last executing test programs: 5.28020684s ago: executing program 1 (id=26): r0 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_GET_FEATURE(r0, &(0x7f0000004600)={0x0, 0x0, &(0x7f00000045c0)={&(0x7f0000004580)={0x10, 0x3fb, 0x400, 0x70bd26, 0x25dfdbff}, 0x10}, 0x1, 0x0, 0x0, 0x40010}, 0x20000010) 5.280008533s ago: executing program 1 (id=27): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000d80)={{}, 0x0, 0x0}, 0x20) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000700)={0x14, 0x2e, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000140)='./file1\x00', &(0x7f0000000000), 0x0, 0xfe37, 0x0) 4.529780678s ago: executing program 2 (id=31): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20) r1 = accept4$alg(r0, 0x0, 0x0, 0x80000) io_setup(0xe0, &(0x7f0000000040)=0x0) sendmsg$alg(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000080)="6bf8b5b4b98699c3d3314cdcbd30b296", 0x10}], 0x1, &(0x7f0000000240)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x881}, 0x404c804) io_submit(r2, 0x1, &(0x7f0000000100)=[&(0x7f00000004c0)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r1, &(0x7f00000005c0)=':', 0x1}]) 4.380005849s ago: executing program 2 (id=32): syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @loopback, @loopback}}}}}}, 0x0) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000240)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0xffffffffffffff6b, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48) 4.319955586s ago: executing program 1 (id=35): bpf$MAP_CREATE(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) madvise(&(0x7f00002e5000/0x400000)=nil, 0x400000, 0xf) madvise(&(0x7f0000000000/0x800000)=nil, 0x800002, 0xe) keyctl$join(0x1, 0x0) keyctl$session_to_parent(0x12) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000740)=ANY=[@ANYRES64], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @sched_cls=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) r2 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x3, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x2, @loopback}}}, 0x108) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'veth0_to_hsr\x00'}) close(r2) 4.259992043s ago: executing program 1 (id=38): bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r4, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r4, 0x84, 0x6d, &(0x7f0000000240)={0x0, 0x13, "d656c9a61490b7e8773ca55437fa234c0170c8"}, 0x0) 4.118371699s ago: executing program 2 (id=40): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f00000000c0)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000180)='./file1\x00', 0x0, 0x0, 0x0, 0x2) r1 = openat$urandom(0xffffffffffffff9c, 0x0, 0x2000, 0x0) ioctl$RNDADDENTROPY(r1, 0x40085203, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) add_key$fscrypt_v1(&(0x7f00000002c0), 0x0, &(0x7f0000000440)={0x0, "8527d2100090af54bfbca283be11c0de7af30e90937920fcba13d90af61beaa44d66a6535daf1bc35fb3af1e9197e31d26589d073c10184095fb00", 0x14}, 0x48, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_open_procfs$pagemap(r2, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = semget$private(0x0, 0x6, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00') getdents(r7, 0x0, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="940000000009030000000000000000000a0000070c0004800800014000000ec65400020006000340000000002c000180140003002001000000000000000000000000000014000400fe80000000000000000000000000003f0c0002800500010001000000060003400001000006000340000300000c00048008000140000000040900010073797a3100000000080005"], 0x94}, 0x1, 0x0, 0x0, 0x8000}, 0x20000080) semctl$IPC_RMID(r5, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs2/custom1\x00', 0x800, 0x0) 3.998632655s ago: executing program 0 (id=41): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) syz_clone(0x1144280, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x395e000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 3.159471755s ago: executing program 1 (id=43): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000200)={@val={0xa}, @void, @eth={@multicast, @remote, @void, {@ipv6={0x86dd, @udp={0xd, 0x6, '\x00 \x00', 0x18, 0x11, 0xff, @empty, @mcast2, {[], {0x4f19, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0xb, 0x10000}}}}}}}}, 0x52) 2.719103953s ago: executing program 1 (id=44): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000030c0), 0x0) r1 = syz_usb_connect(0x0, 0x36, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000b, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$inet(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, 0x0, 0x0) syz_usb_ep_write$ath9k_ep2(r1, 0x83, 0x3b, 0x0) syz_open_dev$evdev(&(0x7f0000000080), 0xfefffffa, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000000)={0x3, 0x0, 0x0, 0x0, 0x7fffffff}) syz_emit_ethernet(0x3e, &(0x7f0000000080)={@local, @multicast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "3000bb", 0x8, 0x2b, 0x0, @local, @local, {[], {0x4e22, 0x0, 0x8}}}}}}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000100)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x7fff, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4}, 0x50) r6 = accept4$unix(0xffffffffffffffff, 0x0, &(0x7f0000000380), 0x800) ioctl$F2FS_IOC_SEC_TRIM_FILE(r6, 0x4018f514, 0x0) open(0x0, 0xc40, 0x0) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) 2.579599896s ago: executing program 0 (id=45): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x2000000008b}, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socket(0x1, 0x3, 0x0) splice(r2, 0x0, r3, 0x0, 0x80, 0x4) timer_settime(r1, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) 1.799992006s ago: executing program 2 (id=51): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, 0x0, 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r4 = fanotify_init(0xf00, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) fanotify_mark(r4, 0x1, 0x5000003a, r3, 0x0) open(&(0x7f0000000300)='.\x00', 0x0, 0x0) 1.720041208s ago: executing program 0 (id=52): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) r0 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000480)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1) 727.545011ms ago: executing program 3 (id=55): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000007c0)={0x1, 0x0, [{0xd, 0xf5, 0xb930, 0x4, 0x9}]}) 727.369614ms ago: executing program 0 (id=56): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0xc, &(0x7f0000000100)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x6}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x74, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0x0, 0x0, 0x0, 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50) 639.8812ms ago: executing program 0 (id=57): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20) r1 = accept4$alg(r0, 0x0, 0x0, 0x80000) io_setup(0x6, &(0x7f0000000100)=0x0) io_submit(r2, 0x1, &(0x7f0000000580)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x3ff, r1, &(0x7f0000000000)='e', 0x1}]) sendmmsg$alg(r1, &(0x7f0000000cc0)=[{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000d40)="c2db", 0x2}], 0x1, 0x0, 0x0, 0x4}], 0x1, 0x0) 639.577722ms ago: executing program 3 (id=58): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000040)={[0x4, 0x2, 0xe9b, 0xc, 0xd, 0x7f, 0x44233, 0x7, 0x81, 0x941, 0x8001, 0x1005, 0xc, 0x5, 0x0, 0xfffffdfffffffffd], 0x2, 0x80300}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 539.775299ms ago: executing program 2 (id=59): r0 = fsopen(&(0x7f0000000300)='debugfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x124) r3 = fanotify_init(0x1, 0x1000) fanotify_mark(r3, 0x141, 0x40001029, r2, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) 479.888083ms ago: executing program 3 (id=60): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000200)={0x1, &(0x7f0000000500)=[{0x6, 0x4, 0x40, 0x7fff0000}]}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) dup(r0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x44}}, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x5, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x1c, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 479.557633ms ago: executing program 0 (id=61): syz_open_dev$vcsn(&(0x7f0000000000), 0x8000, 0x141040) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x404000c}, 0x40000) r0 = socket$igmp6(0xa, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_SIOCINQ(r4, 0x541b, &(0x7f0000000180)) r5 = socket$inet6(0xa, 0x80002, 0x0) sendmsg$sock(r5, &(0x7f0000000780)={&(0x7f0000000300)=@in6={0xa, 0x4e21, 0x41d, @ipv4={'\x00', '\xff\xff', @private=0xa010105}, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000000040)=[@mark={{0x10, 0x1, 0x24, 0x800}}, @mark={{0x10, 0x1, 0x51, 0x108}}], 0x20}, 0x80) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x5, &(0x7f0000000300)=ANY=[@ANYRES32=r0], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071100000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) socket(0x15, 0x5, 0x0) 337.674689ms ago: executing program 2 (id=62): bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) madvise(&(0x7f00002e5000/0x400000)=nil, 0x400000, 0xf) madvise(&(0x7f0000000000/0x800000)=nil, 0x800002, 0xe) keyctl$join(0x1, 0x0) keyctl$session_to_parent(0x12) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x48) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r4}, &(0x7f0000000540), &(0x7f0000000580)=r5}, 0x20) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="b7836f1c1b5be19805e133cc73fc5944bcec8171ae27"], 0x28}}, 0x0) r7 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r7, 0x29, 0x2e, &(0x7f0000000540)={0x1, {{0xa, 0x0, 0x0, @mcast1, 0x6}}, {{0xa, 0xfffe, 0x3fe00, @initdev={0xfe, 0x88, '\x00', 0xde, 0x0}, 0x3}}}, 0x108) setsockopt$inet6_group_source_req(r7, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x3, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x2, @loopback}}}, 0x108) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'veth0_to_hsr\x00'}) close(r7) 337.527402ms ago: executing program 3 (id=63): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x21000, 0x0) ioctl$TIOCMIWAIT(r0, 0x545c, 0x300fff2) 218.264337ms ago: executing program 3 (id=64): bpf$MAP_CREATE(0xb00000000000014, 0x0, 0x48) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x0, 0x2, 0x180, 0x5, 0x4, 0xf1, 0x50, 0x12, 0x2, 0x0, 0x29, 0x0, 0x6, 0x0, 0xbdb], 0xd000, 0x43102}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = eventfd(0xf3) r5 = eventfd2(0xd, 0x1) r6 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r6, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0xff}, 0x7}, 0x1c) shutdown(r6, 0x1) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000080)={0x0, 0x6}, &(0x7f00000000c0)=0xc) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f00000000c0)={r4, 0x3b, 0x2, r5}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000003c0)={[0x4, 0x1000000000, 0x0, 0x10043, 0x2000001, 0x3, 0x2004cb, 0x0, 0x1000007, 0xd2, 0x2, 0x9, 0x3, 0x0, 0x7], 0xeeee8000, 0x202}) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x2000, 0xeeee0000, 0x8, 0x8, 0xb, 0xe4, 0x40, 0x0, 0x0, 0x2e, 0x80}, {0x5000, 0x4000, 0x3, 0x0, 0x42, 0x5, 0x5, 0x6, 0x5, 0x5, 0x2, 0x89}, {0x6000, 0x1, 0xe, 0x5, 0x3, 0x7, 0x0, 0x7, 0x3, 0xa4, 0x5, 0x5}, {0x1, 0xf000, 0xd, 0x6, 0x4, 0x42, 0xb, 0xff, 0x2, 0x7, 0xe}, {0xeeee0000, 0xd000, 0xf, 0x3, 0x15, 0x7, 0xab, 0x8, 0x9, 0x83, 0xf7, 0x83}, {0x1000, 0xc000, 0x9, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x82, 0xf, 0x1, 0x7}, {0xeeef0000, 0xeeef0000, 0x4, 0x5, 0x7, 0x15, 0x7, 0x3, 0x9, 0x81, 0x40, 0x70}, {0xd000, 0x4000, 0x4, 0x5, 0xcd, 0x7, 0x1, 0x9, 0x2, 0xc, 0xb0, 0x9}, {0x3000, 0x30}, {0x8000000, 0x7}, 0x80010000, 0x0, 0x0, 0x2024, 0x0, 0x1500, 0x3000, [0x9, 0x204, 0x5b, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 0s ago: executing program 3 (id=65): r0 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x142ba3) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe) r2 = getpgrp(0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1b5cb000) r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) sendmmsg$sock(r1, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/address_bits', 0xb883, 0xb2) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000000)={r6, 0x0, {0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0xf, 0x18, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f9858c1a7bedabd69098c8b534464c516bdd8a0f35", "32d8cc26f7063deb2076fc06c89f3d9e234b30d50997b0ffffffff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "678ca55ba139cc1802c4dae4162e43ac61b7ad3300", [0x2, 0x2c0]}}) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SCROLLCONSOLE(r7, 0x541c, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r6) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000000c0)={'pim6reg1\x00', 0x2}) ioctl$TUNSETLINK(r8, 0x400454cd, 0x339) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000200)={'macvlan0\x00', @link_local}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2b}, [@call={0x85, 0x0, 0x0, 0x50}, @printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}, {0x85, 0x0, 0x0, 0x17}}]}, 0x0}, 0x94) socket$inet6_udp(0xa, 0x2, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:40265' (ED25519) to the list of known hosts. [ 48.281532][ T5915] cgroup: Unknown subsys name 'net' [ 48.411309][ T5915] cgroup: Unknown subsys name 'cpuset' [ 48.416805][ T5915] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 49.463224][ T5915] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 52.996560][ T5949] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 52.999503][ T5945] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 52.999589][ T5949] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 53.002811][ T5945] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 53.005707][ T5949] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 53.008321][ T5945] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 53.010549][ T5949] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 53.013301][ T5945] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 53.015706][ T5949] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 53.017445][ T5945] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 53.019051][ T5951] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 53.020002][ T5951] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 53.020010][ T5949] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 53.021551][ T5949] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 53.022784][ T5945] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 53.023359][ T5945] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 53.024565][ T5943] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 53.039307][ T5945] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 53.043572][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 53.049403][ T64] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 53.275844][ T5935] chnl_net:caif_netlink_parms(): no params data found [ 53.384373][ T5940] chnl_net:caif_netlink_parms(): no params data found [ 53.414175][ T5937] chnl_net:caif_netlink_parms(): no params data found [ 53.474946][ T5935] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.478130][ T5935] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.480506][ T5935] bridge_slave_0: entered allmulticast mode [ 53.483247][ T5935] bridge_slave_0: entered promiscuous mode [ 53.536862][ T5935] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.540085][ T5935] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.543309][ T5935] bridge_slave_1: entered allmulticast mode [ 53.547278][ T5935] bridge_slave_1: entered promiscuous mode [ 53.557212][ T5937] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.559605][ T5937] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.561856][ T5937] bridge_slave_0: entered allmulticast mode [ 53.564530][ T5937] bridge_slave_0: entered promiscuous mode [ 53.576476][ T5937] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.578837][ T5937] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.581871][ T5937] bridge_slave_1: entered allmulticast mode [ 53.584753][ T5937] bridge_slave_1: entered promiscuous mode [ 53.606581][ T5934] chnl_net:caif_netlink_parms(): no params data found [ 53.649711][ T5935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.664624][ T5937] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.672293][ T5940] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.674576][ T5940] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.676836][ T5940] bridge_slave_0: entered allmulticast mode [ 53.679606][ T5940] bridge_slave_0: entered promiscuous mode [ 53.684344][ T5935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.689357][ T5937] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.695647][ T5940] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.698482][ T5940] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.700777][ T5940] bridge_slave_1: entered allmulticast mode [ 53.703453][ T5940] bridge_slave_1: entered promiscuous mode [ 53.736178][ T5935] team0: Port device team_slave_0 added [ 53.739526][ T5937] team0: Port device team_slave_0 added [ 53.742727][ T5935] team0: Port device team_slave_1 added [ 53.764952][ T5937] team0: Port device team_slave_1 added [ 53.779635][ T5940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.783685][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.785976][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.795251][ T5935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.799896][ T5934] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.802425][ T5934] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.804819][ T5934] bridge_slave_0: entered allmulticast mode [ 53.807528][ T5934] bridge_slave_0: entered promiscuous mode [ 53.812370][ T5934] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.814679][ T5934] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.817005][ T5934] bridge_slave_1: entered allmulticast mode [ 53.820385][ T5934] bridge_slave_1: entered promiscuous mode [ 53.830676][ T5940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.835010][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.837264][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.845471][ T5935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.858363][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.860600][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.870676][ T5937] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.884733][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.886955][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.895065][ T5937] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.912069][ T5934] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.924017][ T5934] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.945207][ T5934] team0: Port device team_slave_0 added [ 53.948005][ T5940] team0: Port device team_slave_0 added [ 53.967624][ T5937] hsr_slave_0: entered promiscuous mode [ 53.970264][ T5937] hsr_slave_1: entered promiscuous mode [ 53.973847][ T5934] team0: Port device team_slave_1 added [ 53.976679][ T5940] team0: Port device team_slave_1 added [ 53.990519][ T5935] hsr_slave_0: entered promiscuous mode [ 53.992828][ T5935] hsr_slave_1: entered promiscuous mode [ 53.995454][ T5935] debugfs: 'hsr0' already exists in 'hsr' [ 53.997518][ T5935] Cannot create hsr debugfs directory [ 54.024212][ T5934] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.026468][ T5934] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.034421][ T5934] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.045099][ T5934] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.047245][ T5934] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.055092][ T5934] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.072024][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.075034][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.083369][ T5940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.094905][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.097058][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.105188][ T5940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.180039][ T5934] hsr_slave_0: entered promiscuous mode [ 54.182599][ T5934] hsr_slave_1: entered promiscuous mode [ 54.184801][ T5934] debugfs: 'hsr0' already exists in 'hsr' [ 54.186646][ T5934] Cannot create hsr debugfs directory [ 54.196916][ T5940] hsr_slave_0: entered promiscuous mode [ 54.199462][ T5940] hsr_slave_1: entered promiscuous mode [ 54.202105][ T5940] debugfs: 'hsr0' already exists in 'hsr' [ 54.204217][ T5940] Cannot create hsr debugfs directory [ 54.423796][ T5937] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 54.435243][ T5937] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 54.462839][ T5937] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 54.485094][ T5937] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 54.537040][ T5935] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 54.552298][ T5935] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 54.561937][ T5935] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 54.568292][ T5935] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 54.628483][ T5940] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 54.659091][ T5940] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 54.666932][ T5940] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 54.673415][ T5940] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 54.690991][ T5934] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 54.695156][ T5934] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 54.706640][ T5934] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 54.715327][ T5937] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.719034][ T5934] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 54.726807][ T5935] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.755288][ T5935] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.760020][ T5937] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.781058][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.783460][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.787024][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.789362][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.799756][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.802830][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.807574][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.810663][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.899330][ T5937] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.918441][ T5940] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.927822][ T5940] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.949879][ T1147] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.952113][ T1147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.955303][ T1147] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.957463][ T1147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.978724][ T5934] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.004135][ T5934] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.023153][ T5937] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.026523][ T1156] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.028761][ T1156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.036512][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.039516][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.049980][ T64] Bluetooth: hci1: command tx timeout [ 55.062593][ T5935] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.118407][ T64] Bluetooth: hci3: command tx timeout [ 55.128215][ T64] Bluetooth: hci0: command tx timeout [ 55.128250][ T5944] Bluetooth: hci2: command tx timeout [ 55.133879][ T5937] veth0_vlan: entered promiscuous mode [ 55.144114][ T5935] veth0_vlan: entered promiscuous mode [ 55.150906][ T5937] veth1_vlan: entered promiscuous mode [ 55.164053][ T5940] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.170638][ T5935] veth1_vlan: entered promiscuous mode [ 55.187349][ T5937] veth0_macvtap: entered promiscuous mode [ 55.202916][ T5935] veth0_macvtap: entered promiscuous mode [ 55.206491][ T5935] veth1_macvtap: entered promiscuous mode [ 55.210557][ T5937] veth1_macvtap: entered promiscuous mode [ 55.230435][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.234794][ T5940] veth0_vlan: entered promiscuous mode [ 55.240848][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.246294][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.252841][ T5940] veth1_vlan: entered promiscuous mode [ 55.264548][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.270644][ T1156] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.274078][ T1156] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.283174][ T1156] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.286653][ T1156] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.301496][ T1156] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.309767][ T5934] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.314427][ T1156] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.317735][ T1156] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.326441][ T1156] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.373675][ T5940] veth0_macvtap: entered promiscuous mode [ 55.383817][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.387236][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.389683][ T5940] veth1_macvtap: entered promiscuous mode [ 55.416734][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.422219][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.434773][ T1147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.443452][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.444004][ T60] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.445855][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.449479][ T1147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.466737][ T5934] veth0_vlan: entered promiscuous mode [ 55.469928][ T60] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.473507][ T60] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.500405][ T5935] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 55.501484][ T100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.507399][ T100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.511364][ T60] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.527644][ T5934] veth1_vlan: entered promiscuous mode [ 55.614773][ T5934] veth0_macvtap: entered promiscuous mode [ 55.623941][ T5934] veth1_macvtap: entered promiscuous mode [ 55.660592][ T6027] syzkaller0: entered promiscuous mode [ 55.662329][ T6027] syzkaller0: entered allmulticast mode [ 55.668815][ T1156] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.671897][ T1156] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.673753][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.713640][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.716910][ T1147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.719910][ T1147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.721498][ T1156] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.726975][ T1156] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.730087][ T1156] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.736428][ T1156] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.813138][ T1147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.816501][ T1147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.835758][ T1156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.845508][ T1156] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.918773][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 56.077753][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 56.081706][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 56.208722][ T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 56.318858][ T6053] capability: warning: `syz.3.4' uses deprecated v2 capabilities in a way that may be insecure [ 56.692045][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 56.694998][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 56.758201][ T0] NOHZ tick-stop error: local softirq work is pending, handler #210!!! [ 56.761397][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 56.763897][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 56.766571][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 56.769344][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.118090][ T5944] Bluetooth: hci1: command tx timeout [ 57.198056][ T5944] Bluetooth: hci0: command tx timeout [ 57.200003][ T5944] Bluetooth: hci3: command tx timeout [ 57.208181][ T5944] Bluetooth: hci2: command tx timeout [ 57.288837][ T53] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 58.018090][ T5976] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 58.168135][ T5976] usb 5-1: Using ep0 maxpacket: 8 [ 58.183191][ T5976] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 58.187230][ T5976] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 58.198101][ T5976] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 58.205301][ T5976] usb 5-1: config 0 descriptor?? [ 58.230661][ T5976] iowarrior 5-1:0.0: no interrupt-in endpoint found [ 58.745583][ T6080] netlink: 8 bytes leftover after parsing attributes in process `syz.1.14'. [ 58.750042][ T6080] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14'. [ 58.753764][ T6080] netlink: 'syz.1.14': attribute type 13 has an invalid length. [ 58.757108][ T6080] netlink: 'syz.1.14': attribute type 11 has an invalid length. [ 58.775958][ T6080] netlink: 40 bytes leftover after parsing attributes in process `syz.1.14'. [ 59.078077][ T53] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 59.198341][ T5944] Bluetooth: hci1: command tx timeout [ 59.228043][ T53] usb 6-1: Using ep0 maxpacket: 16 [ 59.232898][ T53] usb 6-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 59.235696][ T53] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 59.238271][ T53] usb 6-1: Product: syz [ 59.239600][ T53] usb 6-1: Manufacturer: syz [ 59.241037][ T53] usb 6-1: SerialNumber: syz [ 59.248701][ T53] usb 6-1: config 0 descriptor?? [ 59.278086][ T64] Bluetooth: hci3: command tx timeout [ 59.280638][ T5944] Bluetooth: hci2: command tx timeout [ 59.288279][ T5944] Bluetooth: hci0: command tx timeout [ 59.660605][ T53] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 59.672981][ T53] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 59.684817][ T53] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 59.692469][ T53] usb 6-1: media controller created [ 59.707390][ T53] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 59.709707][ T6094] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 59.717795][ T6094] netlink: 'syz.3.18': attribute type 25 has an invalid length. [ 59.721239][ T6094] netlink: 'syz.3.18': attribute type 7 has an invalid length. [ 59.724320][ T6094] netlink: 164 bytes leftover after parsing attributes in process `syz.3.18'. [ 59.845975][ T6098] process 'syz.3.20' launched '/dev/fd/3' with NULL argv: empty string added [ 59.854010][ T6098] overlayfs: missing 'lowerdir' [ 59.862122][ T53] zl10353_read_register: readreg error (reg=127, ret==0) [ 59.864857][ T53] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 59.879794][ T53] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 59.891033][ T53] usb 6-1: USB disconnect, device number 2 [ 59.906866][ T5948] udevd[5948]: setting owner of /dev/dvb/adapter1/dvr0 to uid=0, gid=28 failed: No such file or directory [ 59.922002][ T53] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 60.417724][ T10] usb 5-1: USB disconnect, device number 2 [ 60.722627][ T6100] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 60.728505][ T6100] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 60.740026][ T6100] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 60.749911][ T6100] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 60.752335][ T6100] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 60.756460][ T6100] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 60.761574][ T6100] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 60.763919][ T6100] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 60.769260][ T6100] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 60.773153][ T6100] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 60.775314][ T6100] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 60.780112][ T6100] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 61.104618][ T1156] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.972269][ T6161] netlink: 'syz.2.40': attribute type 1 has an invalid length. [ 61.974921][ T6161] netlink: 'syz.2.40': attribute type 2 has an invalid length. [ 62.010211][ T5944] Bluetooth: hci0: command 0x0c1a tx timeout [ 62.646335][ T6172] syz.1.43 uses obsolete (PF_INET,SOCK_PACKET) [ 62.798002][ T5944] Bluetooth: hci3: command 0x0c1a tx timeout [ 62.800070][ T5944] Bluetooth: hci2: command 0x0c1a tx timeout [ 62.801896][ T5944] Bluetooth: hci1: command 0x0c1a tx timeout [ 63.607107][ T6185] usb usb6: usbfs: interface 0 claimed by hub while 'syz.3.46' sets config #5 [ 64.078103][ T64] Bluetooth: hci0: command 0x0c1a tx timeout [ 64.888106][ T64] Bluetooth: hci1: command 0x0c1a tx timeout [ 64.890043][ T64] Bluetooth: hci2: command 0x0c1a tx timeout [ 64.891984][ T64] Bluetooth: hci3: command 0x0c1a tx timeout [ 66.008598][ T6243] loop7: detected capacity change from 0 to 6 [ 66.014235][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 66.017652][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 66.021735][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 66.024927][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 66.027600][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 66.030629][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 66.038514][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 66.041534][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 66.048204][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 66.051329][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 66.053899][ T5947] ldm_validate_partition_table(): Disk read failed. [ 66.060412][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 66.064174][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 66.128266][ T6245] [ 66.129094][ T6245] ====================================================== [ 66.131304][ T6245] WARNING: possible circular locking dependency detected [ 66.133579][ T6245] syzkaller #0 Not tainted [ 66.135097][ T6245] ------------------------------------------------------ [ 66.137271][ T6245] syz.3.65/6245 is trying to acquire lock: [ 66.139116][ T6245] ffff88801ced9a20 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0x9c/0xf0 [ 66.142292][ T6245] [ 66.142292][ T6245] but task is already holding lock: [ 66.144618][ T6245] ffff888041b3d628 (&q->q_usage_counter(io)#24){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 66.148142][ T6245] [ 66.148142][ T6245] which lock already depends on the new lock. [ 66.148142][ T6245] [ 66.151353][ T6245] [ 66.151353][ T6245] the existing dependency chain (in reverse order) is: [ 66.154120][ T6245] [ 66.154120][ T6245] -> #2 (&q->q_usage_counter(io)#24){++++}-{0:0}: [ 66.156817][ T6245] blk_alloc_queue+0x610/0x750 [ 66.158482][ T6245] blk_mq_alloc_queue+0x174/0x290 [ 66.160369][ T6245] __blk_mq_alloc_disk+0x29/0x120 [ 66.162110][ T6245] loop_add+0x498/0xb60 [ 66.163666][ T6245] loop_init+0x1d3/0x200 [ 66.165200][ T6245] do_one_initcall+0x11d/0x690 [ 66.166873][ T6245] kernel_init_freeable+0x6e5/0x790 [ 66.168661][ T6245] kernel_init+0x1f/0x1e0 [ 66.170220][ T6245] ret_from_fork+0x754/0xaf0 [ 66.171845][ T6245] ret_from_fork_asm+0x1a/0x30 [ 66.173523][ T6245] [ 66.173523][ T6245] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 66.175795][ T6245] fs_reclaim_acquire+0xc4/0x100 [ 66.177517][ T6245] kmem_cache_alloc_noprof+0x5b/0x780 [ 66.179393][ T6245] __kernfs_iattrs+0x126/0x400 [ 66.181060][ T6245] __kernfs_setattr+0x4d/0x3c0 [ 66.182724][ T6245] kernfs_iop_setattr+0xda/0x130 [ 66.184449][ T6245] notify_change+0xb25/0x12d0 [ 66.186096][ T6245] do_truncate+0x1df/0x240 [ 66.187668][ T6245] path_openat+0x29da/0x3120 [ 66.189284][ T6245] do_filp_open+0x1f7/0x420 [ 66.190885][ T6245] do_sys_openat2+0x12e/0x220 [ 66.192532][ T6245] __x64_sys_openat+0x12d/0x210 [ 66.194224][ T6245] do_syscall_64+0xc9/0xf80 [ 66.195827][ T6245] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.197831][ T6245] [ 66.197831][ T6245] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}: [ 66.200496][ T6245] __lock_acquire+0x14b8/0x2630 [ 66.202188][ T6245] lock_acquire+0x17c/0x330 [ 66.203799][ T6245] down_read+0x99/0x460 [ 66.205283][ T6245] kernfs_iop_getattr+0x9c/0xf0 [ 66.206976][ T6245] vfs_getattr_nosec+0x2d4/0x430 [ 66.208688][ T6245] vfs_getattr+0x4a/0x60 [ 66.210200][ T6245] loop_query_min_dio_size.isra.0+0x117/0x250 [ 66.212263][ T6245] lo_ioctl+0x13c0/0x1be0 [ 66.213811][ T6245] lo_compat_ioctl+0xf3/0x170 [ 66.215447][ T6245] compat_blkdev_ioctl+0x682/0x7b0 [ 66.217207][ T6245] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 66.219116][ T6245] __do_fast_syscall_32+0xde/0x660 [ 66.220884][ T6245] do_fast_syscall_32+0x32/0x70 [ 66.222569][ T6245] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 66.224698][ T6245] [ 66.224698][ T6245] other info that might help us debug this: [ 66.224698][ T6245] [ 66.227858][ T6245] Chain exists of: [ 66.227858][ T6245] &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#24 [ 66.227858][ T6245] [ 66.232301][ T6245] Possible unsafe locking scenario: [ 66.232301][ T6245] [ 66.234635][ T6245] CPU0 CPU1 [ 66.236329][ T6245] ---- ---- [ 66.238014][ T6245] lock(&q->q_usage_counter(io)#24); [ 66.239723][ T6245] lock(fs_reclaim); [ 66.241765][ T6245] lock(&q->q_usage_counter(io)#24); [ 66.244236][ T6245] rlock(&root->kernfs_iattr_rwsem); [ 66.245924][ T6245] [ 66.245924][ T6245] *** DEADLOCK *** [ 66.245924][ T6245] [ 66.248450][ T6245] 3 locks held by syz.3.65/6245: [ 66.250019][ T6245] #0: ffff8880412e3448 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_global_lock_killable+0x30/0xb0 [ 66.253202][ T6245] #1: ffff888041b3d628 (&q->q_usage_counter(io)#24){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 66.256827][ T6245] #2: ffff888041b3d660 (&q->q_usage_counter(queue)#8){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 66.260503][ T6245] [ 66.260503][ T6245] stack backtrace: [ 66.262364][ T6245] CPU: 2 UID: 0 PID: 6245 Comm: syz.3.65 Not tainted syzkaller #0 PREEMPT(full) [ 66.262377][ T6245] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 66.262384][ T6245] Call Trace: [ 66.262388][ T6245] [ 66.262392][ T6245] dump_stack_lvl+0x100/0x190 [ 66.262405][ T6245] print_circular_bug.cold+0x178/0x1c7 [ 66.262423][ T6245] check_noncircular+0x146/0x160 [ 66.262439][ T6245] __lock_acquire+0x14b8/0x2630 [ 66.262456][ T6245] lock_acquire+0x17c/0x330 [ 66.262471][ T6245] ? kernfs_iop_getattr+0x9c/0xf0 [ 66.262485][ T6245] ? __pfx___might_resched+0x10/0x10 [ 66.262502][ T6245] down_read+0x99/0x460 [ 66.262516][ T6245] ? kernfs_iop_getattr+0x9c/0xf0 [ 66.262528][ T6245] ? find_held_lock+0x2b/0x80 [ 66.262538][ T6245] ? __pfx_down_read+0x10/0x10 [ 66.262551][ T6245] ? kernfs_root+0xee/0x2a0 [ 66.262565][ T6245] kernfs_iop_getattr+0x9c/0xf0 [ 66.262578][ T6245] vfs_getattr_nosec+0x2d4/0x430 [ 66.262592][ T6245] ? __pfx_kernfs_iop_getattr+0x10/0x10 [ 66.262607][ T6245] vfs_getattr+0x4a/0x60 [ 66.262620][ T6245] loop_query_min_dio_size.isra.0+0x117/0x250 [ 66.262637][ T6245] ? __pfx_loop_query_min_dio_size.isra.0+0x10/0x10 [ 66.262659][ T6245] lo_ioctl+0x13c0/0x1be0 [ 66.262669][ T6245] ? __pfx_lo_ioctl+0x10/0x10 [ 66.262679][ T6245] ? kasan_quarantine_put+0x104/0x240 [ 66.262692][ T6245] ? lockdep_hardirqs_on+0x78/0x100 [ 66.262704][ T6245] ? blk_get_meta_cap+0xd4/0x6c0 [ 66.262716][ T6245] ? __pfx_blk_get_meta_cap+0x10/0x10 [ 66.262727][ T6245] ? find_held_lock+0x2b/0x80 [ 66.262737][ T6245] ? tomoyo_path_number_perm+0x28f/0x580 [ 66.262774][ T6245] ? blkdev_common_ioctl+0x515/0x2ba0 [ 66.262790][ T6245] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 66.262805][ T6245] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 66.262817][ T6245] ? do_vfs_ioctl+0x226/0x13e0 [ 66.262833][ T6245] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 66.262851][ T6245] lo_compat_ioctl+0xf3/0x170 [ 66.262861][ T6245] ? __pfx_lo_compat_ioctl+0x10/0x10 [ 66.262871][ T6245] compat_blkdev_ioctl+0x682/0x7b0 [ 66.262885][ T6245] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 66.262899][ T6245] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 66.262912][ T6245] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 66.262930][ T6245] __do_fast_syscall_32+0xde/0x660 [ 66.262944][ T6245] do_fast_syscall_32+0x32/0x70 [ 66.262957][ T6245] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 66.262970][ T6245] RIP: 0023:0xf7f95579 [ 66.262979][ T6245] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 [ 66.262989][ T6245] RSP: 002b:00000000f4ff150c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 66.262999][ T6245] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004c06 [ 66.263005][ T6245] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000000 [ 66.263011][ T6245] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 66.263017][ T6245] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 66.263023][ T6245] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 66.263032][ T6245] [ 66.362885][ T64] Bluetooth: hci0: command 0x0c1a tx timeout [ 66.413352][ T1464] IPVS: starting estimator thread 0... [ 66.508019][ T6258] IPVS: using max 52 ests per chain, 124800 per kthread [ 66.626010][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 66.629079][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 66.631743][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 66.634877][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 66.637604][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 66.640662][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 66.643199][ T5947] Dev loop7: unable to read RDB block 0 [ 66.645092][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 66.648195][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 66.651019][ T5947] loop7: unable to read partition table [ 66.652901][ T5947] loop7: partition table beyond EOD, truncated [ 66.656266][ T6243] ldm_validate_partition_table(): Disk read failed. [ 66.658760][ T6243] Dev loop7: unable to read RDB block 0 [ 66.661013][ T6243] loop7: unable to read partition table [ 66.662842][ T6243] loop7: partition table beyond EOD, truncated [ 66.664822][ T6243] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 66.670196][ T6245] ldm_validate_partition_table(): Disk read failed. [ 66.672641][ T6245] Dev loop7: unable to read RDB block 0 [ 66.674638][ T6245] loop7: unable to read partition table [ 66.676468][ T6245] loop7: partition table beyond EOD, truncated [ 66.678516][ T6245] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 66.968224][ T64] Bluetooth: hci3: command 0x0c1a tx timeout [ 66.968278][ T5298] Bluetooth: hci1: command 0x0c1a tx timeout [ 66.972725][ T5943] Bluetooth: hci2: command 0x0c1a tx timeout [ 69.038131][ T5944] Bluetooth: hci3: command 0x0c1a tx timeout [ 75.919037][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 75.921150][ T1417] ieee802154 phy1 wpan1: encryption failed: -22