last executing test programs: 2.493916766s ago: executing program 1 (id=2): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x3}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) 2.36945099s ago: executing program 2 (id=3): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) unlinkat(0xffffffffffffff9c, 0x0, 0x0) 1.995725773s ago: executing program 4 (id=5): unshare(0x22020600) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x106, 0x8}}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f00000002c0)={0x12, 0x10, 0xfa00, {0x0, r1, r0}}, 0x18) 1.132206886s ago: executing program 4 (id=7): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) ppoll(&(0x7f0000000240)=[{r1, 0x3328}, {0xffffffffffffffff, 0x4236}], 0x2, 0x0, 0x0, 0x0) close(r0) 1.131969446s ago: executing program 1 (id=8): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000240)=0xf2b, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f00000001c0)=""/30, &(0x7f0000000080)=0x1e) 1.131833387s ago: executing program 2 (id=9): r0 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCGLCKTRMIOS(r0, 0x5456, 0x0) 1.109468696s ago: executing program 0 (id=10): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000180)={0x54, r1, 0x1, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x2a, 0x33, @assoc_req={{{0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1}, {0x2}, @device_b, @device_a, @random="8ce14ad6abf0", {0x1, 0xd50}}, 0x8000, 0xc1, {0x0, 0x6, @default_ap_ssid}, @val, @void}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0xa, 0xcd, [0x7fff, 0x7ff, 0x600]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x40) 1.039990043s ago: executing program 1 (id=11): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, 0x0, 0x0) 1.03975464s ago: executing program 3 (id=4): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000600)={0x84, &(0x7f0000000940)=ANY=[@ANYBLOB="400f01"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000005c0)={0x2c, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000a00)={0x84, &(0x7f00000000c0)=ANY=[@ANYBLOB="20ea070000001d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.039410328s ago: executing program 2 (id=12): socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x509000, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6a72c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x40000, @dev={0xfe, 0x80, '\x00', 0x26}}}}, 0x108) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) 1.039144944s ago: executing program 0 (id=13): r0 = socket$inet_sctp(0x2, 0x5, 0x84) mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x2800, 0x0) mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000481000/0x1000)=nil) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) io_uring_setup(0x1195, &(0x7f0000000040)={0x0, 0x2150, 0xc000, 0x3, 0xc4}) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000000002) sched_setscheduler(r1, 0x2, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0xc020662a, 0x0) r4 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r4, 0x84, 0x6, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e21, @local}}}, 0x84) close_range(r0, 0xffffffffffffffff, 0x0) 748.377494ms ago: executing program 4 (id=14): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]}) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x28040041, 0x0, 0x0) 732.570511ms ago: executing program 4 (id=15): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet(0x2, 0x2, 0x6) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x20000, 0x0) getdents64(r0, 0x0, 0x22) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x80000001, 0x3) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$dsp(0xffffffffffffffff, &(0x7f00000001c0), 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) preadv(0xffffffffffffffff, 0x0, 0x0, 0x1, 0xfffffff0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000640)={0x8, 0x0, &(0x7f0000000000)=[@decrefs={0x400c6314}], 0x0, 0x0, 0x0}) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000800}, 0x4000010) r2 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$KDGKBTYPE(r2, 0x4b48, &(0x7f0000000040)) 412.079226ms ago: executing program 0 (id=16): socket$igmp6(0xa, 0x3, 0x2) socket$igmp6(0xa, 0x3, 0x2) socket$inet6(0xa, 0x3, 0x6) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/raw6\x00') preadv(r0, &(0x7f0000000180)=[{&(0x7f0000000240)=""/198, 0xc6}], 0x1, 0x8c00, 0x8) 411.895941ms ago: executing program 0 (id=17): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000003680)={0x18, 0x16, 0xa01, 0x0, 0x1, {0x2}, [@nested={0x4, 0x122}]}, 0x18}}, 0x0) 411.759346ms ago: executing program 0 (id=18): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x3, 0x0, 0x3, 0xc, 0x0, 0x70bd2c, 0x25dfdbfb, [@sadb_key={0x2, 0x9, 0x8, 0x0, "1c"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e22, @remote}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x7, 0xc, 0x1}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}}]}, 0x60}, 0x1, 0x7}, 0x0) 225.935414ms ago: executing program 3 (id=19): pselect6(0x40, &(0x7f00000000c0)={0x2, 0x10005, 0x1, 0xf27, 0x401, 0x7, 0x81, 0x8}, 0x0, 0x0, &(0x7f00000002c0)={0x77359400}, 0x0) 222.947365ms ago: executing program 0 (id=20): syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010ac054402000000002d7b0902240001000000000904000000030002"], 0x0) r0 = gettid() close(0xffffffffffffffff) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f00000001c0)={{0x0, 0x1, 0x0, 0x2000}, 'syz1\x00', 0x35}) ioctl$UI_DEV_SETUP(r1, 0x5501, 0x0) 163.977741ms ago: executing program 1 (id=21): r0 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x91e3, 0x8, 0x8000, 0x40024d}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xd, 0x0, 0x4) syz_io_uring_setup(0x106, &(0x7f0000000680)={0x0, 0xd531, 0x1, 0x2, 0x1f8}, &(0x7f0000000200)=0x0, &(0x7f0000000300)) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7}) write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r4, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x60, 0x185100, 0x23456}) io_uring_enter(r0, 0x627, 0xc1040000, 0x43, 0x0, 0x0) 163.710825ms ago: executing program 2 (id=22): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) unshare(0x2a020480) ppoll(&(0x7f0000000180)=[{r0}], 0x1, 0x0, 0x0, 0x0) 109.048617ms ago: executing program 2 (id=23): setresuid(0x0, 0xee00, 0xee00) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)={0x14, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x4}}, 0x14}}, 0x0) 78.932911ms ago: executing program 1 (id=24): madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r0, &(0x7f0000000580)='1\x00', 0x2) syz_clone(0x4400, 0x0, 0x0, 0x0, 0x0, 0x0) write$sysctl(r0, &(0x7f00000000c0)='2\x00', 0x2) 0s ago: executing program 2 (id=25): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) writev(r3, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00') read$FUSE(r4, &(0x7f0000000980)={0x2020}, 0x2020) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) r6 = socket$inet6_sctp(0xa, 0x801, 0x84) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x20008040) ioctl$HCIINQUIRY(r5, 0x400448ca, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.75' (ED25519) to the list of known hosts. [ 30.820394][ T6539] cgroup: Unknown subsys name 'net' [ 30.920159][ T6539] cgroup: Unknown subsys name 'cpuset' [ 30.921946][ T6539] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 31.056519][ T6539] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 33.280769][ T6553] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 33.281039][ T6553] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 33.283736][ T6559] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 33.283900][ T6559] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 33.286645][ T6559] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 33.288448][ T6559] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 33.290078][ T6561] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 33.290477][ T6561] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 33.290858][ T6561] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 33.291086][ T6561] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 33.291638][ T53] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 33.291811][ T53] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 33.292137][ T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 33.292328][ T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 33.300118][ T6553] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 33.310065][ T6561] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 33.310457][ T6561] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 33.310618][ T6561] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 33.310907][ T6561] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 33.311118][ T6561] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 33.312398][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 33.312755][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 33.312954][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 33.319323][ T6143] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 33.327022][ T6561] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 33.456313][ T6558] chnl_net:caif_netlink_parms(): no params data found [ 33.513393][ T6550] chnl_net:caif_netlink_parms(): no params data found [ 33.520817][ T6558] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.521218][ T6558] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.521296][ T6558] bridge_slave_0: entered allmulticast mode [ 33.521753][ T6558] bridge_slave_0: entered promiscuous mode [ 33.527863][ T6558] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.528169][ T6558] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.528244][ T6558] bridge_slave_1: entered allmulticast mode [ 33.529189][ T6558] bridge_slave_1: entered promiscuous mode [ 33.543946][ T6549] chnl_net:caif_netlink_parms(): no params data found [ 33.547705][ T6554] chnl_net:caif_netlink_parms(): no params data found [ 33.554209][ T6558] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 33.563535][ T6558] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 33.594661][ T6550] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.596036][ T6550] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.597310][ T6550] bridge_slave_0: entered allmulticast mode [ 33.598898][ T6550] bridge_slave_0: entered promiscuous mode [ 33.602207][ T6558] team0: Port device team_slave_0 added [ 33.612671][ T6550] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.613964][ T6550] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.615268][ T6550] bridge_slave_1: entered allmulticast mode [ 33.616766][ T6550] bridge_slave_1: entered promiscuous mode [ 33.618785][ T6558] team0: Port device team_slave_1 added [ 33.626713][ T6549] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.626799][ T6549] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.627016][ T6549] bridge_slave_0: entered allmulticast mode [ 33.627430][ T6549] bridge_slave_0: entered promiscuous mode [ 33.628379][ T6549] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.628398][ T6549] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.628446][ T6549] bridge_slave_1: entered allmulticast mode [ 33.628903][ T6549] bridge_slave_1: entered promiscuous mode [ 33.656286][ T6558] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.657552][ T6558] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 33.657583][ T6558] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 33.659520][ T6558] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 33.659529][ T6558] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 33.659542][ T6558] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 33.659892][ T6554] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.659991][ T6554] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.660045][ T6554] bridge_slave_0: entered allmulticast mode [ 33.660473][ T6554] bridge_slave_0: entered promiscuous mode [ 33.661174][ T6554] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.661195][ T6554] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.661236][ T6554] bridge_slave_1: entered allmulticast mode [ 33.661668][ T6554] bridge_slave_1: entered promiscuous mode [ 33.672194][ T6549] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 33.673263][ T6549] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 33.674778][ T6550] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 33.675829][ T6550] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 33.703591][ T6562] chnl_net:caif_netlink_parms(): no params data found [ 33.712359][ T6558] hsr_slave_0: entered promiscuous mode [ 33.712698][ T6558] hsr_slave_1: entered promiscuous mode [ 33.718867][ T6549] team0: Port device team_slave_0 added [ 33.719617][ T6549] team0: Port device team_slave_1 added [ 33.728243][ T6550] team0: Port device team_slave_0 added [ 33.731130][ T6554] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 33.732018][ T6554] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 33.743282][ T6550] team0: Port device team_slave_1 added [ 33.749300][ T6554] team0: Port device team_slave_0 added [ 33.749700][ T6549] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.749707][ T6549] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 33.749720][ T6549] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 33.750709][ T6549] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 33.750721][ T6549] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 33.750730][ T6549] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 33.770110][ T6554] team0: Port device team_slave_1 added [ 33.786566][ T6550] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.786594][ T6550] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 33.786612][ T6550] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 33.787247][ T6550] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 33.787254][ T6550] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 33.787264][ T6550] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 33.804115][ T6554] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.804138][ T6554] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 33.804164][ T6554] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 33.820802][ T6554] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 33.820826][ T6554] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 33.820840][ T6554] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 33.828055][ T6562] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.828363][ T6562] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.828444][ T6562] bridge_slave_0: entered allmulticast mode [ 33.829090][ T6562] bridge_slave_0: entered promiscuous mode [ 33.829707][ T6562] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.829724][ T6562] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.829770][ T6562] bridge_slave_1: entered allmulticast mode [ 33.830157][ T6562] bridge_slave_1: entered promiscuous mode [ 33.836836][ T6549] hsr_slave_0: entered promiscuous mode [ 33.837160][ T6549] hsr_slave_1: entered promiscuous mode [ 33.837361][ T6549] debugfs: 'hsr0' already exists in 'hsr' [ 33.837391][ T6549] Cannot create hsr debugfs directory [ 33.844394][ T6550] hsr_slave_0: entered promiscuous mode [ 33.844691][ T6550] hsr_slave_1: entered promiscuous mode [ 33.844862][ T6550] debugfs: 'hsr0' already exists in 'hsr' [ 33.844872][ T6550] Cannot create hsr debugfs directory [ 33.865561][ T6554] hsr_slave_0: entered promiscuous mode [ 33.866869][ T6554] hsr_slave_1: entered promiscuous mode [ 33.868062][ T6554] debugfs: 'hsr0' already exists in 'hsr' [ 33.869120][ T6554] Cannot create hsr debugfs directory [ 33.875092][ T6562] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 33.890838][ T6562] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 33.918170][ T6562] team0: Port device team_slave_0 added [ 33.927822][ T6562] team0: Port device team_slave_1 added [ 33.945517][ T6562] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.945545][ T6562] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 33.945560][ T6562] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 33.947599][ T6562] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 33.947605][ T6562] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 33.947616][ T6562] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 33.996751][ T6562] hsr_slave_0: entered promiscuous mode [ 33.997099][ T6562] hsr_slave_1: entered promiscuous mode [ 33.997312][ T6562] debugfs: 'hsr0' already exists in 'hsr' [ 33.997322][ T6562] Cannot create hsr debugfs directory [ 34.020301][ T6558] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 34.028685][ T6558] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 34.035995][ T6558] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 34.044328][ T6558] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 34.062332][ T6550] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 34.065293][ T6550] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 34.069576][ T6550] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 34.071789][ T6550] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 34.078632][ T6558] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.078686][ T6558] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.078896][ T6558] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.078935][ T6558] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.098466][ T6550] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.098510][ T6550] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.098604][ T6550] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.098632][ T6550] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.110145][ T6554] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 34.112496][ T6554] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 34.114860][ T6554] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 34.119915][ T6554] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 34.139698][ T6558] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.144320][ T6554] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.144358][ T6554] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.144435][ T6554] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.144461][ T6554] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.151422][ T6549] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 34.155081][ T6549] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 34.160976][ T6549] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 34.163357][ T6549] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 34.172808][ T6558] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.177558][ T5554] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.179310][ T5554] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.181994][ T5554] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.183521][ T5554] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.185848][ T5554] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.187060][ T5554] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.199871][ T15] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.199925][ T15] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.217751][ T6562] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 34.220188][ T6562] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 34.222765][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.222804][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.225136][ T6550] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.232089][ T6550] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.233352][ T6562] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 34.235724][ T6562] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 34.247402][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.247443][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.255562][ T5554] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.255607][ T5554] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.266094][ T6554] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.273589][ T6549] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.284688][ T6554] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.308513][ T6550] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 34.312568][ T6549] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.321518][ T2016] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.321560][ T2016] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.323127][ T2016] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.323147][ T2016] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.334915][ T6554] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 34.334960][ T6554] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 34.351964][ T2016] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.352012][ T2016] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.369807][ T15] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.369853][ T15] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.386923][ T6562] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.391686][ T6558] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 34.402671][ T6562] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.407025][ T1435] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.407064][ T1435] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.421822][ T1435] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.421884][ T1435] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.436006][ T6554] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 34.463115][ T6554] veth0_vlan: entered promiscuous mode [ 34.475261][ T6549] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 34.477425][ T6554] veth1_vlan: entered promiscuous mode [ 34.482124][ T6558] veth0_vlan: entered promiscuous mode [ 34.483680][ T6558] veth1_vlan: entered promiscuous mode [ 34.492416][ T6558] veth0_macvtap: entered promiscuous mode [ 34.505389][ T6554] veth0_macvtap: entered promiscuous mode [ 34.506648][ T6554] veth1_macvtap: entered promiscuous mode [ 34.509686][ T6558] veth1_macvtap: entered promiscuous mode [ 34.515362][ T6558] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 34.518101][ T6554] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 34.521015][ T6554] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 34.531554][ T6558] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 34.537694][ T6549] veth0_vlan: entered promiscuous mode [ 34.545156][ T6550] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 34.545291][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.545457][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.545480][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.545498][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.545512][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.545524][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.545535][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.545547][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.555174][ T6562] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 34.585108][ T6549] veth1_vlan: entered promiscuous mode [ 34.600053][ T2016] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.600088][ T2016] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.634591][ T6549] veth0_macvtap: entered promiscuous mode [ 34.637208][ T6549] veth1_macvtap: entered promiscuous mode [ 34.645078][ T6549] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 34.645282][ T15] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.645292][ T15] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.653863][ T6550] veth0_vlan: entered promiscuous mode [ 34.656085][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.656114][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.664015][ T6549] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 34.664584][ T6550] veth1_vlan: entered promiscuous mode [ 34.676899][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.676949][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.685027][ T6550] veth0_macvtap: entered promiscuous mode [ 34.687382][ T2016] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.687429][ T2016] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.687446][ T2016] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.687461][ T2016] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.694319][ T6550] veth1_macvtap: entered promiscuous mode [ 34.697984][ T6550] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 34.702994][ T6558] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 34.710732][ T6550] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 34.727875][ T5554] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.727938][ T5554] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.727971][ T5554] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.727989][ T5554] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.740488][ T5554] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.740518][ T5554] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.756325][ T6562] veth0_vlan: entered promiscuous mode [ 34.775305][ T6562] veth1_vlan: entered promiscuous mode [ 34.783121][ T6562] veth0_macvtap: entered promiscuous mode [ 34.784171][ T6562] veth1_macvtap: entered promiscuous mode [ 34.788190][ T6562] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 34.790287][ T6562] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 34.811408][ T2016] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.814289][ T2016] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.814301][ T2016] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.814405][ T2016] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.814484][ T2016] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.814503][ T2016] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.845619][ T1435] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.845647][ T1435] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.864309][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.864343][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.120127][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.120156][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.171780][ T15] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.171811][ T15] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.977307][ T6561] Bluetooth: hci2: command tx timeout [ 35.977516][ T6561] Bluetooth: hci4: command tx timeout [ 35.977688][ T6561] Bluetooth: hci0: command tx timeout [ 35.977845][ T6561] Bluetooth: hci1: command tx timeout [ 35.978006][ T6561] Bluetooth: hci3: command tx timeout [ 36.240852][ T6691] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 36.245382][ T6691] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 37.322544][ T6621] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 37.389177][ T6743] [ 37.389565][ T6743] ====================================================== [ 37.390647][ T6743] WARNING: possible circular locking dependency detected [ 37.391671][ T6743] syzkaller #0 Not tainted [ 37.392247][ T6743] ------------------------------------------------------ [ 37.393200][ T6743] syz.2.25/6743 is trying to acquire lock: [ 37.394063][ T6743] ffff0000d8965040 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: touch_work_lockdep_map+0x70/0x118 [ 37.395841][ T6743] [ 37.395841][ T6743] but task is already holding lock: [ 37.396846][ T6743] ffff0000d8965338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x74/0x5f0 [ 37.398179][ T6743] [ 37.398179][ T6743] which lock already depends on the new lock. [ 37.398179][ T6743] [ 37.399667][ T6743] [ 37.399667][ T6743] the existing dependency chain (in reverse order) is: [ 37.401026][ T6743] [ 37.401026][ T6743] -> #1 (&conn->lock#2){+.+.}-{4:4}: [ 37.402199][ T6743] __mutex_lock_common+0x1d0/0x2678 [ 37.403050][ T6743] mutex_lock_nested+0x2c/0x38 [ 37.403760][ T6743] l2cap_info_timeout+0x70/0xb0 [ 37.404594][ T6743] process_one_work+0x7e8/0x155c [ 37.405405][ T6743] worker_thread+0x958/0xed8 [ 37.406255][ T6743] kthread+0x5fc/0x75c [ 37.406946][ T6743] ret_from_fork+0x10/0x20 [ 37.407654][ T6743] [ 37.407654][ T6743] -> #0 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}: [ 37.409180][ T6743] __lock_acquire+0x1774/0x30a4 [ 37.409937][ T6743] lock_acquire+0x14c/0x2e0 [ 37.410667][ T6743] touch_work_lockdep_map+0x98/0x118 [ 37.411476][ T6743] __flush_work+0x4fc/0x8c0 [ 37.412283][ T6743] cancel_delayed_work_sync+0xc4/0x120 [ 37.413090][ T6743] l2cap_conn_del+0x460/0x5f0 [ 37.413781][ T6743] l2cap_disconn_cfm+0x90/0xe0 [ 37.414497][ T6743] hci_conn_hash_flush+0x108/0x218 [ 37.415285][ T6743] hci_dev_close_sync+0x89c/0x1154 [ 37.416092][ T6743] hci_dev_close+0xe4/0x20c [ 37.416774][ T6743] hci_sock_ioctl+0x420/0x86c [ 37.417556][ T6743] sock_do_ioctl+0xf4/0x2b4 [ 37.418300][ T6743] sock_ioctl+0x57c/0x84c [ 37.418999][ T6743] __arm64_sys_ioctl+0x14c/0x1c4 [ 37.419828][ T6743] invoke_syscall+0x98/0x254 [ 37.420589][ T6743] el0_svc_common+0xe8/0x23c [ 37.421359][ T6743] do_el0_svc+0x48/0x58 [ 37.422071][ T6743] el0_svc+0x5c/0x254 [ 37.422730][ T6743] el0t_64_sync_handler+0x84/0x12c [ 37.423576][ T6743] el0t_64_sync+0x198/0x19c [ 37.424313][ T6743] [ 37.424313][ T6743] other info that might help us debug this: [ 37.424313][ T6743] [ 37.425817][ T6743] Possible unsafe locking scenario: [ 37.425817][ T6743] [ 37.426898][ T6743] CPU0 CPU1 [ 37.427660][ T6743] ---- ---- [ 37.428413][ T6743] lock(&conn->lock#2); [ 37.429069][ T6743] lock((work_completion)(&(&conn->info_timer)->work)); [ 37.430405][ T6743] lock(&conn->lock#2); [ 37.431365][ T6743] lock((work_completion)(&(&conn->info_timer)->work)); [ 37.432431][ T6743] [ 37.432431][ T6743] *** DEADLOCK *** [ 37.432431][ T6743] [ 37.433563][ T6743] 5 locks held by syz.2.25/6743: [ 37.434241][ T6743] #0: ffff0000c85a4dc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_close+0xdc/0x20c [ 37.435615][ T6743] #1: ffff0000c85a40b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x4c4/0x1154 [ 37.437082][ T6743] #2: ffff8000929f35c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xb0/0x218 [ 37.438566][ T6743] #3: ffff0000d8965338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x74/0x5f0 [ 37.439934][ T6743] #4: ffff80008f79b8a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x10/0x4c [ 37.441376][ T6743] [ 37.441376][ T6743] stack backtrace: [ 37.442168][ T6743] CPU: 1 UID: 0 PID: 6743 Comm: syz.2.25 Not tainted syzkaller #0 PREEMPT [ 37.443367][ T6743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 37.444763][ T6743] Call trace: [ 37.445230][ T6743] show_stack+0x2c/0x3c (C) [ 37.445861][ T6743] __dump_stack+0x30/0x40 [ 37.446482][ T6743] dump_stack_lvl+0xd8/0x12c [ 37.447116][ T6743] dump_stack+0x1c/0x28 [ 37.447742][ T6743] print_circular_bug+0x324/0x32c [ 37.448405][ T6743] check_noncircular+0x154/0x174 [ 37.449111][ T6743] __lock_acquire+0x1774/0x30a4 [ 37.449790][ T6743] lock_acquire+0x14c/0x2e0 [ 37.450454][ T6743] touch_work_lockdep_map+0x98/0x118 [ 37.451228][ T6743] __flush_work+0x4fc/0x8c0 [ 37.451866][ T6743] cancel_delayed_work_sync+0xc4/0x120 [ 37.452620][ T6743] l2cap_conn_del+0x460/0x5f0 [ 37.453270][ T6743] l2cap_disconn_cfm+0x90/0xe0 [ 37.453892][ T6743] hci_conn_hash_flush+0x108/0x218 [ 37.454667][ T6743] hci_dev_close_sync+0x89c/0x1154 [ 37.455435][ T6743] hci_dev_close+0xe4/0x20c [ 37.456073][ T6743] hci_sock_ioctl+0x420/0x86c [ 37.456744][ T6743] sock_do_ioctl+0xf4/0x2b4 [ 37.457405][ T6743] sock_ioctl+0x57c/0x84c [ 37.458052][ T6743] __arm64_sys_ioctl+0x14c/0x1c4 [ 37.458819][ T6743] invoke_syscall+0x98/0x254 [ 37.459501][ T6743] el0_svc_common+0xe8/0x23c [ 37.460218][ T6743] do_el0_svc+0x48/0x58 [ 37.460841][ T6743] el0_svc+0x5c/0x254 [ 37.461465][ T6743] el0t_64_sync_handler+0x84/0x12c [ 37.462201][ T6743] el0t_64_sync+0x198/0x19c [ 37.629037][ T6621] usb 1-1: Using ep0 maxpacket: 16 [ 37.629580][ T6621] usb 1-1: too many configurations: 123, using maximum allowed: 8 [ 37.630229][ T6621] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 37.630841][ T6621] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 37.631455][ T6621] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 37.632066][ T6621] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 37.632679][ T6621] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 37.633280][ T6621] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 37.633919][ T6621] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 37.635456][ T6621] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 37.636124][ T6621] usb 1-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 37.636132][ T6621] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45 [ 37.636139][ T6621] usb 1-1: SerialNumber: syz [ 37.637009][ T6621] usb 1-1: config 0 descriptor?? [ 37.640727][ T6621] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input2 [ 37.844811][ T6727] input: syz1 as /devices/virtual/input/input3 [ 37.869481][ T6658] usb 1-1: USB disconnect, device number 2 [ 37.870651][ T6566] bcm5974 1-1:0.0: could not read from device [ 37.870686][ T6566] bcm5974: mode switch failed [ 37.999078][ T6561] Bluetooth: hci1: command tx timeout [ 37.999100][ T6553] Bluetooth: hci4: command tx timeout [ 37.999112][ T6561] Bluetooth: hci2: command tx timeout [ 37.999315][ T6556] Bluetooth: hci3: command tx timeout [ 38.002242][ T53] Bluetooth: hci0: command tx timeout [ 40.079578][ T53] Bluetooth: hci0: command tx timeout [ 40.079611][ T53] Bluetooth: hci4: command tx timeout [ 40.079633][ T53] Bluetooth: hci3: command tx timeout [ 40.079646][ T53] Bluetooth: hci2: command tx timeout [ 40.079659][ T53] Bluetooth: hci1: command tx timeout [ 42.158749][ T6553] Bluetooth: hci1: command tx timeout [ 42.158775][ T53] Bluetooth: hci2: command tx timeout [ 42.158784][ T6143] Bluetooth: hci3: command tx timeout [ 42.158792][ T6556] Bluetooth: hci0: command tx timeout [ 42.168838][ T6553] Bluetooth: hci4: command tx timeout