil, r10, 0x280000f, 0x11, r9, 0x0) mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, r10, 0x4, 0x1010, 0xffffffffffffffff, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6) 4m22.184128738s ago: executing program 5 (id=1524): socket$unix(0x1, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getpid() bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_tracing={0x1a, 0x7, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x400, 0x0, &(0x7f00000004c0), 0x41100, 0x10, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000a40)={0x2, 0x8, 0x1, 0x1}, 0x10, 0xf020, 0xffffffffffffffff, 0x3, &(0x7f0000000e00), &(0x7f0000000e40)=[{0x0, 0x2, 0x8, 0x9}, {0x4, 0x4, 0xb, 0x2}, {0x5, 0x3, 0x1, 0x5}], 0x10, 0xfffffffd, @void, @value}, 0x94) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) getrlimit(0xb, &(0x7f0000000040)) sched_setaffinity(0x0, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000000c0)=0x0) prctl$PR_SCHED_CORE(0x3e, 0x4000000000000001, r0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$igmp6(0xa, 0x3, 0x2) write$RDMA_USER_CM_CMD_QUERY_ROUTE(0xffffffffffffffff, &(0x7f0000000080)={0x5, 0x10, 0xfa00, {0xfffffffffffffffd}}, 0x18) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) listen(r3, 0x7) r4 = socket(0x10, 0x3, 0x6) r5 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0xe, [], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4]}}}}]}, 0x88}}, 0x20000000) socket$nl_generic(0x10, 0x3, 0x10) close(0x3) r7 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x8) fcntl$setlease(r7, 0x400, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) 4m16.946273491s ago: executing program 5 (id=1534): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000005c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61965b7e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7f, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x199, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x8000]}, 0x45c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500)={0x0}, &(0x7f0000000580)=0xc) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f00000001c0), r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000380)=@abs, 0x6e) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x1c00000) fcntl$setown(r0, 0x8, 0x0) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) waitid(0x2, r1, &(0x7f0000000240), 0x8, &(0x7f00000002c0)) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000005b80)={{{@in6=@remote, @in6=@empty, 0x4e22, 0x0, 0xfffe, 0x2, 0x2, 0x0, 0x0, 0x2c}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x0, 0x0, 0x80, 0x6}, 0x2253, 0x6e6bb0}, {{@in6=@local, 0x4d6, 0x6c}, 0x0, @in=@multicast1, 0x0, 0x0, 0x2}}, 0xe8) r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TCSBRKP(r6, 0x5425, 0x0) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000480)=0x6881) ioctl$TCSETSW2(r7, 0x5408, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf"}) 4m14.217877834s ago: executing program 5 (id=1537): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000040000"], 0x48) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000001c0)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mkdir(0x0, 0x0) mount$9p_rdma(&(0x7f0000000000), &(0x7f0000000180)='.\x00', 0x0, 0x800, &(0x7f0000000600)=ANY=[@ANYBLOB="7472616e733d72646d612c706f72743d3078303030303030303030303030346532322c00c2d782bf211d540c9173951b94fe0a3d3fac46539a1e61021e"]) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001e80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000090000000060a010400000000000000000100000008000b400000000068000480300001800e000100696d6d6564696174650000001c0002800800014000000000100002800c0002800800018000000000340001800c00010062697477697365002400028008000340000000040800024000000000080006400000000008000140000000200900010073797a30"], 0x104}}, 0x0) 4m12.457362424s ago: executing program 5 (id=1540): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d) r7 = userfaultfd(0x80801) ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r8, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000200)='./bus\x00', 0x100) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000300)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_auto}]}) lseek(r1, 0x10, 0x2) sendto$inet6(r8, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x18115, @rand_addr, 0x983a}, 0x1c) 3m56.419991717s ago: executing program 34 (id=1540): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d) r7 = userfaultfd(0x80801) ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r8, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000200)='./bus\x00', 0x100) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000300)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_auto}]}) lseek(r1, 0x10, 0x2) sendto$inet6(r8, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x18115, @rand_addr, 0x983a}, 0x1c) 3m20.731680499s ago: executing program 2 (id=1613): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42042, 0x2) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) dup(0xffffffffffffffff) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_group_source_req(r4, 0x0, 0x2e, 0x0, 0x0) setsockopt$inet_MCAST_MSFILTER(r4, 0x0, 0x30, &(0x7f0000000a40)={0x9, {{0x2, 0xfffe, @multicast2}}, 0x1}, 0x90) ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, 0x0) ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000240)='projid_map\x00') preadv(r5, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0x21, 0x0) 3m19.039136054s ago: executing program 2 (id=1615): socket$nl_rdma(0x10, 0x3, 0x14) ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket(0x10, 0x3, 0x0) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x200d80, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000041c0), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, r3, 0x1}, 0x14}}, 0x0) r4 = socket$inet(0x2, 0x3, 0x4) connect$inet(r4, &(0x7f0000000080)={0x2, 0x4e20, @private=0xa010100}, 0x10) sendmmsg$inet(r4, &(0x7f0000000f40), 0x0, 0x0) r5 = semget$private(0x0, 0x4000000009, 0x42a) semop(r5, 0x0, 0x0) socket(0x10, 0x3, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_KEY(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x28, r6, 0x9, 0x70bd2a, 0xfffffffe, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x4}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x40010}, 0x0) semctl$IPC_SET(r5, 0x0, 0x1, 0x0) quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0) 3m16.357279945s ago: executing program 2 (id=1619): ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xfffffff8}}, '\x00'}) syz_usb_connect$printer(0x5, 0x0, 0x0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="b40000000000000073119b000000000016000000000001009500740000000000ba56e23690a87d"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x2a, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) r7 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x3, r6, 0x0, 0x0, 0x0, 0x80800}) io_uring_enter(r7, 0x3516, 0xc2de, 0x8, 0x0, 0x0) write$6lowpan_control(r0, &(0x7f0000000040)='disconnect aa:aa:aa:aa:aa:10 2', 0x1e) 3m13.100651045s ago: executing program 2 (id=1624): mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x11a) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) socket$tipc(0x1e, 0x5, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r3, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@setneightbl={0x14, 0x43, 0x1, 0x70bd26, 0x25dfdbfb, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x8401}, 0x24000014) syz_emit_ethernet(0x47, &(0x7f00000005c0)={@link_local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010700", 0x11, 0x11, 0xff, @private1, @mcast2, {[], {0x0, 0xe22, 0x11, 0x0, @gue={{0x2, 0x0, 0x2, 0x75, 0x100, @val=0x80}, "b3"}}}}}}}, 0x0) r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='!\x00'], 0x50) ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f00000005c0)={0x1, @pix_mp={0x2ae692fb, 0x0, 0x32315842, 0x1, 0x0, [{}, {0x0, 0x200}, {}, {}, {}, {}, {0x4}]}}) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@verity_on}]}) chdir(0x0) setxattr$security_ima(&(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=@sha1={0x1, "e4a3186656e05fab9468f405313ac4c83f286a14"}, 0x15, 0x1) 3m11.55122603s ago: executing program 2 (id=1626): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(r0, 0x8, &(0x7f00000002c0)=0x81) ppoll(0x0, 0x0, 0x0, &(0x7f00000001c0)={[0x2a]}, 0x8) openat$loop_ctrl(0xffffff9c, 0x0, 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(0xffffffffffffffff, 0xc2604110, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'netdevsim0\x00'}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x20000023896) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000180)={0x5}, 0x10) write(r3, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f0000000000000200020000", 0x1c) bind$rxrpc(r3, &(0x7f00000010c0)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e21, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x4}}, 0x24) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000340)={0xa9, 0x0, 0x3015, 0x3, 0x9, 0x21, 0x8000}) prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) capset(0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00') preadv(r4, &(0x7f0000000040)=[{&(0x7f0000000080)=""/4097, 0x1001}], 0x1, 0x300, 0x0) 3m10.297342204s ago: executing program 2 (id=1629): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x40, 0x20, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x2a, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000140), 0x1003, r0}, 0x38) r5 = socket$packet(0x11, 0x2, 0x300) r6 = socket(0x1e, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'macvlan1\x00', 0x0}) setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f0000000480)={r7, 0x3, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x10) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000240)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r8}, 0x10) r9 = syz_open_dev$sndctrl(&(0x7f00000003c0), 0xb, 0x80) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r9, 0xc4c85513, &(0x7f0000000040)={0x2, 0x5, 0x2}) r10 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000300)={'veth0_vlan\x00', 0x0}) sendmsg$nl_route_sched(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0xe32b60fbedc7f0cc}, {0x7}, {0x0, 0xa}}}, 0x24}}, 0x0) close(0x3) 2m55.111303947s ago: executing program 35 (id=1629): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x40, 0x20, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x2a, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000140), 0x1003, r0}, 0x38) r5 = socket$packet(0x11, 0x2, 0x300) r6 = socket(0x1e, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'macvlan1\x00', 0x0}) setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f0000000480)={r7, 0x3, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x10) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000240)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r8}, 0x10) r9 = syz_open_dev$sndctrl(&(0x7f00000003c0), 0xb, 0x80) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r9, 0xc4c85513, &(0x7f0000000040)={0x2, 0x5, 0x2}) r10 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000300)={'veth0_vlan\x00', 0x0}) sendmsg$nl_route_sched(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0xe32b60fbedc7f0cc}, {0x7}, {0x0, 0xa}}}, 0x24}}, 0x0) close(0x3) 12.288833801s ago: executing program 0 (id=1875): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f0000000380)={{0x0, 0x989680}}, 0x0) read(0xffffffffffffffff, &(0x7f00000002c0)=""/114, 0x72) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) clock_adjtime(0x0, &(0x7f0000000000)={0x200000008, 0x0, 0x0, 0x69, 0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0, 0x40100, 0x0, 0x0, 0x9, 0x0, 0x1, 0xfffffffffffffffd, 0x2, 0x0, 0x1040, 0x7, 0x7f, 0x3, 0x3, 0x3, 0xfffffffffffffffe, 0x4}) setsockopt$TIPC_MCAST_BROADCAST(0xffffffffffffffff, 0x10f, 0x85) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB], 0x22) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) utimes(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)={{0x0, 0x2710}, {0x77359400}}) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) creat(&(0x7f0000000440)='./file0/file0\x00', 0x188) chdir(&(0x7f0000000140)='./bus\x00') lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 10.907975414s ago: executing program 0 (id=1877): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000a80), r0) syz_open_dev$MSR(&(0x7f0000000000), 0x4, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x16, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000b200001095000000000000009bd797e2d2e4"], &(0x7f00000000c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0) add_key$keyring(0x0, &(0x7f0000000340)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x3c1, 0x3, 0x410, 0x0, 0x168, 0x0, 0x0, 0xa, 0x340, 0x250, 0x250, 0x340, 0x250, 0x3, 0x0, {[{{@ipv6={@private0={0xfc, 0x0, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x33}, [0xff, 0x0, 0xff, 0xff000000], [0xffffff00, 0xff000000, 0xff, 0xff000000], 'xfrm0\x00', 'veth1_to_bond\x00', {}, {0xff}, 0x0, 0x3, 0x2}, 0x0, 0x228, 0x268, 0x0, {0x0, 0x28e}, [@common=@inet=@hashlimit3={{0x158}, {'caif0\x00', {0x0, 0x7ff, 0x0, 0x1, 0x0, 0x6, 0x1000}, {0xfffffffffffffff6}}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "48c01c5140d722edd3fb24545886bbd1be494201b400"}}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{}, {0x0, 0x8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x470) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d21400000000000000000014000000110001"], 0x68}, 0x1, 0x0, 0x0, 0x4006000}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f00000002c0)={0x9, 0x5, {0x1c22, @usage=0x4, 0x0, 0xd, 0x1, 0x3, 0x3, 0x8000000000000001, 0x28, @usage=0x6, 0x6, 0x6, [0x5, 0x1, 0x3, 0x1, 0x77b, 0x2]}, {0x3, @struct={0x2, 0x3}, 0x0, 0xce, 0x3, 0x100000000, 0x6, 0xc0000000, 0x40, @usage=0x98d, 0x7, 0x80000001, [0xe, 0x9, 0x9, 0x9, 0x4, 0x7]}, {0x5, @usage=0xffffffff, 0x0, 0xa290, 0x7, 0xb, 0xf30, 0x100000001, 0x50, @usage=0x6, 0x7, 0xfffffffe, [0x400000000000, 0x9, 0x0, 0xd, 0xe944, 0x40]}, {0x3, 0x8c1, 0x4}}) ioctl$BTRFS_IOC_RESIZE(r3, 0x50009403, &(0x7f00000006c0)=ANY=[]) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f00000000c0)=0x1) creat(&(0x7f00000002c0)='./file0\x00', 0x6) r4 = open$dir(&(0x7f0000000240)='./file1\x00', 0x20000, 0x72) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf5ffffff, 0x12, r4, 0x0) r5 = open$dir(&(0x7f0000000080)='./file0\x00', 0x100, 0x0) mmap$xdp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r5, 0x0) 10.5408372s ago: executing program 3 (id=1879): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000001f00000018000180140002007665746830"], 0x2c}}, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x11, @local, 0x0, 0x0, 'lblcr\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0x4, 0x0, 0x0) semctl$GETALL(0x0, 0x0, 0x6, 0x0) 10.487745049s ago: executing program 0 (id=1880): mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2000000080005, 0xffffffd2) socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x100000000004, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_open_dev$cec(0x0, 0xffffffffffffffff, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$FS_IOC_MEASURE_VERITY(r0, 0xc0046686, &(0x7f0000000200)={0x1, 0xc, "725c408b9a5c4fbb54731c27"}) io_submit(0x0, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r4, 0x0}]) r5 = socket$nl_generic(0x10, 0x3, 0x10) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = fsmount(r4, 0x0, 0xc) ppoll(&(0x7f0000000240)=[{r5, 0x4600}, {r4, 0x4000}, {r5, 0x40}, {r0, 0x1a0}, {r6, 0x1060}, {r1, 0x2062}, {r0, 0x420}, {r3, 0x80}], 0x8, &(0x7f0000000300), &(0x7f0000000340)={[0x81]}, 0x8) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_DAEMON(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x30, r7, 0x6c04073ee59f7719, 0x0, 0x0, {0x4}, [@IPVS_CMD_ATTR_DAEMON={0x4}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x2}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x2b}]}]}, 0x30}}, 0x0) mremap(&(0x7f0000b31000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000d5a000/0x2000)=nil) munlock(&(0x7f0000e4a000/0x1000)=nil, 0x1000) r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100001f0001000000000000000000020100800c0001000300000000000000140003"], 0x114}], 0x1}, 0x0) syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_change_link_key_complete={{0x9, 0x3}, {0x96, 0xc9}}}, 0x6) 10.304324936s ago: executing program 0 (id=1881): r0 = openat$smackfs_netlabel(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0xfffffff7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x141101) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c000000040605000000000000000000030004000900020073797a3200000000090002000100000000000000050001000700000005000100070000000900020073797a310000000005000100"], 0x5c}}, 0x0) r5 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek(r5, 0x9, 0x0) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4) bind$inet6(r5, 0x0, 0x0) connect$inet6(r6, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) socket$kcm(0x10, 0x2, 0x4) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x20}}, 0x0) write$smackfs_netlabel(r0, &(0x7f0000000000)=ANY=[@ANYBLOB='-0000000000000062410.00000000000000000003.00000000000800028916.000/0000000000000003.'], 0x6f) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000a00)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000cc0)={'virt_wifi0\x00', &(0x7f0000000040)=@ethtool_drvinfo={0x3, "ff918db4b2ea864f5815795e5c517b777bf7d391e3a422329473449b6549c7ed", "1a324626a66fea4c37e166fb9b76dbb0b34a4b52c396450339b98a84de4a9567", "b767d3283bdd19a0bac6fc57d24dc8ec638ab26a47bc5f7cf96061a759cdef6c", "bea2a66f7ab0e327991883899b8aa68cbdb0cdcc65ba8de2a80f983f3bc5c9b5", "bf445359f87c8d9d44597e290cfd1c5ef93ac3eabc63287ff01f140e67ad238a", "7fb9d290634203eb8f9ca834", 0x8, 0x7fff, 0x6, 0x5, 0x6}}) 8.987815806s ago: executing program 6 (id=1882): ioctl$CEC_G_MODE(0xffffffffffffffff, 0x80046108, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='oom_score_adj\x00') writev(r3, &(0x7f0000000c80)=[{&(0x7f0000000cc0)='0', 0x1}, {0x0, 0x2}], 0x2) bind$unix(0xffffffffffffffff, &(0x7f0000000140)=@file={0x1, './file1\x00'}, 0x2) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f00000000c0)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00"}) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000bdb000/0x3000)=nil, 0x3000, &(0x7f0000000040)='&\x00') bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1e, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) syz_emit_ethernet(0x66, 0x0, 0x0) syz_open_dev$vbi(&(0x7f00000000c0), 0x0, 0x2) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000000140)=@mmap={0x5, 0x4, 0x4, 0xe000, 0x1, {}, {0x4, 0x0, 0x6, 0x2, 0x7, 0x60, "514fef64"}, 0x1, 0x1, {}, 0x8}) migrate_pages(0x0, 0x2, &(0x7f0000000200)=0x2d9, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', 'syz', 0x20, 0xe8c}, 0x2d, 0xfffffffffffffff9) add_key(&(0x7f0000000140)='big_key\x00', &(0x7f00000001c0), &(0x7f00000003c0)="0889f44aac06fab2a2aa4cb3d21bb7196b8e18fa5a4313a82d4767c75aa0820710b9c1dca1ae45962204092d11b19946c629a9e168cf47a86da38ca25ca22d65edf516f320f8cb361dd9805d9a36f82ab739d3370092e6003c1342bc34022612158b648cc0799356547e011255d7192a7815af1d1ecad7a11a375051065d29da1a5f7f9c36aed2f8e20453c267e010fe5a4927105865c468dabb423f0d3f6d0d4e47444b10e93a77203687bf518da8696eeb57459ccaf84090e8b5eb0bd2fa9ff99c68e9f552d31b4eddd82998f4fb4912e7fd06a1da3effd788e33487b3839c9abd20f9b0889053510687dad11e69b62280abf4abe4988a8de3c4194cd0309556b1896c91970c3a2bfd9f822f18c20b600a2bf4850f7a5222c8479f04408f593f8fa06a40c14fcb97191255f94abf4efcdfb1382579fd5ecb1ab8eee1c90664a9604a4f7f78bdb98eb756247319393bc28bf045ade7656361", 0x159, 0xfffffffffffffffe) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_update={'update ', 'default', 0x20, 'trusted:', 'trusted:'}, 0x20, 0xfffffffffffffffd) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) 7.781134144s ago: executing program 6 (id=1883): socket$inet6(0x10, 0x3, 0x0) ioprio_set$pid(0x1, 0x0, 0x4007) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea048500000050000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0) sendmmsg(r3, &(0x7f0000000180), 0x400008a, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x8, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$inet6_sctp(0xa, 0x1, 0x84) r4 = socket$inet_sctp(0x2, 0x5, 0x84) r5 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x2, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r4, 0x84, 0x6c, &(0x7f0000000a40)={r6}, &(0x7f0000000040)=0x8) 7.65531834s ago: executing program 3 (id=1884): r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x401c5820, &(0x7f0000000080)={@desc={0xd32780, 0x0, @desc2}}) socket$inet_smc(0x2b, 0x1, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) stat(&(0x7f0000000180)='./file0\x00', 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x28031, 0xffffffffffffffff, 0x8000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f00000000c0)=0x2) ioctl$VIDIOC_S_AUDIO(r4, 0x40345622, &(0x7f0000000200)={0x6, "d244ccffc57d420d18213903928777c2bd55f1cc7f6bd5eaefd4dd43f4133fbe"}) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000d00)=@filter={'filter\x00', 0xe, 0x4, 0x348, 0xffffffff, 0x0, 0x110, 0x0, 0xffffffff, 0xffffffff, 0x2f0, 0x2f0, 0x2f0, 0xffffffff, 0x4, &(0x7f0000000100), {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @broadcast, 0x731, 0xf, [0x36, 0x32, 0x1f, 0x31, 0x18, 0x25, 0x5, 0x40, 0x40, 0x3d, 0x14, 0x19, 0x12, 0x31, 0x24, 0xb], 0x1, 0xffffffff, 0x9799}}}, {{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x2}}}, {{@ip={@dev={0xac, 0x14, 0x14, 0xb}, @private=0xa010102, 0xffffffff, 0xff, 'hsr0\x00', 'pim6reg1\x00', {}, {0xff}, 0x6, 0x0, 0x6}, 0x0, 0xe8, 0x148, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00', 0x0, 0x1, 0x2, 0x2}}, @common=@icmp={{0x28}, {0x11, "e98a", 0x1}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x0, 0x0, 0x2, 0x0, 0x2, 0x3], 0x4, 0x1}, {0x3, [0x0, 0x1, 0x2, 0x0, 0x1, 0x2], 0x1, 0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) bpf$PROG_LOAD(0x5, 0x0, 0x0) getdents(0xffffffffffffffff, 0x0, 0x15180) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000540)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./file0\x00', &(0x7f00000005c0)='vxfs\x00', 0x0, 0x0) syz_emit_ethernet(0x20e, &(0x7f0000000a00)=ANY=[@ANYBLOB="0b28d9661e7800000000000086dd60863caa01d8060020010000000000000000000000000001200100000000000000000000000000000412040909100300fc020000000000000000000000000001fe8000000000000000000000000000aafe88000000000000000000000000010100000000000000000000000000000000ff020000000000000000000000000001fc020000000000000000000000000001fe8000000000000000000000000000aafe800000000000000000000000050025ff010000000000000000000000000001bb0700000000000000010004010405020008c204000000000728000000000804060000000000010000000101000000000000060000000000000000000000000000000044000000003c17000000000000c204000000040730000000010a0405000000000001000000010000000000000007000000000000001c06000000000000050000000000000007580000000114f881000800000000000000d569000000000000090000000000000006000000000000000300000000000000050000000000000006000000000000000000000001000000cb2af55a00000000070000000000000000220f945e896f88af502eb255ddcb99590596c86334371d8351775976b9536433d1fbdc000100050200000000000000000000000000000000000000000200004e2100004e23000000020000000000000004000000000000000000000000285815c979b8221a1f7afbabc2da8eb3a0bb83d15255d166648a4a912aa2a64350509bc5c354763b4ab8084c057f777689794167d0895af74c8c06e18d278b731ac24710444c6333918f7a0dd117b5c93a9b27dd48d4d7e441114bc1a25dd6f81390cc2d33f405e9fcb2acb7753e8ffb92d7663dd3b85fb182df7d253c90400d7371efd554cc1243729442a0d100c2200394df7a990e744e407e79c8b1f0d1dd91e65f13"], 0x0) 5.440734142s ago: executing program 6 (id=1885): socket$inet_dccp(0x2, 0x6, 0x0) socket(0x10, 0x2, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xfffffffffffffffe}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) getpid() r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='attr/current\x00') writev(r3, &(0x7f00000015c0)=[{&(0x7f00000000c0)='w', 0x1}], 0x1) pidfd_getfd(0xffffffffffffffff, r2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00'}, 0x10) r4 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0) execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000000), 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x16}, {&(0x7f0000000180)="96bc1480bb58", 0x6}], 0x2, &(0x7f0000000240)=[@ip_tos_u8={{0x11, 0x0, 0x7}}, @ip_pktinfo={{0x19, 0x0, 0x8, {0x0, @rand_addr, @multicast2}}}], 0x38}, 0x0) 5.404828535s ago: executing program 3 (id=1886): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r4, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000240), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./bus\x00', 0x0, 0x0) r6 = fanotify_init(0x200, 0x0) syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x101000) fanotify_mark(r6, 0x1, 0x4800003e, r5, 0x0) chdir(&(0x7f0000000140)='./bus\x00') r7 = creat(&(0x7f0000000300)='./bus\x00', 0x0) close(r7) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) 5.00705785s ago: executing program 6 (id=1887): socket$inet6_sctp(0xa, 0x1, 0x84) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) socket$netlink(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r4 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=@newqdisc={0xb8, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x88, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x2c, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0xfffffff7}]}, {0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x81}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0xffff}]}]}]}}]}, 0xb8}}, 0x0) r7 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r7, 0x29, 0x31, &(0x7f0000000200)=0x8, 0x4) bind$inet6(r7, 0x0, 0x0) sendto$inet6(r7, 0x0, 0x0, 0x20000002, &(0x7f00000001c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) poll(&(0x7f0000000000)=[{r4, 0x4420}, {r0, 0xc000}], 0x2, 0xffffffea) getsockopt$inet6_buf(r7, 0x29, 0x6, 0x0, &(0x7f0000000080)) setsockopt$inet6_int(r0, 0x29, 0x4e, 0x0, 0x0) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) 3.312833052s ago: executing program 0 (id=1888): socket$kcm(0x10, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x5}, 0x6}, 0x1c) r0 = socket$kcm(0xa, 0x2, 0x73) socket$alg(0x26, 0x5, 0x0) mkdir(0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000840)={'batadv_slave_0\x00', 0x0}) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000001a40)={0x1f, 0xffff, 0x3}, 0x6) write(r4, &(0x7f0000000000)="2e000300010001", 0x7) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r3, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x7, 0x2, 0x3, 0x40, 0x1, 0x2, '\x00', r3, r2, 0x5, 0x2, 0x1, 0x5, @void, @value, @void, @value}, 0x13) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b7030000feffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = socket$packet(0x11, 0x2, 0x300) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000002c0)=r5, 0x4) syz_emit_ethernet(0x3e, &(0x7f0000000500)=ANY=[@ANYBLOB="ffffffffffff0000000000000800450000300000000000019078ac1e0001ac1414aa031c907803240000450000000000000000010000ac1414aaac141400"], 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=@newtaction={0x60, 0x30, 0xffff, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xe4}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}}, 0x0) sendmsg$inet(r0, 0x0, 0x80) 3.212414224s ago: executing program 3 (id=1889): socket$nl_netfilter(0x10, 0x3, 0xc) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r4, 0x84, 0x81, &(0x7f00000002c0)="1ae96d0103010000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r4, 0x84, 0x17, &(0x7f0000000000)=ANY=[], 0xffc9) close_range(r3, 0xffffffffffffffff, 0x0) pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r5, 0xc0189379, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'wlan1\x00', &(0x7f0000000080)=@ethtool_ringparam={0x11}}) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl(r6, 0x8b32, &(0x7f0000000300)="68ea2dbde0a858012de980b62116a80504b1010aefd6692d961b9abafd30b460e970021905398b89d6bced134b319dca7d0e459a897311d7d8405878b0a76ee4d056090ec3b2a0f3738ec335c5c5b77955295929531148414dfe029f518f578da223eb34f94300f8a602e79a7a376f66f67a6602ab78a6b1ec") socket$inet6(0xa, 0x6, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x24040084}, 0x0) connect$inet(r5, &(0x7f0000000040)={0x2, 0x4e22, @loopback}, 0x10) 3.116799776s ago: executing program 6 (id=1890): r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'team0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=ANY=[@ANYRES32=r2, @ANYBLOB="140003006970366772653000000000000000000008000100ac1414bb1400030070696d7265673100000000003528560241d0f7e5c9d60669c90a16d426f061e50abf246bb9f6979ce621991e32f5534e01265cd3a530a0aeee5837a17845b101c353c504cf171e52a1eb2a48011a00"/120], 0x48}, 0x1, 0x0, 0x0, 0x8080}, 0x0) syz_init_net_socket$ax25(0x3, 0x4, 0xce) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f, '\x00', r2, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x0, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) r6 = socket$netlink(0x10, 0x3, 0x14) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) ioctl$sock_FIOSETOWN(r5, 0x8901, &(0x7f0000000040)=r3) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000000)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'team_slave_0\x00'}}]}, 0x38}}, 0x0) 2.77600491s ago: executing program 0 (id=1891): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(r0, 0x8, &(0x7f00000002c0)=0x2) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000001f00000018000180140002007665746830"], 0x2c}}, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x11, @local, 0x0, 0x0, 'lblcr\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) connect$bt_l2cap(0xffffffffffffffff, &(0x7f00000000c0)={0x1f, 0x0, @any, 0x3ff}, 0xe) getsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0x4, 0x0, 0x0) r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) ioctl$PTP_EXTTS_REQUEST2(r5, 0x43403d05, 0x0) semctl$GETALL(0x0, 0x0, 0x6, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0) 1.511443091s ago: executing program 3 (id=1892): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() ioctl$TIOCSWINSZ(0xffffffffffffffff, 0x5414, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000000c0)={@cgroup=r0, 0x13, 0x0, 0x3, &(0x7f0000000880), 0x0, 0x0, &(0x7f00000008c0), &(0x7f0000000900)=[0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0x40) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x90013c9e39e0e30e, &(0x7f0000000a00)={@multicast2, @dev}, 0x0) r5 = signalfd(r3, 0x0, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32=r5, @ANYRES32=r5, @ANYBLOB, @ANYBLOB, @ANYRES64=r4], 0x20) socket$igmp(0x2, 0x3, 0x2) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000500)={'bond_slave_0\x00', &(0x7f0000000180)=@ethtool_link_settings={0x4c, 0x400, 0xf, 0x80, 0xff, 0x0, 0x0, 0x0, 0x0, 0x4, [0xfffffffd, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1, 0x1]}}) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8936, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0x3f}, 0x78, r6}) bpf$MAP_CREATE(0x0, 0x0, 0x0) r9 = syz_open_dev$evdev(&(0x7f0000000080), 0xa, 0x80) ioctl$EVIOCGABS0(r9, 0x80184520, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) 276.86466ms ago: executing program 3 (id=1893): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9, 0x84, 0x144, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socket$inet(0x2, 0x3, 0x8d) sendmsg$RDMA_NLDEV_CMD_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001380)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x40010) socket$netlink(0x10, 0x3, 0x8000000005) mkdir(&(0x7f0000000180)='./file1\x00', 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x2, 0x4, 0x4, 0x8, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x23, 0x4, 0x2, 0x40, r3, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f0000000280)={0x0, 0x4}, 0xe) shutdown(r5, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)}, &(0x7f0000000240)=0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f00000044c0)={0x7f, 0xe, 0xffff, 0x67, r6}, &(0x7f0000004500)=0x10) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r4, &(0x7f0000000240), 0x0}, 0x20) chdir(&(0x7f0000000080)='./file1\x00') open$dir(&(0x7f0000000000)='./file1\x00', 0x5c1, 0x0) lchown(&(0x7f0000000080)='./file1\x00', 0xee01, 0xffffffffffffffff) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) 0s ago: executing program 6 (id=1894): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xffd, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) r5 = socket$inet_tcp(0x2, 0x1, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x3, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x1, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x8, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0x20ff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x4, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) clock_settime(0x0, &(0x7f00000002c0)={0x77359400}) r6 = socket(0x1e, 0x1, 0x0) shutdown(r6, 0x2) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="1b00000000", @ANYBLOB, @ANYRES32, @ANYBLOB="0000000002000000000000000000000000000000007afc064cd04d00000000000000bb3ddcb2cfb64e67b657b276e0b54c9318b6b2ca537e4ac8d4c702c4d7ff68f88ade29cc6440e3f47d550d"], 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="1808000000400000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000014000000b7060000000000008500000005000000bf0900000000000035090100000000209500000000000000b7020000000000007b9af8ff00000000b509000000003fa87baaf0ff00000000ae8900000000000007080000f8ffffffbf8400000000000007040000f0ffffffc70200000800000018260000", @ANYRES32=r7, @ANYBLOB="0000000069a6baf0cd4e3a5600000000b7050000080000004600f0ff76000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r10 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x5885}, &(0x7f0000000340), &(0x7f0000000280)) io_uring_enter(r10, 0x3516, 0x0, 0x0, 0x0, 0x0) accept4$ax25(r6, &(0x7f0000001200)={{0x3, @bcast}, [@remote, @remote, @bcast, @null, @bcast, @default, @rose, @null]}, &(0x7f0000001280)=0x48, 0x80800) socket$pppoe(0x18, 0x1, 0x0) openat$vcsu(0xffffffffffffff9c, &(0x7f00000012c0), 0xa40, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000015c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)=ANY=[@ANYBLOB="1c000000000000000110000002000000", @ANYRES32=r0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=r1, @ANYRES32=r7, @ANYRES32=r5, @ANYRES32=r1, @ANYBLOB="3000000000000000010000", @ANYRES32=r9, @ANYRES32=r3, @ANYRES32=r3, @ANYRES32, @ANYRES32, @ANYRES32=r3, @ANYRES32=r8, @ANYRES32=r1], 0x70, 0x20044000}}, {{&(0x7f0000000e80)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001040)=[{&(0x7f0000000f00)="46da7b06982cd25113b12f6fcb653b41a0a0338f60f50f6dbf7cc74edfb684d1e657773593b338991966a07edcad599ae96364ab7d03628c206d9952f773f79986f9d49cca40e1259afe5bcbe3797f19ab7b6dcf10ffd66ea451b3829ab3c4bdc74cdf78ec34f11b682c939218cdff548d00b6b8ea98388159c09964f9b8daf9140537fc36712138abf6373db1eeb095effeb7b25247c312d4db6af3a338d30625c6957b3a1e5c1b928036ae96d285fb3f6ee67632b598705b9143cf451005e0f05dc55a38e24b4c0f0d", 0xca}, {&(0x7f0000001000)="a6dbec53177ecb45f4cd716c23cd", 0xe}], 0x2, &(0x7f0000001300)=ANY=[], 0xe8, 0x4040044}}, {{&(0x7f0000001400)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000001580)=[{&(0x7f0000001480)="44fafdfdb4c2a6dfb5e590efe9d4bdcd393edbb4f46d7b5aecddd0e7e52d5b096233802458a03e4aba4faade64ea88285f19a697d25ac8b36e67e8c94aef30aaea6781fc577ee36314bf8eba59ef0d5db947cc1da120c63db70c2363a925cc232da84138b25b48016f", 0x69}], 0x1, 0x0, 0x0, 0x40000}}], 0x3, 0x800) kernel console output (not intermixed with test programs): 863.930392][T12151] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 864.146892][T12151] Cannot create hsr debugfs directory [ 864.487525][ T5874] usb 1-1: device descriptor read/all, error -71 [ 865.872562][ T5830] Bluetooth: hci2: command tx timeout [ 865.907923][T12477] block device autoloading is deprecated and will be removed. [ 867.888350][T12489] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1245'. [ 867.893466][ T5830] Bluetooth: hci2: command tx timeout [ 868.495474][T12480] ceph: No mds server is up or the cluster is laggy [ 868.673355][T12434] wlan0 speed is unknown, defaulting to 1000 [ 868.673401][T12484] netlink: 288 bytes leftover after parsing attributes in process `syz.2.1244'. [ 868.689627][ T8] libceph: connect (1)[c::]:6789 error -101 [ 868.713747][ T8] libceph: mon0 (1)[c::]:6789 connect error [ 868.826964][ T5957] bridge_slave_1: left allmulticast mode [ 868.940887][ T5957] bridge_slave_1: left promiscuous mode [ 868.977222][ T5957] bridge0: port 2(bridge_slave_1) entered disabled state [ 869.012893][ T5957] bridge_slave_0: left allmulticast mode [ 869.040578][ T5957] bridge_slave_0: left promiscuous mode [ 869.054051][ T5957] bridge0: port 1(bridge_slave_0) entered disabled state [ 870.003457][ T5830] Bluetooth: hci2: command tx timeout [ 870.130046][ T5957] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 870.163415][ T5957] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 870.300679][ T5957] bond0 (unregistering): Released all slaves [ 871.123937][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 874.277510][ T5957] hsr_slave_0: left promiscuous mode [ 874.526521][ T5957] hsr_slave_1: left promiscuous mode [ 874.532462][ T5957] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 875.004929][ T5957] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 879.136166][ T5957] team0 (unregistering): Port device team_slave_1 removed [ 879.276105][ T5957] team0 (unregistering): Port device team_slave_0 removed [ 880.492110][T12549] tipc: Started in network mode [ 880.498885][T12549] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 880.508152][T12549] tipc: New replicast peer: fe80:0000:0000:0000:0077:b236:0362:91af [ 880.516587][T12549] tipc: Enabled bearer , priority 10 [ 881.980075][ T5916] tipc: Node number set to 1 [ 883.123650][ T5908] usb 6-1: new low-speed USB device number 7 using dummy_hcd [ 883.340505][ T5908] usb 6-1: config index 0 descriptor too short (expected 1307, got 27) [ 883.359615][ T5908] usb 6-1: config 0 has an invalid interface number: 0 but max is -1 [ 883.360593][T12434] chnl_net:caif_netlink_parms(): no params data found [ 883.411868][ T5908] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 883.463435][ T5908] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 883.481619][ T5908] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 883.496983][ T5908] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 883.530871][ T5908] usb 6-1: string descriptor 0 read error: -22 [ 883.537374][ T5908] usb 6-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 883.546521][ T5908] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 883.664767][ T5908] usb 6-1: config 0 descriptor?? [ 883.670556][T12594] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 883.679812][ T5908] hub 6-1:0.0: bad descriptor, ignoring hub [ 883.706642][ T5908] hub 6-1:0.0: probe with driver hub failed with error -5 [ 883.767956][ T5908] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input16 [ 883.842866][ C1] usb_acecad 6-1:0.0: can't resubmit intr, dummy_hcd.5-1/input0, status -1 [ 884.979997][T12434] bridge0: port 1(bridge_slave_0) entered blocking state [ 885.008843][T12434] bridge0: port 1(bridge_slave_0) entered disabled state [ 885.016920][T12434] bridge_slave_0: entered allmulticast mode [ 885.024581][T12434] bridge_slave_0: entered promiscuous mode [ 885.057470][T12434] bridge0: port 2(bridge_slave_1) entered blocking state [ 885.071716][T12434] bridge0: port 2(bridge_slave_1) entered disabled state [ 885.079484][T12434] bridge_slave_1: entered allmulticast mode [ 885.095422][T12434] bridge_slave_1: entered promiscuous mode [ 885.169892][T12434] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 885.195923][T12434] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 885.286137][T12434] team0: Port device team_slave_0 added [ 885.307235][T12434] team0: Port device team_slave_1 added [ 885.377852][T12434] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 885.393552][T12434] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 885.438822][T12434] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 885.452368][T12434] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 885.459472][T12434] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 885.485881][T12434] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 885.567535][T12434] hsr_slave_0: entered promiscuous mode [ 885.576342][T12434] hsr_slave_1: entered promiscuous mode [ 885.582288][T12434] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 885.591691][T12434] Cannot create hsr debugfs directory [ 888.342792][ T977] usb 6-1: USB disconnect, device number 7 [ 889.114897][ T9633] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 889.126828][ T9633] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 889.137135][ T9633] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 889.269561][ T9633] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 889.531706][T12650] atomic_op ffff888030d2e198 conn xmit_atomic 0000000000000000 [ 889.934422][ T9633] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 889.943902][ T9633] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 890.185369][ T5957] bridge_slave_1: left allmulticast mode [ 890.194459][ T5957] bridge_slave_1: left promiscuous mode [ 890.227871][ T5957] bridge0: port 2(bridge_slave_1) entered disabled state [ 890.250980][ T5957] bridge_slave_0: left allmulticast mode [ 890.257939][ T5957] bridge_slave_0: left promiscuous mode [ 890.267562][ T5957] bridge0: port 1(bridge_slave_0) entered disabled state [ 890.481210][T12663] IPVS: Scheduler module ip_vs_sip not found [ 890.557644][ T5957] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 890.568257][ T5957] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 890.583683][ T5957] bond0 (unregistering): Released all slaves [ 891.456394][T12434] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 891.490428][T12434] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 892.231129][ T5830] Bluetooth: hci4: command tx timeout [ 892.649024][T12434] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 893.539051][T12639] wlan0 speed is unknown, defaulting to 1000 [ 893.557249][T12434] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 894.723326][ T5830] Bluetooth: hci4: command tx timeout [ 895.081074][ T5957] hsr_slave_0: left promiscuous mode [ 895.123446][ T5957] hsr_slave_1: left promiscuous mode [ 895.134179][ T5957] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 895.378010][ T5957] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 896.823545][ T5830] Bluetooth: hci4: command tx timeout [ 898.527237][ T5957] team0 (unregistering): Port device team_slave_1 removed [ 899.356297][ T5830] Bluetooth: hci4: command tx timeout [ 899.403884][ T5957] team0 (unregistering): Port device team_slave_0 removed [ 902.511185][T12736] Set syz1 is full, maxelem 65536 reached [ 902.519538][T12735] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1288'. [ 902.907977][T12750] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1291'. [ 904.460946][T12434] 8021q: adding VLAN 0 to HW filter on device bond0 [ 904.818707][T12434] 8021q: adding VLAN 0 to HW filter on device team0 [ 905.664233][ T9486] bridge0: port 1(bridge_slave_0) entered blocking state [ 905.673314][ T9486] bridge0: port 1(bridge_slave_0) entered forwarding state [ 905.775062][ T9486] bridge0: port 2(bridge_slave_1) entered blocking state [ 905.782262][ T9486] bridge0: port 2(bridge_slave_1) entered forwarding state [ 906.429118][T12775] input: syz0 as /devices/virtual/input/input17 [ 906.628023][T12639] chnl_net:caif_netlink_parms(): no params data found [ 907.461670][T12796] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1298'. [ 907.886258][T12639] bridge0: port 1(bridge_slave_0) entered blocking state [ 907.919422][T12639] bridge0: port 1(bridge_slave_0) entered disabled state [ 907.966574][T12639] bridge_slave_0: entered allmulticast mode [ 908.113667][T12639] bridge_slave_0: entered promiscuous mode [ 908.434817][T12639] bridge0: port 2(bridge_slave_1) entered blocking state [ 908.457645][T12639] bridge0: port 2(bridge_slave_1) entered disabled state [ 908.648751][T12639] bridge_slave_1: entered allmulticast mode [ 908.659552][T12639] bridge_slave_1: entered promiscuous mode [ 909.702800][T12639] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 909.785308][T12639] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 911.139576][T12825] /dev/nullb0: Can't open blockdev [ 911.174394][T12639] team0: Port device team_slave_0 added [ 911.208969][T12639] team0: Port device team_slave_1 added [ 911.361971][T12434] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 912.800122][T12639] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 912.810587][T12639] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 912.847746][T12639] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 912.867683][T12639] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 912.878123][T12639] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 912.918448][T12639] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 913.741965][T12639] hsr_slave_0: entered promiscuous mode [ 913.748213][T12639] hsr_slave_1: entered promiscuous mode [ 913.764466][T12639] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 913.772083][T12639] Cannot create hsr debugfs directory [ 915.307554][T12857] 9pnet_fd: Insufficient options for proto=fd [ 915.954624][T12434] veth0_vlan: entered promiscuous mode [ 916.803920][T12866] Can't find ip_set type hash:ip,port,ne\ [ 919.861703][T12639] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 920.235392][T12896] netlink: 120 bytes leftover after parsing attributes in process `syz.5.1316'. [ 920.244640][T12896] netlink: 'syz.5.1316': attribute type 1 has an invalid length. [ 920.252444][T12896] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1316'. [ 920.281204][T12896] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 921.173633][T12639] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 921.402807][T12639] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 921.448198][T12639] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 921.455988][ T9633] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 921.471674][ T9633] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 921.503511][ T9633] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 921.648578][ T9633] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 921.943429][ T9633] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 921.958678][ T9633] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 922.737549][ T29] audit: type=1326 audit(1740849182.854:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12910 comm="syz.2.1320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdebad8d169 code=0x7ffc0000 [ 922.804378][ T29] audit: type=1326 audit(1740849182.864:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12910 comm="syz.2.1320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdebad8d169 code=0x7ffc0000 [ 922.994709][ T29] audit: type=1326 audit(1740849182.864:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12910 comm="syz.2.1320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdebad8d169 code=0x7ffc0000 [ 923.811848][ T29] audit: type=1326 audit(1740849182.864:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12910 comm="syz.2.1320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdebad8d169 code=0x7ffc0000 [ 923.978771][T12639] 8021q: adding VLAN 0 to HW filter on device bond0 [ 923.994097][ T29] audit: type=1326 audit(1740849182.864:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12910 comm="syz.2.1320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7fdebad8d169 code=0x7ffc0000 [ 924.057754][ T5830] Bluetooth: hci2: command tx timeout [ 924.111671][ T29] audit: type=1326 audit(1740849182.864:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12910 comm="syz.2.1320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdebad8d169 code=0x7ffc0000 [ 924.133888][ T29] audit: type=1326 audit(1740849182.864:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12910 comm="syz.2.1320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fdebad8d169 code=0x7ffc0000 [ 924.140459][T12639] 8021q: adding VLAN 0 to HW filter on device team0 [ 924.181817][ T29] audit: type=1326 audit(1740849182.864:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12910 comm="syz.2.1320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdebad8d169 code=0x7ffc0000 [ 924.282970][ T29] audit: type=1326 audit(1740849182.864:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12910 comm="syz.2.1320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fdebad8d169 code=0x7ffc0000 [ 924.360697][ T9507] bridge0: port 1(bridge_slave_0) entered blocking state [ 924.367953][ T9507] bridge0: port 1(bridge_slave_0) entered forwarding state [ 925.229459][ T9486] bridge0: port 2(bridge_slave_1) entered blocking state [ 925.236644][ T9486] bridge0: port 2(bridge_slave_1) entered forwarding state [ 925.264925][ T29] audit: type=1326 audit(1740849182.864:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12910 comm="syz.2.1320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdebad8d169 code=0x7ffc0000 [ 925.284206][T12898] wlan0 speed is unknown, defaulting to 1000 [ 925.375730][ T60] bridge_slave_1: left allmulticast mode [ 925.382365][ T60] bridge_slave_1: left promiscuous mode [ 925.390056][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 926.133356][ T5830] Bluetooth: hci2: command tx timeout [ 926.267209][ T60] bridge_slave_0: left allmulticast mode [ 926.273085][ T60] bridge_slave_0: left promiscuous mode [ 926.288480][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 927.714295][ T9633] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 928.047695][T12932] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 928.203649][ T9633] Bluetooth: hci2: command tx timeout [ 928.385052][ T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 928.396146][ T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 928.407083][ T60] bond0 (unregistering): Released all slaves [ 930.283527][ T9633] Bluetooth: hci2: command tx timeout [ 931.603207][ T60] hsr_slave_0: left promiscuous mode [ 931.711366][ T60] hsr_slave_1: left promiscuous mode [ 931.728029][ T60] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 931.776088][ T60] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 931.850997][ T60] veth0_vlan: left promiscuous mode [ 931.886428][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.632923][ T60] team0 (unregistering): Port device team_slave_1 removed [ 933.702113][ T60] team0 (unregistering): Port device team_slave_0 removed [ 934.262725][T12969] wlan0 speed is unknown, defaulting to 1000 [ 934.477329][T12639] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 934.491578][T12898] chnl_net:caif_netlink_parms(): no params data found [ 936.740769][T12898] bridge0: port 1(bridge_slave_0) entered blocking state [ 936.772761][T12898] bridge0: port 1(bridge_slave_0) entered disabled state [ 936.942491][T12898] bridge_slave_0: entered allmulticast mode [ 936.950957][T12898] bridge_slave_0: entered promiscuous mode [ 937.581731][T12898] bridge0: port 2(bridge_slave_1) entered blocking state [ 938.350802][T12898] bridge0: port 2(bridge_slave_1) entered disabled state [ 938.375867][T12898] bridge_slave_1: entered allmulticast mode [ 938.443502][T12898] bridge_slave_1: entered promiscuous mode [ 941.258780][T12898] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 941.395226][T13038] xt_TPROXY: Can be used only with -p tcp or -p udp [ 941.422091][T12898] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 941.853766][T13045] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 942.555435][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 942.564624][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 942.574306][T12898] team0: Port device team_slave_0 added [ 942.574633][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 942.589650][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 942.603557][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 942.612804][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 942.759837][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 942.769264][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 942.781911][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 942.791124][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 942.799418][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 942.808744][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 942.847901][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 942.857142][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 942.860130][T12639] veth0_vlan: entered promiscuous mode [ 942.871114][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 942.880324][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 942.913346][ T5197] ldm_validate_partition_table(): Disk read failed. [ 942.987995][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 942.997237][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 943.005980][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 943.015131][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 943.036249][T12639] veth1_vlan: entered promiscuous mode [ 943.046539][ T5197] Dev loop6: unable to read RDB block 0 [ 943.067955][ T5197] loop6: unable to read partition table [ 943.071738][T12898] team0: Port device team_slave_1 added [ 944.740565][ T25] libceph: connect (1)[c::]:6789 error -101 [ 944.766481][ T25] libceph: mon0 (1)[c::]:6789 connect error [ 944.811793][T12898] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 944.835035][T13059] ceph: No mds server is up or the cluster is laggy [ 944.843829][T12898] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 945.423397][T12898] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 945.459316][T12639] veth0_macvtap: entered promiscuous mode [ 945.468044][T12639] veth1_macvtap: entered promiscuous mode [ 945.492498][T12898] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 945.500006][T12898] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 945.527949][T12898] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 945.730035][T12639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 945.822065][T12639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 945.836107][T12639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 945.848594][T12639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 945.860253][T12639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 945.872537][T12639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 946.357651][T12639] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 946.512685][T12898] hsr_slave_0: entered promiscuous mode [ 946.538921][T12898] hsr_slave_1: entered promiscuous mode [ 946.553953][T12898] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 946.561589][T12898] Cannot create hsr debugfs directory [ 948.262334][T13078] tmpfs: Unknown parameter 'quoza' [ 948.286145][T13078] netlink: 'syz.2.1351': attribute type 4 has an invalid length. [ 948.303877][T13078] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1351'. [ 948.568601][T13078] : renamed from bond0 (while UP) [ 949.332230][ T5830] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 949.380705][ T5830] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 949.393789][ T5830] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 949.401693][ T5830] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 949.410079][ T5830] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 949.559664][ T5830] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 951.722511][ T5830] Bluetooth: hci4: command tx timeout [ 952.003424][T13127] netlink: 'syz.0.1356': attribute type 10 has an invalid length. [ 953.406639][T13127] team0: Device ipvlan1 is VLAN challenged and team device has VLAN set up [ 953.736720][T13137] overlayfs: missing 'lowerdir' [ 953.836953][ T5830] Bluetooth: hci4: command tx timeout [ 954.171450][T13094] wlan0 speed is unknown, defaulting to 1000 [ 955.883800][ T5830] Bluetooth: hci4: command tx timeout [ 956.962164][T13161] netlink: 'syz.0.1362': attribute type 6 has an invalid length. [ 957.171995][T13177] ieee802154 phy1 wpan1: encryption failed: -22 [ 957.340554][T13094] chnl_net:caif_netlink_parms(): no params data found [ 958.481118][ T5830] Bluetooth: hci4: command tx timeout [ 958.500006][T12898] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 958.637233][T12898] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 959.496508][T12898] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 959.583768][ T9479] bridge_slave_1: left allmulticast mode [ 959.618189][ T9479] bridge_slave_1: left promiscuous mode [ 959.654253][ T9479] bridge0: port 2(bridge_slave_1) entered disabled state [ 959.717299][T13195] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 959.726534][T13195] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 959.741600][T13195] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 959.958735][T13195] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 959.971962][ T9479] bridge_slave_0: left allmulticast mode [ 959.975446][T13200] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 959.983499][ T9479] bridge_slave_0: left promiscuous mode [ 959.988792][T13200] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 959.991118][ T9479] bridge0: port 1(bridge_slave_0) entered disabled state [ 960.000012][T13200] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 960.067082][T13200] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 961.275461][ T9479] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 961.294641][ T9479] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 961.316323][ T9479] bond0 (unregistering): Released all slaves [ 961.340324][T12898] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 962.203546][T13094] bridge0: port 1(bridge_slave_0) entered blocking state [ 962.293914][T13094] bridge0: port 1(bridge_slave_0) entered disabled state [ 962.301212][T13094] bridge_slave_0: entered allmulticast mode [ 962.334066][T13094] bridge_slave_0: entered promiscuous mode [ 962.341974][T13094] bridge0: port 2(bridge_slave_1) entered blocking state [ 962.368526][T13094] bridge0: port 2(bridge_slave_1) entered disabled state [ 963.298543][T13094] bridge_slave_1: entered allmulticast mode [ 963.307428][T13224] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nbd2": -EINTR [ 963.541769][T13094] bridge_slave_1: entered promiscuous mode [ 964.739095][ T9479] hsr_slave_0: left promiscuous mode [ 964.786072][ T9479] hsr_slave_1: left promiscuous mode [ 964.810250][T13218] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 964.819746][ T9479] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 964.840294][ T9479] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 964.853080][ T9479] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 964.892399][ T9479] veth1_macvtap: left promiscuous mode [ 964.902857][ T9479] veth0_macvtap: left promiscuous mode [ 964.911846][ T9479] veth1_vlan: left promiscuous mode [ 964.918636][ T9479] veth0_vlan: left promiscuous mode [ 966.273943][T13254] nbd2: detected capacity change from 0 to 12 [ 966.287123][T13189] block nbd2: Send control failed (result -89) [ 966.402334][T13189] block nbd2: Request send failed, requeueing [ 966.422991][ T5830] block nbd2: Receive control failed (result -32) [ 966.479871][ T26] block nbd2: Dead connection, failed to find a fallback [ 966.487409][ T26] block nbd2: shutting down sockets [ 966.505966][ T26] blk_print_req_error: 13 callbacks suppressed [ 966.506011][ T26] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 966.524553][ T26] buffer_io_error: 12 callbacks suppressed [ 966.524594][ T26] Buffer I/O error on dev nbd2, logical block 0, async page read [ 967.086793][T13189] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 967.133330][T13189] Buffer I/O error on dev nbd2, logical block 0, async page read [ 967.141574][T13189] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 967.193224][T13189] Buffer I/O error on dev nbd2, logical block 0, async page read [ 967.249356][T13189] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 967.258914][T13189] Buffer I/O error on dev nbd2, logical block 0, async page read [ 967.282885][T13189] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 967.358750][T13189] Buffer I/O error on dev nbd2, logical block 0, async page read [ 967.371088][T13189] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 967.400238][T13189] Buffer I/O error on dev nbd2, logical block 0, async page read [ 967.431701][T13189] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 967.441851][T13189] Buffer I/O error on dev nbd2, logical block 0, async page read [ 968.173551][T13189] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 968.182668][T13189] Buffer I/O error on dev nbd2, logical block 0, async page read [ 968.213224][T13189] ldm_validate_partition_table(): Disk read failed. [ 968.221084][T13189] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 968.232878][T13189] Buffer I/O error on dev nbd2, logical block 0, async page read [ 968.253405][T13189] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 968.263084][T13189] Buffer I/O error on dev nbd2, logical block 0, async page read [ 968.283730][T13189] Dev nbd2: unable to read RDB block 0 [ 968.289606][T13189] nbd2: unable to read partition table [ 968.300136][T13189] nbd2: partition table beyond EOD, truncated [ 968.440104][T13189] ldm_validate_partition_table(): Disk read failed. [ 968.463988][T13189] Dev nbd2: unable to read RDB block 0 [ 968.469830][T13189] nbd2: unable to read partition table [ 968.476852][T13189] nbd2: partition table beyond EOD, truncated [ 969.162553][T13261] ldm_validate_partition_table(): Disk read failed. [ 969.225775][T13261] Dev nbd2: unable to read RDB block 0 [ 969.260786][T13261] nbd2: unable to read partition table [ 969.417712][T13261] nbd2: partition table beyond EOD, truncated [ 971.352924][T13308] gfs2: gfs2 mount does not exist [ 971.389350][ T9479] team0 (unregistering): Port device team_slave_1 removed [ 971.550038][ T9479] team0 (unregistering): Port device team_slave_0 removed [ 972.316276][T13094] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 972.330787][T13094] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 972.413732][T13094] team0: Port device team_slave_0 added [ 972.484930][T13094] team0: Port device team_slave_1 added [ 973.016885][T13094] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 973.024339][T13094] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 973.067992][T13094] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 973.092661][T13094] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 973.133441][T13094] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 973.169134][T13094] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 973.488772][T12898] 8021q: adding VLAN 0 to HW filter on device bond0 [ 973.603547][T12898] 8021q: adding VLAN 0 to HW filter on device team0 [ 973.621917][T13094] hsr_slave_0: entered promiscuous mode [ 974.304043][T13094] hsr_slave_1: entered promiscuous mode [ 974.310193][T13094] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 974.353553][T13094] Cannot create hsr debugfs directory [ 975.490757][ T9484] bridge0: port 1(bridge_slave_0) entered blocking state [ 975.497966][ T9484] bridge0: port 1(bridge_slave_0) entered forwarding state [ 975.814100][ T9484] bridge0: port 2(bridge_slave_1) entered blocking state [ 975.821239][ T9484] bridge0: port 2(bridge_slave_1) entered forwarding state [ 976.289319][ T5916] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 976.424709][ T5916] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz0 [ 976.749489][ T25] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 977.431386][ T25] usb 3-1: Using ep0 maxpacket: 32 [ 977.584795][ T25] usb 3-1: unable to get BOS descriptor or descriptor too short [ 977.603823][ T25] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 977.611446][ T25] usb 3-1: can't read configurations, error -71 [ 977.618268][T12898] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 979.695106][T13094] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 979.710683][T13094] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 979.722458][T13094] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 979.735158][T13094] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 981.584788][T13094] 8021q: adding VLAN 0 to HW filter on device bond0 [ 981.619862][T13094] 8021q: adding VLAN 0 to HW filter on device team0 [ 982.600291][T13408] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1391'. [ 982.844411][ T9484] bridge0: port 1(bridge_slave_0) entered blocking state [ 982.851584][ T9484] bridge0: port 1(bridge_slave_0) entered forwarding state [ 982.938999][ T9633] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 983.024118][ T9633] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 983.043570][ T9633] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 983.197943][ T9633] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 983.210418][ T9633] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 983.215954][T13094] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 983.218083][ T9633] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 983.228233][T13094] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 983.732268][ T9498] bridge0: port 2(bridge_slave_1) entered blocking state [ 983.739466][ T9498] bridge0: port 2(bridge_slave_1) entered forwarding state [ 985.162099][ T9507] bridge_slave_1: left allmulticast mode [ 985.173679][ T9507] bridge_slave_1: left promiscuous mode [ 985.179470][ T9507] bridge0: port 2(bridge_slave_1) entered disabled state [ 985.405205][ T9633] Bluetooth: hci2: command tx timeout [ 985.457715][ T9507] bridge_slave_0: left allmulticast mode [ 985.582715][ T9507] bridge_slave_0: left promiscuous mode [ 985.823808][ T9507] bridge0: port 1(bridge_slave_0) entered disabled state [ 986.134474][T13459] bio_check_eod: 2 callbacks suppressed [ 986.134624][T13459] syz.5.1400: attempt to access beyond end of device [ 986.134624][T13459] loop11: rw=0, sector=0, nr_sectors = 1 limit=0 [ 986.155338][T13459] FAT-fs (loop11): unable to read boot sector [ 988.138790][ T9633] Bluetooth: hci2: command tx timeout [ 990.223616][ T5830] Bluetooth: hci2: command tx timeout [ 991.379848][ T9507] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 991.390951][ T9507] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 991.431168][ T9507] bond0 (unregistering): Released all slaves [ 991.557619][T13419] wlan0 speed is unknown, defaulting to 1000 [ 992.288229][ T5830] Bluetooth: hci2: command tx timeout [ 992.303212][T13094] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 993.326068][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.413422][T13521] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1409'. [ 993.452689][T13521] xt_connbytes: Forcing CT accounting to be enabled [ 993.460106][T13521] Cannot find add_set index 0 as target [ 994.151245][ T9507] hsr_slave_0: left promiscuous mode [ 994.167709][ T9507] hsr_slave_1: left promiscuous mode [ 994.195075][ T9507] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 994.206279][ T9507] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 995.622506][ T9507] team0 (unregistering): Port device team_slave_1 removed [ 995.787339][ T9507] team0 (unregistering): Port device team_slave_0 removed [ 996.377032][ T5916] usb 6-1: new full-speed USB device number 8 using dummy_hcd [ 996.729618][ T5916] usb 6-1: config 0 has an invalid interface number: 40 but max is 0 [ 996.740656][ T5916] usb 6-1: config 0 has no interface number 0 [ 996.753854][ T5916] usb 6-1: New USB device found, idVendor=07c4, idProduct=a10b, bcdDevice=ff.24 [ 996.765193][ T5916] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 996.773943][ T5916] usb 6-1: Product: syz [ 996.778147][ T5916] usb 6-1: Manufacturer: syz [ 996.782798][ T5916] usb 6-1: SerialNumber: syz [ 996.790594][ T5916] usb 6-1: config 0 descriptor?? [ 996.801885][ T5916] ums-datafab 6-1:0.40: USB Mass Storage device detected [ 997.245129][T13532] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1410'. [ 997.337444][T13419] chnl_net:caif_netlink_parms(): no params data found [ 998.465662][T13419] bridge0: port 1(bridge_slave_0) entered blocking state [ 998.507384][T13419] bridge0: port 1(bridge_slave_0) entered disabled state [ 999.534315][ T977] usb 6-1: USB disconnect, device number 8 [ 999.563811][T13419] bridge_slave_0: entered allmulticast mode [ 999.975202][ T5822] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 1000.494997][ T5822] usb 3-1: device descriptor read/64, error -71 [ 1000.527093][T13419] bridge_slave_0: entered promiscuous mode [ 1000.779002][T13419] bridge0: port 2(bridge_slave_1) entered blocking state [ 1000.786415][T13419] bridge0: port 2(bridge_slave_1) entered disabled state [ 1001.226176][T13419] bridge_slave_1: entered allmulticast mode [ 1001.234863][T13419] bridge_slave_1: entered promiscuous mode [ 1001.253588][ T5822] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 1003.129638][T13599] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1417'. [ 1004.249518][T13607] workqueue: Failed to create a rescuer kthread for wq "xfs-blockgc/nbd0": -EINTR [ 1004.395654][T13419] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1004.547094][T13419] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1005.565527][T13094] veth0_vlan: entered promiscuous mode [ 1007.118259][T13094] veth1_vlan: entered promiscuous mode [ 1007.156578][T13419] team0: Port device team_slave_0 added [ 1007.223093][T13419] team0: Port device team_slave_1 added [ 1007.294338][ C1] blk_print_req_error: 40 callbacks suppressed [ 1007.294358][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1007.309819][ C1] buffer_io_error: 40 callbacks suppressed [ 1007.309835][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1007.328511][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1007.337760][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1007.358810][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1007.368042][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1007.376663][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1007.385880][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1007.399421][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1007.408641][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1007.421626][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1007.430804][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1007.443287][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1007.452443][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1007.460849][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1007.470089][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1007.478685][ T5197] ldm_validate_partition_table(): Disk read failed. [ 1007.491081][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1007.500320][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1007.508613][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1007.517813][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1007.534855][ T5197] Dev loop6: unable to read RDB block 0 [ 1007.541895][ T5197] loop6: unable to read partition table [ 1007.556707][T13419] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1007.573454][T13419] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1007.629696][T13419] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1007.663388][T13419] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1007.670528][T13419] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1007.696473][ C1] vkms_vblank_simulate: vblank timer overrun [ 1007.730665][T13419] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1007.852214][T13419] hsr_slave_0: entered promiscuous mode [ 1007.859018][T13419] hsr_slave_1: entered promiscuous mode [ 1007.872271][T13419] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1007.881158][T13419] Cannot create hsr debugfs directory [ 1008.680496][T13660] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1426'. [ 1009.897516][ T5136] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1009.912188][ T5136] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1009.924871][ T5136] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1009.948753][ T5136] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1009.961762][ T5136] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1009.970778][ T5136] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1010.093609][ T977] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 1010.383555][ T977] usb 6-1: Using ep0 maxpacket: 16 [ 1010.399390][ T977] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1010.437127][ T977] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1010.777696][ T977] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1011.059236][T13668] wlan0 speed is unknown, defaulting to 1000 [ 1011.203036][ T977] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1011.211187][ T977] usb 6-1: Product: syz [ 1011.215734][ T977] usb 6-1: Manufacturer: syz [ 1011.220355][ T977] usb 6-1: SerialNumber: syz [ 1011.227077][ T977] usb 6-1: config 0 descriptor?? [ 1011.235496][ T977] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1011.246308][ T977] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class) [ 1012.040341][ T977] em28xx 6-1:0.0: unknown em28xx chip ID (0) [ 1012.055200][ T5830] Bluetooth: hci4: command tx timeout [ 1012.145793][ T977] em28xx 6-1:0.0: Config register raw data: 0xfffffffb [ 1012.153125][T13419] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1012.180428][T13419] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1012.284453][ T977] em28xx 6-1:0.0: AC97 command still being executed: not handled properly! [ 1012.339755][ T977] em28xx 6-1:0.0: AC97 chip type couldn't be determined [ 1012.447626][ T977] em28xx 6-1:0.0: No AC97 audio processor [ 1012.487418][ T5957] bridge_slave_1: left allmulticast mode [ 1012.555386][ T5957] bridge_slave_1: left promiscuous mode [ 1012.647799][ T5957] bridge0: port 2(bridge_slave_1) entered disabled state [ 1012.807284][ T5957] bridge_slave_0: left allmulticast mode [ 1012.812992][ T5957] bridge_slave_0: left promiscuous mode [ 1012.870011][ T5957] bridge0: port 1(bridge_slave_0) entered disabled state [ 1013.419072][T13697] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1431'. [ 1013.448878][T13697] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1431'. [ 1014.133432][ T5830] Bluetooth: hci4: command tx timeout [ 1014.348668][ T5873] usb 6-1: USB disconnect, device number 9 [ 1014.356864][ T5873] em28xx 6-1:0.0: Disconnecting em28xx [ 1015.440832][ T5873] em28xx 6-1:0.0: Freeing device [ 1016.227329][ T5830] Bluetooth: hci4: command tx timeout [ 1016.881194][ T5957] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1016.894880][ T5957] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1016.905794][ T5957] bond0 (unregistering): Released all slaves [ 1017.128624][T13419] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1017.790893][T13419] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1018.372898][ T5830] Bluetooth: hci4: command tx timeout [ 1019.370403][ T5957] hsr_slave_0: left promiscuous mode [ 1019.773938][ T5957] hsr_slave_1: left promiscuous mode [ 1019.815306][ T5957] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1019.855131][ T5957] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1019.988154][ T5957] veth1_vlan: left promiscuous mode [ 1020.203139][ T5957] veth0_vlan: left promiscuous mode [ 1020.205883][T13736] overlayfs: failed to resolve './file1': -2 [ 1021.505297][T13743] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1441'. [ 1023.418374][ T5957] team0 (unregistering): Port device team_slave_1 removed [ 1023.518163][ T5957] team0 (unregistering): Port device team_slave_0 removed [ 1023.608542][T13754] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1023.692919][T13755] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1023.722517][T13754] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1024.191529][T13668] chnl_net:caif_netlink_parms(): no params data found [ 1025.009915][T13668] bridge0: port 1(bridge_slave_0) entered blocking state [ 1025.145635][T13668] bridge0: port 1(bridge_slave_0) entered disabled state [ 1025.152932][T13668] bridge_slave_0: entered allmulticast mode [ 1025.160909][T13668] bridge_slave_0: entered promiscuous mode [ 1025.176918][T13668] bridge0: port 2(bridge_slave_1) entered blocking state [ 1025.184537][T13668] bridge0: port 2(bridge_slave_1) entered disabled state [ 1025.192606][T13668] bridge_slave_1: entered allmulticast mode [ 1025.200452][T13668] bridge_slave_1: entered promiscuous mode [ 1025.397062][T13668] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1026.713153][T13668] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1026.751668][T13780] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 1, id = 0 [ 1026.841679][T13668] team0: Port device team_slave_0 added [ 1026.889852][T13419] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1026.910423][T13668] team0: Port device team_slave_1 added [ 1027.040940][T13668] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1027.063049][T13668] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1027.186161][T13668] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1027.229204][T13668] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1027.288021][T13668] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1027.469251][T13668] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1027.936528][T13419] 8021q: adding VLAN 0 to HW filter on device team0 [ 1027.957200][ T9498] bridge0: port 1(bridge_slave_0) entered blocking state [ 1027.964439][ T9498] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1028.010368][ T9498] bridge0: port 2(bridge_slave_1) entered blocking state [ 1028.018016][ T9498] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1028.147558][T13668] hsr_slave_0: entered promiscuous mode [ 1028.155203][T13668] hsr_slave_1: entered promiscuous mode [ 1028.162565][T13668] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1028.172023][T13668] Cannot create hsr debugfs directory [ 1028.398152][T13419] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1029.673206][T13812] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1450'. [ 1030.878290][ C1] blk_print_req_error: 13 callbacks suppressed [ 1030.878314][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 8 prio class 0 [ 1030.903311][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 2 prio class 0 [ 1030.912493][ C1] buffer_io_error: 12 callbacks suppressed [ 1030.912502][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1030.926194][ C1] Buffer I/O error on dev loop6, logical block 1, async page read [ 1030.938151][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1030.947376][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1030.955296][ C1] I/O error, dev loop6, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1030.964442][ C1] Buffer I/O error on dev loop6, logical block 1, async page read [ 1031.118939][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.128235][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1031.175358][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.184597][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1031.196640][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.206117][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1031.243486][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.252773][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1031.265150][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.274447][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1031.332518][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1031.341758][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1032.488003][ T5197] ldm_validate_partition_table(): Disk read failed. [ 1032.539623][T13419] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1032.543541][ T5197] Dev loop6: unable to read RDB block 0 [ 1032.580905][ T5197] loop6: unable to read partition table [ 1033.904661][T13853] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1455'. [ 1034.699553][T13419] veth0_vlan: entered promiscuous mode [ 1034.782042][T13419] veth1_vlan: entered promiscuous mode [ 1036.140619][T13419] veth0_macvtap: entered promiscuous mode [ 1036.312656][T13872] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1460'. [ 1036.395974][T13419] veth1_macvtap: entered promiscuous mode [ 1037.913774][T13419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1037.939750][T13419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1037.958288][T13419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1037.972343][T13419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1037.988675][T13419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1038.000144][T13419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.017692][T13419] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1038.031996][T13668] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1038.176114][T13668] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1038.226066][T13419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1038.691561][T13419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.983336][T13419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1039.151338][T13419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1039.287403][T13419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1039.298171][T13419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1039.311196][T13419] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1039.344194][T13668] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1039.463828][T13668] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1039.513154][T13419] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1039.524791][T13419] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1039.534683][T13419] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1039.543633][T13419] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1039.664492][T13909] netlink: 'syz.5.1467': attribute type 10 has an invalid length. [ 1039.757820][T13909] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1039.897633][T13909] netlink: 164 bytes leftover after parsing attributes in process `syz.5.1467'. [ 1039.916098][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1040.033629][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1040.707364][T13668] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1040.747538][T13668] 8021q: adding VLAN 0 to HW filter on device team0 [ 1040.779508][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 1040.786670][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1040.810278][ T9479] bridge0: port 2(bridge_slave_1) entered blocking state [ 1040.817470][ T9479] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1041.106434][T13668] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1041.298253][ T60] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1041.398952][ T60] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1041.565691][ T60] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1042.563021][T13668] veth0_vlan: entered promiscuous mode [ 1042.946109][ T60] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1044.143776][ T5136] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1044.336953][T13668] veth1_vlan: entered promiscuous mode [ 1044.355801][ T5136] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1044.369118][ T5136] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1044.380438][ T5136] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1044.388209][ T5136] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1044.404121][ T5136] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1044.949387][T13983] dlm: no locking on control device [ 1045.495020][T13668] veth0_macvtap: entered promiscuous mode [ 1045.760321][T13668] veth1_macvtap: entered promiscuous mode [ 1045.809564][ T60] bridge_slave_1: left allmulticast mode [ 1045.819532][ T60] bridge_slave_1: left promiscuous mode [ 1045.842941][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 1046.397306][ T60] bridge_slave_0: left allmulticast mode [ 1046.403027][ T60] bridge_slave_0: left promiscuous mode [ 1046.421778][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 1046.637823][ T5830] Bluetooth: hci2: command tx timeout [ 1048.694888][ T5830] Bluetooth: hci2: command tx timeout [ 1050.420013][T14023] openvswitch: netlink: Flow key attr not present in new flow. [ 1051.100510][ T5830] Bluetooth: hci2: command tx timeout [ 1051.363318][T14029] xt_hashlimit: overflow, try lower: 1125899906842624/8 [ 1053.163771][ T5830] Bluetooth: hci2: command tx timeout [ 1054.242652][ T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1054.314048][ T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1054.341986][ T60] bond0 (unregistering): Released all slaves [ 1054.468372][T13971] wlan0 speed is unknown, defaulting to 1000 [ 1054.484007][T14015] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1480'. [ 1054.793684][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.835848][T13668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1054.882713][T13668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1054.912983][T13668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1054.931227][T13668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1054.943413][T13668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1055.128301][T13668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1055.138446][T13668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1055.149032][T13668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1055.883602][T13668] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1056.277089][T13668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1056.313599][T13668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1056.341762][T13668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1056.383323][T13668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1056.418564][T13668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1056.482499][T13668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1056.527476][T13668] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1056.583025][T13668] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1056.638497][T13668] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1056.923225][T13668] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1056.985508][T13668] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1057.003424][T13668] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1057.019827][T13668] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1058.573806][ T60] hsr_slave_0: left promiscuous mode [ 1058.597412][ T60] hsr_slave_1: left promiscuous mode [ 1058.629257][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1058.657440][ T60] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1058.714153][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1058.721642][ T60] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1058.951100][ T60] veth1_macvtap: left promiscuous mode [ 1059.023053][ T60] veth0_macvtap: left promiscuous mode [ 1059.108255][ T60] veth1_vlan: left promiscuous mode [ 1059.453669][ T60] veth0_vlan: left promiscuous mode [ 1061.742330][ T60] team0 (unregistering): Port device team_slave_1 removed [ 1061.850004][ T60] team0 (unregistering): Port device team_slave_0 removed [ 1062.612549][T14119] netlink: 'syz.2.1498': attribute type 15 has an invalid length. [ 1062.745569][ T9479] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1062.747168][T13971] chnl_net:caif_netlink_parms(): no params data found [ 1062.823699][ T9479] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1062.915205][ T9486] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1063.531469][ T9486] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1065.630323][T13971] bridge0: port 1(bridge_slave_0) entered blocking state [ 1065.638501][T13971] bridge0: port 1(bridge_slave_0) entered disabled state [ 1065.647736][T13971] bridge_slave_0: entered allmulticast mode [ 1065.655756][T13971] bridge_slave_0: entered promiscuous mode [ 1065.665234][T13971] bridge0: port 2(bridge_slave_1) entered blocking state [ 1065.672367][T13971] bridge0: port 2(bridge_slave_1) entered disabled state [ 1066.368622][T13971] bridge_slave_1: entered allmulticast mode [ 1066.381145][T13971] bridge_slave_1: entered promiscuous mode [ 1066.424169][T14175] netlink: 'syz.5.1507': attribute type 3 has an invalid length. [ 1066.455030][T14175] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.1507'. [ 1066.738796][T13971] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1067.546119][T13971] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1067.848165][T14198] netlink: 'syz.0.1512': attribute type 1 has an invalid length. [ 1069.006193][T14210] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1069.341585][T14211] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1069.576045][T14202] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 1069.784024][T13971] team0: Port device team_slave_0 added [ 1069.810615][T13971] team0: Port device team_slave_1 added [ 1070.840234][T13971] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1070.858555][T13971] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1070.958817][T14222] QAT: Invalid ioctl 1075883590 [ 1070.964821][T14222] QAT: Invalid ioctl 1075883590 [ 1070.969852][T14222] QAT: Invalid ioctl 1075883590 [ 1070.974863][T14222] QAT: Invalid ioctl 1075883590 [ 1070.979813][T14222] QAT: Invalid ioctl 1075883590 [ 1070.984816][T14222] QAT: Invalid ioctl 1075883590 [ 1070.990291][T14222] QAT: Invalid ioctl 1075883590 [ 1070.995418][T14222] QAT: Invalid ioctl 1075883590 [ 1071.000358][T14222] QAT: Invalid ioctl 1075883590 [ 1071.005386][T14222] QAT: Invalid ioctl 1075883590 [ 1071.024969][T13971] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1071.050780][T13971] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1071.204190][T13971] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1071.435483][T13971] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1071.527093][T13971] hsr_slave_0: entered promiscuous mode [ 1071.545587][T13971] hsr_slave_1: entered promiscuous mode [ 1071.564181][T13971] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1071.596404][T13971] Cannot create hsr debugfs directory [ 1072.188335][T14250] Invalid ELF header len 8 [ 1076.575105][T14289] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1078.937435][T14312] xt_addrtype: ipv6 does not support BROADCAST matching [ 1080.728171][T14322] overlayfs: missing 'lowerdir' [ 1082.294208][T14331] qnx4: no qnx4 filesystem (no root dir). [ 1083.564629][T13971] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1083.622295][T13971] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1084.311783][T13971] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1084.345734][T13971] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1084.418297][T14351] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1084.429464][T14351] overlayfs: fs on './file0' does not support file handles, falling back to xino=off. [ 1084.551240][T13971] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1084.610800][T13971] 8021q: adding VLAN 0 to HW filter on device team0 [ 1085.206228][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 1085.213460][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1085.290895][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 1085.298104][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1091.346403][T13971] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1092.478025][T13971] veth0_vlan: entered promiscuous mode [ 1092.750296][T14424] netlink: 'syz.0.1552': attribute type 4 has an invalid length. [ 1093.746138][T13971] veth1_vlan: entered promiscuous mode [ 1094.054398][T13971] veth0_macvtap: entered promiscuous mode [ 1094.095930][T14426] XFS (nullb0): Invalid superblock magic number [ 1094.152426][T13971] veth1_macvtap: entered promiscuous mode [ 1094.354511][T13971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1094.365756][T13971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1095.070813][T13971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1095.081412][T13971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1095.091519][T13971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1095.102068][T13971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1095.112037][T13971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1095.193845][T13971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1095.205014][T13971] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1095.236060][T13971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1095.290726][T13971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1095.328909][T13971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1095.360518][T13971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1095.374090][T13971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1095.430076][T13971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1095.459780][T13971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1095.488957][T13971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1095.526265][T13971] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1095.619238][T13971] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1095.673541][T13971] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1095.745062][T13971] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1095.793454][T13971] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1096.008103][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 1096.014444][ T29] audit: type=1326 audit(1740849356.134:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14447 comm="syz.0.1559" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f37acb8d169 code=0x0 [ 1096.287068][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1096.323365][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1096.662258][ T9507] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1096.757398][ T9507] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1100.323942][T14481] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input20 [ 1100.928356][ T5136] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1100.959064][ T5136] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1101.618625][ T5136] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1101.631439][ T5136] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1101.644427][ T5136] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1101.651839][ T5136] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1102.353397][T14496] xt_socket: unknown flags 0x50 [ 1102.527890][ T9537] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1103.324865][T14488] wlan0 speed is unknown, defaulting to 1000 [ 1103.423333][T14504] i2c i2c-0: Invalid block write size 131 [ 1104.126004][ T5830] Bluetooth: hci1: command tx timeout [ 1104.595271][ T9537] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1104.975934][ T9537] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1106.399086][ T5830] Bluetooth: hci1: command tx timeout [ 1106.649437][ T9537] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1107.296873][T14526] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1108.443485][ T5830] Bluetooth: hci1: command tx timeout [ 1110.498973][ T9537] team0: left allmulticast mode [ 1110.629871][ T9537] team_slave_0: left allmulticast mode [ 1110.652100][ T5830] Bluetooth: hci1: command tx timeout [ 1112.313590][ T9537] team_slave_1: left allmulticast mode [ 1112.326278][ T9537] bridge0: port 3(team0) entered disabled state [ 1112.416676][ T9537] bridge_slave_1: left allmulticast mode [ 1112.422363][ T9537] bridge_slave_1: left promiscuous mode [ 1112.433727][ T9537] bridge0: port 2(bridge_slave_1) entered disabled state [ 1112.476265][ T9537] bridge_slave_0: left allmulticast mode [ 1112.481965][ T9537] bridge_slave_0: left promiscuous mode [ 1112.502496][ T9537] bridge0: port 1(bridge_slave_0) entered disabled state [ 1114.262853][T14572] netlink: 'syz.6.1583': attribute type 1 has an invalid length. [ 1114.627555][T14561] netlink: 'syz.3.1581': attribute type 11 has an invalid length. [ 1115.312887][T14579] siw: device registration error -23 [ 1116.207509][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1118.045159][ T9537] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1118.106143][ T9537] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1118.182042][ T9537] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 1118.860306][ T9537] bond0 (unregistering): Released all slaves [ 1118.880553][ T9537] bond1 (unregistering): Released all slaves [ 1119.560243][T14488] chnl_net:caif_netlink_parms(): no params data found [ 1119.612123][T14572] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 1120.022467][T14488] bridge0: port 1(bridge_slave_0) entered blocking state [ 1120.960070][T14488] bridge0: port 1(bridge_slave_0) entered disabled state [ 1120.968193][T14488] bridge_slave_0: entered allmulticast mode [ 1120.976057][T14488] bridge_slave_0: entered promiscuous mode [ 1120.989828][T14488] bridge0: port 2(bridge_slave_1) entered blocking state [ 1120.997033][T14488] bridge0: port 2(bridge_slave_1) entered disabled state [ 1121.004919][T14488] bridge_slave_1: entered allmulticast mode [ 1121.012006][T14488] bridge_slave_1: entered promiscuous mode [ 1123.894716][T14631] wlan0 speed is unknown, defaulting to 1000 [ 1124.032426][T14488] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1124.808172][T14654] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1596'. [ 1125.659141][T14488] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1128.670583][T14488] team0: Port device team_slave_0 added [ 1128.693884][T14488] team0: Port device team_slave_1 added [ 1128.888555][T14488] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1129.007412][T14488] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1129.033477][ C1] vkms_vblank_simulate: vblank timer overrun [ 1129.042556][T14488] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1129.380026][T14684] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1130.473888][T14488] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1130.480888][T14488] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1130.574718][T14700] 9pnet_fd: Insufficient options for proto=fd [ 1130.828085][T14488] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1130.842519][T13592] wlan0 speed is unknown, defaulting to 1000 [ 1130.849411][T13592] infiniband syz2: ib_query_port failed (-19) [ 1131.554279][T14705] overlayfs: missing 'lowerdir' [ 1132.626062][T14488] hsr_slave_0: entered promiscuous mode [ 1132.632599][T14488] hsr_slave_1: entered promiscuous mode [ 1132.904640][T14488] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1132.912314][T14488] Cannot create hsr debugfs directory [ 1133.878489][ T5136] Bluetooth: hci4: command 0x0406 tx timeout [ 1134.218312][T14723] qrtr: Invalid version 48 [ 1135.303504][T14725] vlan2: entered allmulticast mode [ 1135.309388][T14725] bond0: entered allmulticast mode [ 1135.315440][T14725] bond_slave_0: entered allmulticast mode [ 1135.321210][T14725] bond_slave_1: entered allmulticast mode [ 1135.330710][T14725] bond0: left allmulticast mode [ 1135.381365][T14725] bond_slave_0: left allmulticast mode [ 1136.138789][T14725] bond_slave_1: left allmulticast mode [ 1139.385295][ T9537] hsr_slave_0: left promiscuous mode [ 1139.404008][ T9537] hsr_slave_1: left promiscuous mode [ 1139.451282][ T9537] veth1_macvtap: left promiscuous mode [ 1139.463685][ T9537] veth0_macvtap: left promiscuous mode [ 1140.954269][T14775] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1620'. [ 1142.194981][ T9537] team_slave_1 (unregistering): left promiscuous mode [ 1142.220699][ T9537] team0 (unregistering): Port device team_slave_1 removed [ 1142.323042][ T9537] team_slave_0 (unregistering): left promiscuous mode [ 1142.337008][ T9537] team0 (unregistering): Port device team_slave_0 removed [ 1144.278097][ T9486] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1144.321262][ T9486] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1144.550868][T14814] GUP no longer grows the stack in syz.2.1626 (14814): 400000004000-40000000a000 (400000002000) [ 1144.562739][T14814] CPU: 0 UID: 0 PID: 14814 Comm: syz.2.1626 Not tainted 6.14.0-rc4-syzkaller-00248-g03d38806a902 #0 [ 1144.562766][T14814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1144.562778][T14814] Call Trace: [ 1144.562785][T14814] [ 1144.562793][T14814] dump_stack_lvl+0x241/0x360 [ 1144.562823][T14814] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1144.562848][T14814] ? __wake_up_klogd+0xcc/0x110 [ 1144.562878][T14814] __get_user_pages+0x3b07/0x4140 [ 1144.562903][T14814] ? __schedule+0x18c4/0x4c40 [ 1144.562950][T14814] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1144.562974][T14814] ? __pfx___get_user_pages+0x10/0x10 [ 1144.563008][T14814] ? mark_lock+0x9a/0x360 [ 1144.563041][T14814] get_user_pages_remote+0x31e/0xb60 [ 1144.563056][T14814] ? irqentry_exit+0x63/0x90 [ 1144.563081][T14814] ? __pfx_get_user_pages_remote+0x10/0x10 [ 1144.563105][T14814] __access_remote_vm+0x22d/0x800 [ 1144.563128][T14814] ? __pfx___access_remote_vm+0x10/0x10 [ 1144.563143][T14814] ? set_page_refcounted+0xa1/0x1e0 [ 1144.563163][T14814] ? alloc_pages_noprof+0x136/0x190 [ 1144.563185][T14814] proc_pid_cmdline_read+0x4b6/0x8c0 [ 1144.563210][T14814] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 1144.563227][T14814] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 1144.563251][T14814] ? rw_verify_area+0x1ed/0x630 [ 1144.563269][T14814] ? vfs_readv+0x5e3/0xa80 [ 1144.563290][T14814] vfs_readv+0x6bc/0xa80 [ 1144.563311][T14814] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 1144.563329][T14814] ? __pfx_vfs_readv+0x10/0x10 [ 1144.563340][T14814] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1144.563365][T14814] ? irqentry_exit+0x63/0x90 [ 1144.563381][T14814] ? lockdep_hardirqs_on+0x99/0x150 [ 1144.563411][T14814] __x64_sys_preadv+0x1b7/0x2d0 [ 1144.563430][T14814] ? __pfx___x64_sys_preadv+0x10/0x10 [ 1144.563448][T14814] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1144.563468][T14814] ? do_syscall_64+0xb6/0x230 [ 1144.563487][T14814] do_syscall_64+0xf3/0x230 [ 1144.563504][T14814] ? clear_bhb_loop+0x35/0x90 [ 1144.563525][T14814] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1144.563541][T14814] RIP: 0033:0x7fdebad8d169 [ 1144.563561][T14814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1144.563573][T14814] RSP: 002b:00007fdebbc63038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 1144.563589][T14814] RAX: ffffffffffffffda RBX: 00007fdebafa6240 RCX: 00007fdebad8d169 [ 1144.563599][T14814] RDX: 0000000000000001 RSI: 0000400000000040 RDI: 0000000000000006 [ 1144.563608][T14814] RBP: 00007fdebae0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1144.563617][T14814] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 1144.563625][T14814] R13: 0000000000000000 R14: 00007fdebafa6240 R15: 00007ffff3320aa8 [ 1144.563647][T14814] [ 1146.125194][T14807] netlink: 'syz.0.1625': attribute type 4 has an invalid length. [ 1147.275228][T14488] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1147.491057][T14830] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1629'. [ 1148.239074][ T51] smc: removing ib device syz1 [ 1150.089050][T14488] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1150.185231][T14488] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1150.231101][T14488] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1151.240162][ T9537] IPVS: stop unused estimator thread 0... [ 1151.987692][T14859] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1633'. [ 1152.488964][T14862] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1153.119049][T14488] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1153.199509][T14865] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1637'. [ 1153.696203][T14875] Cannot find del_set index 0 as target [ 1154.355835][T14488] 8021q: adding VLAN 0 to HW filter on device team0 [ 1154.383813][T14872] netlink: 'syz.3.1637': attribute type 3 has an invalid length. [ 1155.169029][T14879] lo speed is unknown, defaulting to 1000 [ 1155.170811][ T9507] bridge0: port 1(bridge_slave_0) entered blocking state [ 1155.181971][ T9507] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1155.200485][T14879] lo speed is unknown, defaulting to 1000 [ 1155.211602][ T9507] bridge0: port 2(bridge_slave_1) entered blocking state [ 1155.218784][ T9507] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1155.267603][T14879] lo speed is unknown, defaulting to 1000 [ 1155.312117][T14879] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 1155.321479][T14882] dccp_invalid_packet: invalid packet type [ 1155.583995][T14879] lo speed is unknown, defaulting to 1000 [ 1155.590874][T14879] lo speed is unknown, defaulting to 1000 [ 1155.598349][T14879] lo speed is unknown, defaulting to 1000 [ 1155.605389][T14879] lo speed is unknown, defaulting to 1000 [ 1156.293334][T14879] lo speed is unknown, defaulting to 1000 [ 1156.315133][T14879] lo speed is unknown, defaulting to 1000 [ 1156.595463][T14890] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1640'. [ 1157.428534][T14897] dns_resolver: Unsupported server list version (11) [ 1158.556988][T14904] overlayfs: missing 'lowerdir' [ 1158.644376][T14905] fuse: Invalid rootmode [ 1159.497077][T14913] netlink: 'syz.3.1645': attribute type 8 has an invalid length. [ 1159.549137][T14913] ALSA: seq fatal error: cannot create timer (-16) [ 1163.743399][ T5908] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 1166.316776][ T5830] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1166.333612][ T5830] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1167.355692][ T5830] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1167.441422][ T5830] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1167.543403][ T5830] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1167.573172][ T5830] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1167.944919][T14963] lo speed is unknown, defaulting to 1000 [ 1168.819140][T14982] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1168.831708][T14982] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1168.845637][T14982] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1168.857977][T14982] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1168.870956][T14982] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1168.879308][T14982] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1168.951049][T14981] lo speed is unknown, defaulting to 1000 [ 1170.031402][ T5830] Bluetooth: hci1: command 0x0409 tx timeout [ 1170.923497][ T5136] Bluetooth: hci3: command tx timeout [ 1171.703839][ T29] audit: type=1326 audit(1740849431.834:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14998 comm="syz.0.1661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37acb8d169 code=0x7fc00000 [ 1171.732644][ T29] audit: type=1800 audit(1740849431.854:97): pid=15007 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.1661" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 1171.941310][ T29] audit: type=1326 audit(1740849432.064:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14998 comm="syz.0.1661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f37acb8d169 code=0x7fc00000 [ 1172.025352][T14963] chnl_net:caif_netlink_parms(): no params data found [ 1172.209686][ T5136] Bluetooth: hci1: command 0x0409 tx timeout [ 1172.789746][T14981] chnl_net:caif_netlink_parms(): no params data found [ 1172.829461][T15024] trusted_key: encrypted_key: insufficient parameters specified [ 1173.007205][ T5136] Bluetooth: hci3: command tx timeout [ 1174.293502][ T5136] Bluetooth: hci1: command 0x0409 tx timeout [ 1175.812402][T14963] bridge0: port 1(bridge_slave_0) entered blocking state [ 1175.823666][T14963] bridge0: port 1(bridge_slave_0) entered disabled state [ 1175.830941][ T5908] IPVS: starting estimator thread 0... [ 1175.896693][T14963] bridge_slave_0: entered allmulticast mode [ 1175.931677][T14963] bridge_slave_0: entered promiscuous mode [ 1175.952342][T14963] bridge0: port 2(bridge_slave_1) entered blocking state [ 1175.984936][T14963] bridge0: port 2(bridge_slave_1) entered disabled state [ 1176.001267][T15050] IPVS: using max 20 ests per chain, 48000 per kthread [ 1176.013830][T14963] bridge_slave_1: entered allmulticast mode [ 1176.292636][T14963] bridge_slave_1: entered promiscuous mode [ 1177.003569][ T5136] Bluetooth: hci3: command tx timeout [ 1177.009311][ T5136] Bluetooth: hci1: command 0x0409 tx timeout [ 1177.657200][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1178.217689][ T9507] bridge_slave_1: left allmulticast mode [ 1178.232866][ T9507] bridge_slave_1: left promiscuous mode [ 1178.238847][ T9507] bridge0: port 2(bridge_slave_1) entered disabled state [ 1178.258423][ T9507] bridge_slave_0: left allmulticast mode [ 1178.264561][ T9507] bridge_slave_0: left promiscuous mode [ 1178.270490][ T9507] bridge0: port 1(bridge_slave_0) entered disabled state [ 1179.170990][ T5830] Bluetooth: hci3: command tx timeout [ 1179.643536][ T5830] Bluetooth: hci4: command 0x0406 tx timeout [ 1179.676372][ T9507] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1179.688104][ T9507] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1179.699153][ T9507] bond0 (unregistering): Released all slaves [ 1179.725001][T15064] netlink: 'syz.6.1668': attribute type 1 has an invalid length. [ 1179.732792][T15064] netlink: 224 bytes leftover after parsing attributes in process `syz.6.1668'. [ 1180.619828][T14963] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1180.652561][T14963] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1180.687677][T14981] bridge0: port 1(bridge_slave_0) entered blocking state [ 1180.716304][T14981] bridge0: port 1(bridge_slave_0) entered disabled state [ 1180.741192][T14981] bridge_slave_0: entered allmulticast mode [ 1180.775857][T14981] bridge_slave_0: entered promiscuous mode [ 1181.141053][T14981] bridge0: port 2(bridge_slave_1) entered blocking state [ 1181.236600][T14981] bridge0: port 2(bridge_slave_1) entered disabled state [ 1181.263654][T14981] bridge_slave_1: entered allmulticast mode [ 1181.288590][T14981] bridge_slave_1: entered promiscuous mode [ 1181.634606][ T9507] hsr_slave_0: left promiscuous mode [ 1181.722843][T15082] Option ' ' to dns_resolver key: bad/missing value [ 1182.316784][ T9507] hsr_slave_1: left promiscuous mode [ 1182.322720][ T9507] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1182.331390][ T9507] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1184.854249][T15090] netlink: 'syz.6.1675': attribute type 3 has an invalid length. [ 1186.297405][T15098] overlayfs: failed to clone upperpath [ 1189.718413][T15112] input: syz0 as /devices/virtual/input/input21 [ 1191.760049][T15121] befs: (nullb0): No write support. Marking filesystem read-only [ 1191.770776][T15121] befs: (nullb0): invalid magic header [ 1192.003905][T15124] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 1192.016337][T15124] /dev/nullb0: Can't open blockdev [ 1192.854070][ T9507] team0 (unregistering): Port device team_slave_1 removed [ 1193.323718][T15131] openvswitch: netlink: IPv4 tun info is not correct [ 1194.538401][ T9507] team0 (unregistering): Port device team_slave_0 removed [ 1201.076203][T14981] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1201.101355][T14963] team0: Port device team_slave_0 added [ 1201.109968][T14963] team0: Port device team_slave_1 added [ 1201.865406][T14981] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1202.201302][T14981] team0: Port device team_slave_0 added [ 1202.384587][T14963] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1202.398133][T14963] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1202.919162][T14963] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1202.967109][T14981] team0: Port device team_slave_1 added [ 1203.292753][T14963] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1203.320470][T14963] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1204.507285][T14963] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1204.999018][T15206] veth0_vlan: entered allmulticast mode [ 1205.007911][T15206] batman_adv: batadv0: Interface deactivated: vlan0 [ 1205.034997][T14981] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1205.043222][T14981] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1205.115095][T14981] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1205.273899][T14981] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1205.337170][T14981] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1205.367298][T14981] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1205.402679][T14963] hsr_slave_0: entered promiscuous mode [ 1205.410319][T14963] hsr_slave_1: entered promiscuous mode [ 1205.447648][T14963] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1205.469288][T14963] Cannot create hsr debugfs directory [ 1205.709390][T14981] hsr_slave_0: entered promiscuous mode [ 1205.728513][T14981] hsr_slave_1: entered promiscuous mode [ 1205.743963][T14981] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1205.760844][T14981] Cannot create hsr debugfs directory [ 1210.507897][T15258] overlayfs: overlapping lowerdir path [ 1210.848704][T15258] program syz.6.1707 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1211.149318][T15268] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1709'. [ 1213.335991][T14963] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1213.917319][T14963] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1214.097420][T14963] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1214.907696][T14963] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1215.870864][T14981] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1215.929201][T14981] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1215.976594][T14981] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1216.277092][T14981] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1216.455943][T15310] vivid-000: disconnect [ 1216.699887][ T29] audit: type=1400 audit(1740849476.694:99): lsm=SMACK fn=smack_file_receive action=denied subject="w" object="_" requested=w pid=15306 comm="syz.6.1716" path="socket:[43855]" dev="sockfs" ino=43855 [ 1217.228895][ T29] audit: type=1400 audit(1740849476.724:100): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="_" object="w" requested=w pid=15306 comm="syz.6.1716" saddr=127.0.0.1 daddr=127.0.0.1 netif=lo [ 1217.541315][T15304] vivid-000: reconnect [ 1220.121306][T14981] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1220.345406][T14981] 8021q: adding VLAN 0 to HW filter on device team0 [ 1221.241034][T14981] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1221.783607][T14981] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1221.860523][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 1221.867715][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1221.942638][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 1221.949835][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1223.561080][ T5136] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1223.573050][ T5136] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1223.580138][T15365] ceph: No mds server is up or the cluster is laggy [ 1224.337704][ T5136] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1224.351925][ T5136] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1224.402022][ T5136] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1224.409931][ T5136] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1224.611281][T15378] usb usb6: usbfs: process 15378 (syz.3.1725) did not claim interface 0 before use [ 1224.961294][ T5830] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1225.297320][ T5830] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1225.309900][ T5830] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1225.320329][ T5830] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1225.330922][ T5830] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1225.338724][ T5830] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1225.707990][T15359] lo speed is unknown, defaulting to 1000 [ 1225.916362][T15373] lo speed is unknown, defaulting to 1000 [ 1226.489812][ T5830] Bluetooth: hci2: command 0x0406 tx timeout [ 1226.896495][T15396] netlink: 'syz.6.1728': attribute type 11 has an invalid length. [ 1227.255841][ T5830] Bluetooth: hci1: command tx timeout [ 1227.403618][T14982] Bluetooth: hci3: command tx timeout [ 1228.735245][ T29] audit: type=1326 audit(1740849488.754:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15401 comm="syz.3.1729" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7ba2f8d169 code=0x0 [ 1229.323394][T14982] Bluetooth: hci1: command tx timeout [ 1229.487017][T14982] Bluetooth: hci3: command tx timeout [ 1230.738574][T15424] ip6gretap0: entered promiscuous mode [ 1230.745243][T15424] batadv_slave_0: entered promiscuous mode [ 1230.751808][T15424] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 1230.759553][T15424] Cannot create hsr debugfs directory [ 1231.122254][T15432] netlink: 'syz.6.1733': attribute type 10 has an invalid length. [ 1231.212269][T15433] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1733'. [ 1231.404064][T14982] Bluetooth: hci1: command tx timeout [ 1231.564301][T14982] Bluetooth: hci3: command tx timeout [ 1231.862983][T15433] bridge_slave_1: left allmulticast mode [ 1231.868867][T15433] bridge_slave_1: left promiscuous mode [ 1231.875162][T15433] bridge0: port 2(bridge_slave_1) entered disabled state [ 1231.901940][T15433] bridge_slave_0: left allmulticast mode [ 1231.908436][T15433] bridge_slave_0: left promiscuous mode [ 1231.914398][T15433] bridge0: port 1(bridge_slave_0) entered disabled state [ 1232.774513][T15359] chnl_net:caif_netlink_parms(): no params data found [ 1233.169173][T15373] chnl_net:caif_netlink_parms(): no params data found [ 1233.545931][T14982] Bluetooth: hci1: command tx timeout [ 1233.643652][T14982] Bluetooth: hci3: command tx timeout [ 1233.991377][T15450] netlink: 'syz.0.1735': attribute type 4 has an invalid length. [ 1235.467253][T15359] bridge0: port 1(bridge_slave_0) entered blocking state [ 1235.487046][T15359] bridge0: port 1(bridge_slave_0) entered disabled state [ 1235.502790][T15359] bridge_slave_0: entered allmulticast mode [ 1235.515945][T15359] bridge_slave_0: entered promiscuous mode [ 1235.594246][T15480] netlink: 'syz.6.1740': attribute type 4 has an invalid length. [ 1235.602113][T15480] netlink: 3657 bytes leftover after parsing attributes in process `syz.6.1740'. [ 1235.627271][T15480] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1740'. [ 1236.199457][T15481] usb usb1: check_ctrlrecip: process 15481 (syz.6.1740) requesting ep 01 but needs 81 [ 1236.209603][T15481] usb usb1: usbfs: process 15481 (syz.6.1740) did not claim interface 0 before use [ 1236.330161][T15359] bridge0: port 2(bridge_slave_1) entered blocking state [ 1236.337538][T15359] bridge0: port 2(bridge_slave_1) entered disabled state [ 1236.345820][T15359] bridge_slave_1: entered allmulticast mode [ 1236.353063][T15359] bridge_slave_1: entered promiscuous mode [ 1236.363635][ T9479] bridge_slave_1: left allmulticast mode [ 1236.369350][ T9479] bridge_slave_1: left promiscuous mode [ 1236.387298][ T9479] bridge0: port 2(bridge_slave_1) entered disabled state [ 1236.431911][ T9479] bridge_slave_0: left allmulticast mode [ 1236.449719][ T9479] bridge_slave_0: left promiscuous mode [ 1236.465756][ T9479] bridge0: port 1(bridge_slave_0) entered disabled state [ 1238.636226][ T9479] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1238.651412][ T9479] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1238.664705][ T9479] bond0 (unregistering): Released all slaves [ 1238.882695][T15373] bridge0: port 1(bridge_slave_0) entered blocking state [ 1238.930073][T15373] bridge0: port 1(bridge_slave_0) entered disabled state [ 1239.198290][T15373] bridge_slave_0: entered allmulticast mode [ 1239.947957][T15373] bridge_slave_0: entered promiscuous mode [ 1239.958183][T15373] bridge0: port 2(bridge_slave_1) entered blocking state [ 1239.967255][T15373] bridge0: port 2(bridge_slave_1) entered disabled state [ 1239.974908][T15373] bridge_slave_1: entered allmulticast mode [ 1240.002224][T15373] bridge_slave_1: entered promiscuous mode [ 1240.179055][T15359] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1241.785714][ T9479] hsr_slave_0: left promiscuous mode [ 1241.811767][ T9479] hsr_slave_1: left promiscuous mode [ 1241.833196][ T9479] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1241.863074][ T9479] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1244.166163][T15544] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1754'. [ 1244.460105][ T9479] team0 (unregistering): Port device team_slave_1 removed [ 1244.479689][ T29] audit: type=1326 audit(1740849504.594:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15542 comm="syz.0.1755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37acb8d169 code=0x7ffc0000 [ 1244.517908][ T5822] IPVS: starting estimator thread 0... [ 1244.575506][ T29] audit: type=1326 audit(1740849504.594:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15542 comm="syz.0.1755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37acb8d169 code=0x7ffc0000 [ 1244.602719][ T29] audit: type=1326 audit(1740849504.594:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15542 comm="syz.0.1755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f37acb8d169 code=0x7ffc0000 [ 1244.613504][T15546] IPVS: using max 22 ests per chain, 52800 per kthread [ 1244.660550][ T29] audit: type=1326 audit(1740849504.594:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15542 comm="syz.0.1755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37acb8d169 code=0x7ffc0000 [ 1244.727486][ T29] audit: type=1326 audit(1740849504.594:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15542 comm="syz.0.1755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37acb8d169 code=0x7ffc0000 [ 1244.758310][ T9479] team0 (unregistering): Port device team_slave_0 removed [ 1244.813365][ T29] audit: type=1326 audit(1740849504.594:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15542 comm="syz.0.1755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f37acb8d169 code=0x7ffc0000 [ 1244.848712][ T29] audit: type=1326 audit(1740849504.594:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15542 comm="syz.0.1755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37acb8d169 code=0x7ffc0000 [ 1244.889385][ T29] audit: type=1326 audit(1740849504.594:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15542 comm="syz.0.1755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f37acb8d169 code=0x7ffc0000 [ 1244.926196][ T29] audit: type=1326 audit(1740849504.604:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15542 comm="syz.0.1755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f37acb8d1a3 code=0x7ffc0000 [ 1244.959859][ T29] audit: type=1326 audit(1740849504.604:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15542 comm="syz.0.1755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f37acb8d1a3 code=0x7ffc0000 [ 1246.682060][T15359] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1246.897792][T15543] vlan5: entered allmulticast mode [ 1247.123571][T15567] vxcan0: tx drop: invalid da for name 0x0000000000000003 [ 1247.755565][T15359] team0: Port device team_slave_0 added [ 1247.772151][T15373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1247.865082][T15359] team0: Port device team_slave_1 added [ 1247.894836][T15373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1249.124898][T15373] team0: Port device team_slave_0 added [ 1249.362232][T15359] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1249.503483][T15359] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1249.715906][T15359] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1249.765774][T15373] team0: Port device team_slave_1 added [ 1249.928247][T15588] bond0: entered promiscuous mode [ 1249.938617][T15588] bond_slave_0: entered promiscuous mode [ 1249.945240][T15588] bond_slave_1: entered promiscuous mode [ 1249.952752][T15588] batadv0: entered promiscuous mode [ 1249.967009][T15588] 8021q: adding VLAN 0 to HW filter on device hsr2 [ 1250.700736][T15359] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1250.721503][T15359] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1250.910441][T15359] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1251.622136][T15373] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1251.644144][T15373] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1251.683364][T15373] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1251.834118][T15373] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1251.863493][T15373] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1251.973710][T15373] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1251.997847][T15359] hsr_slave_0: entered promiscuous mode [ 1252.014207][T15359] hsr_slave_1: entered promiscuous mode [ 1252.020539][T15359] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1252.046551][T15359] Cannot create hsr debugfs directory [ 1253.879144][T15373] hsr_slave_0: entered promiscuous mode [ 1253.924390][T15373] hsr_slave_1: entered promiscuous mode [ 1253.988043][T15373] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1254.005989][T15373] Cannot create hsr debugfs directory [ 1255.751277][T15642] netlink: 'syz.3.1773': attribute type 10 has an invalid length. [ 1256.362972][T15644] netlink: 'syz.6.1772': attribute type 10 has an invalid length. [ 1256.907657][T15641] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1773'. [ 1256.923142][T15642] dummy0: entered promiscuous mode [ 1256.929272][T15642] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1260.189914][T15673] xt_connbytes: Forcing CT accounting to be enabled [ 1260.197832][T15673] xt_bpf: check failed: parse error [ 1262.474926][ T9479] bridge_slave_1: left allmulticast mode [ 1262.495445][ T9479] bridge_slave_1: left promiscuous mode [ 1262.520119][ T9479] bridge0: port 2(bridge_slave_1) entered disabled state [ 1262.568161][ T9479] bridge_slave_0: left allmulticast mode [ 1262.601309][ T9479] bridge_slave_0: left promiscuous mode [ 1262.611698][ T9479] bridge0: port 1(bridge_slave_0) entered disabled state [ 1266.684303][ T9479] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1266.709272][ T9479] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1266.757957][ T9479] bond0 (unregistering): Released all slaves [ 1266.879252][T15761] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1788'. [ 1266.999754][ T9479] hsr_slave_0: left promiscuous mode [ 1267.016997][T15769] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1792'. [ 1267.070097][ T9479] hsr_slave_1: left promiscuous mode [ 1267.084121][ T9479] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1267.104626][ T9479] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1269.931123][T15802] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1796'. [ 1270.686329][ T9479] team0 (unregistering): Port device team_slave_1 removed [ 1270.840653][ T9479] team0 (unregistering): Port device team_slave_0 removed [ 1273.175235][T15359] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1273.946757][ T29] kauditd_printk_skb: 25 callbacks suppressed [ 1273.946824][ T29] audit: type=1326 audit(1740849533.564:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15810 comm="syz.0.1799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37acb8d169 code=0x7ffc0000 [ 1274.510719][ T29] audit: type=1326 audit(1740849533.574:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15810 comm="syz.0.1799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37acb8d169 code=0x7ffc0000 [ 1274.532578][T15818] xt_CT: No such helper "snmp" [ 1274.811123][T15359] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1274.854081][T15359] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1275.786292][T15359] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1276.278080][T15814] bond0: (slave dummy0): Releasing backup interface [ 1276.295574][T15814] dummy0: left promiscuous mode [ 1276.308911][T15814] bridge_slave_0: left allmulticast mode [ 1276.334833][T15814] bridge_slave_0: left promiscuous mode [ 1276.346090][T15814] bridge0: port 1(bridge_slave_0) entered disabled state [ 1276.372760][T15814] bridge_slave_1: left allmulticast mode [ 1276.403932][T15814] bridge_slave_1: left promiscuous mode [ 1276.419609][T15814] bridge0: port 2(bridge_slave_1) entered disabled state [ 1276.447075][T15814] bond0: (slave bond_slave_0): Releasing backup interface [ 1276.472870][T15814] bond_slave_0: left promiscuous mode [ 1276.497042][T15814] bond0: (slave bond_slave_1): Releasing backup interface [ 1276.526943][T15814] bond_slave_1: left promiscuous mode [ 1276.616112][T15814] team0: Port device team_slave_0 removed [ 1276.666436][T15814] team0: Port device team_slave_1 removed [ 1276.691033][T15814] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1276.706828][T15814] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1276.728805][T15814] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1276.747309][T15814] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1277.052687][T15855] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1805'. [ 1279.132368][T15359] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1279.202050][T15359] 8021q: adding VLAN 0 to HW filter on device team0 [ 1279.304915][ T9537] bridge0: port 1(bridge_slave_0) entered blocking state [ 1279.312126][ T9537] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1279.382135][ T9537] bridge0: port 2(bridge_slave_1) entered blocking state [ 1279.389450][ T9537] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1279.428493][T15373] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1279.444861][T15373] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1279.473594][T15373] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1279.514757][T15373] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1279.647643][T15359] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1279.784962][T15890] netlink: 'syz.0.1809': attribute type 8 has an invalid length. [ 1279.792730][T15890] netlink: 163260 bytes leftover after parsing attributes in process `syz.0.1809'. [ 1279.940227][T15373] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1280.094705][T15903] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1812'. [ 1280.128484][T15903] netlink: 'syz.6.1812': attribute type 12 has an invalid length. [ 1280.247712][T15373] 8021q: adding VLAN 0 to HW filter on device team0 [ 1280.918395][T15359] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1281.600690][T15909] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1281.835172][ T5921] bridge0: port 1(bridge_slave_0) entered blocking state [ 1281.842333][ T5921] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1281.852100][ T5921] bridge0: port 2(bridge_slave_1) entered blocking state [ 1281.859323][ T5921] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1284.267781][ T29] audit: type=1326 audit(1740849544.314:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15949 comm="syz.0.1817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37acb8d169 code=0x7ffc0000 [ 1284.954940][ T29] audit: type=1326 audit(1740849544.314:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15949 comm="syz.0.1817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37acb8d169 code=0x7ffc0000 [ 1284.976738][ T29] audit: type=1326 audit(1740849544.324:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15949 comm="syz.0.1817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f37acb8d169 code=0x7ffc0000 [ 1284.999834][ T29] audit: type=1326 audit(1740849544.324:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15949 comm="syz.0.1817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37acb8d169 code=0x7ffc0000 [ 1285.033365][ T29] audit: type=1326 audit(1740849544.324:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15949 comm="syz.0.1817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37acb8d169 code=0x7ffc0000 [ 1285.123367][ T29] audit: type=1326 audit(1740849544.324:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15949 comm="syz.0.1817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f37acb8d169 code=0x7ffc0000 [ 1285.155757][ T5830] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1285.176236][ T5830] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1285.225466][T15965] netlink: 48 bytes leftover after parsing attributes in process `syz.6.1818'. [ 1285.253796][ T5830] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1285.264515][ T5830] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1285.272426][ T5830] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1285.279958][ T5830] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1285.354670][ T29] audit: type=1326 audit(1740849544.324:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15949 comm="syz.0.1817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37acb8d169 code=0x7ffc0000 [ 1285.428344][T14982] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1285.434678][ T29] audit: type=1326 audit(1740849544.324:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15949 comm="syz.0.1817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37acb8d169 code=0x7ffc0000 [ 1285.496611][T14982] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1285.634443][T14982] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1285.652138][T14982] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1286.206395][T14982] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1286.214452][T14982] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1286.258533][ T29] audit: type=1326 audit(1740849544.334:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15949 comm="syz.0.1817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f37acb8d169 code=0x7ffc0000 [ 1286.303547][ T29] audit: type=1326 audit(1740849544.334:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15949 comm="syz.0.1817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37acb8d169 code=0x7ffc0000 [ 1286.408030][T15946] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1816'. [ 1286.449549][T15972] bridge0: port 5(hsr_slave_1) entered blocking state [ 1286.457329][T15972] bridge0: port 5(hsr_slave_1) entered disabled state [ 1286.464629][T15972] hsr_slave_1: entered allmulticast mode [ 1286.471742][T15972] hsr_slave_1: left allmulticast mode [ 1286.941390][T15986] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1821'. [ 1287.329359][T15959] lo speed is unknown, defaulting to 1000 [ 1287.351797][T15970] lo speed is unknown, defaulting to 1000 [ 1287.403957][T14982] Bluetooth: hci1: command tx timeout [ 1288.895212][T14982] Bluetooth: hci3: command tx timeout [ 1289.023793][T16000] Invalid source name [ 1289.483902][T14982] Bluetooth: hci1: command tx timeout [ 1290.701246][T15959] chnl_net:caif_netlink_parms(): no params data found [ 1290.773563][ T5957] bridge_slave_1: left allmulticast mode [ 1290.803367][ T5957] bridge_slave_1: left promiscuous mode [ 1290.812635][ T5957] bridge0: port 2(bridge_slave_1) entered disabled state [ 1290.895182][ T5957] bridge_slave_0: left allmulticast mode [ 1290.900897][ T5957] bridge_slave_0: left promiscuous mode [ 1290.919483][ T5957] bridge0: port 1(bridge_slave_0) entered disabled state [ 1290.933796][T14982] Bluetooth: hci3: command tx timeout [ 1292.069002][T14982] Bluetooth: hci1: command tx timeout [ 1293.008693][T14982] Bluetooth: hci3: command tx timeout [ 1294.128629][T14982] Bluetooth: hci1: command tx timeout [ 1295.138153][T14982] Bluetooth: hci3: command tx timeout [ 1295.457126][ T5957] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1295.472151][ T5957] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1295.490371][ T5957] bond0 (unregistering): Released all slaves [ 1296.111424][T16071] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1296.120838][T16071] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1296.286990][T15970] chnl_net:caif_netlink_parms(): no params data found [ 1296.973531][ T5957] hsr_slave_0: left promiscuous mode [ 1297.020796][ T5957] hsr_slave_1: left promiscuous mode [ 1297.036623][ T5957] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1297.054418][ T5957] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1297.485853][T16082] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1837'. [ 1299.135710][ T5957] team0 (unregistering): Port device team_slave_1 removed [ 1299.236681][ T5957] team0 (unregistering): Port device team_slave_0 removed [ 1301.097634][T16104] cgroup: Unknown subsys name 'cpuset' [ 1301.912385][T16114] netlink: 'syz.0.1844': attribute type 33 has an invalid length. [ 1301.920962][T16114] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1844'. [ 1303.793224][T16095] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 1303.802974][T16095] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1304.259196][T15959] bridge0: port 1(bridge_slave_0) entered blocking state [ 1304.272923][T15959] bridge0: port 1(bridge_slave_0) entered disabled state [ 1304.292070][T15959] bridge_slave_0: entered allmulticast mode [ 1304.300685][T15959] bridge_slave_0: entered promiscuous mode [ 1304.850257][T16139] netlink: 2028 bytes leftover after parsing attributes in process `syz.3.1847'. [ 1304.860217][T16139] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1847'. [ 1305.258080][T15970] bridge0: port 1(bridge_slave_0) entered blocking state [ 1305.280051][T15970] bridge0: port 1(bridge_slave_0) entered disabled state [ 1305.287644][T15970] bridge_slave_0: entered allmulticast mode [ 1305.295334][T15970] bridge_slave_0: entered promiscuous mode [ 1305.303905][T15959] bridge0: port 2(bridge_slave_1) entered blocking state [ 1305.544125][T15959] bridge0: port 2(bridge_slave_1) entered disabled state [ 1305.552611][T15959] bridge_slave_1: entered allmulticast mode [ 1305.780259][T15959] bridge_slave_1: entered promiscuous mode [ 1306.040519][T16142] tipc: Enabling of bearer rejected, failed to enable media [ 1306.049641][T16143] team0: MTU too low for tipc bearer [ 1306.055245][T16143] tipc: Enabling of bearer rejected, failed to enable media [ 1306.064630][T15970] bridge0: port 2(bridge_slave_1) entered blocking state [ 1306.071798][T15970] bridge0: port 2(bridge_slave_1) entered disabled state [ 1306.082603][T15970] bridge_slave_1: entered allmulticast mode [ 1306.089945][T15970] bridge_slave_1: entered promiscuous mode [ 1306.413013][T15970] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1307.389169][T15959] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1307.415163][T15959] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1307.445180][T15970] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1309.872470][T15970] team0: Port device team_slave_0 added [ 1309.895634][T15970] team0: Port device team_slave_1 added [ 1311.282874][T15959] team0: Port device team_slave_0 added [ 1311.445959][T15970] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1311.471402][T15970] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1311.582903][T16177] netlink: 'syz.6.1854': attribute type 10 has an invalid length. [ 1311.734394][T15970] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1311.762344][T15959] team0: Port device team_slave_1 added [ 1311.936728][T16184] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1854'. [ 1312.447496][T16172] mac80211_hwsim hwsim26 wlan1: entered allmulticast mode [ 1312.575555][T16174] bond0: (slave bond_slave_0): Releasing backup interface [ 1312.765333][T16174] bond0: (slave bond_slave_1): Releasing backup interface [ 1313.799711][T16174] team0: Port device team_slave_0 removed [ 1313.821429][T16174] team0: Port device team_slave_1 removed [ 1313.832858][T16174] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1313.854069][T16174] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1313.879098][T16174] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1313.889559][T16174] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1314.094833][T16177] mac80211_hwsim hwsim26 wlan1: left allmulticast mode [ 1314.107965][T16177] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1314.182975][T16177] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1314.385854][T15970] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1314.423076][T15970] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1314.451972][ C0] vkms_vblank_simulate: vblank timer overrun [ 1314.493895][T15970] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1314.602017][T13999] lo speed is unknown, defaulting to 1000 [ 1314.608373][T16196] netlink: 'syz.3.1858': attribute type 1 has an invalid length. [ 1314.721063][T15959] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1314.737613][T15959] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1314.926252][T15959] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1314.939764][T15959] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1314.950324][T15959] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1315.084348][T15959] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1316.197444][T16209] netdevsim netdevsim6: loading /lib/firmware/. failed with error -22 [ 1316.206915][T16209] netdevsim netdevsim6: Direct firmware load for . failed with error -22 [ 1316.216002][T16209] netdevsim netdevsim6: Falling back to sysfs fallback for: . [ 1316.313393][ T5822] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 1316.447134][T15970] hsr_slave_0: entered promiscuous mode [ 1316.469824][T15970] hsr_slave_1: entered promiscuous mode [ 1316.506563][T15970] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1316.533541][T15970] Cannot create hsr debugfs directory [ 1316.617724][ T5822] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1316.632503][ T5822] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1316.645817][ T5822] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1316.693128][ T5822] usb 4-1: config 0 descriptor?? [ 1316.969684][ T5822] pwc: Askey VC010 type 2 USB webcam detected. [ 1317.279773][ T5822] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1317.334918][ T5822] pwc: recv_control_msg error -32 req 02 val 2700 [ 1317.383213][ T5822] pwc: recv_control_msg error -32 req 02 val 2c00 [ 1317.400305][ T5822] pwc: recv_control_msg error -32 req 04 val 1000 [ 1317.414374][ T5822] pwc: recv_control_msg error -32 req 04 val 1300 [ 1317.610409][T15959] hsr_slave_0: entered promiscuous mode [ 1317.626946][ T5822] pwc: recv_control_msg error -32 req 02 val 2000 [ 1317.634515][T15959] hsr_slave_1: entered promiscuous mode [ 1317.654276][ T5822] pwc: recv_control_msg error -71 req 02 val 2100 [ 1317.661717][T15959] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1317.669528][ T5822] pwc: recv_control_msg error -71 req 04 val 1500 [ 1317.676875][T15959] Cannot create hsr debugfs directory [ 1317.702379][ T5822] pwc: recv_control_msg error -71 req 02 val 2500 [ 1317.714585][ T5822] pwc: recv_control_msg error -71 req 02 val 2400 [ 1318.243570][ T5822] pwc: recv_control_msg error -71 req 02 val 2600 [ 1318.266994][ T5822] pwc: recv_control_msg error -71 req 02 val 2900 [ 1318.298823][ T5822] pwc: recv_control_msg error -71 req 02 val 2800 [ 1318.306638][ T5822] pwc: recv_control_msg error -71 req 04 val 1100 [ 1318.314181][ T5822] pwc: recv_control_msg error -71 req 04 val 1200 [ 1318.330224][ T5822] pwc: Registered as video103. [ 1318.379575][ T5822] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input25 [ 1318.946813][ T5822] usb 4-1: USB disconnect, device number 7 [ 1319.022418][ T9522] bridge_slave_1: left allmulticast mode [ 1319.055748][ T9522] bridge_slave_1: left promiscuous mode [ 1319.064845][ T9522] bridge0: port 2(bridge_slave_1) entered disabled state [ 1319.803745][ T9522] bridge_slave_0: left allmulticast mode [ 1319.841071][ T9522] bridge_slave_0: left promiscuous mode [ 1319.864016][ T9522] bridge0: port 1(bridge_slave_0) entered disabled state [ 1323.055169][ T9522] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1323.076298][ T9522] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1323.089412][ T9522] bond0 (unregistering): Released all slaves [ 1323.671667][ T9522] hsr_slave_0: left promiscuous mode [ 1323.748905][ T9522] hsr_slave_1: left promiscuous mode [ 1323.794103][ T9522] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1323.816657][ T9522] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1324.158069][T16274] overlayfs: failed to clone upperpath [ 1325.165150][T16279] Cannot find add_set index 0 as target [ 1325.754252][ T9522] team0 (unregistering): Port device team_slave_1 removed [ 1325.815704][T16290] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1881'. [ 1326.498611][ T9522] team0 (unregistering): Port device team_slave_0 removed [ 1327.240375][T16298] trusted_key: encrypted_key: keylen parameter is missing [ 1329.459116][T16303] syz.3.1884: attempt to access beyond end of device [ 1329.459116][T16303] nbd3: rw=0, sector=2, nr_sectors = 2 limit=0 [ 1329.472707][T16303] vxfs: unable to read disk superblock at 1 [ 1329.479140][T16303] syz.3.1884: attempt to access beyond end of device [ 1329.479140][T16303] nbd3: rw=0, sector=16, nr_sectors = 2 limit=0 [ 1329.492475][T16303] vxfs: unable to read disk superblock at 8 [ 1329.499175][T16303] vxfs: can't find superblock. [ 1333.332795][T16330] netlink: 'syz.6.1890': attribute type 10 has an invalid length. [ 1333.896332][T16331] infiniband syz1: set down [ 1333.900920][T16331] infiniband syz1: added team_slave_0 [ 1333.907469][T16331] syz1: rxe_create_cq: returned err = -12 [ 1333.913389][T16331] infiniband syz1: Couldn't create ib_mad CQ [ 1333.922437][T16331] infiniband syz1: Couldn't open port 1 [ 1333.945128][T16331] RDS/IB: syz1: added [ 1333.949213][T16331] smc: adding ib device syz1 with port count 1 [ 1333.955484][T16331] smc: ib device syz1 port 1 has pnetid [ 1441.523284][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 1441.530319][ C0] rcu: 1-...!: (1 GPs behind) idle=8f3c/1/0x4000000000000000 softirq=80537/80541 fqs=0 [ 1441.542576][ C0] rcu: (detected by 0, t=10502 jiffies, g=68825, q=72 ncpus=2) [ 1441.550297][ C0] Sending NMI from CPU 0 to CPUs 1: [ 1441.550334][ C1] NMI backtrace for cpu 1 [ 1441.550348][ C1] CPU: 1 UID: 0 PID: 16347 Comm: syz.6.1894 Not tainted 6.14.0-rc4-syzkaller-00248-g03d38806a902 #0 [ 1441.550366][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1441.550377][ C1] RIP: 0010:lock_release+0x22e/0xa30 [ 1441.550407][ C1] Code: 85 75 05 00 00 83 3d 00 1e 9f 0e 00 0f 84 bf 03 00 00 49 8d b5 e8 0a 00 00 48 89 f0 48 c1 e8 03 48 89 44 24 48 42 0f b6 04 38 <84> c0 0f 85 78 05 00 00 8b 06 85 c0 0f 84 2e 02 00 00 48 89 34 24 [ 1441.550426][ C1] RSP: 0018:ffffc90000a18a00 EFLAGS: 00000806 [ 1441.550440][ C1] RAX: 0000000000000000 RBX: 0000000000000046 RCX: ffffc90000a18a03 [ 1441.550451][ C1] RDX: 1ffff92000143150 RSI: ffff88802b62a8e8 RDI: ffffffff8c801c20 [ 1441.550462][ C1] RBP: ffffc90000a18b30 R08: ffffffff903bc677 R09: 1ffffffff20778ce [ 1441.550474][ C1] R10: dffffc0000000000 R11: fffffbfff20778cf R12: 1ffff9200014314c [ 1441.550486][ C1] R13: ffff88802b629e00 R14: ffffffff9a8e1608 R15: dffffc0000000000 [ 1441.550498][ C1] FS: 00007ff7953d56c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 1441.550511][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1441.550522][ C1] CR2: 000000110c3d23d3 CR3: 000000004a8ae000 CR4: 00000000003526f0 [ 1441.550536][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1441.550545][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1441.550555][ C1] Call Trace: [ 1441.550562][ C1] [ 1441.550571][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 1441.550592][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1441.550613][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1441.550636][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 1441.550654][ C1] ? nmi_handle+0x14f/0x5a0 [ 1441.550675][ C1] ? nmi_handle+0x2a/0x5a0 [ 1441.550695][ C1] ? lock_release+0x22e/0xa30 [ 1441.550714][ C1] ? default_do_nmi+0x63/0x160 [ 1441.550729][ C1] ? exc_nmi+0x123/0x1f0 [ 1441.550743][ C1] ? end_repeat_nmi+0xf/0x53 [ 1441.550768][ C1] ? lock_release+0x22e/0xa30 [ 1441.550788][ C1] ? lock_release+0x22e/0xa30 [ 1441.550808][ C1] ? lock_release+0x22e/0xa30 [ 1441.550828][ C1] [ 1441.550832][ C1] [ 1441.550840][ C1] ? debug_object_activate+0x3f7/0x580 [ 1441.550861][ C1] ? do_raw_spin_lock+0x14f/0x370 [ 1441.550879][ C1] ? __pfx_lock_release+0x10/0x10 [ 1441.550904][ C1] _raw_spin_unlock_irqrestore+0x79/0x140 [ 1441.550923][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1441.550945][ C1] debug_object_activate+0x3f7/0x580 [ 1441.550967][ C1] ? __pfx_debug_object_activate+0x10/0x10 [ 1441.550986][ C1] ? advance_sched+0xa02/0xca0 [ 1441.551006][ C1] ? _raw_spin_lock_irq+0xdf/0x120 [ 1441.551022][ C1] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 1441.551041][ C1] enqueue_hrtimer+0x30/0x3c0 [ 1441.551058][ C1] __hrtimer_run_queues+0x6cb/0xd30 [ 1441.551079][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 1441.551093][ C1] ? sched_clock+0x4a/0x70 [ 1441.551109][ C1] ? read_tsc+0x9/0x20 [ 1441.551124][ C1] ? ktime_get_update_offsets_now+0x38e/0x3b0 [ 1441.551146][ C1] hrtimer_interrupt+0x403/0xa40 [ 1441.551169][ C1] __sysvec_apic_timer_interrupt+0x110/0x420 [ 1441.551192][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 1441.551212][ C1] [ 1441.551217][ C1] [ 1441.551222][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1441.551243][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140 [ 1441.551261][ C1] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 9e 1c 23 f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 43 0d 8c f5 65 8b 05 94 7f 00 74 85 c0 74 43 48 c7 04 24 0e 36 [ 1441.551273][ C1] RSP: 0018:ffffc900033d7ba0 EFLAGS: 00000206 [ 1441.551286][ C1] RAX: 58d55141ec842700 RBX: 1ffff9200067af78 RCX: ffffffff819d2a9a [ 1441.551298][ C1] RDX: dffffc0000000000 RSI: ffffffff8c2aa4a0 RDI: 0000000000000001 [ 1441.551309][ C1] RBP: ffffc900033d7c30 R08: ffffffff94513847 R09: 1ffffffff28a2708 [ 1441.551321][ C1] R10: dffffc0000000000 R11: fffffbfff28a2709 R12: dffffc0000000000 [ 1441.551332][ C1] R13: 1ffff9200067af74 R14: ffffc900033d7bc0 R15: 0000000000000246 [ 1441.551346][ C1] ? mark_lock+0x9a/0x360 [ 1441.551370][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1441.551389][ C1] ? read_tsc+0x9/0x20 [ 1441.551406][ C1] clock_was_set+0x686/0x810 [ 1441.551440][ C1] ? __pfx_clock_was_set+0x10/0x10 [ 1441.551463][ C1] ? do_settimeofday64+0x328/0x5e0 [ 1441.551478][ C1] ? timekeeping_update_from_shadow+0x2b6/0x350 [ 1441.551499][ C1] do_settimeofday64+0x343/0x5e0 [ 1441.551519][ C1] ? __pfx_do_settimeofday64+0x10/0x10 [ 1441.551536][ C1] ? qca_wakeup+0x118/0x190 [ 1441.551556][ C1] ? capable+0x89/0xe0 [ 1441.551572][ C1] ? security_settime64+0x74/0x280 [ 1441.551590][ C1] __x64_sys_clock_settime+0x23a/0x280 [ 1441.551701][ C1] ? __pfx___x64_sys_clock_settime+0x10/0x10 [ 1441.551723][ C1] ? do_syscall_64+0x100/0x230 [ 1441.551746][ C1] ? do_syscall_64+0xb6/0x230 [ 1441.551766][ C1] do_syscall_64+0xf3/0x230 [ 1441.551786][ C1] ? clear_bhb_loop+0x35/0x90 [ 1441.551808][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1441.551828][ C1] RIP: 0033:0x7ff79758d169 [ 1441.551844][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1441.551858][ C1] RSP: 002b:00007ff7953d5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e3 [ 1441.551875][ C1] RAX: ffffffffffffffda RBX: 00007ff7977a6160 RCX: 00007ff79758d169 [ 1441.551887][ C1] RDX: 0000000000000000 RSI: 00004000000002c0 RDI: 0000000000000000 [ 1441.551897][ C1] RBP: 00007ff79760e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1441.551908][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1441.551917][ C1] R13: 0000000000000000 R14: 00007ff7977a6160 R15: 00007ffc91625dd8 [ 1441.551935][ C1] [ 1441.552330][ C0] rcu: rcu_preempt kthread starved for 10502 jiffies! g68825 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 1442.141677][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 1442.151673][ C0] rcu: RCU grace-period kthread stack dump: [ 1442.157570][ C0] task:rcu_preempt state:R running task stack:25400 pid:17 tgid:17 ppid:2 task_flags:0x208040 flags:0x00004000 [ 1442.171088][ C0] Call Trace: [ 1442.174813][ C0] [ 1442.177760][ C0] __schedule+0x18bc/0x4c40 [ 1442.182292][ C0] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 1442.188224][ C0] ? __pfx___schedule+0x10/0x10 [ 1442.193102][ C0] ? __pfx_lock_release+0x10/0x10 [ 1442.198154][ C0] ? __pfx___mod_timer+0x10/0x10 [ 1442.203111][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1442.209462][ C0] ? schedule+0x90/0x320 [ 1442.213722][ C0] schedule+0x14b/0x320 [ 1442.217899][ C0] schedule_timeout+0x15a/0x290 [ 1442.222763][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 1442.228151][ C0] ? __pfx_process_timeout+0x10/0x10 [ 1442.233456][ C0] ? prepare_to_swait_event+0x330/0x350 [ 1442.239024][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1442.244244][ C0] rcu_gp_fqs_loop+0x2df/0x1330 [ 1442.249128][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 1442.254369][ C0] ? rcu_gp_init+0x1256/0x1630 [ 1442.259263][ C0] ? __pfx_rcu_gp_init+0x10/0x10 [ 1442.264237][ C0] ? __pfx_rcu_watching_snap_save+0x10/0x10 [ 1442.270240][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 1442.275555][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1442.281600][ C0] ? finish_swait+0xd4/0x1e0 [ 1442.286237][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1442.291569][ C0] rcu_gp_kthread+0xa7/0x3b0 [ 1442.296209][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1442.301529][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1442.307541][ C0] ? __kthread_parkme+0x169/0x1d0 [ 1442.312654][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1442.317896][ C0] kthread+0x7a9/0x920 [ 1442.321993][ C0] ? __pfx_kthread+0x10/0x10 [ 1442.326614][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1442.331834][ C0] ? __pfx_kthread+0x10/0x10 [ 1442.336461][ C0] ? __pfx_kthread+0x10/0x10 [ 1442.341585][ C0] ? __pfx_kthread+0x10/0x10 [ 1442.346278][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1442.351491][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 1442.356710][ C0] ? __pfx_kthread+0x10/0x10 [ 1442.361693][ C0] ret_from_fork+0x4b/0x80 [ 1442.366140][ C0] ? __pfx_kthread+0x10/0x10 [ 1442.370924][ C0] ret_from_fork_asm+0x1a/0x30 [ 1442.375899][ C0] [ 1442.378931][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 1442.385438][ C0] CPU: 0 UID: 0 PID: 15959 Comm: syz-executor Not tainted 6.14.0-rc4-syzkaller-00248-g03d38806a902 #0 [ 1442.397010][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1442.407171][ C0] RIP: 0010:smp_call_function_single+0x45f/0x1990 [ 1442.413806][ C0] Code: a7 34 0c 00 41 83 e4 01 75 16 e8 5c 30 0c 00 4d 89 fc 44 8b 7c 24 24 eb 46 e8 4d 30 0c 00 eb 3f 4d 89 fc 44 8b 7c 24 24 f3 90 <42> 0f b6 04 2b 84 c0 75 10 41 f7 06 01 00 00 00 74 1e e8 2a 30 0c [ 1442.433458][ C0] RSP: 0018:ffffc90004827560 EFLAGS: 00000293 [ 1442.439571][ C0] RAX: ffffffff81b58e96 RBX: 1ffff92000904ec9 RCX: ffff8880683d1e00 [ 1442.447576][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 1442.455566][ C0] RBP: ffffc900048276f8 R08: ffffffff81b58e59 R09: 1ffff92000904e78 [ 1442.463577][ C0] R10: dffffc0000000000 R11: fffff52000904e79 R12: 1ffff92000904ec4 [ 1442.471582][ C0] R13: dffffc0000000000 R14: ffffc90004827648 R15: 0000000000000000 [ 1442.479604][ C0] FS: 0000555576189500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 1442.489054][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1442.495659][ C0] CR2: 00007f7ba3d76f98 CR3: 0000000063700000 CR4: 00000000003526f0 [ 1442.503669][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1442.511654][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1442.519990][ C0] Call Trace: [ 1442.523297][ C0] [ 1442.526158][ C0] ? rcu_check_gp_kthread_starvation+0x278/0x310 [ 1442.532524][ C0] ? print_other_cpu_stall+0x1481/0x15c0 [ 1442.538191][ C0] ? __pfx_print_other_cpu_stall+0x10/0x10 [ 1442.544130][ C0] ? kvm_check_and_clear_guest_paused+0x6a/0xd0 [ 1442.550396][ C0] ? rcu_sched_clock_irq+0xa26/0x10e0 [ 1442.555801][ C0] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 1442.561667][ C0] ? update_process_times+0x242/0x2f0 [ 1442.567599][ C0] ? tick_nohz_handler+0x37c/0x500 [ 1442.573263][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 1442.578837][ C0] ? __hrtimer_run_queues+0x551/0xd30 [ 1442.584326][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 1442.590074][ C0] ? sched_clock+0x4a/0x70 [ 1442.594552][ C0] ? read_tsc+0x9/0x20 [ 1442.598646][ C0] ? ktime_get_update_offsets_now+0x38e/0x3b0 [ 1442.605187][ C0] ? hrtimer_interrupt+0x403/0xa40 [ 1442.610442][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x420 [ 1442.616627][ C0] ? sysvec_apic_timer_interrupt+0xa1/0xc0 [ 1442.622490][ C0] [ 1442.625487][ C0] [ 1442.629006][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1442.635245][ C0] ? smp_call_function_single+0x439/0x1990 [ 1442.641080][ C0] ? smp_call_function_single+0x476/0x1990 [ 1442.646914][ C0] ? smp_call_function_single+0x45f/0x1990 [ 1442.652749][ C0] ? __pfx_rcu_barrier_handler+0x10/0x10 [ 1442.658428][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1442.664538][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1442.670922][ C0] ? __pfx_smp_call_function_single+0x10/0x10 [ 1442.677042][ C0] ? __pfx_rcu_barrier_handler+0x10/0x10 [ 1442.682784][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1442.689132][ C0] ? __init_swait_queue_head+0xae/0x150 [ 1442.695219][ C0] rcu_barrier+0x327/0x530 [ 1442.699658][ C0] netdev_run_todo+0x37e/0xf30 [ 1442.704527][ C0] ? __pfx_netdev_run_todo+0x10/0x10 [ 1442.709905][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 1442.715118][ C0] ? nsim_destroy+0x399/0x620 [ 1442.719807][ C0] ? kfree+0x196/0x430 [ 1442.723896][ C0] ? nsim_destroy+0x399/0x620 [ 1442.728588][ C0] nsim_destroy+0x3c3/0x620 [ 1442.733112][ C0] __nsim_dev_port_del+0x14b/0x1b0 [ 1442.738282][ C0] nsim_dev_reload_destroy+0x28a/0x490 [ 1442.743775][ C0] ? kernfs_find_ns+0x2b8/0x340 [ 1442.748830][ C0] ? __pfx_nsim_bus_remove+0x10/0x10 [ 1442.754135][ C0] nsim_drv_remove+0x58/0x160 [ 1442.759029][ C0] device_release_driver_internal+0x4a9/0x7c0 [ 1442.765231][ C0] bus_remove_device+0x34f/0x420 [ 1442.770414][ C0] device_del+0x57a/0x9b0 [ 1442.775703][ C0] ? __pfx_device_del+0x10/0x10 [ 1442.780619][ C0] device_unregister+0x20/0xc0 [ 1442.785829][ C0] del_device_store+0x363/0x480 [ 1442.790709][ C0] ? __pfx_del_device_store+0x10/0x10 [ 1442.796111][ C0] ? sysfs_kf_write+0x182/0x2a0 [ 1442.804197][ C0] ? bus_attr_store+0x4f/0xb0 [ 1442.808993][ C0] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1442.814380][ C0] kernfs_fop_write_iter+0x3a0/0x500 [ 1442.819813][ C0] vfs_write+0xacf/0xd10 [ 1442.824617][ C0] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1442.830622][ C0] ? __pfx_vfs_write+0x10/0x10 [ 1442.835858][ C0] ? do_sys_openat2+0x17a/0x1d0 [ 1442.840735][ C0] ? __pfx_do_sys_openat2+0x10/0x10 [ 1442.845963][ C0] ksys_write+0x18f/0x2b0 [ 1442.850483][ C0] ? __pfx_ksys_write+0x10/0x10 [ 1442.855477][ C0] ? do_syscall_64+0x100/0x230 [ 1442.860461][ C0] ? do_syscall_64+0xb6/0x230 [ 1442.865377][ C0] do_syscall_64+0xf3/0x230 [ 1442.870278][ C0] ? clear_bhb_loop+0x35/0x90 [ 1442.875086][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1442.881136][ C0] RIP: 0033:0x7f22e918bc1f [ 1442.885726][ C0] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 1442.905730][ C0] RSP: 002b:00007ffe82426240 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1442.914603][ C0] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f22e918bc1f [ 1442.922752][ C0] RDX: 0000000000000001 RSI: 00007ffe82426290 RDI: 0000000000000005 [ 1442.930770][ C0] RBP: 00007f22e920f4fd R08: 0000000000000000 R09: 00007ffe82426097 [ 1442.939634][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 1442.947643][ C0] R13: 00007ffe82426290 R14: 00007f22e9ed4620 R15: 0000000000000003 [ 1442.956090][ C0]