last executing test programs: 962.549676ms ago: executing program 0 (id=1): syz_open_dev$vim2m(&(0x7f00000001c0), 0x4, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) timer_create(0x1, &(0x7f0000000680)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') chdir(&(0x7f00000000c0)='./bus\x00') mkdir(&(0x7f0000000240)='./bus\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x60) getdents(r2, &(0x7f0000000140)=""/194, 0xc2) timer_settime(0x0, 0x1, &(0x7f00000003c0)={{0x0, 0x8}, {0x0, 0x3938700}}, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) 709.79215ms ago: executing program 2 (id=3): socket$inet6_sctp(0xa, 0x5, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000140)={0x1d, r4, 0x1, {0x1, 0xff, 0x1}, 0xfd}, 0x18) bind$can_j1939(r3, &(0x7f00000000c0)={0x1d, r4, 0x1, {0x1, 0xff}, 0x2}, 0x18) 229.090267ms ago: executing program 1 (id=2): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) alarm(0x2) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002300)=ANY=[@ANYBLOB="62641bbc329b91f110e1898102774b66397d", @ANYRESHEX, @ANYBLOB=',rootmode=00000000000', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00'], 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) write$FUSE_LSEEK(0xffffffffffffffff, &(0x7f00000021c0)={0x18, 0x0, 0x0, {0x7}}, 0x18) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000002140)={0x20, 0x0, 0x0, {0x0, 0x0, 0x80003ff}}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010010000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a31000000002c0003800800014000000000180003801400010076657468315f746f5f626f6e6400000008000240000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e640000000800024000000010140000001000010000000000000000000000000a"], 0x10c}}, 0x0) userfaultfd(0x800) socket$nl_netfilter(0x10, 0x3, 0xc) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_mount_image$squashfs(&(0x7f0000000580), &(0x7f0000000280)='./file1\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x1, 0x228, &(0x7f0000000300)="$eJzKKC4sZmdgYPj7sSaZgUGAAQRYGEQYLjAwMrAwMDDIM4KFGD4yQeipUPomlGaDyl+B0r5Q8XYo/de8KiKKgYExU+meGdMB8RRFRgEGHpGvpx4wJDPwxzJYzvNecykoc8pVobdL94PUe4VWbmJgVE/hXzRnwwSnmbxgYxkjo5DNYT4gM4sDZBADA8PkPxH3HrBIMoggmSXK8U/sVMvyVWad9xlmdExLY2A0mMXBwMCgd0R3pp0BbzcT1MziyqrsxJyc1KLiMwyo5k9m3M+kyAhSd+bv1eAHjHYM3bEMjAxyG/zVFn/7I1W5cVN95PSqiJqp3U03l66PY9im//eKidT7iRlh/x8cEtSyyMv/ME9G6fvmhjkfauqemDh2NirP5W+9/Pfd+5ja4gQ1psfiXYVs/AluWjWfnJ3cLB/PTa9u31KsuCArzWXisakX/yYcX8vAMPnCE1v9mjOH4hVjOKXcKufG3HWLF+Rapn6+7g0Dw8GozxMZGJcz7mdiYGAO27kH2V/lDdDIYGBmYGBQYWBgYGJgYUjLzEk18GBgZGCGcgxZGBjYGJAAEwMHWEIvOT8npZ2BEZwEwNqWM7DAzTB8zMAK5xghc4wtGmBGtUNpFSjtAaWXQ+nHUFoeLdmwgE3oh/I0GkAurEgsKSkyBLkUwoKLGcHFjAQaEJ6A2DoXagYsKI4zMYyCUTAKRsEoGAWjYBSMglEwCkbBSAaAAAAA///H1rlq") r4 = socket$inet_udp(0x2, 0x2, 0x0) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x2004008, &(0x7f00000005c0)={[{@errors_remount}, {}]}, 0x4, 0x4f3, &(0x7f00000012c0)="$eJzs3c9vVEUcAPDvbru0lEJBOahRQUTRELY/gIZwES4aQ0iMxJMHqO3SNN1lm26JtHIoR+8kknjSP8GbBxNOHrx505sXPJigEg018bDmvV3apb+1P9Z2P5/k9b2ZWfY702Vm9g3sTgAt62hEzEbEnoi4FhE99fxM/YgLtSN53ONHt4fnHt0ezkS1euW3TFqe5EXDn0nsqz9nZ0S8/07ER5mlcSvTM+NDxWJhsp7unSpN9FamZ06NZes5A4P9g33nTp8d2LS2Hil99fDtsUsffPP1Sw++n33zk6Ra3Z/uT8sa27GZak3PRXdDXntEXNqKYE3SXv/7w86T9LZnIuJY2v97oi19NQGA3axa7YlqT2MaANjtkvv/7shk8/W1gO7IZvP52hre4ejKFsuVqZM95Zs3RiJdwzoYuez1sWKhr75WeDBymSTdn14vpAeeSt8tnI6IQxFxt2NvWp4fLhdHmvnGBwBa2L5F8/+fHbX5HwDY5TqbXQEAYNuZ/wGg9Zj/AaD1/Iv536cDAWCXcP8PAK3H/A8ArWfN+f/O9tQDANgW712+nBzVudr3Xz/5pu5TI4XKeL50czg/XJ6cyI+Wy6PFQn64Wl3r+Yrl8kT/mflkZXrmaql888bU1bHS0GjhaiG3lY0BANbl0JH7PyaT/uz5vekRDXs5mKthd8s2uwJA07Q1uwJA0/g8D7SuddzjWwaAXW6ZLXqfsuJ/Ebpn81fYqU48b/0fWtVG1v+tHcDO9t/W/9/a9HoA288cDq2rWs3Y8x8AWow1fmBD//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALao7PTLZfLoX+GzyM5vPR+yPiIORy1wfKxb6IuJARPzQketI0v3NrjQAsEHZXzL1/b9O9BzvXly6J/NXR3qOiI8/v/LZraGpqcn+JP/3+fype/X8gT3NaAAA0OjC0qzaPF0/N9zIP350e/jJsZ1VfHixtrloEneuftRK2qM9PXdGLiK6/sjU0zXJ+5W2TYg/eycinlto/62GCN3pGkht59PF8ZPY+7cg/sLvf3H87FPxs2lZcs6lv4tnN6Eu0GruX6yNk/W+l3Sxev/LxtH0vHz/70xHqI1Lxr9kLJlbMv5l58e/tiXxM2mfPzqfXr0mD898++6SzGpPrexOxAvty8XPzMfPLD/+5o6vs40/vfjysZXKql9EnFi2/U92pC6lw2zvVGmitzI9c2qsNDRaGC3cGBgY7B/sO3f67EBvukZd+/ndcjF+PX/ywErxk/Z3rRC/c/X2x2vrbP+Xf1/78JVV4r/x6vKv/+FV4idz4uvrjD/UdWHF7buT+CMrtH+N1z9OrjP+g59nRtb5UABgG1SmZ8aHisXC5BoXyXvNtR7jYmdexGzEZj1huigREf+HdrnYyEWzRyZgqy10+mbXBAAAAAAAAAAAAAAAWEllema8Y4s/rdXsNgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB7/RMAAP//TwTJNg==") mkdir(&(0x7f0000000300)='./bus\x00', 0x1a0) setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f0000000d00)=@nat={'nat\x00', 0x19, 0x0, 0x90, [0x200000000c40, 0x0, 0x0, 0x200000000c70, 0x200000000ca0], 0x11, 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000200000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff00000000"]}, 0x108) socket$nl_route(0x10, 0x3, 0x0) 217.032517ms ago: executing program 3 (id=4): prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000500)={0xa, 0x2, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_int(r3, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r3, &(0x7f00000000c0)="04", 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x4e24, 0x0, @loopback, 0x1}}, 0x0, 0x0, 0x6, 0x0, "10baa70a93289349d889de25b87376f64276337642b890d33cb5b592e66e6229bc5c7ac135fee1b3871b7ef6619db5b2a94edb6f73ea08b02aa3b47debd38b6d889a8c986b33eb49c3157f1f370dfd67"}, 0xd8) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x10000000000000) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0x7ffd, {0x0, 0x0, 0x0, r6, {0x5, 0x7}, {}, {0xa, 0xffff}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_STATE={0x6, 0x5b, 0x808}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x200c0e9}, 0x20000004) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000040)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_COPY(0xffffffffffffffff, 0x3b83, &(0x7f0000000100)={0x28, 0x4, r7, r8, 0xf, 0x2, 0x7}) rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0) syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="6e6f238af9888464697344617264642c00000000000000bbffeef52f19e6890fc6"], 0x21, 0xa0d, &(0x7f0000002080)="$eJzs3U1sXEcdAPB5a6/TfJRsSkJNGtqEQls+ajeOCR8RNFVzIWoqbpUqLlGalog0IFIJWvWQ5MSNVlW48iFOvVSAkOgFRT1xqUQjcempcOBAFKRKHKCQGMWeWa//2eXtOonX6/39pPHsvJndmbd++/bte29mEjC2Got/5+enq5Quvv3Gkb8/9LfNN5Y83i7RWvw72ZFqppSqnJ4Mr/fBxFJ87cNXT3SLqzS3+Lek09NX28/dmlI6l/amS6mVdl+8/Pq7c08dO3/0wr733jx05c6sPQAAjJdvXTo0v+svf7pvx0dv3X84bWovL8fnrZzelo/7D+cD/3L830gr01VH6DQVyk3m0AjlJrqU66ynGcpN9qh/Krxus0e5TTX1T3Qs67beMMrKdtxKVWNmRbrRmJlZ+k2eFn/XT1UzZ06dfv7skBoK3Hb/fCCltFcQhHEMC9uHvQcCWBKvF97kXDyzcGvarzbZX/1Xn2h0fz7cBmu9/S+pzg23/mXq///1/+q8PQ63z0bdmsp6lc/RtpyO1xHi/UuDfv7L68XrEc0+29nrOsKoXF/o1c6JNW7HavVqf9wuNqqv57i8D98I+Z2fn/g/HZX/MdDdv5z/F4SxDQvD3gEB61a8b24hK/nxvr6Yv6km/66a/M01+Vtq8rfW5MM4++1LP0mvVcu/8+Nv+kHPh5XzbHfn+GMDtieejxy0/njf76Butf54PzGsZ78//szJrzz37OWl+/+r9vZ/PW/ve3O6lT9bl3KBcr4wnldv3/vfWllPo0e5e0J77u5SfvHxzpXlqp3Lr5M69jM3tWN65fO29yq3Z2W5Vii3OYe7Qnvj8cmW8Lxy/FH2q+X9mgzr2wzrMRXaUfYrO3Ic2wGrUbbHXvf/l+1zOjWr50+dPvlYTpft9I8TzU03lu9f43YDt67f/j/TaWX/n23t5c1G535h+/LyqnO/0ArL53osP5DT5XvuOxObF5fPnPje6edu98rDmDv78ivfPX769MkfeOCBBx60Hwx7zwTcabMvvfj92bMvv/LoqRePv3DyhZNnDhw8eGBu7uBXD8zPLh7Xz3Ye3QMbyfKX/rBbAgAAAAAAAAAAAPTrh0ePXP7zO19+f6n//3L/v9L/v9z5W/r//zj0/4/95Es/+NIPcEeX/MUyYYDVqVCumcPHQ3t3hnp2hed9Isftefxy//9SXRzXtbTn3rA8jt9byoXhBG4aL2UqjEES5wv8dI4v5PiXCYao2tx9cY7rxrcu23oZn8K4FKOp/N/K1lDGMSn9v3uN61T2/zvWoI3cfmvRnXDY6wh09w/jfwvC2IaFBbN4AOvDsOf/LOc9S3zmD9+860Yoxa4+sXJ/GccvhVux3uefVP/Gmv+zPf9d3/u/MGNea3X1/vtnV97vqDbt7rf+uP5lHOidg9X/Ua6/rM3Dqb/6F34R6o8XhPr0n1D/lj7rv2n996yu/v/m+svb9siD/da/1OKqsbId8bxxuf4XzxsX18L6l7E9B17/VU7UeD3XD+NsVOaZHdSozP/bS7wP40s5XXaE5T6HON/JoO0v91eU74Fd4fWrmu838/+Otq/luO7zUOb/Ldtjq0u60ZFudnlvN+q+BkbVB67/CcLYhoWFhTt7QqvGUCtn6O//sH8nDLv+Yb//deL8v/EYPs7/G/Pj/L8xP87/G/Pj/HoxP87/G9/POP9vzL83vG6cH3i6Jv+TNfm7a/Lvq8nfU5P/qZr8fTX599fkP1CTf09N/oM1+Z+pyf9sTf5DNfmP1OR/riZ/oyv9UcZ1/WGcxf55Pv8wPsr1n16f/501+cDo+ulb+5989jffbi31/59qnw8p1/EO53Qz/3b+UU7H696pI30j752c/mvIX+/nO2CcxPEz4vf7wzX5wOgq93n5fMMYqrqP2NPvuFW9jvMZLZ/P8Rdy/MUcP5rjmRzP5nh/jufWqH3cGU/++neHXquWf+9vD/n93k8e+wPFcaIO9NmeeH5g0PvZ4zh+g7rV+lfZHQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBoGot/5+enq5Quvv3GkWeOnZq9seTxdonW4t/JjlSz/byUHsvxRI5/nh9c+/DVE53x9RxXaS5VqWovT09fbde0NaV0Lu1Nl1Ir7b54+fV35546dv7ohX3vvXnoyp17BwAAAGDj+18AAAD//8xlDh4=") 0s ago: executing program 2 (id=5): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e02000000000000000000000000000005040000"], 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x2000, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x183822, 0x0) syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x4, 0x100, 0x0, 0x333}, &(0x7f0000000140)=0x0, 0x0) r3 = syz_open_dev$swradio(&(0x7f0000000240), 0x0, 0x2) syz_io_uring_setup(0x6f75, 0x0, &(0x7f00000000c0), &(0x7f0000000200)) ioctl$VIDIOC_ENUM_FMT(r3, 0xc0405602, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000003c0)={'batadv_slave_0\x00'}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, 0x0, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r1, 0x0, &(0x7f0000000100)=[{0x0}], 0x1}) r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r5 = memfd_create(&(0x7f0000000080)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea\x7f\x8cZ7`_4t\xcda\x9b\x11\x11\x0e\xa1\xcf\x00'/51, 0x2) fcntl$addseals(r5, 0x409, 0x7) ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000000)={r5, 0x0, 0x0, 0x1000000}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.165' (ED25519) to the list of known hosts. syzkaller login: [ 81.517196][ T5763] cgroup: Unknown subsys name 'net' [ 81.657188][ T5763] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.547266][ T5763] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.272544][ T5783] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.289705][ T5783] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.308193][ T5783] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.319013][ T5783] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.327765][ T5784] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.331418][ T5785] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.338890][ T5783] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.339424][ T5783] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.358654][ T5789] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.364508][ T5783] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.373745][ T5789] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.374863][ T5784] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.399391][ T5784] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.399424][ T5789] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.410758][ T5784] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.417440][ T5789] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.424358][ T5784] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.430551][ T5789] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.437700][ T5784] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.443588][ T5789] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.450659][ T5784] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.458797][ T5789] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.473044][ T5789] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 85.480708][ T5789] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.060873][ T5776] chnl_net:caif_netlink_parms(): no params data found [ 86.093207][ T5773] chnl_net:caif_netlink_parms(): no params data found [ 86.108456][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 86.258811][ T5777] chnl_net:caif_netlink_parms(): no params data found [ 86.277078][ T5776] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.284757][ T5776] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.293342][ T5776] bridge_slave_0: entered allmulticast mode [ 86.301055][ T5776] bridge_slave_0: entered promiscuous mode [ 86.357071][ T5776] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.364435][ T5776] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.371891][ T5776] bridge_slave_1: entered allmulticast mode [ 86.379359][ T5776] bridge_slave_1: entered promiscuous mode [ 86.410522][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.418628][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.426058][ T5772] bridge_slave_0: entered allmulticast mode [ 86.433284][ T5772] bridge_slave_0: entered promiscuous mode [ 86.441838][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.449534][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.456764][ T5772] bridge_slave_1: entered allmulticast mode [ 86.464144][ T5772] bridge_slave_1: entered promiscuous mode [ 86.575084][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.588671][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.601759][ T5776] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.614381][ T5776] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.624054][ T5773] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.631351][ T5773] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.638814][ T5773] bridge_slave_0: entered allmulticast mode [ 86.645857][ T5773] bridge_slave_0: entered promiscuous mode [ 86.703648][ T5773] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.711269][ T5773] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.718642][ T5773] bridge_slave_1: entered allmulticast mode [ 86.726612][ T5773] bridge_slave_1: entered promiscuous mode [ 86.734755][ T5777] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.742475][ T5777] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.750846][ T5777] bridge_slave_0: entered allmulticast mode [ 86.759331][ T5777] bridge_slave_0: entered promiscuous mode [ 86.771470][ T5772] team0: Port device team_slave_0 added [ 86.795273][ T5776] team0: Port device team_slave_0 added [ 86.815794][ T5777] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.823346][ T5777] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.831915][ T5777] bridge_slave_1: entered allmulticast mode [ 86.839022][ T5777] bridge_slave_1: entered promiscuous mode [ 86.847614][ T5772] team0: Port device team_slave_1 added [ 86.867484][ T5776] team0: Port device team_slave_1 added [ 86.941269][ T5773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.955574][ T5773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.982130][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.989806][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.017793][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.031572][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.038749][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.065708][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.077955][ T5776] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.084982][ T5776] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.111649][ T5776] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.145160][ T5777] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.175486][ T5776] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.187864][ T5776] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.214255][ T5776] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.242236][ T5777] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.274719][ T5773] team0: Port device team_slave_0 added [ 87.284073][ T5773] team0: Port device team_slave_1 added [ 87.307212][ T5772] hsr_slave_0: entered promiscuous mode [ 87.314212][ T5772] hsr_slave_1: entered promiscuous mode [ 87.374552][ T5777] team0: Port device team_slave_0 added [ 87.418880][ T5789] Bluetooth: hci0: command tx timeout [ 87.429875][ T5777] team0: Port device team_slave_1 added [ 87.460549][ T5776] hsr_slave_0: entered promiscuous mode [ 87.467942][ T5776] hsr_slave_1: entered promiscuous mode [ 87.475005][ T5776] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.483110][ T5776] Cannot create hsr debugfs directory [ 87.491671][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.499305][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.501060][ T5789] Bluetooth: hci3: command tx timeout [ 87.526399][ T5784] Bluetooth: hci2: command tx timeout [ 87.527265][ T5773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.551787][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.559023][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.578019][ T5789] Bluetooth: hci1: command tx timeout [ 87.585339][ T5773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.683827][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.691628][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.718210][ T5777] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.733017][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.740310][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.766851][ T5777] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.850505][ T5773] hsr_slave_0: entered promiscuous mode [ 87.857104][ T5773] hsr_slave_1: entered promiscuous mode [ 87.864641][ T5773] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.872549][ T5773] Cannot create hsr debugfs directory [ 87.983175][ T5777] hsr_slave_0: entered promiscuous mode [ 87.990777][ T5777] hsr_slave_1: entered promiscuous mode [ 87.997310][ T5777] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.005321][ T5777] Cannot create hsr debugfs directory [ 88.182479][ T5772] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.199066][ T5772] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.247985][ T5772] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.262304][ T5772] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.435154][ T5776] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.445345][ T5776] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.457730][ T5776] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.470774][ T5776] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.552020][ T5773] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.566238][ T5773] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.577454][ T5773] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.590430][ T5773] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.735712][ T5777] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.747532][ T5777] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.779327][ T5777] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.790664][ T5777] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.889038][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.930824][ T5773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.983910][ T5776] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.007143][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.035378][ T5773] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.053376][ T1002] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.061422][ T1002] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.076226][ T1002] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.084165][ T1002] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.118317][ T1002] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.125535][ T1002] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.149758][ T5776] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.171465][ T1002] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.179061][ T1002] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.192101][ T1002] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.199350][ T1002] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.253346][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.260605][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.358242][ T5777] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.386270][ T5773] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 89.405190][ T5773] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.470563][ T5777] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.502315][ T4699] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.509657][ T4699] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.517482][ T5789] Bluetooth: hci0: command tx timeout [ 89.578905][ T5789] Bluetooth: hci2: command tx timeout [ 89.582087][ T5784] Bluetooth: hci3: command tx timeout [ 89.593518][ T1002] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.600860][ T1002] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.657915][ T5784] Bluetooth: hci1: command tx timeout [ 89.996183][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.020190][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.072250][ T5776] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.171925][ T5777] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.203358][ T5773] veth0_vlan: entered promiscuous mode [ 90.232222][ T5772] veth0_vlan: entered promiscuous mode [ 90.251965][ T5773] veth1_vlan: entered promiscuous mode [ 90.262930][ T5776] veth0_vlan: entered promiscuous mode [ 90.286276][ T5776] veth1_vlan: entered promiscuous mode [ 90.299899][ T5772] veth1_vlan: entered promiscuous mode [ 90.349605][ T5777] veth0_vlan: entered promiscuous mode [ 90.396309][ T5772] veth0_macvtap: entered promiscuous mode [ 90.407151][ T5777] veth1_vlan: entered promiscuous mode [ 90.433137][ T5772] veth1_macvtap: entered promiscuous mode [ 90.454229][ T5773] veth0_macvtap: entered promiscuous mode [ 90.492140][ T5776] veth0_macvtap: entered promiscuous mode [ 90.504054][ T5776] veth1_macvtap: entered promiscuous mode [ 90.516109][ T5773] veth1_macvtap: entered promiscuous mode [ 90.534989][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.549983][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.578785][ T5772] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.590097][ T5772] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.601898][ T5772] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.610897][ T5772] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.656125][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.667701][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.681210][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.693458][ T5776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.705182][ T5776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.715850][ T5776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.727130][ T5776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.740352][ T5776] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.769106][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.780051][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.794845][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.809497][ T5777] veth0_macvtap: entered promiscuous mode [ 90.817333][ T5776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.829762][ T5776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.840423][ T5776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.851218][ T5776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.864790][ T5776] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.881513][ T5773] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.891762][ T5773] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.901081][ T5773] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.910265][ T5773] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.929062][ T5776] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.940371][ T5776] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.950404][ T5776] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.959781][ T5776] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.978955][ T5777] veth1_macvtap: entered promiscuous mode [ 91.025640][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.042731][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.052835][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.066205][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.077154][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.087932][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.101176][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.146030][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.157448][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.168722][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.181148][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.192910][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.204103][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.216216][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.230603][ T5777] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.240768][ T5777] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.250515][ T5777] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.260725][ T5777] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.350335][ T4699] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.365210][ T4699] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.416461][ T4699] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.431216][ T4699] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.468255][ T4699] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.476142][ T4699] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.578043][ T5784] Bluetooth: hci0: command tx timeout [ 91.618778][ T984] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.626760][ T984] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.659786][ T5784] Bluetooth: hci2: command tx timeout [ 91.665277][ T5784] Bluetooth: hci3: command tx timeout [ 91.688926][ T984] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.696832][ T984] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.739130][ T5784] Bluetooth: hci1: command tx timeout [ 91.788734][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.822749][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.877121][ T2943] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.910751][ T2943] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.088913][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.112756][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.560450][ T3052] cfg80211: failed to load regulatory.db [ 92.617670][ T5875] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 92.672750][ T5875] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 92.791240][ T5882] fuse: Unknown parameter 'bd2ቁwKf9}0xffffffffffffffff' [ 92.831795][ T28] audit: type=1326 audit(1750737224.708:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5876 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1def58e929 code=0x7ffc0000 [ 92.903398][ T5884] syz.1.2[5884]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 92.927059][ T5884] loop1: detected capacity change from 0 to 8 [ 93.041913][ T5884] SQUASHFS error: xz decompression failed, data probably corrupt [ 93.050365][ T5884] SQUASHFS error: Failed to read block 0x108: -5 [ 93.056924][ T5884] SQUASHFS error: Unable to read metadata cache entry [106] [ 93.064720][ T5884] SQUASHFS error: Unable to read inode 0x11f [ 93.192185][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 93.283148][ T28] audit: type=1326 audit(1750737224.708:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5876 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1def58e929 code=0x7ffc0000 [ 93.396361][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 93.498933][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 93.658218][ T5784] Bluetooth: hci0: command tx timeout [ 93.738252][ T5784] Bluetooth: hci2: command tx timeout [ 93.743875][ T5784] Bluetooth: hci3: command tx timeout [ 93.828636][ T5789] Bluetooth: hci1: command tx timeout [ 93.908406][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 93.917467][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 94.317989][ T0] NOHZ tick-stop error: local softirq work is pending, handler #1c2!!! [ 94.727977][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 96.378860][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 96.468397][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 96.878022][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 133.101819][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 203.617741][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 203.624827][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P5889/1:b..l P4699/1:b..l [ 203.634157][ C0] rcu: (detected by 0, t=10502 jiffies, g=10245, q=1008 ncpus=2) [ 203.641993][ C0] task:kworker/u4:11 state:R running task stack:24120 pid:4699 ppid:2 flags:0x00004000 [ 203.653326][ C0] Workqueue: bat_events batadv_nc_worker [ 203.659010][ C0] Call Trace: [ 203.662309][ C0] [ 203.665250][ C0] __schedule+0x14e2/0x4580 [ 203.669786][ C0] ? asan.module_dtor+0x20/0x20 [ 203.674646][ C0] ? mark_lock+0x94/0x320 [ 203.678988][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 203.685004][ C0] ? preempt_schedule_irq+0xaa/0x140 [ 203.690409][ C0] preempt_schedule_irq+0xb5/0x140 [ 203.695537][ C0] ? preempt_schedule_notrace+0x110/0x110 [ 203.701363][ C0] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 203.707182][ C0] irqentry_exit+0x67/0x70 [ 203.711608][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 203.717592][ C0] RIP: 0010:__rcu_read_lock+0x31/0x60 [ 203.723116][ C0] Code: 8b 1d c3 5f 93 7e 48 81 c3 3c 04 00 00 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 11 ff 03 8b 03 <3d> 00 00 00 40 7d 02 5b c3 0f 0b eb fa 89 d9 80 e1 07 80 c1 03 38 [ 203.743337][ C0] RSP: 0018:ffffc9000ef17b50 EFLAGS: 00000202 [ 203.749456][ C0] RAX: 0000000000000001 RBX: ffff88803107043c RCX: dffffc0000000000 [ 203.757437][ C0] RDX: 0000000000000000 RSI: ffffffff8aaac440 RDI: ffffffff8afc6900 [ 203.765417][ C0] RBP: ffff88805e058310 R08: ffffffff8e49ab2f R09: 1ffffffff1c93565 [ 203.773404][ C0] R10: dffffc0000000000 R11: fffffbfff1c93566 R12: dffffc0000000000 [ 203.781389][ C0] R13: ffff88805e73de50 R14: ffff88807b3d4c80 R15: 0000000000000062 [ 203.789394][ C0] batadv_nc_worker+0xcb/0x610 [ 203.794192][ C0] ? process_scheduled_works+0x957/0x15b0 [ 203.799946][ C0] process_scheduled_works+0xa45/0x15b0 [ 203.805546][ C0] ? assign_work+0x400/0x400 [ 203.810161][ C0] ? assign_work+0x39e/0x400 [ 203.814765][ C0] worker_thread+0xa55/0xfc0 [ 203.819363][ C0] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 203.825293][ C0] ? _raw_spin_unlock+0x40/0x40 [ 203.830157][ C0] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 203.836085][ C0] kthread+0x2fa/0x390 [ 203.840181][ C0] ? pr_cont_work+0x560/0x560 [ 203.844872][ C0] ? kthread_blkcg+0xd0/0xd0 [ 203.849465][ C0] ret_from_fork+0x48/0x80 [ 203.853888][ C0] ? kthread_blkcg+0xd0/0xd0 [ 203.858484][ C0] ret_from_fork_asm+0x11/0x20 [ 203.863272][ C0] [ 203.866305][ C0] task:modprobe state:R running task stack:25576 pid:5889 ppid:12 flags:0x00004002 [ 203.877092][ C0] Call Trace: [ 203.880379][ C0] [ 203.883320][ C0] __schedule+0x14e2/0x4580 [ 203.887836][ C0] ? page_ext_put+0x9c/0xb0 [ 203.892373][ C0] ? asan.module_dtor+0x20/0x20 [ 203.897236][ C0] ? mark_lock+0x94/0x320 [ 203.901577][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 203.907624][ C0] ? preempt_schedule_irq+0xaa/0x140 [ 203.912923][ C0] preempt_schedule_irq+0xb5/0x140 [ 203.918062][ C0] ? preempt_schedule_notrace+0x110/0x110 [ 203.923891][ C0] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 203.929711][ C0] irqentry_exit+0x67/0x70 [ 203.934139][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 203.940128][ C0] RIP: 0010:get_mem_cgroup_from_mm+0xbc/0x290 [ 203.946469][ C0] Code: 60 c2 b6 8a e8 55 9e 82 ff 49 81 c6 d0 07 00 00 4c 89 f5 48 c1 ed 03 42 80 7c 2d 00 00 74 08 4c 89 f7 e8 57 2f f9 ff 4d 8b 3e af 2f 81 08 85 c0 74 09 e8 76 65 89 ff 85 c0 74 3a 4c 89 ff e8 [ 203.966102][ C0] RSP: 0000:ffffc90004b2fc28 EFLAGS: 00000246 [ 203.972188][ C0] RAX: 0000000000000001 RBX: ffffffff81e50d18 RCX: 821faf33e504a000 [ 203.980201][ C0] RDX: 0000000000000000 RSI: ffffffff8afc68e0 RDI: ffffffff8afc68a0 [ 203.988196][ C0] RBP: 1ffff1100fc6abaa R08: dffffc0000000000 R09: 1ffffffff21b0aa4 [ 203.996198][ C0] R10: dffffc0000000000 R11: fffffbfff21b0aa5 R12: ffff888028294310 [ 204.004178][ C0] R13: dffffc0000000000 R14: ffff88807e355d50 R15: ffff888021440000 [ 204.012162][ C0] ? get_mem_cgroup_from_mm+0x38/0x290 [ 204.017644][ C0] ? get_mem_cgroup_from_mm+0x66/0x290 [ 204.023118][ C0] __mem_cgroup_charge+0x15/0x80 [ 204.028077][ C0] handle_mm_fault+0x18a0/0x4920 [ 204.033037][ C0] ? handle_mm_fault+0xd1/0x4920 [ 204.038006][ C0] ? numa_migrate_prep+0x350/0x350 [ 204.043155][ C0] ? lock_mm_and_find_vma+0x9c/0x300 [ 204.048460][ C0] do_user_addr_fault+0x738/0x12e0 [ 204.053592][ C0] exc_page_fault+0x67/0x110 [ 204.058194][ C0] ? clear_bhb_loop+0x40/0x90 [ 204.062883][ C0] asm_exc_page_fault+0x26/0x30 [ 204.067760][ C0] RIP: 0033:0x7fecf2792ff2 [ 204.072213][ C0] RSP: 002b:00007ffc8c83adb8 EFLAGS: 00010206 [ 204.078285][ C0] RAX: 00007fecf276d263 RBX: 0000000000000004 RCX: 00007fecf276d918 [ 204.086261][ C0] RDX: 00000000000006b5 RSI: 0000000000000000 RDI: 00007fecf276d263 [ 204.094242][ C0] RBP: 00007ffc8c83b110 R08: 00007fecf276d263 R09: 0000000000000003 [ 204.102219][ C0] R10: 0000000000000812 R11: 00007ffc8c83b1f8 R12: 00007ffc8c83ae68 [ 204.110202][ C0] R13: 00007fecf276e0c0 R14: 00007ffc8c83b1b0 R15: 00007fecf276d918 [ 204.118193][ C0] [ 204.121225][ C0] rcu: rcu_preempt kthread starved for 10541 jiffies! g10245 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 204.132446][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 204.142420][ C0] rcu: RCU grace-period kthread stack dump: [ 204.148304][ C0] task:rcu_preempt state:R running task stack:27496 pid:17 ppid:2 flags:0x00004000 [ 204.159095][ C0] Call Trace: [ 204.162385][ C0] [ 204.165324][ C0] __schedule+0x14e2/0x4580 [ 204.169877][ C0] ? asan.module_dtor+0x20/0x20 [ 204.174739][ C0] ? enqueue_timer+0x225/0x530 [ 204.179514][ C0] ? __mod_timer+0x984/0xdb0 [ 204.184126][ C0] schedule+0xbd/0x170 [ 204.188237][ C0] schedule_timeout+0x160/0x280 [ 204.193119][ C0] ? console_conditional_schedule+0x40/0x40 [ 204.199060][ C0] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 204.204978][ C0] ? update_process_times+0x1b0/0x1b0 [ 204.210411][ C0] ? prepare_to_swait_event+0x339/0x360 [ 204.215971][ C0] rcu_gp_fqs_loop+0x302/0x1560 [ 204.220849][ C0] ? dyntick_save_progress_counter+0x2b0/0x2b0 [ 204.227099][ C0] ? rcu_gp_init+0x1510/0x1510 [ 204.231878][ C0] ? rcu_gp_cleanup+0xb4c/0xca0 [ 204.236749][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 204.242065][ C0] ? lockdep_hardirqs_on+0x98/0x150 [ 204.247273][ C0] rcu_gp_kthread+0x99/0x380 [ 204.251881][ C0] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 204.257038][ C0] ? __kthread_parkme+0x7a/0x1c0 [ 204.262001][ C0] ? __kthread_parkme+0x162/0x1c0 [ 204.267086][ C0] kthread+0x2fa/0x390 [ 204.271164][ C0] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 204.276315][ C0] ? kthread_blkcg+0xd0/0xd0 [ 204.280940][ C0] ret_from_fork+0x48/0x80 [ 204.285370][ C0] ? kthread_blkcg+0xd0/0xd0 [ 204.289989][ C0] ret_from_fork_asm+0x11/0x20 [ 204.294814][ C0] [ 204.297860][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 204.304182][ C0] Sending NMI from CPU 0 to CPUs 1: [ 204.309464][ C1] NMI backtrace for cpu 1 [ 204.309495][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.6.94-syzkaller #0 [ 204.309510][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 204.309519][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 204.309544][ C1] Code: cc cc cc cc cc cc cc f3 0f 1e fa 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 66 90 0f 00 2d 63 f0 41 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 66 0f 1f 00 55 41 57 41 56 [ 204.309558][ C1] RSP: 0018:ffffc90000187de0 EFLAGS: 000002c2 [ 204.309572][ C1] RAX: a6b81684b2822000 RBX: ffffffff81618a7b RCX: a6b81684b2822000 [ 204.309584][ C1] RDX: 0000000000000001 RSI: ffffffff8aaab2c0 RDI: ffffffff8afc6900 [ 204.309595][ C1] RBP: ffffc90000187f20 R08: ffff8880b8f36d4b R09: 1ffff110171e6da9 [ 204.309606][ C1] R10: dffffc0000000000 R11: ffffed10171e6daa R12: ffffffff8e49ab28 [ 204.309664][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff1100364e780 [ 204.309675][ C1] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 204.309688][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 204.309699][ C1] CR2: 00007f7a80faa158 CR3: 000000007c6bf000 CR4: 00000000003506e0 [ 204.309713][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 204.309721][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 204.309731][ C1] Call Trace: [ 204.309737][ C1] [ 204.309743][ C1] default_idle+0x13/0x20 [ 204.309763][ C1] default_idle_call+0x6c/0xa0 [ 204.309783][ C1] do_idle+0x1eb/0x510 [ 204.309804][ C1] ? lock_chain_count+0x20/0x20 [ 204.309822][ C1] ? idle_inject_timer_fn+0x60/0x60 [ 204.309840][ C1] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 204.309866][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 204.309884][ C1] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 204.309910][ C1] ? _raw_spin_unlock+0x40/0x40 [ 204.309938][ C1] cpu_startup_entry+0x43/0x60 [ 204.309957][ C1] start_secondary+0xee/0xf0 [ 204.309973][ C1] secondary_startup_64_no_verify+0x179/0x17b [ 204.310008][ C1] [ 204.512830][ C0] sched: RT throttling activated [ 211.981370][ T5784] Bluetooth: hci0: command 0x0406 tx timeout [ 211.987588][ T5784] Bluetooth: hci2: command 0x0406 tx timeout [ 211.993843][ T50] Bluetooth: hci3: command 0x0406 tx timeout [ 212.078421][ T5785] Bluetooth: hci1: command 0x0406 tx timeout