last executing test programs: 22.446329096s ago: executing program 0 (id=56): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26}) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) timer_create(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x2208004, 0x0) sched_getattr(0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@subsystem='cpuacct'}, {@xattr}]}) mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x40078, &(0x7f0000000000)) 20.312775335s ago: executing program 0 (id=58): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) socket$pppl2tp(0x18, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff) bind$netlink(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@dev={0xfe, 0x80, '\x00', 0xfe}, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x6e6bb9, 0x1}, {{@in=@empty, 0x2, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8) preadv(0xffffffffffffffff, &(0x7f00000002c0)=[{0x0}], 0x1, 0x101, 0x870c0) ioctl$VIDIOC_G_PRIORITY(0xffffffffffffffff, 0x80045643, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000004440000001e0a05020000000000000000010000000900020073797a32000000001800038014000080100001800400028008000180000000000900010073797a30"], 0xc8}}, 0x0) 18.039849008s ago: executing program 4 (id=60): syz_usb_connect(0xf4175eb3f2bfb60d, 0x2d, 0x0, 0x0) openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000280)=@abs={0x0, 0x0, 0x4eb4}, 0x5e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) close(0xffffffffffffffff) r2 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x2}) ioctl$vim2m_VIDIOC_QBUF(r2, 0xc058560f, &(0x7f0000000240)=@mmap={0x1, 0x2, 0x4, 0x100000, 0x9, {}, {0x2, 0x2, 0x4, 0xc0, 0x0, 0xf0, "18a6fc23"}, 0x1, 0x1, {}, 0x1}) ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3}) ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000040)=0x1) ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000080)=0x2) ioctl$vim2m_VIDIOC_QBUF(r2, 0xc058560f, &(0x7f0000000180)=@mmap={0x1, 0x1, 0xfffffffffffffe05, 0x8, 0x81, {}, {0x4, 0x8, 0x8, 0x5, 0x29, 0x9, "0adb3fb8"}, 0x5}) socket$pptp(0x18, 0x1, 0x2) execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030076655468315f6d6163767461700000000900010073797a31000000002c000000050a01020000000000000000010020000c00024000000000000000010900010073797a310000000014000000"], 0xc8}}, 0x0) 17.512649551s ago: executing program 3 (id=61): r0 = syz_io_uring_setup(0x315b, &(0x7f0000000200)={0x0, 0x47fa, 0x1040, 0xfffffffd, 0x1000003}, &(0x7f0000000000), &(0x7f0000000040)) prctl$PR_SCHED_CORE(0x3e, 0x10000000001, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce) timer_create(0x6, &(0x7f0000000140)={0x0, 0x2b, 0x0, @thr={&(0x7f00000000c0)="b742041dccb01b59b36ea41a5615acbf1ed396b4dde9ef4e83b9382b9673cb724fb834751cdc4010a5ef5a0c0c29c67676a1210b4b104cad8039781ff283e9f07cb02be4bdf9dc9ca656d12135b255281cf68f15", &(0x7f0000000280)="54c716488153d5f8b931ceb2ddf9ba8283a2db1b3d20cbdfc0cec889c87231a5a9f37ec3ebf1bc942b36359a0f149b902f4d34332d4d4c0fa1ebccbcaf8a61686634f9ae64f66e03081196"}}, &(0x7f00000001c0)) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x58, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r4, {0x0, 0xffe0}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x28, 0x2, [@TCA_FLOW_EMATCHES={0x24, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x7}}, @TCA_EMATCH_TREE_LIST={0x18, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x14, 0x1, 0x0, 0x0, {{0x8, 0x9, 0x40}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x2}]}}]}]}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x2008c014) ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000000300)) syz_mount_image$fuse(&(0x7f0000001080), 0x0, 0x60, 0x0, 0x0, 0x0, 0x0) r5 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c030002110000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) io_uring_register$IORING_REGISTER_RESTRICTIONS(r0, 0xb, 0x0, 0x0) io_uring_register$IORING_REGISTER_ENABLE_RINGS(r0, 0xc, 0x0, 0x0) io_uring_register$IORING_REGISTER_CLOCK(r0, 0x1d, 0x0, 0x0) 16.884303962s ago: executing program 0 (id=64): socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000740)='./binderfs/binder1\x00', 0x1802, 0x0) ppoll(&(0x7f0000000000), 0x0, &(0x7f0000000040), 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, 0x0, 0x0) syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0xb423, 0x400, 0x5, 0x199}, &(0x7f00000004c0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r5 = socket(0x2b, 0x1, 0x0) listen(r5, 0x0) bind$inet(r5, &(0x7f00000005c0)={0x2, 0x4e21, @local}, 0x10) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000040), &(0x7f00000000c0)=0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x3, r2, 0x0, 0x0, 0x0, 0x80800}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="ac0000000001010400000000000000000a0000003c0001802c00018014000300fe80f5000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c00028005000100000000000800074000000000180006"], 0xac}, 0x1, 0x0, 0x0, 0x1}, 0x0) 16.188711699s ago: executing program 3 (id=65): socket$inet6(0xa, 0x1, 0x84) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0xa, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00}, 0x94) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$qrtr(0x2a, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000380)={'wlan1\x00', 0x8000}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x28, r1, 0x5, 0x3, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}]}, 0x28}}, 0x0) r8 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r8, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) r9 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r9, &(0x7f0000000040)={0x18, 0x0, {0x3, @random="00ff00", 'bond0\x00'}}, 0x1e) sendmmsg(r9, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}}], 0x3e8, 0x0) 15.365241057s ago: executing program 2 (id=66): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x12, 0x4d, 0x52, 0x40, 0x16e3, 0xf9e9, 0x5558, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x78, 0x0, 0x1, 0x8f, 0xa6, 0x8d, 0x0, [], [{{0x9, 0x5, 0x8a, 0x3}}]}}]}}]}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) unshare(0x2c000080) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000240)={0x0, 0x44, "3dcf60068307f7a32634f9bc99f5f7f18999f6bd343d9392feb8e6e788ca96232c2cbf5539bea1b12d97b5019d4c34f2696bc992b73a694097c7e88929ea730f9990e13e"}, &(0x7f00000001c0)=0x4c) syz_clone(0x142000, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) poll(&(0x7f0000000180)=[{r5}, {r3, 0x200}], 0x2, 0x9) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r5}, 0x10) socket$packet(0x11, 0x2, 0x300) r6 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000500), 0x2) ioctl$UDMABUF_CREATE_LIST(r6, 0x40087543, &(0x7f0000000200)=ANY=[@ANYBLOB="0020000002000000", @ANYRES32, @ANYBLOB="0000e1dfb6"]) 13.720732321s ago: executing program 3 (id=68): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) getpid() r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000009c0)={0x14, 0x2d, 0x9, 0x70bd26, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x84) getsockopt$bt_hci(r3, 0x84, 0x84, &(0x7f00000020c0)=""/4055, &(0x7f0000001080)=0xfd7) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e24, 0x4, @mcast2, 0x5}}, 0x4, 0x11aa}, &(0x7f0000000000)=0x90) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r3, 0x84, 0x12, &(0x7f00000001c0)=0x80, 0x4) r6 = epoll_create1(0x0) r7 = socket(0x10, 0x803, 0x0) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r7, &(0x7f0000000040)={0x60000005}) epoll_pwait(r6, &(0x7f00000000c0)=[{}], 0x1, 0x8, 0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r0) 12.51501282s ago: executing program 3 (id=69): socket$nl_xfrm(0x10, 0x3, 0x6) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x60d}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000100), 0xc06620, 0x4) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$packet(0xffffffffffffffff, &(0x7f0000000fc0)="48b1000006890086dd4803000000040000000000000000000000a246ed896b2d18bd6357671c5866581854301c46ce204737d244119ef4dcd566a86d93", 0x3d, 0x24000880, 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) 11.146560429s ago: executing program 1 (id=71): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TLS_TX(r4, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x7}, '\x00', "5171bb672965593497418688ac68cb126474cd3660dab9e2086e246728d7a040", '\x00\x00=*', "1202000000040030"}, 0x58) setsockopt$inet6_tcp_int(r4, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x4e21, 0x7fff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}}, 0x0, 0x0, 0x4b, 0x0, "5d9ed5ab7ede1bcf73742bc36c0ea13d3dec33e0b7cc1ff724fe1906cf9f7945230bc5d9dfea4ffd1e48aaf9a42d97f58da594d5eb926f70f03d2d46f374a6b62ee9d04ac1bf0bef969bcbd8e4700616"}, 0xd8) connect$inet6(r4, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/sync_on_suspend', 0x101a02, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000080)=ANY=[], 0x138) 11.039369131s ago: executing program 2 (id=72): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x18) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xb, 0xf, 0x200cc, 0x6, 0x5}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200), &(0x7f0000000240), 0x4af, r4}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000680), 0x2, r4}, 0x38) 9.621275863s ago: executing program 1 (id=73): r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) r4 = getpid() r5 = syz_open_procfs(0x0, &(0x7f0000000c40)='net/fib_triestat\x00') preadv(r5, &(0x7f0000000340)=[{&(0x7f0000000180)=""/131, 0x83}], 0x1, 0x0, 0x7fffffff) socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(r4, 0x6, 0x0) close(0xffffffffffffffff) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000) 9.217113144s ago: executing program 0 (id=74): sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x20}, 0xc) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$sock(r1, &(0x7f0000000340)=[{{0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}}], 0x1, 0x40448c0) shutdown(r1, 0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x3, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x2, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0xfffffffd}}, {{0xa, 0x0, 0xa4ffffff, @rand_addr=' \x01\x00'}}}, 0x108) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setresuid(0x0, 0xee00, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r4, 0x29, 0x1a, &(0x7f00000007c0)=0x40000401, 0x4) setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x10000000}, 0x1c) listen(r3, 0xb5d6) syz_usb_connect(0x2, 0x34, 0x0, 0x0) 8.304149949s ago: executing program 1 (id=75): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) landlock_create_ruleset(&(0x7f0000000040)={0x501a, 0x3, 0x3}, 0x18, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r5, 0x4038ae7a, &(0x7f0000000100)={0x2, 0x40000105, 0x0, 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) ioctl$KVM_RUN(r3, 0xae80, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=@newsa={0xf8, 0x1a, 0x7, 0x0, 0x0, {{@in6=@dev={0xfe, 0x80, '\x00', 0xc}, @in=@private=0xa010100, 0xfffd, 0x0, 0x4e21, 0x0, 0x0, 0x0, 0x0, 0x3c, 0x0, 0xee00}, {@in6=@local, 0x0, 0x3c}, @in6=@local, {0x0, 0x10000000000000b5, 0x2}, {0x0, 0x200000, 0x3, 0xfffffffffffffffd}, {0x40000, 0x0, 0x2c12}, 0x8, 0x0, 0xa, 0x2, 0x0, 0x68}, [@tfcpad={0x8, 0x16, 0x800}]}, 0xf8}, 0x1, 0x0, 0x0, 0x400}, 0x0) 7.81191725s ago: executing program 4 (id=76): r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x2}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000240)=@mmap={0x1, 0x2, 0x4, 0x100000, 0x9, {}, {0x2, 0x2, 0x4, 0xc0, 0x0, 0xf0, "18a6fc23"}, 0x1, 0x1, {}, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000080)=0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xc, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) syz_pidfd_open(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_io_uring_setup(0x498, 0x0, &(0x7f0000000340)=0x0, &(0x7f0000000040)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, 0x0, 0x0, 0x4) io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x3c, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x3}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) close_range(r0, r0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) pipe(&(0x7f00000000c0)) 6.350955486s ago: executing program 1 (id=77): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8) sendmmsg$inet(r4, &(0x7f0000001a80)=[{{&(0x7f0000001080)={0x2, 0x4e23, @private=0xa010101}, 0x10, &(0x7f0000001280)=[{&(0x7f00000010c0)="d0", 0x1}], 0x1}}], 0x1, 0x40) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = fsopen(&(0x7f00000000c0)='romfs\x00', 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x82882, 0x12) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00\x00\x9f\xe4g\x91\xe7\xa0\x00'/28, &(0x7f0000000180)='\xdfP+^\x9d\x10\xd6cB::\x00}\xac\xb9\xf1?\xafA\xaf2\xf1\xf3+\x1b\xad\xf6\x8ee2s\xc9\x84o\x84\xc4\x0e`(~\xd5\x81\x0e\x98\xd8\xcfz72\xb0\xaf~N\xb8|\xda\xa3K\xca) \xafl\x9d\xf1U\xb8\x91\xc6\xd1\xeb\x142\xa6\x9a\x9d\b\x1d\x888O\x80\x82\x8b\xe5B8+\xe8s&\n@\xd0(\xd0\v\xc9\xf96\x06B\xba\xf1L\xf5V', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) 6.227058342s ago: executing program 3 (id=78): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0x4, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x7}, [@generic={0x6b, 0x1, 0x4, 0x36}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, 0x0, 0x2000c800) r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, 0x0, 0x0) r1 = socket$kcm(0xa, 0x2, 0x0) r2 = socket(0x2, 0x80805, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0x7, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[], 0x1c}}, 0x4000000) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lc\x00', 0x5, 0x8, 0x77}, {@remote, 0x4e20, 0x1, 0x5, 0x3e9b}}, 0x44) sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 6.052576159s ago: executing program 4 (id=79): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = io_uring_setup(0x5013, &(0x7f0000000140)={0x0, 0x3bf8, 0x3681, 0xfffffffd, 0x40273}) r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x70, 0x103301) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000040)=@usbdevfs_disconnect={0x6}) io_uring_enter(r1, 0x0, 0x0, 0xf, 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x100000000, 0x0, 0x20, 0x0, 0x0, 0x2004c8, 0x8000002, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x4000000000000004, 0x767], 0xeeef0000}) r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi4\x00', 0x600, 0x0) io_uring_register$IORING_REGISTER_PBUF_STATUS(r1, 0x1a, &(0x7f0000000300)={0xfffffffa}, 0x1) ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="ac000000", @ANYRES16=r4, @ANYBLOB], 0xac}}, 0x0) syz_genetlink_get_family_id$nl80211(0x0, r0) r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000940)=r5) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r6, 0xffffffffffffffff, 0x0) 4.954905234s ago: executing program 1 (id=80): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f00000007c0), 0xffffffffffffffff) syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000600), 0x1, 0x563, &(0x7f0000000640)="$eJzs3c9vFFUcAPDvm/7gR9UWYlQ8aBNjIFFaWsAQ4wHuhOCPmxdXWgiy/Ait0aKJkODFxHjxYOLJg/hfKNGrJ28evHgyJMQYjiaume1MWehuacuuU5nPJ5l23rzdfN/s5rtv5u2b2QBqazL/k0XsiYhLKWK8o244isrJ5cfd+evjU/mSotV6888UqdhWPj4V/8eKJ2+PiF9+TLF7aHXchaUr5xrN5vzlojy9eP7S9MLSlf1nzzfOzJ+ZvzD7yuyRw4cOH5k50Ld9PX79vQ/GPzvx9rdf/51mvvvtRIqj0Wq1Pon79qNfJmNy5TXplL+uR/odrCJDxf50vsVpuMIGsSHl+zcSEU/HeAzF3TdvPD59vdLGAQPVSpH3gUAtJfkPNVUeB5Tn9oM4Dwa2ptvHlgcAVuf/8PLYYGxvjw3svJOic1gnRUQ/RubyGD//dOJ6vsSAxuGA7q5ei4hnuuV/aufmRHsUP8//7J78zyLiZPE/3/7GJuNP3leW//DfeZj8f6cj/9/dZHz5DwAAAAAAAP1z81hEvNzt+79sZf5PdJn/MxYRR/sQ/8Hf/2W3+hAG6OL2sYjXus7/zcqHTAwVpcfb8wFG0umzzfkDEfFEROyLkW15eWaNGPs/3/1Vr7rO+X/5kscv5wIW7bg1vO3e58w1FhsPs8/AstvXIp7tOv83rfT/qUv/n38eXFpnjN0v3jjZq+7B+Q8MSuubiL1d+/+7d65Ia9+fY7p9PDBdHhWs9txHX3zfK778h+rk/f/OtfN/InXer2dh4zEOLg23etVt9vh/NL3VvuXMaLHtw8bi4uWZiNF0fPX22Y23GR5FZT6U+ZLn/74X1h7/63b8vyMirq4z5lP/jP3eq07/D9XJ839uQ/3/xldmb0z80Cv++vr/Q+0+fV+xxfgfrG29CVp1OwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/yiLiMciZVMr61k2NRUxFhFPxs6seXFh8aXTF9+/MJfXtX//Pyt/6Xd8uZzK3/+f6CjP3lc+GBG7IuLLoR3t8tSpi825qnceAAAAAAAAAAAAAAAAAAAAtoixHtf/5/4Yqrp1wMANV90AoDLyH+pL/kN9yX+oL/kP9SX/ob7kP9SX/If6kv9QX/IfAAAAAAAeKbuev/lrioirr+5oL7nRom6k0pYBg5ZV3QCgMm7xA/Vl6g/Ul3N8ID2gfvumnwkAAAAAAAAAAAAA9MvePa7/h7py/T/Ul+v/ob5c/w/15RwfcP0/AAAAAAAAAAAAAGx9C0tXzjWazfnLVqxYsbKyUvUnEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUPo3AAD//6ERJ48=") syz_mount_image$fuse(0x0, &(0x7f00000002c0)='./bus\x00', 0x322020, 0x0, 0x1, 0x0, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x22) mprotect(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2) openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='net/ip_tables_matches\x00') r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000640), r0) sendmsg$IEEE802154_LLSEC_DEL_KEY(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x28, r2, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0xc4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4008000}, 0x48004) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r3, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009}) 4.899384194s ago: executing program 0 (id=81): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, 0x0, 0x21eae}}, 0x20}}, 0x0) socket$kcm(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x9007}, 0x4) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) pipe(0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c000000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r2}, 0x18) r3 = socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, r3, 0x0, 0x1100000000f336, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x600}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) sendto(r4, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0) 4.898326967s ago: executing program 2 (id=82): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) r5 = syz_open_procfs(0x0, 0x0) socket(0x400000000010, 0x3, 0x0) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000003e40)=""/4096) preadv(r5, 0x0, 0x0, 0x4000, 0x0) openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x0) io_submit(0x0, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r6, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x8101}, {{0x0, 0x0, 0x0}, 0x10000}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000600)=""/178, 0xb2}, {&(0x7f0000000800)=""/257, 0x101}, {&(0x7f0000002e00)=""/4109, 0x100d}, {&(0x7f0000000a40)=""/231, 0xe7}], 0x4}, 0x4}, {{0x0, 0x0, 0x0}, 0x7243}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000080)=""/128, 0x80}, {&(0x7f0000000940)=""/238, 0xee}, {&(0x7f0000005080)=""/4083, 0xff3}, {0x0}, {0x0}], 0x5}, 0x1452}, {{0x0, 0x0, 0x0}, 0x6}], 0x8, 0x22, 0x0) 4.892301749s ago: executing program 4 (id=83): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000000061000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x5, '\x00', 0x0, @sk_msg}, 0x48) r0 = socket$inet6(0xa, 0x3, 0x20) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e24, 0xa, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x8}, 0x46) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fchown(r1, 0x0, 0xee01) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f00000002c0), 0x0) read$qrtrtun(r4, 0x0, 0xeffd) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0xfffffffb) write$sndseq(r5, &(0x7f0000000340)=[{0x4, 0x10, 0x76, 0x7, @time={0x6a4e, 0x7}, {0x4}, {0x6, 0x7f}, @addr={0xab, 0xdf}}], 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x15}}, 0x3}, 0x1c) 3.837310488s ago: executing program 2 (id=84): mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x11c0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000280), 0x20000, 0x800) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000001680)={0xffffffffffffffff, 0xffffffffffffffff, 0x26, 0x0, @val=@tcx}, 0x1c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) read$watch_queue(0xffffffffffffffff, &(0x7f0000000540)=""/4096, 0x1000) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xa2}, 0x2a, 0x0) r4 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd) keyctl$read(0xb, r4, &(0x7f0000000240)=""/112, 0x349b7f55) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f0000000100)) 2.610240719s ago: executing program 2 (id=85): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = socket$kcm(0x29, 0x0, 0x0) sendmsg$kcm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000003c0)="aac65a4a8d582eb23306fa1009eea9cac4731cc37e9cc85afc11b0ee33c4a7f9e88be7ce7f1409c560ff2c941a9d72e1d33b9845d2dce7c0b254246eca7a18d4bb47f9fb0f9e6f048ff9f1a5c8c52438c583cbf8fdfeae48aa4041a8a59246641d18fe611ec86935b970", 0x6a}], 0x1}, 0x4040804) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setxattr$system_posix_acl(0x0, &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000002b40), 0x24, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x62) r4 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x2, 0x0, 0x106, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r4, 0x0, 0x0) r5 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000280)={0xffffffff}, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x14, 0x42, 0xa01, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) socket$nl_audit(0x10, 0x3, 0x9) 2.335620922s ago: executing program 4 (id=86): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) msgctl$IPC_STAT(0x0, 0x2, &(0x7f0000000a40)=""/4096) r4 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0xff7ffffd}}, {{0xa, 0x4e08, 0x4a3, @local, 0x4f1}}}, 0x108) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[], &(0x7f0000000180)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, 0x0, 0x610) socket$inet6_sctp(0xa, 0x1, 0x84) socket(0xa, 0x1, 0x0) close_range(r0, 0xffffffffffffffff, 0x200000000000000) 2.270968968s ago: executing program 3 (id=87): sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002400)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000bc0)="ab29d92826349952eb8f7a2a74f535bc9739c1df57144c51a3391625b8b5354134b06ef1355506aeae96e3f097503998f375a054cf3d7de4fe53ea51518955349cdb9742dd8a2f150ab0e8c5fa047c87d310adca60e1c65cc18dbe99369be03e492fb55fc9067bb6f7f7c3ee1720000000054a63ac58225ed0502f5ac8999e0c74a5dbb320bd54ec813e8bee6bfa5cbfb0726ac1b6ad97d802d5fae186f0769421fb965c7396854e2a3ac844a3769f8449901ba5e2b2da1ff6119aeb26ac204cfc6b54be73b6f195491ae2c0cb26b0cba61dae7a17740e8112ff188919c6e2e31a2a074863ed", 0xe6}, {&(0x7f0000000140)="f610e61ac81cc3edc86f0500194d27a5a443f10dfd1ecda0fd0ed9a444b7fb76afe3a0002f0a5eafcd", 0x29}], 0x2, 0x0, 0x0, 0x900}}], 0x1, 0x0) sendto(0xffffffffffffffff, &(0x7f00000000c0)="120000001200e7ef007b00000000", 0xe, 0x0, 0x0, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001680)) r1 = eventfd2(0x1, 0x1) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000140)={@my=0x1}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096}) connect$vsock_stream(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wg2\x00'}) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x428}, 0x1, 0x0, 0x0, 0x4000}, 0x40) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x2, 0x8, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x120182}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 440.168094ms ago: executing program 2 (id=88): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x3}) syz_open_dev$MSR(0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x8000000003c) sendmsg(r3, 0x0, 0x44004) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000001100)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000640)={'syztnl0\x00', &(0x7f00000005c0)={'syztnl1\x00', 0x0, 0x29, 0x0, 0x90, 0x4, 0x10, @ipv4={'\x00', '\xff\xff', @loopback}, @private0, 0x20, 0x8, 0x752b, 0x7fffffff}}) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="1b000000000000000000000000000400000000", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x3801}, {0x2c}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r5}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 435.922331ms ago: executing program 4 (id=89): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(r1, 0x0, 0x0, 0xfffffe1f, 0x1) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0x2000002, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f0000000c00)=ANY=[], 0x1, 0x6e5, &(0x7f0000000680)="$eJzs3c1vHGcdB/DvrNeON1TBaRMaoSBMIhWkiMSJlUK4YBBCOVSoKoeercRprGySKnFRWiFwAcEJiUP/gILkGweExD0oXLiUW68+VkLiEnGIelk0s7P27nr9lvgloZ9PNZnnmeeZZ377m2dmvOtaG+AL6+q5NB+myNVzbzwo66srs+3VldkjdXM7SVluJM3uKsWdpHiUzJXtRd+SvvUGHy1eeevTx6ufdWvNeqn6j2213wgj+i7XS6br8aZH7jm+00Ms1+HlpSTX6vWgiZ2ONdCxTNrZeg2HrjOokc7ybnbfzXULPGd6T6ei+9zcYCo5mmSy/jkg9d2hcXAR7qlv9Aq7ussBAADAC+qTu4cdAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALx4qu//b61VG91NyXSK3vf/T/S21eXn0NyOez7c1zgAAAAAAAAA4GB8/Ume5EGO9eqdovqd/5mqciKfd5Iv5b3cz0Lu5XweZD5LWcq9XEwy1TfQxIP5paV7F9f2LI3e89LIPS8d1CsGAAAAAAAAgP9Lv0pr/ff/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwPCiSse6qWk7U60yl0cx6W5aTfyWZOOx4d6EYtfHhwccBAAAAz2TyKfb58pM8yYMc69U7RfWe/yvV++XJvJc7WcpiltLOQq7X76HLd/2N1ZXZ9urK7O1yKeuD4/7gP7sKY6IeYayqjTryqapHKzeyWG05n2tVMNfT6B77bHKqF09fXH0+LGMqvl/bYWTNOq3lwf6w2acIe2Lwo4jGFj1b68ElaxmZqWMr9zzezUBRfVCTDGdi+OxsOFhzoDZVdRlfO9LFNNY++TmxDzk/Wq/L1/Pbfc35TvTnYi0TjVSZuNSbfeU1s3Umkm/+7c9v32zfuXXzxv1zh/uSdmFsk+3Dc2K2LxOvvtCZaO6y/0yViZNr9av5cX6ac5nOm7mXxfws81nKQjp1+3w9n8t/p7bO1NxA7c3tIpmoz0v3nO0kpun8qCrN50y177EspsjdXM9CXq/+u5SL+U4u53Ku9J3hk5vGXb226qpvDF/1vTP995HBn/1WXSjvbr9bv8vNbfWKN5ude6V77y/zerwvr91Z/3it1/G+62CmL0sv97IzPnLwp7k3Nr9aF8pj/Hqb58TBmqozUV5AvadEL7pXuploVs+ijfP8j51yv7TvdDo359/dZPzlofpr9bqcVitf2653z+hTsbfK+fJyJus7yeDsKNteWbvL9LV11udyt23wiVvud7JqK4relfqT3K0mwMYrdaL+GW7jSJeqtleH2k7X9/Cy7VRf28DPW7mbdq4fQP4AeBr/fHutOJWjE61/tz5pfdz6Tetm643JHx757pHTExn/x/j3mjNjrzVOF3/Nx/nF+vt/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg6d1//4Nb8+32wr3RhcbmTQOFVoa3bDfyUKGov9BnVJ9b9bcU7GrAQy5MJhnYUn3P0YGH0RoOY0Oh88vkwPPT+xLB0X1+XxaaOzrdcwNb/rJxwA+3j2csQ/NwB9fFPhYaOdiDjmX0BDisOxJwUC4s3X73wv33P/j24u35dxbeWbgzfvnylZkrl1+fvXBjsb0w0/33sKME9sP6Q/+wIwEAAAAAAAAAAAB2atQfBpx5abs/GtlQaCQZ/hsP/2chAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsCeunkvzYYpcnDk/U9ZXV2bb5dIrr/dsJmk0kuLnSfEomUt3yVTfcEX+9CidEcf5aPHKW58+Xv1sfaxmt3/SqNeb27o1yXK9ZDrJWL1+BgPjXXvm8Yr/9l5DmbDPO53O3LPFB3vjfwEAAP//qWztYw==") r3 = socket$inet_smc(0x2b, 0x1, 0x0) syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x82002) r4 = syz_io_uring_setup(0xbdc, &(0x7f00000002c0)={0x0, 0xe825, 0x3400, 0x1, 0x3c3}, &(0x7f0000000dc0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r3, 0x0, 0x0, 0x0, 0x9}) io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0) 252.473155ms ago: executing program 0 (id=90): ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f00000004c0)='./file1\x00', 0x1804818, &(0x7f0000000180)=ANY=[], 0xfc, 0x6b7, &(0x7f0000000d80)="$eJzs3c1vHGcdB/DvrNd2Ni2pkyZtQJVqNRIgIhInVlrMhYAQyqGqqnLgbCVOY8VJi+OitELU4fXaQ/+AcsgFcULixCVS4cCF3npDPiIhcSkHwoVFMztr73rXGztpvI76+USzz+s888xvXvbFiibAF9al02neS5FLp1+9XZY37s6vbNydv9HJv9ZMMp1kPSmzjSTFf9rt9sfJxaTYHKbYlg74cHnhjU8/2/hHp9Ssl6p/Y9R629T91rdVr3frZpNM1Okj6Bvv8iOPV2zO/GKSU3UKYzeZpN3nx399erOlR2vY2of2ZY7A41V03jcHzCSH6wu9/BzQfedt7O/sdm+6rzS5Y7/tnyAAAADgSVN9B24OVPfVPHM/93O7OLKP0wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAn2vrW8/+Leml087Mpus//n6rrUucPlhf31v3e45oHAAAAAAAAADy0O6ObJwarXryf+7mdI91yu6j+5v9SVThevT6Vd3IrS1nNmdzOYtayltWcSzLTM9DU7cW1teluadSa54etuXr+AbvWHbr1gH4AAAAAAAAA8MX081za+vs/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBEUy0UlS3OmpnkmjmeRQkqmyYj35pJt/kt0b9wQAAABgH0wn95Mc6ZbbRY4nea76DeBQ3snNrGU5a1nJUq5Uvwt0vvU3Nu7Or2zcnb9RLoPjfvdfe5pGNWI6vz0M3/LJqkcrV7Nc1ZzJ5byVlVxJo1qzdLKeT3fUbfO6U86p+E7tld3N7Eqdlnv+QZ0OeH9PO7uTPf6YMlOnVUQmkrl6bmU0jnaPzPAjtMejM1ONOrkZ+3NpbE72+LYtTfXvTH/Mt4ZsjNre4Tot9+fXO8V8LDqR+F+7Yynne86+50bHPPnaH3//o7k6f3B2aXcm6rRdvbYGz4n5nkg8v5tIXFu5ef3a1Vunn5hITO9QP1dF4sRm+VJ+kB/mdGbzelaznJ9kMWtZymy+X+UW64Nf9FzyO0TqYl/p9QfNcKo+QzsHa29zeqla90iW81reypUs5eXq3/mcyyu5kAtZ6DnCJ0Yf4eqqbwxe9ZX2l4ZO/tTX60wryW/q9GAo43q0J65bZ/1cFe+jfTVbUTq2iygNuTeO0vxKnSm38YsH3Uj31fZInOuJxLOjI/Hb6rZya+Xm9dVri2/vbnPHPqgz5XX0q2T24NxIyvPlWHmwqtJ039lRtj272dYfr7Lt+GZbY6DtRP6UZrO7leWs73ilTtWf4QZHOl+1PT+0bb5qO9nTNuzzFgAH3uFvHJ5q/bP1t9ZHrV+2rrVePfS96W9NvzCVyT9Pfrs5N/HVxgvFH/JRfrb1/R8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHh4t9597/riysrS6rZMu91+/5PhTbvMdJ9Xs1kz+XDj1JnuU6GG93mmd3cy+/enUj2zbKDzRNrVM/seYb/2mvny08l+bevgZv7bbrfrmmKHPr/7y/ZATWdMoauf89cec+jKc35sWx/L7QjYR2fXbrx99ta7731z+cbim0tvLt1cuHBhYW7hwsvzZ68uryzNdV7HPUvgcdh60x/3TAAAAAAAAAAAAIDd+pz/z8D6sKZx7yMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwZLt0Os17KXJu7sxcWd64O79SLt38Vs9mkkaS4qdJ8XFyMZ0lMz3DFTtt58PlhTc+/Wzj3+2Oeryqf2PUeruzXi+ZTTLRSe98XuNdrtM+2ydcjNqFYnOFMmCnuoGDcft/AAAA//+/hwrZ") openat(r0, &(0x7f00000000c0)='./file2\x00', 0x8000, 0xa) setsockopt$IP_VS_SO_SET_DELDEST(0xffffffffffffffff, 0x0, 0x488, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_clone(0x2001100, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = socket(0x10, 0x3, 0x6) r5 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x1, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x100, 0x0, 0x0, 0x500, 0x5c4, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) 0s ago: executing program 1 (id=91): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$KDFONTOP_SET(r5, 0x4b6a, 0x0) setresuid(0x0, 0xffffffffffffffff, 0xee01) syz_open_dev$sg(0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.213' (ED25519) to the list of known hosts. [ 82.207766][ T5849] cgroup: Unknown subsys name 'net' [ 82.360654][ T5849] cgroup: Unknown subsys name 'cpuset' [ 82.369648][ T5849] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.048895][ T5849] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.702155][ T5866] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.710918][ T5871] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.720683][ T5871] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.729144][ T5871] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.738105][ T5871] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.767350][ T5871] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.786882][ T5871] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.807047][ T5871] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.827057][ T5871] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.828032][ T5878] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 86.836023][ T5876] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.843423][ T5878] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 86.851803][ T5876] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.855301][ T5880] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.863107][ T5876] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.870432][ T5880] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.884643][ T5878] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 86.892775][ T5880] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.901048][ T5878] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 86.910845][ T5878] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.929477][ T5878] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 86.937561][ T5871] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.937569][ T5878] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.957578][ T5872] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.972112][ T5878] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.733505][ T5860] chnl_net:caif_netlink_parms(): no params data found [ 87.763760][ T5865] chnl_net:caif_netlink_parms(): no params data found [ 87.928163][ T5874] chnl_net:caif_netlink_parms(): no params data found [ 87.953473][ T5861] chnl_net:caif_netlink_parms(): no params data found [ 88.031923][ T5859] chnl_net:caif_netlink_parms(): no params data found [ 88.112599][ T5860] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.119969][ T5860] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.127871][ T5860] bridge_slave_0: entered allmulticast mode [ 88.135518][ T5860] bridge_slave_0: entered promiscuous mode [ 88.144629][ T5865] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.151907][ T5865] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.159129][ T5865] bridge_slave_0: entered allmulticast mode [ 88.166320][ T5865] bridge_slave_0: entered promiscuous mode [ 88.198242][ T5860] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.205484][ T5860] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.212705][ T5860] bridge_slave_1: entered allmulticast mode [ 88.219988][ T5860] bridge_slave_1: entered promiscuous mode [ 88.227412][ T5865] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.234549][ T5865] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.242192][ T5865] bridge_slave_1: entered allmulticast mode [ 88.249715][ T5865] bridge_slave_1: entered promiscuous mode [ 88.393997][ T5860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.406470][ T5865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.422367][ T5874] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.429666][ T5874] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.437370][ T5874] bridge_slave_0: entered allmulticast mode [ 88.444600][ T5874] bridge_slave_0: entered promiscuous mode [ 88.453071][ T5874] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.460311][ T5874] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.467592][ T5874] bridge_slave_1: entered allmulticast mode [ 88.475302][ T5874] bridge_slave_1: entered promiscuous mode [ 88.482235][ T5861] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.489414][ T5861] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.496564][ T5861] bridge_slave_0: entered allmulticast mode [ 88.503981][ T5861] bridge_slave_0: entered promiscuous mode [ 88.513300][ T5860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.524705][ T5865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.558179][ T5861] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.565857][ T5861] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.573887][ T5861] bridge_slave_1: entered allmulticast mode [ 88.581583][ T5861] bridge_slave_1: entered promiscuous mode [ 88.678468][ T5859] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.685777][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.693449][ T5859] bridge_slave_0: entered allmulticast mode [ 88.701391][ T5859] bridge_slave_0: entered promiscuous mode [ 88.712073][ T5874] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.734708][ T5860] team0: Port device team_slave_0 added [ 88.743319][ T5865] team0: Port device team_slave_0 added [ 88.749707][ T5859] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.757101][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.764317][ T5859] bridge_slave_1: entered allmulticast mode [ 88.771718][ T5859] bridge_slave_1: entered promiscuous mode [ 88.781267][ T5874] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.807109][ T5861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.818492][ T5860] team0: Port device team_slave_1 added [ 88.825943][ T5865] team0: Port device team_slave_1 added [ 88.861365][ T5861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.912310][ T5859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.924343][ T5874] team0: Port device team_slave_0 added [ 88.969761][ T5859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.987864][ T52] Bluetooth: hci2: command tx timeout [ 88.987878][ T5878] Bluetooth: hci4: command tx timeout [ 88.988098][ T5866] Bluetooth: hci0: command tx timeout [ 88.993637][ T5878] Bluetooth: hci3: command tx timeout [ 89.013935][ T5874] team0: Port device team_slave_1 added [ 89.033193][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.040484][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.066683][ T5860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.077644][ T52] Bluetooth: hci1: command tx timeout [ 89.079913][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.090861][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.117000][ T5865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.155041][ T5861] team0: Port device team_slave_0 added [ 89.161800][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.168967][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.195006][ T5860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.207829][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.214792][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.240949][ T5865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.253607][ T5859] team0: Port device team_slave_0 added [ 89.274128][ T5861] team0: Port device team_slave_1 added [ 89.297375][ T5859] team0: Port device team_slave_1 added [ 89.303877][ T5874] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.311268][ T5874] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.337319][ T5874] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.375481][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.382537][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.408668][ T5861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.421513][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.428526][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.454450][ T5861] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.478435][ T5874] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.485409][ T5874] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.511918][ T5874] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.600420][ T5860] hsr_slave_0: entered promiscuous mode [ 89.607248][ T5860] hsr_slave_1: entered promiscuous mode [ 89.631306][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.638645][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.664709][ T5859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.710177][ T5865] hsr_slave_0: entered promiscuous mode [ 89.716955][ T5865] hsr_slave_1: entered promiscuous mode [ 89.723167][ T5865] debugfs: 'hsr0' already exists in 'hsr' [ 89.729505][ T5865] Cannot create hsr debugfs directory [ 89.735754][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.742984][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.768995][ T5859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.812570][ T5874] hsr_slave_0: entered promiscuous mode [ 89.819150][ T5874] hsr_slave_1: entered promiscuous mode [ 89.825343][ T5874] debugfs: 'hsr0' already exists in 'hsr' [ 89.831268][ T5874] Cannot create hsr debugfs directory [ 89.884894][ T5861] hsr_slave_0: entered promiscuous mode [ 89.891471][ T5861] hsr_slave_1: entered promiscuous mode [ 89.898245][ T5861] debugfs: 'hsr0' already exists in 'hsr' [ 89.904018][ T5861] Cannot create hsr debugfs directory [ 90.077002][ T5859] hsr_slave_0: entered promiscuous mode [ 90.083415][ T5859] hsr_slave_1: entered promiscuous mode [ 90.089906][ T5859] debugfs: 'hsr0' already exists in 'hsr' [ 90.095651][ T5859] Cannot create hsr debugfs directory [ 90.548486][ T5860] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 90.561782][ T5860] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 90.588997][ T5860] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 90.610517][ T5860] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 90.666375][ T5865] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 90.678565][ T5865] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 90.704345][ T5865] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 90.715535][ T5865] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 90.775118][ T5874] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 90.790257][ T5874] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 90.805638][ T5874] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 90.847080][ T5874] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 90.941374][ T5861] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 90.972831][ T5861] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 90.983667][ T5861] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 91.000451][ T5861] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 91.067062][ T52] Bluetooth: hci3: command tx timeout [ 91.072822][ T52] Bluetooth: hci2: command tx timeout [ 91.080894][ T5866] Bluetooth: hci4: command tx timeout [ 91.086339][ T5866] Bluetooth: hci0: command tx timeout [ 91.128106][ T5859] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 91.142318][ T5859] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 91.149885][ T5866] Bluetooth: hci1: command tx timeout [ 91.161548][ T5859] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 91.173666][ T5859] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 91.193211][ T5860] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.268361][ T5865] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.282487][ T5860] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.315506][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.322793][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.334709][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.341874][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.379384][ T5865] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.399826][ T5874] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.432676][ T5874] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.442572][ T3508] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.449728][ T3508] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.461714][ T3508] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.468864][ T3508] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.506121][ T3508] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.513292][ T3508] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.552277][ T3508] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.559541][ T3508] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.604089][ T5861] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.702070][ T5861] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.733970][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.741156][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.757409][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.812079][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.819304][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.882444][ T1613] cfg80211: failed to load regulatory.db [ 91.913598][ T5859] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.993448][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.000674][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.075268][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.082529][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.191147][ T5860] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.283148][ T5865] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.329777][ T5874] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.434925][ T5860] veth0_vlan: entered promiscuous mode [ 92.474182][ T5860] veth1_vlan: entered promiscuous mode [ 92.488029][ T5861] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.522882][ T5865] veth0_vlan: entered promiscuous mode [ 92.543886][ T5865] veth1_vlan: entered promiscuous mode [ 92.635328][ T5860] veth0_macvtap: entered promiscuous mode [ 92.656859][ T5874] veth0_vlan: entered promiscuous mode [ 92.671787][ T5865] veth0_macvtap: entered promiscuous mode [ 92.693587][ T5859] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.705525][ T5865] veth1_macvtap: entered promiscuous mode [ 92.728606][ T5860] veth1_macvtap: entered promiscuous mode [ 92.738372][ T5874] veth1_vlan: entered promiscuous mode [ 92.776762][ T5861] veth0_vlan: entered promiscuous mode [ 92.802598][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.844536][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.862658][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.894466][ T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.912967][ T5861] veth1_vlan: entered promiscuous mode [ 92.926495][ T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.938224][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.953059][ T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.963828][ T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.022732][ T36] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.035873][ T5874] veth0_macvtap: entered promiscuous mode [ 93.060192][ T36] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.071237][ T36] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.092596][ T36] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.104682][ T5874] veth1_macvtap: entered promiscuous mode [ 93.146978][ T5866] Bluetooth: hci4: command tx timeout [ 93.160658][ T5866] Bluetooth: hci0: command tx timeout [ 93.166261][ T52] Bluetooth: hci2: command tx timeout [ 93.166463][ T5878] Bluetooth: hci3: command tx timeout [ 93.211184][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.212698][ T5861] veth0_macvtap: entered promiscuous mode [ 93.227465][ T5878] Bluetooth: hci1: command tx timeout [ 93.237001][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.267442][ T5874] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.278498][ T5861] veth1_macvtap: entered promiscuous mode [ 93.308280][ T5874] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.370343][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.378602][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.386571][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.388650][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.409772][ T5859] veth0_vlan: entered promiscuous mode [ 93.424950][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.433964][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.461018][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.483564][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.494202][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.509660][ T5865] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 93.511424][ T5859] veth1_vlan: entered promiscuous mode [ 93.545944][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.594059][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.610613][ T49] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.624500][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.626482][ T49] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.665518][ T49] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.681025][ T49] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.534303][ T5859] veth0_macvtap: entered promiscuous mode [ 94.545748][ T5859] veth1_macvtap: entered promiscuous mode [ 94.572258][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.584453][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.683136][ T60] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.737486][ T60] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.759245][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.780284][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.785403][ T60] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.821723][ T60] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.842025][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.888804][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.039695][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.048385][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.835653][ T5866] Bluetooth: hci3: command tx timeout [ 95.841264][ T5871] Bluetooth: hci1: command tx timeout [ 95.846875][ T5872] Bluetooth: hci0: command tx timeout [ 95.852442][ T52] Bluetooth: hci4: command tx timeout [ 95.866823][ T5878] Bluetooth: hci2: command tx timeout [ 97.037508][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.070345][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.121302][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.138065][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.160191][ T6007] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 97.357772][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 97.460192][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 97.671962][ T6006] syz.1.2 (6006): /proc/6002/oom_adj is deprecated, please use /proc/6002/oom_score_adj instead. [ 97.719508][ T6006] I/O error, dev loop1, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 97.729728][ T6006] EXT4-fs (loop1): unable to read superblock [ 97.767337][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 98.248337][ T6010] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.256204][ T6010] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.296562][ T6014] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11'. [ 98.307278][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.382130][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 98.391542][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 98.483083][ T6014] random: crng reseeded on system resumption [ 99.437167][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.137283][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.147106][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.688359][ T6034] process 'syz.2.13' launched './file0' with NULL argv: empty string added [ 101.297476][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.257770][ T6058] Zero length message leads to an empty skb [ 104.561909][ T6059] I/O error, dev loop2, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 104.608148][ T6059] EXT4-fs (loop2): unable to read superblock [ 105.047703][ T6064] netlink: 40 bytes leftover after parsing attributes in process `syz.2.19'. [ 106.429520][ T6071] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.440764][ T6071] bridge_slave_1: left allmulticast mode [ 106.446463][ T6071] bridge_slave_1: left promiscuous mode [ 106.456651][ T6071] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.742640][ T6081] ======================================================= [ 108.742640][ T6081] WARNING: The mand mount option has been deprecated and [ 108.742640][ T6081] and is ignored by this kernel. Remove the mand [ 108.742640][ T6081] option from the mount to silence this warning. [ 108.742640][ T6081] ======================================================= [ 109.175485][ T6081] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 109.203068][ T6071] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 109.249730][ T6081] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 109.358249][ T6085] I/O error, dev loop1, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 109.368597][ T6085] EXT4-fs (loop1): unable to read superblock [ 115.169247][ T6121] ceph: No mds server is up or the cluster is laggy [ 115.178012][ T5969] libceph: connect (1)[c::]:6789 error -101 [ 115.184468][ T5969] libceph: mon0 (1)[c::]:6789 connect error [ 116.160135][ T5952] libceph: connect (1)[c::]:6789 error -101 [ 116.166607][ T5952] libceph: mon0 (1)[c::]:6789 connect error [ 119.662010][ T6170] bridge0: port 3(syz_tun) entered blocking state [ 119.669452][ T6170] bridge0: port 3(syz_tun) entered disabled state [ 119.677255][ T6170] syz_tun: entered allmulticast mode [ 119.693997][ T6170] syz_tun: entered promiscuous mode [ 119.701172][ T6170] bridge0: port 3(syz_tun) entered blocking state [ 119.708065][ T6170] bridge0: port 3(syz_tun) entered forwarding state [ 121.994690][ T6192] I/O error, dev loop3, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 122.082268][ T6192] EXT4-fs (loop3): unable to read superblock [ 122.913310][ T6203] vfat: Bad value for 'gid' [ 122.918946][ T6203] vfat: Bad value for 'gid' [ 127.427538][ T6236] new mount options do not match the existing superblock, will be ignored [ 127.456663][ T6236] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 127.876870][ T30] audit: type=1326 audit(1758226035.869:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6231 comm="syz.0.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcea438eba9 code=0x7ffc0000 [ 128.849759][ T30] audit: type=1326 audit(1758226035.869:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6231 comm="syz.0.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcea438eba9 code=0x7ffc0000 [ 128.872192][ T30] audit: type=1326 audit(1758226035.879:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6231 comm="syz.0.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fcea438eba9 code=0x7ffc0000 [ 128.894114][ C0] vkms_vblank_simulate: vblank timer overrun [ 130.226079][ T6255] I/O error, dev loop2, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 130.311030][ T6255] EXT4-fs (loop2): unable to read superblock [ 131.472769][ T6271] netlink: 'syz.3.61': attribute type 3 has an invalid length. [ 131.481380][ T6271] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.61'. [ 132.233390][ T5878] Bluetooth: hci4: link tx timeout [ 132.239222][ T5878] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 132.947070][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.953572][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.994219][ T5866] Bluetooth: hci4: link tx timeout [ 132.999478][ T5866] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 133.102754][ T6285] netlink: 20 bytes leftover after parsing attributes in process `syz.0.64'. [ 133.634180][ T6297] netlink: 'syz.3.65': attribute type 10 has an invalid length. [ 133.910592][ T5937] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 134.279468][ T5866] Bluetooth: hci4: command 0x0406 tx timeout [ 134.476464][ T6297] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 134.489860][ T6303] I/O error, dev loop1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 134.588696][ T6303] hfs: can't find a HFS filesystem on dev loop1 [ 134.810737][ T5937] usb 3-1: config 0 has an invalid interface number: 120 but max is 0 [ 134.883209][ T6303] I/O error, dev loop1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 134.916761][ T5937] usb 3-1: config 0 has no interface number 0 [ 134.935277][ T5937] usb 3-1: config 0 interface 120 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 134.976384][ T5937] usb 3-1: config 0 interface 120 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 135.016225][ T6303] hfs: can't find a HFS filesystem on dev loop1 [ 135.045521][ T5937] usb 3-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice=55.58 [ 135.115767][ T6303] I/O error, dev loop1, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 1 [ 135.125509][ T6303] EXT4-fs (loop1): unable to read superblock [ 135.790611][ T5937] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.908163][ T5937] usb 3-1: Product: syz [ 135.912420][ T5937] usb 3-1: Manufacturer: syz [ 135.953938][ T5937] usb 3-1: SerialNumber: syz [ 136.056532][ T5937] usb 3-1: config 0 descriptor?? [ 137.012466][ T5937] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.120/input/input5 [ 137.209898][ T983] usb 3-1: USB disconnect, device number 2 [ 140.537199][ T6349] kvm: kvm [6345]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x890000fdb1 [ 140.549727][ T6349] kvm: kvm [6345]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0x890000bdb1 [ 144.741139][ T6372] I/O error, dev loop1, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 144.750986][ T6372] EXT4-fs (loop1): unable to read superblock [ 148.185140][ T30] audit: type=1326 audit(1758226056.689:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6401 comm="syz.4.89" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57d2d8eba9 code=0x7ffc0000 [ 148.300956][ T6407] I/O error, dev loop4, sector 2 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 148.346793][ T30] audit: type=1326 audit(1758226056.689:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6401 comm="syz.4.89" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57d2d8eba9 code=0x7ffc0000 [ 148.842708][ T30] audit: type=1326 audit(1758226056.689:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6401 comm="syz.4.89" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f57d2d8eba9 code=0x7ffc0000 [ 148.889191][ T6407] hfsplus: unable to find HFS+ superblock [ 149.145527][ T6413] I/O error, dev loop0, sector 2 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 149.319337][ T30] audit: type=1326 audit(1758226056.689:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6401 comm="syz.4.89" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57d2d8eba9 code=0x7ffc0000 [ 149.516868][ T6413] hfsplus: unable to find HFS+ superblock [ 150.002754][ T30] audit: type=1326 audit(1758226056.689:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6401 comm="syz.4.89" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f57d2d90ac7 code=0x7ffc0000 [ 150.075167][ T6390] ------------[ cut here ]------------ [ 150.080885][ T6390] WARNING: kernel/vhost_task.c:97 at __vhost_task_wake+0xbb/0xd0, CPU#1: syz.3.87/6390 [ 150.090686][ T6390] Modules linked in: [ 150.095537][ T6390] CPU: 1 UID: 0 PID: 6390 Comm: syz.3.87 Not tainted syzkaller #0 PREEMPT(full) [ 150.105219][ T6390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 150.115833][ T6390] RIP: 0010:__vhost_task_wake+0xbb/0xd0 [ 150.122157][ T6390] Code: 38 00 74 08 48 89 df e8 03 8b 95 00 48 8b 3b 5b 41 5e 41 5f e9 a6 45 01 00 e8 81 f0 30 00 90 0f 0b 90 eb 8b e8 76 f0 30 00 90 <0f> 0b 90 5b 41 5e 41 5f e9 18 17 f8 09 cc 0f 1f 80 00 00 00 00 90 [ 150.141843][ C1] vkms_vblank_simulate: vblank timer overrun [ 150.148087][ T6390] RSP: 0018:ffffc9000b357a60 EFLAGS: 00010293 [ 150.154163][ T6390] RAX: ffffffff818eed7a RBX: ffff888059b8ac00 RCX: ffff88802b851e40 [ 150.162176][ T6390] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 150.170205][ T6390] RBP: ffffc9000b357b30 R08: ffff888059b8ac77 R09: 1ffff1100b37158e [ 150.178242][ T6390] R10: dffffc0000000000 R11: ffffed100b37158f R12: 1ffff9200166af54 [ 150.186237][ T6390] R13: dffffc0000000000 R14: 0000000000000002 R15: dffffc0000000000 [ 150.194263][ T6390] FS: 000055556c77c500(0000) GS:ffff888125add000(0000) knlGS:0000000000000000 [ 150.203949][ T6390] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 150.211200][ T6390] CR2: 0000001b33211ff8 CR3: 00000000769d0000 CR4: 00000000003526f0 [ 150.219221][ T6390] Call Trace: [ 150.222505][ T6390] [ 150.225454][ T6390] vhost_worker_queue+0x194/0x260 [ 150.230532][ T6390] ? __pfx_vhost_worker_queue+0x10/0x10 [ 150.236112][ T6390] ? __init_swait_queue_head+0xa9/0x150 [ 150.241752][ T6390] __vhost_worker_flush+0x134/0x1e0 [ 150.246986][ T6390] ? __pfx___vhost_worker_flush+0x10/0x10 [ 150.252708][ T6390] ? __pfx_vhost_flush_work+0x10/0x10 [ 150.258133][ T6390] ? xa_find+0x25b/0x2b0 [ 150.262378][ T6390] ? xa_find+0x8c/0x2b0 [ 150.266543][ T6390] vhost_dev_flush+0xb2/0x130 [ 150.271374][ T6390] ? __pfx_vhost_dev_flush+0x10/0x10 [ 150.276927][ T6390] ? __local_bh_enable_ip+0x12d/0x1c0 [ 150.282311][ T6390] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 150.288180][ T6390] ? do_raw_spin_unlock+0x122/0x240 [ 150.293416][ T6390] vhost_vsock_dev_release+0x1fb/0x3f0 [ 150.300133][ T6390] ? evm_file_release+0x108/0x1e0 [ 150.305346][ T6390] ? __pfx_vhost_vsock_dev_release+0x10/0x10 [ 150.311787][ T6390] __fput+0x44c/0xa70 [ 150.315799][ T6390] task_work_run+0x1d4/0x260 [ 150.320785][ T6390] ? __pfx_task_work_run+0x10/0x10 [ 150.326037][ T6390] ? exit_to_user_mode_loop+0x40/0x130 [ 150.332020][ T6390] exit_to_user_mode_loop+0xe9/0x130 [ 150.337852][ T6390] do_syscall_64+0x2bd/0xfa0 [ 150.342503][ T6390] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.348789][ T6390] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 150.354434][ T6390] ? clear_bhb_loop+0x60/0xb0 [ 150.359201][ T6390] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.365130][ T6390] RIP: 0033:0x7fe24bd8eba9 [ 150.369598][ T6390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.389280][ T6390] RSP: 002b:00007fff023ed3d8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 150.397753][ T6390] RAX: 0000000000000000 RBX: 00007fe24bfd7da0 RCX: 00007fe24bd8eba9 [ 150.406301][ T6390] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 150.414789][ T6390] RBP: 00007fe24bfd7da0 R08: 000000000000b24c R09: 00000014023ed6cf [ 150.422818][ T6390] R10: 00007fe24bfd7cb0 R11: 0000000000000246 R12: 00000000000243ce [ 150.430984][ T6390] R13: 00007fe24bfd6090 R14: ffffffffffffffff R15: 00007fff023ed4f0 [ 150.439003][ T6390] [ 150.442053][ T6390] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 150.449334][ T6390] CPU: 1 UID: 0 PID: 6390 Comm: syz.3.87 Not tainted syzkaller #0 PREEMPT(full) [ 150.458447][ T6390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 150.468954][ T6390] Call Trace: [ 150.472233][ T6390] [ 150.475162][ T6390] dump_stack_lvl+0x99/0x250 [ 150.479759][ T6390] ? __asan_memcpy+0x40/0x70 [ 150.484380][ T6390] ? __pfx_dump_stack_lvl+0x10/0x10 [ 150.489580][ T6390] ? __pfx__printk+0x10/0x10 [ 150.494191][ T6390] vpanic+0x237/0x6d0 [ 150.498200][ T6390] ? __pfx_vpanic+0x10/0x10 [ 150.502701][ T6390] ? is_bpf_text_address+0x292/0x2b0 [ 150.508004][ T6390] ? is_bpf_text_address+0x26/0x2b0 [ 150.513223][ T6390] panic+0xb9/0xc0 [ 150.516957][ T6390] ? __pfx_panic+0x10/0x10 [ 150.521389][ T6390] __warn+0x334/0x4c0 [ 150.525395][ T6390] ? __vhost_task_wake+0xbb/0xd0 [ 150.530337][ T6390] ? __vhost_task_wake+0xbb/0xd0 [ 150.535278][ T6390] report_bug+0x2be/0x4f0 [ 150.540069][ T6390] ? __vhost_task_wake+0xbb/0xd0 [ 150.545007][ T6390] ? __vhost_task_wake+0xbb/0xd0 [ 150.549942][ T6390] ? __vhost_task_wake+0xbd/0xd0 [ 150.554879][ T6390] handle_bug+0x84/0x160 [ 150.559137][ T6390] exc_invalid_op+0x1a/0x50 [ 150.563643][ T6390] asm_exc_invalid_op+0x1a/0x20 [ 150.568494][ T6390] RIP: 0010:__vhost_task_wake+0xbb/0xd0 [ 150.574043][ T6390] Code: 38 00 74 08 48 89 df e8 03 8b 95 00 48 8b 3b 5b 41 5e 41 5f e9 a6 45 01 00 e8 81 f0 30 00 90 0f 0b 90 eb 8b e8 76 f0 30 00 90 <0f> 0b 90 5b 41 5e 41 5f e9 18 17 f8 09 cc 0f 1f 80 00 00 00 00 90 [ 150.593649][ T6390] RSP: 0018:ffffc9000b357a60 EFLAGS: 00010293 [ 150.599730][ T6390] RAX: ffffffff818eed7a RBX: ffff888059b8ac00 RCX: ffff88802b851e40 [ 150.607705][ T6390] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 150.615688][ T6390] RBP: ffffc9000b357b30 R08: ffff888059b8ac77 R09: 1ffff1100b37158e [ 150.623691][ T6390] R10: dffffc0000000000 R11: ffffed100b37158f R12: 1ffff9200166af54 [ 150.631671][ T6390] R13: dffffc0000000000 R14: 0000000000000002 R15: dffffc0000000000 [ 150.639655][ T6390] ? __vhost_task_wake+0xba/0xd0 [ 150.644609][ T6390] vhost_worker_queue+0x194/0x260 [ 150.649661][ T6390] ? __pfx_vhost_worker_queue+0x10/0x10 [ 150.655231][ T6390] ? __init_swait_queue_head+0xa9/0x150 [ 150.660822][ T6390] __vhost_worker_flush+0x134/0x1e0 [ 150.666031][ T6390] ? __pfx___vhost_worker_flush+0x10/0x10 [ 150.671750][ T6390] ? __pfx_vhost_flush_work+0x10/0x10 [ 150.677131][ T6390] ? xa_find+0x25b/0x2b0 [ 150.681386][ T6390] ? xa_find+0x8c/0x2b0 [ 150.685562][ T6390] vhost_dev_flush+0xb2/0x130 [ 150.690256][ T6390] ? __pfx_vhost_dev_flush+0x10/0x10 [ 150.695550][ T6390] ? __local_bh_enable_ip+0x12d/0x1c0 [ 150.700942][ T6390] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 150.706775][ T6390] ? do_raw_spin_unlock+0x122/0x240 [ 150.712006][ T6390] vhost_vsock_dev_release+0x1fb/0x3f0 [ 150.717477][ T6390] ? evm_file_release+0x108/0x1e0 [ 150.722510][ T6390] ? __pfx_vhost_vsock_dev_release+0x10/0x10 [ 150.728494][ T6390] __fput+0x44c/0xa70 [ 150.732502][ T6390] task_work_run+0x1d4/0x260 [ 150.737100][ T6390] ? __pfx_task_work_run+0x10/0x10 [ 150.742216][ T6390] ? exit_to_user_mode_loop+0x40/0x130 [ 150.747689][ T6390] exit_to_user_mode_loop+0xe9/0x130 [ 150.753007][ T6390] do_syscall_64+0x2bd/0xfa0 [ 150.757603][ T6390] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.763668][ T6390] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 150.769312][ T6390] ? clear_bhb_loop+0x60/0xb0 [ 150.774027][ T6390] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.779929][ T6390] RIP: 0033:0x7fe24bd8eba9 [ 150.784352][ T6390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.804132][ T6390] RSP: 002b:00007fff023ed3d8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 150.812556][ T6390] RAX: 0000000000000000 RBX: 00007fe24bfd7da0 RCX: 00007fe24bd8eba9 [ 150.820534][ T6390] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 150.828507][ T6390] RBP: 00007fe24bfd7da0 R08: 000000000000b24c R09: 00000014023ed6cf [ 150.836478][ T6390] R10: 00007fe24bfd7cb0 R11: 0000000000000246 R12: 00000000000243ce [ 150.844469][ T6390] R13: 00007fe24bfd6090 R14: ffffffffffffffff R15: 00007fff023ed4f0 [ 150.852455][ T6390] [ 150.855829][ T6390] Kernel Offset: disabled [ 150.860164][ T6390] Rebooting in 86400 seconds..