last executing test programs:

2m29.939333424s ago: executing program 2 (id=10):
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
io_setup(0x8, &(0x7f0000000300)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f00000003c0)=[&(0x7f0000000340)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x0, 0x42}, 0x28)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)={0x6, 0x4, 0x8, 0x1, 0x80, 0x1, 0x40000, '\x00', 0x0, r6, 0x0, 0x2}, 0x50)
getsockopt$inet6_int(r0, 0x29, 0x2, 0x0, &(0x7f0000000340))
timer_create(0x2, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000000040))
timer_settime(0x0, 0x236bd4336e4642df, &(0x7f0000000300)={{}, {0x0, 0xe4c}}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="54000000020601080000000000000000000000000c00078008000640000000000500010006000000050005000a00000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x54}, 0x1, 0x0, 0x0, 0x48000}, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c0007801800018014000240"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)

2m27.333774139s ago: executing program 2 (id=13):
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r5}, 0x10)
dup(0xffffffffffffffff)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@delneigh={0x30, 0x1a, 0x1, 0x70bd2d, 0x4000800, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, [@NDA_DST_IPV6={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x32}}]}, 0x30}}, 0x880)

2m25.627946303s ago: executing program 2 (id=14):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0xffffffffffffffff, 0x4000000}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
mmap(&(0x7f00005e8000/0x1000)=nil, 0x1000, 0x2000003, 0x28011, r0, 0xffff8000)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48)
open(0x0, 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/devices.allow\x00', 0x2, 0xc8)
open_by_handle_at(r4, &(0x7f0000000040)=@ceph_nfs_confh={0x10, 0x2, {0xca, 0xffffffffffffffff}}, 0x1c7041)
read$qrtrtun(0xffffffffffffffff, &(0x7f00000004c0)=""/57, 0x39)

2m24.498248724s ago: executing program 2 (id=15):
syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
socket$inet_mptcp(0x2, 0x1, 0x106)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="0206000002"], 0x10}}, 0x890)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000080)={0x0, 0x1, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4000})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x70, 0x0, 0xf2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f2, 0x3, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x8, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6d1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe02e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffff, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x9, 0xcf, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x4, 0x7, 0x800, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x413f, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0xfffffffd, 0x4000000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0xd, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x93cd, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x22, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x789], 0x1, 0x400})
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = io_uring_setup(0x115c, &(0x7f0000000440)={0x0, 0x8270, 0x10, 0x3, 0x119})
io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f0000000100)=[{0x0}], 0x1)
io_uring_register$IORING_REGISTER_FILES(r6, 0x1e, &(0x7f0000000000)=[r6], 0x1)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x3, 0x2, 0x0, 0x0, 0x1}, 0x8)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000013c0)={0xffffffffffffffff, 0xa, {0x0, 0x0, 0x0, 0x5, 0x8000, 0x0, 0x4, 0x1f, 0x10, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "143939c787a16c1ca43f80026d1a8554fe581b59dee430e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d200", "24431a1e77a68e17000000040008000000000000000000e5e900", [0x83]}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x2000035e, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000630120000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90)

2m14.326493127s ago: executing program 2 (id=25):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0xffffffffffffffff, 0x4000000}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
mmap(&(0x7f00005e8000/0x1000)=nil, 0x1000, 0x2000003, 0x28011, r0, 0xffff8000)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48)
open(0x0, 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/devices.allow\x00', 0x2, 0xc8)
open_by_handle_at(r4, &(0x7f0000000040)=@ceph_nfs_confh={0x10, 0x2, {0xca, 0xffffffffffffffff}}, 0x1c7041)
read$qrtrtun(0xffffffffffffffff, &(0x7f00000004c0)=""/57, 0x39)

2m12.029585185s ago: executing program 2 (id=28):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
r5 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x80, 0x2000000, 0x3a6}, &(0x7f00000001c0)=<r6=>0x0, &(0x7f0000000200)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r4, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000010000000100000009"], 0x18}, 0x0, 0x40000, 0x1})
io_uring_enter(r5, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)

1m56.340587978s ago: executing program 32 (id=28):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
r5 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x80, 0x2000000, 0x3a6}, &(0x7f00000001c0)=<r6=>0x0, &(0x7f0000000200)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r4, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000010000000100000009"], 0x18}, 0x0, 0x40000, 0x1})
io_uring_enter(r5, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)

26.23588656s ago: executing program 3 (id=125):
socket$nl_generic(0x10, 0x3, 0x10)
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000080), 0x201, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}]})
r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x1000084}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x400006, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mknodat$loop(r0, &(0x7f0000000480)='./file1\x00', 0x2000, 0x0)
linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0)
link(0x0, 0x0)

24.656254205s ago: executing program 4 (id=127):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8000000000000001}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
setrlimit(0x5, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000001c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r2, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r2, 0x0, <r3=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r3, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b})
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r4, 0xc05064a7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[0x0, <r6=>0x0], &(0x7f0000000540), 0x0, 0x2, 0x0, 0x0, r5})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r4, 0xc01064ab, &(0x7f0000000e00)={0x1, r6, r5})
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r7, 0x3ba0, &(0x7f0000000480)={0x48, 0x7, r3, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b, 0x200000000000})
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000200), &(0x7f0000000240)=0x4)

23.473315939s ago: executing program 1 (id=129):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x20, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="c3124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000570600000fff07006706000002000000270600000ee60000bf2500000000000073350000000000006507000002001000070700004c0000001f75000000000000bf54000000000000070400004400f9f0ad32010000000000950000000000000005000000000000009500000000000000debfa255e44e4cc39f211fb04d7f202e6a53bd86bde99b679b4e6d24b8125690361eec3b181dcfd7c2fb2d1f8975b579a085bee32d414c1f3ab987a9de6385ae8021f4ca33b9b35fe817e98beb9cefe7f40fd6f0ea3affbdaaa897c70fb01d270a7b00d36fb5ab8fa92ac014a106e3e4decc68652503ca54fcef437d96c8a05d59ddcc8abf09cd77e93e940207b03189c5d4661e43df6f1f036c8d85a2ad7615a021f8cbe507ef94fb9f33315366e9ae080000001b5322"], 0x0, 0x8}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c00000044000701fcffffff00000000017c000038000480312d4e3a4e"], 0x4c}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x4000080)

21.490357611s ago: executing program 3 (id=130):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25)

21.457288489s ago: executing program 1 (id=131):
syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
socket$inet_mptcp(0x2, 0x1, 0x106)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="0206000002"], 0x10}}, 0x890)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000080)={0x0, 0x1, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4000})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1e, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x5, 0x7, 0xe51, 0x1, 0x5479, 0x103d, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x5, 0x6a], 0x2000, 0x808d6})
write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x3, 0x2, 0x0, 0x0, 0x1}, 0x8)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000013c0)={0xffffffffffffffff, 0xa, {0x0, 0x0, 0x0, 0x5, 0x8000, 0x0, 0x4, 0x1f, 0x10, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "143939c787a16c1ca43f80026d1a8554fe581b59dee430e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d200", "24431a1e77a68e17000000040008000000000000000000e5e900", [0x83]}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280))
bpf$ENABLE_STATS(0x20, 0x0, 0x0)

21.41123124s ago: executing program 4 (id=132):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8000000000000001}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
setrlimit(0x5, &(0x7f00000000c0)={0x2, 0x9})
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000001c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000003c0)={0xc})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b})
r2 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r2, 0xc05064a7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[0x0, <r4=>0x0], &(0x7f0000000540), 0x0, 0x2, 0x0, 0x0, r3})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r2, 0xc01064ab, &(0x7f0000000e00)={0x1, r4, r3})
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r5, 0x3ba0, &(0x7f0000000480)={0x48, 0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b, 0x200000000000})
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000200), &(0x7f0000000240)=0x4)

18.143960844s ago: executing program 3 (id=134):
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
io_setup(0x8, &(0x7f0000000300))
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x0, 0x42}, 0x28)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x3, [@const={0x7, 0x0, 0x0, 0xa, 0x3}, @volatile={0x8, 0x0, 0x0, 0x9, 0x1}, @volatile={0x7, 0x0, 0x0, 0x9, 0x1}]}, {0x0, [0x61]}}, &(0x7f0000000380)=""/86, 0x3f, 0x56, 0x1, 0xed}, 0x28)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)={0x6, 0x4, 0x8, 0x1, 0x80, 0x1, 0x40000, '\x00', 0x0, r4, 0x0, 0x2}, 0x50)
getsockopt$inet6_int(r0, 0x29, 0x2, 0x0, &(0x7f0000000340))
timer_create(0x2, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000000040))
timer_settime(0x0, 0x236bd4336e4642df, &(0x7f0000000300)={{}, {0x0, 0xe4c}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="54000000020601080000000000000000000000000c00078008000640000000000500010006000000050005000a00000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x54}, 0x1, 0x0, 0x0, 0x48000}, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c0007801800018014000240"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)

17.779429026s ago: executing program 0 (id=135):
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)={0x14, 0x17, 0x301, 0x70bd2d, 0x0, {0x17}}, 0x14}}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
socket$netlink(0x10, 0x3, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_FILTER(r2, 0x6b, 0x1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x2, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
sendmmsg$inet6(r0, &(0x7f00000003c0), 0x0, 0x20008050)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000440), 0x4)

17.662973776s ago: executing program 4 (id=136):
syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
socket$inet_mptcp(0x2, 0x1, 0x106)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="0206000002"], 0x10}}, 0x890)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000080)={0x0, 0x1, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4000})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = io_uring_setup(0x115c, &(0x7f0000000440)={0x0, 0x8270, 0x10, 0x3, 0x119})
io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f0000000100)=[{0x0}], 0x1)
io_uring_register$IORING_REGISTER_FILES(r6, 0x1e, &(0x7f0000000000)=[r6], 0x1)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x5, 0x7, 0xe51, 0x1, 0x5479, 0x103d, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x5, 0x6a], 0x2000, 0x808d6})
write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x3, 0x2, 0x0, 0x0, 0x1}, 0x8)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000013c0)={0xffffffffffffffff, 0xa, {0x0, 0x0, 0x0, 0x5, 0x8000, 0x0, 0x4, 0x1f, 0x10, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "143939c787a16c1ca43f80026d1a8554fe581b59dee430e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d200", "24431a1e77a68e17000000040008000000000000000000e5e900", [0x83]}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x2000035e, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000630120000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90)

14.785039328s ago: executing program 0 (id=137):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r4)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
kexec_load(0x0, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
memfd_secret(0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000000703000008ff0200ad0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d3001000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9751f008554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65f78238b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c505000000b8fab4d4d897db2c544c0e0895a9044f50c50b8eac8c63d2b1cd06a39702bd547f5ebaa69520bbb15f4f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564bd98a621483fb2a5ff221e0d831f24759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91e0eb18e21dfdab3c84ec11377fbb00000000848060962bcbc47cefd1a2a7bd3b646614bf7cd3495663de5b63f6b5910daee8ebb7ba84a8b5b6f2d1fbc22a51a500f94c871d5e1d31ab5d7a89965bbdbf355a8544e1688a61f459f3618b3a5416eb143180d3d2c5f4e0b1a556422038801703e109e23944e53f230a3537a5412c7d0bf278c6c1684dd8de90aaa33f47dc2c7b5e4f73784fd31aa2f9d1b1623734f9cf84718b2bad31f651e3607f3ac6c427cb6c0652d21ecd4b29e96c0a3781ee820faab71040768f6b08a69fdfd0b2b7be25f19500c1b8330994efb57a53c1a67bda909630f75738ab40e7ab63d527d6c1e8cf611f05c1b6d0da1ba84d405b4d834162c88022a4625a5f7c431c39f3f9a7789f9b668ec4da9f1a981086dcf4c5a940691f9638ce34dba904483f2ed4e7a713b7eac29c5e122f1b6acd6f1da2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)

14.559047298s ago: executing program 3 (id=138):
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r5}, 0x10)
dup(0xffffffffffffffff)
sendmsg$nl_route(r0, 0x0, 0x880)

13.02468197s ago: executing program 3 (id=139):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0xffffffffffffffff, 0x4000000}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
mmap(&(0x7f00005e8000/0x1000)=nil, 0x1000, 0x2000003, 0x28011, r0, 0xffff8000)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48)
open(0x0, 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/devices.allow\x00', 0x2, 0xc8)
open_by_handle_at(r3, &(0x7f0000000040)=@ceph_nfs_confh={0x10, 0x2, {0xca, 0xffffffffffffffff}}, 0x1c7041)
read$qrtrtun(0xffffffffffffffff, &(0x7f00000004c0)=""/57, 0x39)

12.373382466s ago: executing program 0 (id=140):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
write$UHID_INPUT(r5, &(0x7f0000001040)={0xf, {"a2e3ad21ed0d1bf91b4d090955f70e06d038e7ff7fc6e5539b0d3f0e8b089b3f35076e090890e0878f0e1ac6e7049b3346959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x96d)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
kexec_load(0x0, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
memfd_secret(0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000000703000008ff0200ad0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d3001000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9751f008554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65f78238b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c505000000b8fab4d4d897db2c544c0e0895a9044f50c50b8eac8c63d2b1cd06a39702bd547f5ebaa69520bbb15f4f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564bd98a621483fb2a5ff221e0d831f24759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91e0eb18e21dfdab3c84ec11377fbb00000000848060962bcbc47cefd1a2a7bd3b646614bf7cd3495663de5b63f6b5910daee8ebb7ba84a8b5b6f2d1fbc22a51a500f94c871d5e1d31ab5d7a89965bbdbf355a8544e1688a61f459f3618b3a5416eb143180d3d2c5f4e0b1a556422038801703e109e23944e53f230a3537a5412c7d0bf278c6c1684dd8de90aaa33f47dc2c7b5e4f73784fd31aa2f9d1b1623734f9cf84718b2bad31f651e3607f3ac6c427cb6c0652d21ecd4b29e96c0a3781ee820faab71040768f6b08a69fdfd0b2b7be25f19500c1b8330994efb57a53c1a67bda909630f75738ab40e7ab63d527d6c1e8cf611f05c1b6d0da1ba84d405b4d834162c88022a4625a5f7c431c39f3f9a7789f9b668ec4da9f1a981086dcf4c5a940691f9638ce34dba904483f2ed4e7a713b7eac29c5e122f1b6acd6f1da2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)

10.62291482s ago: executing program 0 (id=141):
syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
socket$inet_mptcp(0x2, 0x1, 0x106)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$key(0xf, 0x3, 0x2)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000080)={0x0, 0x1, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4000})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x70, 0x0, 0xf2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f2, 0x3, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x8, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6d1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe02e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffff, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x9, 0xcf, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x4, 0x7, 0x800, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x413f, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0xfffffffd, 0x4000000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0xd, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x93cd, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x22, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x789], 0x1, 0x400})
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = io_uring_setup(0x115c, &(0x7f0000000440)={0x0, 0x8270, 0x10, 0x3, 0x119})
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f0000000100)=[{0x0}], 0x1)
io_uring_register$IORING_REGISTER_FILES(r5, 0x1e, &(0x7f0000000000)=[r5], 0x1)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x5, 0x7, 0xe51, 0x1, 0x5479, 0x103d, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x5, 0x6a], 0x2000, 0x808d6})
write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x3, 0x2, 0x0, 0x0, 0x1}, 0x8)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000013c0)={0xffffffffffffffff, 0xa, {0x0, 0x0, 0x0, 0x5, 0x8000, 0x0, 0x4, 0x1f, 0x10, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "143939c787a16c1ca43f80026d1a8554fe581b59dee430e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d200", "24431a1e77a68e17000000040008000000000000000000e5e900", [0x83]}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x2000035e, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000630120000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90)

8.08978085s ago: executing program 1 (id=142):
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0xa}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x3}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
ioctl$EVIOCGREP(0xffffffffffffffff, 0x80084522, 0x0)
lsm_set_self_attr(0x68, &(0x7f0000000240)=ANY=[@ANYBLOB="683a009d573ec00000000000000000000020"], 0x20, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x101)
mount$9p_virtio(&(0x7f0000000100), 0x0, 0x0, 0x814004, 0x0)
setxattr$system_posix_acl(0x0, &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000680)={{}, {}, [], {}, [], {0x10, 0x1}}, 0x24, 0x3)

6.760128384s ago: executing program 1 (id=143):
socket$pppoe(0x18, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x80)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
syz_open_dev$radio(0x0, 0x1, 0x2)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000240)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f0000000280)={&(0x7f0000000400)=[0x0], &(0x7f0000000280), 0x1, r2})
pipe(0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111ae00000000008510000002000000"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x20, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0xffffffff}, 0x50)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB=',wfdno'])
close(0x3)

6.72292958s ago: executing program 4 (id=144):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
write$UHID_INPUT(r5, &(0x7f0000001040)={0xf, {"a2e3ad21ed0d1bf91b4d090955f70e06d038e7ff7fc6e5539b0d3f0e8b089b3f35076e090890e0878f0e1ac6e7049b3346959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x96d)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
kexec_load(0x0, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
memfd_secret(0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000000703000008ff0200ad0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d3001000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9751f008554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65f78238b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c505000000b8fab4d4d897db2c544c0e0895a9044f50c50b8eac8c63d2b1cd06a39702bd547f5ebaa69520bbb15f4f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564bd98a621483fb2a5ff221e0d831f24759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91e0eb18e21dfdab3c84ec11377fbb00000000848060962bcbc47cefd1a2a7bd3b646614bf7cd3495663de5b63f6b5910daee8ebb7ba84a8b5b6f2d1fbc22a51a500f94c871d5e1d31ab5d7a89965bbdbf355a8544e1688a61f459f3618b3a5416eb143180d3d2c5f4e0b1a556422038801703e109e23944e53f230a3537a5412c7d0bf278c6c1684dd8de90aaa33f47dc2c7b5e4f73784fd31aa2f9d1b1623734f9cf84718b2bad31f651e3607f3ac6c427cb6c0652d21ecd4b29e96c0a3781ee820faab71040768f6b08a69fdfd0b2b7be25f19500c1b8330994efb57a53c1a67bda909630f75738ab40e7ab63d527d6c1e8cf611f05c1b6d0da1ba84d405b4d834162c88022a4625a5f7c431c39f3f9a7789f9b668ec4da9f1a981086dcf4c5a940691f9638ce34dba904483f2ed4e7a713b7eac29c5e122f1b6acd6f1da2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)

4.917830971s ago: executing program 4 (id=145):
syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
socket$inet_mptcp(0x2, 0x1, 0x106)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="0206000002"], 0x10}}, 0x890)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000080)={0x0, 0x1, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4000})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x70, 0x0, 0xf2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f2, 0x3, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x8, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6d1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe02e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffff, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x9, 0xcf, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x4, 0x7, 0x800, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x413f, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0xfffffffd, 0x4000000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0xd, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x93cd, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x22, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x789], 0x1, 0x400})
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = io_uring_setup(0x115c, &(0x7f0000000440)={0x0, 0x8270, 0x10, 0x3, 0x119})
io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f0000000100)=[{0x0}], 0x1)
io_uring_register$IORING_REGISTER_FILES(r6, 0x1e, &(0x7f0000000000)=[r6], 0x1)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x5, 0x7, 0xe51, 0x1, 0x5479, 0x103d, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x5, 0x6a], 0x2000, 0x808d6})
write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x3, 0x2, 0x0, 0x0, 0x1}, 0x8)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000013c0)={0xffffffffffffffff, 0xa, {0x0, 0x0, 0x0, 0x5, 0x8000, 0x0, 0x4, 0x1f, 0x10, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "143939c787a16c1ca43f80026d1a8554fe581b59dee430e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d200", "24431a1e77a68e17000000040008000000000000000000e5e900", [0x83]}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

4.629862548s ago: executing program 1 (id=146):
syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
socket$inet_mptcp(0x2, 0x1, 0x106)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="0206000002"], 0x10}}, 0x890)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x70, 0x0, 0xf2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f2, 0x3, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x8, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6d1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe02e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffff, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x9, 0xcf, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x4, 0x7, 0x800, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x413f, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0xfffffffd, 0x4000000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0xd, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x93cd, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x22, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x789], 0x1, 0x400})
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = io_uring_setup(0x115c, &(0x7f0000000440)={0x0, 0x8270, 0x10, 0x3, 0x119})
io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f0000000100)=[{0x0}], 0x1)
io_uring_register$IORING_REGISTER_FILES(r6, 0x1e, &(0x7f0000000000)=[r6], 0x1)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x5, 0x7, 0xe51, 0x1, 0x5479, 0x103d, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x5, 0x6a], 0x2000, 0x808d6})
write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x3, 0x2, 0x0, 0x0, 0x1}, 0x8)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000013c0)={0xffffffffffffffff, 0xa, {0x0, 0x0, 0x0, 0x5, 0x8000, 0x0, 0x4, 0x1f, 0x10, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "143939c787a16c1ca43f80026d1a8554fe581b59dee430e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d200", "24431a1e77a68e17000000040008000000000000000000e5e900", [0x83]}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x2000035e, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000630120000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90)

4.552198407s ago: executing program 0 (id=147):
syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
socket$inet_mptcp(0x2, 0x1, 0x106)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="0206000002"], 0x10}}, 0x890)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000080)={0x0, 0x1, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4000})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = io_uring_setup(0x115c, &(0x7f0000000440)={0x0, 0x8270, 0x10, 0x3, 0x119})
io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f0000000100)=[{0x0}], 0x1)
io_uring_register$IORING_REGISTER_FILES(r6, 0x1e, &(0x7f0000000000)=[r6], 0x1)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x5, 0x7, 0xe51, 0x1, 0x5479, 0x103d, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x5, 0x6a], 0x2000, 0x808d6})
write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x3, 0x2, 0x0, 0x0, 0x1}, 0x8)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000013c0)={0xffffffffffffffff, 0xa, {0x0, 0x0, 0x0, 0x5, 0x8000, 0x0, 0x4, 0x1f, 0x10, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "143939c787a16c1ca43f80026d1a8554fe581b59dee430e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d200", "24431a1e77a68e17000000040008000000000000000000e5e900", [0x83]}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

3.810849745s ago: executing program 3 (id=148):
syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
socket$inet_mptcp(0x2, 0x1, 0x106)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="0206000002"], 0x10}}, 0x890)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000080)={0x0, 0x1, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4000})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x70, 0x0, 0xf2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f2, 0x3, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x8, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6d1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe02e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffff, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x9, 0xcf, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x4, 0x7, 0x800, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x413f, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0xfffffffd, 0x4000000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0xd, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x93cd, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x22, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x789], 0x1, 0x400})
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = io_uring_setup(0x115c, &(0x7f0000000440)={0x0, 0x8270, 0x10, 0x3, 0x119})
io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f0000000100)=[{0x0}], 0x1)
io_uring_register$IORING_REGISTER_FILES(r6, 0x1e, &(0x7f0000000000)=[r6], 0x1)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x5, 0x7, 0xe51, 0x1, 0x5479, 0x103d, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x5, 0x6a], 0x2000, 0x808d6})
write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x3, 0x2, 0x0, 0x0, 0x1}, 0x8)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000013c0)={0xffffffffffffffff, 0xa, {0x0, 0x0, 0x0, 0x5, 0x8000, 0x0, 0x4, 0x1f, 0x10, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "143939c787a16c1ca43f80026d1a8554fe581b59dee430e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d200", "24431a1e77a68e17000000040008000000000000000000e5e900", [0x83]}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

275.167441ms ago: executing program 4 (id=149):
syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
socket$inet_mptcp(0x2, 0x1, 0x106)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="0206000002"], 0x10}}, 0x890)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000080)={0x0, 0x1, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4000})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1e, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x5, 0x7, 0xe51, 0x1, 0x5479, 0x103d, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x5, 0x6a], 0x2000, 0x808d6})
write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x3, 0x2, 0x0, 0x0, 0x1}, 0x8)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000013c0)={0xffffffffffffffff, 0xa, {0x0, 0x0, 0x0, 0x5, 0x8000, 0x0, 0x4, 0x1f, 0x10, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "143939c787a16c1ca43f80026d1a8554fe581b59dee430e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d200", "24431a1e77a68e17000000040008000000000000000000e5e900", [0x83]}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280))
bpf$ENABLE_STATS(0x20, 0x0, 0x0)

141.905343ms ago: executing program 1 (id=150):
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$tipc(0x1e, 0x4, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000001e40), 0x101000, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prlimit64(0x0, 0x0, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$FBIOBLANK(r0, 0x4611, 0x4)

0s ago: executing program 0 (id=151):
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
creat(&(0x7f00000002c0)='./file0\x00', 0x51)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
syz_usb_connect$hid(0x2, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_readahead}], [{@euid_lt}], 0x6b}})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="4c00000002060108000034e400000000000000020500010006000000050004000000fe000900020073797a3100000000050005000200000012000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.54' (ED25519) to the list of known hosts.
[   91.191020][ T5825] cgroup: Unknown subsys name 'net'
[   91.425082][ T5825] cgroup: Unknown subsys name 'cpuset'
[   91.480040][ T5825] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   91.923152][   T10] cfg80211: failed to load regulatory.db
[   93.561133][ T5825] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   98.092095][ T5842] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   98.094395][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   98.095473][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   98.110765][ T5842] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   98.111930][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   98.152342][ T5842] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   98.155009][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   98.156563][ T5842] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   98.165912][ T5842] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   98.170360][ T5842] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   98.220946][ T5847] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   98.223906][ T5847] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   98.226652][ T5847] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   98.298479][ T5847] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   98.299417][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   98.300394][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   98.301847][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   98.302769][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   98.337788][ T5842] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   98.347912][ T5842] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   98.351704][ T5842] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   98.354452][ T5842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   98.360675][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   98.380194][   T59] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   98.381524][ T5842] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   99.184504][ T5845] chnl_net:caif_netlink_parms(): no params data found
[   99.311040][ T5840] chnl_net:caif_netlink_parms(): no params data found
[   99.672314][ T5843] chnl_net:caif_netlink_parms(): no params data found
[   99.713668][ T5848] chnl_net:caif_netlink_parms(): no params data found
[   99.902432][ T5844] chnl_net:caif_netlink_parms(): no params data found
[  100.015283][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.017223][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.017660][ T5845] bridge_slave_0: entered allmulticast mode
[  100.023874][ T5845] bridge_slave_0: entered promiscuous mode
[  100.161527][ T5842] Bluetooth: hci0: command tx timeout
[  100.232225][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.232379][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.232563][ T5845] bridge_slave_1: entered allmulticast mode
[  100.235391][ T5845] bridge_slave_1: entered promiscuous mode
[  100.239498][ T5842] Bluetooth: hci3: command tx timeout
[  100.399538][ T5842] Bluetooth: hci1: command tx timeout
[  100.480745][ T5842] Bluetooth: hci4: command tx timeout
[  100.480846][ T5842] Bluetooth: hci2: command tx timeout
[  100.530878][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.531050][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.531578][ T5840] bridge_slave_0: entered allmulticast mode
[  100.534504][ T5840] bridge_slave_0: entered promiscuous mode
[  100.701401][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.701633][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.701827][ T5840] bridge_slave_1: entered allmulticast mode
[  100.704744][ T5840] bridge_slave_1: entered promiscuous mode
[  100.801622][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.034509][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.132141][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.132366][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.132569][ T5843] bridge_slave_0: entered allmulticast mode
[  101.135540][ T5843] bridge_slave_0: entered promiscuous mode
[  101.357358][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.357770][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.357990][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.358192][ T5843] bridge_slave_1: entered allmulticast mode
[  101.362569][ T5843] bridge_slave_1: entered promiscuous mode
[  101.490870][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.491051][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.491257][ T5848] bridge_slave_0: entered allmulticast mode
[  101.494152][ T5848] bridge_slave_0: entered promiscuous mode
[  101.706765][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.798778][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.798895][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.799057][ T5848] bridge_slave_1: entered allmulticast mode
[  101.803271][ T5848] bridge_slave_1: entered promiscuous mode
[  101.821667][ T5845] team0: Port device team_slave_0 added
[  101.822896][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.823053][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.823278][ T5844] bridge_slave_0: entered allmulticast mode
[  101.826370][ T5844] bridge_slave_0: entered promiscuous mode
[  102.063963][ T5845] team0: Port device team_slave_1 added
[  102.064696][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.064848][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.065028][ T5844] bridge_slave_1: entered allmulticast mode
[  102.068545][ T5844] bridge_slave_1: entered promiscuous mode
[  102.152975][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.239489][ T5155] Bluetooth: hci0: command tx timeout
[  102.319450][ T5155] Bluetooth: hci3: command tx timeout
[  102.382111][ T5840] team0: Port device team_slave_0 added
[  102.386054][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.390476][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.479557][ T5155] Bluetooth: hci1: command tx timeout
[  102.515626][ T5840] team0: Port device team_slave_1 added
[  102.559603][ T5155] Bluetooth: hci2: command tx timeout
[  102.559639][ T5155] Bluetooth: hci4: command tx timeout
[  102.604825][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.763796][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.763816][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.763846][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.768673][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.004551][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.004565][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.004586][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.007541][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.113947][ T5843] team0: Port device team_slave_0 added
[  103.281065][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.281079][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.281099][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.283736][ T5843] team0: Port device team_slave_1 added
[  103.285876][ T5848] team0: Port device team_slave_0 added
[  103.372591][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.372610][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.372640][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.464075][ T5848] team0: Port device team_slave_1 added
[  103.467296][ T5844] team0: Port device team_slave_0 added
[  103.723553][ T5844] team0: Port device team_slave_1 added
[  103.732371][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.732391][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.732425][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.144078][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.144097][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.144127][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.145817][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.145831][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.145860][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.162024][ T5845] hsr_slave_0: entered promiscuous mode
[  104.163737][ T5845] hsr_slave_1: entered promiscuous mode
[  104.319561][ T5842] Bluetooth: hci0: command tx timeout
[  104.351244][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.351261][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.351290][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.354888][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.354904][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.354940][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.399433][ T5842] Bluetooth: hci3: command tx timeout
[  104.469042][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.469060][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.469089][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.485632][ T5840] hsr_slave_0: entered promiscuous mode
[  104.491836][ T5840] hsr_slave_1: entered promiscuous mode
[  104.492905][ T5840] debugfs: 'hsr0' already exists in 'hsr'
[  104.493019][ T5840] Cannot create hsr debugfs directory
[  104.569528][ T5842] Bluetooth: hci1: command tx timeout
[  104.639780][ T5842] Bluetooth: hci4: command tx timeout
[  104.639817][ T5842] Bluetooth: hci2: command tx timeout
[  105.061847][ T5843] hsr_slave_0: entered promiscuous mode
[  105.063283][ T5843] hsr_slave_1: entered promiscuous mode
[  105.063990][ T5843] debugfs: 'hsr0' already exists in 'hsr'
[  105.064016][ T5843] Cannot create hsr debugfs directory
[  105.252362][ T5848] hsr_slave_0: entered promiscuous mode
[  105.253500][ T5848] hsr_slave_1: entered promiscuous mode
[  105.254160][ T5848] debugfs: 'hsr0' already exists in 'hsr'
[  105.254187][ T5848] Cannot create hsr debugfs directory
[  105.452371][ T5844] hsr_slave_0: entered promiscuous mode
[  105.453756][ T5844] hsr_slave_1: entered promiscuous mode
[  105.455241][ T5844] debugfs: 'hsr0' already exists in 'hsr'
[  105.455268][ T5844] Cannot create hsr debugfs directory
[  106.399759][ T5155] Bluetooth: hci0: command tx timeout
[  106.479474][ T5155] Bluetooth: hci3: command tx timeout
[  106.639630][ T5155] Bluetooth: hci1: command tx timeout
[  106.719564][ T5155] Bluetooth: hci2: command tx timeout
[  106.719600][ T5155] Bluetooth: hci4: command tx timeout
[  107.071178][ T5845] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  107.111670][ T5845] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  107.153835][ T5845] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  107.207082][ T5845] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  107.306237][ T5840] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  107.352718][ T5840] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  107.395217][ T5840] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  107.452180][ T5840] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  107.609561][ T5843] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  107.650825][ T5843] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  107.677907][ T5843] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  107.753385][ T5843] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  107.903328][ T5848] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  107.976070][ T5848] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  108.028749][ T5848] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  108.086590][ T5848] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  108.263582][ T5844] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  108.307290][ T5844] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  108.367111][ T5844] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  108.413705][ T5844] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  108.473959][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.616304][ T5845] 8021q: adding VLAN 0 to HW filter on device team0
[  108.623387][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.682620][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.683262][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.738575][ T3110] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.738740][ T3110] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.785370][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[  108.833386][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.857811][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.858041][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.908975][ T1272] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.909137][ T1272] bridge0: port 2(bridge_slave_1) entered forwarding state
[  109.019596][ T5843] 8021q: adding VLAN 0 to HW filter on device team0
[  109.054405][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.092106][ T3110] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.092332][ T3110] bridge0: port 1(bridge_slave_0) entered forwarding state
[  109.147451][ T3110] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.147571][ T3110] bridge0: port 2(bridge_slave_1) entered forwarding state
[  109.240567][ T5848] 8021q: adding VLAN 0 to HW filter on device team0
[  109.263509][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.316805][  T976] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.317043][  T976] bridge0: port 1(bridge_slave_0) entered forwarding state
[  109.397714][  T976] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.397871][  T976] bridge0: port 2(bridge_slave_1) entered forwarding state
[  109.458040][ T5844] 8021q: adding VLAN 0 to HW filter on device team0
[  109.502695][ T3110] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.502853][ T3110] bridge0: port 1(bridge_slave_0) entered forwarding state
[  109.546194][ T3110] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.546360][ T3110] bridge0: port 2(bridge_slave_1) entered forwarding state
[  109.923946][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0
[  110.155763][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[  110.362658][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0
[  110.429876][ T5845] veth0_vlan: entered promiscuous mode
[  110.508117][ T5845] veth1_vlan: entered promiscuous mode
[  110.658636][ T5840] veth0_vlan: entered promiscuous mode
[  110.690300][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0
[  110.771045][ T5840] veth1_vlan: entered promiscuous mode
[  110.816138][ T5845] veth0_macvtap: entered promiscuous mode
[  110.879062][ T5845] veth1_macvtap: entered promiscuous mode
[  110.905770][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0
[  111.007611][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0
[  111.064161][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1
[  111.068412][ T5840] veth0_macvtap: entered promiscuous mode
[  111.093304][ T5848] veth0_vlan: entered promiscuous mode
[  111.126617][ T5840] veth1_macvtap: entered promiscuous mode
[  111.139636][ T1174] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  111.148374][ T1174] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  111.185362][   T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  111.198316][   T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  111.230683][ T5848] veth1_vlan: entered promiscuous mode
[  111.406783][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[  111.428425][ T5843] veth0_vlan: entered promiscuous mode
[  111.500431][ T5844] veth0_vlan: entered promiscuous mode
[  111.513232][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[  111.564689][ T1272] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  111.578372][ T5843] veth1_vlan: entered promiscuous mode
[  111.591881][ T1272] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  111.593470][ T5844] veth1_vlan: entered promiscuous mode
[  111.615571][ T1272] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  111.645052][   T37] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  111.756517][ T5848] veth0_macvtap: entered promiscuous mode
[  111.779877][   T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.779906][   T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.852495][ T5848] veth1_macvtap: entered promiscuous mode
[  112.027710][  T976] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.027733][  T976] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.141493][  T976] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.141515][  T976] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.146014][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.152834][ T5843] veth0_macvtap: entered promiscuous mode
[  112.184572][ T5844] veth0_macvtap: entered promiscuous mode
[  112.227997][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1
[  112.237704][ T5843] veth1_macvtap: entered promiscuous mode
[  112.273450][ T5844] veth1_macvtap: entered promiscuous mode
[  112.341524][  T976] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.354974][ T3110] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.354999][ T3110] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.373405][  T976] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.432483][  T976] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.465581][  T976] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  112.572934][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.852452][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.883510][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.701829][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.866010][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.932565][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.936264][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.971437][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  114.007150][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  114.250060][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  114.252244][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  114.258202][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.265653][  T976] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.265676][  T976] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.296442][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.791869][ T5965] syz.0.1 (5965) used greatest stack depth: 17976 bytes left
[  115.032839][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.071204][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  115.297241][ T5969] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  115.679342][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  115.832261][   T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.832280][   T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.049406][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  116.249327][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  116.546827][ T3110] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.546854][ T3110] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.969353][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  118.015719][ T3110] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.015741][ T3110] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.269359][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  118.510487][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  118.621198][ T1272] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.621221][ T1272] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.774030][ T1174] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.774054][ T1174] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.859390][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  128.864985][ T6026] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  134.996847][ T6057] =======================================================
[  134.996847][ T6057] WARNING: The mand mount option has been deprecated and
[  134.996847][ T6057]          and is ignored by this kernel. Remove the mand
[  134.996847][ T6057]          option from the mount to silence this warning.
[  134.996847][ T6057] =======================================================
[  134.999194][ T6057] new mount options do not match the existing superblock, will be ignored
[  135.063272][ T6057] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 ""
[  135.719347][   T38] audit: type=1326 audit(1757532460.833:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6053 comm="syz.1.21" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bf09beba9 code=0x7ffc0000
[  135.719417][   T38] audit: type=1326 audit(1757532460.843:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6053 comm="syz.1.21" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bf09beba9 code=0x7ffc0000
[  135.719465][   T38] audit: type=1326 audit(1757532460.843:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6053 comm="syz.1.21" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f2bf09beba9 code=0x7ffc0000
[  136.187312][ T6063] netlink: 68 bytes leftover after parsing attributes in process `syz.0.22'.
[  138.006250][ T1326] ieee802154 phy0 wpan0: encryption failed: -22
[  138.006321][ T1326] ieee802154 phy1 wpan1: encryption failed: -22
[  140.539470][ T5987] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  140.764307][ T5987] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  140.764346][ T5987] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  140.764391][ T5987] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  140.764464][ T5987] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.131254][ T6087] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  141.175839][ T5987] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  143.500977][ T6097] netlink: 4 bytes leftover after parsing attributes in process `syz.1.30'.
[  143.843045][ T6097] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  143.843045][ T6097]    program syz.1.30 not setting count and/or reply_len properly
[  149.012175][   T38] audit: type=1326 audit(1757532475.003:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6109 comm="syz.3.33" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f93b616eba9 code=0x7ffc0000
[  149.012582][   T38] audit: type=1326 audit(1757532475.013:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6109 comm="syz.3.33" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f93b616eba9 code=0x7ffc0000
[  149.012783][   T38] audit: type=1326 audit(1757532475.023:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6109 comm="syz.3.33" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f93b616eba9 code=0x7ffc0000
[  149.181252][ T6113] new mount options do not match the existing superblock, will be ignored
[  149.196873][ T6113] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 ""
[  150.396353][ T5927] usb 3-1: USB disconnect, device number 2
[  150.709530][ T6126] netlink: 68 bytes leftover after parsing attributes in process `syz.0.36'.
[  156.299559][   T31] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  156.511156][   T31] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  156.511195][   T31] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  156.511238][   T31] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  156.511263][   T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.592066][ T6142] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  156.611067][   T31] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  156.896310][ T5904] usb 2-1: USB disconnect, device number 2
[  157.074141][ T5155] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  157.101174][ T5155] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  157.119975][ T5155] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  157.145131][ T5155] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  157.148744][ T5155] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  157.254948][ T6145] udevd[6145]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  158.025840][ T6151] netlink: 'syz.1.43': attribute type 1 has an invalid length.
[  158.522262][   T38] audit: type=1326 audit(1757532484.533:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6152 comm="syz.3.44" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f93b616eba9 code=0x7ffc0000
[  158.522605][   T38] audit: type=1326 audit(1757532484.533:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6152 comm="syz.3.44" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f93b616eba9 code=0x7ffc0000
[  158.522871][   T38] audit: type=1326 audit(1757532484.533:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6152 comm="syz.3.44" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f93b616eba9 code=0x7ffc0000
[  158.698885][ T6158] new mount options do not match the existing superblock, will be ignored
[  158.716654][ T6158] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 ""
[  159.255590][ T5842] Bluetooth: hci2: command tx timeout
[  161.302349][ T5842] Bluetooth: hci2: command tx timeout
[  161.567479][ T1174] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.406757][ T1174] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.825178][ T1174] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.359516][ T5842] Bluetooth: hci2: command tx timeout
[  163.364804][ T1174] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.638502][ T6185] netlink: 68 bytes leftover after parsing attributes in process `syz.0.49'.
[  164.811409][ T6143] chnl_net:caif_netlink_parms(): no params data found
[  165.107325][ T5927] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  166.116487][ T5842] Bluetooth: hci2: command tx timeout
[  166.393268][ T5927] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  166.393298][ T5927] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  166.393328][ T5927] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  166.393345][ T5927] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.439226][ T6191] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  166.513134][ T5927] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  166.610364][ T1174] bridge_slave_1: left allmulticast mode
[  166.610673][ T1174] bridge_slave_1: left promiscuous mode
[  166.612643][ T1174] bridge0: port 2(bridge_slave_1) entered disabled state
[  167.606784][ T5927] usb 2-1: USB disconnect, device number 3
[  167.874024][ T1174] bridge_slave_0: left allmulticast mode
[  167.874065][ T1174] bridge_slave_0: left promiscuous mode
[  167.874316][ T1174] bridge0: port 1(bridge_slave_0) entered disabled state
[  167.912203][ T6147] udevd[6147]: setting owner of /dev/bus/usb/002/003 to uid=0, gid=0 failed: No such file or directory
[  168.642854][ T6213] new mount options do not match the existing superblock, will be ignored
[  168.657355][ T6213] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 ""
[  169.282955][ T5891] udevd[5891]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  175.444897][ T6244] netlink: 'syz.3.61': attribute type 1 has an invalid length.
[  181.270386][ T1174] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  181.713842][ T1174] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  182.964689][ T1174] bond0 (unregistering): Released all slaves
[  188.689429][ T5926] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  188.882233][ T6143] bridge0: port 1(bridge_slave_0) entered blocking state
[  188.882338][ T6143] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.882559][ T6143] bridge_slave_0: entered allmulticast mode
[  188.885733][ T6143] bridge_slave_0: entered promiscuous mode
[  188.907145][ T6143] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.907256][ T6143] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.907444][ T6143] bridge_slave_1: entered allmulticast mode
[  188.913376][ T6143] bridge_slave_1: entered promiscuous mode
[  189.165076][ T5926] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  189.165102][ T5926] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  189.165131][ T5926] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  189.165148][ T5926] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.970118][ T6294] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  189.977893][ T5926] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  191.427348][ T6143] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  191.461873][ T6143] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  191.918222][ T5987] usb 5-1: USB disconnect, device number 2
[  198.381470][ T6143] team0: Port device team_slave_0 added
[  198.403833][ T6143] team0: Port device team_slave_1 added
[  198.598591][ T6338] netlink: 68 bytes leftover after parsing attributes in process `syz.3.81'.
[  199.497569][ T1326] ieee802154 phy0 wpan0: encryption failed: -22
[  199.497657][ T1326] ieee802154 phy1 wpan1: encryption failed: -22
[  204.037185][ T1174] hsr_slave_0: left promiscuous mode
[  204.959789][ T1174] hsr_slave_1: left promiscuous mode
[  204.960593][ T1174] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  204.960648][ T1174] batman_adv: batadv0: Removing interface: batadv_slave_0
[  205.088016][ T1174] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  205.088051][ T1174] batman_adv: batadv0: Removing interface: batadv_slave_1
[  206.631690][ T1174] veth1_macvtap: left promiscuous mode
[  206.631864][ T1174] veth0_macvtap: left promiscuous mode
[  206.632085][ T1174] veth1_vlan: left promiscuous mode
[  206.632302][ T1174] veth0_vlan: left promiscuous mode
[  206.949447][ T6352] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  207.116247][ T6352] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  207.116275][ T6352] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  207.116305][ T6352] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  207.116322][ T6352] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.134457][ T6375] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  207.196134][ T6352] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  207.969800][ T6380] new mount options do not match the existing superblock, will be ignored
[  207.981687][ T6380] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 ""
[  211.573931][ T6352] usb 1-1: USB disconnect, device number 2
[  211.874234][ T6398] netlink: 68 bytes leftover after parsing attributes in process `syz.3.92'.
[  213.801960][ T6409] netlink: 4 bytes leftover after parsing attributes in process `syz.3.95'.
[  213.996623][ T6410] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  213.996623][ T6410]    program syz.3.95 not setting count and/or reply_len properly
[  218.504115][ T5155] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  218.523413][ T5155] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  218.524721][ T5155] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  218.525921][ T5155] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  218.526791][ T5155] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  218.648197][ T1174] team0 (unregistering): Port device team_slave_1 removed
[  218.931840][ T1174] team0 (unregistering): Port device team_slave_0 removed
[  219.671624][ T6435] new mount options do not match the existing superblock, will be ignored
[  219.687053][ T6435] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 ""
[  220.639413][ T6436] Bluetooth: hci5: command tx timeout
[  222.249505][ T6436] Bluetooth: hci0: command 0x0406 tx timeout
[  222.399530][ T6436] Bluetooth: hci3: command 0x0406 tx timeout
[  222.399583][ T6436] Bluetooth: hci1: command 0x0406 tx timeout
[  222.399611][ T6436] Bluetooth: hci4: command 0x0406 tx timeout
[  222.748719][ T5852] Bluetooth: hci5: command tx timeout
[  224.576154][ T6458] netlink: 68 bytes leftover after parsing attributes in process `syz.1.104'.
[  225.449017][ T5847] Bluetooth: hci5: command tx timeout
[  226.148083][ T6462] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  226.609457][ T6143] batman_adv: batadv0: Adding interface: batadv_slave_0
[  226.609477][ T6143] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  226.609507][ T6143] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  227.519451][ T5847] Bluetooth: hci5: command tx timeout
[  232.869959][ T6429] chnl_net:caif_netlink_parms(): no params data found
[  235.375362][  T984] bridge_slave_1: left allmulticast mode
[  235.375399][  T984] bridge_slave_1: left promiscuous mode
[  235.375748][  T984] bridge0: port 2(bridge_slave_1) entered disabled state
[  235.511006][  T984] bridge_slave_0: left allmulticast mode
[  235.511041][  T984] bridge_slave_0: left promiscuous mode
[  235.511944][  T984] bridge0: port 1(bridge_slave_0) entered disabled state
[  235.585847][ T6531] netlink: 68 bytes leftover after parsing attributes in process `syz.3.114'.
[  239.510202][  T984] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  239.820227][  T984] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  239.926513][  T984] bond0 (unregistering): Released all slaves
[  240.247487][ T5987] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  241.501845][ T6554] netlink: 'syz.1.118': attribute type 1 has an invalid length.
[  241.513683][ T6429] bridge0: port 1(bridge_slave_0) entered blocking state
[  241.513910][ T6429] bridge0: port 1(bridge_slave_0) entered disabled state
[  241.514184][ T6429] bridge_slave_0: entered allmulticast mode
[  241.556922][ T5987] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  241.556971][ T5987] usb 4-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  241.557014][ T5987] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  241.557040][ T5987] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  241.640215][ T6429] bridge_slave_0: entered promiscuous mode
[  241.995637][ T6429] bridge0: port 2(bridge_slave_1) entered blocking state
[  242.031142][ T6429] bridge0: port 2(bridge_slave_1) entered disabled state
[  242.193789][ T6429] bridge_slave_1: entered allmulticast mode
[  242.537604][ T5987] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  242.538786][ T5987] usb 4-1: invalid MIDI out EP 0
[  242.559643][ T6429] bridge_slave_1: entered promiscuous mode
[  242.936831][ T5987] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22
[  242.985691][ T5987] usb 4-1: USB disconnect, device number 2
[  243.144121][ T6558] udevd[6558]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  247.525005][  T984] batman_adv: batadv0: Removing interface: batadv_slave_0
[  250.021309][    C0] vkms_vblank_simulate: vblank timer overrun
[  250.311611][    C0] vkms_vblank_simulate: vblank timer overrun
[  252.538288][ T6602] syz.3.130 (6602) used greatest stack depth: 17560 bytes left
[  252.821405][    C0] vkms_vblank_simulate: vblank timer overrun
[  252.955502][  T984] team0 (unregistering): Port device team_slave_1 removed
[  253.161227][    C0] vkms_vblank_simulate: vblank timer overrun
[  253.787028][    C0] vkms_vblank_simulate: vblank timer overrun
[  256.161409][  T984] team0 (unregistering): Port device team_slave_0 removed
[  260.920081][ T1326] ieee802154 phy0 wpan0: encryption failed: -22
[  260.920137][ T1326] ieee802154 phy1 wpan1: encryption failed: -22
[  261.956841][ T6429] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  262.023699][ T6429] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  262.551998][ T6429] team0: Port device team_slave_0 added
[  262.575667][ T6429] team0: Port device team_slave_1 added
[  264.231830][ T6429] batman_adv: batadv0: Adding interface: batadv_slave_0
[  264.231847][ T6429] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  264.231871][ T6429] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  264.234190][ T6429] batman_adv: batadv0: Adding interface: batadv_slave_1
[  264.234203][ T6429] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  264.234227][ T6429] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  266.671804][ T6429] hsr_slave_0: entered promiscuous mode
[  266.673255][ T6429] hsr_slave_1: entered promiscuous mode
[  266.674190][ T6429] debugfs: 'hsr0' already exists in 'hsr'
[  266.674216][ T6429] Cannot create hsr debugfs directory
[  270.101226][ T6429] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  270.203277][ T6429] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  270.315519][ T6429] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  270.373019][ T6429] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  271.083529][    C0] vkms_vblank_simulate: vblank timer overrun
[  271.197859][ T6714] 
[  271.197869][ T6714] ======================================================
[  271.197876][ T6714] WARNING: possible circular locking dependency detected
[  271.197889][ T6714] syzkaller #0 Not tainted
[  271.197897][ T6714] ------------------------------------------------------
[  271.197902][ T6714] syz.1.150/6714 is trying to acquire lock:
[  271.197911][ T6714] ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400
[  271.197966][ T6714] 
[  271.197966][ T6714] but task is already holding lock:
[  271.197971][ T6714] ffff888142bdc3a0 (&dev->vblank_time_lock){+.+.}-{3:3}, at: drm_vblank_disable_and_save+0x7f/0x380
[  271.198009][ T6714] 
[  271.198009][ T6714] which lock already depends on the new lock.
[  271.198009][ T6714] 
[  271.198014][ T6714] 
[  271.198014][ T6714] the existing dependency chain (in reverse order) is:
[  271.198019][ T6714] 
[  271.198019][ T6714] -> #4 (&dev->vblank_time_lock){+.+.}-{3:3}:
[  271.198039][ T6714]        lock_acquire+0x120/0x360
[  271.198059][ T6714]        rt_spin_lock+0x88/0x2c0
[  271.198076][ T6714]        drm_crtc_vblank_on_config+0x2cd/0x860
[  271.198096][ T6714]        drm_crtc_vblank_on+0x88/0xc0
[  271.198114][ T6714]        drm_atomic_helper_commit_modeset_enables+0x602/0xe10
[  271.198134][ T6714]        vkms_atomic_commit_tail+0x69/0x210
[  271.198153][ T6714]        commit_tail+0x281/0x3a0
[  271.198171][ T6714]        drm_atomic_helper_commit+0xa6b/0xb10
[  271.198190][ T6714]        drm_atomic_commit+0x262/0x2c0
[  271.198207][ T6714]        drm_client_modeset_commit_atomic+0x620/0x760
[  271.198222][ T6714]        drm_client_modeset_commit_locked+0xce/0x4d0
[  271.198237][ T6714]        drm_client_modeset_commit+0x4a/0x70
[  271.198251][ T6714]        __drm_fb_helper_restore_fbdev_mode_unlocked+0x9d/0x1b0
[  271.198270][ T6714]        drm_fb_helper_set_par+0xaf/0x100
[  271.198289][ T6714]        fbcon_init+0x1255/0x2370
[  271.198311][ T6714]        visual_init+0x2ef/0x650
[  271.198330][ T6714]        do_bind_con_driver+0x890/0xf70
[  271.198352][ T6714]        do_take_over_console+0x899/0xa10
[  271.198374][ T6714]        do_fbcon_takeover+0x118/0x200
[  271.198395][ T6714]        fbcon_fb_registered+0x35e/0x610
[  271.198416][ T6714]        register_framebuffer+0x70f/0x890
[  271.198429][ T6714]        __drm_fb_helper_initial_config_and_unlock+0x130a/0x18a0
[  271.198450][ T6714]        drm_fbdev_client_hotplug+0x16f/0x230
[  271.198470][ T6714]        drm_client_register+0x16f/0x210
[  271.198493][ T6714]        drm_fbdev_client_setup+0x19f/0x3f0
[  271.198515][ T6714]        drm_client_setup+0x10a/0x230
[  271.198534][ T6714]        vkms_init+0x3e0/0x4b0
[  271.198549][ T6714]        do_one_initcall+0x233/0x820
[  271.198562][ T6714]        do_initcall_level+0x104/0x190
[  271.198580][ T6714]        do_initcalls+0x59/0xa0
[  271.198597][ T6714]        kernel_init_freeable+0x334/0x4b0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  271.198615][ T6714]        kernel_init+0x1d/0x1d0
[  271.198630][ T6714]        ret_from_fork+0x3f9/0x770
[  271.198648][ T6714]        ret_from_fork_asm+0x1a/0x30
[  271.198662][ T6714] 
[  271.198662][ T6714] -> #3 (&dev->vbl_lock){+.+.}-{3:3}:
[  271.198683][ T6714]        lock_acquire+0x120/0x360
[  271.198701][ T6714]        rt_spin_lock+0x88/0x2c0
[  271.198717][ T6714]        vblank_disable_fn+0x72/0x190
[  271.198734][ T6714]        call_timer_fn+0x17b/0x5f0
[  271.198759][ T6714]        __run_timer_base+0x648/0x970
[  271.198775][ T6714]        run_timer_softirq+0xb7/0x180
[  271.198793][ T6714]        handle_softirqs+0x22f/0x710
[  271.198823][ T6714]        run_ktimerd+0xcf/0x190
[  271.198843][ T6714]        smpboot_thread_fn+0x53f/0xa60
[  271.198861][ T6714]        kthread+0x70e/0x8a0
[  271.198882][ T6714]        ret_from_fork+0x3f9/0x770
[  271.198900][ T6714]        ret_from_fork_asm+0x1a/0x30
[  271.198913][ T6714] 
[  271.198913][ T6714] -> #2 ((&vblank->disable_timer)){+...}-{0:0}:
[  271.198932][ T6714]        lock_acquire+0x120/0x360
[  271.198950][ T6714]        call_timer_fn+0xdb/0x5f0
[  271.198969][ T6714]        __run_timer_base+0x648/0x970
[  271.198985][ T6714]        run_timer_softirq+0xb7/0x180
[  271.199001][ T6714]        handle_softirqs+0x22f/0x710
[  271.199018][ T6714]        run_ktimerd+0xcf/0x190
[  271.199038][ T6714]        smpboot_thread_fn+0x53f/0xa60
[  271.199055][ T6714]        kthread+0x70e/0x8a0
[  271.199075][ T6714]        ret_from_fork+0x3f9/0x770
[  271.199093][ T6714]        ret_from_fork_asm+0x1a/0x30
[  271.199106][ T6714] 
[  271.199106][ T6714] -> #1 (&base->expiry_lock){+...}-{3:3}:
[  271.199125][ T6714]        lock_acquire+0x120/0x360
[  271.199143][ T6714]        rt_spin_lock+0x88/0x2c0
[  271.199158][ T6714]        __run_timer_base+0x114/0x970
[  271.199174][ T6714]        run_timer_softirq+0x67/0x180
[  271.199191][ T6714]        handle_softirqs+0x22f/0x710
[  271.199220][ T6714]        run_ktimerd+0xcf/0x190
[  271.199247][ T6714]        smpboot_thread_fn+0x53f/0xa60
[  271.199271][ T6714]        kthread+0x70e/0x8a0
[  271.199299][ T6714]        ret_from_fork+0x3f9/0x770
[  271.199323][ T6714]        ret_from_fork_asm+0x1a/0x30
[  271.199343][ T6714] 
[  271.199343][ T6714] -> #0 ((softirq_ctrl.lock)){+.+.}-{3:3}:
[  271.199372][ T6714]        validate_chain+0xb9b/0x2140
[  271.199402][ T6714]        __lock_acquire+0xab9/0xd20
[  271.199429][ T6714]        reacquire_held_locks+0x127/0x1d0
[  271.199460][ T6714]        lock_release+0x1b4/0x3e0
[  271.199484][ T6714]        __local_bh_enable_ip+0x10c/0x270
[  271.199507][ T6714]        hrtimer_cancel+0x39/0x60
[  271.199535][ T6714]        drm_vblank_disable_and_save+0x1bc/0x380
[  271.199559][ T6714]        drm_crtc_vblank_off+0x22e/0x820
[  271.199584][ T6714]        drm_atomic_helper_commit_modeset_disables+0xc89/0x2010
[  271.199614][ T6714]        vkms_atomic_commit_tail+0x51/0x210
[  271.199639][ T6714]        commit_tail+0x281/0x3a0
[  271.199663][ T6714]        drm_atomic_helper_commit+0xa6b/0xb10
[  271.199690][ T6714]        drm_atomic_commit+0x262/0x2c0
[  271.199714][ T6714]        drm_client_modeset_commit_atomic+0x620/0x760
[  271.199736][ T6714]        drm_client_modeset_dpms+0x182/0x8c0
[  271.199765][ T6714]        drm_fb_helper_blank+0xf5/0x140
[  271.199788][ T6714]        fb_blank+0xcd/0x220
[  271.199804][ T6714]        do_fb_ioctl+0x48d/0x750
[  271.199827][ T6714]        __se_sys_ioctl+0xfc/0x170
[  271.199850][ T6714]        do_syscall_64+0xfa/0x3b0
[  271.199868][ T6714]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.199889][ T6714] 
[  271.199889][ T6714] other info that might help us debug this:
[  271.199889][ T6714] 
[  271.199896][ T6714] Chain exists of:
[  271.199896][ T6714]   (softirq_ctrl.lock) --> &dev->vbl_lock --> &dev->vblank_time_lock
[  271.199896][ T6714] 
[  271.199933][ T6714]  Possible unsafe locking scenario:
[  271.199933][ T6714] 
[  271.199940][ T6714]        CPU0                    CPU1
[  271.199946][ T6714]        ----                    ----
[  271.199953][ T6714]   lock(&dev->vblank_time_lock);
[  271.199967][ T6714]                                lock(&dev->vbl_lock);
[  271.199983][ T6714]                                lock(&dev->vblank_time_lock);
[  271.199998][ T6714]   lock((softirq_ctrl.lock));
[  271.200012][ T6714] 
[  271.200012][ T6714]  *** DEADLOCK ***
[  271.200012][ T6714] 
[  271.200018][ T6714] 13 locks held by syz.1.150/6714:
[  271.200030][ T6714]  #0: ffffffff8d99ccc0 (console_lock){+.+.}-{0:0}, at: do_fb_ioctl+0x46e/0x750
[  271.200103][ T6714]  #1: ffff888142f4f068 (&fb_info->lock){+.+.}-{4:4}, at: do_fb_ioctl+0x482/0x750
[  271.200159][ T6714]  #2: ffff8881482bfaa0 (&helper->lock){+.+.}-{4:4}, at: drm_fb_helper_blank+0xeb/0x140
[  271.200215][ T6714]  #3: ffff888142bdc1d8 (&dev->master_mutex){+.+.}-{4:4}, at: drm_master_internal_acquire+0x20/0x80
[  271.200275][ T6714]  #4: ffff8881482bf888 (&client->modeset_mutex){+.+.}-{4:4}, at: drm_client_modeset_dpms+0xcf/0x8c0
[  271.200327][ T6714]  #5: ffffc9000c38f870 (crtc_ww_class_acquire){+.+.}-{0:0}, at: drm_client_modeset_commit_atomic+0xda/0x760
[  271.200382][ T6714]  #6: ffffc9000c38f898 (crtc_ww_class_mutex){+.+.}-{4:4}, at: drm_client_modeset_commit_atomic+0xda/0x760
[  271.200436][ T6714]  #7: ffff888142bdc4b8 (&dev->event_lock){+.+.}-{3:3}, at: drm_crtc_vblank_off+0xe4/0x820
[  271.200495][ T6714]  #8: ffffffff8d9a8bc0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0
[  271.200552][ T6714]  #9: ffff888142bdc420 (&dev->vbl_lock){+.+.}-{3:3}, at: drm_crtc_vblank_off+0xf5/0x820
[  271.200611][ T6714]  #10: ffffffff8d9a8bc0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0
[  271.200667][ T6714]  #11: ffff888142bdc3a0 (&dev->vblank_time_lock){+.+.}-{3:3}, at: drm_vblank_disable_and_save+0x7f/0x380
[  271.200726][ T6714]  #12: ffffffff8d9a8bc0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0
[  271.200789][ T6714] 
[  271.200789][ T6714] stack backtrace:
[  271.200821][ T6714] CPU: 0 UID: 0 PID: 6714 Comm: syz.1.150 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  271.200846][ T6714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  271.200868][ T6714] Call Trace:
[  271.200876][ T6714]  <TASK>
[  271.200887][ T6714]  dump_stack_lvl+0x189/0x250
[  271.200928][ T6714]  ? __pfx_dump_stack_lvl+0x10/0x10
[  271.200959][ T6714]  ? __pfx__printk+0x10/0x10
[  271.200985][ T6714]  ? print_lock_name+0xde/0x100
[  271.201009][ T6714]  print_circular_bug+0x2ee/0x310
[  271.201033][ T6714]  check_noncircular+0x134/0x160
[  271.201074][ T6714]  validate_chain+0xb9b/0x2140
[  271.201111][ T6714]  ? __lock_acquire+0xab9/0xd20
[  271.201144][ T6714]  ? do_raw_spin_lock+0x121/0x290
[  271.201174][ T6714]  __lock_acquire+0xab9/0xd20
[  271.201208][ T6714]  reacquire_held_locks+0x127/0x1d0
[  271.201244][ T6714]  ? __local_bh_disable_ip+0x264/0x400
[  271.201275][ T6714]  lock_release+0x1b4/0x3e0
[  271.201306][ T6714]  ? __local_bh_enable_ip+0x100/0x270
[  271.201336][ T6714]  __local_bh_enable_ip+0x10c/0x270
[  271.201364][ T6714]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  271.201395][ T6714]  ? rt_spin_unlock+0x65/0x80
[  271.201424][ T6714]  ? hrtimer_cancel_wait_running+0xe5/0x180
[  271.201459][ T6714]  ? hrtimer_cancel_wait_running+0x142/0x180
[  271.201496][ T6714]  ? __pfx_vkms_disable_vblank+0x10/0x10
[  271.201530][ T6714]  hrtimer_cancel+0x39/0x60
[  271.201561][ T6714]  drm_vblank_disable_and_save+0x1bc/0x380
[  271.201593][ T6714]  drm_crtc_vblank_off+0x22e/0x820
[  271.201628][ T6714]  ? __pfx_vkms_crtc_atomic_disable+0x10/0x10
[  271.201663][ T6714]  drm_atomic_helper_commit_modeset_disables+0xc89/0x2010
[  271.201702][ T6714]  vkms_atomic_commit_tail+0x51/0x210
[  271.201733][ T6714]  ? __pfx_vkms_atomic_commit_tail+0x10/0x10
[  271.201770][ T6714]  commit_tail+0x281/0x3a0
[  271.201804][ T6714]  drm_atomic_helper_commit+0xa6b/0xb10
[  271.201838][ T6714]  ? __pfx_drm_atomic_helper_commit+0x10/0x10
[  271.201869][ T6714]  drm_atomic_commit+0x262/0x2c0
[  271.201896][ T6714]  ? __pfx_drm_atomic_commit+0x10/0x10
[  271.201922][ T6714]  ? __pfx___drm_printfn_info+0x10/0x10
[  271.201961][ T6714]  ? drm_client_rotation+0x47c/0x5b0
[  271.201986][ T6714]  drm_client_modeset_commit_atomic+0x620/0x760
[  271.202018][ T6714]  ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10
[  271.202042][ T6714]  ? preempt_schedule_irq+0xde/0x150
[  271.202091][ T6714]  drm_client_modeset_dpms+0x182/0x8c0
[  271.202118][ T6714]  ? do_raw_spin_lock+0x121/0x290
[  271.202144][ T6714]  ? __pfx_drm_client_modeset_dpms+0x10/0x10
[  271.202170][ T6714]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  271.202206][ T6714]  ? lockdep_hardirqs_on+0x9c/0x150
[  271.202242][ T6714]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  271.202277][ T6714]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  271.202310][ T6714]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  271.202336][ T6714]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  271.202376][ T6714]  ? mutex_lock_nested+0x154/0x1d0
[  271.202401][ T6714]  ? drm_fb_helper_blank+0xeb/0x140
[  271.202430][ T6714]  drm_fb_helper_blank+0xf5/0x140
[  271.202459][ T6714]  fb_blank+0xcd/0x220
[  271.202480][ T6714]  do_fb_ioctl+0x48d/0x750
[  271.202509][ T6714]  ? __pfx_do_fb_ioctl+0x10/0x10
[  271.202546][ T6714]  ? __asan_memset+0x22/0x50
[  271.202572][ T6714]  ? __pfx_smack_file_ioctl+0x10/0x10
[  271.202603][ T6714]  ? __fget_files+0x3a6/0x420
[  271.202636][ T6714]  ? __fget_files+0x2a/0x420
[  271.202671][ T6714]  ? bpf_lsm_file_ioctl+0x9/0x20
[  271.202697][ T6714]  ? __pfx_fb_ioctl+0x10/0x10
[  271.202722][ T6714]  __se_sys_ioctl+0xfc/0x170
[  271.202755][ T6714]  do_syscall_64+0xfa/0x3b0
[  271.202776][ T6714]  ? lockdep_hardirqs_on+0x9c/0x150
[  271.202809][ T6714]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.202833][ T6714]  ? clear_bhb_loop+0x60/0xb0
[  271.202858][ T6714]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.202882][ T6714] RIP: 0033:0x7f2bf09beba9
[  271.202908][ T6714] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  271.202928][ T6714] RSP: 002b:00007f2beec05038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  271.202951][ T6714] RAX: ffffffffffffffda RBX: 00007f2bf0c06090 RCX: 00007f2bf09beba9
[  271.202969][ T6714] RDX: 0000000000000004 RSI: 0000000000004611 RDI: 0000000000000003
[  271.202983][ T6714] RBP: 00007f2bf0a41e19 R08: 0000000000000000 R09: 0000000000000000
[  271.202998][ T6714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  271.203012][ T6714] R13: 00007f2bf0c06128 R14: 00007f2bf0c06090 R15: 00007fff9c322468
[  271.203038][ T6714]  </TASK>
[  272.683396][ T6429] 8021q: adding VLAN 0 to HW filter on device bond0
[  275.632563][ T1272] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  275.842039][ T1272] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  276.051291][ T1272] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  276.243025][ T1272] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  276.479579][ T1272] bridge_slave_1: left allmulticast mode
[  276.479606][ T1272] bridge_slave_1: left promiscuous mode
[  276.479785][ T1272] bridge0: port 2(bridge_slave_1) entered disabled state
[  276.570950][ T1272] bridge_slave_0: left allmulticast mode
[  276.570978][ T1272] bridge_slave_0: left promiscuous mode
[  276.571150][ T1272] bridge0: port 1(bridge_slave_0) entered disabled state
[  277.959857][ T1272] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  278.020912][ T1272] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  278.051693][ T1272] bond0 (unregistering): Released all slaves
[  279.195217][ T1272] hsr_slave_0: left promiscuous mode
[  279.249348][ T1272] hsr_slave_1: left promiscuous mode
[  279.249949][ T1272] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  279.249970][ T1272] batman_adv: batadv0: Removing interface: batadv_slave_0
[  279.312134][ T1272] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  279.312160][ T1272] batman_adv: batadv0: Removing interface: batadv_slave_1
[  279.392935][ T1272] veth1_macvtap: left promiscuous mode
[  279.392985][ T1272] veth0_macvtap: left promiscuous mode
[  279.393087][ T1272] veth1_vlan: left promiscuous mode
[  279.393157][ T1272] veth0_vlan: left promiscuous mode
[  281.091185][ T1272] team0 (unregistering): Port device team_slave_1 removed
[  281.249919][ T1272] team0 (unregistering): Port device team_slave_0 removed