last executing test programs: 16.068586029s ago: executing program 1 (id=107): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r0, &(0x7f00000002c0)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x5}}, 0x10) 14.73204718s ago: executing program 1 (id=108): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) shutdown(r0, 0x1) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff}) syz_emit_ethernet(0x4e, &(0x7f0000000000)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x67, 0x0, @rand_addr, @broadcast}, @time_exceeded={0x21, 0x0, 0x0, 0x12, 0x0, 0x2802, {0x9, 0x2, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @rand_addr=0xe0000000, {[@rr={0x7, 0xf, 0x0, [@loopback, @dev={0xac, 0x14, 0x14, 0x2c}, @rand_addr]}]}}}}}}}, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) mmap(&(0x7f00003f7000/0x2000)=nil, 0x2000, 0x800001, 0x4000010, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000140)={'wg1\x00', &(0x7f00000000c0)=@ethtool_link_settings={0x4c, 0xd, 0x62, 0x7, 0x8, 0xe, 0xe3, 0x9, 0xa, 0x0, [0x4e, 0x9, 0xd2, 0x7, 0x401, 0x4, 0x9, 0xfffffffb], [0x7f]}}) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) r3 = add_key(0x0, &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0x1, 0xfffffffffffffffe) keyctl$read(0xb, r3, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2) r4 = openat$ocfs2_control(0xffffff9c, &(0x7f0000000180), 0x40, 0x0) ioctl$EXT4_IOC_GETFSUUID(r4, 0x8008662c, &(0x7f0000000240)) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x107, 0x100, 0x100, 0x1, 0x4000}}) sendmsg$inet(r0, 0x0, 0x30004084) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) 13.247457639s ago: executing program 1 (id=114): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1, 0x0, 0x25dfdbff}, 0x14}}, 0x8be7d28fc6479063) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000140)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) get_robust_list(0x0, &(0x7f0000000440)=&(0x7f0000000400)={&(0x7f0000000300)={&(0x7f0000000240)}, 0x0, &(0x7f00000003c0)}, &(0x7f0000000480)=0xc) read$msr(r1, &(0x7f0000005580)=""/102392, 0x18ff8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r0, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x80c42, 0x0) read(r2, &(0x7f0000000040)=""/148, 0xffffff96) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x0, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) r5 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x4}) socket$netlink(0x10, 0x3, 0x15) r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0) ptrace$ARCH_GET_FS(0x1e, r3, &(0x7f0000000200), 0x1003) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 9.508509488s ago: executing program 3 (id=130): syz_open_dev$usbfs(&(0x7f00000000c0), 0x1, 0x92082) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000000)={0x6, 0x3, &(0x7f0000001a00)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000100)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r3 = socket$netlink(0x10, 0x3, 0x4) writev(r3, &(0x7f0000000300)=[{}], 0x1) r4 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00') read$FUSE(r4, &(0x7f0000000980)={0x2020}, 0x2020) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r5 = socket$inet6_sctp(0xa, 0x801, 0x84) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'macvlan0\x00'}) 8.294237717s ago: executing program 3 (id=132): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x13f, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r0, &(0x7f00000002c0)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x5}}, 0x10) 8.060344108s ago: executing program 3 (id=136): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 7.906834659s ago: executing program 1 (id=138): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x1a3) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) chdir(&(0x7f0000000300)='./file0\x00') openat2$dir(0xffffff9c, 0x0, &(0x7f0000000340)={0x145200, 0x98, 0xe}, 0x1f) socket$igmp6(0xa, 0x3, 0x2) fsopen(&(0x7f00000002c0)='qnx6\x00', 0x0) r0 = openat$fb0(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x541b, 0x0) mount$9p_virtio(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000280), 0x1009082, &(0x7f0000000300)=ANY=[]) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000c40)=@newtclass={0x48, 0x28, 0x100, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xffff, 0xf}, {0xd, 0x2}, {0x10, 0xfff1}}, [@tclass_kind_options=@c_sfb={0x8}, @tclass_kind_options=@c_sfb={0x8}, @tclass_kind_options=@c_cake={0x9}, @TCA_RATE={0x6, 0x5, {0x7, 0xce}}]}, 0xfffffffffffffd87}, 0x1, 0x0, 0x0, 0x804}, 0x0) sendmsg$802154_dgram(0xffffffffffffffff, 0x0, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) getsockopt$ARPT_SO_GET_ENTRIES(r1, 0x0, 0x61, &(0x7f0000000600)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000ec0000008a5c7f5c95f40e918b2907ff3435398adab0a945e80cc51a2ed683162586299243a4b1f7682f2cc7f7de224abb5263253bd8da"], 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102384, 0x18ff0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000500)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mlock(&(0x7f0000fff000/0x1000)=nil, 0x1000) sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000100)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 7.841174135s ago: executing program 3 (id=140): openat$sequencer(0xffffffffffffff9c, 0x0, 0x149002, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) madvise(&(0x7f00001d6000/0x1000)=nil, 0x1000, 0x17) 7.495801509s ago: executing program 3 (id=146): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x80) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kfree\x00', r6, 0x0, 0x2}, 0x18) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r7, {}, {}, {0xa, 0x1}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40098}, 0x4000000) r8 = socket$netlink(0x10, 0x3, 0x0) r9 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r10, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) close(0x3) 6.836072171s ago: executing program 3 (id=150): socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x10000000}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x24c4436d5a174b6d, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x4004000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) rt_sigsuspend(0x0, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x15) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) r4 = socket$igmp(0x2, 0x3, 0x2) getsockopt$EBT_SO_GET_INFO(r4, 0x0, 0x80, &(0x7f00000003c0)={'broute\x00', 0x0, 0x0, 0x0, [0x61, 0x10000, 0x9c9, 0xf, 0x4, 0x3]}, &(0x7f00000001c0)=0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha384\x00'}, 0x58) ioctl$HIDIOCGRAWPHYS(0xffffffffffffffff, 0x80404805, &(0x7f0000000340)) syz_emit_ethernet(0x82, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r3, 0x0, 0x25, 0x5, @val=@perf_event={0x7}}, 0x18) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341) ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000200)) setsockopt$ARPT_SO_SET_REPLACE(r4, 0x0, 0x60, &(0x7f00000008c0)={'filter\x00', 0x7, 0x4, 0x404, 0x0, 0x218, 0x10c, 0x324, 0x324, 0x324, 0x4, &(0x7f0000000280), {[{{@arp={@initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, 0xff000000, 0xffffffff, 0x4, 0x0, {@mac, {[0xff, 0x0, 0x0, 0x0, 0xff]}}, {@mac=@local, {[0xff, 0x0, 0xff, 0xff, 0xff, 0xff]}}, 0xfff2, 0x101, 0x79, 0x1, 0x7ff, 0x8, '\x00', 'vcan0\x00', {0xff}, {0xff}, 0x0, 0x4}, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@link_local, @mac=@local, @local, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x8, 0x1}}}, {{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@random="07aebe92cc85", @empty, @loopback, @broadcast, 0x8}}}, {{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, 0x1, 0x1}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x450) ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x8, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xe, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_DQ_RATE_ESTIMATOR={0x8}, @TCA_FQ_PIE_MEMORY_LIMIT={0x8, 0x8, 0x3}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 6.603131681s ago: executing program 4 (id=152): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 6.241956121s ago: executing program 4 (id=153): r0 = syz_io_uring_setup(0x892, &(0x7f0000000140)={0x0, 0xaee4, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000380)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}}) io_uring_enter(r0, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0) 6.006381637s ago: executing program 0 (id=155): syz_io_uring_setup(0x890, 0x0, &(0x7f0000000240), 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) r2 = gettid() timer_settime(0x0, 0x0, 0x0, 0x0) ptrace$poke(0x4, r2, 0x0, 0x7) mq_open(&(0x7f0000001600)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\aXg\xbb\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x8a=\x0f\n*\x8a\x99\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5\x00\x00\x00\x00\x00\x00\x00\x01\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbbV\x1a\x8a\x03#T\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8', 0x40, 0xb, 0x0) openat(r0, &(0x7f0000000040)='./file0\x00', 0x42, 0x50) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00') r4 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r4, 0x0, 0x0) fcntl$setlease(r3, 0x400, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='huge=always,huge=wi']) chdir(&(0x7f0000000140)='./file0\x00') r5 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r5, &(0x7f00000005c0), 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) recvmmsg(r5, &(0x7f00000099c0)=[{{0x0, 0x0, 0x0}, 0x4251}, {{0x0, 0x0, &(0x7f0000007040)=[{&(0x7f0000006040)=""/4086, 0x1000}], 0x1}, 0x8000}], 0x3fffffffffffdfc, 0x10002, 0x0) 5.039000585s ago: executing program 2 (id=156): openat$sequencer(0xffffffffffffff9c, 0x0, 0x149002, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) madvise(&(0x7f00001d6000/0x1000)=nil, 0x1000, 0x17) 4.710690006s ago: executing program 0 (id=157): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x20004, r0, 0x2}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r2}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c64d2, &(0x7f0000000180)={r3, 0x80000}) 4.710047669s ago: executing program 4 (id=158): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000003c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x1, 0x10000}}]}}]}, 0x48}}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@getqdisc={0x24, 0x26, 0x1, 0x70bd22, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0x10, 0xf}, {0x1, 0xb}, {0xe, 0xfff3}}}, 0x24}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) 4.588930083s ago: executing program 2 (id=159): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="00a6d518c800"/19, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES8=0x0], 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000000000000010000008500000053000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b0000029500000000000000"], &(0x7f0000000080)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xb1, &(0x7f0000000140)=""/177, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000000c0)='%(:2', 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$ptp0(0xffffffffffffff9c, 0x0, 0x1, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) 4.124833408s ago: executing program 0 (id=160): r0 = syz_open_procfs(0x0, &(0x7f0000000140)='maps\x00') pread64(r0, &(0x7f0000001600)=""/4103, 0x1007, 0x4b) 4.120917904s ago: executing program 1 (id=161): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000a80)={r1, 0x0, "132bf2b2631e4a669e5ab545f4df3af85ad7e43ec2b129366fe8ac9c1291a08c84ed3776ca81ad429d1e191a9da28672a0c89918f82b3644e9a664401d7ec9e25042e90414c4f943f35b4c60700c72b70000000000000003505b51bb8eeb1449cf9d99e7b3adbe3558ce2d6936970000000000000033bb5d6df9ccad91e68ef25fc13090e1d4fc2762b409ab624c2226c25046ec660f62e30273f0f80710a31a7e77320f2f4a668a4d04c2660c33d55c1a614dc7f7b661388c206c2866c471a6c8041154dda81b53b0e76e36baf7291a4b3a4fbaa730a40c37ccfeb40bbf81ce072c2f4babe8b3d02bf7acf1bc1a895954b126b13c2de9a82827b16cd7113a09dc75a66e9ae1818fcb99c0cdeda4aa33885c6cb93acf9df129e8e9fa70b45e564aa876eba6ff8a5cfbe113bc6a36953e928ab7df3e8729f2d823ccd4926d416ee924fc230371f8931349a964a27ec40ffd703e08754d8f7ec57c3373de88"}, &(0x7f0000000180)=0xfebd) 2.137129264s ago: executing program 2 (id=162): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000080)={0xdf, 0x0, 0x4000}) 1.865094608s ago: executing program 0 (id=163): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000040)=0x10) close_range(r0, 0xffffffffffffffff, 0x0) 1.808422226s ago: executing program 2 (id=164): r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x8, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x1e, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x20000881}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() r2 = socket(0x15, 0x5, 0x0) getsockopt(r2, 0x200000000114, 0x2714, 0x0, &(0x7f0000000100)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r3 = syz_io_uring_setup(0x38, &(0x7f0000000580)={0x0, 0xbbda, 0x13500}, &(0x7f0000000240), &(0x7f0000000480)) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2a, 0x5, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000440)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0xfffffbff}, 0x94) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r3, 0x21, &(0x7f0000000440), 0x1) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0) r5 = epoll_create(0x6) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000180)={0x9}) 1.729933555s ago: executing program 4 (id=165): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000002040), r1) sendmsg$NLBL_CIPSOV4_C_REMOVE(r1, &(0x7f0000002100)={0x0, 0x0, &(0x7f00000020c0)={&(0x7f0000002080)={0x1c, r2, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0xb728abfe3e8dc2a9}, 0x400c4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) splice(r3, 0x0, r4, 0x0, 0x6b, 0xe) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f00000000c0)='./file1\x00') r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x30000, 0x40) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0x9362, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r5, 0x9362, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_DAEMON(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="4600001a003cdc8fead0c9b8eb129fdbc1bf473bcd079267267faf929b6fa181786d9a553ffa75c734abb99ede1abfff960dfdbc06e6d43a3e57e80a54e9b3feac66a9b91191fa2d5af04d92ef2243cafc674322", @ANYRES16, @ANYBLOB="01000000000000000000090000003000038014000200626f6e645f736c6176655f310000000006000400ffff0000080003000000000008000100020000"], 0x44}}, 0x0) sendmsg$IPVS_CMD_SET_SERVICE(r5, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x54, 0x0, 0x100, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e21}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x1}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xffa6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1b3}]}, 0x54}, 0x1, 0x0, 0x0, 0x44004}, 0x1) socket$nl_route(0x10, 0x3, 0x0) 1.728951117s ago: executing program 2 (id=166): epoll_create1(0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) sendmsg$NL80211_CMD_GET_COALESCE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, r0, 0x800, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x4f}, @void, @val={0xc, 0x99, {0x7, 0xd}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x4000010) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FLUSH_PMKSA(r1, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x20, 0x0, 0x2, 0x70bd26, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x0, 0x2e}}}}, ["", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20040050}, 0x4040000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_emit_ethernet(0x76, 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) socket$key(0xf, 0x3, 0x2) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r3}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r4, 0x2ded, 0x4000, 0x0, 0x0, 0x0) msgrcv(0x0, 0x0, 0x0, 0x1, 0x3000) 1.592621237s ago: executing program 0 (id=167): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x13f, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000300)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x711, @remote, 0xbf}, {0xa, 0x4e20, 0xfffffffe, @mcast2, 0x10001}, 0xffffffffffffffff, 0x403}}, 0x48) 1.504062362s ago: executing program 4 (id=168): truncate(&(0x7f0000000000)='./file0\x00', 0x96f) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e78, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x80}}]}, {0x2}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000280)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f0000000340), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x200000, &(0x7f0000000c00)=ANY=[]) chdir(&(0x7f0000000300)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="4c0000001f00010029bd7000fedbdf25fc000000000000000000000000000001000004d2020032000a0101020000000000000000000000001b090000000000800c0015005b073500f2520000b3d6cded9e62ee1bc81fec117070b98e80e0a320b181ce8d00c174c2376f1fea6d6b073b73a76fb67914798ce622cbefd9a4e7b04d1616c96014a6df257b916e53a848ad10233cfd5ffde3c7aa01bfe75b39f97874fa59a203c2e2a35d427c34beb3ba2e8132ffa6e9bbbe9d981660f02afc26beec7848009c8a820763f138204445d36eabd6c87eaabfbe90c8ad0293b80f274f43e6ec063654f3b63e6f6cd803a46dda0511c65421b593aab1cfe2de3f63d629c8"], 0x4c}, 0x1, 0x0, 0x0, 0x8800}, 0xc8) 228.487697ms ago: executing program 4 (id=169): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) close(r0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x18, 0x6, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000000000000ffffff80e500020000000000c500fcff000000008500feffd100000095"], &(0x7f00000000c0)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000300)='percpu_alloc_percpu\x00', r0, 0x0, 0x10}, 0x18) socket$packet(0x11, 0x3, 0x300) 156.613984ms ago: executing program 0 (id=170): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000e00)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x3, 0x1000000000000, &(0x7f00000001c0)='R3`'}) 109.774026ms ago: executing program 1 (id=171): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) 0s ago: executing program 2 (id=172): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x14) ioctl$TIOCVHANGUP(r0, 0x5437, 0x2) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.14' (ED25519) to the list of known hosts. [ 96.219256][ T5785] cgroup: Unknown subsys name 'net' [ 96.460414][ T5785] cgroup: Unknown subsys name 'cpuset' [ 96.515801][ T5785] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 97.129370][ T9] cfg80211: failed to load regulatory.db [ 98.423223][ T5785] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 102.379419][ T5116] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 102.382088][ T5116] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 102.415586][ T5116] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 102.419361][ T5116] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 102.420368][ T5116] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 102.694178][ T61] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 102.704440][ T61] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 102.706482][ T61] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 102.751626][ T5810] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 102.752652][ T5810] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 102.755450][ T5116] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 102.763393][ T5116] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 102.765667][ T5116] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 102.772702][ T5116] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 102.777348][ T5116] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 102.857523][ T5814] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 102.859949][ T5804] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 102.862199][ T5804] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 102.892773][ T5814] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 102.903565][ T5814] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 102.926271][ T5814] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 102.930541][ T5814] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 102.931627][ T5814] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 102.932964][ T5814] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 102.933846][ T5814] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 103.455861][ T5802] chnl_net:caif_netlink_parms(): no params data found [ 103.927957][ T5802] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.929148][ T5802] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.929604][ T5802] bridge_slave_0: entered allmulticast mode [ 103.931613][ T5802] bridge_slave_0: entered promiscuous mode [ 103.939648][ T5805] chnl_net:caif_netlink_parms(): no params data found [ 104.009640][ T5802] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.009771][ T5802] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.010015][ T5802] bridge_slave_1: entered allmulticast mode [ 104.011850][ T5802] bridge_slave_1: entered promiscuous mode [ 104.386573][ T5802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.458217][ T5802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.486294][ T5814] Bluetooth: hci0: command tx timeout [ 104.501505][ T5807] chnl_net:caif_netlink_parms(): no params data found [ 104.792565][ T5802] team0: Port device team_slave_0 added [ 104.804748][ T5814] Bluetooth: hci2: command tx timeout [ 104.876824][ T5812] chnl_net:caif_netlink_parms(): no params data found [ 104.884805][ T5814] Bluetooth: hci1: command tx timeout [ 104.956024][ T5806] chnl_net:caif_netlink_parms(): no params data found [ 104.963610][ T5802] team0: Port device team_slave_1 added [ 104.963885][ T5805] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.964041][ T5805] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.964218][ T5805] bridge_slave_0: entered allmulticast mode [ 104.964796][ T5814] Bluetooth: hci3: command tx timeout [ 104.973539][ T5805] bridge_slave_0: entered promiscuous mode [ 105.044863][ T5814] Bluetooth: hci4: command tx timeout [ 105.107382][ T5805] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.107581][ T5805] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.107719][ T5805] bridge_slave_1: entered allmulticast mode [ 105.109600][ T5805] bridge_slave_1: entered promiscuous mode [ 105.456648][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.456662][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 105.456682][ T5802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.704792][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.704806][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 105.704827][ T5802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.708719][ T5805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.845719][ T5805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.853165][ T5807] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.853334][ T5807] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.853663][ T5807] bridge_slave_0: entered allmulticast mode [ 105.859816][ T5807] bridge_slave_0: entered promiscuous mode [ 106.026168][ T5807] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.026289][ T5807] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.026437][ T5807] bridge_slave_1: entered allmulticast mode [ 106.028332][ T5807] bridge_slave_1: entered promiscuous mode [ 106.427909][ T5805] team0: Port device team_slave_0 added [ 106.429249][ T5812] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.429404][ T5812] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.429548][ T5812] bridge_slave_0: entered allmulticast mode [ 106.431414][ T5812] bridge_slave_0: entered promiscuous mode [ 106.526509][ T5806] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.526636][ T5806] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.526823][ T5806] bridge_slave_0: entered allmulticast mode [ 106.529146][ T5806] bridge_slave_0: entered promiscuous mode [ 106.566035][ T5814] Bluetooth: hci0: command tx timeout [ 106.618030][ T5805] team0: Port device team_slave_1 added [ 106.618505][ T5812] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.618637][ T5812] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.618769][ T5812] bridge_slave_1: entered allmulticast mode [ 106.620592][ T5812] bridge_slave_1: entered promiscuous mode [ 106.626411][ T5807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.629043][ T5806] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.629377][ T5806] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.629883][ T5806] bridge_slave_1: entered allmulticast mode [ 106.642507][ T5806] bridge_slave_1: entered promiscuous mode [ 106.701541][ T5802] hsr_slave_0: entered promiscuous mode [ 106.720827][ T5802] hsr_slave_1: entered promiscuous mode [ 106.885503][ T5814] Bluetooth: hci2: command tx timeout [ 106.928346][ T5807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.974783][ T5814] Bluetooth: hci1: command tx timeout [ 107.044888][ T5814] Bluetooth: hci3: command tx timeout [ 107.126021][ T5814] Bluetooth: hci4: command tx timeout [ 107.388401][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.388428][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 107.388457][ T5805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.429607][ T5812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.566826][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.566841][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 107.566861][ T5805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.570411][ T5806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.573786][ T5812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.600677][ T5807] team0: Port device team_slave_0 added [ 107.653887][ T5806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.769379][ T5807] team0: Port device team_slave_1 added [ 108.158497][ T5812] team0: Port device team_slave_0 added [ 108.517549][ T5806] team0: Port device team_slave_0 added [ 108.519788][ T5812] team0: Port device team_slave_1 added [ 108.520533][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 108.520544][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 108.520563][ T5807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 108.647217][ T5804] Bluetooth: hci0: command tx timeout [ 108.663586][ T5806] team0: Port device team_slave_1 added [ 108.664348][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 108.664360][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 108.664380][ T5807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 108.809084][ T5805] hsr_slave_0: entered promiscuous mode [ 108.810148][ T5805] hsr_slave_1: entered promiscuous mode [ 108.811016][ T5805] debugfs: 'hsr0' already exists in 'hsr' [ 108.811113][ T5805] Cannot create hsr debugfs directory [ 108.964803][ T5804] Bluetooth: hci2: command tx timeout [ 109.045011][ T5804] Bluetooth: hci1: command tx timeout [ 109.078142][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.078157][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 109.078177][ T5812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.101031][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.101082][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 109.101178][ T5806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.120830][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.120880][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 109.120947][ T5812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.128203][ T5804] Bluetooth: hci3: command tx timeout [ 109.204959][ T5804] Bluetooth: hci4: command tx timeout [ 109.367600][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.367615][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 109.367635][ T5806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.702746][ T5807] hsr_slave_0: entered promiscuous mode [ 109.703725][ T5807] hsr_slave_1: entered promiscuous mode [ 109.704469][ T5807] debugfs: 'hsr0' already exists in 'hsr' [ 109.704487][ T5807] Cannot create hsr debugfs directory [ 110.141692][ T5812] hsr_slave_0: entered promiscuous mode [ 110.142698][ T5812] hsr_slave_1: entered promiscuous mode [ 110.143419][ T5812] debugfs: 'hsr0' already exists in 'hsr' [ 110.143437][ T5812] Cannot create hsr debugfs directory [ 110.182602][ T5806] hsr_slave_0: entered promiscuous mode [ 110.183575][ T5806] hsr_slave_1: entered promiscuous mode [ 110.188733][ T5806] debugfs: 'hsr0' already exists in 'hsr' [ 110.188798][ T5806] Cannot create hsr debugfs directory [ 110.724832][ T5804] Bluetooth: hci0: command tx timeout [ 111.010790][ T5802] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 111.044770][ T5804] Bluetooth: hci2: command tx timeout [ 111.074548][ T5802] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 111.128453][ T5804] Bluetooth: hci1: command tx timeout [ 111.151259][ T5802] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 111.204927][ T5804] Bluetooth: hci3: command tx timeout [ 111.285057][ T5804] Bluetooth: hci4: command tx timeout [ 111.286389][ T5802] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 111.542553][ T5805] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 111.581998][ T5805] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 111.600154][ T5805] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 111.661932][ T5805] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 111.798343][ T5807] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 111.838519][ T5807] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 111.887598][ T5807] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 111.940645][ T5807] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 112.084890][ T5812] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 112.131148][ T5812] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 112.164227][ T5812] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 112.230242][ T5812] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 112.367121][ T5806] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 112.402694][ T5806] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 112.424410][ T5806] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 112.469009][ T5806] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 112.527155][ T5802] 8021q: adding VLAN 0 to HW filter on device bond0 [ 112.608661][ T5805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 112.635966][ T5802] 8021q: adding VLAN 0 to HW filter on device team0 [ 112.681323][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.682106][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.723299][ T5805] 8021q: adding VLAN 0 to HW filter on device team0 [ 112.737503][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.737610][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.789192][ T1011] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.789341][ T1011] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.812160][ T5807] 8021q: adding VLAN 0 to HW filter on device bond0 [ 112.844471][ T1011] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.852488][ T1011] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.926448][ T5807] 8021q: adding VLAN 0 to HW filter on device team0 [ 112.947745][ T5812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 112.972921][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.973070][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 113.023424][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.023733][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 113.102711][ T5812] 8021q: adding VLAN 0 to HW filter on device team0 [ 113.129864][ T5806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.169053][ T145] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.169280][ T145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 113.236890][ T145] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.237069][ T145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 113.310310][ T5806] 8021q: adding VLAN 0 to HW filter on device team0 [ 113.373395][ T1011] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.373546][ T1011] bridge0: port 1(bridge_slave_0) entered forwarding state [ 113.448183][ T1011] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.448395][ T1011] bridge0: port 2(bridge_slave_1) entered forwarding state [ 113.648675][ T5802] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 113.850581][ T5807] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 113.880600][ T5805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 114.018248][ T5802] veth0_vlan: entered promiscuous mode [ 114.115247][ T5802] veth1_vlan: entered promiscuous mode [ 114.239576][ T5805] veth0_vlan: entered promiscuous mode [ 114.309074][ T5805] veth1_vlan: entered promiscuous mode [ 114.323267][ T5802] veth0_macvtap: entered promiscuous mode [ 114.349396][ T5812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 114.376592][ T5802] veth1_macvtap: entered promiscuous mode [ 114.426997][ T5806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 114.478769][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 114.513867][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 114.537366][ T5805] veth0_macvtap: entered promiscuous mode [ 114.564207][ T58] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.580995][ T58] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.598776][ T5805] veth1_macvtap: entered promiscuous mode [ 114.602400][ T58] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.624401][ T58] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.691396][ T5812] veth0_vlan: entered promiscuous mode [ 114.788748][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 114.856922][ T5812] veth1_vlan: entered promiscuous mode [ 114.879031][ T5806] veth0_vlan: entered promiscuous mode [ 114.899593][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 114.949968][ T5807] veth0_vlan: entered promiscuous mode [ 114.979244][ T1011] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.983173][ T1011] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.006759][ T1011] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.007348][ T5806] veth1_vlan: entered promiscuous mode [ 115.011999][ T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.012021][ T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.049275][ T1011] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.101446][ T5807] veth1_vlan: entered promiscuous mode [ 115.236416][ T1175] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.236438][ T1175] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.332946][ T5812] veth0_macvtap: entered promiscuous mode [ 115.358927][ T5812] veth1_macvtap: entered promiscuous mode [ 115.465559][ T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.465583][ T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.466454][ T5806] veth0_macvtap: entered promiscuous mode [ 115.480777][ T5807] veth0_macvtap: entered promiscuous mode [ 115.520139][ T5806] veth1_macvtap: entered promiscuous mode [ 115.546318][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 115.547467][ T5807] veth1_macvtap: entered promiscuous mode [ 115.609505][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 115.614229][ T82] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.614250][ T82] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.737545][ T41] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.744410][ T41] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.762561][ T41] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.775589][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 115.785776][ T41] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.806627][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 115.937011][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 116.049303][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 117.036571][ T1175] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.051001][ T1175] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.968090][ T1175] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.997956][ T1175] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.048104][ T1175] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.088333][ T1175] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.117477][ T1175] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.149640][ T1175] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.471293][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.471317][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.746626][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.746647][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.927608][ T145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.927631][ T145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.082083][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.082105][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.147854][ T5945] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 123.149347][ T5945] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11'. [ 123.152632][ T145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.152650][ T145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.647511][ T5952] 9pnet_virtio: no channels available for device syz [ 124.386235][ T5955] binder: 5954:5955 ioctl c0306201 200000000680 returned -14 [ 124.691059][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.691083][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.327465][ T5986] ======================================================= [ 126.327465][ T5986] WARNING: The mand mount option has been deprecated and [ 126.327465][ T5986] and is ignored by this kernel. Remove the mand [ 126.327465][ T5986] option from the mount to silence this warning. [ 126.327465][ T5986] ======================================================= [ 126.538645][ T5986] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 128.040807][ T5986] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 128.044423][ T5986] overlayfs: failed to look up (tracing) for ino (-66) [ 129.032556][ T5988] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 129.305783][ T5992] syz.1.21 uses obsolete (PF_INET,SOCK_PACKET) [ 129.631945][ T5994] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 129.631967][ T5994] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 129.640214][ T5994] vhci_hcd vhci_hcd.0: Device attached [ 131.692930][ T5997] vhci_hcd: connection closed [ 132.141536][ T805] usb 34-1: SetAddress Request (2) to port 0 [ 132.173662][ T69] vhci_hcd vhci_hcd.0: stop threads [ 132.174352][ T69] vhci_hcd vhci_hcd.0: release socket [ 132.176164][ T0] NOHZ tick-stop error: local softirq work is pending, handler #81!!! [ 132.192133][ T69] vhci_hcd vhci_hcd.0: disconnect device [ 132.224233][ T805] usb 34-1: new SuperSpeed USB device number 2 using vhci_hcd [ 132.243475][ T805] usb 34-1: enqueue for inactive port 0 [ 132.652304][ T805] usb usb34-port1: attempt power cycle [ 132.654391][ T6011] binder: 6010:6011 ioctl c0306201 200000000680 returned -14 [ 133.218840][ T805] usb usb34-port1: unable to enumerate USB device [ 133.594616][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 134.014624][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 134.651542][ T6029] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 134.653909][ T6029] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.671477][ T6029] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.493526][ T6041] netlink: 'syz.1.28': attribute type 2 has an invalid length. [ 136.756605][ T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 136.999429][ T10] usb 4-1: config 0 has no interfaces? [ 136.999474][ T10] usb 4-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 136.999499][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.060810][ T10] usb 4-1: config 0 descriptor?? [ 137.316909][ T10] usb 4-1: USB disconnect, device number 2 [ 137.354643][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 137.364604][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 137.364744][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 137.364814][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 137.364867][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 137.365198][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 137.365270][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 138.168172][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.168507][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.595653][ T6050] futex_wake_op: syz.4.36 tries to shift op by -1; fix this program [ 138.602480][ T37] audit: type=1326 audit(1766964645.022:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6049 comm="syz.4.36" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb41d3465e7 code=0x7ffc0000 [ 138.602539][ T37] audit: type=1326 audit(1766964645.022:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6049 comm="syz.4.36" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb41d2eb829 code=0x7ffc0000 [ 138.602587][ T37] audit: type=1326 audit(1766964645.022:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6049 comm="syz.4.36" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb41d34f749 code=0x7ffc0000 [ 138.602632][ T37] audit: type=1326 audit(1766964645.022:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6049 comm="syz.4.36" exe="/root/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7fb41d34f749 code=0x7ffc0000 [ 138.602677][ T37] audit: type=1326 audit(1766964645.022:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6049 comm="syz.4.36" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb41d34f749 code=0x7ffc0000 [ 138.602730][ T37] audit: type=1326 audit(1766964645.022:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6049 comm="syz.4.36" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb41d34f749 code=0x7ffc0000 [ 138.620031][ T37] audit: type=1326 audit(1766964645.022:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6049 comm="syz.4.36" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb41d34f749 code=0x7ffc0000 [ 138.622618][ T37] audit: type=1326 audit(1766964645.042:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6049 comm="syz.4.36" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb41d3465e7 code=0x7ffc0000 [ 138.623994][ T37] audit: type=1326 audit(1766964645.042:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6049 comm="syz.4.36" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb41d2eb829 code=0x7ffc0000 [ 138.670461][ T37] audit: type=1326 audit(1766964645.042:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6049 comm="syz.4.36" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb41d34f749 code=0x7ffc0000 [ 139.544284][ T6058] Zero length message leads to an empty skb [ 141.038373][ T6067] Driver unsupported XDP return value 0 on prog (id 11) dev N/A, expect packet loss! [ 141.484734][ T5989] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 141.648903][ T5989] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 141.648939][ T5989] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 141.648985][ T5989] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 141.649011][ T5989] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.284208][ T5989] usb 4-1: usb_control_msg returned -32 [ 142.284270][ T5989] usbtmc 4-1:16.0: can't read capabilities [ 142.373283][ T6000] syz.0.20 (6000): drop_caches: 1 [ 143.130998][ T6085] 9pnet_virtio: no channels available for device syz [ 143.407045][ T6086] SQUASHFS error: Failed to read block 0x0: -5 [ 144.553556][ T5989] usb 4-1: USB disconnect, device number 3 [ 144.726214][ T6093] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 144.776994][ T6093] input: syz0 as /devices/virtual/input/input5 [ 146.289542][ T6105] vlan2: entered promiscuous mode [ 146.289891][ T6105] vlan2: entered allmulticast mode [ 146.289909][ T6105] hsr_slave_1: entered allmulticast mode [ 146.975480][ T6113] tmpfs: Unsupported parameter 'huge' [ 147.117540][ T6109] 9pnet_virtio: no channels available for device syz [ 149.743697][ T6131] netlink: 8 bytes leftover after parsing attributes in process `syz.2.59'. [ 150.082186][ T6132] macvlan2: entered allmulticast mode [ 150.082211][ T6132] veth1_vlan: entered allmulticast mode [ 150.100798][ T6132] veth1_vlan: left allmulticast mode [ 151.020344][ T6141] Bluetooth: MGMT ver 1.23 [ 151.921696][ T6145] 9pnet_virtio: no channels available for device syz [ 156.903104][ T5804] Bluetooth: hci0: Malformed Event: 0x13 [ 157.723319][ T6229] 9pnet_virtio: no channels available for device syz [ 158.354064][ T37] kauditd_printk_skb: 153 callbacks suppressed [ 158.354085][ T37] audit: type=1326 audit(1766964664.772:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6209 comm="syz.1.87" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46b375f749 code=0x7fc00000 [ 158.354437][ T37] audit: type=1326 audit(1766964664.772:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6209 comm="syz.1.87" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f46b375f749 code=0x7fc00000 [ 158.405024][ T37] audit: type=1326 audit(1766964664.832:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6209 comm="syz.1.87" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46b375f749 code=0x7fc00000 [ 158.405327][ T37] audit: type=1326 audit(1766964664.832:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6209 comm="syz.1.87" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46b375f749 code=0x7fc00000 [ 158.416875][ T37] audit: type=1326 audit(1766964664.842:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6209 comm="syz.1.87" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46b375f749 code=0x7fc00000 [ 158.418538][ T37] audit: type=1326 audit(1766964664.842:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6209 comm="syz.1.87" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46b375f749 code=0x7fc00000 [ 158.420620][ T37] audit: type=1326 audit(1766964664.842:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6209 comm="syz.1.87" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46b375f749 code=0x7fc00000 [ 158.420933][ T37] audit: type=1326 audit(1766964664.842:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6209 comm="syz.1.87" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46b375f749 code=0x7fc00000 [ 158.421244][ T37] audit: type=1326 audit(1766964664.842:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6209 comm="syz.1.87" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46b375f749 code=0x7fc00000 [ 158.421514][ T37] audit: type=1326 audit(1766964664.842:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6209 comm="syz.1.87" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46b375f749 code=0x7fc00000 [ 159.026721][ T6237] binder: 6236:6237 ioctl c0306201 200000000680 returned -14 [ 159.183642][ T6242] 9pnet_virtio: no channels available for device syz [ 159.397222][ T5804] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 159.397291][ T5804] CPU: 1 UID: 0 PID: 5804 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 159.397318][ T5804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 159.397334][ T5804] Workqueue: hci3 hci_rx_work [ 159.397402][ T5804] Call Trace: [ 159.397414][ T5804] [ 159.397430][ T5804] dump_stack_lvl+0xe8/0x150 [ 159.397467][ T5804] sysfs_create_dir_ns+0x259/0x280 [ 159.397503][ T5804] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 159.397532][ T5804] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 159.397567][ T5804] ? rt_spin_unlock+0x161/0x200 [ 159.397594][ T5804] kobject_add_internal+0x6b1/0xcd0 [ 159.397623][ T5804] kobject_add+0x155/0x220 [ 159.397648][ T5804] ? __pfx_kobject_add+0x10/0x10 [ 159.397674][ T5804] ? get_device_parent+0x370/0x3a0 [ 159.397698][ T5804] device_add+0x408/0xb80 [ 159.397720][ T5804] hci_conn_add_sysfs+0xd5/0x210 [ 159.397751][ T5804] le_conn_complete_evt+0xf1d/0x1420 [ 159.397790][ T5804] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 159.397819][ T5804] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 159.397837][ T5804] ? lockdep_hardirqs_on+0x7b/0x110 [ 159.397856][ T5804] ? skb_pull_data+0xfb/0x200 [ 159.397888][ T5804] hci_le_conn_complete_evt+0x187/0x480 [ 159.397916][ T5804] hci_event_packet+0x78f/0x1260 [ 159.397949][ T5804] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 159.397972][ T5804] ? __pfx_hci_event_packet+0x10/0x10 [ 159.398000][ T5804] ? rt_spin_unlock+0x150/0x200 [ 159.398034][ T5804] ? hci_send_to_monitor+0xe2/0x590 [ 159.398062][ T5804] hci_rx_work+0x3ee/0x1060 [ 159.398098][ T5804] ? process_scheduled_works+0x9ef/0x1770 [ 159.398122][ T5804] process_scheduled_works+0xad1/0x1770 [ 159.398167][ T5804] ? __pfx_process_scheduled_works+0x10/0x10 [ 159.398186][ T5804] ? do_raw_spin_lock+0x121/0x290 [ 159.398221][ T5804] worker_thread+0x8a0/0xda0 [ 159.398266][ T5804] kthread+0x711/0x8a0 [ 159.398294][ T5804] ? __pfx_worker_thread+0x10/0x10 [ 159.398315][ T5804] ? __pfx_kthread+0x10/0x10 [ 159.398339][ T5804] ? rt_spin_unlock+0x150/0x200 [ 159.398367][ T5804] ? rt_spin_unlock+0x161/0x200 [ 159.398389][ T5804] ? __pfx_kthread+0x10/0x10 [ 159.398417][ T5804] ret_from_fork+0x510/0xa50 [ 159.398439][ T5804] ? __pfx_ret_from_fork+0x10/0x10 [ 159.398457][ T5804] ? __switch_to+0xc9e/0x1480 [ 159.398490][ T5804] ? __pfx_kthread+0x10/0x10 [ 159.398517][ T5804] ret_from_fork_asm+0x1a/0x30 [ 159.398560][ T5804] [ 159.398693][ T5804] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 159.398737][ T5804] Bluetooth: hci3: failed to register connection device [ 161.229535][ T6261] netlink: 12 bytes leftover after parsing attributes in process `syz.2.105'. [ 161.229915][ T6261] openvswitch: netlink: Flow actions attr not present in new flow. [ 164.400531][ T6278] binder: 6277:6278 ioctl c0306201 200000000680 returned -14 [ 165.134194][ T6296] 9pnet_virtio: no channels available for device syz [ 165.925677][ T5804] Bluetooth: hci3: command 0x0406 tx timeout [ 166.610740][ T6304] binder: 6303:6304 ioctl c0306201 200000000680 returned -14 [ 167.090121][ T6315] 9pnet_virtio: no channels available for device syz [ 170.003127][ T6351] 9pnet_virtio: no channels available for device syz [ 172.472654][ T6398] tmpfs: Unsupported parameter 'huge' [ 172.551032][ T6398] 9pnet_virtio: no channels available for device syz [ 172.844311][ T6399] hub 8-0:1.0: USB hub found [ 172.848383][ T6399] hub 8-0:1.0: 1 port detected [ 176.765124][ T6436] 9pnet_virtio: no channels available for device syz [ 177.804770][ T6439] binder_alloc: 6438: binder_alloc_buf, no vma [ 177.805408][ T6439] binder: 6438:6439 ioctl c0306201 200000000680 returned -14 [ 178.091204][ T6440] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 178.091222][ T6440] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6440, name: syz.4.169 [ 178.091235][ T6440] preempt_count: 2, expected: 0 [ 178.091243][ T6440] RCU nest depth: 1, expected: 1 [ 178.091254][ T6440] 2 locks held by syz.4.169/6440: [ 178.091263][ T6440] #0: ffffffff8d5ae940 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run10+0x1f2/0x510 [ 178.091317][ T6440] #1: ffff8880b883fe88 (&s->lock_key#14){+.+.}-{3:3}, at: ___slab_alloc+0x12f/0x13e0 [ 178.091360][ T6440] Preemption disabled at: [ 178.091364][ T6440] [<0000000000000000>] 0x0 [ 178.091387][ T6440] CPU: 0 UID: 0 PID: 6440 Comm: syz.4.169 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 178.091405][ T6440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 178.091415][ T6440] Call Trace: [ 178.091421][ T6440] [ 178.091428][ T6440] dump_stack_lvl+0xe8/0x150 [ 178.091452][ T6440] __might_resched+0x32a/0x480 [ 178.091474][ T6440] rt_spin_lock+0xc7/0x3e0 [ 178.091499][ T6440] ? __pfx_rt_spin_lock+0x10/0x10 [ 178.091519][ T6440] ? __lock_acquire+0x6b6/0x2cf0 [ 178.091543][ T6440] ? __lock_acquire+0x6b6/0x2cf0 [ 178.091567][ T6440] ___slab_alloc+0x12f/0x13e0 [ 178.091587][ T6440] ? unwind_next_frame+0xa5/0x23d0 [ 178.091607][ T6440] ? lock_acquire+0x107/0x340 [ 178.091627][ T6440] ? __bpf_stream_push_str+0xa8/0x2b0 [ 178.091646][ T6440] __slab_alloc+0xc6/0x1f0 [ 178.091662][ T6440] ? __bpf_stream_push_str+0xa8/0x2b0 [ 178.091679][ T6440] kmalloc_nolock_noprof+0x1be/0x440 [ 178.091702][ T6440] ? __bpf_stream_push_str+0xa8/0x2b0 [ 178.091720][ T6440] __bpf_stream_push_str+0xa8/0x2b0 [ 178.091734][ T6440] ? __asan_memcpy+0x40/0x70 [ 178.091755][ T6440] ? __pfx___bpf_stream_push_str+0x10/0x10 [ 178.091778][ T6440] bpf_stream_stage_printk+0x14e/0x1c0 [ 178.091792][ T6440] ? __pfx_find_from_stack_cb+0x10/0x10 [ 178.091811][ T6440] ? arch_bpf_stack_walk+0x112/0x170 [ 178.091839][ T6440] ? __pfx_bpf_stream_stage_printk+0x10/0x10 [ 178.091867][ T6440] bpf_prog_report_may_goto_violation+0xc4/0x190 [ 178.091883][ T6440] ? __pfx_bpf_prog_report_may_goto_violation+0x10/0x10 [ 178.091898][ T6440] ? irqentry_exit+0x5dd/0x660 [ 178.091913][ T6440] ? trace_irq_disable+0x37/0x100 [ 178.091933][ T6440] ? read_tsc+0x9/0x20 [ 178.091950][ T6440] bpf_check_timed_may_goto+0xaa/0xb0 [ 178.091977][ T6440] arch_bpf_timed_may_goto+0x21/0x40 [ 178.091996][ T6440] bpf_prog_6fd842a53d323cc5+0x53/0x5f [ 178.092012][ T6440] bpf_trace_run10+0x2e4/0x510 [ 178.092031][ T6440] ? bpf_trace_run10+0x1f2/0x510 [ 178.092049][ T6440] ? __pfx_bpf_trace_run10+0x10/0x10 [ 178.092068][ T6440] ? packet_create+0x19d/0x790 [ 178.092103][ T6440] __bpf_trace_percpu_alloc_percpu+0x364/0x400 [ 178.092135][ T6440] ? packet_create+0x19d/0x790 [ 178.092156][ T6440] ? __pfx___bpf_trace_percpu_alloc_percpu+0x10/0x10 [ 178.092181][ T6440] ? packet_create+0x19d/0x790 [ 178.092202][ T6440] ? packet_create+0x19d/0x790 [ 178.092223][ T6440] ? __lock_acquire+0x6b6/0x2cf0 [ 178.092249][ T6440] ? do_raw_spin_lock+0x121/0x290 [ 178.092270][ T6440] ? do_raw_spin_lock+0x121/0x290 [ 178.092302][ T6440] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 178.092317][ T6440] ? lockdep_hardirqs_on+0x7b/0x110 [ 178.092333][ T6440] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 178.092354][ T6440] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 178.092382][ T6440] ? packet_create+0x19d/0x790 [ 178.092403][ T6440] pcpu_alloc_noprof+0x1557/0x16d0 [ 178.092441][ T6440] packet_create+0x19d/0x790 [ 178.092467][ T6440] __sock_create+0x4b3/0x9d0 [ 178.092500][ T6440] __sys_socket+0xd7/0x1b0 [ 178.092518][ T6440] __x64_sys_socket+0x7a/0x90 [ 178.092534][ T6440] do_syscall_64+0xec/0xf80 [ 178.092548][ T6440] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.092564][ T6440] ? trace_irq_disable+0x37/0x100 [ 178.092580][ T6440] ? clear_bhb_loop+0x60/0xb0 [ 178.092599][ T6440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.092615][ T6440] RIP: 0033:0x7fb41d34f749 [ 178.092629][ T6440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.092642][ T6440] RSP: 002b:00007fb41b5b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 178.092657][ T6440] RAX: ffffffffffffffda RBX: 00007fb41d5a5fa0 RCX: 00007fb41d34f749 [ 178.092669][ T6440] RDX: 0000000000000300 RSI: 0000000000000003 RDI: 0000000000000011 [ 178.092678][ T6440] RBP: 00007fb41d3d3f91 R08: 0000000000000000 R09: 0000000000000000 [ 178.092688][ T6440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 178.092697][ T6440] R13: 00007fb41d5a6038 R14: 00007fb41d5a5fa0 R15: 00007ffc1e35a838 [ 178.092722][ T6440]