last executing test programs: 53.737892399s ago: executing program 1 (id=111): r0 = fsopen(&(0x7f0000000180)='hugetlbfs\x00', 0x0) userfaultfd(0x801) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x40000) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$rdma_cm(0xffffff9c, &(0x7f00000001c0), 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) r2 = fsmount(r0, 0x0, 0x0) fchdir(r2) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x8) wait4(0x0, 0x0, 0x20000000, 0x0) r4 = getpid() ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, 0x0) syz_clone3(&(0x7f00000007c0)={0x194124000, 0x0, &(0x7f0000000440), 0x0, {0x31}, &(0x7f0000000880)=""/4096, 0x1000, &(0x7f0000000500)=""/232, &(0x7f0000000740)=[0x0, 0x0, 0x0, 0x0, 0x0, r4, 0xffffffffffffffff, 0x0, 0x0], 0x9}, 0x58) write$cgroup_int(r3, &(0x7f0000000040)=0x1f00, 0x12) mkdirat(0xffffffffffffff9c, 0x0, 0x88) execve(&(0x7f0000000000)='./file1\x00', &(0x7f00000003c0)={[&(0x7f0000000040)=' ()-\x00', &(0x7f00000000c0)='\x00', &(0x7f00000001c0)='lowerdir', 0x0, 0x0, &(0x7f0000000380)='\x14-\x00']}, 0x0) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f00000002c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000600)={[{@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 51.686927701s ago: executing program 1 (id=113): bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) madvise(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x15) madvise(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x15) 51.05680429s ago: executing program 1 (id=118): socket$xdp(0x2c, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, 0x0) sysfs$3(0x3) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f00000002c0)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', 0x0}) r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r4, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r4, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r4, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4) bind$xdp(r4, &(0x7f0000000100)={0x2c, 0x0, r6}, 0x10) bind$xdp(r1, &(0x7f0000000240)={0x2c, 0x1, r3, 0x0, r4}, 0x60) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xe, 0xb}}}, 0x24}}, 0x800) 46.332877577s ago: executing program 1 (id=124): mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdir(&(0x7f00000008c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') openat$incfs(0xffffffffffffff9c, &(0x7f0000000140)='.pending_reads\x00', 0x1a10c1, 0x9c37611dc13d0d83) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x60) getdents(r0, &(0x7f0000000140)=""/194, 0xc2) 44.526441258s ago: executing program 1 (id=130): ioctl$VHOST_VDPA_SET_CONFIG(0xffffffffffffffff, 0x4008af74, &(0x7f0000003180)={0x1, 0xfe0, "22ae17b66148939e0b6be24022ed9fceb5f689ac39f675ce436f0a0462514776ad0b4adc451a661c02ed38b0f6d1f549838e1fd7343561eb0b98dc19943750c585d0dd560b91afe18924db59a901c28ef3a4d26929d4f5d1aac527149da03fee7d467d2611caebc625b57f9466e1ebfe3653f7a3a3d7d5beca1df976812f6430ed4aefa7afd2c886465bfb81f414100221355ff8d16c4a2dd078baca55631cd8760743a4f0d096baee4266ed46407edf64511630edd9325808571d7813c3af594595fa9b76c70f0f9ca49649075593c22094b4f9e5c55d38224e5ad4047a5f47881831cb7f82a117021843bc662d4ad7b4e41536abcee92b42f0557eb4d268ad8dca71881d3f8dc783bc667336ea7653c9caed8631c8b92a116803dc419158e5e3e865a733c45f259e42bb725abe2d27e676a605e9b278171a08b4a82d9f4e38b762bebaea2469f6ee3430a456f188f7ba5dedc89b0063c57872a72189b9dd11be4ba8d4759740c7bc59df7475f9bda3f604ed9d4ad26f34964c3e8cef56f29faaf35a830efe0e484b69b928ef207583fcb06b46935592bc80ee6a67af69488d4503ab4bce4d757fb5db7668428d293bb3c95d5a86a7aa79e65ec00c40ab5ec4dc54950d20462a6b8c9617e2aeb2dd3d78d4b4cbd59c17f47a0b3a2c9d387908c049625356488cb1a8c86158cc533439ba1290839ba61f999c7ddbd126b5c9fdb9e221b6530d56ec090fcb1244281f4db9fb966fa294671ba1bd7670e14813c01b8f5ddaad4ffcb8e818d5c48233b263ec4a900bebf99291606c3812e64d5f4f2c98af9e26e87726c0d301956539a5fd43727599c3fdfe65547e091a486339aba5d2144e102e9e6e315ab3ca0f2987920747f7e1caea668336c65e42c5bc6f6aae41e133b8b0ee7121cefd345ee4a0762dcacb8fb970ea1ae027834e5f40e5fb54d90777d842371ce15b47146972f73c32176dd41fc41f2044ddef1309827ba68231f06e25716dd02f65f226ee2ca99418d4f738e5f505f488860d981212e2cb87687c649e9e225d50768d2f40ae3b9a3d1f4233c0a1765d296293b6bbe92baa40fdb6805331600edb036a2112a4952e4ecf130e9085665f432688ded5f38264e2b4960d37b1a403c037077ec6750a3354cf89439f0b871e0743ecd93fe17a3a7b1d150f8d8d1094aaa4289f403025143442cf5a6c0f14ba161552b668cde632c8b5fa92d850c58121bbf24005beb7027592584616ca58b0d73437f55b670e6b7b6def2aa62a1004c5f238b800f2e455e15446cae530c8087ad5772bd4ac1d58d9ec85b5b42366d84e10ccd940e8379f5941a2a2773c08b08e887dd1cd4683b587daece36c5f8bdb792451640cc62571ab6fcf3a4094a6031d6df2e27de0cb548873570637f33d505e42affcb98896df7cf3af0fba315aa24cbbde3c98893b809ee96b118136202b38a0cbd543e525df749e583c27fdab466c9c10abcd70697283e3dd3355baf0f2f55b093690b230fb39977f6ca94ea61f0ffa63a5b73f7dcb7db723df8c2cbc2fe7689cb92d731b344c0ba0b1b5ac26ad1186764e540a2ddef756f92268c2fb1dcae22796df871ba02d5f249d273f6c663f982bd488187fd291d36d0695138341c9acf9b9280ecbfab50b78db2438bb7170fe041e06604210ee90f26cb35d5788db7b6bdd6479aa61cb4e8648b3b288bb57582b143d7993dc716e90b3d016ab390b42528cfa55d88bfd7ebcb7cdd2e2c1a2d76716217c31d3b28ca388eb2f06c8d21ba251c71e57f91f53021176210d1e78e2900f3c9e83eab9836a8852f14d3bfe94cf47ae8fc56e980bbe8ad5a056650827b3d558bf8ba711640c7dae95cedbac5fc2fed7770481467a1cc2295baf797903f41c49737db863b6fb1e0accacf6959c2aa453f2dabbebc0eae481028ae6927a1e57a2581e5b32038cf3e316bb02b17ca888f3ea387cae0a6589a7ce213f4452c0fc8961ecfd54c46c5b4ecb432c9e4716f249934cd3a21a160d111d318b84b686399ba3484717cb1b056834cd6615999d454f2b747753bdeb5f7bc7176e9e2d31d3ab4bac7216c5e05f997933a976499930d3f47b096fcab4a77e29c6826e4237aef408c153f8eda962e1ded7a8b3da90680905d21228f85788b9b337809e4a4677fde47730e5a409b634ddfa5c2e44bbd0f7743edd2b5b26e2c45aa2dcc47c659d8d31454d4885ee2ae9607cd08a598cc09b7d303717e09e4d125498eb499f4140dfa3cb8df59e8053b566ab0ebb28ffada4df52faac13c6b64f656ff8b273d9c22e8f7379a456d26b1ba12dc2865e50623dc73892f98b40b4f18f5c279ec12875f85c5cbb5f8b3ebb4498c1179a4e8951afba5c2694d43016aaf4ea532701ecce31c65fca8ac6faa239ce4d19f3216fb3acb6d89553b87dd0b28fe2dfec8be8f24f7d0a6bcd4ce0532276e5e150c5c3105ac6ecdad13b63089e05e07341a11d214952c70cdddcd14aba016b8f2f67fc60bdbf02765f70c8cd9a9d4f48a6b8f996c84b16c0a31a650ae5103c13fc0927abf0a845427f6cecbd69bc9852b45a59f9498b51b04bbc0ff7f86f94ad1e17085ff266bd42cc053cbcfdcc221ea8f170ad3ccd51e3c3ba698a7c181c6b06ebf0085e369ceae0f8aff775c38424f04b373c4c28ca0b7d179b18a89ca16e8c81bb8752f4fd0b8562e0a70c720736ea3a33a921c96f49f60609ee4ac06a098661c0ffecfddea2367c4d6716f3123a1a8e6ad3c42d73c0dc90f23be356eb80f051a640c00c824a8b75ab7ca4c4b4df941279120ccb120a98dfac60e76d91935c9513dbdc88f9b87632d5882243b52a3411c24d7247c3419e3e97b1d4e2327eba589367b596256a27f3eae267eb8cf046b6a1970306061a427a763002680365e243fe48c13dc3697e8e7ae0d2fd7fda402ddcd2f69c1b5c0860cb85369d650e9b4d8b2ceec595c17b00638d21bff202f055c6fd67b4bab53076671e9bd574d6f8385979b30fe079dc1b43223eb499bbb54d62eeedd567828eeaafe3d4701fb369ab1c2eb18a05f667a4f960734a7865ebf11e49b997414691748dca088842918f76facf265200862a95541b43e2abb3a8c7a19fa2b88bd441b7cf03cec201cd621a3c0eb317271fd4a24641a1534e9df4c914d4d0338526a15de1c61dd2863b3ee474b6da455d0c96d9949eef43953055840b0c3838445944b4ee1a20e35b5079be627107cf6d5816cf5541a5be355a80a726c52d1461b030229624b1b4058011b5694e4edb9b59d3bf4b29bfe447f0f0ca354dc5cca890b65fe29c57b8dfcfa0043e3798e377ed986b686a8b1710a7b0b96fd57eb5d1729d4c4a1d8f8c4f226aecb583bc6a2b1926f84402bbea1e1b8ff2ce22c5c9cf8394412528337ac795c4dcf853973317e6ee7ba7189f6dc2d40dc2a566ba023b51b2769bf2d007f7967df35111af76da0e4bcd318b962ba7eb82ff23379d7735c340941fd0345f4eb29f99d000d63fa36bccf0ae44c653e7f219995788367d23a5366fbbeedd42c1db1eaf5166c8ce3f0b898105ed3825087075728d967f498e54129fc7de5e5a4d1b921584f70a16db7ad5921c040d321d76dee391279f7a8f49e9080b3898913f25ab27e8e7d2af5fed26db9e3be8669499938ac8761960e634397f2032975178a48604a611d5bf841fc38ce704e00ce214e16251b17e5c25162b2f1c3c4dbd95cb004420256ba41ff966882fb2081c7c95d80b83b989c3846d949d28466abf50005e8d3a905f88334e120e22f826b25508c3a0afeff0b28f1f46ba00ddb5057b5e2299ee932b4fc3b6511504bcb2c209e7ec43f1b8c56a2c0a84b3ebcc600b01a023dc79d6467df112df83b65d85cd1b03000188bdd53dc132557bd482b5e606509e35c809133c738a4930cf2e3956a8accd3df90afd0a15d07f164b0e767bb698e77041b4e87fd0b9ea66ba0ac1090df6e333b526b095eb1c32a495eac70f0080911af2443ec79963ec304aac8be72e34efc0fbb81b57d6004b07a1bc0d6ea1d37e0840a3bb776c7c0dce1d10762c82cd289111de4a1a18c9d3b1a607e73b5d5bd243d45980ecb53be58071c2fb8217167327094e39cd54501bfcace0670e9d8d4b4259d194251d572ddfc6e82bb2b041cb94da005c0819eaadf4aa79b00682f50c02d847d2679f278baf248bf4c6ad2b17916e6d49fdc261039c32934801e573d3a2c7ae22f0835202c8b5a7b77f269192f2fe3fa01601855404ace9d84c63dfe0f8551ff0ed24b0adfc9374ef77ba1413439b820b4e8d2601e423a03530ed25a01e4fa881d818609eb0a2e2391d6639980ba8df2c1e43104d0937ee6a10bcac8fb4338c665301b70de0e95c3eae011919e9a329c2626cd0d3a71f28ef4dc24de34026c4865b625f8250f5d9e115df17450b9ebfed4acb7e1bd4ad7b6ac34814e3ac891cf52595ed5bf0b6b43a05b13c3f646a73d30f369e44f1b909533ba8c33d5b0fdbfe99ba7b2bba379446fba7301814b872327a5957d74d115d3aa456364571a6b0bfe127dc7694f98a86931a63575eb356a4f87dcb57a7eb71498a91ae7038b7da1168f628ea324e3bb0c597bd7e575b5072a75e17ef2b0f1f670780851ecd825ec7d464149376fcd39c2e5526808fe845d1800d6a6aaeda497a6bd6dcad02d6c7d2cf05de3b05a1d5633f18da6992d71512ade29c148a7c03ee3bbd891511e1ee5c1d3022940467bcbc8513bcae187109ca27855732e1639e4245ff9f4fe1f2b66535ecb600a3d5587f97fa908bdd4b24ce9b2ce276cd5f6b5598aec68887c0873ebd04b5e5d5df6f8577b92c4899d339b2e042c792f1db7ec33a85435631a9a93a6d7322ce8e9e45f0826f988338142a33d5990582cd764403e8ce253858b774e99ef66725f45d878abd717fc85750f0cbd7aafb8e1c9ce1c6e3efeda62cb733435933634cc86ae7f460a004d57987f0a766b812249613b5494d53e3ffd729f0768fff8bf6b6143ad217484b1af9cdde66e1be12093eefadd91e23612958d7bbac71a7981a8f3acf0f2797ed6e1c6f1fc49431087b6e99ead748b2ec7d3040f90696ffe565c931338215cc507c145082055ea2842641ed40092064f4b5033762f6eed83254c6565316fd5912e3eb64fe04f25bee9b23430b896cbd9baeda85ccfce7fcca9218b09989bbd146d13066eca582ce51bf1cc4497f422349e07c25398cb4974fa77c4d192cc5549f2cfa5b6b0ba73d46caedb78d92b3cf52d8a9fd9b8696341b5677a7575ae3ff1431d618a5beb51d113cd370c74bd3d2552b5174451660c506eb45d0d7e6781f2e51119f8b4379f8775405d1bd229d24de60e455858a61e1e4cc5c2b5ab1f17d6bf7b84a5b6acfe7d7d908144fde294e8ebdc0a98dc08ebe34a702c97540f3827bc0dcaf7bb3293cfe3f0501835aa0d6072625f68088babd1b3ac9aa49b06f053144d981b2a164aeef1074e9983b029aea1dfe7218566a7236fb23148a6e5e46e5839d4809e2035943e02f0fd0beecda0714b9b237cd09d197f33cf8a64aa146262d85f09879de8410540f1b9ed44745e757b31fc20ad6a4635527d981cf92fed1615285ef61110bca310a1b905e2b65a3811eb0c0a1f75d3eea9f4636248c435a2f23cecb37b278abe9b5e3fcf008aa879bf15d5763c26a02e71b42f53e05ff1aeeff8a2726582758f8c7c394126cbb7660fbbadaf8b69bc706f24ac13f9135a717750f895a236764"}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000340)={0x0, 0x9, 0x7a8, 0x6, 0x4000}, 0x14) openat$fb0(0xffffffffffffff9c, 0x0, 0xc0c01, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x90e7d000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) r5 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0) read$midi(r5, 0x0, 0x14) socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in=@remote, @in6=@empty, 0x8000, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee01}, {}, {}, 0x0, 0x400000}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x10) sendmsg$nl_xfrm(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB], 0x1c}}, 0x0) epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0) 42.17218534s ago: executing program 1 (id=136): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, 0xffffffffffffffff, 0x4000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r3, &(0x7f0000000280)={0xb, 0x10, 0xfa00, {0x0, 0xffffffffffffffff, 0x1}}, 0x18) 40.629974647s ago: executing program 4 (id=138): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) listen(0xffffffffffffffff, 0x101) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6", 0x3) r5 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x80800) sendmmsg$alg(r5, 0x0, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200000000000c00028005000100000001000800074000000001"], 0x64}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r6, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r7) sendmsg$NLBL_MGMT_C_ADDDEF(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x38, r8, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @private1}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x2}]}, 0x38}}, 0x0) 38.54088306s ago: executing program 4 (id=143): openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x105180, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x6c}, 0x1, 0x0, 0x0, 0x4840}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3e, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, 0x0) r3 = socket$unix(0x1, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af8295", 0x13c}], 0x2, 0x0, 0x48}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000400)="14", 0x4}, 0x50) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8b18, &(0x7f0000000000)={'wlan0\x00'}) 37.030535314s ago: executing program 4 (id=145): r0 = socket(0x10, 0x803, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@newtfilter={0xc8, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xe, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_u32={{0x8}, {0x9c, 0x2, [@TCA_U32_SEL={0x94, 0x5, {0x7, 0xef, 0x8, 0x8, 0x5, 0x809, 0x7, 0x0, [{0x1000, 0x4, 0x401, 0x6}, {0x8, 0x7, 0x1008, 0x5}, {0xfffffff9, 0x243, 0x7ffd, 0x6}, {0x7fde, 0x40, 0x51, 0x3ff}, {0x5, 0xb, 0x8, 0x42}, {0x6, 0x4, 0x12c5, 0x8}, {0x317, 0x0, 0x0, 0x8001}, {0x1, 0x1800004, 0xa525}]}}, @TCA_U32_POLICE={0x4}]}}]}, 0xc8}, 0x1, 0x0, 0x0, 0x80}, 0xc040) 31.000804337s ago: executing program 4 (id=156): openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x105180, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x6c}, 0x1, 0x0, 0x0, 0x4840}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3e, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, 0x0) r3 = socket$unix(0x1, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af8295", 0x13c}], 0x2, 0x0, 0x48}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000400)="14", 0x4}, 0x50) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8b18, &(0x7f0000000000)={'wlan0\x00'}) 28.32869042s ago: executing program 4 (id=157): socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r2) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0800000004"], 0x50) r4 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r4, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r5 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r5, 0x10f, 0x87, &(0x7f00000008c0), 0x43) close(r0) 27.072037592s ago: executing program 32 (id=136): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, 0xffffffffffffffff, 0x4000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r3, &(0x7f0000000280)={0xb, 0x10, 0xfa00, {0x0, 0xffffffffffffffff, 0x1}}, 0x18) 26.980733829s ago: executing program 4 (id=163): add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffe) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) socket$kcm(0x21, 0x2, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) write$tcp_mem(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x2d, 0x0, 0x3a, 0xfffffffffffffffe, 0x2c}, 0x48) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xd, 0x0, &(0x7f0000000280)) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) 11.09914456s ago: executing program 33 (id=163): add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffe) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) socket$kcm(0x21, 0x2, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) write$tcp_mem(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x2d, 0x0, 0x3a, 0xfffffffffffffffe, 0x2c}, 0x48) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xd, 0x0, &(0x7f0000000280)) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) 8.348922041s ago: executing program 2 (id=183): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) setxattr$trusted_overlay_origin(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)={0x98, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0x98}, 0x1, 0x0, 0x0, 0x4040081}, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000100)=0x19, 0x4) syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x33}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @ipv4={'\x00', '\xff\xff', @private}, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10}}}}}}}, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'vlan0\x00', 0x1}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000280)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a5181100", @ANYRES32=r6], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 8.254959668s ago: executing program 0 (id=184): socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r1) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0800000004"], 0x50) r3 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r4 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r4, 0x10f, 0x87, &(0x7f00000008c0), 0x43) close(r0) 7.990891131s ago: executing program 0 (id=185): sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYRES16, @ANYBLOB="050000000000000000", @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffffffffff070001000406f0027f0006a7000c006400000008000d000000000073f68ac399765b"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a010101000000008903ce07020000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d7", 0x6, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ebffffffffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 6.687556653s ago: executing program 2 (id=186): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'tunl0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0xfffffffd, {0x0, 0x0, 0x0, r2, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x4000010) sendmmsg$inet(r0, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0) 6.644938299s ago: executing program 3 (id=187): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000200)={0x0, 0x3, 0x0, 0x1000, 0x0, 0xfffffffe, 0x0}) 6.513373688s ago: executing program 3 (id=188): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32, @ANYBLOB='\x00'/10], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNGETVNETLE(0xffffffffffffffff, 0x40047451, 0x0) r4 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_mreq(r4, 0x29, 0x14, &(0x7f0000000200)={@mcast1}, 0x14) 5.332252748s ago: executing program 3 (id=189): r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r0, &(0x7f0000000300)=[{{&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x4, 0x0}}, 0x10, 0x0}}], 0x1, 0x4000000) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f00000008c0)=@assoc_value={r2, 0x1}, 0x8) 5.223578678s ago: executing program 3 (id=190): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = epoll_create1(0x0) r2 = epoll_create1(0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b55385"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000100)={0xa000000d}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000400)={0xa}) syz_usb_connect(0x4, 0x24, 0x0, 0x0) epoll_pwait(r1, &(0x7f0000000080)=[{}], 0x1, 0x4c6, 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r5}, &(0x7f0000000000), &(0x7f0000000180)}, 0x20) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000280)={0x34, r6, 0x1, 0x0, 0x200, {{}, {}, {0x17, 0x17, {0x20, 0x0, @udp='udp:syz2\x00'}}}}, 0x34}}, 0x0) 5.13301824s ago: executing program 0 (id=191): r0 = getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000002380)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002300)=ANY=[@ANYBLOB="100000000000000001000000010000001c000000000000000100000002000000", @ANYRES32=r0], 0x30, 0x4000080}}], 0x1, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 5.021089673s ago: executing program 0 (id=192): socket$kcm(0x10, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) fsopen(0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xf, &(0x7f00000005c0)={0x2, 0x401}, &(0x7f0000000600)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_MEDIA_GET(r3, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000400)={&(0x7f0000000900)=ANY=[@ANYRES16, @ANYBLOB="0004000073d09602a469c6367f968de0cc16d44670ac658b8cb76d930f7a094b9ccf2fb337e0d34db8f898584a958745031588a6f0abfbd546c2580d99c2fdd4a7ed90172bbe35c5bf7ca19c0b66eb5993d0cceefbc9daad57885772bbf9b06cd9f27386672437afe131126769683a1ad5d65b5e225eee0bf3ec4567bbcf688aa15748aceabb390f2a72", @ANYRESOCT, @ANYRES8], 0x108}, 0x1, 0x0, 0x0, 0x20000094}, 0x800) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000003c0007010000000000000000010000000400fc800c00018008000600ffff0000080002800400728008000900"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'tunl0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0xfffffffd, {0x0, 0x0, 0x0, r6, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x2, 0x8}}]}, 0x40}}, 0x4000010) sendmmsg$inet(r4, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0) 4.826867749s ago: executing program 2 (id=193): socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r1) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0800000004"], 0x50) r3 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r4 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r4, 0x10f, 0x87, &(0x7f00000008c0), 0x43) close(r0) 4.582933003s ago: executing program 2 (id=194): bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) syz_usbip_server_init(0x3) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x120000000000, 0xfffffffffffffffd, 0x0, 0x2000000000000000, 0x10, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x3ff, 0xf, 0x80000006}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 3.759201384s ago: executing program 0 (id=195): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) setxattr$trusted_overlay_origin(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)={0x98, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0x98}, 0x1, 0x0, 0x0, 0x4040081}, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000100)=0x19, 0x4) syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x33}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @ipv4={'\x00', '\xff\xff', @private}, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10}}}}}}}, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'vlan0\x00', 0x1}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000280)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a5181100", @ANYRES32=r6], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 2.793931726s ago: executing program 2 (id=196): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000200)={0x0, 0x3, 0x0, 0x1000, 0x0, 0xfffffffe, 0x0}) 1.892940576s ago: executing program 2 (id=197): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) connect$unix(0xffffffffffffffff, 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000040)={0xa0, 0x258, 0x690, 0x384, 0xda, 0x10000, 0x20, 0x0, {0x4, 0x7}, {0x5, 0x1}, {0xfffffffe, 0x2, 0x1}, {0x800, 0x5, 0x1}, 0x5, 0x1, 0x3ff, 0x1000, 0x1, 0x7, 0x63, 0x10002, 0x5, 0x7fff, 0x10001, 0x7, 0x24, 0x100, 0x0, 0x2}) gettid() timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = syz_open_dev$sndctrl(&(0x7f0000000200), 0x1, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000100000095"], 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r2, 0xc1205531, &(0x7f0000000540)={0x1, 0x6, 0x0, 0x0, '\x00', '\x00', '\x00', 0x0, 0x0, 0x0, 0x0, "b6855a32474ffa64f778ddcf29c94337"}) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50) close(0x3) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r4, &(0x7f00000004c0), &(0x7f0000000000), 0x2}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r5}, 0x18) syz_emit_ethernet(0x7d, &(0x7f00000006c0)={@local, @local, @void, {@canfd={0xd, {{0x1, 0x0, 0x1, 0x1}, 0x3b, 0x1, 0x0, 0x0, "2b4bf9cf62b937e4a7902dc82fca6d798c611eb10f311cac60cf28b39381cb09ae3591c94318940cda5291caa366416f776dfed450ca37a48067a1cb031f46e2"}}}}, 0x0) r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) listen(r6, 0x0) 1.736939714s ago: executing program 3 (id=198): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32, @ANYBLOB='\x00'/10], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNGETVNETLE(0xffffffffffffffff, 0x40047451, 0x0) r4 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_mreq(r4, 0x29, 0x14, &(0x7f0000000200)={@mcast1}, 0x14) 12.319379ms ago: executing program 3 (id=199): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x4, '\x00', 0x0, @sk_msg}, 0x94) r1 = socket(0x1d, 0x2, 0x6) r2 = socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'netdevsim0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=@newqdisc={0xa5, 0x24, 0xf0b, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x0, 0x0, 0x800000, 0x0, 0xffffffff}, 0x20, 0x0, 0x7, 0x8, 0x0, 0x14, 0xfd, 0x2, 0x0, 0x0, {0x200}}}}]}, 0x78}}, 0x4080) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, 0x0) sendmmsg$unix(r1, &(0x7f0000005a00)=[{{0x0, 0x0, &(0x7f0000000e40)=[{0x0}], 0x1, 0x0, 0x0, 0x80}}], 0x1, 0x40) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, 0x0) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0x1000)=nil, 0x1000}, 0x1}) madvise(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x13) bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000012000/0x18000)=nil, 0x0, 0x0, 0x8, 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) close(r0) 0s ago: executing program 0 (id=207): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32, @ANYBLOB='\x00'/10], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNGETVNETLE(0xffffffffffffffff, 0x40047451, 0x0) r4 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_mreq(r4, 0x29, 0x14, &(0x7f0000000200)={@mcast1}, 0x14) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.73' (ED25519) to the list of known hosts. [ 84.467978][ T5824] cgroup: Unknown subsys name 'net' [ 84.676042][ T5824] cgroup: Unknown subsys name 'cpuset' [ 84.711760][ T5824] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.829670][ T1607] cfg80211: failed to load regulatory.db [ 87.075771][ T5824] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 90.827043][ T5852] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.828635][ T5852] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 90.830964][ T5850] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.847190][ T5844] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.863536][ T5850] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 90.865371][ T5850] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 90.867032][ T5850] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 90.884168][ T5850] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 90.901541][ T5850] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.908063][ T5850] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.908223][ T5853] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.908691][ T5850] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.916993][ T5855] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.918587][ T5853] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.927657][ T5850] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.928507][ T5850] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.930344][ T5853] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.937408][ T5853] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.938724][ T5853] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.939571][ T5853] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.946377][ T5853] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.947818][ T5853] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.949561][ T5853] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.962493][ T5849] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.963293][ T5849] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 92.398491][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 92.483100][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 92.559172][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 92.686612][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 92.963590][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 93.071861][ T5841] Bluetooth: hci0: command tx timeout [ 93.071868][ T5849] Bluetooth: hci1: command tx timeout [ 93.072031][ T5849] Bluetooth: hci4: command tx timeout [ 93.151086][ T5849] Bluetooth: hci3: command tx timeout [ 93.151293][ T5849] Bluetooth: hci2: command tx timeout [ 93.835248][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.836448][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.836883][ T5836] bridge_slave_0: entered allmulticast mode [ 93.838567][ T5836] bridge_slave_0: entered promiscuous mode [ 94.053429][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.053648][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.053880][ T5836] bridge_slave_1: entered allmulticast mode [ 94.056977][ T5836] bridge_slave_1: entered promiscuous mode [ 94.070174][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.070310][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.073644][ T5839] bridge_slave_0: entered allmulticast mode [ 94.087632][ T5839] bridge_slave_0: entered promiscuous mode [ 94.392561][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.392699][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.392864][ T5839] bridge_slave_1: entered allmulticast mode [ 94.395623][ T5839] bridge_slave_1: entered promiscuous mode [ 94.397690][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.397825][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.398325][ T5835] bridge_slave_0: entered allmulticast mode [ 94.405412][ T5835] bridge_slave_0: entered promiscuous mode [ 94.715137][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.715270][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.715406][ T5835] bridge_slave_1: entered allmulticast mode [ 94.716949][ T5835] bridge_slave_1: entered promiscuous mode [ 94.847754][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.848021][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.848149][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.848621][ T5837] bridge_slave_0: entered allmulticast mode [ 94.850325][ T5837] bridge_slave_0: entered promiscuous mode [ 95.121420][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.121929][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.122062][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.122239][ T5837] bridge_slave_1: entered allmulticast mode [ 95.125096][ T5837] bridge_slave_1: entered promiscuous mode [ 95.137675][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.141283][ T5848] Bluetooth: hci4: command tx timeout [ 95.141314][ T5848] Bluetooth: hci0: command tx timeout [ 95.141332][ T5848] Bluetooth: hci1: command tx timeout [ 95.221270][ T5849] Bluetooth: hci2: command tx timeout [ 95.221303][ T5849] Bluetooth: hci3: command tx timeout [ 95.223425][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.223615][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.223815][ T5838] bridge_slave_0: entered allmulticast mode [ 95.226427][ T5838] bridge_slave_0: entered promiscuous mode [ 95.418771][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.422419][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.430401][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.430583][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.431350][ T5838] bridge_slave_1: entered allmulticast mode [ 95.437245][ T5838] bridge_slave_1: entered promiscuous mode [ 95.776066][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.778902][ T5836] team0: Port device team_slave_0 added [ 95.812507][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.195073][ T5836] team0: Port device team_slave_1 added [ 96.394785][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.397066][ T5839] team0: Port device team_slave_0 added [ 96.416459][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.694716][ T5839] team0: Port device team_slave_1 added [ 96.698518][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.703254][ T5835] team0: Port device team_slave_0 added [ 97.096601][ T5835] team0: Port device team_slave_1 added [ 97.098501][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.098516][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.098537][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.133763][ T5837] team0: Port device team_slave_0 added [ 97.231619][ T5848] Bluetooth: hci1: command tx timeout [ 97.231652][ T5848] Bluetooth: hci0: command tx timeout [ 97.231671][ T5848] Bluetooth: hci4: command tx timeout [ 97.301355][ T5849] Bluetooth: hci3: command tx timeout [ 97.301387][ T5849] Bluetooth: hci2: command tx timeout [ 97.435019][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.435042][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.435066][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.438047][ T5837] team0: Port device team_slave_1 added [ 97.564974][ T5838] team0: Port device team_slave_0 added [ 97.566262][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.566275][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.566299][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.754015][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.754028][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.754041][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.755851][ T5838] team0: Port device team_slave_1 added [ 97.756906][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.756917][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.756931][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.066966][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.066979][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.066993][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.094594][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.094611][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.094635][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.364451][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.364468][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.364483][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.366738][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.366752][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.366772][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.699241][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.699254][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.699268][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.778309][ T5836] hsr_slave_0: entered promiscuous mode [ 98.780076][ T5836] hsr_slave_1: entered promiscuous mode [ 98.977539][ T5839] hsr_slave_0: entered promiscuous mode [ 98.980319][ T5839] hsr_slave_1: entered promiscuous mode [ 98.982929][ T5839] debugfs: 'hsr0' already exists in 'hsr' [ 98.983052][ T5839] Cannot create hsr debugfs directory [ 99.156000][ T5835] hsr_slave_0: entered promiscuous mode [ 99.156909][ T5835] hsr_slave_1: entered promiscuous mode [ 99.158850][ T5835] debugfs: 'hsr0' already exists in 'hsr' [ 99.158873][ T5835] Cannot create hsr debugfs directory [ 99.302329][ T5849] Bluetooth: hci0: command tx timeout [ 99.302361][ T5849] Bluetooth: hci1: command tx timeout [ 99.302402][ T5848] Bluetooth: hci4: command tx timeout [ 99.381559][ T5841] Bluetooth: hci2: command tx timeout [ 99.381594][ T5841] Bluetooth: hci3: command tx timeout [ 99.455155][ T5837] hsr_slave_0: entered promiscuous mode [ 99.456016][ T5837] hsr_slave_1: entered promiscuous mode [ 99.456564][ T5837] debugfs: 'hsr0' already exists in 'hsr' [ 99.456583][ T5837] Cannot create hsr debugfs directory [ 99.640136][ T5838] hsr_slave_0: entered promiscuous mode [ 99.649038][ T5838] hsr_slave_1: entered promiscuous mode [ 99.649984][ T5838] debugfs: 'hsr0' already exists in 'hsr' [ 99.650005][ T5838] Cannot create hsr debugfs directory [ 101.849671][ T5836] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 101.897798][ T5836] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 101.930648][ T5836] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 101.997843][ T5836] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 102.144854][ T5835] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 102.188918][ T5835] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 102.220108][ T5835] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 102.302814][ T5835] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 102.526627][ T5837] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 102.596352][ T5837] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 102.642623][ T5837] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 102.705013][ T5837] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 102.946851][ T5838] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 103.007577][ T5838] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 103.039987][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.053745][ T5838] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 103.115965][ T5838] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 103.325238][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.326405][ T5839] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 103.386151][ T5839] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 103.434254][ T5839] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 103.528205][ T5839] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 103.565888][ T148] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.566596][ T148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.634849][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.635006][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.712134][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.863914][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.908009][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.946265][ T148] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.946489][ T148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.010807][ T148] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.012566][ T148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.112662][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.184192][ T148] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.184983][ T148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.209890][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.264416][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.264554][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.433643][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.497650][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.497781][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.525265][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.583894][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.584058][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.676466][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.781615][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.857167][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.857453][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.950899][ T2145] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.951175][ T2145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.134694][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.222967][ T5836] veth0_vlan: entered promiscuous mode [ 105.306633][ T5836] veth1_vlan: entered promiscuous mode [ 105.384590][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.636019][ T5835] veth0_vlan: entered promiscuous mode [ 105.703410][ T5836] veth0_macvtap: entered promiscuous mode [ 105.727015][ T5836] veth1_macvtap: entered promiscuous mode [ 105.758628][ T5835] veth1_vlan: entered promiscuous mode [ 105.876459][ T5837] veth0_vlan: entered promiscuous mode [ 105.899409][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.933146][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.945812][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.971721][ T5837] veth1_vlan: entered promiscuous mode [ 106.016915][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.017276][ T163] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.049747][ T163] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.063974][ T163] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.091265][ T163] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.093792][ T5835] veth0_macvtap: entered promiscuous mode [ 106.157718][ T5835] veth1_macvtap: entered promiscuous mode [ 106.489626][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.573388][ T5837] veth0_macvtap: entered promiscuous mode [ 106.614426][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.705723][ T5837] veth1_macvtap: entered promiscuous mode [ 106.735889][ T2145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.735916][ T2145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.740639][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.771757][ T5838] veth0_vlan: entered promiscuous mode [ 106.773872][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.777101][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.788368][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.931308][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.931333][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.936624][ T5838] veth1_vlan: entered promiscuous mode [ 106.975586][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.086831][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.207722][ T2145] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.219374][ T2145] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.253836][ T2145] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.288819][ T2145] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.306766][ T5839] veth0_vlan: entered promiscuous mode [ 107.495854][ T163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.495874][ T163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.523149][ T5838] veth0_macvtap: entered promiscuous mode [ 107.537828][ T5839] veth1_vlan: entered promiscuous mode [ 107.686128][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 107.981720][ T5838] veth1_macvtap: entered promiscuous mode [ 108.111896][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 108.211182][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 108.229899][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 108.447568][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.447587][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.973900][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.973921][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.085813][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.231610][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.329252][ T163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.329267][ T163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.342731][ T5839] veth0_macvtap: entered promiscuous mode [ 109.375677][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.393583][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.414544][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.423402][ T5839] veth1_macvtap: entered promiscuous mode [ 109.432218][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.357768][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.378897][ T5965] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 110.429280][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.647931][ T163] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.693040][ T163] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.768652][ T163] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.827159][ T163] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.895938][ T3618] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.895959][ T3618] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.873298][ T5978] warning: `syz.2.7' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 113.946960][ T5986] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11'. [ 114.006595][ T5988] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 114.043070][ T1305] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.043088][ T1305] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.732734][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.732755][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.159886][ T5996] overlayfs: failed to resolve './file1': -2 [ 115.191119][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 116.133682][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 116.231310][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 116.332105][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 116.672454][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 116.971275][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 119.275028][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.276456][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.328224][ T6059] overlayfs: failed to resolve './file1': -2 [ 126.613718][ T5916] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 127.863301][ T5916] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 127.863340][ T5916] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 127.889430][ T5916] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 128.255407][ T5916] usb 1-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 128.255434][ T5916] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.255451][ T5916] usb 1-1: Product: syz [ 128.255463][ T5916] usb 1-1: Manufacturer: syz [ 128.255475][ T5916] usb 1-1: SerialNumber: syz [ 128.329056][ T5916] usb 1-1: config 0 descriptor?? [ 129.045912][ T993] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 129.306132][ T993] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 129.306158][ T993] usb 5-1: config 0 has no interface number 0 [ 129.306208][ T993] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 129.306237][ T993] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.432541][ T993] usb 5-1: config 0 descriptor?? [ 129.438497][ T5916] usb 1-1: can't set config #0, error -71 [ 129.478269][ T5916] usb 1-1: USB disconnect, device number 2 [ 129.535280][ T993] usb 5-1: selecting invalid altsetting 1 [ 129.536276][ T993] dvb_ttusb_budget: ttusb_init_controller: error [ 129.536548][ T993] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 130.643959][ T993] DVB: Unable to find symbol cx22700_attach() [ 130.943887][ T993] DVB: Unable to find symbol tda10046_attach() [ 130.943926][ T993] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 131.496157][ T993] usb 5-1: USB disconnect, device number 2 [ 132.405314][ T37] audit: type=1326 audit(1756996174.840:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6115 comm="syz.4.44" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efed20debe9 code=0x7ffc0000 [ 132.405363][ T37] audit: type=1326 audit(1756996174.840:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6115 comm="syz.4.44" exe="/root/syz-executor" sig=0 arch=c000003e syscall=218 compat=0 ip=0x7efed20debe9 code=0x7ffc0000 [ 132.405401][ T37] audit: type=1326 audit(1756996174.840:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6115 comm="syz.4.44" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efed20debe9 code=0x7ffc0000 [ 132.405438][ T37] audit: type=1326 audit(1756996174.840:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6115 comm="syz.4.44" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7efed20debe9 code=0x7ffc0000 [ 132.405477][ T37] audit: type=1326 audit(1756996174.840:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6115 comm="syz.4.44" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efed20debe9 code=0x7ffc0000 [ 132.406568][ T37] audit: type=1326 audit(1756996174.850:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6115 comm="syz.4.44" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7efed20debe9 code=0x7ffc0000 [ 132.406597][ T37] audit: type=1326 audit(1756996174.850:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6115 comm="syz.4.44" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efed20debe9 code=0x7ffc0000 [ 132.409288][ T37] audit: type=1326 audit(1756996174.850:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6115 comm="syz.4.44" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efed20debe9 code=0x7ffc0000 [ 132.409330][ T37] audit: type=1326 audit(1756996174.850:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6115 comm="syz.4.44" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7efed20debe9 code=0x7ffc0000 [ 132.409364][ T37] audit: type=1326 audit(1756996174.850:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6115 comm="syz.4.44" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efed20debe9 code=0x7ffc0000 [ 132.936583][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.936685][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.971689][ T6113] syz.0.43 (6113) used greatest stack depth: 18008 bytes left [ 133.488994][ T6124] capability: warning: `syz.1.46' uses 32-bit capabilities (legacy support in use) [ 135.515194][ T6130] lo speed is unknown, defaulting to 1000 [ 135.521872][ T6130] lo speed is unknown, defaulting to 1000 [ 135.765627][ T6130] lo speed is unknown, defaulting to 1000 [ 135.770603][ T6130] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 135.861281][ T5944] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 136.093799][ T5944] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 136.093820][ T5944] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 136.093831][ T5944] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 136.097636][ T5944] usb 2-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 136.097663][ T5944] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.097680][ T5944] usb 2-1: Product: syz [ 136.097691][ T5944] usb 2-1: Manufacturer: syz [ 136.097702][ T5944] usb 2-1: SerialNumber: syz [ 136.219250][ T5944] usb 2-1: config 0 descriptor?? [ 136.518090][ T5944] adutux 2-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 136.724812][ T5944] usb 2-1: USB disconnect, device number 2 [ 136.899536][ T6130] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 138.204301][ T6130] lo speed is unknown, defaulting to 1000 [ 138.207362][ T6130] lo speed is unknown, defaulting to 1000 [ 138.210315][ T6130] lo speed is unknown, defaulting to 1000 [ 138.294173][ T6130] lo speed is unknown, defaulting to 1000 [ 138.434556][ T6130] lo speed is unknown, defaulting to 1000 [ 144.828291][ T31] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 147.700216][ T31] usb 4-1: device descriptor read/all, error -71 [ 155.822247][ C1] vkms_vblank_simulate: vblank timer overrun [ 156.202882][ C1] vkms_vblank_simulate: vblank timer overrun [ 156.255165][ C1] vkms_vblank_simulate: vblank timer overrun [ 156.284994][ C1] vkms_vblank_simulate: vblank timer overrun [ 156.505237][ C1] vkms_vblank_simulate: vblank timer overrun [ 156.532138][ C1] vkms_vblank_simulate: vblank timer overrun [ 156.726446][ T6260] netlink: 4 bytes leftover after parsing attributes in process `syz.4.87'. [ 157.035029][ C1] vkms_vblank_simulate: vblank timer overrun [ 157.065866][ C1] vkms_vblank_simulate: vblank timer overrun [ 157.229703][ T6265] Zero length message leads to an empty skb [ 157.952427][ T6266] netlink: 12 bytes leftover after parsing attributes in process `syz.3.90'. [ 158.192487][ C1] vkms_vblank_simulate: vblank timer overrun [ 158.641174][ C1] vkms_vblank_simulate: vblank timer overrun [ 159.175423][ C1] vkms_vblank_simulate: vblank timer overrun [ 159.375945][ C1] vkms_vblank_simulate: vblank timer overrun [ 159.889703][ C1] vkms_vblank_simulate: vblank timer overrun [ 162.214854][ C1] vkms_vblank_simulate: vblank timer overrun [ 162.448467][ C1] vkms_vblank_simulate: vblank timer overrun [ 162.708101][ C1] vkms_vblank_simulate: vblank timer overrun [ 163.894625][ C1] vkms_vblank_simulate: vblank timer overrun [ 164.288529][ T6298] overlayfs: missing 'lowerdir' [ 165.359891][ T6298] netlink: 126588 bytes leftover after parsing attributes in process `syz.4.99'. [ 166.544219][ T6327] netlink: 8 bytes leftover after parsing attributes in process `syz.2.104'. [ 166.545390][ T6327] netlink: 8 bytes leftover after parsing attributes in process `syz.2.104'. [ 166.545679][ T6327] netlink: 8 bytes leftover after parsing attributes in process `syz.2.104'. [ 166.546284][ T6327] netlink: 8 bytes leftover after parsing attributes in process `syz.2.104'. [ 167.488785][ T6331] netlink: 8 bytes leftover after parsing attributes in process `syz.0.105'. [ 168.189360][ T6337] overlayfs: failed to resolve './file0': -2 [ 175.033275][ T6385] netlink: 8 bytes leftover after parsing attributes in process `syz.0.120'. [ 175.034018][ T6385] netlink: 8 bytes leftover after parsing attributes in process `syz.0.120'. [ 175.034287][ T6385] netlink: 8 bytes leftover after parsing attributes in process `syz.0.120'. [ 175.034508][ T6385] netlink: 8 bytes leftover after parsing attributes in process `syz.0.120'. [ 175.879032][ T5848] Bluetooth: hci4: link tx timeout [ 175.884883][ T5848] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 176.015361][ T5841] Bluetooth: hci4: link tx timeout [ 176.015382][ T5841] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 176.166947][ T5841] Bluetooth: hci4: link tx timeout [ 176.166968][ T5841] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 176.879787][ T6398] overlayfs: failed to resolve './file0': -2 [ 177.561631][ T6006] lo speed is unknown, defaulting to 1000 [ 178.021680][ T5841] Bluetooth: hci4: command 0x0406 tx timeout [ 183.011136][ T6450] overlayfs: failed to resolve './file0': -2 [ 184.526511][ T6463] ======================================================= [ 184.526511][ T6463] WARNING: The mand mount option has been deprecated and [ 184.526511][ T6463] and is ignored by this kernel. Remove the mand [ 184.526511][ T6463] option from the mount to silence this warning. [ 184.526511][ T6463] ======================================================= [ 194.347096][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.347165][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 197.540827][ T6540] process 'syz.4.163' launched './file0' with NULL argv: empty string added [ 201.363893][ T5841] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 201.461585][ T5841] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 201.464662][ T5841] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 201.475402][ T5841] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 202.530194][ T6569] netlink: 4 bytes leftover after parsing attributes in process `syz.2.171'. [ 202.612446][ T5841] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 209.232409][ T5841] Bluetooth: hci5: command tx timeout [ 210.343299][ T6582] libceph: resolve '½@½Ée2²âOAq§¨­cz' (ret=-3): failed [ 211.373750][ T5848] Bluetooth: hci5: command tx timeout [ 213.178423][ T5841] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 213.203137][ T5841] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 213.205281][ T5841] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 213.230548][ T5841] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 213.245316][ T5841] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 213.729051][ T5848] Bluetooth: hci5: command tx timeout [ 215.381560][ T5853] Bluetooth: hci2: command tx timeout [ 215.785272][ T5853] Bluetooth: hci5: command tx timeout [ 216.424308][ T6627] sctp: [Deprecated]: syz.3.189 (pid 6627) Use of struct sctp_assoc_value in delayed_ack socket option. [ 216.424308][ T6627] Use struct sctp_sack_info instead [ 216.909736][ T5853] Bluetooth: hci3: command 0x0406 tx timeout [ 216.909780][ T5853] Bluetooth: hci0: command 0x0406 tx timeout [ 216.909806][ T5853] Bluetooth: hci1: command 0x0406 tx timeout [ 217.323769][ T2145] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.466491][ T5848] Bluetooth: hci2: command tx timeout [ 217.613395][ T6637] : entered promiscuous mode [ 217.656381][ T6642] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 217.656398][ T6642] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 217.708192][ T6642] vhci_hcd vhci_hcd.0: Device attached [ 217.797338][ T6644] vhci_hcd: connection closed [ 217.909038][ T6002] vhci_hcd: stop threads [ 217.939786][ T6002] vhci_hcd: release socket [ 218.160916][ T6002] vhci_hcd: disconnect device [ 218.781446][ T6566] lo speed is unknown, defaulting to 1000 [ 219.606217][ T5848] Bluetooth: hci2: command tx timeout [ 220.167537][ T2145] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 221.625869][ T5848] Bluetooth: hci2: command tx timeout [ 221.863522][ C1] ------------[ cut here ]------------ [ 221.863545][ C1] WARNING: CPU: 1 PID: 29 at ./include/linux/seqlock.h:221 est_timer+0x6dc/0x9f0 [ 221.863593][ C1] Modules linked in: [ 221.863636][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 221.863660][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 221.863677][ C1] RIP: 0010:est_timer+0x6dc/0x9f0 [ 221.863700][ C1] Code: ff c7 42 80 3c 23 00 74 08 4c 89 f7 e8 8d 22 41 f9 4d 89 3e 42 80 3c 23 00 0f 85 54 ff ff ff e9 57 ff ff ff e8 75 e7 e1 f8 90 <0f> 0b 90 e9 63 fd ff ff 44 89 e1 80 e1 07 38 c1 0f 8c 65 fa ff ff [ 221.863718][ C1] RSP: 0000:ffffc90000a3f7a0 EFLAGS: 00010246 [ 221.863735][ C1] RAX: ffffffff88dc779b RBX: 0000000000000001 RCX: ffff88801ca89dc0 [ 221.863750][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 221.863763][ C1] RBP: ffffc90000a3f8b0 R08: 0000000000000000 R09: 0000000000000100 [ 221.863776][ C1] R10: dffffc0000000000 R11: fffff52000147f0a R12: 0000000000000008 [ 221.863791][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8880277f3a68 [ 221.863805][ C1] FS: 0000000000000000(0000) GS:ffff8881269c1000(0000) knlGS:0000000000000000 [ 221.863822][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 221.863837][ C1] CR2: 00007fd63ca156c0 CR3: 000000003b726000 CR4: 00000000003526f0 [ 221.863855][ C1] Call Trace: [ 221.863864][ C1] [ 221.863890][ C1] ? __pfx_est_timer+0x10/0x10 [ 221.863932][ C1] call_timer_fn+0x17b/0x5f0 [ 221.863960][ C1] ? __pfx_est_timer+0x10/0x10 [ 221.863981][ C1] ? call_timer_fn+0xbe/0x5f0 [ 221.864006][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 221.864044][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 221.864071][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 221.864095][ C1] ? __pfx_est_timer+0x10/0x10 [ 221.864120][ C1] __run_timer_base+0x648/0x970 [ 221.864163][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 221.864209][ C1] run_timer_softirq+0xb7/0x180 [ 221.864235][ C1] handle_softirqs+0x22f/0x710 [ 221.864273][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 221.864312][ C1] run_ktimerd+0xcf/0x190 [ 221.864340][ C1] ? __pfx_run_ktimerd+0x10/0x10 [ 221.864364][ C1] ? schedule+0x91/0x360 [ 221.864398][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 221.864422][ C1] smpboot_thread_fn+0x53f/0xa60 [ 221.864449][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 221.864490][ C1] kthread+0x70e/0x8a0 [ 221.864525][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 221.864549][ C1] ? __pfx_kthread+0x10/0x10 [ 221.864584][ C1] ? __pfx_kthread+0x10/0x10 [ 221.864615][ C1] ret_from_fork+0x3f9/0x770 [ 221.864645][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 221.864678][ C1] ? __switch_to_asm+0x39/0x70 [ 221.864697][ C1] ? __switch_to_asm+0x33/0x70 [ 221.864715][ C1] ? __pfx_kthread+0x10/0x10 [ 221.864744][ C1] ret_from_fork_asm+0x1a/0x30 [ 221.864784][ C1] [ 221.864800][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 221.864814][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 221.864838][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 221.864850][ C1] Call Trace: [ 221.864858][ C1] [ 221.864866][ C1] dump_stack_lvl+0x99/0x250 [ 221.864896][ C1] ? __asan_memcpy+0x40/0x70 [ 221.864919][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 221.864948][ C1] ? __pfx__printk+0x10/0x10 [ 221.864986][ C1] vpanic+0x281/0x750 [ 221.865015][ C1] ? __pfx__printk+0x10/0x10 [ 221.865037][ C1] ? __pfx_vpanic+0x10/0x10 [ 221.865065][ C1] ? is_bpf_text_address+0x26/0x2b0 [ 221.865106][ C1] panic+0xb9/0xc0 [ 221.865134][ C1] ? __pfx_panic+0x10/0x10 [ 221.865180][ C1] __warn+0x31b/0x4b0 [ 221.865207][ C1] ? est_timer+0x6dc/0x9f0 [ 221.865232][ C1] ? est_timer+0x6dc/0x9f0 [ 221.865253][ C1] report_bug+0x2be/0x4f0 [ 221.865279][ C1] ? est_timer+0x6dc/0x9f0 [ 221.865301][ C1] ? est_timer+0x6dc/0x9f0 [ 221.865323][ C1] ? est_timer+0x6de/0x9f0 [ 221.865344][ C1] handle_bug+0x84/0x160 [ 221.865373][ C1] exc_invalid_op+0x1a/0x50 [ 221.865403][ C1] asm_exc_invalid_op+0x1a/0x20 [ 221.865422][ C1] RIP: 0010:est_timer+0x6dc/0x9f0 [ 221.865444][ C1] Code: ff c7 42 80 3c 23 00 74 08 4c 89 f7 e8 8d 22 41 f9 4d 89 3e 42 80 3c 23 00 0f 85 54 ff ff ff e9 57 ff ff ff e8 75 e7 e1 f8 90 <0f> 0b 90 e9 63 fd ff ff 44 89 e1 80 e1 07 38 c1 0f 8c 65 fa ff ff [ 221.865461][ C1] RSP: 0000:ffffc90000a3f7a0 EFLAGS: 00010246 [ 221.865548][ C1] RAX: ffffffff88dc779b RBX: 0000000000000001 RCX: ffff88801ca89dc0 [ 221.865564][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 221.865576][ C1] RBP: ffffc90000a3f8b0 R08: 0000000000000000 R09: 0000000000000100 [ 221.865590][ C1] R10: dffffc0000000000 R11: fffff52000147f0a R12: 0000000000000008 [ 221.865604][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8880277f3a68 [ 221.865628][ C1] ? est_timer+0x6db/0x9f0 [ 221.865675][ C1] ? __pfx_est_timer+0x10/0x10 [ 221.865710][ C1] call_timer_fn+0x17b/0x5f0 [ 221.865736][ C1] ? __pfx_est_timer+0x10/0x10 [ 221.865756][ C1] ? call_timer_fn+0xbe/0x5f0 [ 221.865782][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 221.865819][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 221.865845][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 221.865869][ C1] ? __pfx_est_timer+0x10/0x10 [ 221.865894][ C1] __run_timer_base+0x648/0x970 [ 221.865937][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 221.865982][ C1] run_timer_softirq+0xb7/0x180 [ 221.866008][ C1] handle_softirqs+0x22f/0x710 [ 221.866044][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 221.866082][ C1] run_ktimerd+0xcf/0x190 [ 221.866110][ C1] ? __pfx_run_ktimerd+0x10/0x10 [ 221.866135][ C1] ? schedule+0x91/0x360 [ 221.866168][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 221.866192][ C1] smpboot_thread_fn+0x53f/0xa60 [ 221.866219][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 221.866254][ C1] kthread+0x70e/0x8a0 [ 221.866288][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 221.866313][ C1] ? __pfx_kthread+0x10/0x10 [ 221.866348][ C1] ? __pfx_kthread+0x10/0x10 [ 221.866378][ C1] ret_from_fork+0x3f9/0x770 [ 221.866407][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 221.866440][ C1] ? __switch_to_asm+0x39/0x70 [ 221.866458][ C1] ? __switch_to_asm+0x33/0x70 [ 221.866516][ C1] ? __pfx_kthread+0x10/0x10 [ 221.866547][ C1] ret_from_fork_asm+0x1a/0x30 [ 221.866586][ C1] [ 221.866956][ C1] Kernel Offset: disabled