last executing test programs: 36.683627199s ago: executing program 0 (id=407): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000440)={'das16m1\x00', [0x3dc0, 0x8001, 0x802, 0x40300000, 0xe4, 0xc, 0x8, 0x8, 0x1009f, 0xfffffff7, 0xcd6, 0xb, 0x1db, 0x2, 0x7, 0xfe, 0x10002, 0xf, 0x0, 0x0, 0x2, 0x7, 0xf21, 0x0, 0xb, 0xc00, 0x3f, 0x9, 0x6, 0x1, 0xfffffffc]}) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000340)=0x0) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) r6 = fsopen(&(0x7f0000000500)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) r7 = fsmount(r6, 0x0, 0x0) fchdir(r7) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f00000001c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000140), 0x200800, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000440)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1/file0'}}]}) 35.627139561s ago: executing program 0 (id=409): mkdir(&(0x7f0000000340)='./file0/file0\x00', 0xfffffffffffffffe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_setup(0x498, &(0x7f0000000240)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) 29.610904737s ago: executing program 0 (id=422): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300) setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f00000001c0)=0x7f, 0x4) setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000000100)=0x3, 0x4) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) r1 = io_uring_setup(0x56ab, &(0x7f0000000040)={0x0, 0x36d, 0xc000, 0xc, 0xa0002f5}) process_vm_readv(0x0, &(0x7f0000000240)=[{0x0}, {0x0}, {&(0x7f0000000380)=""/228, 0xe4}], 0x3, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0xfffffffffffffda2, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x24, &(0x7f0000000000)=0xa, 0x4) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 25.599221253s ago: executing program 0 (id=426): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) io_setup(0x7, &(0x7f00000000c0)=0x0) io_getevents(r0, 0x10, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) recvmsg(0xffffffffffffffff, 0x0, 0x8dff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a0000"], 0x1c}}, 0x0) 24.471587019s ago: executing program 0 (id=430): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xa43d, 0x80, 0x2, 0x3b9}, &(0x7f0000000000), &(0x7f0000000280)) 22.261252672s ago: executing program 1 (id=434): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x10}, 0x94) socket$inet6(0xa, 0x2, 0x0) socket$packet(0x11, 0xa, 0x300) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) r1 = syz_open_dev$dvb_frontend(0x0, 0x0, 0x141000) ioctl$FE_GET_PROPERTY(r1, 0x80106f53, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000040)={0x2, 0x4e22, @loopback}, 0x10) sendmsg$rds(r2, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, 0x0, 0x0, &(0x7f0000001180)}, 0x0) 20.930504524s ago: executing program 0 (id=436): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300) setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f00000001c0)=0x7f, 0x4) setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000000100)=0x3, 0x4) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) r1 = io_uring_setup(0x56ab, &(0x7f0000000040)={0x0, 0x36d, 0xc000, 0xc, 0xa0002f5}) process_vm_readv(0x0, &(0x7f0000000240)=[{0x0}, {0x0}, {&(0x7f0000000380)=""/228, 0xe4}], 0x3, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0xfffffffffffffda2, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x24, &(0x7f0000000000)=0xa, 0x4) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 16.685522681s ago: executing program 3 (id=440): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000001240)={'wlan1\x00'}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x2000000000001, 0x0, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mmap(&(0x7f0000505000/0x3000)=nil, 0x3000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2) r5 = socket$inet_udp(0x2, 0x2, 0x0) r6 = dup2(r5, r5) setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000b40)=@nat={'nat\x00', 0x62, 0x5, 0x528, 0x188, 0xe0, 0xffffffff, 0x2a0, 0x0, 0x490, 0x490, 0xffffffff, 0x490, 0x490, 0x5, 0x0, {[{{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'veth0_to_bond\x00', 'wg1\x00'}, 0x0, 0xa8, 0xe0, 0x0, {0x22e}, [@common=@unspec=@statistic={{0x38}}]}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x4f00, {0x0, @multicast1, @remote, @icmp_id, @icmp_id}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x3dc, {0x0, @private, @remote, @icmp_id, @gre_key}}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_team\x00', 'ipvlan0\x00'}, 0x0, 0xe0, 0x118, 0x0, {}, [@common=@socket0={{0x20}}, @common=@osf={{0x50}, {'syz0\x00'}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @private, @multicast2, @gre_key, @icmp_id}}}}, {{@uncond, 0x0, 0x1b8, 0x1f0, 0x0, {}, [@common=@unspec=@comment={{0x120}}, @common=@icmp={{0x28}, {0x0, "6e82"}}]}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x10, @dev={0xac, 0x14, 0x14, 0x43}, @broadcast, @gre_key=0x72c9, @icmp_id=0x66}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x588) ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4}) ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000240)=0x1) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r7, r4, 0x0) 13.673372152s ago: executing program 2 (id=444): socket$inet6_tcp(0xa, 0x1, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, 0x0, 0x80200, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x25) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400246}, &(0x7f0000000340)=0x0, &(0x7f00000006c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r1, 0x0, 0x0, 0x0, 0x2}) io_uring_enter(r1, 0x627, 0x4c1, 0x43, 0x0, 0x0) 13.328148745s ago: executing program 2 (id=445): capset(&(0x7f0000000080)={0x20080522}, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaa"], 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x3, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13.223850068s ago: executing program 4 (id=446): syz_emit_ethernet(0x34, &(0x7f0000001b40)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}, @val={@void, {0x8100, 0x0, 0x0, 0x2}}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0x6, @dev={0xac, 0x14, 0x14, 0x11}}, "dd9dec79219eb5499325e16c9633"}}}}, 0x0) 12.924382322s ago: executing program 2 (id=447): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r3, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x6, 0x0) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0], 0x13c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20040880) socket(0x25, 0x1, 0x0) epoll_create1(0x0) sendmmsg$inet6(r2, &(0x7f0000000a80)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x4d7, @private2={0xfc, 0x2, '\x00', 0x1}, 0x3}, 0x1c, &(0x7f0000000900)=[{&(0x7f0000000400)="fc", 0x1}], 0x1}}], 0x1, 0x4c040) 12.833452588s ago: executing program 4 (id=448): setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000280)={0x4000, 0x2}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, 0x0) r0 = socket(0x2, 0x80805, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, 0x0}) openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_init_net_socket$ax25(0x3, 0x5, 0xc5) bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="28000000350001002bbd7004fedbdb250400000008000400020000000c0005"], 0x28}, 0x1, 0x0, 0x0, 0x20040050}, 0x24000080) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000001580)={0x0, 0x8, 0x6, "401e18a4986a"}, 0xe) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 12.123280942s ago: executing program 1 (id=449): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r3, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r4}) ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r4, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000}) 11.985403831s ago: executing program 3 (id=450): setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000280)={0x4000, 0x2}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, 0x0) r0 = socket(0x2, 0x80805, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, 0x0}) openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_init_net_socket$ax25(0x3, 0x5, 0xc5) bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="28000000350001002bbd7004fedbdb250400000008000400020000000c0005"], 0x28}, 0x1, 0x0, 0x0, 0x20040050}, 0x24000080) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000001580)={0x0, 0x8, 0x6, "401e18a4986a"}, 0xe) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 11.452184503s ago: executing program 4 (id=451): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) 10.554557659s ago: executing program 1 (id=452): pipe2(&(0x7f0000000000), 0x80800) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0}) pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) bind$netlink(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd']) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty, 0xac800000}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) 9.815306332s ago: executing program 4 (id=453): r0 = fsopen(&(0x7f00000001c0)='tracefs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x94}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r5 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) r6 = fanotify_init(0xf00, 0x1000) fanotify_mark(r6, 0x105, 0x5000003a, r5, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x42, 0x0) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) readv(r6, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0xac, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xac}}, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 7.852473559s ago: executing program 4 (id=454): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xa43d, 0x80, 0x2, 0x3b9}, &(0x7f0000000000), &(0x7f0000000280)) 7.792139273s ago: executing program 2 (id=455): r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, r0}, 0x94) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) io_getevents(0x0, 0x6, 0x6, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}], &(0x7f0000000180)={0x0, 0x3938700}) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x40) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1a0) mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}], [], 0x2c}) sendmsg$IPSET_CMD_TYPE(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x34, 0xd, 0x6, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x1}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000800}, 0x20000084) 7.750789008s ago: executing program 3 (id=456): socket$can_j1939(0x1d, 0x2, 0x7) socket$igmp(0x2, 0x3, 0x2) socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)) syz_io_uring_setup(0x88f, &(0x7f00000010c0)={0x0, 0xc941, 0x0, 0x2, 0xbfdffffc}, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) socket$kcm(0x2, 0x200000000000001, 0x106) socket$inet6(0xa, 0x80002, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x100, 0x3, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}}}, 0x24}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) sendmsg(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)=[{0x0}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 6.701863931s ago: executing program 4 (id=457): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26}) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) geteuid() r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r3, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r4, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r4, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000}) ioctl$IOMMU_HWPT_ALLOC$NONE(r3, 0x3b89, &(0x7f0000000000)={0x28, 0x4, r5, r4, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, &(0x7f0000000140)={@multicast2, @multicast1, 0x0, "aaa517d60f2811d48c8a2cc60c4380bc23b510d442ff13482864280a9c0f4eb5", 0x0, 0xcc, 0xffffffff}, 0x3c) r6 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)) r7 = socket(0x40000000015, 0x5, 0x0) recvmmsg(r7, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x60010000, 0x0) 6.423350174s ago: executing program 1 (id=458): openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) io_setup(0x1, &(0x7f0000000040)=0x0) io_submit(r0, 0x1, &(0x7f0000000440)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x8, 0x1, 0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x8000}]) 5.402542944s ago: executing program 32 (id=436): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300) setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f00000001c0)=0x7f, 0x4) setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000000100)=0x3, 0x4) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) r1 = io_uring_setup(0x56ab, &(0x7f0000000040)={0x0, 0x36d, 0xc000, 0xc, 0xa0002f5}) process_vm_readv(0x0, &(0x7f0000000240)=[{0x0}, {0x0}, {&(0x7f0000000380)=""/228, 0xe4}], 0x3, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0xfffffffffffffda2, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x24, &(0x7f0000000000)=0xa, 0x4) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 5.387652996s ago: executing program 2 (id=460): r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, r0}, 0x94) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) io_getevents(0x0, 0x6, 0x6, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}], &(0x7f0000000180)={0x0, 0x3938700}) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x40) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1a0) mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[], [], 0x2c}) sendmsg$IPSET_CMD_TYPE(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x34, 0xd, 0x6, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x1}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000800}, 0x20000084) 5.35601519s ago: executing program 3 (id=461): r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, r0}, 0x94) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) io_getevents(0x0, 0x6, 0x6, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}], &(0x7f0000000180)={0x0, 0x3938700}) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x40) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1a0) mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[], [], 0x2c}) sendmsg$IPSET_CMD_TYPE(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x34, 0xd, 0x6, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x1}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000800}, 0x20000084) 5.198382799s ago: executing program 1 (id=462): syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xf635, 0x2000, 0x0, 0xfffffffc}, &(0x7f0000000240), 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4, @local}]}, &(0x7f0000000240)=0x10) setsockopt$inet_sctp6_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000040)={r4, 0x6}, 0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) setresuid(0x0, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x2}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000000c0)={&(0x7f0000000a00)="2ec62918839c76120082058a8d001cadfc9ad5c80a4444681c0eaef58dc50ea8463fe93a87ff4f3bcca0f480469383243d731aaffad64bcc7497440fbe0114b08487b941904b0eb8ee67a8cd9117d1593b7ab0e79f7b73e0e504aa84abebe09663bc17cd8d4949d73d7c7bbbb60fef61a1251dab8c762de7d0a6f8f412f0cc3cd1de7d5df9b2f93746db69c33103f5ba20e5c334fbe2d9aa165c086e41b6439295ca5fd0e069baa57cc138ee4fb2ed1d417c494ccd1f7f83db92532abf400cb4a4eb3d6f925ff7ee3dd9beb779ca1bdaf1125f7b669c4abd8f45a7bf503d7bcef9d753a8bbd1f95d2b670039b290881f22f8b65ed2fc436b425b865d9cf91c66838dfd0e9ffdc2ed266d32fd23371dc9c706c4bac963866dff9794f8af5c7e4425ee4cabd5ebc8f2aa6b62e61c7ea526a8a3cad6a0df25ba227ca74d7f6fdf1ae2f559491837c777aafc87aff7b2b37b5cbcefe3d017c1c4bf1c4566f6cc011911397b348005e100a205ae6eab8453987569047da76cd7bac8b4c5d6495c35df74094ce7deeb442d47adf64c405b4f43282eea7a49d882fd46aa925102806b50a0746f29866d2448f6b8a461d5c50529883c16afde62bc0a09357be2438f55671a7d4a1a7ebddca90ed53370d11cf1ce50b082279833eccd108606beea351e0eb011165fd85fff3f7973fb0a66edaea844df796d3213dbee43f57dc96da8cc254d400709073a7c44904c94513df4e1e74fb333d3d3f707a566ec8905297f27dbf960862d09bddef41d8054bce7b8ee4db874992689af0eeb81afe67bb238c4501f980d114594c18b72629acbd302a2f8f91aa9d60d70b5af891082cedf7da7e24185d572804729c147c5a7d3661279fdb3e7018579c46dfd0f51fa3c33b92c99d85fa38c7cf6a8a45abd340c69cc8173538fb846bd29b7b8c48bbdb54d540bd4cbe2707ac558917064ee772369d4d9a7ca515b0ea5f94d094ca03d4f4cb55b69e59f09a3f8273af98785f032f132f0f68d3828d690aba5ad4f06c946619d59c3acce0e7cda916b32a87a4937c1dff03ff474451241b10a159b82e13cc1aa7f4373a3af5ad7edb958af7be3cc7b5ac50da1968dd52886be57d6e376549249a885d38c23c532cbe6447f24a302cf455919ed59dcecc9547b6e3ac43fa4fa6386e8240c1c55f7830d395281e9980c3a58e748d6f6e00e88ff04e7f8c036c4ef692685f62848d4cf5edb1cbb0ea505fc476fe806409fd506b42858dcbd5630e5569feb0092d77141b71869713817bad9e0d53ca235446ba2b1ca21010ab47c48e66468acd8d07e85a162b54b3ab46701cf6891bac64091861c508daa556ef06aedebe04685db1387faf00ffa0fe8d4a04ed1d2e91cb110d0e202ad4d5b398e261265ffd91f07c2d5d9ec5a465309a1b1e182f1964858545d8fb1dc3bcb4cb72d3090b3639dcc7f66f900ce3fe3b602c6d307808a528dbc93f7c38d2b5d275bd0c2e08aecb10c930530cc2d0a5447708417f93656b4bcf91f99f6cb85e38e38ee540a2a04b8b44bc993f5e135cfa692a80ccac79e7a4f69d272502fd04a5641d860a52850dffd1a8acc90507b4afd2ba6d6b9dab8c9fc40db75c5c7a6c138252dd740cf6f33495db4fbd1a8ad98a50e1e320f1385261c877f2c38c74fedea4f7f29006d49b37ad82d2d242dbccdddb61e41df7e1183e64133342a73371a1a320fe411ee662d4687bb486415357ebc806968a1d2e1cbfea080850942093643a201392630767699a7b9753cbfe259c5060f9a65f4b81fdc317a8d9d7818fca15dac85ac6461110eb0e5cdf4a0545f352091d4fbe20e7143c5cd7045a10b8f306c5e30b8a78a2e4bb5f68c7e487d5d4f594cc74f18b3c342b838b27fd3f650b5e4ca47c4c745d28e4e6551427115bca56e282d487e7016fa6556de2e78c272905011ec7f6d76f8513c222a21cc129cc5b106e6023cb6250884d9e2a373c6cfdd46d42ba946fe7efcc72620f4e96ba8917d7f46c49aab5cfd9dd9223596e85193099506561c30da1ea094b97fb9b0e8f925a76772d6642ac203d832141deef392cc1f44c6d6a75a57b69f0e51e681dd1f167a7ecc172e05034d3ce4a140d38caea1d70854a165b93c405799ee7b7a20f11c83d676c865bae23b5984963eca96d60eed740212cd889e61d2dd42e9b2cd63a32d1516662aa2a394cd365b9ef6c24fa00e7cb54168ea85cac0be7f40b0f464d0ba2f02a2c43b3f1b97f93acca3b7ec766cb1c72937ba851791240dc62700f266c64c385b0f9d26ecde162e7d3c6174d39eb9e0ab1c3c96605e56ac6e5c78745723196d0ac004b4e434e6b84d2a3af89673e670eeeec2b80db4a60faec70e40615ecd62fffaba781b611dec79cdf9e07fd18a71c85260a7c631ce036b658ee33b155fcef5977f43f112e5e84f03072ad2854d8fc2b662454cd068839067eb1e38a3d91f7fa0a39a322b64d6f7a7ba034deebb4e3c4a7863b7480d8d4ed8799acdd4e71cd9c88240bb6c8f603e68647070468343c07ce09310697db2520ca74df44fcdf21495b3c9d196fc507903cd0073873e037d9471295edd314c911cb243b809b04e970d668a064fc9008877f396650ae15f79185de3f890d4b81d2568befc10d2a57f4914eb00a42f9c25c2c85e9fec72b19a6c1e4e0cb9d2b783dd728205a7999bef1d5f0263d0a4f7b8fe8ce5d287dcc0f7380bbaab71b32e35aa7a94445dc3fe24b1307af0c0347906ff7df20aa82294a7d28909dd6da38e0136726709ad1a08e1df4cc5fea46047c6ddf5dff52895cd44ede8bb661c33b2fbebc9b830b8878945e7bfe61e2f73dc49604432f2644d1f1dfe9c6bc053204e419f38378293b355fa9848163cda7ea475a06c822fd32b034cb3e622d575eb491127628917d8b859a7ea3ee36b427d9aa0459e746d3916a49a6eec6a69e0e7e3d25723e47af15456318397be65437e721f1dcb531bc15d51b45049a6e29f3e447aa8680f193b80aac533fa983c7c271383b3fb76ab7013e47308e776bddde7194ff3266b8bb402d9dc3c10b31c421571ad462c1290815dda03d9a229c2224fe5a8ac635da0018a7f8433772751a4ac7fd2ed97f000f525ec36de37480b15cdfaa007f1e4b957e17ea445f975e7f49b21cb62ab4506c28dc5251e76ac245451cfa33f514c030e959f8d49a1cdef4cd480dc35e35f2b1729757708a0cc9bc43e22a358a0a590bfc64d19d777b8ccdd3f991b3b80b8090c047ca75a400e470bdee9090484a7988fa2209accf7d734bb5d3a4d1951340f65677b100a2f8bb3d4c50e018b64d718465896443e081f96cdb6de8b8c5a70d2353f90a1a9e64f0673d0cd4b99b8982702de361a3690051372ff7caddf18d9569c7f4026a5c70a01b92f791f2a00f0c67963277926d1b80cba2d611c1cf399f2cab7806d4d656f904e8fa68e5f89e51b40d0f4e76a64a8788b22d85c9b42c86882610397e11770b8255dc9a53aab9301d29ba5354aca37ed3bb2f3bd696591d02b087beac293052fbaab1ffe3de5b1ed9f5e7ce38420d97cc94c09cd302424d4e0ce8dd899034c3fa27b092b56c928bdee164d27a882908cd03e4522204bab4eb3546d1fa3e15425706c40d08ea389652315e65cf31f3eb2a752a4c7ffe379d02e5ce70d83885df3686d582616d182ec96efad63cff14dba27b00f6e46be563b66657694e1a9c972b61cf87ec3c4dd04868b3928e9bf222a8518456db71ce86c53062bea0058657bfebb11a40f6930b10ff6272a6589334d7f53cfbfbe9f6d2adc1dfd9666913a99f39e00b840006e8b4720e803050bcbb20fc0aec459b3a4a77992844431114647b6d09c81c4ab5c04e82c2637927a53ecdf38e07da0b1570314b70ead1dc08814d45401e6e3d5f145d304e5b7fa76af48452b59652a5076324a7a625686aee3fbccaef4b6308ec5255e5f53c14fc155f0eb224df6c247ca1ee2db4d2c5ef08ea65acadf4c140404032f31f9b31919c948c19137a37bd3a94cf2e93a05d2a044920476f5e4194be78866cdea30af5177aac7e94a8d0a76fd9a150c66b5039c8c12f94954670fec4e1602b37f4e0b9976a7b24f3834fe7ccde90902329368f7072d086f2149f15fb4770e73a1f7e2d88c20d839082af6437896188a07315af03c07138d555b2395b8b38372613b9e8527084fd2298d13b1d3a4cad7c192e954123f82dc0b487cf1dba785b0acbad43724b847337e7c9a9d01f9832952ccfe9d7c0d1c59580b7d9177d0663b31357ed5cd424235711eda7dc8bcfc5372321d6906fdd7ecb9b9ef0f6cb6033e62ccba2e276e1ea40a8ff8f9f6478662f734d8bf797b4eb5c788a255489cb9881197f795dec9584d8848b2a5d52f0caa1cbc461f4883f4e08f75882cc149aa6fccbf26ab1d0dde0e4425093d20c756f4a58434fb901a25d114a1573233ebb063330f3894285c503f6c74b3bb3a026b6fd3222f60bfe613f320c6d788e1f1fef05e26b3a6aaae80ad36202d6a2fe2d4f580257f3fcbf58e305f1efc78300e85c6eed622a8ab63b822fc9c197ad11e19f90743e567f8dd244750ed51f0b5592f04ffaa520b7e9757c749c264645e2eadb19aad133ab2237359d88de5ca4e11efab54b85531ebfb61eb1816abebbc54ed64d197c6b96ec1e043eeb11f48080fdde556773ee91c15bd86b0126c94b7e549888294de0176de3fba25ce3b55fddf73ad9989af2cac58b42e32683af9595c54c8352e587faab21d5a346c1da4eaa834f1621732f6678eae4e46b9c6ff5f0bc30cc5526d09a7e9bbd3c475b3ce627f26aab5f54589ec7c3c72c8d7e8215016c7fd909200c63a83272f8b8079b7be6a336422ec3bf8a980774b979b9a81d4d4da39f530c6f739ae2576924f6c14f295b0be263076f7e993ded8be6995f912461bec7cf172afbaa4ad0c8a0b886790d3d1984712dc5b0faa2d5c7b4f691fdabe5c629768a25939870779113a2119dc6ca24ea87c85a05b8b5c7c83ced15d61679bf6dcaea89139fe89b7463cac639f3fc64f9f701ceec2be930ad00162f3edd3e69e783fcc50299ef1c9cf2d04483b3c96f64357cb02babe11bd36bf6c3d4e8008c67998272b3ac8b20c39b0f9b1c9c09885fdb40425c1ece88f790ee9e660e7fba7237f8139f43f7a670735c932b5634a26d980819578c68ec563bd6eaa15e9e11ddf8eb5bf043b3204fa6a2d31be0a9ed8958728de9093d0af783e254ee7ca154f21690b847b9d6106c020c75bca7f44a7f91bdce40418bc6a9b9b8d8ddb498956435a2b07120f64f37a159cc8e5c3a94ffbb4869b0b0be319813dc6c36afb43a5ba77739b42229d4d2353d74a11d9aebb884b0f4c08b9353e9a3fa551fcb062227328bc5195eabbbc9b7f46016ce62d89cdff5653f5f22186535fb67d81b838cd9285d814cbe606e3f722f2184d1cd7e649ca4b4be881663b8b33916276e9ed31a356927e252e17ea4b1c8aba4e3e2c5c7ecfca12279cb4cb23e59bb506b6246a1cc46d73e6a22fd6409857f2f53dcc511f61699d4eb2c62b7a74ca8018ffebccbab781f873b880b3949e126b8989967ba78eba6118b869646c3463878e12d2d306ee06d290aeed041c96e20ff71bbb7766545f73122aeca8c0861f27678e8c09f9672584cec0eb81df4f69ef0c02f33f4c89e418844f812dcb6236eddfacc03ae1", &(0x7f0000000040)=""/17, &(0x7f0000001a00), &(0x7f0000000340)="fde7652b71e30d6b71a557d49c9bf726630b4fca1e29fa8b1562b2a12cc6cdd2706a37a184faba4cf52cba74ad98404d888f9148cfad492be378615449b89839af32e501bd796eadad3dc0c73d92e37287104ce4b14ea94b0570a9e102071cdb45307c69f84255cdb11855cc3a525cd9685374a1fffd84391eab5f339a97eb6533aa0c3387999d531b94d8977dd24f1fe613e863a5cad547cc2de65db3035650e1b77359d7eaddd0ea5f8b5819c24675c9e3043809251b2c97d05c9f9dde7346cd0b6f4fec447262a801073510d9eee53652", 0xd865824c, r7}, 0x38) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'wg0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0x5}, {0xfff1, 0xffff}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @qdisc_kind_options=@q_clsact={0xb}]}, 0x40}}, 0x10) r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r9, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r9, 0x90004) 3.04058728s ago: executing program 1 (id=463): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYRES64], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x10}, 0x94) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c) socket$packet(0x11, 0xa, 0x300) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) socket(0x10, 0x803, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) ioctl$FE_GET_PROPERTY(0xffffffffffffffff, 0x80106f53, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000040)={0x2, 0x4e22, @loopback}, 0x10) sendmsg$rds(r2, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, 0x0, 0x0, &(0x7f0000001180)}, 0x0) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) syz_emit_ethernet(0xbe, &(0x7f0000000080)=ANY=[@ANYBLOB="2c1ffae7b9cc8d8ce93725f4161a589f6f31d83a625645807d8dd6498b836bec3b53bbf487653a42c2c4b11785"], 0x0) r3 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r4 = openat$mice(0xffffffffffffff9c, &(0x7f0000001400), 0x101) epoll_create(0xff9) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1c0102, 0x0) write$vga_arbiter(r5, &(0x7f0000000280)=ANY=[@ANYBLOB='lock io+me'], 0xc) write$vga_arbiter(r4, &(0x7f00000002c0)=ANY=[@ANYRES16=r5, @ANYBLOB="025409c3ac14d408ebf35d3b97c5799ccc021fd220019fb74b9eaff375f9640d988184aa507921339cd69fb7c86b962394e1c0d7c5e6a0761bdbbeb11addb1eb104778144f81991ed04283447fffcdb2b0fb148a589881e4", @ANYRESOCT, @ANYRES32=r5, @ANYRESOCT=r3], 0xd) 1.608020967s ago: executing program 3 (id=464): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r3, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r4}) ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r4, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000}) 1.550074938s ago: executing program 2 (id=465): syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xf635, 0x2000, 0x0, 0xfffffffc}, &(0x7f0000000240), 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4, @local}]}, &(0x7f0000000240)=0x10) setsockopt$inet_sctp6_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000040)={r4, 0x6}, 0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) setresuid(0x0, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x2}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000000c0)={&(0x7f0000000a00)="2ec62918839c76120082058a8d001cadfc9ad5c80a4444681c0eaef58dc50ea8463fe93a87ff4f3bcca0f480469383243d731aaffad64bcc7497440fbe0114b08487b941904b0eb8ee67a8cd9117d1593b7ab0e79f7b73e0e504aa84abebe09663bc17cd8d4949d73d7c7bbbb60fef61a1251dab8c762de7d0a6f8f412f0cc3cd1de7d5df9b2f93746db69c33103f5ba20e5c334fbe2d9aa165c086e41b6439295ca5fd0e069baa57cc138ee4fb2ed1d417c494ccd1f7f83db92532abf400cb4a4eb3d6f925ff7ee3dd9beb779ca1bdaf1125f7b669c4abd8f45a7bf503d7bcef9d753a8bbd1f95d2b670039b290881f22f8b65ed2fc436b425b865d9cf91c66838dfd0e9ffdc2ed266d32fd23371dc9c706c4bac963866dff9794f8af5c7e4425ee4cabd5ebc8f2aa6b62e61c7ea526a8a3cad6a0df25ba227ca74d7f6fdf1ae2f559491837c777aafc87aff7b2b37b5cbcefe3d017c1c4bf1c4566f6cc011911397b348005e100a205ae6eab8453987569047da76cd7bac8b4c5d6495c35df74094ce7deeb442d47adf64c405b4f43282eea7a49d882fd46aa925102806b50a0746f29866d2448f6b8a461d5c50529883c16afde62bc0a09357be2438f55671a7d4a1a7ebddca90ed53370d11cf1ce50b082279833eccd108606beea351e0eb011165fd85fff3f7973fb0a66edaea844df796d3213dbee43f57dc96da8cc254d400709073a7c44904c94513df4e1e74fb333d3d3f707a566ec8905297f27dbf960862d09bddef41d8054bce7b8ee4db874992689af0eeb81afe67bb238c4501f980d114594c18b72629acbd302a2f8f91aa9d60d70b5af891082cedf7da7e24185d572804729c147c5a7d3661279fdb3e7018579c46dfd0f51fa3c33b92c99d85fa38c7cf6a8a45abd340c69cc8173538fb846bd29b7b8c48bbdb54d540bd4cbe2707ac558917064ee772369d4d9a7ca515b0ea5f94d094ca03d4f4cb55b69e59f09a3f8273af98785f032f132f0f68d3828d690aba5ad4f06c946619d59c3acce0e7cda916b32a87a4937c1dff03ff474451241b10a159b82e13cc1aa7f4373a3af5ad7edb958af7be3cc7b5ac50da1968dd52886be57d6e376549249a885d38c23c532cbe6447f24a302cf455919ed59dcecc9547b6e3ac43fa4fa6386e8240c1c55f7830d395281e9980c3a58e748d6f6e00e88ff04e7f8c036c4ef692685f62848d4cf5edb1cbb0ea505fc476fe806409fd506b42858dcbd5630e5569feb0092d77141b71869713817bad9e0d53ca235446ba2b1ca21010ab47c48e66468acd8d07e85a162b54b3ab46701cf6891bac64091861c508daa556ef06aedebe04685db1387faf00ffa0fe8d4a04ed1d2e91cb110d0e202ad4d5b398e261265ffd91f07c2d5d9ec5a465309a1b1e182f1964858545d8fb1dc3bcb4cb72d3090b3639dcc7f66f900ce3fe3b602c6d307808a528dbc93f7c38d2b5d275bd0c2e08aecb10c930530cc2d0a5447708417f93656b4bcf91f99f6cb85e38e38ee540a2a04b8b44bc993f5e135cfa692a80ccac79e7a4f69d272502fd04a5641d860a52850dffd1a8acc90507b4afd2ba6d6b9dab8c9fc40db75c5c7a6c138252dd740cf6f33495db4fbd1a8ad98a50e1e320f1385261c877f2c38c74fedea4f7f29006d49b37ad82d2d242dbccdddb61e41df7e1183e64133342a73371a1a320fe411ee662d4687bb486415357ebc806968a1d2e1cbfea080850942093643a201392630767699a7b9753cbfe259c5060f9a65f4b81fdc317a8d9d7818fca15dac85ac6461110eb0e5cdf4a0545f352091d4fbe20e7143c5cd7045a10b8f306c5e30b8a78a2e4bb5f68c7e487d5d4f594cc74f18b3c342b838b27fd3f650b5e4ca47c4c745d28e4e6551427115bca56e282d487e7016fa6556de2e78c272905011ec7f6d76f8513c222a21cc129cc5b106e6023cb6250884d9e2a373c6cfdd46d42ba946fe7efcc72620f4e96ba8917d7f46c49aab5cfd9dd9223596e85193099506561c30da1ea094b97fb9b0e8f925a76772d6642ac203d832141deef392cc1f44c6d6a75a57b69f0e51e681dd1f167a7ecc172e05034d3ce4a140d38caea1d70854a165b93c405799ee7b7a20f11c83d676c865bae23b5984963eca96d60eed740212cd889e61d2dd42e9b2cd63a32d1516662aa2a394cd365b9ef6c24fa00e7cb54168ea85cac0be7f40b0f464d0ba2f02a2c43b3f1b97f93acca3b7ec766cb1c72937ba851791240dc62700f266c64c385b0f9d26ecde162e7d3c6174d39eb9e0ab1c3c96605e56ac6e5c78745723196d0ac004b4e434e6b84d2a3af89673e670eeeec2b80db4a60faec70e40615ecd62fffaba781b611dec79cdf9e07fd18a71c85260a7c631ce036b658ee33b155fcef5977f43f112e5e84f03072ad2854d8fc2b662454cd068839067eb1e38a3d91f7fa0a39a322b64d6f7a7ba034deebb4e3c4a7863b7480d8d4ed8799acdd4e71cd9c88240bb6c8f603e68647070468343c07ce09310697db2520ca74df44fcdf21495b3c9d196fc507903cd0073873e037d9471295edd314c911cb243b809b04e970d668a064fc9008877f396650ae15f79185de3f890d4b81d2568befc10d2a57f4914eb00a42f9c25c2c85e9fec72b19a6c1e4e0cb9d2b783dd728205a7999bef1d5f0263d0a4f7b8fe8ce5d287dcc0f7380bbaab71b32e35aa7a94445dc3fe24b1307af0c0347906ff7df20aa82294a7d28909dd6da38e0136726709ad1a08e1df4cc5fea46047c6ddf5dff52895cd44ede8bb661c33b2fbebc9b830b8878945e7bfe61e2f73dc49604432f2644d1f1dfe9c6bc053204e419f38378293b355fa9848163cda7ea475a06c822fd32b034cb3e622d575eb491127628917d8b859a7ea3ee36b427d9aa0459e746d3916a49a6eec6a69e0e7e3d25723e47af15456318397be65437e721f1dcb531bc15d51b45049a6e29f3e447aa8680f193b80aac533fa983c7c271383b3fb76ab7013e47308e776bddde7194ff3266b8bb402d9dc3c10b31c421571ad462c1290815dda03d9a229c2224fe5a8ac635da0018a7f8433772751a4ac7fd2ed97f000f525ec36de37480b15cdfaa007f1e4b957e17ea445f975e7f49b21cb62ab4506c28dc5251e76ac245451cfa33f514c030e959f8d49a1cdef4cd480dc35e35f2b1729757708a0cc9bc43e22a358a0a590bfc64d19d777b8ccdd3f991b3b80b8090c047ca75a400e470bdee9090484a7988fa2209accf7d734bb5d3a4d1951340f65677b100a2f8bb3d4c50e018b64d718465896443e081f96cdb6de8b8c5a70d2353f90a1a9e64f0673d0cd4b99b8982702de361a3690051372ff7caddf18d9569c7f4026a5c70a01b92f791f2a00f0c67963277926d1b80cba2d611c1cf399f2cab7806d4d656f904e8fa68e5f89e51b40d0f4e76a64a8788b22d85c9b42c86882610397e11770b8255dc9a53aab9301d29ba5354aca37ed3bb2f3bd696591d02b087beac293052fbaab1ffe3de5b1ed9f5e7ce38420d97cc94c09cd302424d4e0ce8dd899034c3fa27b092b56c928bdee164d27a882908cd03e4522204bab4eb3546d1fa3e15425706c40d08ea389652315e65cf31f3eb2a752a4c7ffe379d02e5ce70d83885df3686d582616d182ec96efad63cff14dba27b00f6e46be563b66657694e1a9c972b61cf87ec3c4dd04868b3928e9bf222a8518456db71ce86c53062bea0058657bfebb11a40f6930b10ff6272a6589334d7f53cfbfbe9f6d2adc1dfd9666913a99f39e00b840006e8b4720e803050bcbb20fc0aec459b3a4a77992844431114647b6d09c81c4ab5c04e82c2637927a53ecdf38e07da0b1570314b70ead1dc08814d45401e6e3d5f145d304e5b7fa76af48452b59652a5076324a7a625686aee3fbccaef4b6308ec5255e5f53c14fc155f0eb224df6c247ca1ee2db4d2c5ef08ea65acadf4c140404032f31f9b31919c948c19137a37bd3a94cf2e93a05d2a044920476f5e4194be78866cdea30af5177aac7e94a8d0a76fd9a150c66b5039c8c12f94954670fec4e1602b37f4e0b9976a7b24f3834fe7ccde90902329368f7072d086f2149f15fb4770e73a1f7e2d88c20d839082af6437896188a07315af03c07138d555b2395b8b38372613b9e8527084fd2298d13b1d3a4cad7c192e954123f82dc0b487cf1dba785b0acbad43724b847337e7c9a9d01f9832952ccfe9d7c0d1c59580b7d9177d0663b31357ed5cd424235711eda7dc8bcfc5372321d6906fdd7ecb9b9ef0f6cb6033e62ccba2e276e1ea40a8ff8f9f6478662f734d8bf797b4eb5c788a255489cb9881197f795dec9584d8848b2a5d52f0caa1cbc461f4883f4e08f75882cc149aa6fccbf26ab1d0dde0e4425093d20c756f4a58434fb901a25d114a1573233ebb063330f3894285c503f6c74b3bb3a026b6fd3222f60bfe613f320c6d788e1f1fef05e26b3a6aaae80ad36202d6a2fe2d4f580257f3fcbf58e305f1efc78300e85c6eed622a8ab63b822fc9c197ad11e19f90743e567f8dd244750ed51f0b5592f04ffaa520b7e9757c749c264645e2eadb19aad133ab2237359d88de5ca4e11efab54b85531ebfb61eb1816abebbc54ed64d197c6b96ec1e043eeb11f48080fdde556773ee91c15bd86b0126c94b7e549888294de0176de3fba25ce3b55fddf73ad9989af2cac58b42e32683af9595c54c8352e587faab21d5a346c1da4eaa834f1621732f6678eae4e46b9c6ff5f0bc30cc5526d09a7e9bbd3c475b3ce627f26aab5f54589ec7c3c72c8d7e8215016c7fd909200c63a83272f8b8079b7be6a336422ec3bf8a980774b979b9a81d4d4da39f530c6f739ae2576924f6c14f295b0be263076f7e993ded8be6995f912461bec7cf172afbaa4ad0c8a0b886790d3d1984712dc5b0faa2d5c7b4f691fdabe5c629768a25939870779113a2119dc6ca24ea87c85a05b8b5c7c83ced15d61679bf6dcaea89139fe89b7463cac639f3fc64f9f701ceec2be930ad00162f3edd3e69e783fcc50299ef1c9cf2d04483b3c96f64357cb02babe11bd36bf6c3d4e8008c67998272b3ac8b20c39b0f9b1c9c09885fdb40425c1ece88f790ee9e660e7fba7237f8139f43f7a670735c932b5634a26d980819578c68ec563bd6eaa15e9e11ddf8eb5bf043b3204fa6a2d31be0a9ed8958728de9093d0af783e254ee7ca154f21690b847b9d6106c020c75bca7f44a7f91bdce40418bc6a9b9b8d8ddb498956435a2b07120f64f37a159cc8e5c3a94ffbb4869b0b0be319813dc6c36afb43a5ba77739b42229d4d2353d74a11d9aebb884b0f4c08b9353e9a3fa551fcb062227328bc5195eabbbc9b7f46016ce62d89cdff5653f5f22186535fb67d81b838cd9285d814cbe606e3f722f2184d1cd7e649ca4b4be881663b8b33916276e9ed31a356927e252e17ea4b1c8aba4e3e2c5c7ecfca12279cb4cb23e59bb506b6246a1cc46d73e6a22fd6409857f2f53dcc511f61699d4eb2c62b7a74ca8018ffebccbab781f873b880b3949e126b8989967ba78eba6118b869646c3463878e12d2d306ee06d290aeed041c96e20ff71bbb7766545f73122aeca8c0861f27678e8c09f9672584cec0eb81df4f69ef0c02f33f4c89e418844f812dcb6236eddfacc03ae1", &(0x7f0000000040)=""/17, &(0x7f0000001a00), &(0x7f0000000340)="fde7652b71e30d6b71a557d49c9bf726630b4fca1e29fa8b1562b2a12cc6cdd2706a37a184faba4cf52cba74ad98404d888f9148cfad492be378615449b89839af32e501bd796eadad3dc0c73d92e37287104ce4b14ea94b0570a9e102071cdb45307c69f84255cdb11855cc3a525cd9685374a1fffd84391eab5f339a97eb6533aa0c3387999d531b94d8977dd24f1fe613e863a5cad547cc2de65db3035650e1b77359d7eaddd0ea5f8b5819c24675c9e3043809251b2c97d05c9f9dde7346cd0b6f4fec447262a801073510d9eee53652", 0xd865824c, r7}, 0x38) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'wg0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0x5}, {0xfff1, 0xffff}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @qdisc_kind_options=@q_clsact={0xb}]}, 0x40}}, 0x10) r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r9, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r9, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) 0s ago: executing program 3 (id=466): socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x0, 0x0, 0x0}, 0x94) bind$inet6(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x11, 0x4, 0x4, 0xa}, 0x50) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xfffffde6}], 0x3, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x1, 0x40800) syz_emit_vhci(0x0, 0x3fc) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.111' (ED25519) to the list of known hosts. [ 70.446238][ T5784] cgroup: Unknown subsys name 'net' [ 70.678050][ T5784] cgroup: Unknown subsys name 'cpuset' [ 70.734480][ T5784] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 71.542861][ T1317] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.542913][ T1317] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.331678][ T5784] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 75.707823][ T5799] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.709337][ T5799] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 75.711765][ T5799] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.712233][ T5799] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 75.713218][ T5799] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.713350][ T5799] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 75.715736][ T5799] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.715872][ T5799] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 75.717325][ T5799] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.717454][ T5799] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 75.768284][ T61] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 75.771763][ T61] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 75.772513][ T61] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 75.781441][ T5803] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 75.783074][ T5803] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 75.865581][ T5114] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 75.866821][ T5114] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 75.869420][ T5802] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 75.872140][ T5802] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 75.873492][ T5802] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 75.898544][ T61] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 75.920263][ T5803] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 75.922883][ T5803] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 75.945568][ T5803] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 75.947328][ T5803] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 76.633092][ T5805] chnl_net:caif_netlink_parms(): no params data found [ 76.659929][ T5796] chnl_net:caif_netlink_parms(): no params data found [ 76.678458][ T5797] chnl_net:caif_netlink_parms(): no params data found [ 76.822979][ T5809] chnl_net:caif_netlink_parms(): no params data found [ 76.878433][ T5810] chnl_net:caif_netlink_parms(): no params data found [ 77.006967][ T5805] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.007705][ T5805] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.007994][ T5805] bridge_slave_0: entered allmulticast mode [ 77.009599][ T5805] bridge_slave_0: entered promiscuous mode [ 77.069026][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.069127][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.069234][ T5796] bridge_slave_0: entered allmulticast mode [ 77.070546][ T5796] bridge_slave_0: entered promiscuous mode [ 77.071899][ T5805] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.072015][ T5805] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.072163][ T5805] bridge_slave_1: entered allmulticast mode [ 77.075505][ T5805] bridge_slave_1: entered promiscuous mode [ 77.103172][ T5797] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.103285][ T5797] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.103454][ T5797] bridge_slave_0: entered allmulticast mode [ 77.105955][ T5797] bridge_slave_0: entered promiscuous mode [ 77.143075][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.143165][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.143297][ T5796] bridge_slave_1: entered allmulticast mode [ 77.176617][ T5796] bridge_slave_1: entered promiscuous mode [ 77.198577][ T5797] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.198681][ T5797] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.198786][ T5797] bridge_slave_1: entered allmulticast mode [ 77.200170][ T5797] bridge_slave_1: entered promiscuous mode [ 77.287574][ T5805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.315916][ T5809] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.316096][ T5809] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.316249][ T5809] bridge_slave_0: entered allmulticast mode [ 77.318084][ T5809] bridge_slave_0: entered promiscuous mode [ 77.323096][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.327551][ T5805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.355270][ T5797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.355539][ T5809] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.355647][ T5809] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.355798][ T5809] bridge_slave_1: entered allmulticast mode [ 77.358059][ T5809] bridge_slave_1: entered promiscuous mode [ 77.365263][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.383635][ T5810] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.384047][ T5810] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.384206][ T5810] bridge_slave_0: entered allmulticast mode [ 77.386607][ T5810] bridge_slave_0: entered promiscuous mode [ 77.406916][ T5797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.456544][ T5810] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.456674][ T5810] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.456831][ T5810] bridge_slave_1: entered allmulticast mode [ 77.458664][ T5810] bridge_slave_1: entered promiscuous mode [ 77.504964][ T5805] team0: Port device team_slave_0 added [ 77.534316][ T5809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.536484][ T5796] team0: Port device team_slave_0 added [ 77.538631][ T5805] team0: Port device team_slave_1 added [ 77.558121][ T5797] team0: Port device team_slave_0 added [ 77.855150][ T5803] Bluetooth: hci0: command tx timeout [ 77.855778][ T5803] Bluetooth: hci1: command tx timeout [ 77.855893][ T5803] Bluetooth: hci2: command tx timeout [ 77.936564][ T5809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.938022][ T5796] team0: Port device team_slave_1 added [ 77.967165][ T5810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.968947][ T5797] team0: Port device team_slave_1 added [ 78.009827][ T5810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.013845][ T5803] Bluetooth: hci3: command tx timeout [ 78.014067][ T5114] Bluetooth: hci4: command tx timeout [ 78.051485][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.051496][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.051509][ T5805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.095274][ T5809] team0: Port device team_slave_0 added [ 78.097021][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.097035][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.097058][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.099406][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.099418][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.099442][ T5805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.209505][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.209522][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.209546][ T5797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.211665][ T5809] team0: Port device team_slave_1 added [ 78.212275][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.212284][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.212297][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.287726][ T5810] team0: Port device team_slave_0 added [ 78.289568][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.289581][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.289605][ T5797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.327367][ T5810] team0: Port device team_slave_1 added [ 78.372460][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.372474][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.372487][ T5809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.427430][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.427443][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.427456][ T5809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.442982][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.442999][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.443022][ T5810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.503533][ T5805] hsr_slave_0: entered promiscuous mode [ 78.505520][ T5805] hsr_slave_1: entered promiscuous mode [ 78.507565][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.507577][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.507601][ T5810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.539802][ T5796] hsr_slave_0: entered promiscuous mode [ 78.540986][ T5796] hsr_slave_1: entered promiscuous mode [ 78.541932][ T5796] debugfs: 'hsr0' already exists in 'hsr' [ 78.542037][ T5796] Cannot create hsr debugfs directory [ 78.569128][ T5797] hsr_slave_0: entered promiscuous mode [ 78.570371][ T5797] hsr_slave_1: entered promiscuous mode [ 78.571201][ T5797] debugfs: 'hsr0' already exists in 'hsr' [ 78.571223][ T5797] Cannot create hsr debugfs directory [ 78.831185][ T5809] hsr_slave_0: entered promiscuous mode [ 78.831944][ T5809] hsr_slave_1: entered promiscuous mode [ 78.832441][ T5809] debugfs: 'hsr0' already exists in 'hsr' [ 78.832461][ T5809] Cannot create hsr debugfs directory [ 78.870001][ T5810] hsr_slave_0: entered promiscuous mode [ 78.870714][ T5810] hsr_slave_1: entered promiscuous mode [ 78.871325][ T5810] debugfs: 'hsr0' already exists in 'hsr' [ 78.871343][ T5810] Cannot create hsr debugfs directory [ 79.456823][ T5805] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 79.502030][ T5805] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 79.538271][ T5805] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 79.589658][ T5805] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 79.819817][ T5796] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 79.859984][ T5796] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 79.882489][ T5796] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 79.932193][ T5796] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 79.934519][ T5803] Bluetooth: hci1: command tx timeout [ 79.934550][ T5803] Bluetooth: hci0: command tx timeout [ 79.934700][ T5114] Bluetooth: hci2: command tx timeout [ 80.058957][ T5797] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 80.091535][ T5797] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 80.093710][ T5114] Bluetooth: hci4: command tx timeout [ 80.093739][ T5114] Bluetooth: hci3: command tx timeout [ 80.114090][ T5797] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 80.152710][ T5797] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 80.269525][ T5809] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 80.306481][ T5809] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 80.350962][ T5809] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 80.387845][ T5809] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 80.495912][ T5805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.522894][ T5810] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 80.556477][ T5810] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 80.592299][ T5810] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 80.632605][ T5810] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 80.703525][ T5805] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.731243][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.745744][ T152] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.746530][ T152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.783315][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.783437][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.829797][ T5796] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.862115][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.862300][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.894569][ T5797] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.907613][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.908444][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.990282][ T5797] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.022397][ T5809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.031814][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.032387][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.097039][ T152] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.097369][ T152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.182180][ T5809] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.226681][ T5810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.250782][ T152] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.250910][ T152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.307121][ T152] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.307395][ T152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.358695][ T5810] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.399413][ T5805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.403380][ T3516] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.405396][ T3516] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.460766][ T3516] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.460861][ T3516] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.609763][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.692906][ T5805] veth0_vlan: entered promiscuous mode [ 81.791125][ T810] cfg80211: failed to load regulatory.db [ 81.800638][ T5805] veth1_vlan: entered promiscuous mode [ 81.883815][ T5797] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.903006][ T5796] veth0_vlan: entered promiscuous mode [ 81.992876][ T5796] veth1_vlan: entered promiscuous mode [ 82.002011][ T5805] veth0_macvtap: entered promiscuous mode [ 82.016276][ T61] Bluetooth: hci2: command tx timeout [ 82.016306][ T61] Bluetooth: hci0: command tx timeout [ 82.016327][ T61] Bluetooth: hci1: command tx timeout [ 82.050731][ T5805] veth1_macvtap: entered promiscuous mode [ 82.166358][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.176707][ T5114] Bluetooth: hci3: command tx timeout [ 82.176736][ T5114] Bluetooth: hci4: command tx timeout [ 82.230511][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.294316][ T57] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.297501][ T57] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.301268][ T57] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.317487][ T57] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.329685][ T5809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.364905][ T5796] veth0_macvtap: entered promiscuous mode [ 82.458865][ T5796] veth1_macvtap: entered promiscuous mode [ 82.597628][ T5810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.668691][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.739768][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.739802][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.743039][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.819494][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.837440][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.859415][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.869086][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.873707][ T5797] veth0_vlan: entered promiscuous mode [ 82.884751][ T5809] veth0_vlan: entered promiscuous mode [ 82.888526][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.888543][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.023343][ T5809] veth1_vlan: entered promiscuous mode [ 83.030543][ T5797] veth1_vlan: entered promiscuous mode [ 83.158347][ T5810] veth0_vlan: entered promiscuous mode [ 83.232233][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.232255][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.282082][ T5810] veth1_vlan: entered promiscuous mode [ 83.417239][ T5797] veth0_macvtap: entered promiscuous mode [ 83.420878][ T5809] veth0_macvtap: entered promiscuous mode [ 83.449018][ T5797] veth1_macvtap: entered promiscuous mode [ 83.501369][ T5809] veth1_macvtap: entered promiscuous mode [ 83.977401][ T5915] overlayfs: failed to resolve './file2': -2 [ 84.094712][ T5114] Bluetooth: hci0: command tx timeout [ 84.094744][ T5114] Bluetooth: hci2: command tx timeout [ 84.094793][ T61] Bluetooth: hci1: command tx timeout [ 84.096750][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.096769][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.200817][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.226279][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.227593][ T5810] veth0_macvtap: entered promiscuous mode [ 84.233328][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.253988][ T61] Bluetooth: hci4: command tx timeout [ 84.254021][ T61] Bluetooth: hci3: command tx timeout [ 84.371626][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.392882][ T5810] veth1_macvtap: entered promiscuous mode [ 84.402721][ T65] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.417188][ T65] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.429372][ T65] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.440408][ T65] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.447515][ T65] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.448487][ T65] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.450665][ T65] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.454431][ T65] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.603340][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.805452][ T36] audit: type=1326 audit(1772300361.222:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5920 comm="syz.1.2" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff282b9c799 code=0x0 [ 85.395670][ T5926] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 85.479146][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.757374][ T57] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.761934][ T57] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.774468][ T57] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.820352][ T57] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.839840][ T5933] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 85.904172][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.904191][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.974302][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 85.974345][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 85.975216][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 85.975251][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 85.975840][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 85.975874][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 85.976116][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 85.976151][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 85.976218][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 85.976251][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 87.155739][ T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.155761][ T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.307220][ T4502] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.307241][ T4502] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.864345][ T5942] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 89.107238][ T4154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.107252][ T4154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.322264][ T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.322284][ T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.752684][ T152] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.752704][ T152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.122931][ T5983] ceph: No mds server is up or the cluster is laggy [ 94.767161][ T5858] libceph: connect (1)[c::]:6789 error -101 [ 94.767719][ T5858] libceph: mon0 (1)[c::]:6789 connect error [ 95.196088][ T5991] 9pnet_fd: Insufficient options for proto=fd [ 95.282065][ T36] audit: type=1326 audit(1772300371.682:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5988 comm="syz.3.18" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7cf715c799 code=0x0 [ 95.630453][ T5994] netlink: 4 bytes leftover after parsing attributes in process `syz.1.20'. [ 96.017910][ T6002] kAFS: No cell specified [ 100.786404][ T810] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 101.166823][ T810] usb 3-1: device descriptor read/64, error -71 [ 101.371147][ T6028] kAFS: No cell specified [ 103.954709][ T810] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 104.009538][ T6032] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 104.684841][ T6043] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 105.795447][ T6069] netlink: 'syz.2.38': attribute type 30 has an invalid length. [ 105.823156][ T6069] mmap: syz.2.38 (6069) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 106.303790][ T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 106.458315][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 106.493806][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 106.493868][ T9] usb 2-1: New USB device found, idVendor=06a3, idProduct=0ccd, bcdDevice= 0.00 [ 106.493891][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.668104][ T9] usb 2-1: config 0 descriptor?? [ 106.767052][ T9] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 109.171734][ T5928] usb 2-1: USB disconnect, device number 2 [ 109.719808][ T6160] netlink: 'syz.0.61': attribute type 1 has an invalid length. [ 109.803156][ T4154] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.884974][ T61] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 109.922546][ T61] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 109.932155][ T61] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 109.939606][ T61] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 109.941519][ T61] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 110.401815][ T4154] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.873044][ T4154] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.017212][ T6203] netlink: 'syz.3.77': attribute type 3 has an invalid length. [ 111.017232][ T6203] netlink: 24 bytes leftover after parsing attributes in process `syz.3.77'. [ 111.530580][ T4154] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.647637][ T6222] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 111.708094][ T6223] syz.1.86 uses obsolete (PF_INET,SOCK_PACKET) [ 111.959427][ T6230] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 111.959674][ T6230] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 111.959811][ T6230] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 111.959949][ T6230] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 111.960083][ T6230] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 111.960217][ T6230] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 111.960358][ T6230] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 111.960486][ T6230] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 111.960622][ T6230] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 111.960765][ T6230] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 112.014691][ T5803] Bluetooth: hci1: command tx timeout [ 112.378277][ T6164] chnl_net:caif_netlink_parms(): no params data found [ 112.519333][ T6238] netlink: 'syz.3.91': attribute type 32 has an invalid length. [ 112.519353][ T6238] netlink: 20 bytes leftover after parsing attributes in process `syz.3.91'. [ 112.547938][ T6238] bond0: option coupled_control: mode dependency failed, not supported in mode balance-rr(0) [ 112.753912][ T6164] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.754026][ T6164] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.754239][ T6164] bridge_slave_0: entered allmulticast mode [ 112.756857][ T6164] bridge_slave_0: entered promiscuous mode [ 112.807247][ T6164] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.807337][ T6164] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.807560][ T6164] bridge_slave_1: entered allmulticast mode [ 112.810199][ T6164] bridge_slave_1: entered promiscuous mode [ 112.942937][ T4154] bridge_slave_1: left allmulticast mode [ 112.943032][ T4154] bridge_slave_1: left promiscuous mode [ 112.978296][ T4154] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.293444][ T4154] bridge_slave_0: left allmulticast mode [ 113.293472][ T4154] bridge_slave_0: left promiscuous mode [ 113.310549][ T4154] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.095645][ T5803] Bluetooth: hci1: command tx timeout [ 115.848867][ T6306] netlink: 8 bytes leftover after parsing attributes in process `syz.0.111'. [ 116.309775][ T5803] Bluetooth: hci1: command tx timeout [ 117.277736][ T4154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 117.348584][ T4154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 117.380195][ T4154] bond0 (unregistering): Released all slaves [ 117.695466][ T6164] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 117.740554][ T6164] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 118.305576][ T6328] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 119.152154][ T6164] team0: Port device team_slave_0 added [ 119.178337][ T6164] team0: Port device team_slave_1 added [ 119.374071][ T5803] Bluetooth: hci1: command tx timeout [ 119.875888][ T6164] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 119.875905][ T6164] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 119.875930][ T6164] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 119.931752][ T6164] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 119.931770][ T6164] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 119.931795][ T6164] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 120.428648][ T5859] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 120.621374][ T4154] hsr_slave_0: left promiscuous mode [ 120.676599][ T5859] usb 4-1: config 1 has an invalid descriptor of length 71, skipping remainder of the config [ 120.676645][ T5859] usb 4-1: too many endpoints for config 1 interface 0 altsetting 0: 199, using maximum allowed: 30 [ 120.676683][ T5859] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 199 [ 120.683757][ T5859] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 120.683786][ T5859] usb 4-1: New USB device strings: Mfr=0, Product=174, SerialNumber=1 [ 120.683804][ T5859] usb 4-1: Product: syz [ 120.683817][ T5859] usb 4-1: SerialNumber: syz [ 120.764868][ T4154] hsr_slave_1: left promiscuous mode [ 120.808680][ T4154] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 121.021560][ T4154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 121.250471][ T4154] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 121.250805][ T4154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 122.291906][ T4154] veth1_macvtap: left promiscuous mode [ 122.303250][ T4154] veth0_macvtap: left promiscuous mode [ 122.316159][ T4154] veth1_vlan: left promiscuous mode [ 122.320106][ T4154] veth0_vlan: left promiscuous mode [ 122.664369][ T6384] 9pnet_fd: Insufficient options for proto=fd [ 122.901116][ T6385] netlink: 'syz.1.125': attribute type 30 has an invalid length. [ 123.325904][ T5859] usb 4-1: USB disconnect, device number 2 [ 124.774382][ T6401] ceph: No mds server is up or the cluster is laggy [ 127.860438][ T4154] team0 (unregistering): Port device team_slave_1 removed [ 127.974560][ T4154] team0 (unregistering): Port device team_slave_0 removed [ 128.360284][ T6430] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 128.589789][ T6164] hsr_slave_0: entered promiscuous mode [ 128.591098][ T6164] hsr_slave_1: entered promiscuous mode [ 128.593382][ T6164] debugfs: 'hsr0' already exists in 'hsr' [ 128.593405][ T6164] Cannot create hsr debugfs directory [ 129.795433][ T6441] 9pnet_fd: Insufficient options for proto=fd [ 132.403510][ T6453] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 132.998460][ T1317] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.998504][ T1317] ieee802154 phy1 wpan1: encryption failed: -22 [ 137.473721][ T1230] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 137.623709][ T1230] usb 2-1: Using ep0 maxpacket: 16 [ 137.626103][ T1230] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 137.626135][ T1230] usb 2-1: New USB device found, idVendor=06a3, idProduct=0ccd, bcdDevice= 0.00 [ 137.626146][ T1230] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.674257][ T1230] usb 2-1: config 0 descriptor?? [ 137.682040][ T1230] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 140.080507][ T6164] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 140.399618][ T6164] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 141.367352][ T1230] usb 2-1: USB disconnect, device number 3 [ 141.586627][ T6509] overlay: filesystem on ./file0 not supported as upperdir [ 141.856863][ T6164] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 141.941966][ T6510] Can't find ip_set type bitmap:ip [ 142.352398][ T6522] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 143.376147][ T6524] 9pnet_fd: Insufficient options for proto=fd [ 143.469495][ T6164] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 145.445655][ T6532] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 146.956191][ T6164] 8021q: adding VLAN 0 to HW filter on device bond0 [ 147.012947][ T6164] 8021q: adding VLAN 0 to HW filter on device team0 [ 147.084218][ T6338] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.084332][ T6338] bridge0: port 1(bridge_slave_0) entered forwarding state [ 147.189107][ T6164] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 147.189130][ T6164] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 147.207325][ T1169] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.207449][ T1169] bridge0: port 2(bridge_slave_1) entered forwarding state [ 150.681371][ T6164] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 152.187874][ T6594] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 153.339294][ T6607] overlay: filesystem on ./file0 not supported as upperdir [ 153.469034][ T6608] Zero length message leads to an empty skb [ 153.863236][ T6164] veth0_vlan: entered promiscuous mode [ 153.966416][ T6164] veth1_vlan: entered promiscuous mode [ 154.070797][ T6614] 9pnet_fd: Insufficient options for proto=fd [ 154.766455][ T6164] veth0_macvtap: entered promiscuous mode [ 155.157004][ T6164] veth1_macvtap: entered promiscuous mode [ 155.335118][ T6164] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 155.385971][ T6164] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 155.427476][ T6338] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.427698][ T6338] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.427747][ T6338] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.427779][ T6338] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.543693][ T5859] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 156.323040][ T5859] usb 3-1: Using ep0 maxpacket: 16 [ 156.351406][ T5859] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 156.351461][ T5859] usb 3-1: New USB device found, idVendor=06a3, idProduct=0ccd, bcdDevice= 0.00 [ 156.351483][ T5859] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.409591][ T5859] usb 3-1: config 0 descriptor?? [ 156.441279][ T5859] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 158.633796][ T6641] overlay: filesystem on ./file0 not supported as upperdir [ 158.653521][ T31] libceph: connect (1)[c::]:6789 error -101 [ 158.664025][ T6637] ceph: No mds server is up or the cluster is laggy [ 158.668043][ T31] libceph: mon0 (1)[c::]:6789 connect error [ 158.831478][ T6641] Can't find ip_set type bitmap:ip [ 159.016241][ T5872] usb 3-1: USB disconnect, device number 4 [ 159.232114][ T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.232164][ T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.331223][ T6658] capability: warning: `syz.2.176' uses 32-bit capabilities (legacy support in use) [ 159.333249][ T6658] program syz.2.176 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 159.761849][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.761870][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 160.271425][ T6673] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 162.581961][ T6680] 9pnet_fd: Insufficient options for proto=fd [ 166.953237][ T6706] netlink: 'syz.0.182': attribute type 30 has an invalid length. [ 167.102444][ T6707] overlayfs: failed to resolve './file0': -2 [ 167.291898][ T6708] overlayfs: failed to resolve './file2': -2 [ 168.194747][ T6693] syz.1.183 (6693) used greatest stack depth: 18320 bytes left [ 168.918387][ T6724] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 170.871156][ T6726] Can't find ip_set type bitmap:ip [ 171.069245][ T5879] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 171.344006][ T5879] usb 3-1: Using ep0 maxpacket: 32 [ 171.410199][ T5879] usb 3-1: device descriptor read/all, error -71 [ 171.425410][ T6734] 9pnet_fd: Insufficient options for proto=fd [ 173.564830][ T6744] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 182.183858][ T6775] netlink: 'syz.2.202': attribute type 30 has an invalid length. [ 184.465842][ T6795] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 184.666730][ T6797] program syz.4.205 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 185.123220][ T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 185.273711][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 185.278898][ T10] usb 1-1: unable to get BOS descriptor or descriptor too short [ 185.280232][ T10] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 185.308020][ T10] usb 1-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 185.308049][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.308067][ T10] usb 1-1: Product: syz [ 185.308080][ T10] usb 1-1: Manufacturer: syz [ 185.308094][ T10] usb 1-1: SerialNumber: syz [ 185.556220][ T6812] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 187.934532][ T10] usb 1-1: Invalid number of CPorts: 0 [ 187.934572][ T10] es2_ap_driver 1-1:7.0: probe with driver es2_ap_driver failed with error -22 [ 189.041874][ T10] usb 1-1: USB disconnect, device number 2 [ 189.188575][ T6837] kAFS: No cell specified [ 189.956894][ T6833] syz.1.213 (6833) used greatest stack depth: 17568 bytes left [ 190.413823][ T10] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 190.780250][ T10] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 190.780279][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.780298][ T10] usb 1-1: Product: syz [ 190.780311][ T10] usb 1-1: Manufacturer: syz [ 190.780325][ T10] usb 1-1: SerialNumber: syz [ 190.839349][ T10] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 191.348641][ T9] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 191.978041][ T5928] usb 1-1: USB disconnect, device number 3 [ 192.091093][ T6851] netlink: 'syz.3.219': attribute type 30 has an invalid length. [ 192.520056][ T9] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 192.522502][ T9] ath9k_htc: Failed to initialize the device [ 192.568906][ T5928] usb 1-1: ath9k_htc: USB layer deinitialized [ 192.861130][ T6861] program syz.4.221 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 193.765593][ T6870] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 194.457236][ T1317] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.458421][ T1317] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.752312][ T31] libceph: connect (1)[c::]:6789 error -101 [ 194.752427][ T31] libceph: mon0 (1)[c::]:6789 connect error [ 194.773769][ T6869] ceph: No mds server is up or the cluster is laggy [ 196.895203][ T6888] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 198.277622][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 199.313708][ T9] usb 5-1: device descriptor read/64, error -71 [ 199.314740][ T6899] netlink: 'syz.1.232': attribute type 30 has an invalid length. [ 199.586968][ T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 199.713736][ T9] usb 5-1: device descriptor read/64, error -71 [ 199.826134][ T9] usb usb5-port1: attempt power cycle [ 200.828947][ T6915] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 201.681890][ T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 201.689103][ T6912] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 201.723035][ T6906] Bluetooth: hci0: command 0x0406 tx timeout [ 201.723270][ T6906] Bluetooth: hci2: command 0x0406 tx timeout [ 201.723296][ T6906] Bluetooth: hci4: command 0x0406 tx timeout [ 201.723319][ T6906] Bluetooth: hci3: command 0x0406 tx timeout [ 201.786129][ T9] usb 5-1: device descriptor read/8, error -71 [ 205.758078][ T6951] netlink: 8 bytes leftover after parsing attributes in process `syz.3.244'. [ 206.817957][ T6954] netlink: 'syz.3.246': attribute type 30 has an invalid length. [ 207.263851][ T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 207.318458][ T6966] program syz.3.250 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 207.423763][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 207.433867][ T9] usb 2-1: New USB device found, idVendor=041e, idProduct=4018, bcdDevice=ed.b4 [ 207.433895][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.433913][ T9] usb 2-1: Product: syz [ 207.433926][ T9] usb 2-1: Manufacturer: syz [ 207.433938][ T9] usb 2-1: SerialNumber: syz [ 207.453761][ T9] usb 2-1: config 0 descriptor?? [ 207.459678][ T9] gspca_main: spca508-2.14.0 probing 041e:4018 [ 207.619439][ T5859] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 207.798957][ T5859] usb 1-1: device descriptor read/64, error -71 [ 208.313729][ T9] gspca_spca508: reg_read err -110 [ 208.314234][ T9] gspca_spca508: reg_read err -71 [ 208.314593][ T9] gspca_spca508: reg_read err -71 [ 208.325529][ T9] gspca_spca508: reg_read err -71 [ 208.328367][ T9] gspca_spca508: reg write: error -71 [ 208.328467][ T9] spca508 2-1:0.0: probe with driver spca508 failed with error -71 [ 208.338584][ T9] usb 2-1: USB disconnect, device number 4 [ 208.398239][ T5859] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 208.563908][ T5859] usb 1-1: device descriptor read/64, error -71 [ 208.674166][ T5859] usb usb1-port1: attempt power cycle [ 209.653749][ T5859] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 209.700128][ T5859] usb 1-1: device descriptor read/8, error -71 [ 210.153959][ T5859] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 211.701897][ T5859] usb 1-1: device descriptor read/8, error -71 [ 211.805311][ T5859] usb usb1-port1: unable to enumerate USB device [ 213.865694][ T7003] netlink: 132 bytes leftover after parsing attributes in process `syz.3.259'. [ 217.041561][ T7024] netlink: 8 bytes leftover after parsing attributes in process `syz.3.265'. [ 218.146269][ T7030] kAFS: No cell specified [ 218.513829][ T9] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 218.703801][ T9] usb 1-1: device descriptor read/64, error -71 [ 219.285350][ T9] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 219.479273][ T9] usb 1-1: device descriptor read/64, error -71 [ 219.584330][ T9] usb usb1-port1: attempt power cycle [ 219.674497][ T7045] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 220.023713][ T9] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 220.049565][ T9] usb 1-1: device descriptor read/8, error -71 [ 220.285204][ T9] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 220.565956][ T9] usb 1-1: device descriptor read/8, error -71 [ 220.666533][ T7052] netlink: 132 bytes leftover after parsing attributes in process `syz.1.272'. [ 222.460689][ T9] usb usb1-port1: unable to enumerate USB device [ 223.277230][ T7059] program syz.4.273 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 224.930361][ T7073] Can't find ip_set type bitmap:ip [ 226.252736][ T7077] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 227.980752][ T7093] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 228.127262][ T7095] netlink: 132 bytes leftover after parsing attributes in process `syz.1.286'. [ 232.493728][ T5114] Bluetooth: hci1: command 0x0406 tx timeout [ 234.023225][ T7118] Can't find ip_set type bitmap:ip [ 240.733978][ T7163] program syz.0.305 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 240.772774][ T7166] Can't find ip_set type bitmap:ip [ 241.759328][ T7176] afs: Unknown parameter 'dy' [ 247.228333][ T7221] afs: Unknown parameter 'dy' [ 249.554589][ T7234] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 253.850146][ T7260] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 256.024301][ T1317] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.024370][ T1317] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.053166][ T7272] program syz.4.332 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 257.537804][ T7280] Can't find ip_set type bitmap:ip [ 261.429573][ T7315] program syz.1.344 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 261.826989][ T7316] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 261.893708][ T5859] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 262.613739][ T5859] usb 4-1: Using ep0 maxpacket: 16 [ 263.691708][ T5859] usb 4-1: New USB device found, idVendor=041e, idProduct=4018, bcdDevice=ed.b4 [ 263.691732][ T5859] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 263.691742][ T5859] usb 4-1: Product: syz [ 263.691750][ T5859] usb 4-1: Manufacturer: syz [ 263.691757][ T5859] usb 4-1: SerialNumber: syz [ 263.696010][ T5859] usb 4-1: config 0 descriptor?? [ 263.757750][ T5859] gspca_main: spca508-2.14.0 probing 041e:4018 [ 264.246410][ T5859] gspca_spca508: reg_read err -71 [ 264.246814][ T5859] gspca_spca508: reg_read err -71 [ 264.247184][ T5859] gspca_spca508: reg_read err -71 [ 264.247557][ T5859] gspca_spca508: reg_read err -71 [ 264.247922][ T5859] gspca_spca508: reg write: error -71 [ 264.248007][ T5859] spca508 4-1:0.0: probe with driver spca508 failed with error -71 [ 264.253219][ T5859] usb 4-1: USB disconnect, device number 3 [ 266.227548][ T7343] netlink: 8 bytes leftover after parsing attributes in process `syz.2.350'. [ 269.213723][ T10] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 269.718350][ T7369] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 270.365469][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 270.375607][ T10] usb 1-1: unable to get BOS descriptor or descriptor too short [ 270.375713][ T10] usb 1-1: no configurations [ 270.375726][ T10] usb 1-1: can't read configurations, error -22 [ 270.525216][ T10] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 270.693867][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 270.695624][ T10] usb 1-1: unable to get BOS descriptor or descriptor too short [ 270.695674][ T10] usb 1-1: no configurations [ 270.695681][ T10] usb 1-1: can't read configurations, error -22 [ 270.695903][ T10] usb usb1-port1: attempt power cycle [ 271.184498][ T10] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 271.228510][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 271.279358][ T10] usb 1-1: unable to get BOS descriptor or descriptor too short [ 271.279441][ T10] usb 1-1: no configurations [ 271.279453][ T10] usb 1-1: can't read configurations, error -22 [ 271.687441][ T10] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 271.805897][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 271.842404][ T10] usb 1-1: unable to get BOS descriptor or descriptor too short [ 271.842483][ T10] usb 1-1: no configurations [ 271.842495][ T10] usb 1-1: can't read configurations, error -22 [ 271.892603][ T10] usb usb1-port1: unable to enumerate USB device [ 276.783721][ T5879] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 276.940841][ T5879] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 276.940872][ T5879] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 276.940891][ T5879] usb 1-1: Product: syz [ 276.940905][ T5879] usb 1-1: Manufacturer: syz [ 276.940919][ T5879] usb 1-1: SerialNumber: syz [ 277.103262][ T5879] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 277.150071][ T10] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 277.795342][ T5928] usb 1-1: USB disconnect, device number 16 [ 278.194254][ T5880] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 278.278717][ T10] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 278.302231][ T10] ath9k_htc: Failed to initialize the device [ 278.554030][ T5880] usb 3-1: Using ep0 maxpacket: 32 [ 278.859625][ T5928] usb 1-1: ath9k_htc: USB layer deinitialized [ 278.870373][ T5880] usb 3-1: unable to get BOS descriptor or descriptor too short [ 278.871122][ T5880] usb 3-1: no configurations [ 278.871179][ T5880] usb 3-1: can't read configurations, error -22 [ 279.118854][ T7421] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 280.133770][ T5880] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 280.283728][ T5880] usb 3-1: Using ep0 maxpacket: 32 [ 280.286654][ T5880] usb 3-1: unable to get BOS descriptor or descriptor too short [ 280.286747][ T5880] usb 3-1: no configurations [ 280.286759][ T5880] usb 3-1: can't read configurations, error -22 [ 280.287320][ T5880] usb usb3-port1: attempt power cycle [ 280.517616][ T7431] netlink: 8 bytes leftover after parsing attributes in process `syz.3.378'. [ 280.654311][ T5880] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 281.267084][ T5880] usb 3-1: device descriptor read/8, error -71 [ 281.578253][ T7438] netlink: 8 bytes leftover after parsing attributes in process `syz.2.382'. [ 284.024647][ T10] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 284.265460][ T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 284.305263][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 284.310354][ T10] usb 5-1: New USB device found, idVendor=041e, idProduct=4018, bcdDevice=ed.b4 [ 284.310384][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 284.310402][ T10] usb 5-1: Product: syz [ 284.310415][ T10] usb 5-1: Manufacturer: syz [ 284.310429][ T10] usb 5-1: SerialNumber: syz [ 284.352623][ T10] usb 5-1: config 0 descriptor?? [ 284.377302][ T10] gspca_main: spca508-2.14.0 probing 041e:4018 [ 284.423709][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 284.427429][ T9] usb 2-1: unable to get BOS descriptor or descriptor too short [ 284.431518][ T9] usb 2-1: config 102 has an invalid descriptor of length 0, skipping remainder of the config [ 284.431543][ T9] usb 2-1: config 102 has 0 interfaces, different from the descriptor's value: 1 [ 284.505577][ T9] usb 2-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=d9.27 [ 284.505595][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 284.505605][ T9] usb 2-1: Product: syz [ 284.505612][ T9] usb 2-1: Manufacturer: syz [ 284.505619][ T9] usb 2-1: SerialNumber: syz [ 285.386301][ T10] gspca_spca508: reg_read err -110 [ 285.393733][ T10] gspca_spca508: reg_read err -32 [ 285.405917][ T10] gspca_spca508: reg_read err -32 [ 285.406641][ T10] gspca_spca508: reg_read err -32 [ 285.680512][ T10] gspca_spca508: reg_read err -71 [ 285.690649][ T10] gspca_spca508: reg write: error -71 [ 285.690735][ T10] spca508 5-1:0.0: probe with driver spca508 failed with error -71 [ 285.713370][ T7462] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 285.752729][ T10] usb 5-1: USB disconnect, device number 6 [ 286.082442][ T7464] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 286.082517][ T7464] overlayfs: failed to set xattr on upper [ 286.082526][ T7464] overlayfs: ...falling back to redirect_dir=nofollow. [ 286.082533][ T7464] overlayfs: ...falling back to index=off. [ 286.082540][ T7464] overlayfs: ...falling back to uuid=null. [ 286.204863][ T7464] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 286.204900][ T7464] overlayfs: failed to set xattr on upper [ 286.204910][ T7464] overlayfs: ...falling back to redirect_dir=nofollow. [ 286.204917][ T7464] overlayfs: ...falling back to index=off. [ 286.204924][ T7464] overlayfs: ...falling back to uuid=null. [ 286.205120][ T7464] overlayfs: conflicting lowerdir path [ 286.497740][ T9] usb 2-1: USB disconnect, device number 5 [ 286.693777][ T5879] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 286.844460][ T5879] usb 3-1: Using ep0 maxpacket: 32 [ 286.846715][ T5879] usb 3-1: unable to get BOS descriptor or descriptor too short [ 286.847775][ T5879] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 286.847796][ T5879] usb 3-1: config 0 has no interfaces? [ 286.850740][ T5879] usb 3-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 286.850758][ T5879] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.850767][ T5879] usb 3-1: Product: syz [ 286.850775][ T5879] usb 3-1: Manufacturer: syz [ 286.850782][ T5879] usb 3-1: SerialNumber: syz [ 286.883813][ T5859] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 286.931654][ T5879] usb 3-1: config 0 descriptor?? [ 287.057860][ T5859] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 287.057891][ T5859] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 287.057910][ T5859] usb 4-1: Product: syz [ 287.057923][ T5859] usb 4-1: Manufacturer: syz [ 287.057936][ T5859] usb 4-1: SerialNumber: syz [ 287.082956][ T5859] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 287.143738][ T31] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 287.593761][ T5879] usb 4-1: USB disconnect, device number 4 [ 288.354104][ T31] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 288.354252][ T31] ath9k_htc: Failed to initialize the device [ 288.354734][ T5879] usb 4-1: ath9k_htc: USB layer deinitialized [ 288.584312][ T7490] netlink: 8 bytes leftover after parsing attributes in process `syz.4.399'. [ 289.177799][ T5879] usb 3-1: USB disconnect, device number 11 [ 289.544872][ T7499] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 290.949687][ T7504] overlayfs: missing 'lowerdir' [ 291.926655][ T7519] overlayfs: workdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 292.808694][ T7523] IPv6: sit1: Disabled Multicast RS [ 295.397252][ T7536] netlink: 8 bytes leftover after parsing attributes in process `syz.1.413'. [ 296.449935][ T7543] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 301.478751][ T7568] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 302.739802][ T7571] netlink: 8 bytes leftover after parsing attributes in process `syz.0.426'. [ 303.118618][ T7573] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 311.182719][ T7610] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 312.906932][ T7620] netlink: 8 bytes leftover after parsing attributes in process `syz.4.441'. [ 316.624362][ T7650] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 317.414445][ T1317] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.414512][ T1317] ieee802154 phy1 wpan1: encryption failed: -22 [ 321.816710][ T7679] overlay: filesystem on ./file0 not supported as upperdir [ 322.318996][ T7680] Can't find ip_set type bitmap:ip [ 324.464807][ T7691] overlay: Unknown parameter '/bus' [ 324.863344][ T7696] overlay: Unknown parameter '/bus' [ 325.925453][ T7697] Can't find ip_set type bitmap:ip [ 325.926036][ T7699] Can't find ip_set type bitmap:ip [ 326.453127][ T5114] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 326.479818][ T5114] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 326.482164][ T5114] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 326.497548][ T5114] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 326.498488][ T5114] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 327.105350][ T7711] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 328.421310][ T5114] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 328.421413][ T5114] CPU: 0 UID: 0 PID: 5114 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 328.421439][ T5114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 328.421453][ T5114] Workqueue: hci2 hci_rx_work [ 328.421503][ T5114] Call Trace: [ 328.421515][ T5114] [ 328.421526][ T5114] dump_stack_lvl+0xe8/0x150 [ 328.421561][ T5114] sysfs_create_dir_ns+0x271/0x2a0 [ 328.421584][ T5114] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 328.421609][ T5114] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 328.421635][ T5114] ? rt_spin_unlock+0x160/0x200 [ 328.421660][ T5114] kobject_add_internal+0x631/0xd10 [ 328.421702][ T5114] kobject_add+0x163/0x240 [ 328.421738][ T5114] ? __pfx_kobject_add+0x10/0x10 [ 328.421776][ T5114] ? get_device_parent+0x370/0x3a0 [ 328.421810][ T5114] device_add+0x408/0xb80 [ 328.421844][ T5114] hci_conn_add_sysfs+0xd5/0x210 [ 328.421872][ T5114] le_conn_complete_evt+0xf1d/0x1430 [ 328.421901][ T5114] ? irqentry_exit+0x59e/0x620 [ 328.421937][ T5114] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 328.421983][ T5114] ? skb_pull_data+0xfb/0x200 [ 328.422020][ T5114] hci_le_conn_complete_evt+0x187/0x470 [ 328.422058][ T5114] hci_event_packet+0x7af/0x12c0 [ 328.422090][ T5114] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 328.422120][ T5114] ? __pfx_hci_event_packet+0x10/0x10 [ 328.422145][ T5114] ? preempt_schedule_common+0x82/0xd0 [ 328.422171][ T5114] ? preempt_schedule_thunk+0x16/0x30 [ 328.422200][ T5114] ? hci_send_to_monitor+0xe2/0x590 [ 328.422223][ T5114] hci_rx_work+0x3ee/0x1030 [ 328.422255][ T5114] ? preempt_schedule_thunk+0x16/0x30 [ 328.422281][ T5114] ? process_scheduled_works+0xa25/0x1830 [ 328.422312][ T5114] process_scheduled_works+0xb02/0x1830 [ 328.422370][ T5114] ? __pfx_process_scheduled_works+0x10/0x10 [ 328.422405][ T5114] ? assign_work+0x3d5/0x5e0 [ 328.422438][ T5114] worker_thread+0xa50/0xfc0 [ 328.422496][ T5114] kthread+0x388/0x470 [ 328.422518][ T5114] ? __pfx_worker_thread+0x10/0x10 [ 328.422545][ T5114] ? __pfx_kthread+0x10/0x10 [ 328.422567][ T5114] ret_from_fork+0x51e/0xb90 [ 328.422599][ T5114] ? __pfx_ret_from_fork+0x10/0x10 [ 328.422626][ T5114] ? __switch_to+0xc7d/0x1450 [ 328.422655][ T5114] ? __pfx_kthread+0x10/0x10 [ 328.422678][ T5114] ret_from_fork_asm+0x1a/0x30 [ 328.422715][ T5114] [ 328.423065][ T5114] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 328.423348][ T5114] Bluetooth: hci2: failed to register connection device [ 328.516321][ T5114] ================================================================== [ 328.516344][ T5114] BUG: KASAN: slab-use-after-free in l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 328.516380][ T5114] Read of size 8 at addr ffff88806043c7b0 by task kworker/u9:1/5114 [ 328.516398][ T5114] [ 328.516410][ T5114] CPU: 0 UID: 0 PID: 5114 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 328.516433][ T5114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 328.516448][ T5114] Workqueue: hci2 hci_rx_work [ 328.516475][ T5114] Call Trace: [ 328.516483][ T5114] [ 328.516493][ T5114] dump_stack_lvl+0xe8/0x150 [ 328.516525][ T5114] print_report+0xba/0x230 [ 328.516552][ T5114] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 328.516575][ T5114] kasan_report+0x117/0x150 [ 328.516606][ T5114] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 328.516635][ T5114] l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 328.516660][ T5114] l2cap_connect_cfm+0x368/0x1390 [ 328.516686][ T5114] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 328.516706][ T5114] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 328.516730][ T5114] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 328.516748][ T5114] hci_connect_cfm+0x95/0x140 [ 328.516777][ T5114] le_conn_complete_evt+0xf65/0x1430 [ 328.516807][ T5114] ? irqentry_exit+0x59e/0x620 [ 328.516839][ T5114] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 328.516884][ T5114] ? skb_pull_data+0xfb/0x200 [ 328.516918][ T5114] hci_le_conn_complete_evt+0x187/0x470 [ 328.516952][ T5114] hci_event_packet+0x7af/0x12c0 [ 328.516980][ T5114] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 328.517009][ T5114] ? __pfx_hci_event_packet+0x10/0x10 [ 328.517032][ T5114] ? preempt_schedule_common+0x82/0xd0 [ 328.517058][ T5114] ? preempt_schedule_thunk+0x16/0x30 [ 328.517084][ T5114] ? hci_send_to_monitor+0xe2/0x590 [ 328.517105][ T5114] hci_rx_work+0x3ee/0x1030 [ 328.517130][ T5114] ? preempt_schedule_thunk+0x16/0x30 [ 328.517154][ T5114] ? process_scheduled_works+0xa25/0x1830 [ 328.517183][ T5114] process_scheduled_works+0xb02/0x1830 [ 328.517228][ T5114] ? __pfx_process_scheduled_works+0x10/0x10 [ 328.517259][ T5114] ? assign_work+0x3d5/0x5e0 [ 328.517288][ T5114] worker_thread+0xa50/0xfc0 [ 328.517333][ T5114] kthread+0x388/0x470 [ 328.517353][ T5114] ? __pfx_worker_thread+0x10/0x10 [ 328.517379][ T5114] ? __pfx_kthread+0x10/0x10 [ 328.517400][ T5114] ret_from_fork+0x51e/0xb90 [ 328.517430][ T5114] ? __pfx_ret_from_fork+0x10/0x10 [ 328.517456][ T5114] ? __switch_to+0xc7d/0x1450 [ 328.517482][ T5114] ? __pfx_kthread+0x10/0x10 [ 328.517502][ T5114] ret_from_fork_asm+0x1a/0x30 [ 328.517532][ T5114] [ 328.517539][ T5114] [ 328.517543][ T5114] Allocated by task 5114: [ 328.517553][ T5114] kasan_save_track+0x3e/0x80 [ 328.517577][ T5114] __kasan_kmalloc+0x93/0xb0 [ 328.517601][ T5114] __kmalloc_noprof+0x3e7/0x7b0 [ 328.517626][ T5114] sk_prot_alloc+0xe7/0x210 [ 328.517648][ T5114] sk_alloc+0x3a/0x390 [ 328.517668][ T5114] bt_sock_alloc+0x3b/0x310 [ 328.517692][ T5114] l2cap_sock_new_connection_cb+0xe2/0x2e0 [ 328.517713][ T5114] l2cap_connect_cfm+0x368/0x1390 [ 328.517729][ T5114] hci_connect_cfm+0x95/0x140 [ 328.517754][ T5114] le_conn_complete_evt+0xf65/0x1430 [ 328.517781][ T5114] hci_le_conn_complete_evt+0x187/0x470 [ 328.517808][ T5114] hci_event_packet+0x7af/0x12c0 [ 328.517828][ T5114] hci_rx_work+0x3ee/0x1030 [ 328.517849][ T5114] process_scheduled_works+0xb02/0x1830 [ 328.517880][ T5114] worker_thread+0xa50/0xfc0 [ 328.517904][ T5114] kthread+0x388/0x470 [ 328.517921][ T5114] ret_from_fork+0x51e/0xb90 [ 328.517944][ T5114] ret_from_fork_asm+0x1a/0x30 [ 328.517960][ T5114] [ 328.517965][ T5114] Freed by task 7709: [ 328.517974][ T5114] kasan_save_track+0x3e/0x80 [ 328.517997][ T5114] kasan_save_free_info+0x46/0x50 [ 328.518017][ T5114] __kasan_slab_free+0x5c/0x80 [ 328.518040][ T5114] kfree+0x1c1/0x6c0 [ 328.518063][ T5114] __sk_destruct+0x626/0x880 [ 328.518085][ T5114] l2cap_sock_cleanup_listen+0xe0/0x440 [ 328.518104][ T5114] l2cap_sock_release+0x6e/0x270 [ 328.518121][ T5114] sock_close+0xc3/0x240 [ 328.518147][ T5114] __fput+0x461/0xa90 [ 328.518166][ T5114] task_work_run+0x1d9/0x270 [ 328.518185][ T5114] exit_to_user_mode_loop+0xed/0x480 [ 328.518212][ T5114] do_syscall_64+0x32d/0xf80 [ 328.518235][ T5114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.518253][ T5114] [ 328.518258][ T5114] The buggy address belongs to the object at ffff88806043c000 [ 328.518258][ T5114] which belongs to the cache kmalloc-2k of size 2048 [ 328.518274][ T5114] The buggy address is located 1968 bytes inside of [ 328.518274][ T5114] freed 2048-byte region [ffff88806043c000, ffff88806043c800) [ 328.518294][ T5114] [ 328.518299][ T5114] The buggy address belongs to the physical page: [ 328.518319][ T5114] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x60438 [ 328.518338][ T5114] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 328.518354][ T5114] flags: 0x80000000000040(head|node=0|zone=1) [ 328.518377][ T5114] page_type: f5(slab) [ 328.518395][ T5114] raw: 0080000000000040 ffff88813fe1d000 dead000000000100 dead000000000122 [ 328.518413][ T5114] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 [ 328.518432][ T5114] head: 0080000000000040 ffff88813fe1d000 dead000000000100 dead000000000122 [ 328.518449][ T5114] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 [ 328.518467][ T5114] head: 0080000000000003 ffffea0001810e01 00000000ffffffff 00000000ffffffff [ 328.518483][ T5114] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 328.518493][ T5114] page dumped because: kasan: bad access detected [ 328.518508][ T5114] page_owner tracks the page as allocated [ 328.518515][ T5114] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5805, tgid 5805 (syz-executor), ts 79456435815, free_ts 0 [ 328.518549][ T5114] post_alloc_hook+0x231/0x280 [ 328.518575][ T5114] get_page_from_freelist+0x28bb/0x2950 [ 328.518592][ T5114] __alloc_frozen_pages_noprof+0x18d/0x380 [ 328.518609][ T5114] allocate_slab+0x77/0x660 [ 328.518628][ T5114] refill_objects+0x334/0x3c0 [ 328.518646][ T5114] __pcs_replace_empty_main+0x328/0x5f0 [ 328.518666][ T5114] __kmalloc_cache_noprof+0x44e/0x690 [ 328.518692][ T5114] rtnl_newlink+0x136/0x1be0 [ 328.518710][ T5114] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 328.518728][ T5114] netlink_rcv_skb+0x232/0x4b0 [ 328.518746][ T5114] netlink_unicast+0x831/0x9f0 [ 328.518773][ T5114] netlink_sendmsg+0x813/0xb40 [ 328.518790][ T5114] __sys_sendto+0x72a/0x7d0 [ 328.518810][ T5114] __x64_sys_sendto+0xde/0x100 [ 328.518830][ T5114] do_syscall_64+0x14d/0xf80 [ 328.518853][ T5114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.518877][ T5114] page_owner free stack trace missing [ 328.518884][ T5114] [ 328.518888][ T5114] Memory state around the buggy address: [ 328.518898][ T5114] ffff88806043c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 328.518911][ T5114] ffff88806043c700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 328.518924][ T5114] >ffff88806043c780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 328.518934][ T5114] ^ [ 328.518945][ T5114] ffff88806043c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 328.518958][ T5114] ffff88806043c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 328.518968][ T5114] ================================================================== [ 328.518995][ T5114] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 328.519010][ T5114] CPU: 0 UID: 0 PID: 5114 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 328.519033][ T5114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 328.519046][ T5114] Workqueue: hci2 hci_rx_work [ 328.519071][ T5114] Call Trace: [ 328.519079][ T5114] [ 328.519087][ T5114] vpanic+0x56c/0xa60 [ 328.519118][ T5114] ? __pfx_vpanic+0x10/0x10 [ 328.519147][ T5114] ? __pfx___schedule+0x10/0x10 [ 328.519174][ T5114] panic+0xc5/0xd0 [ 328.519202][ T5114] ? __pfx_panic+0x10/0x10 [ 328.519232][ T5114] ? preempt_schedule_common+0x82/0xd0 [ 328.519259][ T5114] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 328.519282][ T5114] check_panic_on_warn+0x89/0xb0 [ 328.519304][ T5114] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 328.519326][ T5114] end_report+0x73/0x180 [ 328.519355][ T5114] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 328.519377][ T5114] kasan_report+0x128/0x150 [ 328.519406][ T5114] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 328.519433][ T5114] l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 328.519457][ T5114] l2cap_connect_cfm+0x368/0x1390 [ 328.519480][ T5114] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 328.519499][ T5114] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 328.519521][ T5114] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 328.519540][ T5114] hci_connect_cfm+0x95/0x140 [ 328.519569][ T5114] le_conn_complete_evt+0xf65/0x1430 [ 328.519598][ T5114] ? irqentry_exit+0x59e/0x620 [ 328.519628][ T5114] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 328.519661][ T5114] ? skb_pull_data+0xfb/0x200 [ 328.519691][ T5114] hci_le_conn_complete_evt+0x187/0x470 [ 328.519724][ T5114] hci_event_packet+0x7af/0x12c0 [ 328.519750][ T5114] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 328.519777][ T5114] ? __pfx_hci_event_packet+0x10/0x10 [ 328.519800][ T5114] ? preempt_schedule_common+0x82/0xd0 [ 328.519825][ T5114] ? preempt_schedule_thunk+0x16/0x30 [ 328.519850][ T5114] ? hci_send_to_monitor+0xe2/0x590 [ 328.519876][ T5114] hci_rx_work+0x3ee/0x1030 [ 328.519901][ T5114] ? preempt_schedule_thunk+0x16/0x30 [ 328.519924][ T5114] ? process_scheduled_works+0xa25/0x1830 [ 328.519952][ T5114] process_scheduled_works+0xb02/0x1830 [ 328.519991][ T5114] ? __pfx_process_scheduled_works+0x10/0x10 [ 328.520021][ T5114] ? assign_work+0x3d5/0x5e0 [ 328.520049][ T5114] worker_thread+0xa50/0xfc0 [ 328.520089][ T5114] kthread+0x388/0x470 [ 328.520108][ T5114] ? __pfx_worker_thread+0x10/0x10 [ 328.520134][ T5114] ? __pfx_kthread+0x10/0x10 [ 328.520154][ T5114] ret_from_fork+0x51e/0xb90 [ 328.520183][ T5114] ? __pfx_ret_from_fork+0x10/0x10 [ 328.520209][ T5114] ? __switch_to+0xc7d/0x1450 [ 328.520233][ T5114] ? __pfx_kthread+0x10/0x10 [ 328.520253][ T5114] ret_from_fork_asm+0x1a/0x30 [ 328.520279][ T5114] [ 328.520663][ T5114] Kernel Offset: disabled