last executing test programs: 2m46.916467393s ago: executing program 4 (id=10): symlinkat(&(0x7f0000003040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="070000000400000008000000d9"], 0x50) r0 = shmat(0x0, &(0x7f0000ff1000/0x3000)=nil, 0x400c) shmdt(r0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) prctl$PR_SET_NAME(0xf, &(0x7f0000000980)='\xff\x00\x00\x00\x00\x00\x000`\x14\x99\x06\xc0\x7fs\x00\t\x14\x17\xc3\xf5\xc9\v\x85\xe7\x00\x00\x18\x88\x06\x94\x98\xa9\xe7\x1c\x8a\x89\xdc\xcc\xf7L\xbd%\xc3!\x0e\x91S\xb2~8\"\xe2\xed\xbf\x12\x1a\\6p\'p\xef\x1a\n\x99\x12\xe8\'\x1c\x97M\xa5N\xd9\xbeV&\x1c2K?\x95\xd9\"\xbe\x050+\xca\xea\'\xe9)\xfe\xeb\x9c\xb5\xa0F`\xe4D\x10F\x831\xec\\v\xf0\xab_M\b\x03\xc3\n\x89\x01E`\xd35Q2\xecZz\xdc\x065p\x1c\x8f\x9b\x99IGXO\x00\x00\v\xed\xb0\xc5\xd4\xc7,\x1a\xb3}CMOO\x8a\xa8kh\x7f\x05c\xfc\xebb\xc8\xa2\xa9\xbf\xb3\x9b\xafE\xbd\xc5\xdc\xde\xbe_') r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = epoll_create(0x3ff) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000240)={0xa0000000, 0x1b54c8}) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="16000000"], 0x50) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r7}, 0x9) epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r4, &(0x7f0000000440)={0x2000000}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000)={0xffffffffffffffff}, 0x111, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000340)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x10000, @empty, 0x1}, {0xa, 0x4e21, 0xc, @private0={0xfc, 0x0, '\x00', 0x1}, 0x108}, r8, 0x6}}, 0x48) socket$inet6(0x10, 0x3, 0x0) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r9, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) write$binfmt_script(r9, &(0x7f0000000200), 0xfffffd9d) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x8, &(0x7f00000006c0)=ANY=[@ANYRES64=r6, @ANYRES32=r5], &(0x7f0000000400)='syzkaller\x00', 0x800000, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000240)={'veth0_to_hsr\x00'}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000002c0)={0x5, &(0x7f0000000080)=[{0x2, 0x7, 0xf, 0x1}, {0xbfda, 0x20, 0x4, 0xe}, {0x17f8, 0xfd, 0x7, 0x1}, {0x7fff, 0x7, 0xa9, 0x5}, {0x3, 0xbd, 0x1, 0x8}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) 2m45.641618477s ago: executing program 4 (id=14): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000080)={0x28, r1, 0x1, 0x0, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'bridge0\x00'}}]}]}, 0x28}}, 0x0) 2m45.338368528s ago: executing program 4 (id=15): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r4, 0x8008330e, 0x0) syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) unshare(0x400) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f00000004c0)=@data_frame={@msdu=@type00={{0x0, 0x2, 0x6, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1}, {}, @device_a, @device_a, @initial, {0x7, 0xe}, "", @void, @value=@ver_80211n={0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}}, @a_msdu=[{@device_b, @broadcast, 0x73, "a7c08a8b60a2952ef98794273c17c69946ce3815555e7c9e50128e95776b6edfb389faf2f7bb0bff4aeb410575b4000e0700fe56d93a5f33d52ad728ffb059fd858bf4ad7e57703a2e8f4e9028a11003ded3137efba5b0f119407c2f406a3242619077fa3e72a7db9d71dde1a386217f0dff62"}, {@device_b}, {@device_a, @device_a, 0x20, "a98f12f13e87b9e72fce619be5832e0b769bd3633d3127914388d40dec12cf8b"}, {@device_b, @device_b, 0x55, "ac4982bbf474a3f51bca11d6d376ebaac53139ce1a3cc23042138115f1aec5fb709d381c14fbb9e2873650cd8165330fa385093b18a40e1b70eb36e8a204c208b033d4a93c5c2337bafb5a68adc84e646727450a02"}]}, 0x144) socket$nl_generic(0x10, 0x3, 0x10) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000400)={&(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x80000}) socket$inet(0x2, 0x4000000000000001, 0x0) r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0) ppoll(&(0x7f00000000c0)=[{r5, 0x747}], 0x1, 0x0, 0x0, 0x0) signalfd4(r5, &(0x7f0000000340)={[0x1]}, 0x8, 0x80800) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x4040) 2m36.712438235s ago: executing program 4 (id=29): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) ioctl$USBDEVFS_CLEAR_HALT(r1, 0x80045515, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='user\x00', &(0x7f0000001980)='\xc9$#\xf1\xfe\xb8V\x00\xe9Ps\xfe\xf7\x80\xa2\xb2\xec\';iId\xd2\x1e\xe2g/\xc9\xba\x1d\xc9o9\x89]\xfe \x04\x13\xf0^Kc\rQQ\xf6\x81\'\xf6VM%\x9a\xb3\xeb\xcd;\x99{\xa4\x89/\x80j\x8d\x94\xb7\x89\x11\xc2\b\xb2\xc2\xa1\xaa\x1fQ\xb8\xc9\xc0\xbf\x9f\xf0\a\x04xb;\xc4dQ\x01S\xab\x95H\xadIK\xde\xd7\xaf\xcf\x11\xc2\x0eH\ni\xc1_\xf0\x91_1Z\xca\x7f\xcdn\x85\x83K\xac\xae0Q\x7fr\xe6v\xa2|\xcc\xf1(\xf0\xc1\xa6o\xa2\x87#F\x9d\xb2\x0f\x90\xa6!\x99\x0e\xd9\xa8U\xa5\xe1\x85\xcd&B\x90\xfb\x83\xa1\x1a\xd4[\x05S\xebm\xb3\xef\x19K\x16Gp,\xf2\x82D=', 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000180)='user\x00', &(0x7f00000002c0)='\xfd\xf9E\x01\x00\x00\f\x01\x00\x00\x00\x00\x00\xc1~\x99l\xb7\xd6\xfc\xebw1hn\x1a\xc5\xef\xec,\xa1\xa0\x12\x1c\x7fn\a\\\xec\xd8\x94oh\x1d\xec\xf5jb\xe5\xb2\xa2e\xfd\x9c\xc4\xd22\x9c\xe97#(/\xb1\xe6\x03\xe1\xaa\x96\x92\x8b4}\xc1L\x1b\x9b\xe6n\x97\xc7\x06\xb2Y\xadQ\xa4c\x1b&\x0e?\xc0\x90\xaf\xb29\xf6>\xe1\xe8}D\f\xc1u\xab]$\x1b\x1bt\xda\x9eA\xd3\x1b\x12A\x82\xd5\xa8@\x1eIw\xb2y2F\xe8\xc7\x03e&\x98\"9\t\xe0\x81Pj\xee&\xae{P\xe8\xceL\xe1\xd1V\xc7\xeaF\xd54\x80\xb6%\xaf\xbbK\x85\x95\xf2\x1bG\xf1\xdaq:\xae\xe22\\~j~\xfe\x83\xbb>\xb0\x9b.\xa4\x95\x0eY\xb8j\xe1M\xf5\xa5\x87`\x04\xab\xf1\xc7[\xda{\r\x95\xa4\xea^\xfc\xa7\x8b\x85\xd1ld\xacK\x8aqd\x1d\xaa\x99\xeb\t|@\xd5p\x1d>+\x0e\xec\xe2\xcd\xdc\x8f\x01\xf7\xabH=z\xa5x\x1b\x9f\x95\xd1\x88k\x85L#\x99^p\x18\x98\xec6\xf69y\x052', 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x28, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x4, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x48815}, 0xc000) socket$inet6(0xa, 0x6, 0x79) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8b37, &(0x7f0000000000)={'wlan0\x00'}) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000040)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB="1800"/13, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6"], 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 2m31.33949977s ago: executing program 4 (id=42): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x8) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r0 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43) mknodat$loop(r0, &(0x7f00000002c0)='./file1\x00', 0x10, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000200)='./file0\x00', 0x400) renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x4) 2m30.882902488s ago: executing program 4 (id=43): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 2m15.470196697s ago: executing program 32 (id=43): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 1m27.074730016s ago: executing program 2 (id=168): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x65, &(0x7f0000000040)=0x7fffffff, 0x4) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000340)=0x5, 0x4) sendmmsg$inet6(r0, &(0x7f0000003a80)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x4, @mcast2, 0x3}, 0x1c, 0x0}}], 0x1, 0x20000000) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x8000}}) syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2) read$FUSE(r1, &(0x7f00000062c0)={0x2020}, 0x2020) r2 = socket(0x40000000015, 0x5, 0x0) getsockopt(r2, 0x200000000114, 0x2720, 0x0, &(0x7f0000000040)) r3 = io_uring_setup(0x3c91, &(0x7f0000000900)={0x0, 0x1246, 0x0, 0x10000003, 0x60}) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r5) syz_open_procfs(r4, &(0x7f0000000040)='pagemap\x00') syz_usb_disconnect(0xffffffffffffffff) close_range(r3, 0xffffffffffffffff, 0x0) 1m24.473969962s ago: executing program 2 (id=172): bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) socket$tipc(0x1e, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041) ioctl$USBDEVFS_ALLOC_STREAMS(r5, 0x8008551c, &(0x7f0000000400)=ANY=[@ANYBLOB="4a9800000a00000081ec00000486060b830eeaa1144eb44e4c8ac08e6a6eac4a860fdc1851ddab64fe213700008c63f0c84444fdb3d33f1cee37d289ff436030da41bf"]) 1m17.592994555s ago: executing program 2 (id=180): r0 = creat(0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r4 = openat$binfmt_register(0xffffff9c, &(0x7f0000000000), 0x1, 0x0) write$binfmt_register(r4, &(0x7f0000000200)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0xb, 0x3a, '/proc/sys/fs/binfmt_misc/register\x00', 0x3a, '/proc/sys/fs/binfmt_misc/register\x00', 0x3a, './file0/../file0'}, 0x74) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_setup(0x4dba, &(0x7f0000000380)={0x0, 0xb897, 0x10000, 0x0, 0x394, 0x0, r0}, &(0x7f0000000100), &(0x7f0000000400)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000440)=@IORING_OP_MSG_RING={0x28, 0x21, 0x0, r0, 0x1, &(0x7f0000000480)="241ae7f9af0eb93fe438e49759d529ee78bb4edf5c7c5bc7ddaaba1d9752f68ae208c41b54436ea562082de6256bfd55a09e02f56a1358c060a0f4cbd43e391fe22cb341ba9de02fb6c617220aac1cbbce6fdef844cff2aaeeadd9145740ad199310a9f5faf97007987abb0ee82e1a5ea94eb91c8efa1e7e96501f8b55ea04b121aa81e77aa5fce6915d281534989c6cbf5b8ad75dcc2e07b994a5028b536597e6368b1222e1ad9cb61b0ade09500403bb0632f2d82cdb3697d4c4", 0xbb, 0x2, 0x0, {0x0, r6}}) io_uring_enter(0xffffffffffffffff, 0x4e14, 0x912a, 0x41, 0x0, 0x0) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r7, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3, 0x0, 0x7}}) prctl$PR_GET_TSC(0x43, &(0x7f0000000040)) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 1m14.439826639s ago: executing program 2 (id=183): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$caif_stream(0x25, 0x1, 0x2) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x240400c2) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi0\x00', 0x400, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@union={0x0, 0x1, 0x0, 0x5, 0x1, 0x0, [{0x1, 0x2, 0x4}]}]}}, &(0x7f0000000f40)=""/4089, 0x32, 0xff9, 0x1}, 0x28) capset(0x0, &(0x7f0000000140)) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev}, @IFLA_GRE_IGNORE_DF={0x5}]}}}]}, 0x40}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x80801, 0x0) ioctl$BLKTRACESTART(r5, 0x125f, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) syz_io_uring_setup(0x44cd, &(0x7f00000004c0)={0x0, 0x5331, 0x10100, 0x1000006, 0xfffefffe}, &(0x7f0000000100), &(0x7f0000000140)) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0) 1m13.126188766s ago: executing program 1 (id=185): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44800}, 0x400c0) 1m12.698677439s ago: executing program 1 (id=187): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16ac646d06929c22, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r5, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x48) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, r6, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x18, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1fffffff}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0x6, 0x9, 0x0, 0x0, 0x3}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0x6, 0x0}, {0x18, 0x9, 0x2, 0x0, r7}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x6, 0x1, 0x5, 0x2}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0xd, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1m7.857319723s ago: executing program 1 (id=191): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000440)={0x1, 0x20000006}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8d40, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, 0x0, 0x40042, 0x1) close(r2) ioctl$MEDIA_IOC_ENUM_LINKS(0xffffffffffffffff, 0xc01c7c02, &(0x7f0000000200)={0x80000000, &(0x7f0000000180), &(0x7f00000002c0)=[{}, {{}, {0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc01c7c02, &(0x7f0000000400)={r3, &(0x7f0000000340), &(0x7f0000000380)}) r4 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) r6 = syz_io_uring_setup(0x235, &(0x7f0000000500)={0x0, 0x4533, 0x10100, 0x0, 0x24c, 0x0, r5}, &(0x7f00000001c0)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x201}, 0x1}) io_uring_enter(r6, 0x234f, 0x2d59, 0x2, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r4, 0xc0205710, &(0x7f0000000140)={0x0, 0xcf, 0x9e, 0x1, 0x6}) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x13, 0xffffffffffffffff, 0x0) ppoll(&(0x7f0000000800)=[{r1, 0x2}], 0x1, 0x0, 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000100)={0x0, 0x3, 0x0, 0x1, 0xb, "0076207365cdde8fb7c3e40000004000006000"}) r9 = syz_open_pts(r1, 0x0) openat$nullb(0xffffff9c, &(0x7f00000000c0), 0x4000, 0x0) ioctl$TCFLSH(r9, 0x540b, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={0x0, r5}, 0x18) openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0) syz_open_procfs(0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x400000000000000) 1m6.454889594s ago: executing program 2 (id=192): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1b0000000000000000000000000004000000", @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000015ed667e3a2a0f7c7d667f64fc2ce9d68244d5d059b46ffc16d2f00be843705dd05d03031b93d5f70931984ed4ab9caa12ce629584d6e4e0cf3de61565d7414ad0080248a3"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xa, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x2020}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0x7, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x2}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xa1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x9, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1m6.432568873s ago: executing program 1 (id=193): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000380), r0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}]}]}, 0x28}}, 0x0) ioctl$PPPIOCGUNIT(0xffffffffffffffff, 0x80047456, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r3, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x30, r6, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x17}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)={0x14, r8, 0x1, 0x70bd2c, 0x25dfdbff}, 0x14}}, 0x800) 1m5.366353654s ago: executing program 2 (id=195): socket$inet_smc(0x2b, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f000001e580)=""/102392, 0x18ff8) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0xa0602, 0x0) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0, 0xff2b}], 0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), 0xffffffffffffffff) r3 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x101002, 0x0) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000340)=0xff) r4 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000100)={@multicast2, @loopback}, 0xc) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0xd, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0, 0x4000, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x0, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200000}, 0x94) 1m4.024586265s ago: executing program 1 (id=197): r0 = syz_open_dev$usbfs(0x0, 0x76, 0x103381) ioctl$USBDEVFS_SUBMITURB(r0, 0x802c550a, &(0x7f0000000440)=@urb_type_bulk={0x3, {0x1, 0x1}, 0x6, 0x80, &(0x7f0000000340)="fb737a", 0x3, 0x8, 0x7ff, 0x0, 0x4, 0xc2, 0x0}) 1m2.772915312s ago: executing program 1 (id=198): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x40000002}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, 0x0, 0x0) r5 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) pidfd_getfd(r5, r3, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r6 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r6, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x15, 0x10, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r9}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffff5}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000240)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, @sk_reuseport=0x28, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendto$inet(r4, &(0x7f00000000c0)="1c", 0x10002, 0x0, 0x0, 0x0) 55.377944754s ago: executing program 0 (id=203): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_LBT_MODE(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="04"], 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000cc0), r4) r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000012c0), r4) sendmsg$NLBL_MGMT_C_ADD(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x20, r5, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NLBL_MGMT_A_DOMAIN={0x9, 0x1, 'vfat\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4) 49.474132127s ago: executing program 33 (id=195): socket$inet_smc(0x2b, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f000001e580)=""/102392, 0x18ff8) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0xa0602, 0x0) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0, 0xff2b}], 0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), 0xffffffffffffffff) r3 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x101002, 0x0) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000340)=0xff) r4 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000100)={@multicast2, @loopback}, 0xc) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0xd, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0, 0x4000, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x0, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200000}, 0x94) 47.152394982s ago: executing program 34 (id=198): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x40000002}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, 0x0, 0x0) r5 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) pidfd_getfd(r5, r3, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r6 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r6, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x15, 0x10, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r9}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffff5}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000240)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, @sk_reuseport=0x28, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendto$inet(r4, &(0x7f00000000c0)="1c", 0x10002, 0x0, 0x0, 0x0) 40.813888982s ago: executing program 0 (id=212): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000440)={0x1, 0x20000006}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8d40, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, 0x0, 0x40042, 0x1) close(r2) ioctl$MEDIA_IOC_ENUM_LINKS(0xffffffffffffffff, 0xc01c7c02, &(0x7f0000000200)={0x80000000, &(0x7f0000000180), &(0x7f00000002c0)=[{}, {{}, {0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc01c7c02, &(0x7f0000000400)={r3, &(0x7f0000000340), &(0x7f0000000380)}) r4 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) r6 = syz_io_uring_setup(0x235, &(0x7f0000000500)={0x0, 0x4533, 0x10100, 0x0, 0x24c, 0x0, r5}, &(0x7f00000001c0)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x201}, 0x1}) io_uring_enter(r6, 0x234f, 0x2d59, 0x2, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r4, 0xc0205710, &(0x7f0000000140)={0x0, 0xcf, 0x9e, 0x1, 0x6}) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x13, 0xffffffffffffffff, 0x0) ppoll(&(0x7f0000000800)=[{r1, 0x2}], 0x1, 0x0, 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000100)={0x0, 0x3, 0x0, 0x1, 0xb, "0076207365cdde8fb7c3e40000004000006000"}) r9 = syz_open_pts(r1, 0x0) openat$nullb(0xffffff9c, &(0x7f00000000c0), 0x4000, 0x0) ioctl$TCFLSH(r9, 0x540b, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={0x0, r5}, 0x18) openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0) close_range(r0, 0xffffffffffffffff, 0x400000000000000) 36.863897886s ago: executing program 0 (id=214): bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000023000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000480)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041) ioctl$USBDEVFS_ALLOC_STREAMS(r6, 0x8008551c, &(0x7f0000000400)=ANY=[@ANYBLOB="4a9800000a00000081ec00000486060b830eeaa1144eb44e4c8ac08e6a6eac4a860fdc1851ddab64fe213700008c63f0c84444fdb3d33f1cee37d289ff436030da41bf"]) bind$tipc(r2, &(0x7f0000000400)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x0, 0x2}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f00000001c0)={0x42, 0x1}, 0x10) r7 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r7, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x4}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) 34.561617698s ago: executing program 0 (id=215): r0 = socket$netlink(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x4}, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, {}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x32}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x27}, 0x0, 0x0, 0x0, 0xb7, 0xc0, 0xfffffffe}}, 0xe8) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x1c) 31.472153905s ago: executing program 0 (id=217): r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket(0x2, 0x80805, 0x0) r2 = socket$inet_sctp(0x2, 0x1, 0x84) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_FILES_UPDATE={0x14, 0x2c, 0x0, 0x0, 0xa78, &(0x7f00000004c0)=[r0, r0, r0], 0x3, 0x0, 0x0, {0x0, r3}}) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6e}, 0x2c) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x44, 0x30, 0x1, 0x0, 0x0, {}, [{0x30, 0x1, [@m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x200008d1) prlimit64(0x0, 0xe, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00') preadv(r4, &(0x7f0000000b00)=[{&(0x7f0000000800)=""/132, 0x84}], 0x1, 0x2, 0x7fe) sched_setscheduler(0x0, 0x2, 0x0) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x15d74000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, 0x0, 0x0) sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000180)=0x7, 0x0, 0x4) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000380)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'lc\x00', 0x4, 0x8, 0x77}, {@rand_addr=0x64010102, 0x4e23, 0x2, 0xcd, 0x12d63, 0x3}}, 0x44) read$FUSE(r4, &(0x7f0000000b40)={0x2020}, 0x2040) sendto$inet(0xffffffffffffffff, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) listen(0xffffffffffffffff, 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) 29.025348799s ago: executing program 3 (id=218): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 28.047305642s ago: executing program 3 (id=219): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_LBT_MODE(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="04"], 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000cc0), r4) r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000012c0), r4) sendmsg$NLBL_MGMT_C_ADD(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x20, r5, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NLBL_MGMT_A_DOMAIN={0x9, 0x1, 'vfat\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x4) 26.114981616s ago: executing program 0 (id=220): socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_mptcp(0xa, 0x1, 0x106) mount(0x0, 0x0, 0x0, 0x40078, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) ioctl$FBIOBLANK(0xffffffffffffffff, 0x4611, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='ntfs3\x00', 0x1000080, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000) prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000006c0)=ANY=[@ANYRES64, @ANYRES16=r4, @ANYBLOB="010026bd7000ffdbdf255a00000008000300", @ANYRESHEX=r2], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) setrlimit(0x6, &(0x7f0000000180)={0x6, 0x1fffe}) dup3(r1, r0, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x9) ioperm(0x0, 0x83, 0x1f) gettid() add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000000c0)={'fscrypt:', @desc1}, &(0x7f0000000100)={0x0, "ae8726ab5188a0f5067e3bd54759496126c86baf237e45829712ce015304b94835019543b83b67ddd04d71425cd7e91c2002d71e8c58555fea7b2b3e9571a19f", 0x23}, 0x48, 0xfffffffffffffffd) 22.995933813s ago: executing program 3 (id=221): r0 = creat(0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r4 = openat$binfmt_register(0xffffff9c, &(0x7f0000000000), 0x1, 0x0) write$binfmt_register(r4, &(0x7f0000000200)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0xb, 0x3a, '/proc/sys/fs/binfmt_misc/register\x00', 0x3a, '/proc/sys/fs/binfmt_misc/register\x00', 0x3a, './file0/../file0'}, 0x74) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_setup(0x4dba, &(0x7f0000000380)={0x0, 0xb897, 0x10000, 0x0, 0x394, 0x0, r0}, &(0x7f0000000100), &(0x7f0000000400)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000440)=@IORING_OP_MSG_RING={0x28, 0x21, 0x0, r0, 0x1, &(0x7f0000000480)="241ae7f9af0eb93fe438e49759d529ee78bb4edf5c7c5bc7ddaaba1d9752f68ae208c41b54436ea562082de6256bfd55a09e02f56a1358c060a0f4cbd43e391fe22cb341ba9de02fb6c617220aac1cbbce6fdef844cff2aaeeadd9145740ad199310a9f5faf97007987abb0ee82e1a5ea94eb91c8efa1e7e96501f8b55ea04b121aa81e77aa5fce6915d281534989c6cbf5b8ad75dcc2e07b994a5028b536597e6368b1222e1ad9cb61b0ade09500403bb0632f2d82cdb3697d4c4", 0xbb, 0x2, 0x0, {0x0, r6}}) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r7, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3, 0x0, 0x7}}) prctl$PR_GET_TSC(0x43, &(0x7f0000000040)) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 20.009455075s ago: executing program 3 (id=222): bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000023000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000480)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041) ioctl$USBDEVFS_ALLOC_STREAMS(r6, 0x8008551c, &(0x7f0000000400)=ANY=[@ANYBLOB="4a9800000a00000081ec00000486060b830eeaa1144eb44e4c8ac08e6a6eac4a860fdc1851ddab64fe213700008c63f0c84444fdb3d33f1cee37d289ff436030da41bf"]) bind$tipc(r2, &(0x7f0000000400)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x0, 0x2}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f00000001c0)={0x42, 0x1}, 0x10) r7 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r7, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x4}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) 18.506246209s ago: executing program 3 (id=223): symlinkat(&(0x7f0000003040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="070000000400000008000000d9"], 0x50) r0 = shmat(0x0, &(0x7f0000ff1000/0x3000)=nil, 0x400c) shmdt(r0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) prctl$PR_SET_NAME(0xf, &(0x7f0000000980)='\xff\x00\x00\x00\x00\x00\x000`\x14\x99\x06\xc0\x7fs\x00\t\x14\x17\xc3\xf5\xc9\v\x85\xe7\x00\x00\x18\x88\x06\x94\x98\xa9\xe7\x1c\x8a\x89\xdc\xcc\xf7L\xbd%\xc3!\x0e\x91S\xb2~8\"\xe2\xed\xbf\x12\x1a\\6p\'p\xef\x1a\n\x99\x12\xe8\'\x1c\x97M\xa5N\xd9\xbeV&\x1c2K?\x95\xd9\"\xbe\x050+\xca\xea\'\xe9)\xfe\xeb\x9c\xb5\xa0F`\xe4D\x10F\x831\xec\\v\xf0\xab_M\b\x03\xc3\n\x89\x01E`\xd35Q2\xecZz\xdc\x065p\x1c\x8f\x9b\x99IGXO\x00\x00\v\xed\xb0\xc5\xd4\xc7,\x1a\xb3}CMOO\x8a\xa8kh\x7f\x05c\xfc\xebb\xc8\xa2\xa9\xbf\xb3\x9b\xafE\xbd\xc5\xdc\xde\xbe_') r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = epoll_create(0x3ff) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000240)={0xa0000000, 0x1b54c8}) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="16000000"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r6}, 0x9) epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r4, &(0x7f0000000440)={0x2000000}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000)={0xffffffffffffffff}, 0x111, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000340)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x10000, @empty, 0x1}, {0xa, 0x4e21, 0xc, @private0={0xfc, 0x0, '\x00', 0x1}, 0x108}, r7, 0x6}}, 0x48) socket$inet6(0x10, 0x3, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r8, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) write$binfmt_script(r8, &(0x7f0000000200), 0xfffffd9d) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000240)={'veth0_to_hsr\x00'}) fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) 15.994015127s ago: executing program 3 (id=224): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000440)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) 9.796784113s ago: executing program 35 (id=220): socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_mptcp(0xa, 0x1, 0x106) mount(0x0, 0x0, 0x0, 0x40078, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) ioctl$FBIOBLANK(0xffffffffffffffff, 0x4611, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='ntfs3\x00', 0x1000080, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000) prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000006c0)=ANY=[@ANYRES64, @ANYRES16=r4, @ANYBLOB="010026bd7000ffdbdf255a00000008000300", @ANYRESHEX=r2], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) setrlimit(0x6, &(0x7f0000000180)={0x6, 0x1fffe}) dup3(r1, r0, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x9) ioperm(0x0, 0x83, 0x1f) gettid() add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000000c0)={'fscrypt:', @desc1}, &(0x7f0000000100)={0x0, "ae8726ab5188a0f5067e3bd54759496126c86baf237e45829712ce015304b94835019543b83b67ddd04d71425cd7e91c2002d71e8c58555fea7b2b3e9571a19f", 0x23}, 0x48, 0xfffffffffffffffd) 0s ago: executing program 36 (id=224): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000440)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.48' (ED25519) to the list of known hosts. [ 73.504611][ T5791] cgroup: Unknown subsys name 'net' [ 73.775303][ T5791] cgroup: Unknown subsys name 'cpuset' [ 73.841086][ T5791] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 75.551972][ T5791] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 79.853635][ T5817] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 79.866061][ T5820] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 79.868892][ T5820] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 79.873541][ T5820] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 79.878409][ T5820] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 79.879704][ T5820] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.882814][ T5819] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 79.886860][ T5820] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 79.887080][ T5819] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 79.888000][ T5820] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 79.889777][ T5820] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 79.890125][ T5819] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 79.891242][ T5819] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.895233][ T5820] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 79.895654][ T5820] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.896970][ T5820] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 79.898620][ T5820] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 79.899394][ T5820] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 79.900953][ T5819] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 79.903037][ T5820] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 79.903828][ T5820] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 79.907049][ T5819] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.910284][ T5820] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 79.914615][ T5820] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 79.962394][ T5820] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.850797][ T5805] chnl_net:caif_netlink_parms(): no params data found [ 80.871186][ T5803] chnl_net:caif_netlink_parms(): no params data found [ 80.957781][ T5802] chnl_net:caif_netlink_parms(): no params data found [ 81.137199][ T5801] chnl_net:caif_netlink_parms(): no params data found [ 81.143144][ T5804] chnl_net:caif_netlink_parms(): no params data found [ 81.653439][ T43] cfg80211: failed to load regulatory.db [ 81.826402][ T5805] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.827005][ T5805] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.827541][ T5805] bridge_slave_0: entered allmulticast mode [ 81.829076][ T5805] bridge_slave_0: entered promiscuous mode [ 81.834976][ T5803] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.835092][ T5803] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.835239][ T5803] bridge_slave_0: entered allmulticast mode [ 81.837607][ T5803] bridge_slave_0: entered promiscuous mode [ 81.936616][ T5805] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.936738][ T5805] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.937207][ T5805] bridge_slave_1: entered allmulticast mode [ 81.939669][ T5805] bridge_slave_1: entered promiscuous mode [ 81.943903][ T5803] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.944019][ T5803] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.944455][ T5803] bridge_slave_1: entered allmulticast mode [ 81.946843][ T5803] bridge_slave_1: entered promiscuous mode [ 81.963645][ T5821] Bluetooth: hci3: command tx timeout [ 81.963665][ T5823] Bluetooth: hci4: command tx timeout [ 81.964049][ T5820] Bluetooth: hci2: command tx timeout [ 82.041598][ T5821] Bluetooth: hci0: command tx timeout [ 82.050619][ T5821] Bluetooth: hci1: command tx timeout [ 82.351357][ T5802] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.351462][ T5802] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.351574][ T5802] bridge_slave_0: entered allmulticast mode [ 82.352968][ T5802] bridge_slave_0: entered promiscuous mode [ 82.641599][ T5802] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.641763][ T5802] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.641941][ T5802] bridge_slave_1: entered allmulticast mode [ 82.643575][ T5802] bridge_slave_1: entered promiscuous mode [ 82.645463][ T5801] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.645562][ T5801] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.645670][ T5801] bridge_slave_0: entered allmulticast mode [ 82.647051][ T5801] bridge_slave_0: entered promiscuous mode [ 82.648869][ T5804] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.648982][ T5804] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.649134][ T5804] bridge_slave_0: entered allmulticast mode [ 82.653456][ T5804] bridge_slave_0: entered promiscuous mode [ 82.712378][ T5803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.717199][ T5805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.792294][ T5801] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.792382][ T5801] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.792501][ T5801] bridge_slave_1: entered allmulticast mode [ 82.793914][ T5801] bridge_slave_1: entered promiscuous mode [ 82.795126][ T5804] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.795227][ T5804] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.795333][ T5804] bridge_slave_1: entered allmulticast mode [ 82.796701][ T5804] bridge_slave_1: entered promiscuous mode [ 82.799554][ T5803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.842099][ T5805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.374548][ T5802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.743765][ T5802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.746567][ T5801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.749055][ T5804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.752874][ T5803] team0: Port device team_slave_0 added [ 83.755279][ T5805] team0: Port device team_slave_0 added [ 83.833188][ T5801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.835201][ T5804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.836901][ T5803] team0: Port device team_slave_1 added [ 83.838514][ T5805] team0: Port device team_slave_1 added [ 84.040692][ T5820] Bluetooth: hci3: command tx timeout [ 84.040696][ T5823] Bluetooth: hci2: command tx timeout [ 84.040883][ T5821] Bluetooth: hci4: command tx timeout [ 84.120686][ T5820] Bluetooth: hci0: command tx timeout [ 84.120781][ T5821] Bluetooth: hci1: command tx timeout [ 84.223036][ T5802] team0: Port device team_slave_0 added [ 84.713164][ T5802] team0: Port device team_slave_1 added [ 84.715253][ T5801] team0: Port device team_slave_0 added [ 84.717039][ T5804] team0: Port device team_slave_0 added [ 84.718285][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.718295][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.718308][ T5803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.722728][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.722742][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.722777][ T5805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.852751][ T5801] team0: Port device team_slave_1 added [ 84.854303][ T5804] team0: Port device team_slave_1 added [ 84.854896][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.854905][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.854918][ T5805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.855752][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.855760][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.855773][ T5803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.115318][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.115336][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.115352][ T5802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.284707][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.284720][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.284734][ T5802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.287682][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.287703][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.287718][ T5801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.288948][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.288960][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.288984][ T5804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.306988][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.307004][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.307027][ T5801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.310279][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.310294][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.310316][ T5804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.779637][ T5805] hsr_slave_0: entered promiscuous mode [ 85.781286][ T5805] hsr_slave_1: entered promiscuous mode [ 85.856421][ T5803] hsr_slave_0: entered promiscuous mode [ 85.857668][ T5803] hsr_slave_1: entered promiscuous mode [ 85.858305][ T5803] debugfs: 'hsr0' already exists in 'hsr' [ 85.858390][ T5803] Cannot create hsr debugfs directory [ 86.056411][ T5802] hsr_slave_0: entered promiscuous mode [ 86.057380][ T5802] hsr_slave_1: entered promiscuous mode [ 86.057887][ T5802] debugfs: 'hsr0' already exists in 'hsr' [ 86.057903][ T5802] Cannot create hsr debugfs directory [ 86.120791][ T5820] Bluetooth: hci3: command tx timeout [ 86.120798][ T5823] Bluetooth: hci2: command tx timeout [ 86.120906][ T5821] Bluetooth: hci4: command tx timeout [ 86.200671][ T5821] Bluetooth: hci1: command tx timeout [ 86.200703][ T5820] Bluetooth: hci0: command tx timeout [ 86.396168][ T5804] hsr_slave_0: entered promiscuous mode [ 86.396970][ T5804] hsr_slave_1: entered promiscuous mode [ 86.397479][ T5804] debugfs: 'hsr0' already exists in 'hsr' [ 86.397497][ T5804] Cannot create hsr debugfs directory [ 86.426185][ T5801] hsr_slave_0: entered promiscuous mode [ 86.427013][ T5801] hsr_slave_1: entered promiscuous mode [ 86.427518][ T5801] debugfs: 'hsr0' already exists in 'hsr' [ 86.427539][ T5801] Cannot create hsr debugfs directory [ 87.914887][ T5805] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 87.944547][ T5805] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 87.976016][ T5805] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.026486][ T5805] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.124159][ T5803] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.150802][ T5803] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.186733][ T5803] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.200686][ T5823] Bluetooth: hci2: command tx timeout [ 88.200726][ T5821] Bluetooth: hci3: command tx timeout [ 88.200751][ T5820] Bluetooth: hci4: command tx timeout [ 88.229408][ T5803] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.280577][ T5820] Bluetooth: hci0: command tx timeout [ 88.292575][ T5820] Bluetooth: hci1: command tx timeout [ 88.354053][ T5802] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.393389][ T5802] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.428551][ T5802] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.459864][ T5802] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.578536][ T5804] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.625315][ T5804] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.668147][ T5804] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.706498][ T5804] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.818065][ T5805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.845908][ T5801] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 88.887933][ T5801] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 88.908023][ T5801] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 88.952385][ T5801] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 89.009226][ T5805] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.048918][ T1444] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.049668][ T1444] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.062496][ T5803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.097832][ T1147] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.098042][ T1147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.159728][ T5803] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.193102][ T1444] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.193239][ T1444] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.223366][ T5802] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.244581][ T1444] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.244689][ T1444] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.314491][ T5802] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.322980][ T5804] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.366449][ T1235] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.366670][ T1235] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.427509][ T1122] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.427657][ T1122] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.496789][ T5804] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.536929][ T1122] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.537098][ T1122] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.552682][ T5801] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.580078][ T1122] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.580156][ T1122] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.651314][ T5801] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.701995][ T1147] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.702223][ T1147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.742389][ T1147] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.742597][ T1147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.747859][ T5805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.085466][ T5805] veth0_vlan: entered promiscuous mode [ 90.173572][ T5805] veth1_vlan: entered promiscuous mode [ 90.191395][ T5803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.256370][ T5802] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.323440][ T5805] veth0_macvtap: entered promiscuous mode [ 90.347684][ T5804] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.365592][ T5805] veth1_macvtap: entered promiscuous mode [ 90.455912][ T5803] veth0_vlan: entered promiscuous mode [ 90.476006][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.515524][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.529939][ T5803] veth1_vlan: entered promiscuous mode [ 90.538302][ T5802] veth0_vlan: entered promiscuous mode [ 90.560211][ T3502] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.566689][ T5801] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.584991][ T3502] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.598175][ T3502] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.612959][ T3502] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.626543][ T5802] veth1_vlan: entered promiscuous mode [ 90.692402][ T5804] veth0_vlan: entered promiscuous mode [ 90.816037][ T5804] veth1_vlan: entered promiscuous mode [ 90.858353][ T5803] veth0_macvtap: entered promiscuous mode [ 90.927756][ T5803] veth1_macvtap: entered promiscuous mode [ 91.018428][ T5802] veth0_macvtap: entered promiscuous mode [ 91.038940][ T1147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.038964][ T1147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.060144][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.064598][ T5802] veth1_macvtap: entered promiscuous mode [ 91.105053][ T5804] veth0_macvtap: entered promiscuous mode [ 91.127082][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.154166][ T5804] veth1_macvtap: entered promiscuous mode [ 91.164006][ T1444] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.178502][ T1147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.178520][ T1147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.181343][ T1444] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.199219][ T1444] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.206011][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.220995][ T1444] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.273408][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.330724][ T5801] veth0_vlan: entered promiscuous mode [ 91.349715][ T3950] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.364041][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.423340][ T3950] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.431705][ T3950] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.447163][ T3950] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.456259][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.515022][ T5801] veth1_vlan: entered promiscuous mode [ 91.594312][ T3502] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.658370][ T3502] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.671397][ T3502] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.674073][ T3502] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.800983][ T3950] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.800998][ T3950] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.992557][ T3461] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.992577][ T3461] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.009745][ T5801] veth0_macvtap: entered promiscuous mode [ 92.039084][ T5801] veth1_macvtap: entered promiscuous mode [ 92.084623][ T1235] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.084643][ T1235] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.240151][ T3461] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.240171][ T3461] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.319536][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.368935][ T3950] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.368951][ T3950] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.388449][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.480927][ T69] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.480958][ T69] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.480979][ T69] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.480999][ T69] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.711823][ T3502] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.711838][ T3502] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.135863][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.135880][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.330339][ T3502] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.333162][ T3502] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.765912][ T3814] Bluetooth: hci5: Frame reassembly failed (-84) [ 93.790596][ T3950] Bluetooth: hci5: Frame reassembly failed (-84) [ 93.790671][ T3950] Bluetooth: hci5: Frame reassembly failed (-84) [ 93.793120][ T3461] Bluetooth: hci5: Frame reassembly failed (-84) [ 93.890529][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 94.012315][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 95.062334][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 95.065567][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 95.160466][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 95.790532][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 95.856654][ T5821] Bluetooth: hci5: command 0x1003 tx timeout [ 95.857385][ T5820] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 95.984402][ T5949] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 95.984430][ T5949] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 96.130947][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 96.131128][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 96.132279][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 96.132451][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 96.773687][ T5949] vhci_hcd vhci_hcd.0: Device attached [ 97.490569][ T5849] usb 34-1: SetAddress Request (2) to port 0 [ 97.490766][ T5849] usb 34-1: new SuperSpeed USB device number 2 using vhci_hcd [ 99.023106][ T5985] nbd1: detected capacity change from 0 to 63 [ 99.044260][ T5986] block nbd1: NBD_DISCONNECT [ 99.057788][ T5952] vhci_hcd: connection reset by peer [ 99.111885][ T3502] vhci_hcd vhci_hcd.0: stop threads [ 99.115075][ T3502] vhci_hcd vhci_hcd.0: release socket [ 99.115264][ T3502] vhci_hcd vhci_hcd.0: disconnect device [ 99.206282][ T5986] block nbd1: Disconnected due to user request. [ 99.206979][ T5868] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 99.208246][ T5868] Buffer I/O error on dev nbd1, logical block 1, async page read [ 99.210766][ T5986] block nbd1: shutting down sockets [ 99.337249][ T5988] warning: `syz.2.17' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 99.427866][ C0] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 99.427892][ C0] Buffer I/O error on dev nbd1, logical block 0, async page read [ 99.428206][ T11] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 2 prio class 2 [ 99.428225][ T11] Buffer I/O error on dev nbd1, logical block 2, async page read [ 99.428248][ T11] Buffer I/O error on dev nbd1, logical block 3, async page read [ 99.453757][ T5868] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 99.453789][ T5868] Buffer I/O error on dev nbd1, logical block 0, async page read [ 99.453843][ T5868] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 99.453864][ T5868] Buffer I/O error on dev nbd1, logical block 1, async page read [ 99.453909][ T5868] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 99.453930][ T5868] Buffer I/O error on dev nbd1, logical block 2, async page read [ 99.453973][ T5868] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 99.453994][ T5868] Buffer I/O error on dev nbd1, logical block 3, async page read [ 99.454043][ T5868] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 99.454064][ T5868] Buffer I/O error on dev nbd1, logical block 0, async page read [ 99.454107][ T5868] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 99.454127][ T5868] Buffer I/O error on dev nbd1, logical block 1, async page read [ 99.454170][ T5868] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 99.454971][ T5868] ldm_validate_partition_table(): Disk read failed. [ 99.455575][ T5868] Dev nbd1: unable to read RDB block 0 [ 99.456323][ T5868] nbd1: unable to read partition table [ 99.691422][ T5868] ldm_validate_partition_table(): Disk read failed. [ 99.700002][ T5868] Dev nbd1: unable to read RDB block 0 [ 99.701337][ T5868] nbd1: unable to read partition table [ 100.064267][ T5992] syzkaller0: entered promiscuous mode [ 100.064282][ T5992] syzkaller0: entered allmulticast mode [ 100.319909][ T6000] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5) [ 100.319937][ T6000] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 100.321957][ T6000] vhci_hcd vhci_hcd.0: Device attached [ 100.327752][ T6000] random: crng reseeded on system resumption [ 100.464444][ T6003] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 100.730567][ T5811] usb 42-1: SetAddress Request (2) to port 0 [ 100.730648][ T5811] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd [ 102.215604][ T6013] ntfs3(nullb0): Primary boot signature is not NTFS. [ 102.217015][ T6013] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 102.946389][ T5849] usb 34-1: device descriptor read/8, error -110 [ 102.954793][ T6001] vhci_hcd: connection reset by peer [ 103.009167][ T3814] vhci_hcd vhci_hcd.4: stop threads [ 103.009193][ T3814] vhci_hcd vhci_hcd.4: release socket [ 103.025405][ T3814] vhci_hcd vhci_hcd.4: disconnect device [ 103.388883][ T5849] usb usb34-port1: attempt power cycle [ 103.578742][ T5923] IPVS: starting estimator thread 0... [ 103.670984][ T6021] IPVS: using max 9 ests per chain, 21600 per kthread [ 104.071436][ T5849] usb usb34-port1: unable to enumerate USB device [ 106.186280][ T5811] usb 42-1: device descriptor read/8, error -110 [ 106.655389][ T6032] Zero length message leads to an empty skb [ 106.791297][ T5811] usb usb42-port1: attempt power cycle [ 107.650700][ T6035] 9pnet_virtio: no channels available for device syz [ 108.842311][ T5811] usb usb42-port1: unable to enumerate USB device [ 109.487048][ T5976] usb 2-1: new low-speed USB device number 2 using dummy_hcd [ 111.283242][ T5976] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 111.283296][ T5976] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 111.283320][ T5976] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 111.283343][ T5976] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 111.283367][ T5976] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 111.287037][ T5976] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 111.287090][ T5976] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 111.287115][ T5976] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 111.287139][ T5976] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 111.287159][ T5976] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 111.289462][ T5976] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 111.289513][ T5976] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 111.289539][ T5976] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 111.289561][ T5976] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 111.289584][ T5976] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 111.296514][ T6061] Bluetooth: MGMT ver 1.23 [ 111.381185][ T5976] usb 2-1: string descriptor 0 read error: -22 [ 111.381299][ T5976] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 111.381320][ T5976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.653797][ T6066] ======================================================= [ 111.653797][ T6066] WARNING: The mand mount option has been deprecated and [ 111.653797][ T6066] and is ignored by this kernel. Remove the mand [ 111.653797][ T6066] option from the mount to silence this warning. [ 111.653797][ T6066] ======================================================= [ 111.654013][ T6066] 9pnet_virtio: no channels available for device syz [ 112.623621][ T5976] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 112.751064][ T5976] usb 2-1: USB disconnect, device number 2 [ 112.755674][ T6075] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 113.430804][ T5821] Bluetooth: hci2: command 0x0401 tx timeout [ 113.502130][ T5820] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 114.148149][ T6082] 9pnet_virtio: no channels available for device syz [ 115.339558][ T6098] process 'syz.4.43' launched './file0' with NULL argv: empty string added [ 116.841333][ T5820] block nbd1: Receive control failed (result -32) [ 117.045081][ T6102] nbd1: detected capacity change from 0 to 63 [ 117.045715][ T6107] block nbd1: NBD_DISCONNECT [ 117.045732][ T6107] block nbd1: Send disconnect failed -32 [ 117.045743][ T6107] block nbd1: shutting down sockets [ 117.080705][ T32] blk_print_req_error: 137 callbacks suppressed [ 117.080718][ T32] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 4 prio class 2 [ 117.080733][ T32] buffer_io_error: 138 callbacks suppressed [ 117.080739][ T32] Buffer I/O error on dev nbd1, logical block 0, async page read [ 117.080752][ T32] Buffer I/O error on dev nbd1, logical block 1, async page read [ 117.080761][ T32] Buffer I/O error on dev nbd1, logical block 2, async page read [ 117.080769][ T32] Buffer I/O error on dev nbd1, logical block 3, async page read [ 117.084094][ T5868] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 117.084114][ T5868] Buffer I/O error on dev nbd1, logical block 0, async page read [ 117.084145][ T5868] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 117.084157][ T5868] Buffer I/O error on dev nbd1, logical block 1, async page read [ 117.084183][ T5868] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 117.084195][ T5868] Buffer I/O error on dev nbd1, logical block 2, async page read [ 117.084220][ T5868] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 117.084231][ T5868] Buffer I/O error on dev nbd1, logical block 3, async page read [ 117.084263][ T5868] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 117.084274][ T5868] Buffer I/O error on dev nbd1, logical block 0, async page read [ 117.084299][ T5868] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 117.084311][ T5868] Buffer I/O error on dev nbd1, logical block 1, async page read [ 117.084336][ T5868] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 117.084366][ T5868] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 117.084411][ T5868] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 117.084839][ T5868] ldm_validate_partition_table(): Disk read failed. [ 117.085168][ T5868] Dev nbd1: unable to read RDB block 0 [ 117.085604][ T5868] nbd1: unable to read partition table [ 117.137063][ T5868] ldm_validate_partition_table(): Disk read failed. [ 117.137637][ T5868] Dev nbd1: unable to read RDB block 0 [ 117.138362][ T5868] nbd1: unable to read partition table [ 117.252448][ T31] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 117.452724][ T31] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 117.452753][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.452827][ T31] usb 1-1: Product: syz [ 117.452840][ T31] usb 1-1: Manufacturer: syz [ 117.452853][ T31] usb 1-1: SerialNumber: syz [ 117.523005][ T31] usb 1-1: config 0 descriptor?? [ 118.225554][ T6026] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 118.384941][ T6026] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 118.384975][ T6026] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 118.387799][ T6026] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 8.00 [ 118.387911][ T6026] usb 2-1: New USB device strings: Mfr=0, Product=16, SerialNumber=0 [ 118.387930][ T6026] usb 2-1: Product: syz [ 118.477439][ T6026] usb 2-1: config 0 descriptor?? [ 118.970077][ T6026] cm6533_jd 0003:0D8C:0022.0001: unknown main item tag 0x0 [ 118.981425][ T6026] cm6533_jd 0003:0D8C:0022.0001: unknown main item tag 0x0 [ 119.033672][ T6026] input: syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0D8C:0022.0001/input/input5 [ 119.120074][ T6026] cm6533_jd 0003:0D8C:0022.0001: input,hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 119.243022][ T6026] usb 2-1: USB disconnect, device number 3 [ 119.523615][ T5820] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 119.523663][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: kworker/u9:6 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 119.523687][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 119.523699][ T5820] Workqueue: hci1 hci_rx_work [ 119.523735][ T5820] Call Trace: [ 119.523745][ T5820] [ 119.523754][ T5820] dump_stack_lvl+0xe8/0x150 [ 119.523784][ T5820] sysfs_create_dir_ns+0x259/0x280 [ 119.523811][ T5820] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 119.523837][ T5820] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 119.523865][ T5820] ? rt_spin_unlock+0x161/0x200 [ 119.523890][ T5820] kobject_add_internal+0x6b1/0xcd0 [ 119.523919][ T5820] kobject_add+0x155/0x220 [ 119.523944][ T5820] ? __pfx_kobject_add+0x10/0x10 [ 119.523971][ T5820] ? get_device_parent+0x370/0x3a0 [ 119.523993][ T5820] device_add+0x408/0xb80 [ 119.524015][ T5820] hci_conn_add_sysfs+0xd5/0x210 [ 119.524044][ T5820] le_conn_complete_evt+0xf1d/0x1420 [ 119.524074][ T5820] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 119.524095][ T5820] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 119.524112][ T5820] ? lockdep_hardirqs_on+0x7b/0x110 [ 119.524140][ T5820] ? skb_pull_data+0xfb/0x200 [ 119.524170][ T5820] hci_le_conn_complete_evt+0x187/0x480 [ 119.524199][ T5820] hci_event_packet+0x78f/0x1260 [ 119.524230][ T5820] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 119.524255][ T5820] ? __pfx_hci_event_packet+0x10/0x10 [ 119.524281][ T5820] ? rt_spin_unlock+0x150/0x200 [ 119.524314][ T5820] ? hci_send_to_monitor+0xe2/0x590 [ 119.524341][ T5820] hci_rx_work+0x3ee/0x1060 [ 119.524366][ T5820] ? process_scheduled_works+0x9ef/0x1770 [ 119.524390][ T5820] process_scheduled_works+0xad1/0x1770 [ 119.524439][ T5820] ? __pfx_process_scheduled_works+0x10/0x10 [ 119.524459][ T5820] ? do_raw_spin_lock+0x121/0x290 [ 119.524494][ T5820] worker_thread+0x8a0/0xda0 [ 119.524542][ T5820] kthread+0x711/0x8a0 [ 119.524571][ T5820] ? __pfx_worker_thread+0x10/0x10 [ 119.524594][ T5820] ? __pfx_kthread+0x10/0x10 [ 119.524617][ T5820] ? rt_spin_unlock+0x150/0x200 [ 119.524646][ T5820] ? rt_spin_unlock+0x161/0x200 [ 119.524668][ T5820] ? __pfx_kthread+0x10/0x10 [ 119.524696][ T5820] ret_from_fork+0x510/0xa50 [ 119.524720][ T5820] ? __pfx_ret_from_fork+0x10/0x10 [ 119.524739][ T5820] ? __switch_to+0xc9e/0x1480 [ 119.524772][ T5820] ? __pfx_kthread+0x10/0x10 [ 119.524798][ T5820] ret_from_fork_asm+0x1a/0x30 [ 119.524844][ T5820] [ 119.524877][ T5820] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 119.524916][ T5820] Bluetooth: hci1: failed to register connection device [ 119.845502][ T6135] fido_id[6135]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 119.930629][ T6057] usb 4-1: new low-speed USB device number 2 using dummy_hcd [ 120.092976][ T6057] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 120.093047][ T6057] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 120.093071][ T6057] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 120.093093][ T6057] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 120.093117][ T6057] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 120.095182][ T6057] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 120.095231][ T6057] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 120.095254][ T6057] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 120.095272][ T6057] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 120.095294][ T6057] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 120.098666][ T6057] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 120.098715][ T6057] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 120.098739][ T6057] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 120.098762][ T6057] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 120.098785][ T6057] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 120.475506][ T6057] usb 4-1: string descriptor 0 read error: -22 [ 120.475649][ T6057] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 120.475671][ T6057] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.517310][ T6057] adutux 4-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 120.788344][ T6036] usb 4-1: USB disconnect, device number 2 [ 121.046797][ T6057] usb 1-1: USB disconnect, device number 2 [ 123.130516][ T6165] usb usb5: usbfs: process 6165 (syz.3.64) did not claim interface 0 before use [ 123.773040][ T5820] block nbd2: Receive control failed (result -32) [ 123.878642][ T6154] nbd2: detected capacity change from 0 to 63 [ 123.891981][ T6161] block nbd2: NBD_DISCONNECT [ 123.892002][ T6161] block nbd2: Send disconnect failed -32 [ 123.892013][ T6161] block nbd2: shutting down sockets [ 124.932997][ T6167] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 128.433349][ T5923] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 128.675258][ T5923] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 128.675288][ T5923] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.675307][ T5923] usb 3-1: Product: syz [ 128.675320][ T5923] usb 3-1: Manufacturer: syz [ 128.675333][ T5923] usb 3-1: SerialNumber: syz [ 128.682602][ T5923] usb 3-1: config 0 descriptor?? [ 130.442191][ T6214] nbd1: detected capacity change from 0 to 63 [ 130.442554][ T6216] block nbd1: NBD_DISCONNECT [ 130.444621][ T6216] block nbd1: Disconnected due to user request. [ 130.444640][ T6216] block nbd1: shutting down sockets [ 130.491152][ T11] blk_print_req_error: 135 callbacks suppressed [ 130.491170][ T11] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 4 prio class 2 [ 130.491194][ T11] buffer_io_error: 138 callbacks suppressed [ 130.491203][ T11] Buffer I/O error on dev nbd1, logical block 0, async page read [ 130.491223][ T11] Buffer I/O error on dev nbd1, logical block 1, async page read [ 130.491239][ T11] Buffer I/O error on dev nbd1, logical block 2, async page read [ 130.491255][ T11] Buffer I/O error on dev nbd1, logical block 3, async page read [ 130.493194][ T6132] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 130.493224][ T6132] Buffer I/O error on dev nbd1, logical block 0, async page read [ 130.493278][ T6132] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 130.493298][ T6132] Buffer I/O error on dev nbd1, logical block 1, async page read [ 130.493345][ T6132] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 130.493366][ T6132] Buffer I/O error on dev nbd1, logical block 2, async page read [ 130.493413][ T6132] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 130.493434][ T6132] Buffer I/O error on dev nbd1, logical block 3, async page read [ 130.493488][ T6132] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 130.493509][ T6132] Buffer I/O error on dev nbd1, logical block 0, async page read [ 130.493554][ T6132] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 130.493575][ T6132] Buffer I/O error on dev nbd1, logical block 1, async page read [ 130.493620][ T6132] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 130.493673][ T6132] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 130.493734][ T6132] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 130.543447][ T6132] ldm_validate_partition_table(): Disk read failed. [ 130.544023][ T6132] Dev nbd1: unable to read RDB block 0 [ 130.575139][ T6132] nbd1: unable to read partition table [ 130.754423][ T6132] ldm_validate_partition_table(): Disk read failed. [ 130.755029][ T6132] Dev nbd1: unable to read RDB block 0 [ 130.755782][ T6132] nbd1: unable to read partition table [ 130.800577][ T5821] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 130.823581][ T5821] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 130.833968][ T5821] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 130.835443][ T5821] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 130.836354][ T5821] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 130.942728][ T6212] syz.0.81 (6212) used greatest stack depth: 17952 bytes left [ 133.874920][ T5821] Bluetooth: hci5: command tx timeout [ 134.018220][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 134.018320][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.688780][ T6252] usb usb5: usbfs: process 6252 (syz.3.90) did not claim interface 0 before use [ 136.373714][ T5821] Bluetooth: hci5: command tx timeout [ 136.575244][ T6254] Context (ID=0x1) not attached to queue pair (handle=0x0:0x2) [ 137.474337][ T6197] usb 3-1: USB disconnect, device number 2 [ 137.548678][ T6217] chnl_net:caif_netlink_parms(): no params data found [ 138.441866][ T5821] Bluetooth: hci5: command tx timeout [ 140.034593][ T5821] block nbd2: Receive control failed (result -32) [ 140.202696][ T6265] nbd2: detected capacity change from 0 to 63 [ 140.203131][ T6269] block nbd2: NBD_DISCONNECT [ 140.203157][ T6269] block nbd2: Send disconnect failed -32 [ 140.203175][ T6269] block nbd2: shutting down sockets [ 140.418952][ T32] blk_print_req_error: 135 callbacks suppressed [ 140.418971][ T32] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 4 prio class 2 [ 140.418997][ T32] buffer_io_error: 138 callbacks suppressed [ 140.419008][ T32] Buffer I/O error on dev nbd2, logical block 0, async page read [ 140.419028][ T32] Buffer I/O error on dev nbd2, logical block 1, async page read [ 140.419044][ T32] Buffer I/O error on dev nbd2, logical block 2, async page read [ 140.419060][ T32] Buffer I/O error on dev nbd2, logical block 3, async page read [ 140.426321][ T6132] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 140.426352][ T6132] Buffer I/O error on dev nbd2, logical block 0, async page read [ 140.426407][ T6132] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 140.426428][ T6132] Buffer I/O error on dev nbd2, logical block 1, async page read [ 140.426472][ T6132] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 140.426492][ T6132] Buffer I/O error on dev nbd2, logical block 2, async page read [ 140.426542][ T6132] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 140.426563][ T6132] Buffer I/O error on dev nbd2, logical block 3, async page read [ 140.426615][ T6132] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 140.426636][ T6132] Buffer I/O error on dev nbd2, logical block 0, async page read [ 140.426679][ T6132] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 140.426699][ T6132] Buffer I/O error on dev nbd2, logical block 1, async page read [ 140.426742][ T6132] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 140.426794][ T6132] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 140.426853][ T6132] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 140.427574][ T6132] ldm_validate_partition_table(): Disk read failed. [ 140.428133][ T6132] Dev nbd2: unable to read RDB block 0 [ 140.428853][ T6132] nbd2: unable to read partition table [ 141.226460][ T5821] Bluetooth: hci5: command tx timeout [ 141.358861][ T6132] ldm_validate_partition_table(): Disk read failed. [ 141.359438][ T6132] Dev nbd2: unable to read RDB block 0 [ 141.372007][ T6132] nbd2: unable to read partition table [ 141.441973][ T5821] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 141.820532][ T6036] usb 4-1: new low-speed USB device number 3 using dummy_hcd [ 142.680476][ T6036] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 142.680554][ T6036] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 142.680580][ T6036] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 142.680602][ T6036] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 142.680624][ T6036] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 142.681713][ T6036] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 142.681760][ T6036] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 142.681784][ T6036] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 142.681807][ T6036] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 142.681831][ T6036] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 142.682880][ T6036] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 142.682928][ T6036] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 142.682952][ T6036] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 142.682976][ T6036] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 142.683006][ T6036] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 142.700897][ T6036] usb 4-1: string descriptor 0 read error: -22 [ 142.701044][ T6036] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 142.701069][ T6036] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.754089][ T6036] adutux 4-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 143.849311][ T806] usb 4-1: USB disconnect, device number 3 [ 144.350601][ T6036] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 144.500523][ T6036] usb 2-1: Using ep0 maxpacket: 32 [ 144.503466][ T6036] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 144.526040][ T6036] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 144.526058][ T6036] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 144.526068][ T6036] usb 2-1: Product: syz [ 144.526075][ T6036] usb 2-1: Manufacturer: syz [ 144.526082][ T6036] usb 2-1: SerialNumber: syz [ 145.283035][ T6036] usb 2-1: config 0 descriptor?? [ 145.284798][ T6312] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 145.497274][ T13] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.579216][ T5214] usb 2-1: USB disconnect, device number 4 [ 146.053016][ T6337] nbd3: detected capacity change from 0 to 63 [ 146.053504][ T6338] block nbd3: NBD_DISCONNECT [ 146.058769][ T6338] block nbd3: Disconnected due to user request. [ 146.059044][ T6338] block nbd3: shutting down sockets [ 146.100632][ T11] blk_print_req_error: 135 callbacks suppressed [ 146.100652][ T11] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 4 prio class 2 [ 146.100678][ T11] buffer_io_error: 138 callbacks suppressed [ 146.100688][ T11] Buffer I/O error on dev nbd3, logical block 0, async page read [ 146.100707][ T11] Buffer I/O error on dev nbd3, logical block 1, async page read [ 146.100724][ T11] Buffer I/O error on dev nbd3, logical block 2, async page read [ 146.100740][ T11] Buffer I/O error on dev nbd3, logical block 3, async page read [ 146.100881][ T6132] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 146.100905][ T6132] Buffer I/O error on dev nbd3, logical block 0, async page read [ 146.100943][ T6132] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 146.100955][ T6132] Buffer I/O error on dev nbd3, logical block 1, async page read [ 146.100981][ T6132] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 146.100993][ T6132] Buffer I/O error on dev nbd3, logical block 2, async page read [ 146.101018][ T6132] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 146.101030][ T6132] Buffer I/O error on dev nbd3, logical block 3, async page read [ 146.101081][ T6132] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 146.101102][ T6132] Buffer I/O error on dev nbd3, logical block 0, async page read [ 146.101144][ T6132] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 146.101161][ T6132] Buffer I/O error on dev nbd3, logical block 1, async page read [ 146.101205][ T6132] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 146.101256][ T6132] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 146.101313][ T6132] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 146.102042][ T6132] ldm_validate_partition_table(): Disk read failed. [ 146.102635][ T6132] Dev nbd3: unable to read RDB block 0 [ 146.103379][ T6132] nbd3: unable to read partition table [ 146.127159][ T6132] ldm_validate_partition_table(): Disk read failed. [ 146.127731][ T6132] Dev nbd3: unable to read RDB block 0 [ 146.128425][ T6132] nbd3: unable to read partition table [ 146.350812][ T37] audit: type=1326 audit(1767184182.887:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6328 comm="syz.0.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42a55df749 code=0x7fc00000 [ 146.723102][ T13] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.594120][ T6217] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.594305][ T6217] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.594543][ T6217] bridge_slave_0: entered allmulticast mode [ 147.607467][ T6217] bridge_slave_0: entered promiscuous mode [ 147.635789][ T6217] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.635981][ T6217] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.636203][ T6217] bridge_slave_1: entered allmulticast mode [ 147.652071][ T6217] bridge_slave_1: entered promiscuous mode [ 148.592176][ T6362] netlink: 8 bytes leftover after parsing attributes in process `syz.0.118'. [ 148.592224][ T6362] netlink: 8 bytes leftover after parsing attributes in process `syz.0.118'. [ 151.044403][ T13] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.151262][ T6375] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 151.216114][ T6383] netlink: 14 bytes leftover after parsing attributes in process `syz.1.121'. [ 151.259717][ T6375] 8021q: adding VLAN 0 to HW filter on device bond1 [ 151.274936][ T6375] bond0: (slave bond1): Enslaving as an active interface with an up link [ 151.667749][ T13] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.515252][ T6217] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 152.530472][ T5956] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 152.743334][ T6395] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 152.743360][ T6395] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 152.748471][ T6395] vhci_hcd vhci_hcd.0: Device attached [ 152.964363][ T5956] usb 1-1: Using ep0 maxpacket: 8 [ 152.966701][ T5956] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 152.966764][ T5956] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 152.966784][ T5956] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 152.966807][ T5956] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 152.966829][ T5956] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 152.966868][ T5956] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 152.966889][ T5956] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.211524][ T806] usb 38-1: SetAddress Request (2) to port 0 [ 153.214444][ T806] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd [ 153.315776][ T5956] usb 1-1: usb_control_msg returned -32 [ 153.315823][ T5956] usbtmc 1-1:16.0: can't read capabilities [ 153.410308][ T6396] vhci_hcd: connection reset by peer [ 153.413836][ T69] vhci_hcd vhci_hcd.2: stop threads [ 153.413868][ T69] vhci_hcd vhci_hcd.2: release socket [ 153.413929][ T69] vhci_hcd vhci_hcd.2: disconnect device [ 153.675190][ T6402] usbtmc 1-1:16.0: usb_control_msg returned -32 [ 153.725363][ T5956] usb 1-1: USB disconnect, device number 3 [ 156.461247][ T6383] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 156.527387][ T6383] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 156.577234][ T6383] bond0 (unregistering): (slave bond1): Releasing backup interface [ 156.622720][ T6383] bond0 (unregistering): Released all slaves [ 156.658863][ T6217] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 158.703869][ T806] usb 38-1: device descriptor read/8, error -110 [ 159.032568][ T6217] team0: Port device team_slave_0 added [ 159.040141][ T6217] team0: Port device team_slave_1 added [ 159.102572][ T806] usb usb38-port1: attempt power cycle [ 160.022543][ T5976] usb 1-1: new low-speed USB device number 4 using dummy_hcd [ 160.252650][ T5976] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 160.252700][ T5976] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 160.252725][ T5976] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 160.252749][ T5976] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 160.252770][ T5976] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 160.256013][ T5976] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 160.256065][ T5976] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 160.256090][ T5976] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 160.256111][ T5976] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 160.256134][ T5976] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 160.257562][ T5976] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 160.257615][ T5976] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 160.257639][ T5976] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 160.257663][ T5976] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 160.257687][ T5976] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 160.269393][ T806] usb usb38-port1: unable to enumerate USB device [ 160.311431][ T5976] usb 1-1: string descriptor 0 read error: -22 [ 160.311620][ T5976] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 160.311641][ T5976] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.406249][ T5976] adutux 1-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 160.641315][ T5976] usb 1-1: USB disconnect, device number 4 [ 160.657302][ T6217] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 160.657318][ T6217] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 160.657342][ T6217] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 160.726357][ T6217] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 160.726373][ T6217] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 160.726397][ T6217] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 161.875660][ T6454] fuse: Bad value for 'fd' [ 164.270162][ T6466] ntfs3(nullb0): Primary boot signature is not NTFS. [ 164.661547][ T6466] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 164.802135][ T13] bridge_slave_1: left allmulticast mode [ 164.802269][ T13] bridge_slave_1: left promiscuous mode [ 164.829136][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.521265][ T13] bridge_slave_0: left allmulticast mode [ 165.521295][ T13] bridge_slave_0: left promiscuous mode [ 165.521538][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.760512][ T5887] usb 1-1: new low-speed USB device number 5 using dummy_hcd [ 167.813050][ T6495] netlink: 'syz.1.153': attribute type 1 has an invalid length. [ 167.938339][ T5887] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 167.938402][ T5887] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 167.938427][ T5887] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 167.938451][ T5887] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 167.938475][ T5887] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 167.940298][ T5887] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 168.006951][ T5887] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 168.006983][ T5887] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 168.007004][ T5887] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 168.007025][ T5887] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 168.008557][ T5887] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 168.008608][ T5887] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 168.008634][ T5887] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 168.008657][ T5887] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 168.008681][ T5887] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 168.384436][ T5887] usb 1-1: string descriptor 0 read error: -22 [ 168.384584][ T5887] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 168.384606][ T5887] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.465288][ T5887] adutux 1-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 168.658417][ T5887] usb 1-1: USB disconnect, device number 5 [ 172.113774][ T6505] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 173.331007][ T6521] usb usb5: usbfs: process 6521 (syz.3.157) did not claim interface 0 before use [ 175.231536][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 175.763512][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 175.805653][ T13] bond0 (unregistering): Released all slaves [ 176.359459][ T6217] hsr_slave_0: entered promiscuous mode [ 176.401323][ T6543] netlink: 'syz.2.167': attribute type 1 has an invalid length. [ 176.457352][ T6217] hsr_slave_1: entered promiscuous mode [ 176.470061][ T6217] debugfs: 'hsr0' already exists in 'hsr' [ 176.470079][ T6217] Cannot create hsr debugfs directory [ 179.906783][ T6557] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.171' sets config #1 [ 183.933300][ T6584] netlink: 'syz.1.177': attribute type 1 has an invalid length. [ 184.946924][ T6036] IPVS: starting estimator thread 0... [ 185.032842][ T6590] IPVS: using max 8 ests per chain, 19200 per kthread [ 190.202678][ T6617] usb usb5: usbfs: process 6617 (syz.1.182) did not claim interface 0 before use [ 190.303130][ T5820] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 190.421045][ T5820] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 190.446664][ T5820] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 190.484783][ T5820] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 190.503969][ T5820] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 195.920929][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.921000][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.251300][ T6626] netlink: 'syz.3.188': attribute type 1 has an invalid length. [ 197.083894][ T5821] Bluetooth: hci0: command tx timeout [ 199.630483][ T5821] Bluetooth: hci0: command tx timeout [ 201.025802][ T13] hsr_slave_0: left promiscuous mode [ 201.620527][ T13] hsr_slave_1: left promiscuous mode [ 201.651206][ T5821] Bluetooth: hci0: command tx timeout [ 201.657192][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 201.657331][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 202.115676][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 202.115705][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 203.720500][ T5821] Bluetooth: hci0: command tx timeout [ 205.205940][ T13] veth1_macvtap: left promiscuous mode [ 205.206245][ T13] veth0_macvtap: left promiscuous mode [ 205.206549][ T13] veth1_vlan: left promiscuous mode [ 205.206911][ T13] veth0_vlan: left promiscuous mode [ 206.698881][ T5120] Bluetooth: hci1: command 0x0406 tx timeout [ 206.698921][ T5120] Bluetooth: hci2: command 0x0401 tx timeout [ 206.698971][ T62] Bluetooth: hci4: command 0x0406 tx timeout [ 206.705629][ T5820] Bluetooth: hci3: command 0x0406 tx timeout [ 212.519980][ T6706] usb usb5: usbfs: process 6706 (syz.3.205) did not claim interface 0 before use [ 222.058536][ T5809] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 222.130193][ T5809] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 222.371052][ T5809] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 222.372090][ T5809] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 222.372737][ T5809] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 225.240551][ T5817] Bluetooth: hci5: command tx timeout [ 226.191994][ T5809] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 226.195363][ T5809] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 226.749165][ T5809] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 226.773049][ T5809] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 226.838709][ T5809] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 227.387017][ T5817] Bluetooth: hci5: command tx timeout [ 229.403114][ T5817] Bluetooth: hci3: command tx timeout [ 229.801000][ T5817] Bluetooth: hci5: command tx timeout [ 231.480651][ T5817] Bluetooth: hci3: command tx timeout [ 231.915923][ T5817] Bluetooth: hci5: command tx timeout [ 233.560529][ T5817] Bluetooth: hci3: command tx timeout [ 235.640767][ T5817] Bluetooth: hci3: command tx timeout [ 237.564863][ T6755] netlink: 'syz.3.219': attribute type 1 has an invalid length. [ 238.166637][ T6759] ntfs3(nullb0): Primary boot signature is not NTFS. [ 238.167118][ T6759] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 244.636293][ T6769] usb usb5: usbfs: process 6769 (syz.3.222) did not claim interface 0 before use [ 254.661714][ T5809] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 254.685952][ T5809] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 254.687254][ T5809] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 254.717435][ T5809] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 254.718383][ T5809] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 256.882683][ T5809] Bluetooth: hci6: command tx timeout [ 258.181789][ T5817] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 258.185885][ T5817] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 258.213988][ T5817] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 258.222383][ T5817] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 258.223219][ T5817] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 258.920519][ T5809] Bluetooth: hci6: command tx timeout [ 260.449132][ T5809] Bluetooth: hci7: command tx timeout [ 260.961155][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.961225][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.000472][ T5809] Bluetooth: hci6: command tx timeout [ 262.520594][ T5809] Bluetooth: hci7: command tx timeout [ 263.080498][ T5809] Bluetooth: hci6: command tx timeout [ 264.601247][ T5809] Bluetooth: hci7: command tx timeout [ 266.539105][ T5817] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 266.557015][ T5817] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 266.560740][ T5817] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 266.571469][ T5817] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 266.572236][ T5817] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 266.680420][ T5817] Bluetooth: hci7: command tx timeout [ 268.690565][ T5817] Bluetooth: hci8: command tx timeout [ 271.054552][ T5817] Bluetooth: hci8: command tx timeout [ 273.082368][ T5817] Bluetooth: hci8: command tx timeout [ 274.161136][ T13] team0 (unregistering): Port device team_slave_1 removed [ 275.160540][ T5817] Bluetooth: hci8: command tx timeout [ 280.534243][ T13] team0 (unregistering): Port device team_slave_0 removed [ 284.795658][ T5809] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 284.835852][ T5821] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 284.866636][ T5821] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 284.878220][ T5821] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 284.880230][ T5821] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 284.883411][ T5821] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 284.884265][ T5821] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 284.922503][ T5809] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 284.998283][ T5821] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 284.999047][ T5821] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 287.080422][ T5817] Bluetooth: hci9: command tx timeout [ 287.096054][ T5817] Bluetooth: hci10: command tx timeout [ 289.160444][ T5817] Bluetooth: hci10: command tx timeout [ 289.160476][ T5817] Bluetooth: hci9: command tx timeout [ 291.241265][ T5821] Bluetooth: hci10: command tx timeout [ 291.241276][ T5817] Bluetooth: hci9: command tx timeout [ 293.320416][ T5817] Bluetooth: hci10: command tx timeout [ 293.330476][ T5817] Bluetooth: hci9: command tx timeout [ 314.167104][ T5821] Bluetooth: hci0: command 0x0406 tx timeout [ 322.028905][ T5821] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 322.052700][ T5821] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 322.059384][ T5809] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 322.067720][ T5809] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 322.070997][ T5809] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 322.154918][ T5817] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 322.175502][ T5817] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 322.179486][ T5817] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 322.191088][ T5817] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 322.192856][ T5817] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 322.329160][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.329229][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 324.250750][ T5817] Bluetooth: hci12: command tx timeout [ 324.290841][ T5817] Bluetooth: hci11: command tx timeout [ 326.280392][ T5817] Bluetooth: hci12: command tx timeout [ 326.360361][ T5817] Bluetooth: hci11: command tx timeout [ 328.370370][ T5817] Bluetooth: hci12: command tx timeout [ 328.440595][ T5817] Bluetooth: hci11: command tx timeout [ 330.519962][ T5817] Bluetooth: hci12: command tx timeout [ 330.538224][ T5817] Bluetooth: hci11: command tx timeout [ 333.393923][ T5821] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 333.544164][ T5821] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 333.546950][ T5821] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 333.549172][ T5821] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 333.550004][ T5821] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 335.722513][ T5821] Bluetooth: hci13: command tx timeout [ 337.800513][ T5821] Bluetooth: hci13: command tx timeout [ 339.880457][ T5821] Bluetooth: hci13: command tx timeout [ 341.960416][ T5821] Bluetooth: hci13: command tx timeout [ 342.550057][ T5817] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 342.564398][ T5817] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 342.588942][ T5817] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 342.634037][ T5817] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 342.634868][ T5817] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 345.076599][ T5821] Bluetooth: hci1: command tx timeout [ 345.972217][ T5817] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 345.974821][ T5817] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 345.975987][ T5817] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 345.976961][ T5817] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 345.977658][ T5817] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 347.320436][ T5821] Bluetooth: hci1: command tx timeout [ 348.040530][ T5821] Bluetooth: hci14: command tx timeout [ 349.400432][ T5821] Bluetooth: hci1: command tx timeout [ 350.021718][ T5821] Bluetooth: hci5: command 0x0406 tx timeout [ 350.062174][ T5821] Bluetooth: hci3: command 0x0406 tx timeout [ 350.126700][ T5821] Bluetooth: hci14: command tx timeout [ 351.493407][ T5817] Bluetooth: hci1: command tx timeout [ 352.211611][ T5809] Bluetooth: hci14: command tx timeout [ 354.280590][ T5809] Bluetooth: hci14: command tx timeout [ 382.109642][ T5817] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 382.129054][ T5817] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 382.154679][ T5817] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 382.164215][ T5817] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 382.165402][ T5817] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 383.043428][ T5817] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 383.199145][ T5817] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 383.380552][ T5817] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 383.391129][ T5817] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 383.391928][ T5817] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 383.728627][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.728735][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.004947][ T5817] Bluetooth: hci0: command tx timeout [ 385.482185][ T5817] Bluetooth: hci3: command tx timeout [ 385.824490][ T6814] chnl_net:caif_netlink_parms(): no params data found [ 386.448454][ T6824] chnl_net:caif_netlink_parms(): no params data found [ 387.085023][ T5817] Bluetooth: hci0: command tx timeout [ 387.560527][ T5817] Bluetooth: hci3: command tx timeout [ 389.170291][ T5817] Bluetooth: hci0: command tx timeout [ 389.660421][ T5817] Bluetooth: hci3: command tx timeout [ 391.271687][ T5817] Bluetooth: hci0: command tx timeout [ 391.720549][ T5817] Bluetooth: hci3: command tx timeout [ 392.391770][ T5809] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 392.394617][ T5809] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 392.417243][ T5809] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 392.424244][ T5809] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 392.425108][ T5809] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 392.579294][ T6820] chnl_net:caif_netlink_parms(): no params data found [ 394.523811][ T5809] Bluetooth: hci4: command tx timeout [ 396.600459][ T5809] Bluetooth: hci4: command tx timeout [ 398.920501][ T5809] Bluetooth: hci4: command tx timeout [ 401.000668][ T38] INFO: task syz.0.220:6759 blocked for more than 143 seconds. [ 401.000692][ T38] Not tainted syzkaller #0 [ 401.000703][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 401.000712][ T38] task:syz.0.220 state:D stack:26632 pid:6759 tgid:6757 ppid:5803 task_flags:0x400140 flags:0x00080002 [ 401.000777][ T38] Call Trace: [ 401.000788][ T38] [ 401.000801][ T38] __schedule+0x145f/0x5070 [ 401.000862][ T38] ? __pfx___schedule+0x10/0x10 [ 401.000899][ T38] ? schedule+0x91/0x360 [ 401.000927][ T38] schedule+0x165/0x360 [ 401.000956][ T38] futex_hash_allocate+0x773/0xe80 [ 401.000992][ T38] ? __pfx_futex_hash_allocate+0x10/0x10 [ 401.001019][ T38] ? __pfx_var_wake_function+0x10/0x10 [ 401.001054][ T38] __se_sys_prctl+0x9f1/0x1830 [ 401.001085][ T38] ? __pfx___se_sys_prctl+0x10/0x10 [ 401.001118][ T38] ? __x64_sys_prctl+0x20/0xc0 [ 401.001146][ T38] do_syscall_64+0xec/0xf80 [ 401.001165][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.001190][ T38] ? clear_bhb_loop+0x60/0xb0 [ 401.001213][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.001232][ T38] RIP: 0033:0x7f42a55df749 [ 401.001254][ T38] RSP: 002b:00007f42a381d038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 401.001274][ T38] RAX: ffffffffffffffda RBX: 00007f42a5836090 RCX: 00007f42a55df749 [ 401.001289][ T38] RDX: 0000000000004000 RSI: 0000000000000001 RDI: 000000000000004e [ 401.001300][ T38] RBP: 00007f42a5663f91 R08: 0000000000000000 R09: 0000000000000000 [ 401.001313][ T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 401.001324][ T38] R13: 00007f42a5836128 R14: 00007f42a5836090 R15: 00007ffedbdbc988 [ 401.001356][ T38] [ 401.001364][ T38] INFO: task syz.0.220:6760 blocked for more than 143 seconds. [ 401.001377][ T38] Not tainted syzkaller #0 [ 401.001387][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 401.001394][ T38] task:syz.0.220 state:D stack:28128 pid:6760 tgid:6757 ppid:5803 task_flags:0x400040 flags:0x00080002 [ 401.001444][ T38] Call Trace: [ 401.001450][ T38] [ 401.001462][ T38] __schedule+0x145f/0x5070 [ 401.001517][ T38] ? __pfx___schedule+0x10/0x10 [ 401.001553][ T38] ? schedule+0x91/0x360 [ 401.001582][ T38] schedule+0x165/0x360 [ 401.001610][ T38] futex_hash_allocate+0x773/0xe80 [ 401.001645][ T38] ? __pfx_futex_hash_allocate+0x10/0x10 [ 401.001673][ T38] ? __pfx_var_wake_function+0x10/0x10 [ 401.001707][ T38] __se_sys_prctl+0x9f1/0x1830 [ 401.001736][ T38] ? __pfx___se_sys_prctl+0x10/0x10 [ 401.001768][ T38] ? __x64_sys_prctl+0x20/0xc0 [ 401.001797][ T38] do_syscall_64+0xec/0xf80 [ 401.001814][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.001833][ T38] ? clear_bhb_loop+0x60/0xb0 [ 401.001856][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.001874][ T38] RIP: 0033:0x7f42a55df749 [ 401.001889][ T38] RSP: 002b:00007f42a37fc038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 401.001908][ T38] RAX: ffffffffffffffda RBX: 00007f42a5836180 RCX: 00007f42a55df749 [ 401.001922][ T38] RDX: 0000000000004000 RSI: 0000000000000001 RDI: 000000000000004e [ 401.001933][ T38] RBP: 00007f42a5663f91 R08: 0000000000000000 R09: 0000000000000000 [ 401.001945][ T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 401.001956][ T38] R13: 00007f42a5836218 R14: 00007f42a5836180 R15: 00007ffedbdbc988 [ 401.001988][ T38] [ 401.002014][ T38] [ 401.002014][ T38] Showing all locks held in the system: [ 401.002023][ T38] 4 locks held by kworker/u8:1/13: [ 401.002034][ T38] #0: ffff888019ad4938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 [ 401.002086][ T38] #1: ffffc90000127bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 [ 401.002132][ T38] #2: ffffffff8e898720 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x7b0 [ 401.002184][ T38] #3: ffffffff8d5b43b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 401.002230][ T38] 7 locks held by ktimers/0/16: [ 401.002241][ T38] 4 locks held by rcuc/0/20: [ 401.002252][ T38] 4 locks held by rcuc/1/28: [ 401.002263][ T38] 1 lock held by khungtaskd/38: [ 401.002273][ T38] #0: ffffffff8d5ae940 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 401.002336][ T38] 3 locks held by kworker/u8:11/1403: [ 401.002347][ T38] #0: ffff88813ff69938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 [ 401.002397][ T38] #1: ffffc900056afbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 [ 401.002442][ T38] #2: ffffffff8e8a5838 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 401.002504][ T38] 5 locks held by dhcpcd/5467: [ 401.002515][ T38] 2 locks held by getty/5568: [ 401.002526][ T38] #0: ffff88814df140a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 401.002574][ T38] #1: ffffc90003e7e2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x44f/0x1460 [ 401.002618][ T38] 1 lock held by syz-executor/5791: [ 401.002629][ T38] #0: ffffffff8d20c0a8 (tasklist_lock){++++}-{3:3}, at: __do_wait+0xe1/0x740 [ 401.002680][ T38] 1 lock held by syz-executor/5804: [ 401.002690][ T38] #0: ffffffff8d5b43b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 401.002742][ T38] 1 lock held by syz-executor/6217: [ 401.002752][ T38] #0: ffffffff8d5b43b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 401.002798][ T38] 1 lock held by syz.2.195/6665: [ 401.002808][ T38] #0: ffffffff8d5b43b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 401.002852][ T38] 1 lock held by syz.3.224/6775: [ 401.002862][ T38] #0: ffffffff8d5b43b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 401.002907][ T38] 1 lock held by syz-executor/6806: [ 401.002917][ T38] #0: ffffffff8d5b43b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 401.002960][ T38] 1 lock held by syz-executor/6807: [ 401.002971][ T38] #0: ffffffff8d5b43b0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 401.003015][ T38] 3 locks held by syz-executor/6814: [ 401.003025][ T38] 4 locks held by syz-executor/6818: [ 401.003036][ T38] 2 locks held by syz-executor/6820: [ 401.003047][ T38] #0: ffffffff8edd0fc8 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 401.003097][ T38] #1: ffffffff8e8a5838 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8ec/0x1c90 [ 401.003142][ T38] 2 locks held by syz-executor/6824: [ 401.003152][ T38] #0: ffffffff8e02f308 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 401.003209][ T38] #1: ffffffff8e8a5838 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8ec/0x1c90 [ 401.003253][ T38] 2 locks held by syz-executor/6868: [ 401.003264][ T38] #0: ffffffff8e898720 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570 [ 401.003307][ T38] #1: ffffffff8e8a5838 (rtnl_mutex){+.+.}-{4:4}, at: ip_tunnel_init_net+0x2ab/0x800 [ 401.003355][ T38] 2 locks held by syz-executor/6871: [ 401.003365][ T38] #0: ffffffff8e898720 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570 [ 401.003408][ T38] #1: ffffffff8e8a5838 (rtnl_mutex){+.+.}-{4:4}, at: ip_tunnel_init_net+0x2ab/0x800 [ 401.003454][ T38] 1 lock held by syz-executor/6887: [ 401.003465][ T38] #0: ffffffff8e8a5838 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 401.003510][ T38] [ 401.003515][ T38] ============================================= [ 401.003515][ T38] [ 401.003529][ T38] NMI backtrace for cpu 1 [ 401.003548][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 401.003569][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 401.003580][ T38] Call Trace: [ 401.003587][ T38] [ 401.003594][ T38] dump_stack_lvl+0xe8/0x150 [ 401.003620][ T38] nmi_cpu_backtrace+0x274/0x2d0 [ 401.003643][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 401.003666][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 401.003692][ T38] sys_info+0x135/0x170 [ 401.003711][ T38] watchdog+0xf95/0xfe0 [ 401.003737][ T38] ? watchdog+0x20a/0xfe0 [ 401.003764][ T38] kthread+0x711/0x8a0 [ 401.003791][ T38] ? __pfx_watchdog+0x10/0x10 [ 401.003810][ T38] ? __pfx_kthread+0x10/0x10 [ 401.003831][ T38] ? rt_spin_unlock+0x150/0x200 [ 401.003859][ T38] ? rt_spin_unlock+0x161/0x200 [ 401.003880][ T38] ? __pfx_kthread+0x10/0x10 [ 401.003905][ T38] ret_from_fork+0x510/0xa50 [ 401.003927][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 401.003945][ T38] ? __switch_to+0xc9e/0x1480 [ 401.003975][ T38] ? __pfx_kthread+0x10/0x10 [ 401.004001][ T38] ret_from_fork_asm+0x1a/0x30 [ 401.004041][ T38] [ 401.004048][ T38] Sending NMI from CPU 1 to CPUs 0: [ 401.004077][ C0] NMI backtrace for cpu 0 [ 401.004090][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 401.004110][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 401.004120][ C0] RIP: 0010:check_preemption_disabled+0x22/0xe0 [ 401.004142][ C0] Code: 90 90 90 90 90 90 90 90 55 41 57 41 56 53 65 8b 05 77 64 e1 06 65 8b 0d 6c 64 e1 06 f7 c1 ff ff ff 7f 74 0c 5b 41 5e 41 5f 5d c9 a3 03 00 cc 9c 59 f7 c1 00 02 00 00 74 ea 65 4c 8b 3c 25 08 [ 401.004156][ C0] RSP: 0018:ffffc90000156d18 EFLAGS: 00000046 [ 401.004171][ C0] RAX: 0000000000000000 RBX: ffffffff8ad5124a RCX: 0000000000000046 [ 401.004182][ C0] RDX: 0000000000000004 RSI: ffffffff8ce5761b RDI: ffffffff8b3f57e0 [ 401.004194][ C0] RBP: ffffc90000156e48 R08: ffffffff8ad3e001 R09: ffffffff8d5ae940 [ 401.004208][ C0] R10: 0000000000000000 R11: fffffbfff1db668f R12: dffffc0000000000 [ 401.004220][ C0] R13: ffff8880b8846400 R14: ffff8880b8846400 R15: 1ffff9200002adb4 [ 401.004233][ C0] FS: 0000000000000000(0000) GS:ffff888126cef000(0000) knlGS:0000000000000000 [ 401.004247][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 401.004259][ C0] CR2: 00007f7b223f5fd1 CR3: 0000000039c2e000 CR4: 00000000003526f0 [ 401.004275][ C0] Call Trace: [ 401.004281][ C0] [ 401.004287][ C0] lockdep_hardirqs_off+0x8e/0xd0 [ 401.004303][ C0] ? _raw_spin_lock_irqsave+0x1a/0x60 [ 401.004319][ C0] trace_hardirqs_off+0x12/0x40 [ 401.004338][ C0] _raw_spin_lock_irqsave+0x1a/0x60 [ 401.004354][ C0] rt_mutex_slowunlock+0xb0/0x8a0 [ 401.004375][ C0] ? rt_spin_lock+0x1c1/0x3e0 [ 401.004397][ C0] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 401.004422][ C0] ? rt_spin_unlock+0x161/0x200 [ 401.004444][ C0] ___slab_alloc+0x87a/0x13e0 [ 401.004463][ C0] ? rt_mutex_slowunlock+0x493/0x8a0 [ 401.004484][ C0] ? rt_spin_lock+0x1c1/0x3e0 [ 401.004504][ C0] ? __alloc_skb+0x1dc/0x3a0 [ 401.004524][ C0] __slab_alloc+0xc6/0x1f0 [ 401.004540][ C0] ? __alloc_skb+0x1dc/0x3a0 [ 401.004558][ C0] ? __alloc_skb+0x1dc/0x3a0 [ 401.004574][ C0] kmem_cache_alloc_node_noprof+0x1b6/0x6f0 [ 401.004596][ C0] ? __alloc_skb+0x1dc/0x3a0 [ 401.004612][ C0] ? lockdep_hardirqs_on+0x7b/0x110 [ 401.004628][ C0] ? __alloc_skb+0x198/0x3a0 [ 401.004646][ C0] __alloc_skb+0x1dc/0x3a0 [ 401.004664][ C0] synproxy_send_client_synack+0x16c/0xe20 [ 401.004695][ C0] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 401.004719][ C0] ? nft_log_eval+0x550/0xab0 [ 401.004740][ C0] ? synproxy_pernet+0x45/0x270 [ 401.004761][ C0] nft_synproxy_eval_v4+0x36e/0x560 [ 401.004782][ C0] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 401.004801][ C0] ? nf_ip_checksum+0x13c/0x510 [ 401.004820][ C0] nft_synproxy_do_eval+0x345/0x570 [ 401.004841][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 401.004859][ C0] ? __pfx___ip_vs_conn_in_get+0x10/0x10 [ 401.004877][ C0] ? ip_vs_conn_out_get+0xa16/0xa70 [ 401.004899][ C0] nft_do_chain+0x40c/0x1920 [ 401.004922][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 401.004960][ C0] ? __pfx_ip_vs_in_hook+0x10/0x10 [ 401.004982][ C0] nft_do_chain_inet+0x25d/0x340 [ 401.004999][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 401.005020][ C0] ? NF_HOOK+0x9a/0x3a0 [ 401.005041][ C0] ? NF_HOOK+0x9a/0x3a0 [ 401.005061][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 401.005079][ C0] nf_hook_slow+0xc5/0x220 [ 401.005104][ C0] NF_HOOK+0x206/0x3a0 [ 401.005125][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 401.005146][ C0] ? NF_HOOK+0x9a/0x3a0 [ 401.005165][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 401.005183][ C0] ? ip_rcv_finish_core+0xda3/0x1c00 [ 401.005205][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 401.005227][ C0] ? skb_dst+0x4f/0xd0 [ 401.005247][ C0] ? ip_local_deliver+0x12a/0x1b0 [ 401.005269][ C0] NF_HOOK+0x30c/0x3a0 [ 401.005290][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 401.005310][ C0] ? NF_HOOK+0x9a/0x3a0 [ 401.005329][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 401.005350][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 401.005375][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 401.005394][ C0] __netif_receive_skb+0x143/0x380 [ 401.005413][ C0] ? process_backlog+0x272/0x8f0 [ 401.005431][ C0] process_backlog+0x315/0x8f0 [ 401.005454][ C0] __napi_poll+0xae/0x520 [ 401.005471][ C0] net_rx_action+0x64a/0xdb0 [ 401.005488][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 401.005511][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 401.005537][ C0] ? __local_bh_disable_ip+0x3c/0x420 [ 401.005561][ C0] handle_softirqs+0x1df/0x650 [ 401.005584][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 401.005603][ C0] run_ktimerd+0x69/0x100 [ 401.005624][ C0] smpboot_thread_fn+0x542/0xa60 [ 401.005644][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 401.005668][ C0] kthread+0x711/0x8a0 [ 401.005691][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 401.005711][ C0] ? __pfx_kthread+0x10/0x10 [ 401.005731][ C0] ? rt_spin_unlock+0x150/0x200 [ 401.005754][ C0] ? rt_spin_unlock+0x161/0x200 [ 401.005773][ C0] ? __pfx_kthread+0x10/0x10 [ 401.005795][ C0] ret_from_fork+0x510/0xa50 [ 401.005814][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 401.005831][ C0] ? __switch_to+0xc9e/0x1480 [ 401.005856][ C0] ? __pfx_kthread+0x10/0x10 [ 401.005879][ C0] ret_from_fork_asm+0x1a/0x30 [ 401.005910][ C0] [ 401.006079][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 401.006097][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 401.006118][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 401.006129][ T38] Call Trace: [ 401.006136][ T38] [ 401.006144][ T38] vpanic+0x1e0/0x670 [ 401.006172][ T38] panic+0xb9/0xc0 [ 401.006200][ T38] ? __pfx_panic+0x10/0x10 [ 401.006233][ T38] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 401.006260][ T38] watchdog+0xfdf/0xfe0 [ 401.006285][ T38] ? watchdog+0x20a/0xfe0 [ 401.006312][ T38] kthread+0x711/0x8a0 [ 401.006339][ T38] ? __pfx_watchdog+0x10/0x10 [ 401.006358][ T38] ? __pfx_kthread+0x10/0x10 [ 401.006380][ T38] ? rt_spin_unlock+0x150/0x200 [ 401.006408][ T38] ? rt_spin_unlock+0x161/0x200 [ 401.006429][ T38] ? __pfx_kthread+0x10/0x10 [ 401.006454][ T38] ret_from_fork+0x510/0xa50 [ 401.006476][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 401.006495][ T38] ? __switch_to+0xc9e/0x1480 [ 401.006524][ T38] ? __pfx_kthread+0x10/0x10 [ 401.006550][ T38] ret_from_fork_asm+0x1a/0x30 [ 401.006590][ T38] [ 401.007014][ T38] Kernel Offset: disabled