last executing test programs: 12.022237688s ago: executing program 4 (id=5): pipe2$watch_queue(0x0, 0x80) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$vim2m(0x0, 0xffffffffffffff5a, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0xfffffffbfffffffe}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/partitions\x00', 0x0, 0x0) r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) sendfile(r2, r1, &(0x7f00000000c0)=0x58, 0x9) fremovexattr(0xffffffffffffffff, 0x0) 10.833991739s ago: executing program 1 (id=7): futex_waitv(&(0x7f0000000180)=[{0x7f00000000000000, 0x0, 0x2}], 0x1, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = epoll_create1(0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000480)='contention_begin\x00', r2, 0x0, 0x405}, 0x71) select(0x40, &(0x7f0000000340)={0xd, 0x0, 0x0, 0x0, 0x0, 0x2e787ec3, 0x0, 0x1}, 0x0, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000015c0)={0x11, 0xd, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r3, 0x0, 0x2}, 0x18) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000100)={0xa000000d}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000400)={0xa}) epoll_pwait(0xffffffffffffffff, &(0x7f0000000080)=[{}], 0x1, 0x80000000, 0x0, 0x0) 10.643529875s ago: executing program 4 (id=8): r0 = socket$alg(0x26, 0x5, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$inet6(r1, &(0x7f0000000700)={0x0, 0x0, 0x0}, 0x4000008) keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000000)=""/13, 0xffffffffffffffb5) sendmsg$nl_generic(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x8014}, 0x4008001) syz_clone3(&(0x7f0000000340)={0x42907480, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_dev$sndpcmp(&(0x7f0000000140), 0x10000, 0x80000) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @broadcast}, @timestamp_reply={0x11, 0xe0, 0x0, 0x0, 0x0, 0x2}}}}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=@ipv4_newaddr={0x18, 0x14, 0x509, 0x70bd2b, 0x25dfdbfb, {0x2, 0x40, 0xc, 0xfe}}, 0x18}, 0x1, 0x0, 0x0, 0x20008005}, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x23, &(0x7f0000000000), &(0x7f00000000c0)=0x14) 10.396047179s ago: executing program 3 (id=9): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a00000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x56a, 0x29, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xf0, 0xa, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x40, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x81, 0x0, 0xfc}}}}}]}}]}}, 0x0) syz_usb_connect$hid(0x2, 0x3f, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r1 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfad6}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x43b3, 0x0, 0xe, 0x0, 0x0) r4 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042) writev(r4, &(0x7f0000000900)=[{&(0x7f0000003900)="1237", 0x2}], 0x1) 10.267977702s ago: executing program 2 (id=3): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0) ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000180)) 9.158182492s ago: executing program 2 (id=10): ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000000)={0x5, 0x400, 0x9, 0x4, 0x1328}) socket$inet6_sctp(0xa, 0x5, 0x84) sched_setaffinity(0x0, 0x3a, &(0x7f0000000240)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_emit_ethernet(0x5a, &(0x7f0000002e40)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "7428dd", 0x24, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @ndisc_na={0x89, 0x0, 0x0, 0x0, '\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [{0x0, 0x1, "122b472e41e24b11f34b"}]}}}}}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xd, 0x0, &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000540)=@delsa={0x48, 0x11, 0x1, 0x0, 0x0, {@in=@broadcast, 0x0, 0xa}, [@mark={0xc}, @srcaddr={0x14, 0xd, @in=@empty}]}, 0x48}}, 0x0) 8.965638189s ago: executing program 1 (id=11): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000780)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$msdos(&(0x7f0000000200), &(0x7f00000000c0)='./file1\x00', 0x10088, &(0x7f0000000580)=ANY=[@ANYBLOB="73686f77657865632c6e6f646f74732c7379735f696d6d757461626c652c646f74732c6e66732c6e6f646f74732c6e6f646f74732c64656275672c646f74732c756d61736b3d30303030303030303030303030303030303030303230302c00c4cd878e2e225ee8a12ec0f0234a613f191236529e2eb19792d74d539f7b74148c4cd01ca5836451894237f5161f323e3dff6322349bb51c07b887571b07ed2b9f7e59a22824b104346da8", @ANYRES8=r0], 0x1, 0x1ff, &(0x7f00000002c0)="$eJzs3MtqU1scBvB12p5ecuhldEAnLnSik02tTxCkBTGg1EbUgbBLUw2JSckOmoiDjh35HMWhM0F8gb6FsyJIRx0ZaZNerTqxjZLfD8L6wkdgLULCfweytx68eVZZzZLVtBmGxmMYCmE97IQws5t6/umtQ3t5NBy1Hq7NPt9+fe/ho9v5QmF+McaF/NKNuRjj1KUPL169vfyx+d/9d1Pvx8LmzOOtL3OfNv/fvLD1delpOYvlLNbqzZjG5Xq9mS5XS3GlnFWSGO9WS2lWiuVaVmoc61er9bW1dkxrK5O5tUYpy2Jaa8dKqR2b9dhstGP6JC3XYpIkcTIX+JXixuJimu/3LjhbjUY+HQ4hTHzXFDf6siEAoK/M/4PM/D8Iduf/XO/ze5z5HwAAAAAAAAAAAAAA/gY7nc50p9OZ3l/3H2MhhPEQwv7zfu+Ts+H9H2xH/rg3HsLn9VaxVeyu3X7hVmF+Nu6ZOXzVdqtVHD7or3f7eLz/N+R6/dyp/Wi4eqXb73Y37xRO9BNh5eyPDwAAAAMhiQdOvb5Pkh/13XTk94ET1+8j4eLIuR0DAAAA+Ims/bKSVqulhiAIwkHo9zcTAADwux0O/f3eCQAAAAAAAAAAAAAAAAAAAAyu87idWL/PCAAAAAAAAAAAAAAAAAAAAAAAAH+KbwEAAP//VuHQrA==") r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r3, 0x40047211, &(0x7f0000000080)) 8.757327388s ago: executing program 2 (id=13): bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) timer_settime(0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x7}}}, 0x19) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f00000000c0)={[{@init_itable}, {@grpquota}]}, 0x44, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") 6.682769266s ago: executing program 0 (id=14): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = userfaultfd(0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080)) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000080), 0x4) ioctl$KVM_XEN_HVM_CONFIG(r2, 0x4038ae7a, &(0x7f0000000040)={0x80, 0x8c8, 0x0, 0x0}) ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4048aecb, &(0x7f0000000080)) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r4, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) ioctl$KVM_RUN(r3, 0xae80, 0x0) 6.048075367s ago: executing program 1 (id=15): syz_open_dev$usbmon(0x0, 0x7, 0x0) r0 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) openat(0xffffffffffffff9c, 0x0, 0x441, 0x104) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0_to_team\x00'}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$SYNC_IOC_MERGE(r0, 0xc0303e03, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000400000000000000082038851000000600000018000000", @ANYRES32, @ANYBLOB="00000000010300006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x1e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 5.145434399s ago: executing program 3 (id=16): syz_open_procfs(0x0, &(0x7f0000000000)='mountinfo\x00') r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f00000000c0)) r2 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f00000002c0)=0x0, &(0x7f0000000100)=0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_GET_EXTENDED_ERROR(r5, 0xc0046209, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000440)={'ip6gre0\x00', &(0x7f00000003c0)={'syztnl2\x00', 0x0, 0x29, 0xf, 0x7, 0x8, 0x1, @mcast1, @loopback, 0x930, 0x20, 0x5, 0x5}}) syz_io_uring_submit(r3, r4, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(r2, 0x7a98, 0x0, 0x0, 0x0, 0x0) setns(r1, 0x24020000) umount2(&(0x7f0000000040)='.\x00', 0x2) 4.204079983s ago: executing program 2 (id=17): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket(0x1d, 0x2, 0x6) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2, 0x3}}, 0x26) 4.102977437s ago: executing program 3 (id=18): r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f0000000240)=ANY=[@ANYBLOB="0600000000000100d408000000000000040000000000000057090000000000001700000000000000e40a000000000000010000070100000066090000000000000100008000000000100a0000000000000a00000000000000fb0a0000000000000900000000000000d677741094c8df79c2cc25a05ef374304f53a91ea34cf86beced48869f0f"]) ioctl$KVM_SET_LAPIC(r0, 0x4400ae8f, &(0x7f0000001bc0)={"e542343308ab0897a135d95a6cd498db22f07227a28ded45d7705a2b2483c080cf0c91263063da46fb2c8223dcce61606a53d05bb300b519868fd49b949554c8211b6ac652ce2a5b1ed5f91ab14adc0b8dc78d5bebb3fe1c3e14b7693b4faffc4885614cce25ddab578405f8ec37e2e6301515b707cd0fb187ec6ef7e2e47ef7ccfbe5ed09b4074b02f32461ee6646004f4c8d6bb5472883bd4d58160065de6f4c733546800bf51ec237df0ee7758a03068870eca654d160b94b7a9b5f5db983127426c795bd482f92944856e369fc8f428d67b43170ec39049c6cf291489a33b097668d4e760df13f2e3c8c4f68c8e7f98b5aa7e41fb6699ae6b67024ed96a34127ae919a23856d9a5c49db15a06a1452617d3c0cfc7904d20859c812c8206b55e91a641b4e6d1b7ae4746655abdad38abe26fbf0d998ed474090717ce3d0459c372f6e933c0c90b74482559accceef5cca48aefbaf4bc79d58c02cedad4ecd4d05b9918a0deef0e6f1a2fcc2fadd75a2c0e8a6e921a7e14c4cc16b02c7d16f3b544ed290c21aaaa603fde43d0921e76fcb0692f3faa4c99d6f562045285f767a43879471f068536c068d37631dcfbaa472a2ca59c6add1369edaf43de995aee526fbf29bc89c60fbea22b7e549b3dbd4b3737ddda5fcbb61f2ba3ed1b737b7c3b30258dc63f824fa266de98a92c81dab5e7e6ccb66b5e9aa6e642783cfda6b0c7722b3391c38ee89231ada27de9ef65170601f01e795b40c2d184333f9b011b74a4b71a5edc75273197991a82ca3ffe5b8fe47b640f490a9a04a5f0aa7d433b18d25e442e034afa2c90f14ecaee3c0c382b0c2c107530fde51d608592209b43190fe515a0346edfd77b22c00868870bdbf2c5b1e7752c561411dc67f837aac8133e61909c468a30ece6f9e3a64283cc20bb002d246dca03a7b9e927a91d24203d99159601d55c39e978a086b2233ed3d089f73486f0ca668236fc987131a184006be70ef367105563b96c62c20d0c6c4fade03c0aa7a234d6ae2049b63407fd6b9a07c32e5f1ffae8654a9a418b88703511eb89f04e7b572533c6e4f68021491e1a4ff77c08478208a7d4b9d0ed3e1f37d64c9070a7df23a04bf7a37e162b16a7837f6dc491628495584fcad3089f29e1fff7ce19126cceedf0b0ada435f54964c464dbdc43134bfe52d99c7d28fcdbf0c340903f94acf96583a3302825125e772144ae64675ee6b282deca9c3375b15aecd0a4dd30719f6573fc4f420f1dd59d82448a98c93cdaad5a872725a56046ba82ed7f2a2b1b0e39f40ec810aa9c473f27a433edfd693e4bdd1395e49812f0c4b888c08ace5f31b5ec478b5b9ef80f2f6992981365ff3980a1f32c36488bcd828aca7929718bd5117a7998efd8f0b1a13cc6ec6da5521264a4f1f0ebc4ab04add4c9376d6ae8e6e05a799d1048e32"}) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r1, 0x400448e1, 0x0) syz_mount_image$msdos(&(0x7f0000002280), &(0x7f0000000200)='./file0\x00', 0x8, &(0x7f00000022c0)=ANY=[], 0x1, 0x206, &(0x7f0000000c40)="$eJzs289qE10UAPAzbdpv+nVhF65EYcCNq6A+gUEqiAEhkoWuDFQ3rQjpJgpin8e1D+HLuOlCsotMZmj+tAXTMZkQfz8Y7uGeueHcRXLu4ubt3Q/HRx9P3+98OY80yWIr4kkMIw7yqJSUYzqOd2NGElX8qrQaALiRTqfXqrsGlqvfb/VuR8T+pUz3Wy0FAQAAAAAAAAAAUNki9/+3Ir7O3/8/W3G9AEB17v9vrr1y7PdbvXvF+W2O+/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAfYaj0a1R/qTlWD7/RUQaEXsR8X9ENCIin6+7XgCguuFotu9f1/8jIokI/R8ANsCr129etNrtw06WpRE/zwbdQbcYi/yz5+3Dh9nYwWTV+WDQ3b7IPyry2Wx+Z3xuyPOPr8zvxoP7RT7PPX3Znsvvx9Hytw8A/6RmdmGqv2+XT0SzeVU+789FNHU+mOvfjbjTWNk2AIAFnH76fNw7OXnXrx7kHzc1kyy2fK8s6Pp3vjf+WqmCmwQ/krUoY22CNNaijMWD9E9ervd3CVi+yZd+MrdTZ0EAAAAAAAAAAAAAAMAlq/jLUd17BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg8/wOAAD//38uTsA=") r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0) syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000080)='./file0\x00', 0x8000d0, &(0x7f0000000a40)=ANY=[@ANYBLOB="73686f72746e616d653d77696e6e742c756e695f786c6174653d312c756e695f786c6174653d302c6e6f6e756d7461696c3d302c73686f72746e616d653d6c6f7765722c757466383d302c73686f72746e616d653d6c6f7765722c726f6469722c636865636b3d7374726963742c696f636861727365743d63703835372c73686f72746e616d653d77696e39352c726f6469722c636f6465706167653d3737352c73686f72746e616d653d6d697865642c73686f72746e616d653d6d697865642c74696d655f6f66667365743d3078666666666666666666666666666539642c646d61736b3d30303030303030303030303030303030303030303030322c756e695f786c6174653d302c696f636861727365743d6d616363656c7469632c756e695f786c6174653d312c726f6469722c73686f72746e616d653d77696e39352c726f6469722c6e6e6f6e756d7461696c3d312c757466383d312c73686f72746e616d653d77696e39352c757466383d302c646566636f6e746578743d756e636f6e66696e65645f752c004524d950df541bbcd4ef42b2c4c63419accfa4ea465e739a4837d13c04574e6c49c3e657e9c6f96cded6017db7c14015f543fe5ac9ca1d73df69a2538f00044d19b6ffe2e2599eb8ad3151ae33375c6d99413a"], 0x6, 0x2d1, &(0x7f0000000740)="$eJzs3T9rJGUcB/DfbGb/qMVuYSWCA1pYHZdrbTbIHYipPLY4LTR4dyDZRUgg4h9cU4mdjaWvQBB8ITZ2loKtYGeEwMjMzmR3k3GzkWxE8/kUyZOZ5zvP73lmkkyTJ++9ONl/nMXT489+iV4vidawG3GSxCBaUfsilgy/DgDgv+wkz+P3fKbh9M9frcj2NlgXALA5l/z+r6Tlx0dFjx9urjYAYDMePnr7zZ3d3ftvZVkvHky+PBolEVF8np3feRofxDiexN3ox2lE+aLQjvJtoWg+yPN8mmaFQbwymR6NiuTk3R+r6+/8FlHmt6Mfg/LQ2dtGmX9j9/52NrOQnxZ1PFuNPyzy96Ifz5+Fl/L3GvIx6sSrLy/Ufyf68dP78WGM43FZxDz/+XaWvZ5/88en7xTlFflkejTqlv3m8q168OkN3yMAAAAAAAAAAAAAAAAAAAAAAP5/7lR753Sj3L+nOFTtv7N1WnzRjqw2WN6fZ5ZP6gvN9weKVp7n0zy+rffXuZtlWV51nOfTeCGtNhYEAAAAAAAAAAAAAAAAAACAW+7w40/298bjJwfX0qh3A0gj4s+HEf/0OsOFIy/F6s7dasy98bhVNZf7pItHYqvuk0SsLKOYxDUty2WNZy7UXDW++74xVczoMI2mU73LB203j3XFxkft2To29qmfrv29pHkNu2fF94obF+dvXCeaR2/HuSOdv6uwfhTXm06n8VT/ysvSea5sTFf0iWTV98Vrv87KXpjFUp9OuaqN8XbVWIifezbWep6jN4tf/FmR2K0DAAAAAAAAAAAAAAAAAAA2av7Xvw0nj1dGW3l3Y2UBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwI2a////dRrpcniNVCcODv+tuQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB7/BUAAP//vaZV2Q==") write$binfmt_script(r2, &(0x7f00000008c0), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) 4.080913575s ago: executing program 1 (id=19): bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x50) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002880)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000000100)={0x2020, 0x0, 0x0}, 0xffffffd8) write$FUSE_INIT(r0, &(0x7f0000002200)={0x50, 0x0, r1, {0x7, 0x27, 0x0, 0x14a4014, 0x0, 0x9}}, 0x50) read$FUSE(r0, &(0x7f0000004940)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000002140)={0x10, 0xffffffffffffffda, r2}, 0x10) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000040), 0x55af) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r4, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r3, 0x40806685, &(0x7f0000000a80)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x100000, 0x0, 0x0}) 4.05929059s ago: executing program 0 (id=20): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x197dd000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000240)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) signalfd4(r2, &(0x7f0000000040)={[0xcee2]}, 0x8, 0x180800) connect$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 3.903037681s ago: executing program 4 (id=21): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000180)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x989, 0x0, 0x10}, 0x9c) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x401, 0x8001, 0x400}, 0xa5, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) r4 = socket$inet6_dccp(0xa, 0x6, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000940)=@newqdisc={0x58, 0x24, 0xd0f, 0x0, 0x2, {0x60, 0x0, 0x0, r5, {}, {0xfff2, 0xa}, {0xffe0, 0x8}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0xc, 0x8c4, 0xf, 0x7, 0x5, 0x8}, [@TCA_NETEM_JITTER64={0xc, 0xb, 0xffffffff7fffffff}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000055}, 0x4000) sendmmsg$inet6(r0, &(0x7f0000003f00)=[{{0x0, 0xf, &(0x7f0000000300)=[{&(0x7f0000000140)="a2", 0x1a058}], 0x1}}], 0x1, 0x0) 3.526999591s ago: executing program 1 (id=22): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r4}, [@IFA_LOCAL={0x14, 0x2, @mcast1={0xff, 0x2}}, @IFA_FLAGS={0x8, 0x8, 0x41a}]}, 0x34}}, 0x0) r5 = socket(0x10, 0x803, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295a5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r7}, [@IFA_LOCAL={0x14, 0x2, @mcast1={0xff, 0x2}}, @IFA_RT_PRIORITY={0x8, 0x9, 0x16}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 3.51881878s ago: executing program 3 (id=23): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000400)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x4010586e, 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) writev(r3, &(0x7f00000002c0)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9cc3f4ff7f4e32f61bcdf1e422000000000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c611000000000000feff2c707f8f00ff", 0x58}], 0x1) 2.554541511s ago: executing program 0 (id=24): socket$netlink(0x10, 0x3, 0x0) r0 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f0000000080)=0xfffffffffbfffffe) connect$vsock_stream(r0, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 1.377165413s ago: executing program 3 (id=25): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, &(0x7f0000003580)={0x2, 0x0, @dev}, 0x10) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) userfaultfd(0x801) r3 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0xffffffff, 0xffdffffe}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}}, 0x0) 1.312847754s ago: executing program 4 (id=26): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000200)={'wlan0\x00', &(0x7f0000000100)=@ethtool_rxnfc={0x29, 0x2, 0x2, {0xa, @sctp_ip6_spec={@empty, @mcast1, 0x4e21, 0x4e23, 0x81}, {0x0, @random="b67ea5755e09", 0x8, 0x1c, [0xfffff9cc]}, @tcp_ip6_spec={@mcast1, @private0, 0x4e24, 0x4e21, 0x3}, {0x0, @link_local, 0x1, 0x9, [0x4, 0x4]}, 0x8, 0x127}}}) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000200)={[{@grpquota}, {@nolazytime}, {}]}, 0x1, 0x507, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvndhx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSG0EmKPIHVD4kZR7DiKnaUJPaRnrkhU4gRH/gDOPXHnguDGpRyQ+BGBGiQORjMep05qU6tN4ij+fKTRvDdvPN/36s57nefaL4CxdT0iDiKiGBGfRsRcdjyXbfFRZ0vOe3J4f/Xo8P5qLtrtT/6RS8uTY9HzmsS17JqliPjBdyJ+nHs2bnNvf3OlVqvuZPmFVn17obm3f2ujvrJeXa9uVSrLS8uLH9x+v3JmbX2rXsxSX378+4Nv/DSp1mx2pLcdZ6nT9MJxnMRkRHzvPIKNwETWnuKoK8ILyUfE6xHxdnr/z8VE+m4CAFdZuz0X7bnePABw1eXTObBcvpzNBcxGPl8ud+bw3oiZfK3RbN2829jdWuvMlc1HIX93o1ZdzOYK56OQS/JLafppvnIqfzsiXouIn09Np/nyaqO2Nsp/+ADAGLt2avz/91Rn/AcArrjSqCsAAFw44z8AjB/jPwCMH+M/AIyfzvg/PepqAAAXyPM/AIwf4z8AjJXvf/xxsrWPst+/Xvtsb3ez8dmttWpzs1zfXS2vNna2y+uNxnr6mz31512v1mhsL70Xu/fmv7ndbC009/bv1Bu7W6076e9636kW0rMOLqBlAMAgr7316E+5ZET+cDrdomcth8JIawact/yoKwCMzMSoKwCMjNW+YHy9xDO+6QG4Ivos0XtCqd8XhNrtdvv8qgScsxtfMP8P46pn/t//AoYxY/4fxpf5fxhf7XZu2DX/Y9gTAYDLzRw/MODz/9ez/W+yDwd+tHb6jIfnWSsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC43Lrr/5aztcBnI58vlyNeiYj5KOTubtSqixHxakT8caowleSXRlxnAOBl5f+ay9b/ujH37uyJojevHSeLEfGTX37yi3srrdbOHyKKuX9OdY+3HmbHKxdfewDg+HF+oO44ne57HuSfHN5f7W7nXMcT/vbtiCh14h8dFuPoOP5kTKb7UhQiYuZfuSzfkRumsUM4eBARn+/X/lzMpnMgnZVPT8dPYr9yofHzJ+Ln07LOPvmz+NwZ1AXGzaOk//mo3/2Xj+vpvv/9X0p7qJeX9X/JpVaP0j7wafxu/zcxoP+7/ryLd1/w3u++20lMPxv/QcQXJyO6sY96+p9u/NyA+O8O2cY/f+nNtweVtX8VcSP6x++NtdCqby809/ZvbdRX1qvr1a1KZXlpefGD2+9XFtI56oXBo8HfP7z56qCypP0zA+KXTre/eLL9Xx2y/b/+76c//Mr/if/1d/rFz8cbp+P3vC4ZE782ZPyVmd+WBpUl8dcGtP957//NIeM//sv+M8uGAwCj09zb31yp1ao7EhKXP5H8lb0E1eib+NZFxSpG/6KfvdO5p08VtdsvFGtQj3EWs27AZXB800fEf0ZdGQAAAAAAAAAAAAAAoK+L+MbSqNsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA1fW/AAAA//9rU85D") syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0xa08006, &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0xfe, 0x687, &(0x7f0000000fc0)="$eJzs3c1vHGcdB/DvrNeOHaTUfUlaUCWsRioIi8QvcsFcGjggHypUhUOFxMVKnMbKxq1sF7kVAvN+5dA/oBx8QOICEvdIReKAgFvFzeKAKiFx6cm3oJmdtdfxS9Ybv8Tw+Viz+8w8r/PbmWd3dmVNgP9bc+NpPkiRufE31sr1zY3p1ubG9IU6u5WkTDeSZvspxVJSfJzcSHvJ58uNdfnioH4+XJy9+clnm5+215r1UpVvHFavN+v1krEkA/XzXoN9tXfrwPYON7+dKrb3sAzY1U7g4Kw93GP9KNWf8LwFngZF+31zj9HkYpLh+nNA6tmhcbqjO35HmuUAAADgnHpmK1tZy6WzHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJ/X9/4t6aXTSYyk69/8fqrelTt9snPGYn8SDsx4AAAAAAAAAAByDL25lK2u5lPrH/YftX/ZfqR5fqB4/l/eykoUs51rWMp/VrGY5k0lGuxoaWptfXV2e7KHm1L41p/ob/+/7qwYAAAAAAAAA/2t+mrn27/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC0KJKB9lO1vNBJj6bRTDKcZKgst578vZM+J4r9Nj44/XEAAADAExnuo84zW9nKWi511h8W1TX/lep6eTjvZSmrWcxqWlnI7foaurzqb2xuTLc2N6bvb25MVx1//2Fbu51v/udIw6haTPu7h/17fqkqMZI7Way2XMutajC306hqll6qx7O97O7kJ+WYRl6v9Tiy2/Vz2dmvD/oW4Tg0jlphtKo0uB2RiXpsZUPPHh6Jx746zUN7mkxj+5ufFw7pqbNLxRFjfrFTL8kvH4n56//67fd6bOYEbEeikSoSU11H35XDY5586Y+/e+tua+ne3Tsr4yd2GJ2WR4+J6a5IvHiuI9E8YvmJKhKXt9fn8u18N+MZy5tZzmJ+kPmsZiH1zJj5+nguH0e7opTsidSNXWtvPm4kQ/Xr0p5FexnTWC5Uqfm8UtW9lMUUeSe3s5DXqr+pTOZrmclMZrte4csHvsLVvlUzbeNoZ/3VL2fnVP9VOVP3Vi/5c68Fj679llrG9dmuuHbPuaNVXveWnSg918P70RHnxuYX6kTZx8/6eds4MY9GYrIrEs8fHonfVOfGSmvp3vLd+XcPaH/9kfVXB3fSv+jrnfmkpp7yeHkuw/VMsvvoKPOe355ldsdrqP7FpZ3X2JN3ucoris6Z+p19ztQy4rNV6Sv7tjRV5b24N2+gHvk//tmVt+vzVt756wkFDIDjdfErF4dG/j3yt5GPRn4+cnfkjeFvXfj6hZeHMvinwW80JwZebbxc/CEf5Uc71/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/Vt7/4N58q7WwvH+icXDW8SaK+rY8B5VpZiSnMIzTTBTJ+rG3nLPfrx4SnZsIPmk7b914KnbnXCcGktRbfpzsHD/1S9TPzUWBc+H66v13r6+8/8FXF+/Pv73w9sLS4MzM7MTszGvT1+8sthYm2o9nPUrgJOx8HuixwuAJDwgAAAAAAAAAAAB4rP3+MeAvx/yfBl3djZ3hrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1Nx4moMpMjlxbaJc39yYbpVLJ71Tspmk0UiKHybFx8mNtJeMdjVXHNTPh4uzNz/5bPPTnbaanfKNw+r1Zr1eMpZkoH7eY6i/9m4d1F7Piu09LAN2tRM4OGv/DQAA//+iHAcm") setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) lsetxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='system.posix_acl_access\x00', &(0x7f0000000380), 0x24, 0x0) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0) removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@random={'osx.', '/[\x00'}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x275a, 0x0) quotactl_fd$Q_GETINFO(r1, 0xffffffff80000500, 0x0, &(0x7f0000004a40)) 1.172420207s ago: executing program 0 (id=27): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) r1 = syz_open_pts(r0, 0x0) r2 = dup(r1) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x3) dup3(r0, r2, 0x0) r3 = dup3(r1, r0, 0x0) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x13) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000840), 0x1a01, 0x0) ioctl$EVIOCGPROP(r4, 0x40047438, &(0x7f0000000180)=""/246) pwritev(r4, &(0x7f0000000080)=[{&(0x7f00000010c0)="aabf", 0x2}, {&(0x7f0000000400)="3d9c", 0x2}, {&(0x7f00000004c0)="40aa5967", 0x4}], 0x3, 0x0, 0x0) 1.12147548s ago: executing program 1 (id=28): syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000002ac0)=ANY=[], 0x2, 0x1e7, &(0x7f00000001c0)="$eJzsmb+LE0EUx78zu9mchwg2FjYWHniit9ndqFxzRQRLQYiilsGsIbpJJFkhCQgGGxtLC8HWxtLCwsrCv8BWCxUEC1PaCSMzO7s7JpsQf2BE3wdu7jszb+fNe7DfYgOCIP5bPrz/8u7B2d2LJwHsxxbKev2TlcdwI/7to9snHu6de/zszZNX3QN3XsyexwAIsXp+B8DLmoUYzE5Wvn96y7iC1rgEjuNaXwaDm8ivQpFMQjBc1TE3DN3bp0UUutd6UfN6Owo9OfhyCORQNfPLS00nDE0AG+p2QjBjfzAa32xEUdifFSWR5pnb+lGxrH/qfjWOPaTdE0I268r9exM5172BB571zweHr3UVDHWtd1GG67p5S4z6D9v5+dYq9a9XPFXi4M6fSpq+I39D7f+wKP2Wc9jsinyhs5VD09QDzZiPa6/954UyLgBzW683o+j8L5zsFDQqE7k/SWc/ZviTDTvzj0rcuVUZjMY77U6jFbbCbhBUz3inPO90UFFGlIxL/G9D+dOmcX5pQazDHAwbcdz3h0Dc97N5kIyG49af9z6rZ7jyP47to2qqPFWVXS7OwfQfV/+l2raKI+8urIkgCIIgCIIgCIIgCIIgCKKYI2BIfgkTTH8QLSK4oL5QfgsAAP//g4hmcg==") prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x4d0, 0x0, 0x11, 0x148, 0x340, 0x0, 0x438, 0x2a8, 0x2a8, 0x438, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {0x2000000000000000}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0xffffff00, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xc8, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@connmark={{0x30}, {0x1, 0x7, 0x1}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x530) prctl$PR_GET_SPECULATION_CTRL(0x21, 0x2, 0x6) connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) connect$inet6(0xffffffffffffffff, 0x0, 0x0) 826.657758ms ago: executing program 0 (id=29): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x3}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x13}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x80}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='batadv_slave_0\x00', 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @broadcast}, 0x10) setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000140), 0x4) 232.636058ms ago: executing program 0 (id=30): syz_open_dev$usbmon(0x0, 0x7, 0x0) r0 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) openat(0xffffffffffffff9c, 0x0, 0x441, 0x104) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0_to_team\x00'}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$SYNC_IOC_MERGE(r0, 0xc0303e03, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000400000000000000082038851000000600000018000000", @ANYRES32, @ANYBLOB="00000000010300006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x1e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 232.324846ms ago: executing program 3 (id=31): write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103042, 0x0) pwritev(r2, &(0x7f0000000000)=[{&(0x7f0000000200)='s', 0x1}], 0x1, 0xb9c4, 0x0) openat(r1, &(0x7f00000001c0)='./file1\x00', 0x5, 0x0) 0s ago: executing program 4 (id=32): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000203010400000000ffffffff000000000800010001"], 0x28}}, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r2 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000640)=ANY=[@ANYRESOCT=r1], 0x28) openat$cgroup_procs(r2, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_FT_IES(r2, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x980000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r3, 0x10, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000800}, 0x800) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x2, 0x3, 0x201, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) syz_usb_connect$uac1(0x0, 0x99, &(0x7f0000000300)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x87, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@extension_unit={0x7}, @selector_unit={0x6, 0x24, 0x5, 0x0, 0x0, "91"}, @selector_unit={0x6, 0x24, 0x5, 0x0, 0x0, '\b'}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x0, 0x4, 0x0, 0x0, "2a5232500ee6"}, @as_header={0x7, 0x24, 0x1, 0x0, 0x0, 0x1}]}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.39' (ED25519) to the list of known hosts. [ 89.229125][ T5818] cgroup: Unknown subsys name 'net' [ 89.381955][ T5818] cgroup: Unknown subsys name 'cpuset' [ 89.391729][ T5818] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 91.280916][ T5818] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 96.041018][ T5832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 96.054193][ T5835] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 96.064153][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 96.074558][ T5848] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 96.075250][ T5835] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 96.082399][ T5848] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 96.097643][ T5835] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 96.097815][ T5848] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 96.107464][ T5835] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 96.119552][ T5835] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 96.128616][ T5835] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 96.128761][ T5848] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 96.136616][ T5835] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 96.150315][ T5835] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 96.158938][ T5848] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 96.159537][ T5835] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 96.167786][ T5848] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 96.175956][ T5835] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 96.187753][ T5835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 96.198436][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 96.245783][ T5849] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 96.268445][ T5850] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 96.276949][ T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 96.284880][ T5849] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 96.316293][ T5848] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 96.324917][ T5849] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 96.332698][ T5848] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 96.340051][ T5849] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 96.351098][ T5849] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 96.364830][ T5849] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 97.055228][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 97.196772][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 97.254489][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 97.339562][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 97.411630][ T9] cfg80211: failed to load regulatory.db [ 97.498662][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 97.609830][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.617061][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.625957][ T5842] bridge_slave_0: entered allmulticast mode [ 97.634259][ T5842] bridge_slave_0: entered promiscuous mode [ 97.696931][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.708373][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.715927][ T5842] bridge_slave_1: entered allmulticast mode [ 97.725212][ T5842] bridge_slave_1: entered promiscuous mode [ 97.764543][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.771919][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.779880][ T5833] bridge_slave_0: entered allmulticast mode [ 97.787289][ T5833] bridge_slave_0: entered promiscuous mode [ 97.795896][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.803687][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.811319][ T5833] bridge_slave_1: entered allmulticast mode [ 97.819226][ T5833] bridge_slave_1: entered promiscuous mode [ 97.925286][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.934676][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.947361][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.954585][ T5830] bridge_slave_0: entered allmulticast mode [ 97.963531][ T5830] bridge_slave_0: entered promiscuous mode [ 97.995664][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.004183][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.011961][ T5840] bridge_slave_0: entered allmulticast mode [ 98.021115][ T5840] bridge_slave_0: entered promiscuous mode [ 98.033016][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.059409][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.066624][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.074566][ T5830] bridge_slave_1: entered allmulticast mode [ 98.083061][ T5830] bridge_slave_1: entered promiscuous mode [ 98.093636][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.113154][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.120444][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.128075][ T5840] bridge_slave_1: entered allmulticast mode [ 98.135417][ T5840] bridge_slave_1: entered promiscuous mode [ 98.212647][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.279191][ T5833] team0: Port device team_slave_0 added [ 98.288311][ T5839] Bluetooth: hci2: command tx timeout [ 98.296522][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.342656][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.357467][ T5833] team0: Port device team_slave_1 added [ 98.366141][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.376488][ T5839] Bluetooth: hci0: command tx timeout [ 98.377814][ T5849] Bluetooth: hci4: command tx timeout [ 98.382471][ T5839] Bluetooth: hci1: command tx timeout [ 98.412378][ T5842] team0: Port device team_slave_0 added [ 98.418662][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.425900][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.434378][ T5828] bridge_slave_0: entered allmulticast mode [ 98.441737][ T5828] bridge_slave_0: entered promiscuous mode [ 98.448370][ T5839] Bluetooth: hci3: command tx timeout [ 98.456513][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.502717][ T5842] team0: Port device team_slave_1 added [ 98.526490][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.533919][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.542869][ T5828] bridge_slave_1: entered allmulticast mode [ 98.550622][ T5828] bridge_slave_1: entered promiscuous mode [ 98.612518][ T5830] team0: Port device team_slave_0 added [ 98.623914][ T5830] team0: Port device team_slave_1 added [ 98.680532][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.691561][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.719052][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.745489][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.752790][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.779143][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.795430][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.809579][ T5840] team0: Port device team_slave_0 added [ 98.816580][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.823957][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.850192][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.878216][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.885219][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.911523][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.936120][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.963837][ T5840] team0: Port device team_slave_1 added [ 99.012209][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.019309][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.045395][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.061243][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.068839][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.095941][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.142966][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.150129][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.176337][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.189666][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.196659][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.222741][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.265331][ T5828] team0: Port device team_slave_0 added [ 99.275331][ T5828] team0: Port device team_slave_1 added [ 99.375490][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.382601][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.409310][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.446494][ T5842] hsr_slave_0: entered promiscuous mode [ 99.453255][ T5842] hsr_slave_1: entered promiscuous mode [ 99.478317][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.485307][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.511527][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.547515][ T5830] hsr_slave_0: entered promiscuous mode [ 99.554083][ T5830] hsr_slave_1: entered promiscuous mode [ 99.560707][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.568883][ T5830] Cannot create hsr debugfs directory [ 99.583676][ T5833] hsr_slave_0: entered promiscuous mode [ 99.590800][ T5833] hsr_slave_1: entered promiscuous mode [ 99.597006][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.604848][ T5833] Cannot create hsr debugfs directory [ 99.666712][ T5840] hsr_slave_0: entered promiscuous mode [ 99.674155][ T5840] hsr_slave_1: entered promiscuous mode [ 99.681059][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.689811][ T5840] Cannot create hsr debugfs directory [ 99.888446][ T5828] hsr_slave_0: entered promiscuous mode [ 99.895070][ T5828] hsr_slave_1: entered promiscuous mode [ 99.902207][ T5828] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.909978][ T5828] Cannot create hsr debugfs directory [ 100.377254][ T5839] Bluetooth: hci2: command tx timeout [ 100.453578][ T5839] Bluetooth: hci4: command tx timeout [ 100.459165][ T5849] Bluetooth: hci0: command tx timeout [ 100.464622][ T5849] Bluetooth: hci1: command tx timeout [ 100.494496][ T5833] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 100.517982][ T5833] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 100.527352][ T5849] Bluetooth: hci3: command tx timeout [ 100.535744][ T5833] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 100.560190][ T5833] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 100.628070][ T5840] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 100.653723][ T5840] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 100.667305][ T5840] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 100.697947][ T5840] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 100.791813][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 100.809592][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 100.824126][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 100.860847][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 101.002385][ T5842] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 101.017111][ T5842] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 101.036379][ T5842] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 101.071704][ T5842] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 101.192945][ T5828] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 101.205712][ T5828] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 101.221553][ T5828] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 101.234266][ T5828] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 101.265637][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.403690][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.472216][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.479636][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.492617][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.499980][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.550553][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.663277][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.724159][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.731448][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.745769][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.752988][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.771320][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.839008][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.863932][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.916390][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.923739][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.936034][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.943531][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.993026][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.014456][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.066642][ T2909] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.073903][ T2909] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.113688][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.136387][ T2909] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.143611][ T2909] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.183204][ T2909] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.190508][ T2909] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.244044][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.251244][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.340674][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.376763][ T5842] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 102.450726][ T5849] Bluetooth: hci2: command tx timeout [ 102.530528][ T5849] Bluetooth: hci1: command tx timeout [ 102.536013][ T5849] Bluetooth: hci4: command tx timeout [ 102.547311][ T5839] Bluetooth: hci0: command tx timeout [ 102.607988][ T5832] Bluetooth: hci3: command tx timeout [ 102.811577][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.063085][ T5840] veth0_vlan: entered promiscuous mode [ 103.110563][ T5840] veth1_vlan: entered promiscuous mode [ 103.278478][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.292838][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.313062][ T5840] veth0_macvtap: entered promiscuous mode [ 103.372321][ T5840] veth1_macvtap: entered promiscuous mode [ 103.416561][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.464316][ T5833] veth0_vlan: entered promiscuous mode [ 103.508815][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.524076][ T5833] veth1_vlan: entered promiscuous mode [ 103.561815][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.583528][ T5840] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.595371][ T5840] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.604646][ T5840] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.613980][ T5840] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.635910][ T5830] veth0_vlan: entered promiscuous mode [ 103.716691][ T5830] veth1_vlan: entered promiscuous mode [ 103.742125][ T5842] veth0_vlan: entered promiscuous mode [ 103.798557][ T5833] veth0_macvtap: entered promiscuous mode [ 103.864415][ T5828] veth0_vlan: entered promiscuous mode [ 103.874864][ T5833] veth1_macvtap: entered promiscuous mode [ 103.885884][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.909003][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.929353][ T5842] veth1_vlan: entered promiscuous mode [ 103.977003][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.988555][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.000133][ T5830] veth0_macvtap: entered promiscuous mode [ 104.016538][ T5828] veth1_vlan: entered promiscuous mode [ 104.050727][ T5830] veth1_macvtap: entered promiscuous mode [ 104.082117][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.093264][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.106490][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.180458][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 104.192241][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.204623][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.238179][ T5840] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 104.248297][ T5833] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.271431][ T5833] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.280291][ T5833] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.289544][ T5833] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.310109][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.324420][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.336082][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.346780][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.358716][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.367208][ T5842] veth0_macvtap: entered promiscuous mode [ 104.410011][ T5842] veth1_macvtap: entered promiscuous mode [ 104.453298][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 104.473121][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.496110][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 104.507023][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.520877][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.529529][ T5832] Bluetooth: hci2: command tx timeout [ 104.573621][ T5828] veth0_macvtap: entered promiscuous mode [ 104.634615][ T5832] Bluetooth: hci4: command tx timeout [ 104.637602][ T5849] Bluetooth: hci0: command tx timeout [ 104.640882][ T5832] Bluetooth: hci1: command tx timeout [ 104.685499][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.697747][ T5832] Bluetooth: hci3: command tx timeout [ 104.703705][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.714833][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.726054][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.737392][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.748930][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.764343][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.795041][ T5830] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.815315][ T5830] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.824187][ T5830] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.833005][ T5830] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.864451][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 104.886740][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.905604][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 104.921883][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.932144][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 104.947248][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.965254][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.984387][ T5828] veth1_macvtap: entered promiscuous mode [ 105.031366][ T5842] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.052412][ T5842] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.063675][ T5842] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.076437][ T5842] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.155508][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 105.168126][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.179344][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 105.191095][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.201766][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 105.218955][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.231956][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 105.242626][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.255255][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.266083][ T5903] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.296066][ T5903] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.358770][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 105.371111][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.381949][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 105.393057][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.403273][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 105.414366][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.424355][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 105.434945][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.446773][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.490948][ T5828] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.499988][ T5828] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.511105][ T5828] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.519948][ T5828] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.549911][ T5903] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.558132][ T5903] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.641150][ T1322] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.674042][ T1322] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.768483][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.776374][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.872179][ T5903] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.906152][ T5903] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.077918][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 106.087521][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 106.095971][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 106.352753][ T2909] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.511426][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.549699][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.570689][ T2909] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.009799][ T1322] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.017892][ T1322] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.127336][ T0] NOHZ tick-stop error: local softirq work is pending, handler #1c0!!! [ 107.138284][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 107.788248][ T3077] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 107.880073][ T3077] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 107.991799][ T5945] loop0: detected capacity change from 0 to 2048 [ 108.319584][ T5915] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 108.559281][ T5945] loop0: p1 < > p4 < > [ 108.697507][ T5915] usb 4-1: Using ep0 maxpacket: 16 [ 108.745759][ T5915] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 129, changing to 11 [ 108.812351][ T5915] usb 4-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 108.879620][ T5915] usb 4-1: config 0 interface 0 has no altsetting 0 [ 108.908241][ T5915] usb 4-1: New USB device found, idVendor=056a, idProduct=0029, bcdDevice= 0.00 [ 108.973600][ T5915] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.054463][ T5915] usb 4-1: config 0 descriptor?? [ 109.520335][ T5960] loop1: detected capacity change from 0 to 128 [ 109.715403][ T5962] QAT: Invalid ioctl 1075883590 [ 109.723928][ T5962] QAT: Invalid ioctl 1075883590 [ 109.731479][ T5962] QAT: Invalid ioctl 1075883590 [ 109.739240][ T5962] QAT: Invalid ioctl 1075883590 [ 109.746896][ T5962] QAT: Invalid ioctl 1075883590 [ 109.755125][ T5962] QAT: Invalid ioctl 1075883590 [ 109.762209][ T5962] QAT: Invalid ioctl 1075883590 [ 109.769392][ T5962] QAT: Invalid ioctl 1075883590 [ 109.776539][ T5962] QAT: Invalid ioctl 1075883590 [ 109.784929][ T5962] QAT: Invalid ioctl 1075883590 [ 111.765318][ T5915] usbhid 4-1:0.0: can't add hid device: -71 [ 111.852504][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.855890][ T5967] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 111.899050][ T5915] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 112.229452][ T5968] loop2: detected capacity change from 0 to 512 [ 112.348877][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 112.370745][ T5915] usb 4-1: USB disconnect, device number 2 [ 112.705631][ T5968] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.818794][ T5968] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 113.651552][ T5828] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.319297][ T5995] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 116.727833][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 116.828016][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 116.859641][ T6012] loop4: detected capacity change from 0 to 512 [ 116.940476][ T6017] netlink: 8 bytes leftover after parsing attributes in process `syz.3.25'. [ 116.970165][ T6017] netlink: 8 bytes leftover after parsing attributes in process `syz.3.25'. [ 116.983831][ T6012] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 117.056643][ T6020] loop1: detected capacity change from 0 to 16 [ 117.092973][ T6012] ext4 filesystem being mounted at /3/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 117.124358][ T6020] erofs (device loop1): mounted with root inode @ nid 36. [ 117.289123][ T29] audit: type=1326 audit(1738914980.055:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6011 comm="syz.4.26" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3159d8cde9 code=0x7ffc0000 [ 117.336860][ T6024] xt_hashlimit: max too large, truncated to 1048576 [ 117.424637][ T29] audit: type=1326 audit(1738914980.065:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6011 comm="syz.4.26" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3159d8cde9 code=0x7ffc0000 [ 117.552344][ T6024] erofs (device loop1): read error -117 @ 8200 of nid 36 [ 117.574025][ T29] audit: type=1326 audit(1738914980.095:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6011 comm="syz.4.26" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7f3159d8cde9 code=0x7ffc0000 [ 117.622818][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 117.717266][ T29] audit: type=1326 audit(1738914980.105:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6011 comm="syz.4.26" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3159d8cde9 code=0x7ffc0000 [ 117.831703][ T29] audit: type=1326 audit(1738914980.125:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6011 comm="syz.4.26" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3159d8cde9 code=0x7ffc0000 [ 117.864809][ T6027] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#1] PREEMPT SMP KASAN PTI [ 117.877449][ T6027] KASAN: null-ptr-deref in range [0x0000000000000048-0x000000000000004f] [ 117.886178][ T6027] CPU: 1 UID: 0 PID: 6027 Comm: syz.3.31 Not tainted 6.14.0-rc1-next-20250207-syzkaller #0 [ 117.896174][ T6027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 117.906259][ T6027] RIP: 0010:clone_private_mount+0x184/0x3e0 [ 117.912181][ T6027] Code: 89 d8 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 48 83 c3 48 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 4d 89 fc 74 08 48 89 df e8 0b c6 e4 ff 48 8b 1b 31 ff [ 117.931824][ T6027] RSP: 0018:ffffc900044ff958 EFLAGS: 00010206 [ 117.937902][ T6027] RAX: 0000000000000009 RBX: 0000000000000048 RCX: dffffc0000000000 [ 117.945877][ T6027] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff88807cc148d0 [ 117.953855][ T6027] RBP: 0000000000000000 R08: ffffffff8ea81da7 R09: 1ffffffff1d503b4 [ 117.961837][ T6027] R10: dffffc0000000000 R11: fffffbfff1d503b5 R12: ffff88807cc148c0 [ 117.969816][ T6027] R13: ffff88807cc148e0 R14: 1ffff1100506da20 R15: ffff88802836d100 [ 117.977791][ T6027] FS: 00007fd9f5eab6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 117.986784][ T6027] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.993373][ T6027] CR2: 0000200000001000 CR3: 000000004f9b6000 CR4: 00000000003526f0 [ 118.001355][ T6027] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 118.009430][ T6027] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 118.017409][ T6027] Call Trace: [ 118.020688][ T6027] [ 118.023618][ T6027] ? __die_body+0x5f/0xb0 [ 118.027962][ T6027] ? die_addr+0xb0/0xe0 [ 118.032125][ T6027] ? exc_general_protection+0x3dd/0x5d0 [ 118.037699][ T6027] ? asm_exc_general_protection+0x26/0x30 [ 118.043439][ T6027] ? clone_private_mount+0x184/0x3e0 [ 118.048747][ T6027] ? clone_private_mount+0x83/0x3e0 [ 118.053948][ T6027] ? _raw_spin_unlock+0x28/0x50 [ 118.058805][ T6027] ovl_fill_super+0xe4c/0x3560 [ 118.063579][ T6027] ? shrinker_register+0x118/0x230 [ 118.068697][ T6027] ? __pfx_lock_release+0x10/0x10 [ 118.073739][ T6027] ? __pfx_ovl_fill_super+0x10/0x10 [ 118.078951][ T6027] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 118.084772][ T6027] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 118.090779][ T6027] ? sget_fc+0x909/0x9c0 [ 118.095039][ T6027] ? __pfx_set_anon_super_fc+0x10/0x10 [ 118.100514][ T6027] ? __pfx_ovl_fill_super+0x10/0x10 [ 118.105719][ T6027] get_tree_nodev+0xb7/0x140 [ 118.110329][ T6027] vfs_get_tree+0x90/0x2b0 [ 118.114779][ T6027] do_new_mount+0x2be/0xb40 [ 118.119295][ T6027] ? __pfx_do_new_mount+0x10/0x10 [ 118.124331][ T6027] __se_sys_mount+0x2d6/0x3c0 [ 118.129025][ T6027] ? __pfx___se_sys_mount+0x10/0x10 [ 118.134231][ T6027] ? do_syscall_64+0x100/0x230 [ 118.139010][ T6027] ? __x64_sys_mount+0x20/0xc0 [ 118.143780][ T6027] do_syscall_64+0xf3/0x230 [ 118.148297][ T6027] ? clear_bhb_loop+0x35/0x90 [ 118.152990][ T6027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.158893][ T6027] RIP: 0033:0x7fd9f4f8cde9 [ 118.163329][ T6027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.182944][ T6027] RSP: 002b:00007fd9f5eab038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 118.191372][ T6027] RAX: ffffffffffffffda RBX: 00007fd9f51a5fa0 RCX: 00007fd9f4f8cde9 [ 118.199350][ T6027] RDX: 0000200000000000 RSI: 0000200000000080 RDI: 0000000000000000 [ 118.207432][ T6027] RBP: 00007fd9f500e2a0 R08: 0000200000000140 R09: 0000000000000000 [ 118.215499][ T6027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.223474][ T6027] R13: 0000000000000000 R14: 00007fd9f51a5fa0 R15: 00007fff85d8e798 [ 118.231466][ T6027] [ 118.234487][ T6027] Modules linked in: [ 118.242825][ T6027] ---[ end trace 0000000000000000 ]--- [ 118.341663][ T5833] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.591043][ T6027] RIP: 0010:clone_private_mount+0x184/0x3e0 [ 118.780412][ T6027] Code: 89 d8 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 48 83 c3 48 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 4d 89 fc 74 08 48 89 df e8 0b c6 e4 ff 48 8b 1b 31 ff [ 118.814710][ T6027] RSP: 0018:ffffc900044ff958 EFLAGS: 00010206 [ 118.877194][ T6027] RAX: 0000000000000009 RBX: 0000000000000048 RCX: dffffc0000000000 [ 118.893466][ T6027] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff88807cc148d0 [ 118.954585][ T6034] netlink: 12 bytes leftover after parsing attributes in process `syz.4.32'. [ 118.993111][ T6027] RBP: 0000000000000000 R08: ffffffff8ea81da7 R09: 1ffffffff1d503b4 [ 119.048940][ T6027] R10: dffffc0000000000 R11: fffffbfff1d503b5 R12: ffff88807cc148c0 [ 119.094172][ T6027] R13: ffff88807cc148e0 R14: 1ffff1100506da20 R15: ffff88802836d100 [ 119.102668][ T6027] FS: 00007fd9f5eab6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 119.112738][ T6027] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.133008][ T6027] CR2: 0000001b3040eff8 CR3: 000000004f9b6000 CR4: 00000000003526f0 [ 119.150004][ T6027] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 119.161522][ T6027] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 119.172859][ T6027] Kernel panic - not syncing: Fatal exception [ 119.179280][ T6027] Kernel Offset: disabled [ 119.183606][ T6027] Rebooting in 86400 seconds..