last executing test programs: 9.482490924s ago: executing program 3 (id=443): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r1 = inotify_init() prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r2 = io_uring_setup(0xc, &(0x7f0000000040)={0x0, 0xc8a1, 0xdb00, 0x8, 0x29}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50) io_uring_enter(r2, 0x2219, 0x7721, 0x1f, 0x0, 0x0) inotify_add_watch(r1, &(0x7f0000000000)='./file0\x00', 0x4200004b) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)=0x0) timer_settime(r6, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) landlock_restrict_self(0xffffffffffffffff, 0xc) close(r0) 6.913691803s ago: executing program 0 (id=445): socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000340)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shmctl$SHM_UNLOCK(0x0, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xffffffffffffffe0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, &(0x7f0000000280)=0xce76, 0x4) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/tty/drivers\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) sendfile(r3, r4, 0x0, 0x106f) 5.738354036s ago: executing program 4 (id=446): openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r3 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_BIND(r3, &(0x7f0000000140)={0x14, 0x88, 0xfa00, {0xffffffffffffffff, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {"00000000000000000000000000000001"}, 0x2000000000001005, 0x19dff, 0x4}}}, 0x90) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000280), 0x106, 0x2}}, 0xfe5e) r5 = io_uring_setup(0x3450, &(0x7f0000000080)={0x0, 0x1539, 0x0, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r5, 0x10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002700)=""/4096, 0x1000}], 0x0, 0x1}, 0x20) 5.665127023s ago: executing program 3 (id=447): mkdirat(0xffffffffffffff9c, 0x0, 0x1c1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x6, 0x0, &(0x7f0000000000)) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) connect$inet6(r2, &(0x7f0000000240)={0xa, 0x6e23, 0x2, @mcast1, 0x9}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000001840), 0x3b, 0x0) 5.540162129s ago: executing program 0 (id=449): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r1 = inotify_init() prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r2 = io_uring_setup(0xc, &(0x7f0000000040)={0x0, 0xc8a1, 0xdb00, 0x8, 0x29}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x50) io_uring_enter(r2, 0x2219, 0x7721, 0x1f, 0x0, 0x0) inotify_add_watch(r1, &(0x7f0000000000)='./file0\x00', 0x4200004b) r3 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=0x0) timer_settime(r4, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) landlock_restrict_self(0xffffffffffffffff, 0xc) close(r0) 4.335779518s ago: executing program 4 (id=451): socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000340)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xffffffffffffffe0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, &(0x7f0000000280)=0xce76, 0x4) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/tty/drivers\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x106f) socket$rds(0x15, 0x5, 0x0) socket$packet(0x11, 0x3, 0x300) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r3, &(0x7f0000000bc0)=[{{&(0x7f0000000180)={0xa, 0x4e22, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c, &(0x7f00000001c0)=[{&(0x7f00000000c0)='x', 0x1}], 0x1}}], 0x1, 0x40c40c0) r4 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="480000001400050124bd70007bdbdf250a84312a0900000000004e22"], 0x48}, 0x1, 0x0, 0x0, 0x4004081}, 0x2005c840) r5 = socket$inet(0xa, 0x801, 0x84) connect$inet(r5, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) syz_emit_ethernet(0x66, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa0086dd60f53a0400303a00fe880000000000000000000000000001ff0200000000000000000000000102009078000005006050835900006c00fc0100"/102], 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) 4.261899826s ago: executing program 0 (id=452): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x0, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x1, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x4e, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x2, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x97f7, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0x10000, 0xfffffffd, 0x5, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d82, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x100009, 0xc, 0xffffffff, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x1, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x4e2080, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r3, 0xc008ae05, &(0x7f0000000400)={0x1, 0x0, [{0x7, 0x7, 0x1, 0x100, 0x8f, 0x2, 0x7}]}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = dup(r5) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) 4.255020788s ago: executing program 2 (id=453): r0 = openat$uhid(0xffffffffffffff9c, 0x0, 0x802, 0x0) write$UHID_CREATE2(r0, 0x0, 0x119) mmap(&(0x7f0000772000/0x2000)=nil, 0x2000, 0xc, 0x8031, r0, 0x1000) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, 0x0) socket(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000500)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) removexattr(0x0, &(0x7f0000000140)=@known='user.incfs.size\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x1a5042, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r2, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) preadv2(r3, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x100000}], 0xc4, 0x3000, 0x0, 0x9) 3.684830339s ago: executing program 4 (id=454): sched_setscheduler(0x0, 0x1, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) lsetxattr$system_posix_acl(0x0, 0x0, 0x0, 0x0, 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@nfs_export_on}]}) chdir(&(0x7f00000001c0)='./bus\x00') rmdir(&(0x7f0000000380)='./file0/../file0\x00') mknod$loop(&(0x7f0000000340)='.\x00', 0x2000, 0x0) 3.581197723s ago: executing program 2 (id=455): bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xff}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000540)=@nat={'nat\x00', 0x670, 0x5, 0x3f0, 0x208, 0x208, 0xffffffff, 0x2b0, 0x168, 0x380, 0x380, 0xffffffff, 0x380, 0x380, 0x5, 0x0, {[{{@ip={@rand_addr=0x64010104, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xff0000ff, 0xffffff00, 'veth1_to_bridge\x00', 'wg1\x00', {}, {0xff}, 0x16}, 0x0, 0x130, 0x168, 0x48, {}, [@common=@unspec=@string={{0xc0}, {0x5, 0xc, 'kmp\x00', "48ae43e4c6b2bfd892aa7400051624fa86999b13d39b99407a9b7abe75a728baa18da576811985de44110b8602025e1298ea55f1c5087ab16f67b18ca90ac68f0b3d6a068f727f7d23fa5fad26a59a5da2651212bdf9d29248ae63e2349b2470915eea2c39ade5129ff26b6fe772493180cfda2cdd49412e9469d85abdb467ba", 0x79, 0x2, {0x1}}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @port=0x4e22, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0xa0}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0xfffc, 0xd, 0x1}, {0x2, 0x4, 0x3}, 0x1000, 0x100}}}, {{@ip={@multicast2, @broadcast, 0xff, 0x0, 'virt_wifi0\x00', 'batadv_slave_1\x00', {}, {0xff}}, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x2, @loopback, @empty, @icmp_id=0x68, @port=0x4e22}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x10, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @icmp_id, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x450) ioctl$INCFS_IOC_FILL_BLOCKS(r2, 0x80106720, 0x0) syz_init_net_socket$ax25(0x3, 0x5, 0xca) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) close_range(r3, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r4 = socket(0x1, 0x5, 0x0) syz_open_dev$dvb_dvr(&(0x7f0000000000), 0x0, 0x8257f) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r4, &(0x7f0000000500)={0xe000200c}) 3.220014503s ago: executing program 4 (id=456): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r1 = inotify_init() prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r2 = io_uring_setup(0xc, &(0x7f0000000040)={0x0, 0xc8a1, 0xdb00, 0x8, 0x29}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50) io_uring_enter(r2, 0x2219, 0x7721, 0x1f, 0x0, 0x0) inotify_add_watch(r1, &(0x7f0000000000)='./file0\x00', 0x4200004b) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)=0x0) timer_settime(r6, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) landlock_restrict_self(0xffffffffffffffff, 0xc) close(r0) 2.784593346s ago: executing program 3 (id=457): socket$inet_tcp(0x2, 0x1, 0x0) inotify_init1(0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e00000000000000837f000007"], 0x50) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x2, 0x80805, 0x0) r0 = syz_io_uring_setup(0xf01, &(0x7f0000000080)={0x0, 0x7f3d, 0xc00, 0x6, 0x42f6}, &(0x7f0000000100)=0x0, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) syz_io_uring_submit(r1, r2, r3, &(0x7f0000000040)=@IORING_OP_CLOSE={0x13, 0x10}) io_uring_enter(r0, 0x742f, 0x77ae, 0x1, 0x0, 0x0) 2.377226218s ago: executing program 2 (id=458): r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/tty/drivers\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x106f) 2.314058568s ago: executing program 2 (id=459): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003200)=ANY=[@ANYBLOB="5c01000010000100feffffff00010000fe880000000000000000000000000001fc010000000000000000000000000001000107144e51fc050000000001000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c00000020010000000000000000000000000002000800000000000092010000000000000600000000000000a4330000000000001c250800000000000600000000000000f8ffffffffffffff0000000000000000ffffffffffffffff00000000000000001f000000000000000700000000000000020000006c000000000000002abd700004350000020001002000000000000000480003006465666c61746500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000240009000f00000000000000ceed"], 0x15c}, 0x1, 0x0, 0x0, 0x4c815}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000740)=@newsa={0x138, 0x1a, 0x1, 0xfffffffa, 0x100, {{@in6=@dev={0xfe, 0x80, '\x00', 0xd}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x717, 0x4e23, 0x5, 0xa, 0x0, 0x20, 0x87}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@mcast1, {0xfe, 0x1000000000000195, 0xf, 0xcbed, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffe, 0x3fc}, 0x7e, 0x3505, 0x2, 0x1, 0x0, 0x30}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x81}, 0x844) 2.243667002s ago: executing program 0 (id=460): openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r3 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_BIND(r3, &(0x7f0000000140)={0x14, 0x88, 0xfa00, {0xffffffffffffffff, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {"00000000000000000000000000000001"}, 0x2000000000001005, 0x19dff, 0x4}}}, 0x90) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000280), 0x106, 0x2}}, 0xfe5e) r5 = io_uring_setup(0x3450, &(0x7f0000000080)={0x0, 0x1539, 0x0, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r5, 0x10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002700)=""/4096, 0x1000}], 0x0, 0x1}, 0x20) 2.195767155s ago: executing program 2 (id=461): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r1 = inotify_init() prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r2 = io_uring_setup(0xc, &(0x7f0000000040)={0x0, 0xc8a1, 0xdb00, 0x8, 0x29}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x50) io_uring_enter(r2, 0x2219, 0x7721, 0x1f, 0x0, 0x0) inotify_add_watch(r1, &(0x7f0000000000)='./file0\x00', 0x4200004b) r3 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=0x0) timer_settime(r4, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) landlock_restrict_self(0xffffffffffffffff, 0xc) close(r0) 2.192002611s ago: executing program 3 (id=462): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000001240), 0x0, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 1.128131682s ago: executing program 0 (id=463): socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000340)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xffffffffffffffe0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, &(0x7f0000000280)=0xce76, 0x4) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/tty/drivers\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x106f) socket$rds(0x15, 0x5, 0x0) socket$packet(0x11, 0x3, 0x300) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r3, &(0x7f0000000bc0)=[{{&(0x7f0000000180)={0xa, 0x4e22, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c, &(0x7f00000001c0)=[{&(0x7f00000000c0)='x', 0x1}], 0x1}}], 0x1, 0x40c40c0) r4 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="480000001400050124bd70007bdbdf250a84312a0900000000004e22"], 0x48}, 0x1, 0x0, 0x0, 0x4004081}, 0x2005c840) r5 = socket$inet(0xa, 0x801, 0x84) connect$inet(r5, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) syz_emit_ethernet(0x66, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa0086dd60f53a0400303a00fe880000000000000000000000000001ff0200000000000000000000000102009078000005006050835900006c00fc0100"/102], 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) 1.126876994s ago: executing program 3 (id=464): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) pipe2(0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20004000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x2000000b, 0x80, &(0x7f0000000040)={0x3, 0x0, 0xfffa, 0x4320}, 0x8, 0x6, 0x7d, 0x0, 0x1, 0x101, 0x0}) close(0x3) 1.073221379s ago: executing program 4 (id=465): sched_setscheduler(0x0, 0x1, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) lsetxattr$system_posix_acl(0x0, 0x0, 0x0, 0x0, 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@nfs_export_on}]}) chdir(&(0x7f00000001c0)='./bus\x00') rmdir(&(0x7f0000000380)='./file0/../file0\x00') mknod$loop(&(0x7f0000000340)='.\x00', 0x2000, 0x0) 1.01341581s ago: executing program 2 (id=466): mkdirat(0xffffffffffffff9c, 0x0, 0x1c1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x6, 0x0, &(0x7f0000000000)) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) connect$inet6(r2, &(0x7f0000000240)={0xa, 0x6e23, 0x2, @mcast1, 0x9}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000001840), 0x3b, 0x0) 182.545226ms ago: executing program 4 (id=467): syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x180) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) recvfrom$packet(r1, 0x0, 0x0, 0x40, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080), 0x111, 0x6}}, 0x20) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000047c0)={'erspan0\x00', &(0x7f0000004740)={'ip_vti0\x00', 0x0, 0x7800, 0x1, 0x8, 0x2, {{0x9, 0x4, 0x3, 0x1b, 0x24, 0x67, 0x0, 0x5, 0x2f, 0x0, @private=0xa010102, @local, {[@noop, @rr={0x7, 0xb, 0x86, [@private=0xa010100, @rand_addr=0x64010102]}, @end]}}}}}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000007600)) sendmmsg$inet(r1, 0x0, 0x0, 0x81) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='fd/3\x00') epoll_create1(0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)={0xffffffffffffffff}, 0x111, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @empty, 0x2}, {0xa, 0x4e23, 0x7, @remote, 0x3}, r3, 0x7}}, 0x48) syz_emit_ethernet(0x2a, &(0x7f0000000500)=ANY=[@ANYBLOB="bbbbbbbbbbbb00000000000008060001080006040001000000000000ac1414bbbbbbbbbbbbbbac1414"], 0x0) 10.9445ms ago: executing program 0 (id=468): bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xff}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000540)=@nat={'nat\x00', 0x670, 0x5, 0x3f0, 0x208, 0x208, 0xffffffff, 0x2b0, 0x168, 0x380, 0x380, 0xffffffff, 0x380, 0x380, 0x5, 0x0, {[{{@ip={@rand_addr=0x64010104, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xff0000ff, 0xffffff00, 'veth1_to_bridge\x00', 'wg1\x00', {}, {0xff}, 0x16}, 0x0, 0x130, 0x168, 0x48, {}, [@common=@unspec=@string={{0xc0}, {0x5, 0xc, 'kmp\x00', "48ae43e4c6b2bfd892aa7400051624fa86999b13d39b99407a9b7abe75a728baa18da576811985de44110b8602025e1298ea55f1c5087ab16f67b18ca90ac68f0b3d6a068f727f7d23fa5fad26a59a5da2651212bdf9d29248ae63e2349b2470915eea2c39ade5129ff26b6fe772493180cfda2cdd49412e9469d85abdb467ba", 0x79, 0x2, {0x1}}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @port=0x4e22, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0xa0}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0xfffc, 0xd, 0x1}, {0x2, 0x4, 0x3}, 0x1000, 0x100}}}, {{@ip={@multicast2, @broadcast, 0xff, 0x0, 'virt_wifi0\x00', 'batadv_slave_1\x00', {}, {0xff}}, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x2, @loopback, @empty, @icmp_id=0x68, @port=0x4e22}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x10, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @icmp_id, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x450) ioctl$INCFS_IOC_FILL_BLOCKS(r2, 0x80106720, 0x0) syz_init_net_socket$ax25(0x3, 0x5, 0xca) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) close_range(r3, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) close(0xffffffffffffffff) syz_open_dev$dvb_dvr(&(0x7f0000000000), 0x0, 0x8257f) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000500)={0xe000200c}) 0s ago: executing program 3 (id=469): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x0, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x1, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x4e, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x2, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x97f7, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0x10000, 0xfffffffd, 0x5, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d82, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x100009, 0xc, 0xffffffff, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x1, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x4e2080, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r3, 0xc008ae05, &(0x7f0000000400)={0x1, 0x0, [{0x7, 0x7, 0x1, 0x100, 0x8f, 0x2, 0x7}]}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = dup(r5) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.168' (ED25519) to the list of known hosts. [ 88.418428][ T5804] cgroup: Unknown subsys name 'net' [ 88.669024][ T5804] cgroup: Unknown subsys name 'cpuset' [ 88.733320][ T5804] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 90.455449][ T5804] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 92.350494][ T10] cfg80211: failed to load regulatory.db [ 92.796626][ T5820] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 92.800862][ T5820] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 92.816506][ T59] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 92.818011][ T59] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 92.818775][ T59] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 92.904385][ T59] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 92.925316][ T59] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 92.932944][ T59] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 92.945986][ T59] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 92.947201][ T59] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 93.035459][ T5820] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 93.046760][ T5820] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 93.061056][ T5820] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 93.074345][ T5820] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 93.084860][ T5820] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 93.220525][ T5135] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 93.225550][ T5826] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 93.256948][ T5826] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 93.278089][ T5135] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 93.291756][ T5135] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 93.297231][ T5135] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 93.320937][ T5820] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 93.337663][ T5820] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 93.360313][ T5820] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 93.390816][ T5135] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 94.179101][ T5817] chnl_net:caif_netlink_parms(): no params data found [ 94.296721][ T5818] chnl_net:caif_netlink_parms(): no params data found [ 94.335225][ T5821] chnl_net:caif_netlink_parms(): no params data found [ 94.529645][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 94.586017][ T5823] chnl_net:caif_netlink_parms(): no params data found [ 94.602311][ T5817] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.602389][ T5817] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.607290][ T5817] bridge_slave_0: entered allmulticast mode [ 94.610164][ T5817] bridge_slave_0: entered promiscuous mode [ 94.659935][ T5817] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.660002][ T5817] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.660318][ T5817] bridge_slave_1: entered allmulticast mode [ 94.661839][ T5817] bridge_slave_1: entered promiscuous mode [ 94.806405][ T5818] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.806513][ T5818] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.806744][ T5818] bridge_slave_0: entered allmulticast mode [ 94.808438][ T5818] bridge_slave_0: entered promiscuous mode [ 94.831689][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.831805][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.832981][ T5821] bridge_slave_0: entered allmulticast mode [ 94.835737][ T5821] bridge_slave_0: entered promiscuous mode [ 94.875186][ T5817] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.876181][ T5818] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.876292][ T5818] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.876756][ T5818] bridge_slave_1: entered allmulticast mode [ 94.878543][ T5818] bridge_slave_1: entered promiscuous mode [ 94.914888][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.915009][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.915254][ T5821] bridge_slave_1: entered allmulticast mode [ 94.920328][ T5821] bridge_slave_1: entered promiscuous mode [ 94.954847][ T5817] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.064390][ T59] Bluetooth: hci0: command tx timeout [ 95.064395][ T5135] Bluetooth: hci1: command tx timeout [ 95.101547][ T5818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.101776][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.101968][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.102121][ T5825] bridge_slave_0: entered allmulticast mode [ 95.106281][ T5825] bridge_slave_0: entered promiscuous mode [ 95.222885][ T5135] Bluetooth: hci2: command tx timeout [ 95.226366][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.246223][ T5817] team0: Port device team_slave_0 added [ 95.255811][ T5818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.256159][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.256244][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.256530][ T5825] bridge_slave_1: entered allmulticast mode [ 95.257912][ T5825] bridge_slave_1: entered promiscuous mode [ 95.261650][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.262037][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.262123][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.262269][ T5823] bridge_slave_0: entered allmulticast mode [ 95.266963][ T5823] bridge_slave_0: entered promiscuous mode [ 95.276023][ T5817] team0: Port device team_slave_1 added [ 95.358148][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.358293][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.358401][ T5823] bridge_slave_1: entered allmulticast mode [ 95.359823][ T5823] bridge_slave_1: entered promiscuous mode [ 95.385644][ T5135] Bluetooth: hci4: command tx timeout [ 95.464781][ T5135] Bluetooth: hci3: command tx timeout [ 95.485467][ T5818] team0: Port device team_slave_0 added [ 95.489072][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.493983][ T5821] team0: Port device team_slave_0 added [ 95.500285][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.500297][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.500311][ T5817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.590068][ T5818] team0: Port device team_slave_1 added [ 95.591981][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.604820][ T5821] team0: Port device team_slave_1 added [ 95.620166][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.620182][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.620197][ T5817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.624328][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.711491][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.779294][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.779310][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.779326][ T5818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.782198][ T5825] team0: Port device team_slave_0 added [ 95.783865][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.783880][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.783903][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.816563][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.816580][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.816602][ T5818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.841176][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.841192][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.841216][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.848941][ T5823] team0: Port device team_slave_0 added [ 95.865651][ T5825] team0: Port device team_slave_1 added [ 95.911182][ T5823] team0: Port device team_slave_1 added [ 95.949183][ T5817] hsr_slave_0: entered promiscuous mode [ 95.950741][ T5817] hsr_slave_1: entered promiscuous mode [ 96.039297][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.039312][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.039325][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.060114][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.060130][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.060153][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.106345][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.106363][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.106386][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.137133][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.137153][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.137176][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.156163][ T5818] hsr_slave_0: entered promiscuous mode [ 96.158055][ T5818] hsr_slave_1: entered promiscuous mode [ 96.159571][ T5818] debugfs: 'hsr0' already exists in 'hsr' [ 96.160491][ T5818] Cannot create hsr debugfs directory [ 96.231505][ T5821] hsr_slave_0: entered promiscuous mode [ 96.233670][ T5821] hsr_slave_1: entered promiscuous mode [ 96.234578][ T5821] debugfs: 'hsr0' already exists in 'hsr' [ 96.234600][ T5821] Cannot create hsr debugfs directory [ 96.837514][ T5825] hsr_slave_0: entered promiscuous mode [ 96.838409][ T5825] hsr_slave_1: entered promiscuous mode [ 96.839125][ T5825] debugfs: 'hsr0' already exists in 'hsr' [ 96.839141][ T5825] Cannot create hsr debugfs directory [ 96.847003][ T5823] hsr_slave_0: entered promiscuous mode [ 96.851633][ T5823] hsr_slave_1: entered promiscuous mode [ 96.853451][ T5823] debugfs: 'hsr0' already exists in 'hsr' [ 96.853480][ T5823] Cannot create hsr debugfs directory [ 97.143034][ T5135] Bluetooth: hci1: command tx timeout [ 97.143078][ T5135] Bluetooth: hci0: command tx timeout [ 97.303273][ T59] Bluetooth: hci2: command tx timeout [ 97.466179][ T59] Bluetooth: hci4: command tx timeout [ 97.554184][ T59] Bluetooth: hci3: command tx timeout [ 97.686438][ T5817] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 97.725652][ T5817] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 97.729099][ T5817] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 97.795216][ T5817] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 97.796770][ T5817] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 97.831993][ T5817] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 97.850933][ T5817] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 97.888788][ T5817] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 98.010994][ T5818] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 98.040876][ T5818] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 98.057243][ T5818] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 98.097036][ T5818] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 98.118388][ T5818] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 98.158121][ T5818] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 98.182311][ T5818] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 98.222067][ T5818] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 98.388481][ T5825] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 98.416093][ T5825] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 98.425217][ T5825] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 98.456885][ T5825] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 98.460836][ T5825] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 98.485874][ T5825] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 98.520928][ T5825] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 98.550509][ T5825] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 98.735897][ T5823] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 98.766117][ T5823] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 98.776313][ T5823] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 98.806272][ T5823] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 98.820523][ T5823] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 98.857837][ T5823] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 98.904897][ T5823] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 98.926809][ T5823] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 99.084827][ T5817] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.101292][ T5821] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 99.130195][ T5821] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 99.150543][ T5821] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 99.198026][ T5821] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 99.214207][ T5821] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 99.223805][ T5135] Bluetooth: hci1: command tx timeout [ 99.223899][ T59] Bluetooth: hci0: command tx timeout [ 99.248712][ T5821] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 99.263545][ T5821] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 99.321493][ T5821] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 99.383465][ T59] Bluetooth: hci2: command tx timeout [ 99.436243][ T5817] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.457500][ T5818] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.503593][ T1678] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.503767][ T1678] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.545261][ T59] Bluetooth: hci4: command tx timeout [ 99.583919][ T66] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.584043][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.622731][ T59] Bluetooth: hci3: command tx timeout [ 99.629477][ T5818] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.715816][ T1678] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.715898][ T1678] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.749745][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.781015][ T1702] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.781089][ T1702] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.871866][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.909055][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.926462][ T1678] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.926630][ T1678] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.987286][ T1678] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.987419][ T1678] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.095306][ T5823] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.150225][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.163520][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.163685][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.236707][ T1678] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.236851][ T1678] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.325719][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.372338][ T1583] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.372418][ T1583] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.434905][ T1583] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.435090][ T1583] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.469734][ T5817] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.737406][ T5818] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.931530][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.980919][ T5817] veth0_vlan: entered promiscuous mode [ 101.067238][ T5817] veth1_vlan: entered promiscuous mode [ 101.208461][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.271044][ T5825] veth0_vlan: entered promiscuous mode [ 101.303562][ T59] Bluetooth: hci0: command tx timeout [ 101.303598][ T59] Bluetooth: hci1: command tx timeout [ 101.348846][ T5825] veth1_vlan: entered promiscuous mode [ 101.366109][ T5817] veth0_macvtap: entered promiscuous mode [ 101.412403][ T5817] veth1_macvtap: entered promiscuous mode [ 101.463823][ T5135] Bluetooth: hci2: command tx timeout [ 101.507417][ T5823] veth0_vlan: entered promiscuous mode [ 101.509551][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.509809][ T5818] veth0_vlan: entered promiscuous mode [ 101.540260][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.558926][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.575637][ T5825] veth0_macvtap: entered promiscuous mode [ 101.600727][ T5823] veth1_vlan: entered promiscuous mode [ 101.602214][ T5818] veth1_vlan: entered promiscuous mode [ 101.623236][ T5135] Bluetooth: hci4: command tx timeout [ 101.631117][ T1678] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.637416][ T5825] veth1_macvtap: entered promiscuous mode [ 101.664672][ T1678] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.675928][ T1678] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.681983][ T1678] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.704097][ T5135] Bluetooth: hci3: command tx timeout [ 102.021846][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.144208][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.166937][ T5818] veth0_macvtap: entered promiscuous mode [ 102.198532][ T5823] veth0_macvtap: entered promiscuous mode [ 102.221215][ T5821] veth0_vlan: entered promiscuous mode [ 102.246331][ T5818] veth1_macvtap: entered promiscuous mode [ 102.249247][ T1583] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.251201][ T5823] veth1_macvtap: entered promiscuous mode [ 102.259158][ T1583] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.308009][ T1583] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.312177][ T1583] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.366996][ T5821] veth1_vlan: entered promiscuous mode [ 102.386304][ T1166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.386336][ T1166] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.514044][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.593153][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.700238][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.728551][ T1583] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.728571][ T1583] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.739065][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.878029][ T1583] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.937310][ T1583] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.968784][ T1583] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.986063][ T1583] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.990985][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.991011][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.995565][ T1583] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.041263][ T1583] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.056251][ T1583] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.118514][ T5821] veth0_macvtap: entered promiscuous mode [ 103.125071][ T1583] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.281707][ T5821] veth1_macvtap: entered promiscuous mode [ 103.344548][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.344571][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.001104][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.114305][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.153868][ T1166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.153888][ T1166] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.342013][ T1166] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.385572][ T1166] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.475682][ T1166] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.480368][ T1166] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.492894][ T1166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.492914][ T1166] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.548911][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.548931][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.733032][ T37] audit: type=1326 audit(1776781146.462:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5946 comm="syz.3.8" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7c5dd5c819 code=0x0 [ 106.940579][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.940600][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.234803][ T90] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.234822][ T90] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.438084][ T3045] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.438106][ T3045] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.688961][ T5967] netlink: 20 bytes leftover after parsing attributes in process `syz.3.11'. [ 111.096522][ T5976] netlink: 20 bytes leftover after parsing attributes in process `syz.4.14'. [ 111.906939][ T5978] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 116.018731][ T5989] libceph: resolve '0..' (ret=-3): failed [ 116.664812][ T5993] hpfs: Bad magic ... probably not HPFS [ 120.266328][ T37] audit: type=1326 audit(1776781160.972:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6005 comm="syz.2.21" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb3cf3dc819 code=0x0 [ 125.369078][ T6044] Bluetooth: MGMT ver 1.23 [ 126.862809][ T6050] netlink: 20 bytes leftover after parsing attributes in process `syz.0.31'. [ 128.379466][ T6059] random: crng reseeded on system resumption [ 129.510645][ T6066] fuse: Unknown parameter '0xffffffffffffffff' [ 132.471878][ T6099] netlink: 20 bytes leftover after parsing attributes in process `syz.0.43'. [ 135.724833][ T1334] ieee802154 phy0 wpan0: encryption failed: -22 [ 135.724923][ T1334] ieee802154 phy1 wpan1: encryption failed: -22 [ 136.024884][ T6104] fuse: Unknown parameter '0x0000000000000008' [ 140.957065][ T6149] random: crng reseeded on system resumption [ 146.031195][ T6189] fuse: Unknown parameter 'group_id00000000000000000000' [ 146.185385][ T6192] fuse: Unknown parameter '0x0000000000000008' [ 147.072408][ T6200] random: crng reseeded on system resumption [ 150.588152][ T6235] fuse: Unknown parameter 'fd0x0000000000000008' [ 151.291748][ T6238] 9p: Bad value for 'wfdno' [ 153.642113][ T59] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 153.667978][ T59] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 153.688135][ T59] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 153.689316][ T59] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 153.692526][ T59] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 153.914256][ T6270] 9p: Bad value for 'wfdno' [ 154.445065][ T6281] fuse: Unknown parameter 'fd0x0000000000000008' [ 156.008953][ T5135] Bluetooth: hci5: command tx timeout [ 158.571610][ T5135] Bluetooth: hci5: command tx timeout [ 161.059256][ T5135] Bluetooth: hci5: command tx timeout [ 161.476224][ T6328] random: crng reseeded on system resumption [ 162.431498][ T6335] vivid-007: kernel_thread() failed [ 163.594093][ T5135] Bluetooth: hci5: command tx timeout [ 165.256674][ T6366] random: crng reseeded on system resumption [ 174.469644][ T6417] random: crng reseeded on system resumption [ 176.526963][ T6422] overlayfs: missing 'lowerdir' [ 176.706098][ T37] audit: type=1326 audit(1776781217.432:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6420 comm="syz.4.145" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0f5c9cc819 code=0x0 [ 179.882391][ T6450] Bluetooth: hci0: invalid length 0, exp 2 for type 9 [ 180.404554][ T6464] overlayfs: missing 'workdir' [ 184.790872][ T6498] overlayfs: failed to resolve './file0': -2 [ 187.122577][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 187.142586][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 187.152613][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 187.162575][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 187.172572][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 187.182589][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 187.192597][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 187.202606][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 187.212588][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 187.222573][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 200.783722][ T1334] ieee802154 phy0 wpan0: encryption failed: -22 [ 200.783785][ T1334] ieee802154 phy1 wpan1: encryption failed: -22 [ 217.851320][ T6796] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 217.894273][ T6796] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 217.899009][ T6796] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 217.901621][ T6796] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 217.941068][ T6796] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 219.378785][ T6797] Bluetooth: hci4: command 0x0406 tx timeout [ 219.465597][ T6797] Bluetooth: hci0: command 0x0406 tx timeout [ 219.465644][ T6797] Bluetooth: hci3: command 0x0406 tx timeout [ 219.466421][ T6806] Bluetooth: hci1: command 0x0406 tx timeout [ 219.466454][ T6806] Bluetooth: hci2: command 0x0406 tx timeout [ 220.926704][ T5822] Bluetooth: hci6: command tx timeout [ 224.437663][ T5822] Bluetooth: hci6: command tx timeout [ 228.779426][ T5822] Bluetooth: hci6: command tx timeout [ 230.932451][ T5822] Bluetooth: hci6: command tx timeout [ 235.278033][ T6963] netlink: 44 bytes leftover after parsing attributes in process `syz.3.310'. [ 250.633760][ T7087] netlink: 12 bytes leftover after parsing attributes in process `syz.3.348'. [ 251.981955][ T7097] netlink: 36 bytes leftover after parsing attributes in process `syz.3.352'. [ 255.023120][ T7125] netlink: 12 bytes leftover after parsing attributes in process `syz.0.359'. [ 256.415182][ T7135] netlink: 108 bytes leftover after parsing attributes in process `syz.3.364'. [ 259.445084][ T7165] netlink: 12 bytes leftover after parsing attributes in process `syz.0.372'. [ 266.451246][ T1334] ieee802154 phy0 wpan0: encryption failed: -22 [ 266.451312][ T1334] ieee802154 phy1 wpan1: encryption failed: -22 [ 270.923086][ T7249] Bluetooth: hci0: unsupported parameter 255 [ 270.923108][ T7249] Bluetooth: hci0: unsupported parameter 255 [ 273.837031][ T7284] Bluetooth: hci0: unsupported parameter 255 [ 273.837053][ T7284] Bluetooth: hci0: unsupported parameter 255 [ 277.684183][ T7313] ======================================================= [ 277.684183][ T7313] WARNING: The mand mount option has been deprecated and [ 277.684183][ T7313] and is ignored by this kernel. Remove the mand [ 277.684183][ T7313] option from the mount to silence this warning. [ 277.684183][ T7313] ======================================================= [ 277.730498][ T7313] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 282.060296][ T59] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 282.382358][ T59] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 282.449078][ T7345] netlink: 32 bytes leftover after parsing attributes in process `syz.0.425'. [ 283.139592][ T59] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 283.145284][ T59] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 283.150945][ T59] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 285.037057][ T59] Bluetooth: hci5: command 0x0406 tx timeout [ 287.587983][ T59] Bluetooth: hci7: command tx timeout [ 290.034320][ T5826] Bluetooth: hci7: command tx timeout [ 291.974645][ T7395] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 292.273731][ T5826] Bluetooth: hci7: command tx timeout [ 295.931847][ T5826] Bluetooth: hci7: command tx timeout [ 299.293343][ T7443] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 299.293364][ T7443] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 299.293386][ T7443] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 301.872391][ T7474] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 301.872420][ T7474] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 301.872455][ T7474] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 303.937496][ T38] INFO: task kworker/0:0:9 blocked for more than 146 seconds. [ 303.937533][ T38] Not tainted syzkaller #0 [ 303.937543][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 303.937551][ T38] task:kworker/0:0 state:D stack:21176 pid:9 tgid:9 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 303.937607][ T38] Workqueue: events_power_efficient crda_timeout_work [ 303.937652][ T38] Call Trace: [ 303.937658][ T38] [ 303.937672][ T38] __schedule+0x1681/0x54c0 [ 303.937724][ T38] ? __pfx___schedule+0x10/0x10 [ 303.937758][ T38] rt_mutex_schedule+0x76/0xf0 [ 303.937787][ T38] rt_mutex_slowlock_block+0x508/0x680 [ 303.937832][ T38] rt_mutex_slowlock+0x2dc/0x780 [ 303.937859][ T38] ? rt_mutex_slowlock+0x1fd/0x780 [ 303.937885][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 303.937921][ T38] ? crda_timeout_work+0x16/0x80 [ 303.937946][ T38] ? crda_timeout_work+0x16/0x80 [ 303.937973][ T38] ? crda_timeout_work+0x16/0x80 [ 303.937992][ T38] mutex_lock_nested+0x168/0x1d0 [ 303.938018][ T38] ? process_scheduled_works+0xa70/0x1860 [ 303.938050][ T38] crda_timeout_work+0x16/0x80 [ 303.938070][ T38] ? process_scheduled_works+0xa70/0x1860 [ 303.938102][ T38] process_scheduled_works+0xb5d/0x1860 [ 303.938160][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 303.938194][ T38] ? assign_work+0x3d5/0x5e0 [ 303.938226][ T38] worker_thread+0xa53/0xfc0 [ 303.938270][ T38] kthread+0x388/0x470 [ 303.938293][ T38] ? __pfx_worker_thread+0x10/0x10 [ 303.938310][ T38] ? __pfx_kthread+0x10/0x10 [ 303.938333][ T38] ret_from[ 303.938333][ T38] ret_from_fork+0x514/0xb70 [ 303.938356][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 303.938374][ T38] ? __switch_to+0xc79/0x1410 [ 303.938403][ T38] ? __pfx_kthread+0x10/0x10 [ 303.938427][ T38] ret_from_fork_asm+0x1a/0x30 [ 303.938465][ T38] [ 303.938474][ T38] INFO: task kworker/0:1:10 blocked for more than 146 seconds. [ 303.938487][ T38] Not tainted syzkaller #0 [ 303.938496][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 303.938503][ T38] task:kworker/0:1 state:D stack:21336 pid:10 tgid:10 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 303.938552][ T38] Workqueue: events reg_todo [ 303.938570][ T38] Call Trace: [ 303.938576][ T38] [ 303.938587][ T38] __schedule+0x1681/0x54c0 [ 303.938635][ T38] ? __pfx___schedule+0x10/0x10 [ 303.938651][ T38] ? rt_mutex_slowlock_block+0x2e9/0x680 [ 303.938691][ T38] rt_mutex_schedule+0x76/0xf0 [ 303.938716][ T38] rt_mutex_slowlock_block+0x508/0x680 [ 303.938754][ T38] ? rt_mutex_slowlock_block+0x2e9/0x680 [ 303.938782][ T38] rt_mutex_slowlock+0x2dc/0x780 [ 303.938810][ T38] ? rt_mutex_slowlock+0x1fd/0x780 [ 303.938837][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 303.938890][ T38] ? reg_process_self_managed_hints+0x8d/0x170 [ 303.938918][ T38] ? reg_process_self_managed_hints+0x8d/0x170 [ 303.938937][ T38] mutex_lock_nested+0x168/0x1d0 [ 303.938968][ T38] reg_process_self_managed_hints+0x8d/0x170 [ 303.938990][ T38] reg_todo+0x929/0xa80 [ 303.939011][ T38] ? reg_todo+0x483/0xa80 [ 303.939031][ T38] ? process_scheduled_works+0xa70/0x1860 [ 303.947295][ T38] ? process_scheduled_works+0xa70/0x1860 [ 303.947340][ T38] process_scheduled_works+0xb5d/0x1860 [ 303.947399][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 303.947434][ T38] ? assign_work+0x3d5/0x5e0 [ 303.947466][ T38] worker_thread+0xa53/0xfc0 [ 303.947511][ T38] kthread+0x388/0x470 [ 303.947533][ T38] ? __pfx_worker_thread+0x10/0x10 [ 303.947549][ T38] ? __pfx_kthread+0x10/0x10 [ 303.947572][ T38] ret_from_fork+0x514/0xb70 [ 303.947594][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 303.947613][ T38] ? __switch_to+0xc79/0x1410 [ 303.947640][ T38] ? __pfx_kthread+0x10/0x10 [ 303.947669][ T38] ret_from_fork_asm+0x1a/0x30 [ 303.947707][ T38] [ 303.955221][ T38] INFO: task kworker/u8:15:2977 blocked for more than 146 seconds. [ 303.955240][ T38] Not tainted syzkaller #0 [ 303.955250][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 303.955270][ T38] task:kworker/u8:15 state:D stack:24664 pid:2977 tgid:2977 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 303.955441][ T38] Workqueue: ipv6_addrconf addrconf_dad_work [ 303.955471][ T38] Call Trace: [ 303.955478][ T38] [ 303.955490][ T38] __schedule+0x1681/0x54c0 [ 303.955541][ T38] ? __pfx___schedule+0x10/0x10 [ 303.955575][ T38] rt_mutex_schedule+0x76/0xf0 [ 303.955602][ T38] rt_mutex_slowlock_block+0x508/0x680 [ 303.955646][ T38] rt_mutex_slowlock+0x2dc/0x780 [ 303.955675][ T38] ? rt_mutex_slowlock+0x1fd/0x780 [ 303.955729][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 303.955775][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 303.955799][ T38] ? addrconf_dad_work+0x124/0x1680 [ 303.955822][ T38] mutex_lock_nested+0x168/0x1d0 [ 303.955846][ T38] ? addrconf_dad_work+0x124/0x1680 [ 303.955874][ T38] addrconf_dad_work+0x124/0x1680 [ 303.955900][ T38] ? lock_acquire+0x106/0x350 [ 303.955925][ T38] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 303.955948][ T38] ? __pfx_addrconf_dad_work+0x10/0x10 [ 303.955973][ T38] ? process_scheduled_works+0xa70/0x1860 [ 303.956008][ T38] ? process_scheduled_works+0xa70/0x1860 [ 303.956035][ T38] ? process_scheduled_works+0xa70/0x1860 [ 303.956064][ T38] process_scheduled_works+0xb5d/0x1860 [ 303.956143][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 303.956178][ T38] ? assign_work+0x3d5/0x5e0 [ 303.959161][ T38] worker_thread+0xa53/0xfc0 [ 303.959218][ T38] kthread+0x388/0x470 [ 303.959241][ T38] ? __pfx_worker_thread+0x10/0x10 [ 303.959257][ T38] ? __pfx_kthread+0x10/0x10 [ 303.959281][ T38] ret_from_fork+0x514/0xb70 [ 303.959303][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 303.959321][ T38] ? __switch_to+0xc79/0x1410 [ 303.959349][ T38] ? __pfx_kthread+0x10/0x10 [ 303.959372][ T38] ret_from_fork_asm+0x1a/0x30 [ 303.959409][ T38] [ 303.959442][ T38] INFO: task syz-executor:5821 blocked for more than 146 seconds. [ 303.959456][ T38] Not tainted syzkaller #0 [ 303.959465][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 303.959473][ T38] task:syz-executor state:D stack:22176 pid:5821 tgid:5821 ppid:1 task_flags:0x400140 flags:0x00080002 [ 303.959536][ T38] Call Trace: [ 303.959542][ T38] [ 303.959553][ T38] __schedule+0x1681/0x54c0 [ 303.959572][ T38] ? nlmon_xmit+0xb0/0x100 [ 303.959617][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 303.959645][ T38] ? __pfx___schedule+0x10/0x10 [ 303.959693][ T38] rt_mutex_schedule+0x76/0xf0 [ 303.959720][ T38] rt_mutex_slowlock_block+0x508/0x680 [ 303.959764][ T38] rt_mutex_slowlock+0x2dc/0x780 [ 303.959793][ T38] ? rt_mutex_slowlock+0x1fd/0x780 [ 303.959820][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 303.959855][ T38] ? rtnetlink_rcv_msg+0x722/0xbe0 [ 303.959884][ T38] ? rtnetlink_rcv_msg+0x722/0xbe0 [ 303.959912][ T38] ? rtnetlink_rcv_msg+0x722/0xbe0 [ 303.959933][ T38] mutex_lock_nested+0x168/0x1d0 [ 303.959964][ T38] rtnetlink_rcv_msg+0x722/0xbe0 [ 303.959991][ T38] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 303.960013][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 303.960035][ T38] ? ref_tracker_free+0x673/0x820 [ 303.960062][ T38] ? __pfx_ref_tracker_free+0x10/0x10 [ 303.960084][ T38] ? __asan_memcpy+0x40/0x70 [ 303.960116][ T38] ? __skb_clone+0x63/0x7a0 [ 303.960151][ T38] netlink_rcv_skb+0x232/0x4b0 [ 303.960178][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 303.960203][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 303.960241][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 303.960265][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 303.960295][ T38] netlink_unicast+0x780/0x920 [ 303.960329][ T38] netlink_sendmsg+0x813/0xb40 [ 303.960363][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 303.960397][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 303.960425][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 303.960452][ T38] __sys_sendto+0x67f/0x710 [ 303.960484][ T38] ? __pfx___sys_sendto+0x10/0x10 [ 303.960535][ T38] ? fd_install+0x97/0x3e0 [ 303.960560][ T38] ? fd_install+0x30c/0x3e0 [ 303.960591][ T38] __x64_sys_sendto+0xde/0x100 [ 303.960617][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.960649][ T38] do_syscall_64+0x15f/0xf80 [ 303.960672][ T38] ? clear_bhb_loop+0x40/0x90 [ 303.965002][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.965033][ T38] RIP: 0033:0x7f998b6ed04e [ 303.965061][ T38] RSP: 002b:00007ffda828bf38 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 303.965081][ T38] RAX: ffffffffffffffda RBX: 000055558bc79500 RCX: 00007f998b6ed04e [ 303.965101][ T38] RDX: 0000000000000020 RSI: 00007f998c4d4670 RDI: 0000000000000005 [ 303.965113][ T38] RBP: 0000000000000001 R08: 00007ffda828bfb4 R09: 000000000000000c [ 303.965124][ T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 303.965135][ T38] R13: 00007ffda828c01c R14: 00007f998c4d4670 R15: 0000000000000000 [ 303.965165][ T38] [ 303.965226][ T38] [ 303.965226][ T38] Showing all locks held in the system: [ 303.965235][ T38] 3 locks held by kworker/0:0/9: [ 303.965246][ T38] #0: ffff88801a04a538 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 303.965303][ T38] #1: ffffc900000e7c40 ((crda_timeout).work){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 303.965355][ T38] #2: ffffffff8f36b1b8 (rtnl_mutex){+.+.}-{4:4}, at: crda_timeout_work+0x16/0x80 [ 303.965401][ T38] 4 locks held by kworker/0:1/10: [ 303.965412][ T38] #0: ffff88801a04b938 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 303.965463][ T38] #1: ffffc900000f7c40 (reg_work){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 303.965514][ T38] #2: ffffffff8f36b1b8 (rtnl_mutex){+.+.}-{4:4}, at: reg_todo+0x1c/0xa80 [ 303.965558][ T38] #3: ffff8880626308b8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_process_self_managed_hints+0x8d/0x170 [ 303.965603][ T38] 7 locks held by kworker/u8:0/12: [ 303.965615][ T38] 4 locks held by ktimers/0/16: [ 303.965627][ T38] 1 lock held by khungtaskd/38: [ 303.965638][ T38] #0: ffffffff8dfc80c0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 303.965688][ T38] 3 locks held by kworker/u8:5/90: [ 303.965698][ T38] #0: ffff88801a08c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 303.965750][ T38] #1: ffffc900015efc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 303.965802][ T38] #2: ffff8880632a08b8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x460 [ 303.965856][ T38] 3 locks held by kworker/u8:6/193: [ 303.965866][ T38] #0: ffff88801a08c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 303.965918][ T38] #1: ffffc90003927c40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 303.965970][ T38] #2: ffff8880631508b8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x460 [ 303.966026][ T38] 3 locks held by kworker/u8:8/1166: [ 303.966036][ T38] #0: ffff88801a08c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 303.966095][ T38] #1: ffffc900060bfc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 303.966156][ T38] #2: ffff8880626308b8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x460 [ 303.966321][ T38] 3 locks held by kworker/1:3/1257: [ 303.966331][ T38] #0: ffff88801a04a538 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 303.966383][ T38] #1: ffffc9000648fc40 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 303.966434][ T38] #2: ffffffff8f36b1b8 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0xab/0x1090 [ 303.966502][ T38] 3 locks held by kworker/u8:15/2977: [ 303.969755][ T38] #0: ffff888032e62138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 303.969821][ T38] #1: ffffc9000e0bfc40 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 303.969887][ T38] #2: ffffffff8f36b1b8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x124/0x1680 [ 303.969938][ T38] 3 locks held by kworker/u8:17/3382: [ 303.969949][ T38] #0: ffff88801a08c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 303.970000][ T38] #1: ffffc9000e83fc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 303.970051][ T38] #2: ffff8880628e08b8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x460 [ 303.970112][ T38] 1 lock held by syslogd/5167: [ 303.970122][ T38] #0: ffff8880296280d8 (&si->socket.wq.wait){+.+.}-{3:3}, at: finish_wait+0xbe/0x1e0 [ 303.970167][ T38] 3 locks held by klogd/5174: [ 303.970178][ T38] 2 locks held by getty/5573: [ 303.970187][ T38] #0: ffff8880378740a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 303.970238][ T38] #1: ffffc90003cbe2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13a0 [ 303.970285][ T38] 1 lock held by syz-executor/5821: [ 303.970295][ T38] #0: ffffffff8f36b1b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x722/0xbe0 [ 303.970350][ T38] 1 lock held by syz-executor/6261: [ 303.970360][ T38] #0: ffffffff8f36b1b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 303.970409][ T38] 1 lock held by syz-executor/6803: [ 303.970419][ T38] #0: ffffffff8f36b1b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 303.970467][ T38] 1 lock held by syz-executor/7337: [ 303.970477][ T38] #0: ffffffff8f36b1b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 303.970524][ T38] 1 lock held by syz.2.466/7482: [ 303.970534][ T38] 1 lock held by syz.3.469/7488: [ 303.970544][ T38] #0: ffff88803c85c0e8 (&kvm->slots_lock){+.+.}-{4:4}, at: kvm_vm_ioctl_set_memory_region+0x5e/0xb0 [ 303.970593][ T38] [ 303.970598][ T38] ============================================= [ 303.970598][ T38] [ 303.970623][ T38] NMI backtrace for cpu 1 [ 303.970644][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 303.970664][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 303.970675][ T38] Call Trace: [ 303.970682][ T38] [ 303.970689][ T38] dump_stack_lvl+0xe8/0x150 [ 303.970720][ T38] nmi_cpu_backtrace+0x274/0x2d0 [ 303.970746][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 303.970778][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 303.970806][ T38] sys_info+0x135/0x170 [ 303.970827][ T38] watchdog+0xfd3/0x1030 [ 303.970852][ T38] ? watchdog+0x1c9/0x1030 [ 303.970876][ T38] kthread+0x388/0x470 [ 303.970898][ T38] ? __pfx_watchdog+0x10/0x10 [ 303.970914][ T38] ? __pfx_kthread+0x10/0x10 [ 303.970936][ T38] ret_from_fork+0x514/0xb70 [ 303.970957][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 303.970975][ T38] ? __switch_to+0xc79/0x1410 [ 303.971002][ T38] ? __pfx_kthread+0x10/0x10 [ 303.971025][ T38] ret_from_fork_asm+0x1a/0x30 [ 303.971059][ T38] [ 303.971066][ T38] Sending NMI from CPU 1 to CPUs 0: [ 303.971092][ C0] NMI backtrace for cpu 0 [ 303.971104][ C0] CPU: 0 UID: 0 PID: 7492 Comm: syz.0.468 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 303.971121][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 303.971130][ C0] RIP: 0010:__lock_acquire+0x84f/0x2cf0 [ 303.971150][ C0] Code: 00 00 09 c5 48 89 d8 48 c1 e8 20 29 c5 89 c1 c1 c1 04 31 e9 01 d8 29 cb 89 ca c1 c2 06 31 da 01 c1 29 d0 89 d6 c1 c6 08 31 c6 <01> ca 29 f1 89 f3 c1 c3 10 31 cb 01 d6 29 da 89 dd c1 c5 13 31 d5 [ 303.971162][ C0] RSP: 0018:ffffc9000e86f3f8 EFLAGS: 00000082 [ 303.971174][ C0] RAX: 000000009932b322 RBX: 00000000095eb628 RCX: 00000000afe795f5 [ 303.971185][ C0] RDX: 00000000e30b8de4 RSI: 0000000092bf57c1 RDI: ffff88801dfb1ec0 [ 303.971195][ C0] RBP: 00000000c0ca0a1c R08: ffffffff8b2ee740 R09: ffffffff8dfc80c0 [ 303.971205][ C0] R10: dffffc0000000000 R11: fffffbfff1f178bf R12: ffff88801dfb2b08 [ 303.971216][ C0] R13: ffff88801dfb2b08 R14: ffff88801dfb1ec0 R15: 0000000000000002 [ 303.971227][ C0] FS: 00007f874d08d6c0(0000) GS:ffff8881260fe000(0000) knlGS:0000000000000000 [ 303.971239][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 303.971249][ C0] CR2: 000000110c3585e0 CR3: 000000003d730000 CR4: 00000000003526f0 [ 303.971262][ C0] DR0: 0000000000000008 DR1: 0000000000000002 DR2: 0000000000000081 [ 303.971271][ C0] DR3: ffffffffefffff14 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 303.971281][ C0] Call Trace: [ 303.971286][ C0] [ 303.971294][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 303.971316][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 303.971332][ C0] ? __pfx_rtlock_slowlock_locked+0x10/0x10 [ 303.971355][ C0] ? rt_spin_lock+0x1e0/0x400 [ 303.971373][ C0] lock_acquire+0x106/0x350 [ 303.971389][ C0] ? rt_spin_lock+0x1e0/0x400 [ 303.971411][ C0] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 303.971428][ C0] rt_spin_lock+0x1fc/0x400 [ 303.971447][ C0] ? rt_spin_lock+0x1e0/0x400 [ 303.971467][ C0] ? __pfx_rt_spin_lock+0x10/0x10 [ 303.971488][ C0] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 303.971505][ C0] __skb_try_recv_datagram+0x89/0x1b0 [ 303.971529][ C0] __unix_dgram_recvmsg+0x2e3/0xd60 [ 303.971548][ C0] ? __pfx___unix_dgram_recvmsg+0x10/0x10 [ 303.971564][ C0] ? irqentry_exit+0x218/0x730 [ 303.971579][ C0] ? trace_irq_disable+0x3b/0x140 [ 303.971595][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 303.971613][ C0] ? unix_dgram_recvmsg+0xae/0xd0 [ 303.971630][ C0] ? __pfx_unix_dgram_recvmsg+0x10/0x10 [ 303.971649][ C0] sock_recvmsg_nosec+0x10c/0x140 [ 303.971667][ C0] ____sys_recvmsg+0x3ef/0x4b0 [ 303.971692][ C0] ? __pfx_____sys_recvmsg+0x10/0x10 [ 303.971719][ C0] ? import_iovec+0x73/0xa0 [ 303.971740][ C0] ___sys_recvmsg+0x215/0x590 [ 303.971763][ C0] ? __pfx____sys_recvmsg+0x10/0x10 [ 303.971786][ C0] ? irqentry_exit+0x218/0x730 [ 303.971811][ C0] do_recvmmsg+0x33a/0x800 [ 303.971827][ C0] ? file_init_path+0x3b/0x5b0 [ 303.971853][ C0] ? __pfx_do_recvmmsg+0x10/0x10 [ 303.971866][ C0] ? __asan_memcpy+0x40/0x70 [ 303.971888][ C0] ? __pfx_do_futex+0x10/0x10 [ 303.971914][ C0] __x64_sys_recvmmsg+0x198/0x250 [ 303.971929][ C0] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 303.971946][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.971961][ C0] do_syscall_64+0x15f/0xf80 [ 303.971977][ C0] ? trace_irq_disable+0x3b/0x140 [ 303.971990][ C0] ? clear_bhb_loop+0x40/0x90 [ 303.972007][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.972021][ C0] RIP: 0033:0x7f874ee5c819 [ 303.972034][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 303.972045][ C0] RSP: 002b:00007f874d08d028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 303.972059][ C0] RAX: ffffffffffffffda RBX: 00007f874f0d6090 RCX: 00007f874ee5c819 [ 303.972069][ C0] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003 [ 303.972079][ C0] RBP: 00007f874eef2c91 R08: 0000000000000000 R09: 0000000000000000 [ 303.972088][ C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 303.972097][ C0] R13: 00007f874f0d6128 R14: 00007f874f0d6090 R15: 00007ffdf9485ba8 [ 303.972114][ C0] [ 304.168768][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 304.168787][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 304.168804][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 304.168813][ T38] Call Trace: [ 304.168819][ T38] [ 304.168826][ T38] vpanic+0x56c/0xa60 [ 304.168847][ T38] ? __pfx___schedule+0x10/0x10 [ 304.168863][ T38] ? __pfx_vpanic+0x10/0x10 [ 304.168890][ T38] panic+0xc5/0xd0 [ 304.168903][ T38] ? __pfx_panic+0x10/0x10 [ 304.168917][ T38] ? preempt_schedule_thunk+0x16/0x30 [ 304.168939][ T38] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 304.168960][ T38] watchdog+0x102c/0x1030 [ 304.168979][ T38] ? watchdog+0x1c9/0x1030 [ 304.168996][ T38] kthread+0x388/0x470 [ 304.169012][ T38] ? __pfx_watchdog+0x10/0x10 [ 304.169025][ T38] ? __pfx_kthread+0x10/0x10 [ 304.169042][ T38] ret_from_fork+0x514/0xb70 [ 304.169057][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 304.169071][ T38] ? __switch_to+0xc79/0x1410 [ 304.169092][ T38] ? __pfx_kthread+0x10/0x10 [ 304.169110][ T38] ret_from_fork_asm+0x1a/0x30 [ 304.169137][ T38] [ 304.170226][ T38] Kernel Offset: disabled