last executing test programs: 1m35.950279007s ago: executing program 0 (id=9): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18090000002300810000000000000000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0) 1m35.678560076s ago: executing program 0 (id=11): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xffffffff7ffffffd]}, 0x0, 0x8) r3 = gettid() timer_create(0x3, &(0x7f000049efa0)={0x0, 0x14, 0x4, @tid=r3}, &(0x7f0000044000)) timer_settime(0x0, 0xffffffffffffffff, &(0x7f0000000080)={{}, {0x0, 0x9}}, 0x0) 1m35.490287631s ago: executing program 4 (id=13): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x6c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0xc000) 1m35.403656226s ago: executing program 0 (id=14): r0 = socket(0x10, 0x803, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f000000a3c0)=@newtfilter={0x74, 0x2c, 0xd27, 0x70bd2c, 0x2, {0x0, 0x0, 0x0, 0x0, {0x0, 0x6}, {}, {0xa}}, [@filter_kind_options=@f_flow={{0x9}, {0x44, 0x2, [@TCA_FLOW_POLICE={0x40, 0xa, 0x0, 0x1, [@TCA_POLICE_TBF={0x3c, 0x1, {0x2, 0x0, 0x6, 0x800, 0x400, {0x2, 0x1, 0x2, 0x90, 0x9, 0xf5}, {0x6, 0x1, 0x9, 0xb, 0xd5f1}, 0x6, 0x10000, 0x7}}]}]}}]}, 0x74}, 0x1, 0x0, 0x0, 0x40}, 0x0) 1m35.213858988s ago: executing program 4 (id=15): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) 1m35.130359981s ago: executing program 1 (id=2): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18090000002300810000000000000000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x4d8, 0x340, 0x11, 0x148, 0x340, 0x0, 0x440, 0x2a8, 0x2a8, 0x440, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 1m34.873602851s ago: executing program 3 (id=17): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt_acct\x00') bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000580)=ANY=[@ANYRESHEX, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = syz_io_uring_setup(0x4172, &(0x7f0000000780)={0x0, 0x2fd8, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100000100000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r5}, 0x10) syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27}) io_uring_enter(r2, 0x567, 0x60, 0x0, 0x0, 0x0) r6 = socket(0x18, 0x3, 0x0) connect$pppoe(r6, &(0x7f0000000100)={0x18, 0x0, {0x2, @broadcast, 'vxcan1\x00'}}, 0x1e) sendfile(r6, r1, 0x0, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000004850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r7 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301) ioctl$USBDEVFS_IOCTL(r7, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r7, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) 1m34.796102143s ago: executing program 0 (id=18): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, 0x0, 0x0) 1m34.71457742s ago: executing program 4 (id=19): r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x9, 0x3d51}, &(0x7f0000000200)=0x18) 1m34.69201285s ago: executing program 1 (id=20): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r2, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00008, 0x0, 0x50032, 0xffffffffffffffff, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000300012800e0001006970366772657461700000001c00028006000f"], 0x50}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r5}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r6}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000040)={'wg2\x00', @multicast}) 1m34.579399913s ago: executing program 4 (id=21): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0xfffffffc, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r2}, 0x10) r3 = socket$rds(0x15, 0x5, 0x0) bind$rds(r3, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r3, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000bc0)=[@mask_fadd={0x58, 0x114, 0x8, {{0xa, 0xfff}, &(0x7f0000000600)=0x5, 0x0, 0x0, 0x8, 0x1, 0x2, 0xb, 0x9}}], 0x58}, 0x0) 1m34.521241218s ago: executing program 0 (id=22): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) r2 = syz_io_uring_setup(0x10f, &(0x7f00000003c0)={0x0, 0x0, 0x400, 0x0, 0x33f}, &(0x7f0000000500)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x13}) io_uring_enter(r2, 0x47f9, 0x0, 0x0, 0x0, 0x0) rt_sigsuspend(&(0x7f0000000040)={[0x2000000]}, 0x8) 1m34.401650921s ago: executing program 1 (id=23): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x6c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0xc000) 1m34.394965827s ago: executing program 3 (id=24): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000540), r0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000040)={0x14, r1, 0x301, 0x70bd2c, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x4) 1m34.286601011s ago: executing program 4 (id=25): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xe, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8103, 0x0, 0x0, 0x237}, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r1, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 1m34.185666312s ago: executing program 1 (id=26): r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0xfffffffc, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}, {0x1, 0x8}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x7}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8, 0x0, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0xdea}]}]}]}}]}, 0xa4}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) 1m34.13331241s ago: executing program 3 (id=27): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendto$packet(r0, &(0x7f0000000180)="0b032200e0ff25120200475400f6a13bb100c117080081004803", 0x10000, 0xffffffffffffc117, &(0x7f0000000140), 0x14) 1m34.028160036s ago: executing program 4 (id=28): r0 = socket(0x10, 0x803, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f000000a3c0)=@newtfilter={0x74, 0x2c, 0xd27, 0x70bd2c, 0x2, {0x0, 0x0, 0x0, 0x0, {0x0, 0x6}, {}, {0xa}}, [@filter_kind_options=@f_flow={{0x9}, {0x44, 0x2, [@TCA_FLOW_POLICE={0x40, 0xa, 0x0, 0x1, [@TCA_POLICE_TBF={0x3c, 0x1, {0x2, 0x0, 0x6, 0x800, 0x400, {0x2, 0x1, 0x2, 0x90, 0x9, 0xf5}, {0x6, 0x1, 0x9, 0xb, 0xd5f1}, 0x6, 0x10000, 0x7}}]}]}}]}, 0x74}, 0x1, 0x0, 0x0, 0x40}, 0x0) 1m33.727742523s ago: executing program 2 (id=30): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) openat$sysfs(0xffffff9c, 0x0, 0x42, 0x0) 1m33.727645168s ago: executing program 2 (id=31): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="380000004900010029bd7000fcdbdf250a004a68", @ANYRES32, @ANYBLOB="040000000800020002000000140001"], 0x38}}, 0x40) 1m33.516723618s ago: executing program 2 (id=32): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x310, 0x0, 0x268, 0x33a, 0x130, 0x268, 0x268, 0x460, 0x460, 0x268, 0x460, 0xc, 0x0, {[{{@uncond, 0x0, 0x108, 0x130, 0xd8000000, {0x9402}, [@common=@unspec=@connlabel={{0x28}, {0x2, 0x1}}, @common=@unspec=@statistic={{0x38}}]}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x370) 1m33.516413769s ago: executing program 0 (id=33): r0 = socket(0x10, 0x3, 0x0) connect$netlink(r0, &(0x7f0000000140)=@proc={0x10, 0x0, 0x804, 0x800000}, 0xc) gettid() r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = epoll_create(0x80) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000200)={0x4}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff024}, {0x6, 0x0, 0x0, 0x7}]}, 0x10) sendmmsg(r4, &(0x7f0000001c00), 0x400000000000159, 0x40840) openat$full(0xffffffffffffff9c, 0x0, 0x40, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0842b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca20508011132153c528f7bca92980a3223c5b9cdddedb0a14adddf9a6e70a26b5c0ee0879c349814bee9d96d8bd23db4e801d49201ae84090455682794098afa42b34196b1d849020eeeb1ef48d003d71524683d7cdfa841bca708414fb8ff49742420d1ab7fa678aa4806d5247616e8bc0b02887f8efe9310ccf9bec1c9b7f6671c9d59ac6b09b4436cafdd1887c8e884c930d21ace088ccc99a94d4b33da2fc1b1310bb607a9ad65844655de1ac9fd36d12e07a821fb950368a970c58fb4f3f403fdaf68902874"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) 1m33.448924256s ago: executing program 2 (id=34): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x2) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)={0x54, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) 1m33.448328149s ago: executing program 3 (id=35): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r1}, 0x18) r2 = socket$kcm(0x2, 0x3, 0x84) sendmsg$inet(r2, &(0x7f0000001000)={&(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000940)=[{&(0x7f0000001040)="5346f7f875528ef24043c68e04180a332e94ee4784fffee263c06f2d924e8699b6af71aa257b5a316af31628e5148c7012f4d55ce4c29fea9e5b0b61fdf0b2dc866fa81b4e775e235eaebe330e16114548f147b8a966bf1f1fc6c24b9d47d349c87c3f789d2ba608cd25b17b6c80a7f0ceb4a06ff270ff8c9f0d3a19133f1fdfd51b767b8cef1f36e5490c5df5fcb378a6fb6eb5d8aaf7791ce81f61a05e1ebdd1789eb70ac1f3dfed378f6f3e237120052113a75ab977796117f7e7b2d6ee499f51dc070c820d10a0eaef4fc94ddc648bafae070caf70c465267497b3de963df649e113e2060c82b057abfae0798d424c81aeb42796189eb0936a2c547a5c4d6351ed786c75beb926118fb7af49ecc00b545fe2563bd4294a982980afed3f9cf390f304611db4c6d7b64d64f38db5fde5cf7cadb29c697013b710e0218660671d0051ddd7fb7f5eb72a34f469b2e20600000091817eb5b952af43d1a40f4770e7220fcdfe25d3e9747e2af76ece5922724840afdba6f6f9e1d11db8561e8e836413ee04d6e084700ec1ac0e00569f0e4d4844f4710299aabbef615c33e276544669ce074528938ec0cc6d2af1ce7a47a64ad676f08507aa08d4210f979ef4aacfa4d524c9952d4743d65c3c527302942a8880116ce7ebc6c84778346f02c806bb466db7d313d7ebc7ea87823d4a8de0b697929fb3277012327827801f75ca3c5776d1a81acb160007f73148dfaf05ab7eed5a0e603ac468eb2bcd9de5f140758e74c20a9931187e0cbc857aa62a4cec8a62f7e31af3a78cdb8608551cdd68e83aebb3c9e05519184ff996c336553fa6bf16865cd6c4eacf1e360b029cdae41070f5fd183ea0eaae427505d56994ccfd0737aae3abbc45f56710d2e3f2662bf4514044f7fa03cde28fa1783970d3c676cb23cb1923a9feb233267ef663936ccf25f7597a2270724527bf468d22786d0548b25582180b72c51742c4e5c373a1008dd4cfba508e8f3f8ec35e6f1375a11b1fbe2dc09e9fe609e80112c8f5c895c922cd547def707b7252d7afa0030d008b1dd10fd4a56e30237a6e0229fb4562cb8df3d4e64b28e15c075e59554e9d61a6065d49c1e765a49195cf5d6b1e2b6192447817fedfe41fcdf9a4fc5af567906e4b6453da7b97eac255cc253d7bceba09f67da4815438583c6843366b76d9e9277558e48681e9cfa920b47aea0e5c46ef86ea7f1ef534cf7565b24b833ba2cbfe60e6271614850dd68f2a8a6be4f315b83abb8e2699ed8e2a4b3506f9dacbb180c4deeef7489f49faf34cdf4e91a402956564f854d71c892e4aada1c91647ce45d4834d000e8d5be1773ecae388e511228977a69d4cc67fbab60ee1555a219e41eebc31807a87d9cbe88a8b05959e1a988f6ea6ed73a6ac1ec2f3d74d73eaa91a39308e008b7fa1ecc2a020f495750f9936d9c07130d950a777c0d8d131416ef55a4ec041113df65ba4aea92fcb3e2268510f316bd17f04993b6473338fe7c08fd9874e743a31582162232c7d6c614e7b3513abcc0feb99b2c9111300004fe291f5bd682c039183e61c1fdac90b2a015939a8d10b07a05e99e5772b4b9329275cef8de2b066d4e4d421e4a0a69cdd8f674b12f5b3fa764e4b1e9f4d767e252e37477813a03f18da16d598fddcf4be590d9f65f64c647cb2f330a614fe688d3d80182ed8aa59905a1cb0d3f034d927e070d71f56ee8e5c5bdf23c4f85c7a17834467bd6cf58218868fe53e3675c130bbe44bea271fa67999a0dc3dbf7c40dbba6e7d6cc0936bd8d466a1f041883c093a3a60743d0549b1a989a2fa41ff978388014434909053e279a21e7866bd4efb4a9f46b7a8b0d1d84d83020e9e68936ca3de030269784aa29a3e25146cd5b03d21ca82f961be925c9ad487fb24b1e35c2d043ee4b6a4aaf811c4308a6ced6b4c45e7513a3f0e1421cb3b0fd8571a7085c9a4b454e4ee8b44767428666cd108b78369b871ab32f36943e24976f4bb6bd4068cc19585a2de791e3f950d220b28f4ba268d8c9dbccc1a705b1b1c30881babdbc8cc4cf97b801e4d410fd7c61b34b1f126e6df", 0x5c2}, {&(0x7f0000000b00)}, {0x0}], 0x3, &(0x7f0000000580)=[@ip_pktinfo={{0xd, 0x0, 0x8, {0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback}}}], 0x20}, 0x0) 1m33.203718827s ago: executing program 3 (id=36): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x6c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0xc000) 1m33.087956039s ago: executing program 2 (id=37): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000400)='net/packet\x00') 1m33.028958165s ago: executing program 3 (id=38): r0 = socket(0x10, 0x3, 0x6) r1 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x90, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4]}}}}, @TCA_RATE={0x6}]}, 0x90}}, 0x20000000) 1m31.945109712s ago: executing program 2 (id=39): bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0x40000000000}, 0x18) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) close_range(r1, 0xffffffffffffffff, 0x0) 1m22.746208688s ago: executing program 1 (id=40): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x7}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x70}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800) 1m17.304907427s ago: executing program 32 (id=33): r0 = socket(0x10, 0x3, 0x0) connect$netlink(r0, &(0x7f0000000140)=@proc={0x10, 0x0, 0x804, 0x800000}, 0xc) gettid() r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = epoll_create(0x80) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000200)={0x4}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff024}, {0x6, 0x0, 0x0, 0x7}]}, 0x10) sendmmsg(r4, &(0x7f0000001c00), 0x400000000000159, 0x40840) openat$full(0xffffffffffffff9c, 0x0, 0x40, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0842b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca20508011132153c528f7bca92980a3223c5b9cdddedb0a14adddf9a6e70a26b5c0ee0879c349814bee9d96d8bd23db4e801d49201ae84090455682794098afa42b34196b1d849020eeeb1ef48d003d71524683d7cdfa841bca708414fb8ff49742420d1ab7fa678aa4806d5247616e8bc0b02887f8efe9310ccf9bec1c9b7f6671c9d59ac6b09b4436cafdd1887c8e884c930d21ace088ccc99a94d4b33da2fc1b1310bb607a9ad65844655de1ac9fd36d12e07a821fb950368a970c58fb4f3f403fdaf68902874"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) 1m16.396641847s ago: executing program 33 (id=39): bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0x40000000000}, 0x18) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) close_range(r1, 0xffffffffffffffff, 0x0) 1m16.396545197s ago: executing program 34 (id=38): r0 = socket(0x10, 0x3, 0x6) r1 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x90, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4]}}}}, @TCA_RATE={0x6}]}, 0x90}}, 0x20000000) 1m9.886471463s ago: executing program 35 (id=28): r0 = socket(0x10, 0x803, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f000000a3c0)=@newtfilter={0x74, 0x2c, 0xd27, 0x70bd2c, 0x2, {0x0, 0x0, 0x0, 0x0, {0x0, 0x6}, {}, {0xa}}, [@filter_kind_options=@f_flow={{0x9}, {0x44, 0x2, [@TCA_FLOW_POLICE={0x40, 0xa, 0x0, 0x1, [@TCA_POLICE_TBF={0x3c, 0x1, {0x2, 0x0, 0x6, 0x800, 0x400, {0x2, 0x1, 0x2, 0x90, 0x9, 0xf5}, {0x6, 0x1, 0x9, 0xb, 0xd5f1}, 0x6, 0x10000, 0x7}}]}]}}]}, 0x74}, 0x1, 0x0, 0x0, 0x40}, 0x0) 0s ago: executing program 36 (id=40): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x7}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x70}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.167' (ED25519) to the list of known hosts. [ 71.409528][ T5820] cgroup: Unknown subsys name 'net' [ 71.522394][ T5820] cgroup: Unknown subsys name 'cpuset' [ 71.530905][ T5820] cgroup: Unknown subsys name 'rlimit' [ 71.663320][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.669900][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 Setting up swapspace version 1, size = 127995904 bytes [ 73.040367][ T5820] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 75.423163][ T5832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.429686][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 75.431876][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.445798][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 75.446142][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.453662][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 75.461072][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.474656][ T5834] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 75.474654][ T5832] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 75.475404][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.508613][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 75.517624][ T5835] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 75.526863][ T5835] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 75.529259][ T5842] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 75.534113][ T5835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 75.548746][ T5835] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 75.560805][ T5844] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 75.568583][ T5844] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 75.576789][ T5844] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 75.584530][ T5844] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 75.591571][ T5146] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 75.592882][ T5146] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 75.600375][ T5844] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 75.609938][ T5146] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 75.614227][ T5844] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 75.621037][ T5146] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 75.634350][ T5844] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 75.634813][ T5146] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 75.642089][ T5844] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 75.659787][ T5844] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.097267][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 76.141384][ T5848] chnl_net:caif_netlink_parms(): no params data found [ 76.232083][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 76.320652][ T5850] chnl_net:caif_netlink_parms(): no params data found [ 76.355700][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.363625][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.371632][ T5848] bridge_slave_0: entered allmulticast mode [ 76.378651][ T5848] bridge_slave_0: entered promiscuous mode [ 76.435308][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.442763][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.450096][ T5848] bridge_slave_1: entered allmulticast mode [ 76.456829][ T5848] bridge_slave_1: entered promiscuous mode [ 76.467057][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.474265][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.481889][ T5845] bridge_slave_0: entered allmulticast mode [ 76.489040][ T5845] bridge_slave_0: entered promiscuous mode [ 76.497224][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.504481][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.511686][ T5845] bridge_slave_1: entered allmulticast mode [ 76.518692][ T5845] bridge_slave_1: entered promiscuous mode [ 76.587393][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.600563][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.625607][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.634979][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.642443][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.650075][ T5846] bridge_slave_0: entered allmulticast mode [ 76.656804][ T5846] bridge_slave_0: entered promiscuous mode [ 76.665222][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.672375][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.679656][ T5846] bridge_slave_1: entered allmulticast mode [ 76.686669][ T5846] bridge_slave_1: entered promiscuous mode [ 76.703670][ T5849] chnl_net:caif_netlink_parms(): no params data found [ 76.732225][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.761787][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.769155][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.776328][ T5850] bridge_slave_0: entered allmulticast mode [ 76.784427][ T5850] bridge_slave_0: entered promiscuous mode [ 76.795324][ T5848] team0: Port device team_slave_0 added [ 76.804849][ T5848] team0: Port device team_slave_1 added [ 76.822826][ T5845] team0: Port device team_slave_0 added [ 76.853057][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.863406][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.870961][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.878145][ T5850] bridge_slave_1: entered allmulticast mode [ 76.885978][ T5850] bridge_slave_1: entered promiscuous mode [ 76.904565][ T5845] team0: Port device team_slave_1 added [ 76.923078][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.960158][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.967130][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.993456][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.037164][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.044355][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.070953][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.083002][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.091839][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.118553][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.134529][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.141766][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.167775][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.189381][ T5846] team0: Port device team_slave_0 added [ 77.197404][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.210248][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.253165][ T5846] team0: Port device team_slave_1 added [ 77.293160][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.300418][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.307579][ T5849] bridge_slave_0: entered allmulticast mode [ 77.314512][ T5849] bridge_slave_0: entered promiscuous mode [ 77.352642][ T5850] team0: Port device team_slave_0 added [ 77.374638][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.382673][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.390283][ T5849] bridge_slave_1: entered allmulticast mode [ 77.397173][ T5849] bridge_slave_1: entered promiscuous mode [ 77.407314][ T5845] hsr_slave_0: entered promiscuous mode [ 77.414354][ T5845] hsr_slave_1: entered promiscuous mode [ 77.425666][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.432764][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.458924][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.473300][ T5850] team0: Port device team_slave_1 added [ 77.483331][ T5848] hsr_slave_0: entered promiscuous mode [ 77.489975][ T5848] hsr_slave_1: entered promiscuous mode [ 77.496125][ T5848] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 77.504121][ T5848] Cannot create hsr debugfs directory [ 77.528106][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.535280][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.562058][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.579515][ T5146] Bluetooth: hci1: command tx timeout [ 77.609008][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.630970][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.637943][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.664467][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.683211][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.713019][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.720416][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.746646][ T5844] Bluetooth: hci3: command tx timeout [ 77.746951][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.753012][ T5844] Bluetooth: hci4: command tx timeout [ 77.763332][ T5832] Bluetooth: hci0: command tx timeout [ 77.774712][ T5146] Bluetooth: hci2: command tx timeout [ 77.814133][ T5846] hsr_slave_0: entered promiscuous mode [ 77.821178][ T5846] hsr_slave_1: entered promiscuous mode [ 77.827193][ T5846] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 77.835142][ T5846] Cannot create hsr debugfs directory [ 77.881887][ T5849] team0: Port device team_slave_0 added [ 77.892189][ T5850] hsr_slave_0: entered promiscuous mode [ 77.900430][ T5850] hsr_slave_1: entered promiscuous mode [ 77.907169][ T5850] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 77.915366][ T5850] Cannot create hsr debugfs directory [ 77.935435][ T5849] team0: Port device team_slave_1 added [ 78.024557][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.031633][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.058185][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.070928][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.077912][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.104405][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.280528][ T5849] hsr_slave_0: entered promiscuous mode [ 78.286875][ T5849] hsr_slave_1: entered promiscuous mode [ 78.295362][ T5849] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.308745][ T5849] Cannot create hsr debugfs directory [ 78.394927][ T5848] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 78.412187][ T5848] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 78.431096][ T5848] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 78.443863][ T5848] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 78.543585][ T5845] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 78.555849][ T5845] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 78.571668][ T5845] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 78.584675][ T5845] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 78.631377][ T5850] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 78.641519][ T5850] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 78.659999][ T5850] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 78.670451][ T5850] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 78.751541][ T5846] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 78.764700][ T5846] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 78.795011][ T5846] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 78.817996][ T5846] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 78.861403][ T5849] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 78.877688][ T5849] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 78.901287][ T5849] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 78.911479][ T5849] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 78.947541][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.013190][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.048559][ T5848] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.061703][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.077030][ T3620] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.084338][ T3620] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.100828][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.116486][ T3620] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.123770][ T3620] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.157697][ T5850] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.187100][ T3620] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.194253][ T3620] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.227600][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.236907][ T3620] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.244055][ T3620] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.258384][ T3620] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.265539][ T3620] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.278443][ T3620] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.285574][ T3620] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.394070][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.405888][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.431701][ T5845] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 79.473872][ T3554] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.481148][ T3554] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.514133][ T5849] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.525741][ T82] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.532885][ T82] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.554751][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.566046][ T82] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.574036][ T82] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.590919][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.630109][ T3554] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.637230][ T3554] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.659652][ T5146] Bluetooth: hci1: command tx timeout [ 79.670873][ T5846] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 79.692624][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.802654][ T5845] veth0_vlan: entered promiscuous mode [ 79.818999][ T5146] Bluetooth: hci4: command tx timeout [ 79.824324][ T5848] veth0_vlan: entered promiscuous mode [ 79.824453][ T5146] Bluetooth: hci3: command tx timeout [ 79.836735][ T5832] Bluetooth: hci2: command tx timeout [ 79.837537][ T5848] veth1_vlan: entered promiscuous mode [ 79.843901][ T5832] Bluetooth: hci0: command tx timeout [ 79.891233][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.906321][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.921922][ T5848] veth0_macvtap: entered promiscuous mode [ 79.934860][ T5845] veth1_vlan: entered promiscuous mode [ 79.943943][ T5850] veth0_vlan: entered promiscuous mode [ 79.955673][ T5850] veth1_vlan: entered promiscuous mode [ 79.975665][ T5848] veth1_macvtap: entered promiscuous mode [ 80.022304][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.037760][ T5845] veth0_macvtap: entered promiscuous mode [ 80.065966][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.087748][ T5846] veth0_vlan: entered promiscuous mode [ 80.097379][ T5845] veth1_macvtap: entered promiscuous mode [ 80.106486][ T5848] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.118401][ T5848] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.127676][ T5848] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.137070][ T5848] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.159582][ T5849] veth0_vlan: entered promiscuous mode [ 80.165849][ T5850] veth0_macvtap: entered promiscuous mode [ 80.193660][ T5849] veth1_vlan: entered promiscuous mode [ 80.202799][ T5846] veth1_vlan: entered promiscuous mode [ 80.214510][ T5845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.227268][ T5845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.239104][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.262895][ T5850] veth1_macvtap: entered promiscuous mode [ 80.280092][ T5845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.291199][ T5845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.305449][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.316208][ T5845] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.329642][ T5845] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.340046][ T5845] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.349190][ T5845] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.409398][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.420829][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.431446][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.442998][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.454700][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.466075][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.476928][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.486851][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.497529][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.508338][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.520012][ T5850] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.529107][ T5850] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.537856][ T5850] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.548394][ T5850] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.621604][ T5846] veth0_macvtap: entered promiscuous mode [ 80.653183][ T5846] veth1_macvtap: entered promiscuous mode [ 80.660575][ T5849] veth0_macvtap: entered promiscuous mode [ 80.679221][ T3620] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.687316][ T3620] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.724391][ T3620] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.728417][ T5849] veth1_macvtap: entered promiscuous mode [ 80.741311][ T3620] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.753492][ T3554] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.773136][ T3554] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.824233][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.836042][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.853563][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.857258][ T5848] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 80.874195][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.890024][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.901862][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.913367][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.950345][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.951175][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.977338][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.986789][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.014030][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.032546][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.044418][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.062252][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.077664][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.089841][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.115339][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.125611][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.136175][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.146560][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.157214][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.167594][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.180601][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.192906][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.227381][ T5890] IPv6: Can't replace route, no match found [ 81.236345][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.247797][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.274655][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.297337][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.318576][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.335964][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.347116][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.358208][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.370259][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.383610][ T5846] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.393361][ T5846] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.402805][ T5846] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.411729][ T5846] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.431810][ T5849] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.444259][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.471722][ T5849] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.485806][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.498951][ T5849] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.507738][ T5849] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.651131][ T3554] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.678547][ T3554] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.739071][ T5832] Bluetooth: hci1: command tx timeout [ 81.822750][ T3620] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.855217][ T3620] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.899112][ T5146] Bluetooth: hci0: command tx timeout [ 81.900382][ T5844] Bluetooth: hci3: command tx timeout [ 81.906694][ T5146] Bluetooth: hci4: command tx timeout [ 81.915437][ T5832] Bluetooth: hci2: command tx timeout [ 81.946982][ T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.974288][ T30] audit: type=1326 audit(1737103286.849:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5903 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0121585d29 code=0x7ffc0000 [ 81.999934][ T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.076143][ T29] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.089107][ T30] audit: type=1326 audit(1737103286.889:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5903 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0121585d29 code=0x7ffc0000 [ 82.111987][ T29] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.188823][ T30] audit: type=1326 audit(1737103286.889:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5903 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0121585d29 code=0x7ffc0000 [ 82.234554][ T30] audit: type=1326 audit(1737103286.889:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5903 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0121585d29 code=0x7ffc0000 [ 82.274617][ T29] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.315733][ T30] audit: type=1326 audit(1737103286.889:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5903 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0121585d29 code=0x7ffc0000 [ 82.328323][ T29] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.410238][ T30] audit: type=1326 audit(1737103286.889:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5903 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0121585d29 code=0x7ffc0000 [ 82.495868][ T30] audit: type=1326 audit(1737103286.889:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5903 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0121585d29 code=0x7ffc0000 [ 82.579975][ T5919] xt_hashlimit: max too large, truncated to 1048576 [ 82.592183][ T30] audit: type=1326 audit(1737103286.889:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5903 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0121585d29 code=0x7ffc0000 [ 82.676667][ T30] audit: type=1326 audit(1737103286.889:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5903 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0121585d29 code=0x7ffc0000 [ 82.789129][ T30] audit: type=1326 audit(1737103286.889:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5903 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0121585d29 code=0x7ffc0000 [ 83.020392][ T5925] hub 6-0:1.0: USB hub found [ 83.044064][ T5932] wg2: entered promiscuous mode [ 83.050532][ T5925] hub 6-0:1.0: 1 port detected [ 83.053424][ T5932] wg2: entered allmulticast mode [ 83.147430][ T5935] atomic_op ffff88805a188998 conn xmit_atomic 0000000000000000 [ 83.495998][ C0] hrtimer: interrupt took 3459691 ns [ 83.978751][ T5146] Bluetooth: hci3: command tx timeout [ 83.984937][ T5146] Bluetooth: hci0: command tx timeout [ 84.057007][ T5832] Bluetooth: hci1: command tx timeout [ 84.063593][ T5832] Bluetooth: hci4: command tx timeout [ 84.069496][ T5832] Bluetooth: hci2: command tx timeout [ 84.282705][ T5968] Zero length message leads to an empty skb [ 84.632624][ T5976] random: crng reseeded on system resumption [ 87.860461][ T58] cfg80211: failed to load regulatory.db [ 100.991397][ T5832] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 101.060326][ T5844] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 101.081359][ T5839] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 101.110381][ T5844] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 101.165597][ T5844] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 101.195986][ T5839] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 101.690202][ T5844] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 101.714947][ T5834] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 101.726223][ T54] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 101.733467][ T54] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 101.740707][ T54] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 101.755596][ T5834] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 101.764730][ T5834] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 101.778583][ T54] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 101.789605][ T54] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 101.796741][ T54] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 101.816393][ T5834] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 101.823705][ T5834] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 101.838805][ T54] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 101.846399][ T5834] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 101.864185][ T5832] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 101.920232][ T5146] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 101.948365][ T5832] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 101.974752][ T54] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 107.701787][ T54] Bluetooth: hci6: command tx timeout [ 107.707845][ T54] Bluetooth: hci5: command tx timeout [ 107.714007][ T54] Bluetooth: hci8: command tx timeout [ 107.719876][ T54] Bluetooth: hci7: command tx timeout [ 142.848594][ T5146] Bluetooth: hci7: command tx timeout [ 142.854100][ T5146] Bluetooth: hci8: command tx timeout [ 142.859642][ T5146] Bluetooth: hci5: command tx timeout [ 142.865059][ T5146] Bluetooth: hci6: command tx timeout [ 142.900460][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 142.906820][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 160.517459][ T54] Bluetooth: hci6: command tx timeout [ 160.523118][ T54] Bluetooth: hci5: command tx timeout [ 160.528713][ T54] Bluetooth: hci8: command tx timeout [ 160.534136][ T54] Bluetooth: hci7: command tx timeout [ 177.312905][ T29] sched: DL replenish lagged too much [ 177.490550][ T5146] Bluetooth: hci7: command tx timeout [ 177.496018][ T5146] Bluetooth: hci8: command tx timeout [ 177.501511][ T5146] Bluetooth: hci5: command tx timeout [ 177.506922][ T5146] Bluetooth: hci6: command tx timeout [ 178.131782][ T5146] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 178.186459][ T5839] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 178.194491][ T5839] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 178.298675][ T5839] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 178.305883][ T5839] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 178.465906][ T5839] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 178.759049][ T5844] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 178.818817][ T5834] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 178.868878][ T5844] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 178.928690][ T5844] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 179.028670][ T5834] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 179.109320][ T5834] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 179.159303][ T5832] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 179.218570][ T5834] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 179.225756][ T5834] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 179.275432][ T5832] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 179.300294][ T5832] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 179.320678][ T5832] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 179.328835][ T5832] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 179.336143][ T5832] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 179.355332][ T54] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 179.385674][ T54] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 179.406849][ T5842] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 179.450172][ T54] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 179.457722][ T54] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 179.575546][ T5146] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 179.596646][ T5832] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 179.607379][ T5839] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 179.663761][ T5839] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 179.706197][ T5146] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 197.023292][ T5844] Bluetooth: hci9: command tx timeout [ 197.029365][ T5844] Bluetooth: hci10: command tx timeout [ 197.035419][ T5844] Bluetooth: hci11: command tx timeout [ 197.041431][ T5844] Bluetooth: hci12: command tx timeout [ 197.047409][ T5844] Bluetooth: hci13: command tx timeout [ 247.223251][ T5844] Bluetooth: hci13: command tx timeout [ 247.229012][ T5844] Bluetooth: hci12: command tx timeout [ 247.234597][ T5844] Bluetooth: hci11: command tx timeout [ 247.240268][ T5844] Bluetooth: hci10: command tx timeout [ 247.245802][ T5844] Bluetooth: hci9: command tx timeout [ 247.309169][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 247.315525][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 248.036179][ T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 279.245011][ T5835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 279.393137][ T54] Bluetooth: hci14: Opcode 0x0c03 failed: -110 [ 279.399744][ T54] Bluetooth: hci9: command tx timeout [ 279.405751][ T54] Bluetooth: hci10: command tx timeout [ 279.411416][ T54] Bluetooth: hci11: command tx timeout [ 279.416929][ T54] Bluetooth: hci12: command tx timeout [ 279.422630][ T54] Bluetooth: hci13: command tx timeout [ 279.428137][ T54] Bluetooth: hci5: command 0x0406 tx timeout [ 279.434946][ T54] Bluetooth: hci6: command 0x0406 tx timeout [ 279.441592][ T54] Bluetooth: hci7: command 0x0406 tx timeout [ 279.447619][ T54] Bluetooth: hci8: command 0x0406 tx timeout [ 279.453736][ T54] Bluetooth: hci4: command 0x0406 tx timeout [ 279.459794][ T54] Bluetooth: hci3: command 0x0406 tx timeout [ 279.498498][ T31] INFO: task kworker/1:2:58 blocked for more than 150 seconds. [ 279.506270][ T31] Not tainted 6.13.0-rc7-syzkaller-00102-gce69b4019001 #0 [ 279.548471][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 279.557219][ T31] task:kworker/1:2 state:D stack:24376 pid:58 tgid:58 ppid:2 flags:0x00004000 [ 279.628449][ T31] Workqueue: events request_firmware_work_func [ 279.635799][ T31] Call Trace: [ 279.668449][ T31] [ 279.671446][ T31] __schedule+0x1850/0x4c30 [ 279.676010][ T31] ? __pfx___schedule+0x10/0x10 [ 279.708463][ T31] ? __pfx_lock_release+0x10/0x10 [ 279.713563][ T31] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 279.728464][ T31] ? kthread_data+0x52/0xd0 [ 279.733033][ T31] ? schedule+0x90/0x320 [ 279.745326][ T31] ? wq_worker_sleeping+0x66/0x240 [ 279.750563][ T31] ? schedule+0x90/0x320 [ 279.754839][ T31] schedule+0x14b/0x320 [ 279.759211][ T31] schedule_preempt_disabled+0x13/0x30 [ 279.764709][ T31] __mutex_lock+0x7e7/0xee0 [ 279.779115][ T31] ? __mutex_lock+0x5ef/0xee0 [ 279.783859][ T31] ? regdb_fw_cb+0x82/0x1c0 [ 279.790595][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 279.795699][ T31] ? __pfx_regdb_fw_cb+0x10/0x10 [ 279.800814][ T31] regdb_fw_cb+0x82/0x1c0 [ 279.805186][ T31] ? __pfx_regdb_fw_cb+0x10/0x10 [ 279.810878][ T31] request_firmware_work_func+0x1a4/0x280 [ 279.816683][ T31] ? __pfx_request_firmware_work_func+0x10/0x10 [ 279.823055][ T31] ? process_scheduled_works+0x976/0x1840 [ 279.828874][ T31] process_scheduled_works+0xa66/0x1840 [ 279.834502][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 279.841223][ T31] ? assign_work+0x364/0x3d0 [ 279.845857][ T31] worker_thread+0x870/0xd30 [ 279.851145][ T31] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 279.857100][ T31] ? __kthread_parkme+0x169/0x1d0 [ 279.862276][ T31] ? __pfx_worker_thread+0x10/0x10 [ 279.867427][ T31] kthread+0x2f0/0x390 [ 279.878347][ T31] ? __pfx_worker_thread+0x10/0x10 [ 279.883705][ T31] ? __pfx_kthread+0x10/0x10 [ 279.888333][ T31] ret_from_fork+0x4b/0x80 [ 279.892845][ T31] ? __pfx_kthread+0x10/0x10 [ 279.897471][ T31] ret_from_fork_asm+0x1a/0x30 [ 279.902345][ T31] [ 279.905394][ T31] INFO: task kworker/u8:4:63 blocked for more than 151 seconds. [ 279.913101][ T31] Not tainted 6.13.0-rc7-syzkaller-00102-gce69b4019001 #0 [ 279.920782][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 279.929504][ T31] task:kworker/u8:4 state:D stack:20952 pid:63 tgid:63 ppid:2 flags:0x00004000 [ 279.939763][ T31] Workqueue: events_unbound linkwatch_event [ 279.946789][ T31] Call Trace: [ 279.950185][ T31] [ 279.953143][ T31] __schedule+0x1850/0x4c30 [ 279.957714][ T31] ? __pfx___schedule+0x10/0x10 [ 279.962667][ T31] ? __pfx_lock_release+0x10/0x10 [ 279.967727][ T31] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 279.973708][ T31] ? kthread_data+0x52/0xd0 [ 279.978240][ T31] ? schedule+0x90/0x320 [ 279.982559][ T31] ? wq_worker_sleeping+0x66/0x240 [ 279.987703][ T31] ? schedule+0x90/0x320 [ 279.992049][ T31] schedule+0x14b/0x320 [ 279.996245][ T31] schedule_preempt_disabled+0x13/0x30 [ 280.001778][ T31] __mutex_lock+0x7e7/0xee0 [ 280.006323][ T31] ? __mutex_lock+0x5ef/0xee0 [ 280.011112][ T31] ? linkwatch_event+0xe/0x60 [ 280.015818][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 280.020948][ T31] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 280.026987][ T31] ? process_scheduled_works+0x976/0x1840 [ 280.049487][ T31] linkwatch_event+0xe/0x60 [ 280.054089][ T31] process_scheduled_works+0xa66/0x1840 [ 280.094818][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 280.108492][ T31] ? assign_work+0x364/0x3d0 [ 280.113165][ T31] worker_thread+0x870/0xd30 [ 280.117806][ T31] ? __kthread_parkme+0x169/0x1d0 [ 280.138666][ T31] ? __pfx_worker_thread+0x10/0x10 [ 280.143923][ T31] kthread+0x2f0/0x390 [ 280.159245][ T31] ? __pfx_worker_thread+0x10/0x10 [ 280.164429][ T31] ? __pfx_kthread+0x10/0x10 [ 280.178482][ T31] ret_from_fork+0x4b/0x80 [ 280.182960][ T31] ? __pfx_kthread+0x10/0x10 [ 280.187589][ T31] ret_from_fork_asm+0x1a/0x30 [ 280.208494][ T31] [ 280.211653][ T31] INFO: task kworker/u8:11:3620 blocked for more than 151 seconds. [ 280.228433][ T31] Not tainted 6.13.0-rc7-syzkaller-00102-gce69b4019001 #0 [ 280.236137][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 280.268447][ T31] task:kworker/u8:11 state:D stack:21304 pid:3620 tgid:3620 ppid:2 flags:0x00004000 [ 280.288598][ T31] Workqueue: ipv6_addrconf addrconf_dad_work [ 280.294650][ T31] Call Trace: [ 280.297952][ T31] [ 280.308444][ T31] __schedule+0x1850/0x4c30 [ 280.313058][ T31] ? __pfx___schedule+0x10/0x10 [ 280.317953][ T31] ? __pfx_lock_release+0x10/0x10 [ 280.338441][ T31] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 280.344417][ T31] ? kthread_data+0x52/0xd0 [ 280.358477][ T31] ? schedule+0x90/0x320 [ 280.362790][ T31] ? wq_worker_sleeping+0x66/0x240 [ 280.367935][ T31] ? schedule+0x90/0x320 [ 280.389923][ T31] schedule+0x14b/0x320 [ 280.394245][ T31] schedule_preempt_disabled+0x13/0x30 [ 280.408893][ T31] __mutex_lock+0x7e7/0xee0 [ 280.413485][ T31] ? __mutex_lock+0x5ef/0xee0 [ 280.418217][ T31] ? addrconf_dad_work+0xd0/0x16f0 [ 280.438463][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 280.443579][ T31] ? do_raw_spin_unlock+0x13c/0x8b0 [ 280.458525][ T31] addrconf_dad_work+0xd0/0x16f0 [ 280.463546][ T31] ? __pfx_addrconf_dad_work+0x10/0x10 [ 280.478443][ T31] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 280.484854][ T31] ? process_scheduled_works+0x976/0x1840 [ 280.503117][ T31] process_scheduled_works+0xa66/0x1840 [ 280.509198][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 280.515234][ T31] ? assign_work+0x364/0x3d0 [ 280.519929][ T31] worker_thread+0x870/0xd30 [ 280.524563][ T31] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 280.530541][ T31] ? __kthread_parkme+0x169/0x1d0 [ 280.535607][ T31] ? __pfx_worker_thread+0x10/0x10 [ 280.540804][ T31] kthread+0x2f0/0x390 [ 280.544913][ T31] ? __pfx_worker_thread+0x10/0x10 [ 280.550099][ T31] ? __pfx_kthread+0x10/0x10 [ 280.554723][ T31] ret_from_fork+0x4b/0x80 [ 280.559822][ T31] ? __pfx_kthread+0x10/0x10 [ 280.564459][ T31] ret_from_fork_asm+0x1a/0x30 [ 280.569826][ T31] [ 280.573051][ T31] INFO: task syz-executor:5992 blocked for more than 151 seconds. [ 280.581047][ T31] Not tainted 6.13.0-rc7-syzkaller-00102-gce69b4019001 #0 [ 280.588913][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 280.597599][ T31] task:syz-executor state:D stack:25456 pid:5992 tgid:5992 ppid:1 flags:0x00004006 [ 280.607868][ T31] Call Trace: [ 280.611279][ T31] [ 280.614242][ T31] __schedule+0x1850/0x4c30 [ 280.618851][ T31] ? __pfx___schedule+0x10/0x10 [ 280.623830][ T31] ? __pfx_lock_release+0x10/0x10 [ 280.628929][ T31] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 280.634865][ T31] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 280.640846][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 280.647215][ T31] ? schedule+0x90/0x320 [ 280.651530][ T31] schedule+0x14b/0x320 [ 280.655729][ T31] schedule_preempt_disabled+0x13/0x30 [ 280.661873][ T31] __mutex_lock+0x7e7/0xee0 [ 280.666425][ T31] ? __mutex_lock+0x5ef/0xee0 [ 280.671704][ T31] ? register_nexthop_notifier+0x84/0x290 [ 280.677468][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 280.682590][ T31] ? __asan_memset+0x23/0x50 [ 280.687216][ T31] register_nexthop_notifier+0x84/0x290 [ 280.692840][ T31] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 280.698961][ T31] ? __pfx_debug_check_no_locks_freed+0x10/0x10 [ 280.705249][ T31] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 280.711507][ T31] ? __asan_memset+0x23/0x50 [ 280.716135][ T31] ops_init+0x31e/0x590 [ 280.720401][ T31] ? lockdep_init_map_type+0xa1/0x910 [ 280.725820][ T31] setup_net+0x287/0x9e0 [ 280.730135][ T31] ? __pfx_down_read_killable+0x10/0x10 [ 280.735714][ T31] ? __pfx_setup_net+0x10/0x10 [ 280.740565][ T31] copy_net_ns+0x33f/0x570 [ 280.745028][ T31] create_new_namespaces+0x425/0x7b0 [ 280.750397][ T31] unshare_nsproxy_namespaces+0x124/0x180 [ 280.756162][ T31] ksys_unshare+0x57d/0xa70 [ 280.761361][ T31] ? __pfx_ksys_unshare+0x10/0x10 [ 280.766425][ T31] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 280.773940][ T31] ? do_syscall_64+0x100/0x230 [ 280.778931][ T31] __x64_sys_unshare+0x38/0x40 [ 280.783734][ T31] do_syscall_64+0xf3/0x230 [ 280.788287][ T31] ? clear_bhb_loop+0x35/0x90 [ 280.793047][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.799031][ T31] RIP: 0033:0x7f1784187527 [ 280.803482][ T31] RSP: 002b:00007f178449ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 280.811973][ T31] RAX: ffffffffffffffda RBX: 00007f17842033e9 RCX: 00007f1784187527 [ 280.820058][ T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 280.828078][ T31] RBP: 0000000000000000 R08: 00007f1784ea7d60 R09: 0000000000000000 [ 280.836215][ T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000008 [ 280.844277][ T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 280.852335][ T31] [ 280.855388][ T31] INFO: task syz-executor:5993 blocked for more than 152 seconds. [ 280.863924][ T31] Not tainted 6.13.0-rc7-syzkaller-00102-gce69b4019001 #0 [ 280.872142][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 280.880910][ T31] task:syz-executor state:D stack:26528 pid:5993 tgid:5993 ppid:1 flags:0x00004004 [ 280.891209][ T31] Call Trace: [ 280.894532][ T31] [ 280.897488][ T31] __schedule+0x1850/0x4c30 [ 280.902096][ T31] ? __pfx___schedule+0x10/0x10 [ 280.907020][ T31] ? __pfx_lock_release+0x10/0x10 [ 280.912115][ T31] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 280.918050][ T31] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 280.924033][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 280.930432][ T31] ? schedule+0x90/0x320 [ 280.934717][ T31] schedule+0x14b/0x320 [ 280.938969][ T31] schedule_preempt_disabled+0x13/0x30 [ 280.944467][ T31] __mutex_lock+0x7e7/0xee0 [ 280.949061][ T31] ? __mutex_lock+0x5ef/0xee0 [ 280.953785][ T31] ? register_nexthop_notifier+0x84/0x290 [ 280.959609][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 280.964687][ T31] ? __asan_memset+0x23/0x50 [ 280.969919][ T31] register_nexthop_notifier+0x84/0x290 [ 280.975515][ T31] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 280.982028][ T31] ? __pfx_debug_check_no_locks_freed+0x10/0x10 [ 280.988327][ T31] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 280.994590][ T31] ? __asan_memset+0x23/0x50 [ 280.999255][ T31] ops_init+0x31e/0x590 [ 281.003447][ T31] ? lockdep_init_map_type+0xa1/0x910 [ 281.008937][ T31] setup_net+0x287/0x9e0 [ 281.013224][ T31] ? __pfx_down_read_killable+0x10/0x10 [ 281.018850][ T31] ? __pfx_setup_net+0x10/0x10 [ 281.023835][ T31] copy_net_ns+0x33f/0x570 [ 281.028288][ T31] create_new_namespaces+0x425/0x7b0 [ 281.033709][ T31] unshare_nsproxy_namespaces+0x124/0x180 [ 281.039511][ T31] ksys_unshare+0x57d/0xa70 [ 281.044059][ T31] ? __pfx_ksys_unshare+0x10/0x10 [ 281.049224][ T31] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 281.055589][ T31] ? do_syscall_64+0x100/0x230 [ 281.060500][ T31] __x64_sys_unshare+0x38/0x40 [ 281.065298][ T31] do_syscall_64+0xf3/0x230 [ 281.070552][ T31] ? clear_bhb_loop+0x35/0x90 [ 281.075268][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.081782][ T31] RIP: 0033:0x7fd1aeb87527 [ 281.086251][ T31] RSP: 002b:00007fd1aee9ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 281.094842][ T31] RAX: ffffffffffffffda RBX: 00007fd1aec033e9 RCX: 00007fd1aeb87527 [ 281.103000][ T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 281.111039][ T31] RBP: 0000000000000000 R08: 00007fd1af8a7d60 R09: 0000000000000000 [ 281.119082][ T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000008 [ 281.127078][ T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 281.135140][ T31] [ 281.138206][ T31] INFO: task syz-executor:5994 blocked for more than 152 seconds. [ 281.146262][ T31] Not tainted 6.13.0-rc7-syzkaller-00102-gce69b4019001 #0 [ 281.153968][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 281.162755][ T31] task:syz-executor state:D stack:26368 pid:5994 tgid:5994 ppid:1 flags:0x00004006 [ 281.173597][ T31] Call Trace: [ 281.176906][ T31] [ 281.180484][ T31] __schedule+0x1850/0x4c30 [ 281.185060][ T31] ? __pfx___schedule+0x10/0x10 [ 281.190021][ T31] ? __pfx_lock_release+0x10/0x10 [ 281.195083][ T31] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 281.201063][ T31] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 281.207032][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 281.213456][ T31] ? schedule+0x90/0x320 [ 281.217748][ T31] schedule+0x14b/0x320 [ 281.221980][ T31] schedule_preempt_disabled+0x13/0x30 [ 281.227486][ T31] __mutex_lock+0x7e7/0xee0 [ 281.232086][ T31] ? __mutex_lock+0x5ef/0xee0 [ 281.236819][ T31] ? register_nexthop_notifier+0x84/0x290 [ 281.242650][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 281.247733][ T31] ? __asan_memset+0x23/0x50 [ 281.252388][ T31] register_nexthop_notifier+0x84/0x290 [ 281.257979][ T31] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 281.263946][ T31] ? __pfx_debug_check_no_locks_freed+0x10/0x10 [ 281.270279][ T31] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 281.277760][ T31] ? __asan_memset+0x23/0x50 [ 281.282446][ T31] ops_init+0x31e/0x590 [ 281.286643][ T31] ? lockdep_init_map_type+0xa1/0x910 [ 281.292100][ T31] setup_net+0x287/0x9e0 [ 281.296383][ T31] ? __pfx_down_read_killable+0x10/0x10 [ 281.301999][ T31] ? __pfx_setup_net+0x10/0x10 [ 281.306822][ T31] copy_net_ns+0x33f/0x570 [ 281.311359][ T31] create_new_namespaces+0x425/0x7b0 [ 281.316791][ T31] unshare_nsproxy_namespaces+0x124/0x180 [ 281.322605][ T31] ksys_unshare+0x57d/0xa70 [ 281.327160][ T31] ? __pfx_ksys_unshare+0x10/0x10 [ 281.332257][ T31] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 281.338661][ T31] ? do_syscall_64+0x100/0x230 [ 281.343561][ T31] __x64_sys_unshare+0x38/0x40 [ 281.348353][ T31] do_syscall_64+0xf3/0x230 [ 281.352949][ T31] ? clear_bhb_loop+0x35/0x90 [ 281.357668][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.363657][ T31] RIP: 0033:0x7fa0a3f87527 [ 281.368098][ T31] RSP: 002b:00007fa0a429ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 281.377224][ T31] RAX: ffffffffffffffda RBX: 00007fa0a40033e9 RCX: 00007fa0a3f87527 [ 281.385806][ T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 281.393851][ T31] RBP: 0000000000000000 R08: 00007fa0a4ca7d60 R09: 0000000000000000 [ 281.401928][ T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000008 [ 281.409965][ T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 281.417986][ T31] [ 281.421122][ T31] INFO: task syz-executor:5995 blocked for more than 152 seconds. [ 281.428992][ T31] Not tainted 6.13.0-rc7-syzkaller-00102-gce69b4019001 #0 [ 281.436640][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 281.445364][ T31] task:syz-executor state:D stack:25488 pid:5995 tgid:5995 ppid:1 flags:0x00000004 [ 281.455634][ T31] Call Trace: [ 281.459037][ T31] [ 281.462000][ T31] __schedule+0x1850/0x4c30 [ 281.466580][ T31] ? __pfx___schedule+0x10/0x10 [ 281.471514][ T31] ? __pfx_lock_release+0x10/0x10 [ 281.476580][ T31] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 281.483757][ T31] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 281.490348][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 281.496733][ T31] ? schedule+0x90/0x320 [ 281.501260][ T31] schedule+0x14b/0x320 [ 281.505470][ T31] schedule_preempt_disabled+0x13/0x30 [ 281.511049][ T31] __mutex_lock+0x7e7/0xee0 [ 281.515601][ T31] ? __mutex_lock+0x5ef/0xee0 [ 281.520365][ T31] ? register_nexthop_notifier+0x84/0x290 [ 281.526141][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 281.531256][ T31] ? __asan_memset+0x23/0x50 [ 281.535895][ T31] register_nexthop_notifier+0x84/0x290 [ 281.541521][ T31] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 281.547450][ T31] ? __pfx_debug_check_no_locks_freed+0x10/0x10 [ 281.553816][ T31] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 281.560089][ T31] ? __asan_memset+0x23/0x50 [ 281.564731][ T31] ops_init+0x31e/0x590 [ 281.569000][ T31] ? lockdep_init_map_type+0xa1/0x910 [ 281.574416][ T31] setup_net+0x287/0x9e0 [ 281.578813][ T31] ? __pfx_down_read_killable+0x10/0x10 [ 281.585648][ T31] ? __pfx_setup_net+0x10/0x10 [ 281.590535][ T31] copy_net_ns+0x33f/0x570 [ 281.594998][ T31] create_new_namespaces+0x425/0x7b0 [ 281.600404][ T31] unshare_nsproxy_namespaces+0x124/0x180 [ 281.606171][ T31] ksys_unshare+0x57d/0xa70 [ 281.610754][ T31] ? __pfx_ksys_unshare+0x10/0x10 [ 281.615816][ T31] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 281.627617][ T31] ? do_syscall_64+0x100/0x230 [ 281.632490][ T31] __x64_sys_unshare+0x38/0x40 [ 281.637291][ T31] do_syscall_64+0xf3/0x230 [ 281.641939][ T31] ? clear_bhb_loop+0x35/0x90 [ 281.646656][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.652665][ T31] RIP: 0033:0x7f2b79b87527 [ 281.657121][ T31] RSP: 002b:00007f2b79e9ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 281.665654][ T31] RAX: ffffffffffffffda RBX: 00007f2b79c033e9 RCX: 00007f2b79b87527 [ 281.673708][ T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 281.681774][ T31] RBP: 0000000000000000 R08: 00007f2b7a8a7d60 R09: 0000000000000000 [ 281.690418][ T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000008 [ 281.699069][ T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 281.707113][ T31] [ 281.710222][ T31] [ 281.710222][ T31] Showing all locks held in the system: [ 281.717953][ T31] 3 locks held by kworker/0:1/9: [ 281.722987][ T31] 3 locks held by kworker/1:0/25: [ 281.728031][ T31] 1 lock held by khungtaskd/31: [ 281.733012][ T31] #0: ffffffff8e937ae0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0 [ 281.743061][ T31] 3 locks held by kworker/1:2/58: [ 281.748113][ T31] #0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 281.759200][ T31] #1: ffffc9000133fd00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 281.771311][ T31] #2: ffffffff8fcb2f48 (rtnl_mutex){+.+.}-{4:4}, at: regdb_fw_cb+0x82/0x1c0 [ 281.798461][ T31] 3 locks held by kworker/u8:4/63: [ 281.803791][ T31] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 281.828483][ T31] #1: ffffc9000213fd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 281.846781][ T31] #2: ffffffff8fcb2f48 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 281.856002][ T31] 5 locks held by kworker/u8:5/82: [ 281.861347][ T31] 4 locks held by kworker/0:2/120: [ 281.866516][ T31] 3 locks held by kworker/u8:11/3620: [ 281.871954][ T31] #0: ffff88814d258948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 281.883807][ T31] #1: ffffc9000d2e7d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 281.908464][ T31] #2: ffffffff8fcb2f48 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0xd0/0x16f0 [ 281.918011][ T31] 4 locks held by kworker/u9:1/5146: [ 281.928520][ T31] #0: ffff88805354d148 ((wq_completion)hci7){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 281.939624][ T31] #1: ffffc9000ed67d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 281.952332][ T31] #2: ffff88807913cd80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1ec/0x400 [ 281.962335][ T31] #3: ffff88807913c078 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1e4/0x11f0 [ 281.972209][ T31] 2 locks held by getty/5590: [ 281.976913][ T31] #0: ffff8880352310a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 281.986774][ T31] #1: ffffc900032fb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x6a6/0x1e00 [ 282.004905][ T31] 4 locks held by kworker/u9:2/5832: [ 282.010516][ T31] #0: ffff888024522948 ((wq_completion)hci6){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 282.021508][ T31] #1: ffffc90003fafd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 282.039999][ T6029] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 282.047572][ T6029] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 282.056524][ T31] #2: ffff888079138d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1ec/0x400 [ 282.066611][ T31] #3: ffff888079138078 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1e4/0x11f0 [ 282.076475][ T31] 4 locks held by kworker/u9:3/5834: [ 282.081811][ T31] #0: ffff88807e919948 ((wq_completion)hci4){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 282.093340][ T31] #1: ffffc90003fdfd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 282.106762][ T31] #2: ffff888060918d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1ec/0x400 [ 282.116735][ T31] #3: ffff888060918078 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1e4/0x11f0 [ 282.126614][ T31] 3 locks held by kworker/u9:4/5835: [ 282.137823][ T31] 4 locks held by kworker/u9:5/5839: [ 282.143332][ T31] #0: ffff88807ca17948 ((wq_completion)hci8){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 282.156667][ T31] #1: ffffc9000402fd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 282.180323][ T31] #2: ffff888033770d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1ec/0x400 [ 282.197974][ T6026] Bluetooth: hci14: Opcode 0x0c03 failed: -110 [ 282.204487][ T31] #3: ffff888033770078 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1e4/0x11f0 [ 282.215196][ T31] 4 locks held by kworker/u9:6/5842: [ 282.220563][ T31] #0: ffff88805ee1c948 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 282.231494][ T31] #1: ffffc9000405fd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 282.263694][ T31] #2: ffff88801f3d8d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1ec/0x400 [ 282.288476][ T31] #3: ffff88801f3d8078 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1e4/0x11f0 [ 282.309114][ T31] 3 locks held by kworker/u9:7/5843: [ 282.314541][ T31] #0: ffff888044902948 ((wq_completion)hci2#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 282.338455][ T31] #1: ffffc9000406fd00 ((work_completion)(&hdev->power_on)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 282.368458][ T31] #2: ffff888020a84d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_power_on+0x1bf/0x6b0 [ 282.378082][ T31] 5 locks held by kworker/u9:8/5844: [ 282.415922][ T31] #0: ffff88807e91b948 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 282.458444][ T31] #1: ffffc9000407fd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 282.488474][ T31] #2: ffff888063ae4d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1ec/0x400 [ 282.508441][ T31] #3: ffff888063ae4078 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1e4/0x11f0 [ 282.518278][ T31] #4: ffffffff8e93cff8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x451/0x830 [ 282.548443][ T31] 2 locks held by syz-executor/5845: [ 282.553796][ T31] #0: ffff888063ae0d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x203/0x510 [ 282.578420][ T31] #1: ffff888063ae0078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x5c8/0x11c0 [ 282.588172][ T31] 1 lock held by syz-executor/5846: [ 282.608479][ T31] #0: ffffffff8fcb2f48 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3b/0x1b0 [ 282.617544][ T31] 2 locks held by syz-executor/5849: [ 282.623693][ T31] #0: ffff88801f3dcd80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x203/0x510 [ 282.633746][ T31] #1: ffff88801f3dc078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x5c8/0x11c0 [ 282.643548][ T31] 4 locks held by kworker/1:5/5884: [ 282.648839][ T31] #0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 282.659902][ T31] #1: ffffc900042efd00 ((work_completion)(&aux->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 282.671686][ T31] #2: ffffffff8e9b1b48 (pack_mutex){+.+.}-{4:4}, at: bpf_prog_pack_free+0x27/0x410 [ 282.681290][ T31] #3: ffffffff8e7e7e28 (text_mutex){+.+.}-{4:4}, at: text_poke_set+0xbf/0x1b0 [ 282.690365][ T31] 3 locks held by kworker/1:6/5885: [ 282.695580][ T31] #0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 282.709105][ T31] #1: ffffc900042ffd00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 282.720895][ T31] #2: ffffffff8fcb2f48 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x99/0xfb0 [ 282.730614][ T31] 3 locks held by kworker/0:5/5899: [ 282.735833][ T31] 3 locks held by kworker/0:6/5920: [ 282.741084][ T31] 1 lock held by syz.4.28/5952: [ 282.745955][ T31] #0: ffffffff8e93cec0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x530 [ 282.756016][ T31] 1 lock held by syz.3.38/5975: [ 282.761172][ T31] #0: ffffffff8fcb2f48 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 282.770731][ T31] 2 locks held by syz-executor/5992: [ 282.776036][ T31] #0: ffffffff8fca6a90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 [ 282.785607][ T31] #1: ffffffff8fcb2f48 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x84/0x290 [ 282.795738][ T31] 2 locks held by syz-executor/5993: [ 282.801072][ T31] #0: ffffffff8fca6a90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 [ 282.811103][ T31] #1: ffffffff8fcb2f48 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x84/0x290 [ 282.821754][ T31] 2 locks held by syz-executor/5994: [ 282.827060][ T31] #0: ffffffff8fca6a90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 [ 282.836664][ T31] #1: ffffffff8fcb2f48 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x84/0x290 [ 282.846787][ T31] 2 locks held by syz-executor/5995: [ 282.852120][ T31] #0: ffffffff8fca6a90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 [ 282.862014][ T31] #1: ffffffff8fcb2f48 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x84/0x290 [ 282.872179][ T31] 2 locks held by syz-executor/6015: [ 282.877566][ T31] #0: ffffffff8fca6a90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 [ 282.887078][ T31] #1: ffffffff8fcb2f48 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x84/0x290 [ 282.897185][ T31] 2 locks held by syz-executor/6017: [ 282.902513][ T31] #0: ffffffff8fca6a90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 [ 282.912559][ T31] #1: ffffffff8fcb2f48 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x84/0x290 [ 282.923235][ T31] 2 locks held by syz-executor/6018: [ 282.928602][ T31] #0: ffffffff8fca6a90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 [ 282.938079][ T31] #1: ffffffff8fcb2f48 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x84/0x290 [ 282.948346][ T31] 2 locks held by syz-executor/6019: [ 282.953701][ T31] #0: ffffffff8fca6a90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 [ 282.963212][ T31] #1: ffffffff8fcb2f48 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x84/0x290 [ 282.973376][ T31] 2 locks held by syz-executor/6020: [ 282.978715][ T31] #0: ffffffff8fca6a90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 [ 282.988208][ T31] #1: ffffffff8fcb2f48 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x84/0x290 [ 282.998315][ T31] 3 locks held by kworker/u9:9/6029: [ 283.003654][ T31] #0: ffff88805afb9948 ((wq_completion)hci16){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 283.015201][ T31] #1: ffffc900032b7d00 ((work_completion)(&hdev->power_on)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 283.027946][ T31] #2: ffff888078b60d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_power_on+0x1bf/0x6b0 [ 283.037466][ T31] [ 283.039881][ T31] ============================================= [ 283.039881][ T31] [ 283.048317][ T31] NMI backtrace for cpu 1 [ 283.052674][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.13.0-rc7-syzkaller-00102-gce69b4019001 #0 [ 283.063198][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 283.073270][ T31] Call Trace: [ 283.076654][ T31] [ 283.079604][ T31] dump_stack_lvl+0x241/0x360 [ 283.084324][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 283.089559][ T31] ? __pfx__printk+0x10/0x10 [ 283.094191][ T31] nmi_cpu_backtrace+0x49c/0x4d0 [ 283.099163][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 283.104649][ T31] ? _printk+0xd5/0x120 [ 283.108838][ T31] ? __pfx__printk+0x10/0x10 [ 283.113455][ T31] ? __wake_up_klogd+0xcc/0x110 [ 283.118331][ T31] ? __pfx__printk+0x10/0x10 [ 283.122965][ T31] ? __rcu_read_unlock+0xa1/0x110 [ 283.128029][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 283.134034][ T31] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 283.140052][ T31] watchdog+0xff6/0x1040 [ 283.144329][ T31] ? watchdog+0x1ea/0x1040 [ 283.148790][ T31] ? __pfx_watchdog+0x10/0x10 [ 283.153499][ T31] kthread+0x2f0/0x390 [ 283.157597][ T31] ? __pfx_watchdog+0x10/0x10 [ 283.162304][ T31] ? __pfx_kthread+0x10/0x10 [ 283.166920][ T31] ret_from_fork+0x4b/0x80 [ 283.171357][ T31] ? __pfx_kthread+0x10/0x10 [ 283.175976][ T31] ret_from_fork_asm+0x1a/0x30 [ 283.180801][ T31] [ 283.184732][ T31] Sending NMI from CPU 1 to CPUs 0: [ 283.190590][ C0] NMI backtrace for cpu 0 [ 283.190604][ C0] CPU: 0 UID: 0 PID: 120 Comm: kworker/0:2 Not tainted 6.13.0-rc7-syzkaller-00102-gce69b4019001 #0 [ 283.190625][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 283.190637][ C0] Workqueue: events_power_efficient gc_worker [ 283.190662][ C0] RIP: 0010:match_held_lock+0x76/0xb0 [ 283.190689][ C0] Code: 48 c7 c2 40 d7 c1 93 48 29 d0 48 c1 f8 03 48 ba 29 5c 8f c2 f5 28 5c 8f 48 0f af d0 bd 01 00 00 00 48 39 ca 74 02 31 ed 89 e8 <5b> 5d c3 cc cc cc cc 90 e8 4d cc f5 f8 85 c0 74 22 83 3d e6 a4 50 [ 283.190704][ C0] RSP: 0018:ffffc90000007b08 EFLAGS: 00000046 [ 283.190719][ C0] RAX: 0000000000000001 RBX: 0000000000000003 RCX: ffffc90000007b03 [ 283.190731][ C0] RDX: 1ffff92000000f74 RSI: ffff88807f5cc300 RDI: ffff88801efce558 [ 283.190744][ C0] RBP: 0000000000000001 R08: ffffffff901983b7 R09: 1ffffffff2033076 [ 283.190756][ C0] R10: dffffc0000000000 R11: fffffbfff2033077 R12: 000000000000000f [ 283.190769][ C0] R13: 0000000000000003 R14: ffff88801efce558 R15: dffffc0000000000 [ 283.190781][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 283.190796][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 283.190808][ C0] CR2: 00007f07590635c4 CR3: 000000007f432000 CR4: 00000000003526f0 [ 283.190824][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 283.190834][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 283.190845][ C0] Call Trace: [ 283.190851][ C0] [ 283.190858][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 283.190880][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 283.190902][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 283.190929][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 283.190946][ C0] ? nmi_handle+0x14f/0x5a0 [ 283.190974][ C0] ? nmi_handle+0x2a/0x5a0 [ 283.190995][ C0] ? match_held_lock+0x76/0xb0 [ 283.191018][ C0] ? default_do_nmi+0x63/0x160 [ 283.191038][ C0] ? exc_nmi+0x123/0x1f0 [ 283.191056][ C0] ? end_repeat_nmi+0xf/0x53 [ 283.191078][ C0] ? match_held_lock+0x76/0xb0 [ 283.191102][ C0] ? match_held_lock+0x76/0xb0 [ 283.191126][ C0] ? match_held_lock+0x76/0xb0 [ 283.191150][ C0] [ 283.191156][ C0] [ 283.191162][ C0] lock_release+0x285/0xa30 [ 283.191184][ C0] ? advance_sched+0x9b4/0xca0 [ 283.191203][ C0] ? do_raw_spin_lock+0x14f/0x370 [ 283.191219][ C0] ? __pfx_lock_release+0x10/0x10 [ 283.191242][ C0] ? taprio_set_budgets+0x32c/0x370 [ 283.191264][ C0] _raw_spin_unlock+0x16/0x50 [ 283.191286][ C0] advance_sched+0x9b4/0xca0 [ 283.191311][ C0] ? __pfx_advance_sched+0x10/0x10 [ 283.191332][ C0] __hrtimer_run_queues+0x59b/0xd30 [ 283.191362][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 283.191388][ C0] ? rcu_is_watching+0x15/0xb0 [ 283.191413][ C0] hrtimer_interrupt+0x403/0xa40 [ 283.191445][ C0] __sysvec_apic_timer_interrupt+0x110/0x420 [ 283.191468][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 283.191492][ C0] [ 283.191497][ C0] [ 283.191503][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 283.191520][ C0] RIP: 0010:seqcount_lockdep_reader_access+0x1e0/0x220 [ 283.191541][ C0] Code: f7 4d 85 ed 75 16 e8 2f 8c bf f7 eb 15 e8 28 8c bf f7 e8 a3 14 e9 01 4d 85 ed 74 ea e8 19 8c bf f7 fb 48 c7 04 24 0e 36 e0 45 <4b> c7 04 3c 00 00 00 00 66 43 c7 44 3c 09 00 00 43 c6 44 3c 0b 00 [ 283.191554][ C0] RSP: 0018:ffffc90002de79a0 EFLAGS: 00000293 [ 283.191569][ C0] RAX: ffffffff89dff657 RBX: 0000000000000000 RCX: ffff88801efcda00 [ 283.191581][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 283.191591][ C0] RBP: ffffc90002de7a50 R08: ffffffff89dff62d R09: 1ffffffff2854b24 [ 283.191604][ C0] R10: dffffc0000000000 R11: fffffbfff2854b25 R12: dffffc0000000000 [ 283.191617][ C0] R13: 0000000000000200 R14: 0000000000000046 R15: 1ffff920005bcf34 [ 283.191631][ C0] ? seqcount_lockdep_reader_access+0x1ad/0x220 [ 283.191649][ C0] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 283.191671][ C0] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 283.191689][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 283.191711][ C0] gc_worker+0x316/0x1530 [ 283.191732][ C0] ? gc_worker+0x26b/0x1530 [ 283.191754][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 283.191774][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 283.191795][ C0] ? __pfx_gc_worker+0x10/0x10 [ 283.191817][ C0] ? process_scheduled_works+0x976/0x1840 [ 283.191835][ C0] process_scheduled_works+0xa66/0x1840 [ 283.191862][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 283.191883][ C0] ? assign_work+0x364/0x3d0 [ 283.191901][ C0] worker_thread+0x870/0xd30 [ 283.191922][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 283.191946][ C0] ? __kthread_parkme+0x169/0x1d0 [ 283.191970][ C0] ? __pfx_worker_thread+0x10/0x10 [ 283.191988][ C0] kthread+0x2f0/0x390 [ 283.192007][ C0] ? __pfx_worker_thread+0x10/0x10 [ 283.192025][ C0] ? __pfx_kthread+0x10/0x10 [ 283.192045][ C0] ret_from_fork+0x4b/0x80 [ 283.192062][ C0] ? __pfx_kthread+0x10/0x10 [ 283.192082][ C0] ret_from_fork_asm+0x1a/0x30 [ 283.192103][ C0] [ 283.192596][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 283.693635][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.13.0-rc7-syzkaller-00102-gce69b4019001 #0 [ 283.704168][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 283.714240][ T31] Call Trace: [ 283.717540][ T31] [ 283.720492][ T31] dump_stack_lvl+0x241/0x360 [ 283.725228][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 283.730457][ T31] ? __pfx__printk+0x10/0x10 [ 283.735076][ T31] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 283.741088][ T31] ? vscnprintf+0x5d/0x90 [ 283.745451][ T31] panic+0x349/0x880 [ 283.749378][ T31] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 283.755561][ T31] ? __pfx_panic+0x10/0x10 [ 283.760008][ T31] ? tick_nohz_tick_stopped+0x82/0xb0 [ 283.765413][ T31] ? __irq_work_queue_local+0x137/0x410 [ 283.771070][ T31] ? preempt_schedule_thunk+0x1a/0x30 [ 283.776477][ T31] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 283.782677][ T31] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 283.788860][ T31] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 283.795043][ T31] watchdog+0x1035/0x1040 [ 283.799402][ T31] ? watchdog+0x1ea/0x1040 [ 283.803846][ T31] ? __pfx_watchdog+0x10/0x10 [ 283.808547][ T31] kthread+0x2f0/0x390 [ 283.812644][ T31] ? __pfx_watchdog+0x10/0x10 [ 283.817348][ T31] ? __pfx_kthread+0x10/0x10 [ 283.821965][ T31] ret_from_fork+0x4b/0x80 [ 283.826415][ T31] ? __pfx_kthread+0x10/0x10 [ 283.831045][ T31] ret_from_fork_asm+0x1a/0x30 [ 283.835843][ T31] [ 284.996853][ T31] Shutting down cpus with NMI [ 285.001942][ T31] Kernel Offset: disabled [ 285.006277][ T31] Rebooting in 86400 seconds..