last executing test programs: 38.587230481s ago: executing program 1 (id=140): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000) poll(&(0x7f0000000240)=[{r1, 0x421a}], 0x1, 0x7) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 38.337067513s ago: executing program 1 (id=141): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0xa0000, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4, r0}) ioctl$DMA_BUF_SET_NAME_A(r2, 0x40046201, &(0x7f0000000040)='/dev/dma_heap/system\x00') r3 = openat$nullb(0xffffff9c, 0x0, 0x121501, 0x0) ioctl$BLKROSET(r3, 0x125d, &(0x7f0000000100)=0xfffffffc) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f0000000140)) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x2) openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/4\x00') preadv(r5, &(0x7f0000001240)=[{&(0x7f0000000040)=""/18, 0x12}], 0x1, 0x0, 0x0) pwritev(r4, 0x0, 0x0, 0x0, 0x0) 36.253379829s ago: executing program 1 (id=147): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000010c0)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16, @ANYBLOB], 0x7c}, 0x1, 0x0, 0x0, 0x4084}, 0x20008040) syz_genetlink_get_family_id$nl80211(0x0, r0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001140)=@deltfilter={0xf58, 0x2d, 0x1, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xffff, 0x6}, {0xffff, 0x2}, {0x10, 0xb}}, [@TCA_RATE={0x6, 0x5, {0x2, 0xfb}}, @TCA_RATE={0x6, 0x5, {0x1, 0xfe}}, @filter_kind_options=@f_bpf={{0x8}, {0xf1c, 0x2, [@TCA_BPF_ACT={0x4}, @TCA_BPF_FD={0x8}, @TCA_BPF_ACT={0x4}, @TCA_BPF_NAME={0xef4, 0x7, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'}, @TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x4, 0xe, 0x8, 0x4}]}}]}}]}, 0xf58}, 0x1, 0x0, 0x0, 0x4006040}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$kcm(0x29, 0x2, 0x0) r3 = memfd_create(&(0x7f0000000000)='e\xf4E\x88-\x00', 0x0) pwritev(r3, &(0x7f0000000040)=[{&(0x7f0000000480)="db", 0x1}], 0x1, 0x4000001, 0x0) sendfile(r2, r3, 0x0, 0x8000fb00) 34.109197982s ago: executing program 1 (id=149): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) r4 = getpid() prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xb1, 0x2, 0x7ffc1ff8}]}) waitid(0x0, r4, &(0x7f0000000000), 0x8, &(0x7f0000000400)) ioprio_get$pid(0x2, r0) 32.253482022s ago: executing program 1 (id=152): prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x24}}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) eventfd(0xfffffff9) openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0) sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, 0x0, 0x0) 28.635565279s ago: executing program 1 (id=159): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000780)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) syz_open_dev$I2C(0x0, 0x80, 0x14000) keyctl$join(0x1, &(0x7f0000000040)={'syz', 0x1}) 25.891929544s ago: executing program 2 (id=166): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000180), 0x2080, 0x0) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000440)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}}]}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x61, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 22.762970425s ago: executing program 2 (id=167): sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x200}, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x60240) socket$nl_xfrm(0x10, 0x3, 0x6) openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$KDDISABIO(0xffffffffffffffff, 0x4b37) r2 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ipv6_route\x00') pread64(r2, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) 21.24786421s ago: executing program 4 (id=170): mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0xc) mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000001200)='vfat\x00', 0x0, 0x0) 18.866923791s ago: executing program 4 (id=172): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) sendto$unix(0xffffffffffffffff, 0x0, 0x0, 0x4008000, 0x0, 0x0) sendto$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f000059e000/0x5000)=nil, 0x5000, 0x9) 16.838955869s ago: executing program 4 (id=173): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0xf3, 0x130c17, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x80d02, 0x0) r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000080)='source', &(0x7f0000000180)='b:::\x00\xef\xdfB\xfa=\xe3\xd1\x9d\xe1\xbfUlJ4]y-,\x8a\x03\x91xu\x9cP\xdc\xe5\x95\xa2@\x9c\x98\xa4\xd2\xd4}\xc8]7N\xf3\x0e\'\xa0x\xfbdt\xb4\x1fW\xe7\xbe\xaf\x01.zT\xab\x92I\x104\x8c\x18\x16\x1c\x8a\x8e\xfd\x8b{ZVHZ2\xd3\xd6-~\x96\x80#\xee)+L\xf1\x00\xd5p\xe7 \x8c\xd2\a\x1e\xae\xb4\xe8\xd1\xe1\xed\xb8\x94\xb2*\x1c\xaeG\x1e\xdb\xc0Q\xb9`K\xffG\xc0\xa2\xb41\xac\x98\x01\xde}:\b\xa0Oq\xec\xa8\xf0\x8f\xe3\xa17\xe3\xd7\x9c^\x90\xfal\xbe\x81\x9a\xa4\x00K', 0x0) 15.623662237s ago: executing program 4 (id=175): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getresuid(&(0x7f0000000080), 0x0, 0x0) 14.360038093s ago: executing program 4 (id=177): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0xb}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x200008c5, &(0x7f0000000000)={0xa, 0x2, 0x2, @loopback, 0x4}, 0x1c) r3 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, r3, 0x0, 0x7ffff000) set_robust_list(0x0, 0x0) 13.735099302s ago: executing program 3 (id=179): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(0xffffffffffffffff, 0xc0585605, &(0x7f0000000080)={0x1, 0x0, {0x1, 0x5, 0x3009, 0x9, 0x1, 0xc, 0x2, 0x310}}) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendfile(r4, r5, 0x0, 0x201f00) 11.638976477s ago: executing program 32 (id=159): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000780)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) syz_open_dev$I2C(0x0, 0x80, 0x14000) keyctl$join(0x1, &(0x7f0000000040)={'syz', 0x1}) 11.598906145s ago: executing program 0 (id=182): bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) connect$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4f24, @broadcast}, 0x10) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-generic\x00'}, 0x58) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x2000c851, 0x0, 0x0) syz_genetlink_get_family_id$ieee802154(0x0, r1) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, 0x0, 0x40010) r2 = socket$inet_sctp(0x2, 0x1, 0x84) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x10000, 0x1cb, 0x12d61, 0x12d58}}, 0x44) setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e24, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x10000, 0x0, 0x12d5c, 0x12d5c}}, 0x44) 11.381239802s ago: executing program 2 (id=183): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='d']) 11.293354563s ago: executing program 3 (id=184): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r4 = syz_io_uring_setup(0x49a, &(0x7f0000000200)={0x0, 0xb6b8, 0x400, 0x2, 0x1}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, r3, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfff0}, 0x0, 0x40000120, 0x4aa52520f215cfe4, {0x2}}) io_uring_enter(r4, 0x154e, 0x0, 0x41, 0x0, 0x0) 11.257347496s ago: executing program 0 (id=185): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) listen(r0, 0xb) syz_open_dev$dri(0x0, 0x1, 0x0) r4 = syz_open_dev$video4linux(&(0x7f0000000040), 0x7, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r4, 0xc0305602, &(0x7f0000000100)={0x0, 0x1, 0x2016, 0x1}) 9.631320272s ago: executing program 2 (id=186): bpf$MAP_CREATE(0x0, 0x0, 0x50) openat$comedi(0xffffffffffffff9c, 0x0, 0x400, 0x0) ioctl$COMEDI_INSNLIST(0xffffffffffffffff, 0x8010640b, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x10) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4040) clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x4084) sendmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x4000000000001f2, 0x0) 9.160360748s ago: executing program 3 (id=187): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = io_uring_setup(0x330b, &(0x7f0000000640)={0x0, 0xffffffee, 0x1, 0x103fc, 0x14e}) r4 = socket$rds(0x15, 0x5, 0x0) bind$rds(r4, 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 8.266993863s ago: executing program 0 (id=188): socket$pppl2tp(0x18, 0x1, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) dup2(r1, r2) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000500), r3) sendmsg$NFC_CMD_SE_IO(r3, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)={0x14, r4, 0x1, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 7.226368278s ago: executing program 3 (id=189): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008000}, 0x0) bind$inet(r3, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10) ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, 0x0) connect$inet(r3, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) 4.412474984s ago: executing program 0 (id=190): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount$binderfs(0x0, 0x0, 0x0, 0x4000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r3}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x12, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0x1ac81b, 0x0, 0x0, 0x0, 0x1000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8, 0x0, 0x0, 0x1010000}, @initr0, @exit, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222}, 0x94) 2.768549213s ago: executing program 3 (id=191): socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) memfd_secret(0x0) pipe2$9p(&(0x7f0000000140), 0x80000) r1 = syz_io_uring_setup(0x19f2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000140)=0x0, &(0x7f0000000100)=0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000040)={'syztnl0\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x14, 0x0, 0x0, 0x0, 0x2b, @empty, @empty}}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[@ANYRES64=r4], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, r5, 0x0, r0}) io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 1.355290617s ago: executing program 2 (id=192): syz_open_dev$vim2m(&(0x7f0000000000), 0x4, 0x2) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180), 0xc40, 0x0) syz_io_uring_setup(0x416f, 0x0, &(0x7f0000000100)=0x0, &(0x7f00000000c0)=0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) sendmsg$NL80211_CMD_RELOAD_REGDB(r0, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, 0x0, 0x1, 0x70bd2a, 0x25dfdbfd, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40080}, 0x20000080) fcntl$lock(r0, 0x7, &(0x7f0000000080)={0x567e49ed6a0a949f, 0x4, 0x8001, 0x3fc}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r3, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r4 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x0) readv(r4, &(0x7f0000004980)=[{&(0x7f0000000480)=""/87, 0x57}], 0x1) read$watch_queue(r0, &(0x7f00000001c0)=""/68, 0x44) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27}) 1.249933117s ago: executing program 0 (id=193): syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x42200) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$kcm(0x29, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001dc0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad0e0e2b45d14ee446b840edaa1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c50ce6a8e9f65de13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87915ed063f608dddb03a95b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0fd9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000c3d51d9a161446b4373e06a9e07f8a000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b2844869"], &(0x7f0000000140)='GPL\x00'}, 0x48) r3 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r3, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811) sendmsg(r1, &(0x7f0000002ec0)={0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f0000002b80)="b2", 0x1}], 0x1}, 0x4000) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000040)={r3, r2}) close(r1) 1.055329409s ago: executing program 3 (id=194): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x1, 0x28}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r2, 0x9) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000001000000280001801400040000000000000002000000ffffac1414aa060001000a0080000800060003"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)={0x14, r6, 0x1, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x24008804}, 0x800) 160.144181ms ago: executing program 0 (id=195): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair(0x23, 0x2, 0x1, &(0x7f0000000040)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r4 = add_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe) keyctl$KEYCTL_WATCH_KEY(0x20, r4, r3, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, r4, r3, 0xffffffffffffffff) 137.095705ms ago: executing program 4 (id=196): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x10008) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r2, &(0x7f00000004c0)={0x18}, 0x18) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000003c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r3, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_GETXATTR(r2, &(0x7f0000000140)={0x18, 0x0, r4, {0xffffffff}}, 0x18) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x4014, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_fscache}]}}) r5 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000580)="e2", 0x1}], 0x20) 0s ago: executing program 2 (id=197): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) syz_io_uring_setup(0x50d0, &(0x7f0000000000)={0x0, 0xfffffffd, 0x2, 0x2, 0x332}, &(0x7f0000000100), &(0x7f0000ff4000)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc22, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.152' (ED25519) to the list of known hosts. [ 85.468105][ T5787] cgroup: Unknown subsys name 'net' [ 85.709192][ T5787] cgroup: Unknown subsys name 'cpuset' [ 85.803742][ T5787] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 87.894031][ T5787] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 90.945476][ T61] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.960883][ T61] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.962576][ T61] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.973575][ T61] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.984767][ T5805] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.987282][ T5805] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.988230][ T5805] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.993960][ T5801] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 91.005419][ T5810] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 91.014175][ T5801] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 91.021509][ T5801] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 91.022424][ T5801] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 91.033227][ T5801] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 91.035761][ T5801] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 91.041305][ T5801] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 91.042191][ T5801] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 91.067791][ T61] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 91.082354][ T61] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 91.083840][ T61] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 91.084650][ T61] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 91.123902][ T5805] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 91.155698][ T5805] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 91.156624][ T5805] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 91.174907][ T5116] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 91.176060][ T5116] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 92.171770][ T5807] chnl_net:caif_netlink_parms(): no params data found [ 92.272266][ T10] cfg80211: failed to load regulatory.db [ 92.308523][ T5798] chnl_net:caif_netlink_parms(): no params data found [ 92.431863][ T5799] chnl_net:caif_netlink_parms(): no params data found [ 92.486352][ T5806] chnl_net:caif_netlink_parms(): no params data found [ 92.594255][ T5800] chnl_net:caif_netlink_parms(): no params data found [ 93.134789][ T5116] Bluetooth: hci3: command tx timeout [ 93.134794][ T5801] Bluetooth: hci4: command tx timeout [ 93.135035][ T5808] Bluetooth: hci0: command tx timeout [ 93.158888][ T5807] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.160377][ T5807] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.161143][ T5807] bridge_slave_0: entered allmulticast mode [ 93.164904][ T5807] bridge_slave_0: entered promiscuous mode [ 93.213203][ T5808] Bluetooth: hci2: command tx timeout [ 93.213209][ T5801] Bluetooth: hci1: command tx timeout [ 93.259538][ T5807] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.259668][ T5807] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.259875][ T5807] bridge_slave_1: entered allmulticast mode [ 93.261781][ T5807] bridge_slave_1: entered promiscuous mode [ 93.534647][ T5798] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.534802][ T5798] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.534990][ T5798] bridge_slave_0: entered allmulticast mode [ 93.537898][ T5798] bridge_slave_0: entered promiscuous mode [ 93.784154][ T5798] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.784300][ T5798] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.784510][ T5798] bridge_slave_1: entered allmulticast mode [ 93.786622][ T5798] bridge_slave_1: entered promiscuous mode [ 93.854347][ T5799] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.854465][ T5799] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.854597][ T5799] bridge_slave_0: entered allmulticast mode [ 93.856474][ T5799] bridge_slave_0: entered promiscuous mode [ 93.928121][ T5807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.074080][ T5799] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.074290][ T5799] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.074477][ T5799] bridge_slave_1: entered allmulticast mode [ 94.076692][ T5799] bridge_slave_1: entered promiscuous mode [ 94.077586][ T5806] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.077703][ T5806] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.077828][ T5806] bridge_slave_0: entered allmulticast mode [ 94.079639][ T5806] bridge_slave_0: entered promiscuous mode [ 94.088324][ T5807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.204704][ T5800] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.204855][ T5800] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.205033][ T5800] bridge_slave_0: entered allmulticast mode [ 94.207153][ T5800] bridge_slave_0: entered promiscuous mode [ 94.274065][ T5806] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.274164][ T5806] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.274290][ T5806] bridge_slave_1: entered allmulticast mode [ 94.276155][ T5806] bridge_slave_1: entered promiscuous mode [ 94.407217][ T5798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.407523][ T5800] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.407680][ T5800] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.407857][ T5800] bridge_slave_1: entered allmulticast mode [ 94.409910][ T5800] bridge_slave_1: entered promiscuous mode [ 94.647636][ T5798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.717060][ T5799] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.796105][ T5807] team0: Port device team_slave_0 added [ 94.918172][ T5799] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.921288][ T5806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.924483][ T5807] team0: Port device team_slave_1 added [ 95.007439][ T5800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.086423][ T5806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.165607][ T5798] team0: Port device team_slave_0 added [ 95.168800][ T5800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.213216][ T5808] Bluetooth: hci0: command tx timeout [ 95.213250][ T5808] Bluetooth: hci3: command tx timeout [ 95.213270][ T5808] Bluetooth: hci4: command tx timeout [ 95.293259][ T5808] Bluetooth: hci2: command tx timeout [ 95.293360][ T5801] Bluetooth: hci1: command tx timeout [ 95.396473][ T5798] team0: Port device team_slave_1 added [ 95.489450][ T5799] team0: Port device team_slave_0 added [ 95.945478][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.945492][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.945512][ T5807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.165992][ T5799] team0: Port device team_slave_1 added [ 96.167916][ T5806] team0: Port device team_slave_0 added [ 96.170733][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.170749][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.170776][ T5807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.256264][ T5800] team0: Port device team_slave_0 added [ 96.327356][ T5806] team0: Port device team_slave_1 added [ 96.346761][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.346775][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.346793][ T5798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.349216][ T5800] team0: Port device team_slave_1 added [ 96.566287][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.566302][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.566321][ T5798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.644615][ T5799] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.644630][ T5799] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.644649][ T5799] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.876457][ T5799] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.876477][ T5799] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.876506][ T5799] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.878170][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.878184][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.878210][ T5806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.007499][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.007517][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.007536][ T5800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.019764][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.019786][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.019817][ T5806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.135817][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.135837][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.135856][ T5800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.159488][ T5807] hsr_slave_0: entered promiscuous mode [ 97.161495][ T5807] hsr_slave_1: entered promiscuous mode [ 97.293585][ T5808] Bluetooth: hci3: command tx timeout [ 97.293621][ T5808] Bluetooth: hci0: command tx timeout [ 97.293757][ T5801] Bluetooth: hci4: command tx timeout [ 97.373301][ T5116] Bluetooth: hci2: command tx timeout [ 97.373407][ T5801] Bluetooth: hci1: command tx timeout [ 97.382880][ T5798] hsr_slave_0: entered promiscuous mode [ 97.386313][ T5798] hsr_slave_1: entered promiscuous mode [ 97.387512][ T5798] debugfs: 'hsr0' already exists in 'hsr' [ 97.387663][ T5798] Cannot create hsr debugfs directory [ 97.706410][ T5799] hsr_slave_0: entered promiscuous mode [ 97.707820][ T5799] hsr_slave_1: entered promiscuous mode [ 97.708883][ T5799] debugfs: 'hsr0' already exists in 'hsr' [ 97.708907][ T5799] Cannot create hsr debugfs directory [ 97.990160][ T5806] hsr_slave_0: entered promiscuous mode [ 97.991134][ T5806] hsr_slave_1: entered promiscuous mode [ 97.991800][ T5806] debugfs: 'hsr0' already exists in 'hsr' [ 97.991824][ T5806] Cannot create hsr debugfs directory [ 98.150280][ T5800] hsr_slave_0: entered promiscuous mode [ 98.151268][ T5800] hsr_slave_1: entered promiscuous mode [ 98.151926][ T5800] debugfs: 'hsr0' already exists in 'hsr' [ 98.151950][ T5800] Cannot create hsr debugfs directory [ 99.373164][ T5116] Bluetooth: hci0: command tx timeout [ 99.373202][ T5116] Bluetooth: hci3: command tx timeout [ 99.373242][ T5801] Bluetooth: hci4: command tx timeout [ 99.453388][ T5116] Bluetooth: hci2: command tx timeout [ 99.453439][ T5801] Bluetooth: hci1: command tx timeout [ 99.564719][ T5807] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 99.601571][ T5807] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 99.638181][ T5807] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 99.693571][ T5807] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 99.834951][ T5798] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 99.889571][ T5798] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 99.908827][ T5798] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 99.964141][ T5798] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 100.096996][ T5799] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 100.147847][ T5799] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 100.182198][ T5799] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 100.237444][ T5799] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 100.387129][ T5806] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 100.424563][ T5806] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 100.463021][ T5806] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 100.511719][ T5806] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 100.592897][ T5807] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.660882][ T5800] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 100.697594][ T5800] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 100.731893][ T5800] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 100.778590][ T5800] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 100.818309][ T5807] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.874517][ T70] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.875187][ T70] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.929968][ T70] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.930107][ T70] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.948547][ T5798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.046602][ T5798] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.069602][ T5799] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.099146][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.099346][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.140587][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.140724][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.194557][ T5799] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.249896][ T1171] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.253373][ T1171] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.271076][ T5806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.328078][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.328308][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.405692][ T5806] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.445557][ T5800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.470211][ T3623] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.470334][ T3623] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.529332][ T1171] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.529485][ T1171] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.614639][ T5800] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.669896][ T70] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.670197][ T70] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.707871][ T70] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.708088][ T70] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.749332][ T5807] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.004325][ T5798] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.126916][ T5807] veth0_vlan: entered promiscuous mode [ 102.204877][ T5807] veth1_vlan: entered promiscuous mode [ 102.224548][ T5799] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.309458][ T5806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.315437][ T5798] veth0_vlan: entered promiscuous mode [ 102.397640][ T5798] veth1_vlan: entered promiscuous mode [ 102.411390][ T5807] veth0_macvtap: entered promiscuous mode [ 102.449890][ T5807] veth1_macvtap: entered promiscuous mode [ 102.491519][ T5799] veth0_vlan: entered promiscuous mode [ 102.524292][ T5800] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.561954][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.589612][ T5799] veth1_vlan: entered promiscuous mode [ 102.591278][ T5806] veth0_vlan: entered promiscuous mode [ 102.620336][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.621073][ T5798] veth0_macvtap: entered promiscuous mode [ 102.670284][ T5798] veth1_macvtap: entered promiscuous mode [ 102.682138][ T5806] veth1_vlan: entered promiscuous mode [ 102.688062][ T3623] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.699494][ T3623] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.706432][ T3623] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.720215][ T3623] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.829433][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.928731][ T5799] veth0_macvtap: entered promiscuous mode [ 102.932065][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.004700][ T5799] veth1_macvtap: entered promiscuous mode [ 103.027674][ T1171] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.030954][ T1171] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.054915][ T1171] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.055645][ T5806] veth0_macvtap: entered promiscuous mode [ 103.087128][ T1171] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.108180][ T5806] veth1_macvtap: entered promiscuous mode [ 103.189122][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.189146][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.194460][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.280833][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.359766][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.387349][ T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.387373][ T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.397671][ T37] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.436572][ T37] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.447966][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.456335][ T37] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.478738][ T5800] veth0_vlan: entered promiscuous mode [ 103.480175][ T37] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.482563][ T3564] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.482581][ T3564] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.556060][ T50] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.561130][ T50] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.596531][ T50] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.629730][ T50] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.689897][ T5800] veth1_vlan: entered promiscuous mode [ 103.724738][ T3564] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.724760][ T3564] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.055449][ T1171] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.055471][ T1171] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.108368][ T5800] veth0_macvtap: entered promiscuous mode [ 104.197191][ T5800] veth1_macvtap: entered promiscuous mode [ 104.251480][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.251505][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.479286][ T1171] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.479308][ T1171] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.614805][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.652137][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.749177][ T70] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.750652][ T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.750669][ T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.789349][ T70] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.799124][ T70] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.818786][ T70] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.480914][ T5936] ptrace attach of "./syz-executor exec"[5806] was attempted by "./syz-executor exec"[5936] [ 105.561518][ T3564] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.561541][ T3564] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.243008][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 106.243054][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 106.243090][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 106.243125][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 106.243161][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 106.243196][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 106.243231][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 106.243266][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 106.243302][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 106.243337][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 107.441215][ T3623] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.441238][ T3623] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.886172][ T5974] overlayfs: failed to clone upperpath [ 118.622140][ T6025] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 119.517379][ T5861] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 119.806672][ T5861] usb 1-1: Using ep0 maxpacket: 16 [ 119.890667][ T5861] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 192, changing to 11 [ 119.890714][ T5861] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 119.890744][ T5861] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 119.913991][ T5861] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 119.914038][ T5861] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 119.914072][ T5861] usb 1-1: SerialNumber: syz [ 120.112785][ T6030] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 120.377221][ T6030] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 120.377812][ T6030] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 120.424679][ T5861] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22 [ 120.488816][ T5861] usb 1-1: USB disconnect, device number 2 [ 120.578907][ T6052] overlayfs: failed to clone upperpath [ 126.344689][ T38] audit: type=1326 audit(1760040804.830:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6094 comm="syz.2.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa17860eec9 code=0x7ffc0000 [ 126.344754][ T38] audit: type=1326 audit(1760040804.830:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6094 comm="syz.2.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa17860eec9 code=0x7ffc0000 [ 126.344802][ T38] audit: type=1326 audit(1760040804.830:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6094 comm="syz.2.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa17860eec9 code=0x7ffc0000 [ 126.344849][ T38] audit: type=1326 audit(1760040804.830:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6094 comm="syz.2.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa17860eec9 code=0x7ffc0000 [ 126.344897][ T38] audit: type=1326 audit(1760040804.830:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6094 comm="syz.2.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa17860eec9 code=0x7ffc0000 [ 126.344943][ T38] audit: type=1326 audit(1760040804.830:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6094 comm="syz.2.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa17860eec9 code=0x7ffc0000 [ 126.344989][ T38] audit: type=1326 audit(1760040804.840:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6094 comm="syz.2.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa17860eec9 code=0x7ffc0000 [ 126.345035][ T38] audit: type=1326 audit(1760040804.840:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6094 comm="syz.2.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa17860eec9 code=0x7ffc0000 [ 126.345082][ T38] audit: type=1326 audit(1760040804.840:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6094 comm="syz.2.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa17860eec9 code=0x7ffc0000 [ 126.345129][ T38] audit: type=1326 audit(1760040804.840:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6094 comm="syz.2.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa17860eec9 code=0x7ffc0000 [ 127.936618][ T6113] ªªªªªªÿÿòÿÿÿòÿÿ: renamed from wg2 (while UP) [ 128.232381][ T6108] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 129.776595][ T6136] netlink: 165 bytes leftover after parsing attributes in process `syz.0.61'. [ 137.335456][ T6171] netlink: 'syz.2.73': attribute type 4 has an invalid length. [ 137.393394][ T6173] netlink: 'syz.2.73': attribute type 4 has an invalid length. [ 138.360911][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.361010][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 140.279691][ T6194] syz.0.78 (6194) used greatest stack depth: 17880 bytes left [ 144.928241][ T6225] Bluetooth: MGMT ver 1.23 [ 150.308529][ T6255] ptrace attach of "./syz-executor exec"[5806] was attempted by " [ 154.640208][ T6282] mmap: syz.2.101 (6282) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 155.360323][ T6288] tipc: Started in network mode [ 155.360360][ T6288] tipc: Node identity 620ffc32a3a6, cluster identity 4711 [ 155.361042][ T6288] tipc: Enabled bearer , priority 0 [ 155.765965][ T6288] syzkaller0: entered promiscuous mode [ 155.767816][ T6288] syzkaller0: entered allmulticast mode [ 156.074162][ T6288] tipc: Resetting bearer [ 156.297272][ T6285] tipc: Resetting bearer [ 156.434589][ T5875] tipc: Node number set to 3249142834 [ 156.642659][ T6285] tipc: Disabling bearer [ 162.455485][ T6326] program syz.0.115 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 163.057220][ T38] kauditd_printk_skb: 22 callbacks suppressed [ 163.057241][ T38] audit: type=1326 audit(1760040842.561:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6330 comm="syz.1.116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc9ba2eec9 code=0x7fc00000 [ 163.642417][ T38] audit: type=1326 audit(1760040843.151:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6330 comm="syz.1.116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fcc9ba2eec9 code=0x7fc00000 [ 167.352507][ T6356] trusted_key: encrypted_key: key user:syz not found [ 174.310744][ T6401] netlink: 84 bytes leftover after parsing attributes in process `syz.0.134'. [ 175.818010][ T6399] bridge0: port 3(syz_tun) entered blocking state [ 175.818161][ T6399] bridge0: port 3(syz_tun) entered disabled state [ 175.818643][ T6399] syz_tun: entered allmulticast mode [ 175.822470][ T6399] syz_tun: entered promiscuous mode [ 175.950005][ T6399] bridge0: port 3(syz_tun) entered blocking state [ 176.003225][ T6399] bridge0: port 3(syz_tun) entered forwarding state [ 182.696730][ T38] audit: type=1326 audit(1760040861.431:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6439 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc9ba2eec9 code=0x7ffc0000 [ 182.696793][ T38] audit: type=1326 audit(1760040861.431:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6439 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc9ba2eec9 code=0x7ffc0000 [ 182.696840][ T38] audit: type=1326 audit(1760040861.431:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6439 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=247 compat=0 ip=0x7fcc9ba2eec9 code=0x7ffc0000 [ 182.696887][ T38] audit: type=1326 audit(1760040861.431:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6439 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc9ba2eec9 code=0x7ffc0000 [ 182.696932][ T38] audit: type=1326 audit(1760040861.431:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6439 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc9ba2eec9 code=0x7ffc0000 [ 182.696978][ T38] audit: type=1326 audit(1760040861.441:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6439 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=252 compat=0 ip=0x7fcc9ba2eec9 code=0x7ffc0000 [ 182.697025][ T38] audit: type=1326 audit(1760040861.441:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6439 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc9ba2eec9 code=0x7ffc0000 [ 182.697069][ T38] audit: type=1326 audit(1760040861.441:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6439 comm="syz.1.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc9ba2eec9 code=0x7ffc0000 [ 184.723062][ T5875] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 185.063446][ T5875] usb 5-1: device not accepting address 2, error -71 [ 187.187202][ T6474] process 'syz.4.158' launched './file2' with NULL argv: empty string added [ 196.009675][ T6531] FAT-fs (loop9): unable to read boot sector [ 199.628242][ T31] libceph: connect (1)[c::]:6789 error -101 [ 199.628932][ T31] libceph: mon0 (1)[c::]:6789 connect error [ 199.779594][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.779645][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.886129][ T31] libceph: connect (1)[c::]:6789 error -101 [ 199.886347][ T31] libceph: mon0 (1)[c::]:6789 connect error [ 200.025116][ T6540] ceph: No mds server is up or the cluster is laggy [ 200.076019][ T6546] overlay: ./file0 is not a directory [ 200.128532][ T6547] FAT-fs (loop7): unable to read boot sector [ 205.056336][ T6576] afs: Unknown parameter 'd' [ 213.401816][ T5116] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 213.417088][ T5116] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 213.419032][ T5116] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 213.437431][ T5116] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 213.510908][ T5116] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 215.809185][ C0] ------------[ cut here ]------------ [ 215.809200][ C0] refcount_t: addition on 0; use-after-free. [ 215.809860][ C0] WARNING: CPU: 0 PID: 6615 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 [ 215.809919][ C0] Modules linked in: [ 215.809963][ C0] CPU: 0 UID: 0 PID: 6615 Comm: syz.3.194 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 215.810014][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 215.810042][ C0] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 215.810075][ C0] Code: 00 00 e8 c9 83 3e fd 5b 41 5e c3 cc cc cc cc cc e8 bb 83 3e fd c6 05 4d d8 61 0a 01 90 48 c7 c7 60 9c 3e 8b e8 27 cc 02 fd 90 <0f> 0b 90 90 eb d7 e8 9b 83 3e fd c6 05 2e d8 61 0a 01 90 48 c7 c7 [ 215.810096][ C0] RSP: 0018:ffffc90003e962b8 EFLAGS: 00010246 [ 215.810116][ C0] RAX: 55807c67d2116b00 RBX: 0000000000000002 RCX: ffff888024b08000 [ 215.810132][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 215.810146][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100 [ 215.810160][ C0] R10: dffffc0000000000 R11: ffffed101710487b R12: dffffc0000000000 [ 215.810177][ C0] R13: ffffc90003e963a0 R14: ffff888031aa9e80 R15: dffffc0000000000 [ 215.810195][ C0] FS: 000055555ae47500(0000) GS:ffff888126bcb000(0000) knlGS:0000000000000000 [ 215.810214][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 215.810230][ C0] CR2: 0000001b2f722ff8 CR3: 00000000207d4000 CR4: 00000000003526f0 [ 215.810257][ C0] Call Trace: [ 215.810271][ C0] [ 215.810283][ C0] mptcp_schedule_work+0x164/0x1a0 [ 215.810324][ C0] mptcp_incoming_options+0x1059/0x1f60 [ 215.810374][ C0] ? __lock_acquire+0xab9/0xd20 [ 215.810409][ C0] ? __pfx_mptcp_incoming_options+0x10/0x10 [ 215.810464][ C0] ? tcp_parse_options+0x12d3/0x13a0 [ 215.810517][ C0] tcp_reset+0xe5/0x390 [ 215.810552][ C0] tcp_validate_incoming+0x15d5/0x22a0 [ 215.810607][ C0] tcp_rcv_state_process+0x611/0x44d0 [ 215.810661][ C0] ? __pfx_tcp_rcv_state_process+0x10/0x10 [ 215.810702][ C0] ? rcu_is_watching+0x15/0xb0 [ 215.810740][ C0] ? rt_spin_lock_nested+0x1f2/0x3e0 [ 215.810787][ C0] tcp_v4_do_rcv+0x3fb/0xbf0 [ 215.810821][ C0] tcp_v4_rcv+0x252a/0x2dc0 [ 215.810884][ C0] ? __lock_acquire+0xab9/0xd20 [ 215.810922][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 215.810961][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 215.810987][ C0] ip_protocol_deliver_rcu+0x221/0x440 [ 215.811012][ C0] ? ip_local_deliver_finish+0x2ae/0x6f0 [ 215.811036][ C0] ip_local_deliver_finish+0x3bb/0x6f0 [ 215.811070][ C0] NF_HOOK+0x309/0x3a0 [ 215.811094][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 215.811116][ C0] ? NF_HOOK+0x9a/0x3a0 [ 215.811136][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 215.811154][ C0] ? ip_rcv_finish_core+0xda3/0x1c00 [ 215.811181][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 215.811206][ C0] ? skb_dst+0x4f/0xd0 [ 215.811229][ C0] ? ip_local_deliver+0x12a/0x1b0 [ 215.811265][ C0] NF_HOOK+0x309/0x3a0 [ 215.811289][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 215.811310][ C0] ? NF_HOOK+0x9a/0x3a0 [ 215.811330][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 215.811354][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 215.811393][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 215.811412][ C0] __netif_receive_skb+0x143/0x380 [ 215.811457][ C0] ? process_backlog+0x27b/0x900 [ 215.811477][ C0] process_backlog+0x31e/0x900 [ 215.811516][ C0] __napi_poll+0xb6/0x540 [ 215.811559][ C0] net_rx_action+0x5f7/0xda0 [ 215.811584][ C0] ? __lock_acquire+0xab9/0xd20 [ 215.811632][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 215.811659][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 215.811697][ C0] ? __pfx_sched_clock_cpu+0x10/0x10 [ 215.811741][ C0] handle_softirqs+0x22f/0x710 [ 215.811783][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 215.811825][ C0] __local_bh_enable_ip+0x1a0/0x2e0 [ 215.811855][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 215.811880][ C0] ? dev_hard_start_xmit+0x7f5/0x870 [ 215.811907][ C0] ? __dev_queue_xmit+0x26f/0x3b70 [ 215.811945][ C0] ? __dev_queue_xmit+0x26f/0x3b70 [ 215.811973][ C0] ? __dev_queue_xmit+0x26f/0x3b70 [ 215.812003][ C0] __dev_queue_xmit+0x1d3d/0x3b70 [ 215.812044][ C0] ? __dev_queue_xmit+0x26f/0x3b70 [ 215.812081][ C0] ? lockdep_unlock+0x89/0x120 [ 215.812108][ C0] ? validate_chain+0x897/0x2140 [ 215.812152][ C0] ? __pfx___dev_queue_xmit+0x10/0x10 [ 215.812203][ C0] ? __lock_acquire+0xab9/0xd20 [ 215.812258][ C0] ? ip_output+0x29f/0x450 [ 215.812295][ C0] ? ip_finish_output2+0xbae/0x11d0 [ 215.812331][ C0] ip_finish_output2+0xd5a/0x11d0 [ 215.812363][ C0] ? ip_finish_output2+0x452/0x11d0 [ 215.812405][ C0] ? __pfx_ip_finish_output2+0x10/0x10 [ 215.812442][ C0] ? ip_skb_dst_mtu+0x917/0xb70 [ 215.812476][ C0] ? ip_finish_output+0x33a/0x3f0 [ 215.812509][ C0] ip_output+0x29f/0x450 [ 215.812538][ C0] ? ip_output+0x5b/0x450 [ 215.812568][ C0] __ip_queue_xmit+0x118d/0x1c30 [ 215.812600][ C0] ? tcp_options_write+0xa28/0x12c0 [ 215.812626][ C0] ? csum_tcpudp_nofold+0x1f/0x60 [ 215.812657][ C0] ? __ip_queue_xmit+0x5d/0x1c30 [ 215.812687][ C0] ? __pfx_ip_queue_xmit+0x10/0x10 [ 215.812713][ C0] __tcp_transmit_skb+0x24f6/0x3aa0 [ 215.812778][ C0] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 215.812830][ C0] ? read_tsc+0x9/0x20 [ 215.812851][ C0] ? ktime_get+0x1d2/0x200 [ 215.812938][ C0] tcp_send_active_reset+0x35f/0x6d0 [ 215.812980][ C0] tcp_disconnect+0x192/0x1fd0 [ 215.813016][ C0] ? __sk_mem_reduce_allocated+0x244/0x3a0 [ 215.813056][ C0] __tcp_close+0x676/0x1010 [ 215.813108][ C0] __mptcp_close_ssk+0x3d7/0xfd0 [ 215.813156][ C0] mptcp_do_fastclose+0x175/0x1f0 [ 215.813197][ C0] __mptcp_unaccepted_force_close+0x29/0x40 [ 215.813241][ C0] mptcp_subflow_queue_clean+0x20b/0x410 [ 215.813277][ C0] ? mptcp_subflow_queue_clean+0x35/0x410 [ 215.813317][ C0] mptcp_check_listen_stop+0x1be/0x2b0 [ 215.813358][ C0] __mptcp_close+0xf6/0xa60 [ 215.813393][ C0] ? rt_spin_unlock+0x161/0x200 [ 215.813426][ C0] ? lock_sock_nested+0x5f/0x130 [ 215.813460][ C0] ? lock_sock_nested+0xdd/0x130 [ 215.813497][ C0] mptcp_close+0x28/0x1a0 [ 215.813524][ C0] inet_release+0x141/0x190 [ 215.813560][ C0] sock_close+0xc3/0x240 [ 215.813595][ C0] ? __pfx_sock_close+0x10/0x10 [ 215.813627][ C0] __fput+0x458/0xa80 [ 215.813665][ C0] task_work_run+0x1d4/0x260 [ 215.813692][ C0] ? __pfx_task_work_run+0x10/0x10 [ 215.813720][ C0] ? exit_to_user_mode_loop+0x40/0x130 [ 215.813757][ C0] exit_to_user_mode_loop+0xe9/0x130 [ 215.813788][ C0] do_syscall_64+0x2bd/0xfa0 [ 215.813814][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 215.813839][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.813860][ C0] ? clear_bhb_loop+0x60/0xb0 [ 215.813888][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.813910][ C0] RIP: 0033:0x7fbae6fdeec9 [ 215.813943][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 215.813962][ C0] RSP: 002b:00007ffc6312ca58 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 215.813985][ C0] RAX: 0000000000000000 RBX: 00007fbae7237da0 RCX: 00007fbae6fdeec9 [ 215.814001][ C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 215.814014][ C0] RBP: 00007fbae7237da0 R08: 000000000001b564 R09: 0000000f6312cd4f [ 215.814029][ C0] R10: 00007fbae7237cb0 R11: 0000000000000246 R12: 00000000000348c4 [ 215.814044][ C0] R13: 00007ffc6312cb50 R14: ffffffffffffffff R15: 00007ffc6312cb70 [ 215.814088][ C0] [ 215.814105][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 215.814123][ C0] CPU: 0 UID: 0 PID: 6615 Comm: syz.3.194 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 215.814149][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 215.814162][ C0] Call Trace: [ 215.814171][ C0] [ 215.814180][ C0] dump_stack_lvl+0x99/0x250 [ 215.814210][ C0] ? __asan_memcpy+0x40/0x70 [ 215.814245][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 215.814274][ C0] ? __pfx__printk+0x10/0x10 [ 215.814320][ C0] vpanic+0x237/0x6d0 [ 215.814343][ C0] ? __pfx_vpanic+0x10/0x10 [ 215.814381][ C0] panic+0xb9/0xc0 [ 215.814402][ C0] ? __pfx_panic+0x10/0x10 [ 215.814448][ C0] __warn+0x31b/0x4b0 [ 215.814469][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 215.814504][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 215.814535][ C0] report_bug+0x2be/0x4f0 [ 215.814559][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 215.814590][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 215.814620][ C0] ? refcount_warn_saturate+0xfc/0x1d0 [ 215.814649][ C0] handle_bug+0x84/0x160 [ 215.814681][ C0] exc_invalid_op+0x1a/0x50 [ 215.814711][ C0] asm_exc_invalid_op+0x1a/0x20 [ 215.814734][ C0] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 215.814763][ C0] Code: 00 00 e8 c9 83 3e fd 5b 41 5e c3 cc cc cc cc cc e8 bb 83 3e fd c6 05 4d d8 61 0a 01 90 48 c7 c7 60 9c 3e 8b e8 27 cc 02 fd 90 <0f> 0b 90 90 eb d7 e8 9b 83 3e fd c6 05 2e d8 61 0a 01 90 48 c7 c7 [ 215.814781][ C0] RSP: 0018:ffffc90003e962b8 EFLAGS: 00010246 [ 215.814801][ C0] RAX: 55807c67d2116b00 RBX: 0000000000000002 RCX: ffff888024b08000 [ 215.814818][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 215.814833][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100 [ 215.814846][ C0] R10: dffffc0000000000 R11: ffffed101710487b R12: dffffc0000000000 [ 215.814863][ C0] R13: ffffc90003e963a0 R14: ffff888031aa9e80 R15: dffffc0000000000 [ 215.814905][ C0] ? refcount_warn_saturate+0xf9/0x1d0 [ 215.814934][ C0] mptcp_schedule_work+0x164/0x1a0 [ 215.814972][ C0] mptcp_incoming_options+0x1059/0x1f60 [ 215.815022][ C0] ? __lock_acquire+0xab9/0xd20 [ 215.815056][ C0] ? __pfx_mptcp_incoming_options+0x10/0x10 [ 215.815113][ C0] ? tcp_parse_options+0x12d3/0x13a0 [ 215.815164][ C0] tcp_reset+0xe5/0x390 [ 215.815199][ C0] tcp_validate_incoming+0x15d5/0x22a0 [ 215.815262][ C0] tcp_rcv_state_process+0x611/0x44d0 [ 215.815315][ C0] ? __pfx_tcp_rcv_state_process+0x10/0x10 [ 215.815357][ C0] ? rcu_is_watching+0x15/0xb0 [ 215.815394][ C0] ? rt_spin_lock_nested+0x1f2/0x3e0 [ 215.815448][ C0] tcp_v4_do_rcv+0x3fb/0xbf0 [ 215.815482][ C0] tcp_v4_rcv+0x252a/0x2dc0 [ 215.815549][ C0] ? __lock_acquire+0xab9/0xd20 [ 215.815585][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 215.815623][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 215.815649][ C0] ip_protocol_deliver_rcu+0x221/0x440 [ 215.815674][ C0] ? ip_local_deliver_finish+0x2ae/0x6f0 [ 215.815700][ C0] ip_local_deliver_finish+0x3bb/0x6f0 [ 215.815734][ C0] NF_HOOK+0x309/0x3a0 [ 215.815759][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 215.815781][ C0] ? NF_HOOK+0x9a/0x3a0 [ 215.815801][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 215.815820][ C0] ? ip_rcv_finish_core+0xda3/0x1c00 [ 215.815847][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 215.815873][ C0] ? skb_dst+0x4f/0xd0 [ 215.815895][ C0] ? ip_local_deliver+0x12a/0x1b0 [ 215.815922][ C0] NF_HOOK+0x309/0x3a0 [ 215.815946][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 215.815966][ C0] ? NF_HOOK+0x9a/0x3a0 [ 215.815987][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 215.816013][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 215.816051][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 215.816071][ C0] __netif_receive_skb+0x143/0x380 [ 215.816112][ C0] ? process_backlog+0x27b/0x900 [ 215.816132][ C0] process_backlog+0x31e/0x900 [ 215.816169][ C0] __napi_poll+0xb6/0x540 [ 215.816212][ C0] net_rx_action+0x5f7/0xda0 [ 215.816244][ C0] ? __lock_acquire+0xab9/0xd20 [ 215.816290][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 215.816318][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 215.816358][ C0] ? __pfx_sched_clock_cpu+0x10/0x10 [ 215.816406][ C0] handle_softirqs+0x22f/0x710 [ 215.816451][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 215.816496][ C0] __local_bh_enable_ip+0x1a0/0x2e0 [ 215.816530][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 215.816556][ C0] ? dev_hard_start_xmit+0x7f5/0x870 [ 215.816586][ C0] ? __dev_queue_xmit+0x26f/0x3b70 [ 215.816627][ C0] ? __dev_queue_xmit+0x26f/0x3b70 [ 215.816657][ C0] ? __dev_queue_xmit+0x26f/0x3b70 [ 215.816689][ C0] __dev_queue_xmit+0x1d3d/0x3b70 [ 215.816732][ C0] ? __dev_queue_xmit+0x26f/0x3b70 [ 215.816771][ C0] ? lockdep_unlock+0x89/0x120 [ 215.816800][ C0] ? validate_chain+0x897/0x2140 [ 215.816845][ C0] ? __pfx___dev_queue_xmit+0x10/0x10 [ 215.816900][ C0] ? __lock_acquire+0xab9/0xd20 [ 215.816948][ C0] ? ip_output+0x29f/0x450 [ 215.816985][ C0] ? ip_finish_output2+0xbae/0x11d0 [ 215.817025][ C0] ip_finish_output2+0xd5a/0x11d0 [ 215.817060][ C0] ? ip_finish_output2+0x452/0x11d0 [ 215.817104][ C0] ? __pfx_ip_finish_output2+0x10/0x10 [ 215.817140][ C0] ? ip_skb_dst_mtu+0x917/0xb70 [ 215.817172][ C0] ? ip_finish_output+0x33a/0x3f0 [ 215.817204][ C0] ip_output+0x29f/0x450 [ 215.817239][ C0] ? ip_output+0x5b/0x450 [ 215.817270][ C0] __ip_queue_xmit+0x118d/0x1c30 [ 215.817303][ C0] ? tcp_options_write+0xa28/0x12c0 [ 215.817329][ C0] ? csum_tcpudp_nofold+0x1f/0x60 [ 215.817358][ C0] ? __ip_queue_xmit+0x5d/0x1c30 [ 215.817390][ C0] ? __pfx_ip_queue_xmit+0x10/0x10 [ 215.817418][ C0] __tcp_transmit_skb+0x24f6/0x3aa0 [ 215.817483][ C0] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 215.817534][ C0] ? read_tsc+0x9/0x20 [ 215.817555][ C0] ? ktime_get+0x1d2/0x200 [ 215.817590][ C0] tcp_send_active_reset+0x35f/0x6d0 [ 215.817627][ C0] tcp_disconnect+0x192/0x1fd0 [ 215.817669][ C0] ? __sk_mem_reduce_allocated+0x244/0x3a0 [ 215.817708][ C0] __tcp_close+0x676/0x1010 [ 215.817761][ C0] __mptcp_close_ssk+0x3d7/0xfd0 [ 215.817808][ C0] mptcp_do_fastclose+0x175/0x1f0 [ 215.817848][ C0] __mptcp_unaccepted_force_close+0x29/0x40 [ 215.817884][ C0] mptcp_subflow_queue_clean+0x20b/0x410 [ 215.817920][ C0] ? mptcp_subflow_queue_clean+0x35/0x410 [ 215.817960][ C0] mptcp_check_listen_stop+0x1be/0x2b0 [ 215.818002][ C0] __mptcp_close+0xf6/0xa60 [ 215.818039][ C0] ? rt_spin_unlock+0x161/0x200 [ 215.818076][ C0] ? lock_sock_nested+0x5f/0x130 [ 215.818111][ C0] ? lock_sock_nested+0xdd/0x130 [ 215.818150][ C0] mptcp_close+0x28/0x1a0 [ 215.818178][ C0] inet_release+0x141/0x190 [ 215.818215][ C0] sock_close+0xc3/0x240 [ 215.818258][ C0] ? __pfx_sock_close+0x10/0x10 [ 215.818291][ C0] __fput+0x458/0xa80 [ 215.818331][ C0] task_work_run+0x1d4/0x260 [ 215.818359][ C0] ? __pfx_task_work_run+0x10/0x10 [ 215.818389][ C0] ? exit_to_user_mode_loop+0x40/0x130 [ 215.818427][ C0] exit_to_user_mode_loop+0xe9/0x130 [ 215.818460][ C0] do_syscall_64+0x2bd/0xfa0 [ 215.818485][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 215.818511][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.818535][ C0] ? clear_bhb_loop+0x60/0xb0 [ 215.818565][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.818588][ C0] RIP: 0033:0x7fbae6fdeec9 [ 215.818610][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 215.818630][ C0] RSP: 002b:00007ffc6312ca58 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 215.818654][ C0] RAX: 0000000000000000 RBX: 00007fbae7237da0 RCX: 00007fbae6fdeec9 [ 215.818670][ C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 215.818684][ C0] RBP: 00007fbae7237da0 R08: 000000000001b564 R09: 0000000f6312cd4f [ 215.818700][ C0] R10: 00007fbae7237cb0 R11: 0000000000000246 R12: 00000000000348c4 [ 215.818716][ C0] R13: 00007ffc6312cb50 R14: ffffffffffffffff R15: 00007ffc6312cb70 [ 215.818761][ C0] [ 215.819101][ C0] Kernel Offset: disabled