last executing test programs:

2m26.636212151s ago: executing program 1 (id=44):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1f)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
ioctl$KVM_GET_MP_STATE(r1, 0x8004ae98, &(0x7f0000000000))
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f0000000040), &(0x7f0000000080)=0x4)
ioctl$KVM_DIRTY_TLB(r1, 0x4010aeaa, &(0x7f00000000c0)={0xb7, 0x3})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000100)={0x28, 0x0, 0x0, @host}, 0x10)
r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$SMC_PNETID_FLUSH(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x70, r2, 0x437, 0x70bd29, 0x25dfdbfc, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth1\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}]}, 0x70}, 0x1, 0x0, 0x0, 0x8845}, 0x40)
read$fb(r1, &(0x7f00000002c0)=""/70, 0x46)
r3 = socket$kcm(0x29, 0x5, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$kcm(r3, &(0x7f00000004c0)={&(0x7f0000000340)=@pppol2tp={0x18, 0x1, {0x0, r4, {0x2, 0x4e21, @loopback}, 0x1, 0x3, 0x1, 0x1}}, 0x80, &(0x7f00000003c0), 0x0, &(0x7f0000000400)=[{0xc0, 0x117, 0x3f8e, "bfb66315287f8ec2579f8f83e80e34bb314cac511b5f848ffd27de92f524a6b7bb7012698de5713f4410d827850b7c1d9e3e32babc0bfa56998a77fcb35d51c6b32db6496689f662251dde13e99ff38bea7ece83b2ddc51f034b3f809ddc7852ad8099b98921451bd4d136b085ab01799e7dc268ef7650b869834efd9e68f652bb76cce995e54917ffe667791ed6b2e208721bca54f40995b32b38eb502afcf56272ab943337ac930bb5"}], 0xc0}, 0x4008814)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000540), r4)
sendmsg$TIPC_CMD_GET_NODES(r4, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, r5, 0x100, 0x70bd2b, 0x25dfdbff, {}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x480c5)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), r4)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000006c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_START_P2P_DEVICE(r4, &(0x7f0000000780)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x28, r7, 0x800, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x1, 0x2a}}}}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x41}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x3)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x100, 0xfffffffffffff0f0, &(0x7f00000007c0)=0x1)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TLS_RX(r9, 0x6, 0x2, &(0x7f0000000800)=@gcm_128={{0x303}, "67eb35fa2585aef4", "7bc4bada3bb508ae97bf23fc3f85ae31", "d8411a5e", "2dea5f79de8b9d65"}, 0x28)
r10 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000840), 0x100)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r10, 0xc02054a5, &(0x7f0000000880)={0x7fffffffffffffff, <r11=>r9, 'id1\x00'})
r12 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000900), 0x44a400, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r12, 0x6, 0x13, &(0x7f0000000940)=0xffffffffffffffff, 0x4)
getsockopt$inet_sctp6_SCTP_INITMSG(r12, 0x84, 0x2, &(0x7f0000000980), &(0x7f00000009c0)=0x8)
ioctl$DRM_IOCTL_GET_SAREA_CTX(r12, 0xc010641d, &(0x7f0000000a40)={0x0, &(0x7f0000000a00)=""/40})
r13 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000ac0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DEST(r11, &(0x7f0000000bc0)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b00)={0x7c, r13, 0x8, 0x70bd27, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}, @IPVS_CMD_ATTR_DAEMON={0x44, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @local}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x7, 0x0}}]}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}]}, 0x7c}, 0x1, 0x0, 0x0, 0x1}, 0x4044040)

2m25.353401923s ago: executing program 1 (id=49):
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) (async)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0xa, 0x0, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20004000)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000540), 0xffffffffffffffff) (async)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000140)={'wpan0\x00', <r2=>0x0}) (async)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="78010000170001000000000000000000fc0000000000000000000000000000000000000000000000fe8000000000000000000000000000bbac1414bb000000000000000000000000fc00"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc020000000000000000000000000000ffffffff00000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000440005007f000001000000000000000000000000000000003c00000000000000fc02000000000000000000000000000000000000000000000000000000000000000000000c00080008"], 0x178}}, 0x0) (async)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010025bd7000fbdbdf251e00000008000300", @ANYRES32=r2, @ANYBLOB="50002f800c0002000203aaaaaaaaaaaa0c000380080001000200000034000380080001"], 0x6c}, 0x1, 0x0, 0x0, 0x20000041}, 0x0)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f0000000680)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000080], 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000fafffeffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000"]}, 0x108)

2m25.096014724s ago: executing program 1 (id=50):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x1, @multicast, 'ip6gre0\x00'}}, 0x1e)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0) (async)
r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
r7 = eventfd2(0x8001, 0x1) (async)
r8 = eventfd(0x5)
ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000100)={0x1, 0x0, 0x4, r8}) (async)
ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000000)={0x25a, 0x0, 0x0, r7, 0x5}) (async)
mount$overlay(0x0, &(0x7f0000000280)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f00000001c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) (async)
creat(&(0x7f0000000440)='./file0/file0\x00', 0x188) (async)
lsetxattr$security_capability(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000100), &(0x7f0000000600)=@v3={0x3000000, [{0x4, 0x3}, {0xffff, 0xc4}]}, 0x18, 0x0) (async)
lsetxattr$security_ima(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000080), &(0x7f0000000480)=ANY=[], 0xc, 0x1)
chdir(&(0x7f0000000140)='./bus\x00') (async)
creat(&(0x7f0000000140)='./file0\x00', 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000002c0000000b0a01012300000000000000070000000900010073797a30000000000c0010400000010000000001140000001000010000000000000000000084000a"], 0x74}}, 0x0) (async)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x48, 0x1, 0x4, 0x801, 0x0, 0x0, {0x3, 0x0, 0x6}, [@NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x9}, @NFULA_CFG_CMD={0x5, 0x1, 0x2}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x2}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x3}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x6}, @NFULA_CFG_MODE={0xa, 0x2, {0x7, 0x2}}]}, 0x48}}, 0x4008885)

2m24.528587171s ago: executing program 1 (id=52):
socket$l2tp(0x2, 0x2, 0x73)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000400008500000001000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20181, 0x0)
r1 = semget$private(0x0, 0x6, 0x400)
semtimedop(r1, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0)
semop(r1, &(0x7f0000000140)=[{0x0, 0xffff, 0x1000}], 0x1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x2}, 0x0)
semctl$GETZCNT(r1, 0x4, 0xf, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f00000000c0)={0x2, &(0x7f0000000040)=[{0x40}, {0x6, 0x1}]}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0x5, &(0x7f0000000180)=ANY=[@ANYRES64=r4], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x73}, 0x94)
r5 = socket(0x25, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{0x0}], 0x1)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x388, 0x0, 0x0, 0x0, 0x7}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x3}, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x7, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x7}, 0x0, &(0x7f00000002c0)={0x80000001, 0xfffffffffffffffe, 0x1, 0x9, 0x0, 0x0, 0x7fffffff, 0x6}, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r5, 0x84, 0x17, &(0x7f0000000500)=ANY=[@ANYRES32=0x0, @ANYBLOB="000854000700000062af1ad184809f6c7ade1ac39e671079d14538df928c5fa16b3675903a39ef06d95462a5d5187dc4c785759453a3ca82a0bc3ec714c60d40d70d1612d24b06c92e56ebfe3e9be24b84cef7414bc4d37eed9cd2871d349039ea2b356ecc67521bac6352fcf04d2c2ee6b63c377f4fe6c562724af6d535140394ce75b03d7f42e6bb7d76dd2d6e66b8e6b28176921a435450b5e7385b4bbe01088749583a0c173bbbca6920e24cb7431bfa710919076d3a1ae386ea4d7b2a7b0dc05db022f269023dcb70c2272f6d2f7e3b0cac6e0c4348701b"], 0x5c)
setsockopt$packet_tx_ring(r4, 0x107, 0x5, &(0x7f0000000440)=@req={0x7, 0x4, 0x3, 0x401}, 0x10)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

2m22.828040951s ago: executing program 1 (id=56):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) (async, rerun: 32)
syz_io_uring_setup(0x3a65, &(0x7f0000000400)={0x0, 0x13a2, 0x10100, 0xfffffffc, 0xffffffff}, &(0x7f00000000c0), &(0x7f0000000140)) (rerun: 32)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) (async, rerun: 64)
r0 = socket$inet_udp(0x2, 0x2, 0x0) (rerun: 64)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0xbe, &(0x7f00000006c0)=ANY=[@ANYBLOB="aaaaaaaaaa23aaaaaaaaaabb0800450000b0fffc000000119078000000000000000000004e20009c907801000000000000007b4b143b7461fd777b7fe35e712a0fc1e3fcdb8f080c26a04883ad5c8c82b8af584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424dbcfd56f1375461caaa2f19935e6996c7096ffeeb03000000000000649a3bfbc1f39cb307b3472eb9cdb042d2643fcbb2c5a57df67d544af6e8dafe09b3cf3225b7a05ca1e216761412e61ae8b5b126d63e4fbc67d0d561a6eacd634dd9c914743419383193ba67510719269d0abe79ac8d9189ba42f9d57edb79bca960039a26974a9237c75c672ed0877f50b2c41249521dfcbce5c62e"], 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94) (async)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) (async, rerun: 64)
r2 = socket(0x10, 0x803, 0x0) (rerun: 64)
write(r2, &(0x7f0000000300)="fc0000004a000700ab092500090007000aab80ff020000000000369321000100fc0000000000000000ff000000000000008656aaa79bb94b46fe00000007ec020800008c0100036c6c256f1a272f2e117c22ebc205214000000080008934d07326ade01720e6cd5ed6e4e9bfcd772c74fb32c56ce1f0f156272f5b00000005defd5a32e3082038f4f8b29d3e2a73325c6d167c7594978f7bc711fdf3d92c8334b2ccd243f295ed94e0ad91bd073457d43d3f0000000000000000000000000073bfe35951f2d728a1e09c8dcd13323236b0fbe7c61b1bf53cdec0961355f00ca63ff6c90da1dc9f8f594d033472cb97e3b5f3395aa0a4a82775cf8def", 0xfc)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r3, &(0x7f00000001c0)='O', 0x1, 0x80, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c)
shutdown(r3, 0x1)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, &(0x7f0000000240), &(0x7f0000000140)=0x8) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) (async)
socket$netlink(0x10, 0x3, 0x0)
recvmmsg(r0, &(0x7f0000007e80)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x0, 0x0) (async)
r4 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e20, 0x2b, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c) (async)
sendmmsg$inet6(r4, &(0x7f0000004600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4001c00)

2m22.229420992s ago: executing program 1 (id=60):
r0 = socket(0x40000000015, 0x5, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r1, 0x0, 0x8}, 0x18)
futex(0x0, 0x7, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000440), 0x2)
r3 = memfd_create(&(0x7f00000009c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x3)
ftruncate(r3, 0xffff)
fcntl$addseals(r3, 0x409, 0x7)
ioctl$UDMABUF_CREATE_LIST(r2, 0x40087543, &(0x7f0000000500)=ANY=[@ANYBLOB="000100000b000000", @ANYRES32=r3, @ANYBLOB="0000000000000000000000000080"])
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x7d, 0x1, 0x0, 0x1, @tproxy={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_TPROXY_FAMILY={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_TPROXY_REG_ADDR={0x8, 0x2, 0x1, 0x0, 0xb}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x7c}, 0x1, 0x0, 0x0, 0x1}, 0x4000000)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000140)=ANY=[@ANYBLOB="6400000015000100000000000000000000000000000000000c23e67a2316e6db6633d9cb580000000000000001fc00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000010000000000008001f00010000000a0010000000000000000000"], 0x64}}, 0x0)
recvmmsg(r4, &(0x7f0000001d00)=[{{&(0x7f0000000580)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, 0x80, 0x0}, 0x7ff}, {{0x0, 0x0, &(0x7f0000001cc0)=[{&(0x7f0000001b40)=""/17, 0x11}, {&(0x7f0000001b80)=""/51, 0x33}], 0x2}, 0x10001}], 0x2, 0x40000040, 0x0)
sched_rr_get_interval(0x0, &(0x7f0000000140))
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x77cb}, 0x10}, 0x94)

2m7.055571058s ago: executing program 32 (id=60):
r0 = socket(0x40000000015, 0x5, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r1, 0x0, 0x8}, 0x18)
futex(0x0, 0x7, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000440), 0x2)
r3 = memfd_create(&(0x7f00000009c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x3)
ftruncate(r3, 0xffff)
fcntl$addseals(r3, 0x409, 0x7)
ioctl$UDMABUF_CREATE_LIST(r2, 0x40087543, &(0x7f0000000500)=ANY=[@ANYBLOB="000100000b000000", @ANYRES32=r3, @ANYBLOB="0000000000000000000000000080"])
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x7d, 0x1, 0x0, 0x1, @tproxy={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_TPROXY_FAMILY={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_TPROXY_REG_ADDR={0x8, 0x2, 0x1, 0x0, 0xb}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x7c}, 0x1, 0x0, 0x0, 0x1}, 0x4000000)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000140)=ANY=[@ANYBLOB="6400000015000100000000000000000000000000000000000c23e67a2316e6db6633d9cb580000000000000001fc00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000010000000000008001f00010000000a0010000000000000000000"], 0x64}}, 0x0)
recvmmsg(r4, &(0x7f0000001d00)=[{{&(0x7f0000000580)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, 0x80, 0x0}, 0x7ff}, {{0x0, 0x0, &(0x7f0000001cc0)=[{&(0x7f0000001b40)=""/17, 0x11}, {&(0x7f0000001b80)=""/51, 0x33}], 0x2}, 0x10001}], 0x2, 0x40000040, 0x0)
sched_rr_get_interval(0x0, &(0x7f0000000140))
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x77cb}, 0x10}, 0x94)

1m54.684234612s ago: executing program 4 (id=103):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
syz_usbip_server_init(0xaa7f3cec63cbb9d)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000340)={<r1=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000180)={r1, 0x0, 0x7f})
r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(0xffffffffffffffff, &(0x7f0000000a00)={0x0, {'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000280)=""/3, 0x3, 0x3, 0x4, 0x0, 0x0, 0xc88}}, 0x120)
readv(r2, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}, {0x0, 0x4}], 0x2)
write$UHID_DESTROY(r2, &(0x7f0000000200), 0x4)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000540)={<r3=>0x0})
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x2, 0x84)
socket$inet_sctp(0x2, 0x5, 0x84)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r4, 0xfffffffc)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r7, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r8, &(0x7f0000000400)={0x0, 0x1802, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r9, 0x1, 0x70bd2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x1c}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}, 0x1, 0xff07}, 0x2000000)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000080)={r3, 0x3, r0})
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ff9}]})
close_range(r10, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94)

1m54.683341613s ago: executing program 0 (id=104):
r0 = socket$inet(0x10, 0x3, 0x0)
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
write$binfmt_elf32(r1, &(0x7f0000000980)={{0x7f, 0x45, 0x4c, 0x46, 0x91, 0x3, 0xc1, 0x2, 0x7fffffffffffffff, 0x3, 0x3e, 0x5, 0x248, 0x38, 0x8c, 0x9, 0x1, 0x20, 0x1, 0x8, 0x6c, 0x1000}, [{0x2, 0xf0e6, 0x4, 0x0, 0x6, 0x0, 0x8, 0x217}]}, 0x58)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', <r4=>0x0})
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="160000000000000004000000ffff0000000000", @ANYBLOB="000080000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0xc, 0x4, 0x4, 0x7, 0x0, r5}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r6}, &(0x7f0000000080), &(0x7f00000002c0)=r5}, 0x20)
bpf$BPF_GET_MAP_INFO(0x3, &(0x7f0000000140)={r6, 0x58, &(0x7f00000000c0)}, 0x10)
r7 = socket$netlink(0x10, 0x3, 0x1f)
sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0xa4, 0x24, 0xf0b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x12, r4, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1], 0x1, [0x4, 0x4, 0x2, 0x0, 0x8, 0x2, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x2, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0xfffc]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x7ffffffe}]}}]}, 0xa4}, 0x1, 0x0, 0x0, 0xc850}, 0x0)

1m53.980443964s ago: executing program 0 (id=106):
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) (async)
syz_open_dev$sndpcmc(0x0, 0x0, 0x0) (async)
socket$inet6_sctp(0xa, 0x5, 0x84) (async)
r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0x1a1002, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
syz_open_dev$swradio(&(0x7f0000003900), 0x1, 0x2) (async)
socket$inet6_mptcp(0xa, 0x1, 0x106) (async)
r1 = getpid() (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$FUSE_LK(r0, &(0x7f0000000000)={0x28, 0x0, 0x0, {{0xc000000000000, 0x40, 0x1, r1}}}, 0x28) (async)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) (async)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) (async)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000000c0)='bbr\x00', 0x4) (async)
sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) (async)
recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

1m53.095327042s ago: executing program 4 (id=109):
ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000040)={0x3})
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001708000640ffffff000800034000000038640000000c0a01010000000000000000070000000900020073797a31000000000900010073797a300000000038000380340000800c00054000000000000000080c00084000000000000000030400028004000180"], 0xf8}}, 0x0)

1m52.612845334s ago: executing program 4 (id=111):
socket$inet6_udplite(0xa, 0x2, 0x88) (async)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
mmap(&(0x7f000000d000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
read$alg(r1, &(0x7f0000000e80)=""/4096, 0x1000)
preadv(r1, &(0x7f0000000340)=[{&(0x7f0000000100)=""/100, 0x64}], 0x1, 0x6, 0x10001)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="b400000000000100791094000000000063004800000000029500000000000000f84b023bf954d3d5cf8df1ab8f90da7f48cba700dd1f5e6e69e8fbef46ee3cec88a30647d1ca4ee731cfd4f8fd"], &(0x7f0000003ff6)='GPL\x00', 0x7, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffff70}, 0x48)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x101a02, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x101a02, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xdf) (async)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xdf)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)={@cgroup, 0xffffffffffffffff, 0xb, 0x0, 0x4000}, 0x10)
mount(&(0x7f0000000100)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000300)='romfs\x00', 0x5, 0x0)

1m52.26440084s ago: executing program 4 (id=113):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000017c0), 0x8800, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000280)=<r2=>0x0)
sched_setscheduler(r2, 0x0, &(0x7f00000002c0)=0x400)
sendmsg$NFT_BATCH(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000000a499d0000000000000000020000010900010073797a310000000008000240000000030400060014000000110001"], 0x54}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETTABLE(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000c5d692cdb4e90a3e569bd51201017b1fce0000e000025ac60c0008000000"], 0x14}, 0x1, 0x0, 0x0, 0x400c895}, 0x20000000)
r4 = fcntl$dupfd(r0, 0x0, r0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000048000000030a05020000000000000000010000000900030073797a32000000001400048008000240ff39000008000140000000000900010073797a3000000000080007006e6174"], 0xcc}, 0x1, 0x0, 0x0, 0x4c881}, 0x4040000)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(r3, 0x8983, &(0x7f0000000240))
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
lseek(r6, 0x2000, 0x0)
ioctl$KVM_GET_MSRS_cpu(r4, 0xc008ae88, &(0x7f00000001c0)={0x7, 0x0, [{0x983, 0x0, 0x7f4}, {0xb98, 0x0, 0xffffffff}, {0xb07}, {0xbb3, 0x0, 0xff}, {0x821, 0x0, 0x5a0}, {0x211, 0x0, 0x2}, {0xabf, 0x0, 0x1ff}]})

1m51.016936103s ago: executing program 4 (id=117):
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001180), 0x0, 0x1)
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x1)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000f40)=ANY=[@ANYBLOB="00000000000000000a00000073d02c4bdb"])
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="03c90000cf47d16331aef6ee13ff7f266e13da7be839b35e9ae1a333f2d8fd8e1983903166f4d8f3d5e043b8eb3a4dd0a04b39df97c82009b793cd734558a268aac6cea0ca6aa40899810bc164d8ad6b2ce23bf4b88d9b72991218c6c68e9a992582d217f639c8ad76405b511163edb9ca95e8123830003ab82fc86a517ac2aff77866914ebb9aca4a6e530d80f19ee31eeb1e5b8139b72264f8fceb54ee9980e771c5f11155b69e12e65e6a3699d1b80648dd949081f1a612b7b5950f41554c9b832f7cf9efa4987bd88887917199318d28808204e7638ca5932c066d2a662e600ac0a8f27b86c066f2bceabd1b3af66c12fefa311c5afe0821a14432925187a05476e0a972e85f26a24832c357d70d354ade966e6963234e4956658ac9ece3780485fcb3decb69a029ffbeda1c7b27bb020f4137624286d8a2d22221028b3efd3433e7fd3ba291446947a274a748f45bb347fa49e295cfa305f5dd46b662afde61cfee33ea823d23f46a662146886c6e3c30e660d765f46dcc14914b3e342e44436410fedeb6594f37ac94cd336dea463e0541daadbe70b5b925741db16240afc85f391539569ac14e5dccb9ca5790c33f8a6cdd7abc1cb762972634968ecb9f1dff8b6b6cd6f5f56db31c24ac5b2b1bed2efea1f4e67f686a8abfa41f297a165b9fcb4800230ed07af34727fe6c2cc6daf796cc38e8f03ee4fb786a92fabfbded442086d657dec598edb21ba428d4bb28ac974c38218bcf08ad3b4f6698ae05855769dbe5693eac83a223b76a5f452195795d3d485e5c0a18caf2315c3a21acb4bb661082b1c4fccfff8f0c52c353dedd3b9e575b800cfec557e43527228abf820e16411b45c77e99f308dcc5dcd1c3b8ddb828e6481c1fc6275c3e1ed4a1f0fe6d97db39cb3ad5b08400cc990ed5797e23fcd81ee76eed1caaf2ec709c18b014dfcfac7eb658f1c07a894dca1d8e23ebbc18c7b0acefacd915235a54637d13965681a6a527325d13b4a88a21505860873038bc6ca68e25bed80496e65b53a4817e7dba3cbe31eebb770ab04202486634b7210500238707cd664735c07e539e8ccb09ec82d7fad69c4f31113b4a01089a81d4a1787d69957a2dfcf371f0c357eba5a587f0d09d64588f3fade99726d786085b513e720fd1d889104e1d98bf4fe23d6bd8c408c44fc702880e6c53a733aaafec836a80b9e69d1432225dda63a755bde5103fbba7af46f81b3b0c3457d49e187c7fa53e9410d4ff7dd1c9a954d549b49197f350e8451e850279ba4690a4ff3fa4f91ebfa4dda7d2a60257d70c09ad6520387baf2cd734bf1f993565f7ccf80f29b1414e595de79ec03faf7afbeff3daf0034aeecfe41640366ae3c1d1b9437cb7580b9a94fe71a5ffe7be4f959cc5972e1672c5f5c5d252a63804d1a292aac2582b78ac73ea143095bc1283b210c66ecc5b5b9be4d6649920118d51429328f8a983a89f8f5d6ec383c89f07e91e0726ed40776d72d7499652a84f9d0bb086e9479a6d703907ee17345ed763ae817751515c744d428ac51fb10eba495f9a477809a4c1b447a94a3f6d1a092b109478ca36c3da494552d34f30d74a32958c53ec091e32ca8aaf5c814881d4bb3add2b07f362e9e4ea17b3f8b6e7310fcbea4ea6f2d9f5505b011011b75eb4dbf2455f665027abe2bb73dd37dff9c6aab6e9454bbd7bb887aef12f19f446bcbf257ada0e5144f708ccf350f07b861b813eb4cdab02d74b660d960c737f553f84b2d027da58f02345704583717199f693c913bfc2704cfde1b31270c43f17d51c82b672796fd6e1d09e34659d7e5fd9a1a69dcdde367c074b47beeb88f374740a64d9e9a99f4fabdbfca311174da518f868704e3fe259e6069330b04d2d3804a3428d2e04a483599f5ff47ff8c877601fcae33999575180fb540ff00c55728d0ee8eb6550658c7cbc8be4f87b50a9650a33aa164c6bae4044dfc080cf43a1c80e8a8132f973faefcf2ee23f9c2f3119fa93c0e5875832d4f8b6c2a1c347d480f15ead27ba7fb6e2ba9f2204982023b15b0f9df44ce9bba765c9598810593dd32a520ba72a5bfc375f36f4ea4a55017b1494c392568ef6828c18a1f2cec1442f705687695e42f62734ac2c1b0fed399ccf29b20fccd476afc72217182a73c970029c7679dffaebfc2ab9e8d18f5e757ccde87ac69b2bb0243b2e86d225dd2edad4919977bde1806bd6305eff22f2d63646c3a856a002aaea40d96e4811fe0cf5ad942e087c55551fdccc65835686320aa635ec50872f1c30cd8a732515b4dbfa132f905205f4b2ec64d1b9a9101ee2c3d0a110e40fd40d2c0b19f9a77b43f0b14e283ad1038de31cb21c2857d278933fd4bf106a7a93e16b28d71dfa73fa0695c77c0b1236e4cc7f17837be252d1011edf8ba626315e416b2963e96172b3294ec1f087672b0fc404edb79ca9b8e7a46f69b7a6f8b0488ec6c10f937632cc29bdb6f2c0ca86b978db6ca3cb9aa9b5f253fb5ba52e5b3738468236bd3ed26da1158e14881860f37f586b3b004ff7233a7427ece1c1365bb273aa1ce801c6d61b35a247c38917df23b9f12f7e764dabf9af18885e447a952de7796c3dd27e77325be816eb82ae9026ef5a855ddfb9aaf4a0bfc153f079c95337d2ee3c2ac36e5b4e8c5da765bf5d11edcf01ef11a3748d7ca0b1fd6f8882fbfd3423bd429c8592ec28a98bba845e7fe829ae2b11f5215ce819bf777ab45d73e9afe3cc76840b7d368161ee140efdec81ca1d5716c2ea5b255fabb5a4698864c8d427738837c45f1006cbf1f68bbedbfdf70e5b65b21b1934826c06d4d3da4f08e3ad376cec5aafb2f9eae9a06cab375ef5a44f30a563e5245077d84823b88d71912f458fe17d36e4b2a88260ad121af2e5a43a555ef61ffd242c09d5011b9be422c4c310a834f664c732930c1d329212aa9f063356c85130c965d919180e62afd193224d3792db6a069ff2bc8770bd6294a6884cbfb71301859a26b7572440ee12719e8753831bf73d353a33ea64c57df0bac0cc8938ea28370724439170824d1b55d415eed14f620d3a28bb5009edd12e9322df3573bbd9b0d0ff2cbd2e48c0c297f63c100116097c48c8f4cf0a7c4fb5156723fcb615236b6db175442b2db90c3e426cca9de56f55effdbb981c75c99a8dd084a619882fb216b000cb99eae616f0b5d7a8a2cc675cbd3e0a61b6f602250b040ae57f998471095563334e165f35139ec22aabf8ada15b890e2cf038a4f40d129760e39b166f58cfb4bfee7d4455ce06ad098745e0edac9434e4c61f889cbe6d7cf74da35f1b6d2b4455abf954223d1638ff808508228a3060d390e9ce539d2dcb032ae5d6c5abcd4df4bfb63f9851e45bb961cca2150eb386abd67dab2a12c096aa8df742e41ff7718f9dd77099d9bc87a2a46d8d6ffb903b23b429747c9acb21c0e88067eb6c7fa2507ef0673e6b65a15767cfa4ef9b52adbce41ea3461f77b0e705a2d5cbcf3841bd22414f3ef2402a915705a18113d370d35619fdbbfb4fe6e1581a8520525e863d931aaaed58d06d093905b0d83dd1345f4b8213954102abf8048be627d437f267d4a0a6e6f181891562b61be55f1e646120cfe17d8d2961ad86d1575856fff39791b90ccc6895495cc0f3a1e2604f5b729aec7452b133b9c822bbc74df480670f34cf0335d42b5ad6a7009c49050d97ef8c09eff8716dbb9ce5a5d67ffad2541860017bfe982c0e48390f987f470c7b600fb29be4d3a74251d85ef1cf1fe3b5a146bb9f6fee2369cba1f2be75782b14a422b0820fa00c1250f4d437f24914a94a8564fa079fe803b39c528707dd2906120d53020000b725596b68553f1653aad2fdd23114e4a7ca3402fcdf0b060323a683a03109ffbec9627c803da8a55665e156a335528f113eb730bb28c0480daf8f2b65483d0f3805e1c512b680d8698e63a80b45aa8c7e12ad0f0e072eefc806fde42455bc4d157e402a86218896d5638f8fdadb1fbffaf4fe92f526475612980f0c5a539a9cec3c63e4efa5b893611af45c8003650888dc5b958a18848cffe11e0636f40e3ade10da702b71a69e6941e506ec3f0297349867949246310909ff445005f68910308df1e44f7ef04efbcb6ade53086aeb80b0ca96b94c9e6353c77bc1ce575edd6a1ab76e000d2ca0bc80c09d76d2bf25d90c93d5fcf6c123a9e83a3354b798356aeb2e99721732d52b1ec6c84d79d6f1237186260e7e63f29cfe8050a8fd44d57b52582b45e1fe027792c07ef33a0ac686606dd009ef3839e179190aca20d01db1d2263898a6953feb5d2e8093a4b4a2b18f6cb06a0251d3862672814b5165213c65174fe5dad7673186293e336348fc77a6d545cc07355c07a8b9a98c95d76fa5dc4c19181578a6dc4f2b29b647ab6a09f6756994c8e389c7c165766f154468b380e1e67cb2edbc7f67b6bfad1de690c3f472908b11d1c502ca61b5e869cd2cf8e11e39eceb9d31fca090fd5dd15e1f5a8c4de58531df3fa96d655653a5b99ea449d3865e07401ecb63fb4ac4042c893841c2b70b4a133937ac0dca8d6f442de175f138ab7cf19477c2483caf524fc443b3243d31f15f3f518b2d7964314d7d34754ae417dd9d46a83e443cef18eb673f46f34aeaba592a171bb4710002da17d9d6554208fc384de22bff7e05d2bfb821656e78bfa084be46fe6b0f04a06c6bc80afbd406a918a57d582345b260360cec7168142ef0e0da8ad70ac9703d6206c6da23558374ad8bc1e8fe5cdede25e8ad5d0d0741d85e86566b7b9172f457e36feabb881f14a04d182b6971bb1aa1c37a608ff0eeaba1b6c37c4bdb15696afb0e031ef8b214a7a72892593c910829c820f773135f3441afc90cadeb50f76d4a5bbd713c8b3dc441599dcae659b9ad417affde5d9ee3933f00ea69323fd33e0b9a12b1ee29b2e97c7b1db3fa0a900678c6490a847fdd85fa93bb134e3239638052359774bc22405a0abb698081ce1dce2dfe0c0430b641f00d230013944df65581f6b5f458165b16aad8b92b44bf28b3236cac5239c91fe2351c5f53359d072aa34ffee18ff275afdc0dc7b889da928fdd4e300a52699cb5a4fea8cc42f636b15e449daef52df3586d4b55fd047b04e96734aa2c45bcad8f05dbf3c97daefcd6bad396a6aed71849e484eb0e3526970973db9b268b71e726748aacb5c2203cde2992af74cac612d33cecba7f3e5d66e2a2e449eb00e770af4fe13be6d16877cfa46c108c29d8db1efff5356433fc627741d12605056ec78c02bf143afc9e2161c15ce65a0f8c9f13a6b7a9164f256301ff0ca23dfffb77ec46ddd29b63d7bcfe5a"], 0x1004)
madvise(&(0x7f000032f000/0x3000)=nil, 0x3000, 0x15)

1m50.350290495s ago: executing program 4 (id=119):
openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x88901, 0x0)
r0 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0xc3ee, 0x10000, 0x0, 0x100002cf}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0)
r3 = syz_io_uring_setup(0xdaf, &(0x7f0000000180)={0x0, 0x2, 0x100, 0x0, 0x291}, &(0x7f0000000100), &(0x7f0000000080))
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x0, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x4000010, 0xffffffffffffffff, 0xa4402000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
creat(&(0x7f00000002c0)='./file0\x00', 0x6)
mprotect(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffdf4)
mount$afs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x801, &(0x7f0000000300)=ANY=[@ANYBLOB="3d7374726963742c64796e2c736d21636b66736465e24b2640262d2d7d2c000000000000"])
sendmsg$nl_route(r4, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(0xffffffffffffffff, 0xc01864b0, 0x0)
io_uring_enter(r3, 0x0, 0x0, 0x1, 0x0, 0x0)
socket$kcm(0x2d, 0x2, 0x0)
r9 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000ec0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000bed95960000000000000000009000000f6ffffff00"], &(0x7f0000002600)=""/4096, 0x21, 0x1000, 0x1}, 0x28)
ioctl$IOCTL_GET_NCIDEV_IDX(r9, 0x0, &(0x7f00000000c0))

1m50.160525053s ago: executing program 0 (id=120):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tcp_probe\x00', r0, 0x0, 0x3}, 0x18)
r1 = socket$kcm(0x2b, 0x1, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x200000, 0x0, &(0x7f0000a00000/0x600000)=nil)
r2 = syz_open_procfs$pagemap(0x0, &(0x7f0000000040))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f00000004c0)={0x60, 0x2, &(0x7f0000165000/0x4000)=nil, &(0x7f000075c000/0x3000)=nil, 0x0, &(0x7f0000000180)=[{0x6, 0xbe63, 0xb}, {0x2000000000000f6, 0x9, 0x3}], 0x2, 0xe4, 0x4, 0x0, 0x0, 0xb})
sendmsg$inet(r1, &(0x7f00000009c0)={&(0x7f00000000c0)={0x2, 0x4001, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x30044889)
sendmsg$sock(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000280)='\a', 0x1}], 0x1}, 0x241)

1m49.849040777s ago: executing program 0 (id=123):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101040, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000180)=0x10)
shutdown(r1, 0x1)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000080)={0x0, @in={{0x2, 0x0, @empty}}}, &(0x7f0000000540)=0x9c)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r2, 0x0, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x4, &(0x7f00000000c0))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x2d)
syz_pidfd_open(0x0, 0x0)
r8 = socket$unix(0x1, 0x3, 0x0)
bind$unix(r8, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
socket$unix(0x1, 0x3, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x200200, 0x21)

1m48.640069599s ago: executing program 2 (id=125):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r2, 0x28, 0x0, &(0x7f0000000380)=0x4, 0x8)
syz_usb_connect(0x0, 0x5a, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ec13b2106d04f308280b0102030109024800010000000009046900000e01", @ANYBLOB='2'], 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)=@newtaction={0xd8, 0x30, 0xffff, 0x0, 0x0, {}, [{0xc4, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x99, 0x1, {0x1, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x80000}}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x54, 0x2, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x2629, 0x6}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xd8}}, 0x8000)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000950000f862878baa9d8af3aa2108765f26b5e2dddbceaa9ad9531912b39eb66e57007c78a1d564185b473e74bb59662f9435aa10f37c380487bb42ae9964137c8517805e6902500cdcb104dbb1facb44420da9859afcd60f689f9ed7fd733454d11488867524cea858da9739656eee7a3d5e4f6c2eecebe405f5a1894455576af1f891170ee2f4cc72e7b8195da5645e2a2e01b12e920c48df52"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000004)
ioctl$sock_SIOCBRDELBR(r8, 0x89a2, &(0x7f0000000000)='bridge0\x00')

1m37.325950151s ago: executing program 2 (id=148):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x30, r1, 0xa11, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x14, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0x6}, @NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL={0x6, 0x19, 0x6}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0xc8)
connect$unix(0xffffffffffffffff, 0x0, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_DEL_RULE(r3, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f00000008c0)=ANY=[@ANYBLOB="30040000f40320002abd7000fedbdf25010000000200000014000000008100000700000008000000080000000300000004000000ff0000000700000001800000050000000100010008000000170000000a0000000200000002000000010000800000000009000000060000000300000007000000ff01000001040000768e000007000000060000000100000003000000ff07000002000000030000008576000000000040fd01000008000000ff0100000100000070b200000c00000098d30000df030000030000000700000001000000020000000800000000f0ffff01000000040000004909000002000000010400000900000082060000ff7f00004702000080000000010000000900000006000000070000000800000001000000fbffffff090000000500000001000000080000000100ffff3400000007000000d421000001000000020000000000000007000000000000000800000003000000000800000001000003000000000000000000000001000000000200000000000006000000b13b7f2d04000000fbfffffffbffffff000000000300000001000000060000000900000004000000000000000c000000af0d00000100000001000100ff7f0000ee030000060000000f000000ffff00000400000009000000fd0000002482b644080000000200000004000000060000000e00000001000000060000007fffffffffffffff7a010000000002000a000000000000000000000010000000030000007f0000000100000008000000fcffffff020000000100000008000000990b0000000000000900000080000000ffffffff0300000008000000aaeb000004000000fdffffff10000000bb0c000000000000ff6500000600000001000000050000000600000005000000080000000900000006000000060000004d1b000002000000190000000600000005000000d623bf690008000006000000000800008b2f0000030000005f00000001000000d50300000800000003000000080000000400000040000000ff070000010000200500000009000000070000000100000005000000030000000400000006000000120700000300000000000000ffffff7f0000010008000000ff000000020000000900000002000000050000000400000008000000010000002800000092010000f102000002000000080000000200000003000000090000000008000020010000ffffffff030000000800000001000000db9b0000050000007f000000ff7f00000900000001000000010000000b0000009f0800000800000004000000010001000c000000a20000000900000001000000010000805600000001800000060000000600000009000000010000000000000001000000ff0100000080000009000000ff070000010400000700000006000000970000000000008000ffffff00000000030000000f0000006c070000090000000e00000047504c00003a245e000047504c000000"], 0x430}, 0x1, 0x0, 0x0, 0x20004014}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x80000021) (async)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
keyctl$revoke(0x3, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, &(0x7f0000000000)=0x1) (async)
ioctl$VIDIOC_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x2d0, 0x190, 0x1, 0x0, 0xdd9f83, 0x1, 0x9, 0x1, 0x2, 0x8, 0x722, 0xed, 0x7, 0x7f, 0x3f, 0xb763599953cb090f, {0x10000, 0x6fd8e84b}, 0x3, 0xed}}) (async)
socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = socket(0x10, 0x3, 0x0) (async)
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000840)=@newqdisc={0x48, 0x24, 0x3fe3aa0262d8c783, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x18, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x80d, 0x6, 0xe40c, 0xb, 0x1, 0x4, 0x8}}]}}]}, 0x48}}, 0x0) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x65, 0xa, 0x0, 0x0, 0x300, 0x61, 0x11, 0x64}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80)

1m36.672428632s ago: executing program 2 (id=149):
setresgid(0xee00, 0xee01, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x4)
shutdown(r0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x8}, [@ldst={0x6}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48)
recvmmsg(r0, &(0x7f0000006080)=[{{0x0, 0x0, 0x0}, 0x18000}], 0x1, 0x10142, 0x0)
setfsgid(0xee01)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
io_setup(0x222, &(0x7f0000000180)=<r1=>0x0)
io_pgetevents(r1, 0xab5e, 0x7, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}, {}], &(0x7f0000000140)={0x77359400}, &(0x7f0000000380)={&(0x7f0000000200)={[0x7]}, 0x8})
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x80201, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r2, 0x0)
io_submit(r1, 0x2, &(0x7f0000000080)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x641c, r2, &(0x7f0000000000)='\x00', 0x1, 0x8}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2, 0x4, r2, 0x0, 0x0, 0x1}])
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
open(&(0x7f00000000c0)='./file0\x00', 0x751000, 0x5)
write$cgroup_devices(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[@ANYBLOB='c ', @ANYRESDEC], 0x10)

1m36.582688981s ago: executing program 0 (id=150):
chroot(&(0x7f0000000000)='./file0\x00') (async)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x181a82, 0x230)
futex(&(0x7f0000000080)=0x2, 0x6, 0x2, &(0x7f00000000c0), &(0x7f0000000100)=0x1, 0x2)
listxattr(&(0x7f0000000140)='.\x00', &(0x7f0000000180)=""/31, 0x1f) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RREADDIR(r1, &(0x7f0000000200)={0x2a, 0x29, 0x2, {0x7ff, [{{0x1, 0x3, 0x5}, 0xc6b, 0x0, 0x7, './file0'}]}}, 0x2a) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'syzkaller0\x00', <r2=>0x0})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000280)={0x1b, 0x0, 0x0, 0x9, 0x0, 0xffffffffffffffff, 0x9, '\x00', r2, 0xffffffffffffffff, 0x3, 0x4, 0x1}, 0x50) (async, rerun: 64)
sendmsg$xdp(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000300)="725d10b76e74526ba40651abb60fd8b2240b4dcdad992cf46f33a08bd39aaa217737fc1ea4736e85175b07bb68663341d34171a5837257249ba2f4a08dbda1cdfa3ab86766a8c9629822d40b5c40382ad662604360817d02fc3009f62eda33b2c8ce3c2dc91a07e801d32852798afe688742e3f95afdaee603637ab09cc88bf9af5c5b75d44ed3db04601ff7549e9731e6ac01b9955bd997680a303b5e", 0x9d}, {&(0x7f00000003c0)="acf73e7ad766fc167be3d9d7c38137437fc315eb0496cfbe451160c08a54675712e1d7cbb9856694b80284691dabed10a7a3275291e71a257dd236c358505b24b0e8154bf8fc58824d06ede01842c20cc417a1ca055134939dfa5ca4451c6647301e19a3a6a437204d9749d4ef982d774e6500a3b93fd07438914b02580be7db7b673771301e3e7d83d4eb20ec267dce68ea169b64c2ee121b0b2e1113b3", 0x9e}], 0x2, 0x0, 0x0, 0x40000}, 0x20000050) (async, rerun: 64)
r3 = open(&(0x7f0000000500)='./file0\x00', 0x12080, 0x14)
sendmsg$802154_raw(r3, &(0x7f0000000600)={&(0x7f0000000540)={0x24, @short={0x2, 0xffff, 0xffff}}, 0x14, &(0x7f00000005c0)={&(0x7f0000000580)="a2a10be93c038a288f", 0x9}, 0x1, 0x0, 0x0, 0x20004044}, 0x8040) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x21, 0xfffffff7, 0x1e2f, 0x7fff, 0x40120, r0, 0x3ffc0, '\x00', r2, r3, 0x3, 0x2, 0x1}, 0x50)
r4 = semget$private(0x0, 0x2, 0x340)
semtimedop(r4, &(0x7f00000006c0)=[{0x2, 0x9, 0x1800}, {0x3, 0x1}, {0x4, 0x0, 0x800}], 0x3, &(0x7f0000000700)={0x77359400})
semctl$IPC_STAT(r4, 0x0, 0x2, &(0x7f0000000740)=""/238)
syz_io_uring_setup(0x6ca1, &(0x7f0000000840)={0x0, 0xdf23, 0x4000, 0x2, 0x250}, &(0x7f00000008c0)=<r5=>0x0, &(0x7f0000000900))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x11c, &(0x7f0000000940)=0x4, 0x0, 0x4) (async)
r6 = socket(0xa, 0x5, 0x0) (async)
sendmsg$NFT_MSG_GETCHAIN(r0, &(0x7f0000000b00)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000ac0)={&(0x7f00000009c0)={0xfc, 0x4, 0xa, 0x900, 0x0, 0x0, {0x0, 0x0, 0x2}, [@NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffb}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffe}, @NFTA_CHAIN_COUNTERS={0x40, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x7}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x6}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x6}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x401}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x1}]}, @NFTA_CHAIN_USERDATA={0x95, 0xc, "5465984f3861a9ad1d98a5beb4c674aff2c576ba2c1ad0cb14c0840e5e9aa381074c46e77aa13a0160eb0fe4c36be326f8c69634148d22cf047e9a4496de1e4d7499c0169c708382c80b47af7d8d753fd771a11fcfd94f82d6b0700c5e727929021cb3c2f16a06c23d92f8663a68cb3e1d374f5afe9c5d9bb32ae0ee7d286633ffbde309be6a7aba2f0db26c735540722e"}]}, 0xfc}, 0x1, 0x0, 0x0, 0x800}, 0x80c1) (async, rerun: 64)
r7 = creat(&(0x7f0000000b40)='./file0\x00', 0xa0) (async, rerun: 64)
r8 = openat$null(0xffffffffffffff9c, &(0x7f0000000b80), 0x600001, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000bc0)={r7, r8, 0x31, 0x0, @void}, 0x10) (async, rerun: 32)
r9 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000c00), 0x10d00, 0x0) (async, rerun: 32)
r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000c80), r7)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r9, &(0x7f0000000dc0)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x10093800}, 0xc, &(0x7f0000000d80)={&(0x7f0000000cc0)={0x94, r10, 0x4, 0x70bd2d, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0xb8}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x5}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x4}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x58, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast1}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @remote}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x23}}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast1}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x1}, 0x4000004) (async)
write$bt_hci(r6, &(0x7f0000000e00)={0x1, @write_class_of_dev={{0xc24, 0x3}, {"ea92a4"}}}, 0x7) (async)
semop(r4, &(0x7f0000000e40)=[{0x4, 0x4, 0x800}, {0x0, 0x7, 0x1800}, {0x4, 0x8, 0x800}, {0x1, 0xfb3}, {0x3, 0x3, 0x1000}], 0x5) (async)
clock_gettime(0x0, &(0x7f0000000e80)={<r11=>0x0, <r12=>0x0})
nanosleep(&(0x7f0000000ec0)={r11, r12+60000000}, &(0x7f0000000f00)) (async, rerun: 64)
socket$inet_tcp(0x2, 0x1, 0x0) (rerun: 64)

1m36.406635937s ago: executing program 2 (id=151):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18)
connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0x2}, 0x18) (async)
sendmmsg(r0, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) (async, rerun: 64)
ioctl$sock_SIOCDELDLCI(r0, 0x8981, &(0x7f0000000040)={'netdevsim0\x00', 0x9}) (rerun: 64)

1m36.324520017s ago: executing program 0 (id=152):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
ioctl$TCSETS(0xffffffffffffffff, 0x404c4701, 0x0)
r0 = request_key(0x0, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$search(0xa, r0, &(0x7f0000000980)='cifs.spnego\x00', &(0x7f00000009c0)={'syz', 0x3}, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_emit_ethernet(0x46, 0x0, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r2 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0), 0x101080, 0x0)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, 0x0, &(0x7f0000000200))
ioctl$MON_IOCX_GET(r2, 0x40189206, &(0x7f0000000280)={0x0, 0x0})
r4 = dup3(r2, r3, 0x0)
ioctl$MON_IOCX_GETX(r4, 0x4018920a, &(0x7f00000003c0)={0x0, &(0x7f0000002240)=""/4118, 0x1016})
set_mempolicy(0x8006, 0x0, 0x5)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000000)={'macvtap0\x00', 0x0})

1m35.714796175s ago: executing program 2 (id=153):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x533, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
ioctl$HIDIOCGFLAG(0xffffffffffffffff, 0x8004480e, &(0x7f0000000280))
prlimit64(0x0, 0xe, 0x0, 0x0) (async)
sched_setaffinity(0x0, 0x0, 0x0) (async)
r1 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r1, &(0x7f0000001a40)=""/102378, 0x18fea) (async)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r2, 0x84, 0x20, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000000240), 0x1003, r0}, 0x38) (async)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
getxattr(&(0x7f0000000300)='./cgroup\x00', &(0x7f0000000340)=@known='security.apparmor\x00', &(0x7f0000000380)=""/126, 0x7e) (async)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00') (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_MCAST_MSFILTER(r6, 0x0, 0x30, 0x0, 0x1499b1475813f997)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="35f8000002060104000000100000000000800063"], 0x14}}, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r7 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
mount(0x0, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000200)='nilfs2\x00', 0x410, 0x0) (async)
sendfile(r7, r4, 0x0, 0x80008) (async)
socket$l2tp6(0xa, 0x2, 0x73) (async)
rename(&(0x7f0000000000)='./cgroup.cpu/cpuset.cpus\x00', &(0x7f00000000c0)='./cgroup.cpu/cgroup.procs\x00') (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b", @ANYRES64], 0x0)

1m34.647920403s ago: executing program 33 (id=119):
openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x88901, 0x0)
r0 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0xc3ee, 0x10000, 0x0, 0x100002cf}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0)
r3 = syz_io_uring_setup(0xdaf, &(0x7f0000000180)={0x0, 0x2, 0x100, 0x0, 0x291}, &(0x7f0000000100), &(0x7f0000000080))
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x0, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x4000010, 0xffffffffffffffff, 0xa4402000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
creat(&(0x7f00000002c0)='./file0\x00', 0x6)
mprotect(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffdf4)
mount$afs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x801, &(0x7f0000000300)=ANY=[@ANYBLOB="3d7374726963742c64796e2c736d21636b66736465e24b2640262d2d7d2c000000000000"])
sendmsg$nl_route(r4, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(0xffffffffffffffff, 0xc01864b0, 0x0)
io_uring_enter(r3, 0x0, 0x0, 0x1, 0x0, 0x0)
socket$kcm(0x2d, 0x2, 0x0)
r9 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000ec0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000bed95960000000000000000009000000f6ffffff00"], &(0x7f0000002600)=""/4096, 0x21, 0x1000, 0x1}, 0x28)
ioctl$IOCTL_GET_NCIDEV_IDX(r9, 0x0, &(0x7f00000000c0))

1m33.608369597s ago: executing program 2 (id=156):
symlinkat(&(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$SNDCTL_SYNTH_MEMAVL(r0, 0xc004510e, &(0x7f0000000040)=0x80000001)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000700)='virtio_transport_alloc_pkt\x00', r1, 0x0, 0xfffffffffffffff9}, 0x18)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
syslog(0x3, 0xfffffffffffffffc, 0x61)
connect$vsock_stream(r2, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), r3)
openat$smackfs_load(0xffffffffffffff9c, &(0x7f0000000440)='/sys/fs/smackfs/load-self\x00', 0x2, 0x0)
r5 = syz_usb_connect(0x1, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12012000f1048108cd060202d4920000000109021b1901000000d40904150001da40df0009058202"], 0x0)
syz_usb_control_io$uac1(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="00008000", @ANYRES16=r4, @ANYBLOB="010031bd7000000000001400000018000180140002006e657464657673696d3000000000000008000400040000000800050009000000"], 0x3c}, 0x1, 0x0, 0x0, 0x104}, 0x20000000)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x401, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x4000000)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000b40)={{0x1, <r7=>0xffffffffffffffff}, &(0x7f0000000ac0), &(0x7f0000000b00)}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000d00)={r7, &(0x7f0000000b80)="8a77b651c0be99ffcc87a0a15c34d8dca6a507344fa33a8a5f75aa0c8af438a60aadcc9ddb8ce68461ffe0bf98f5ffd7960bf078bdb6396ece64528fdbb1b618787da8bd4113543f59da46b0330146c4105eac32d047d560d00d6836cef516f87b0c5e5b447f73986b6febbf63b7acf8a0278fcfbf0680ea4d4702ead6ccb40cc513c4c1b2d96aa62f54f8c3c2190ca26daa37eed325b3ccc931138e1ccd3abc12138c5da5b640f37b2eb8b66d29", &(0x7f0000000c40)=@buf="417a2f6d73ec1b8c7fc54c06094130d5414b49e1ec9c1f61c3691da65923b016f98e56429e9763e2dc71bde17f02f1d1db52efd62f7ff32aa4bb2e264f4702ca9d11897355584b1820fa32e27f9a3997df681310035dd104237062d0af90755e8147d082540249375639a5fefc57f9262cdae349824f0a231a344d17f43362de90e03308686b0202fae7bb6e8ae1b374424863989e1850fdd9a6536077b2f58eece086dfca0d7712e3", 0x4}, 0x20)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffffff, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x92)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})

1m21.311209059s ago: executing program 34 (id=152):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
ioctl$TCSETS(0xffffffffffffffff, 0x404c4701, 0x0)
r0 = request_key(0x0, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$search(0xa, r0, &(0x7f0000000980)='cifs.spnego\x00', &(0x7f00000009c0)={'syz', 0x3}, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_emit_ethernet(0x46, 0x0, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r2 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0), 0x101080, 0x0)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, 0x0, &(0x7f0000000200))
ioctl$MON_IOCX_GET(r2, 0x40189206, &(0x7f0000000280)={0x0, 0x0})
r4 = dup3(r2, r3, 0x0)
ioctl$MON_IOCX_GETX(r4, 0x4018920a, &(0x7f00000003c0)={0x0, &(0x7f0000002240)=""/4118, 0x1016})
set_mempolicy(0x8006, 0x0, 0x5)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000000)={'macvtap0\x00', 0x0})

1m18.233914852s ago: executing program 35 (id=156):
symlinkat(&(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$SNDCTL_SYNTH_MEMAVL(r0, 0xc004510e, &(0x7f0000000040)=0x80000001)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000700)='virtio_transport_alloc_pkt\x00', r1, 0x0, 0xfffffffffffffff9}, 0x18)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
syslog(0x3, 0xfffffffffffffffc, 0x61)
connect$vsock_stream(r2, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), r3)
openat$smackfs_load(0xffffffffffffff9c, &(0x7f0000000440)='/sys/fs/smackfs/load-self\x00', 0x2, 0x0)
r5 = syz_usb_connect(0x1, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12012000f1048108cd060202d4920000000109021b1901000000d40904150001da40df0009058202"], 0x0)
syz_usb_control_io$uac1(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="00008000", @ANYRES16=r4, @ANYBLOB="010031bd7000000000001400000018000180140002006e657464657673696d3000000000000008000400040000000800050009000000"], 0x3c}, 0x1, 0x0, 0x0, 0x104}, 0x20000000)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x401, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x4000000)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000b40)={{0x1, <r7=>0xffffffffffffffff}, &(0x7f0000000ac0), &(0x7f0000000b00)}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000d00)={r7, &(0x7f0000000b80)="8a77b651c0be99ffcc87a0a15c34d8dca6a507344fa33a8a5f75aa0c8af438a60aadcc9ddb8ce68461ffe0bf98f5ffd7960bf078bdb6396ece64528fdbb1b618787da8bd4113543f59da46b0330146c4105eac32d047d560d00d6836cef516f87b0c5e5b447f73986b6febbf63b7acf8a0278fcfbf0680ea4d4702ead6ccb40cc513c4c1b2d96aa62f54f8c3c2190ca26daa37eed325b3ccc931138e1ccd3abc12138c5da5b640f37b2eb8b66d29", &(0x7f0000000c40)=@buf="417a2f6d73ec1b8c7fc54c06094130d5414b49e1ec9c1f61c3691da65923b016f98e56429e9763e2dc71bde17f02f1d1db52efd62f7ff32aa4bb2e264f4702ca9d11897355584b1820fa32e27f9a3997df681310035dd104237062d0af90755e8147d082540249375639a5fefc57f9262cdae349824f0a231a344d17f43362de90e03308686b0202fae7bb6e8ae1b374424863989e1850fdd9a6536077b2f58eece086dfca0d7712e3", 0x4}, 0x20)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffffff, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x92)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})

16.59992583s ago: executing program 3 (id=306):
r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400)
mount$fuse(0x0, 0x0, 0x0, 0xa02002, &(0x7f00000004c0)=ANY=[@ANYBLOB="66643dc6953bd340e3272b71d8f75d2e259bf1b1641dbb07e599bb12e499abcbe83cb20c3beb0dfa38c10e940b6828039ec26a486cc445322e0a22037201a9aafdefaad479199cd361137641824dfeb422ab103c6a236f4c9ae516aaf718425b7cbf0a21a98a672989ebb66211460e26e8d8f0a8338d62ea54b8dbc1492deefab8989d8802bb1b8c5d61349a79922cad342e87ed63595e043a81fa36feb0f49bca508854", @ANYRESDEC, @ANYBLOB="40ef35a971d35097635122028eb919802534a9e95b3ca94bf84415370e72798ba993e10be6a82eee4caa011b2c213a3a032f32435692c0ba1dc1f06b1de6bc83e6d684a1f35cf6", @ANYRESOCT])
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58)
syz_clone(0x25000000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = accept4(r2, 0x0, 0x0, 0x80000)
sendmsg$kcm(r3, &(0x7f0000001880)={0x0, 0xf5, &(0x7f0000001600)=[{&(0x7f0000001a00)="e8a472", 0x3}, {&(0x7f00000000c0)="bcc9b1557de1fad1f955144629ed4dcf3c33679ea22502e3cff8923bf5d43921bc111a262f295a8eb540", 0x7fffeffd}, {&(0x7f0000001680)="094fb143daa9baa36aaa2cca06886c533118e056", 0x14}], 0x3}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000400)=ANY=[], 0x1df)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

16.159480242s ago: executing program 3 (id=307):
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$int_in(r1, 0x5452, &(0x7f0000000040)=0x8001)
r2 = getpgid(0x0)
fcntl$setownex(r1, 0xf, &(0x7f0000000140)={0x2, r2})
sendmmsg$unix(r0, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000008c0)='\x00', 0x1}], 0x1}}], 0x1, 0x408b1)

16.115665721s ago: executing program 3 (id=308):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x31)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000000)="d8f066b9800000c00f326635000100000f3067f0801903baf80c66b86695d38d66efbafc0cb8ba2feff30faeeb0f20d86635080000000f22d80f01c2f30f5ef33e29252e660f38155eb5", 0x4a}], 0x1, 0x5c, &(0x7f00000000c0), 0x0)
ioctl$KVM_SET_NR_MMU_PAGES(0xffffffffffffffff, 0xae44, 0x40)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000100)={0x5, 0x0, [{0x199, 0x0, 0x7}, {0x931, 0x0, 0xe48}, {0x92b, 0x0, 0x8}, {0x9f6, 0x0, 0x40}, {0x8ab, 0x0, 0x1}]})
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x6002)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40505412, &(0x7f00000001c0)={0x2, 0x35a, 0x66, 0x0, 0xe19fbf0ed29ee840})
r3 = memfd_secret(0x0)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000240)={0xaa, 0x21})
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000280)={<r4=>0x0, 0x7}, &(0x7f00000002c0)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f00000003c0)={<r5=>r4, 0xb4, &(0x7f0000000300)=[@in={0x2, 0x4e20, @rand_addr=0x64010101}, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x20}}, @in6={0xa, 0x4e22, 0xda, @remote, 0x6}, @in={0x2, 0x4e22, @local}, @in6={0xa, 0x4e22, 0x5, @dev={0xfe, 0x80, '\x00', 0x1b}, 0x6}, @in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x3d}}, @in={0x2, 0x4e21, @private=0xa010101}, @in={0x2, 0x4e23, @broadcast}, @in6={0xa, 0x4e23, 0x7fffffff, @loopback, 0x262}]}, &(0x7f0000000400)=0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000480), r3)
sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000580)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x68, r6, 0x4, 0x70bd2a, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x1c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_SOCK={0x38, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x101}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x800}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x200}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f00000005c0)={r5, @in6={{0xa, 0x4e23, 0xcfa, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x2}}}, 0x84)
ioctl$KVM_CAP_SYNC_REGS(r3, 0x4068aea3, &(0x7f0000000680))
socket$inet_tcp(0x2, 0x1, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x2)
ioctl$KVM_NMI(r1, 0xae9a)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r0, 0x4068aea3, &(0x7f0000000700)={0x79, 0x0, 0x3b9})
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000780)={0x4, 0x5, 0xffff1000, 0x1000, &(0x7f0000fe6000/0x1000)=nil})
ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f00000007c0)={r3, 0x1, 0x2, r3})
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000880)={'syztnl1\x00', &(0x7f0000000800)={'syztnl0\x00', 0x0, 0x4, 0x3, 0x2, 0x5, 0x11, @loopback, @private1, 0x7, 0x7, 0x5, 0x9}})
syz_genetlink_get_family_id$smc(&(0x7f00000008c0), r3)
write$FUSE_GETXATTR(r3, &(0x7f0000000900)={0x18, 0x0, 0x0, {0x178}}, 0x18)
getpid()
mknod(&(0x7f0000000940)='./file0\x00', 0x2, 0xc9)
r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x5)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000980)={0x10003, 0x0, 0x100000, 0x2000, &(0x7f0000fe6000/0x2000)=nil})
r8 = ioctl$TUNGETDEVNETNS(r3, 0x54e3, 0x0)
ioctl$NS_GET_USERNS(r8, 0xb701, 0x0)

16.024255614s ago: executing program 3 (id=309):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r6 = landlock_create_ruleset(&(0x7f0000000140)={0x8b28, 0x3}, 0x18, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x20800000000, 0xb, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8010, r1, 0x681bb000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
landlock_restrict_self(r6, 0x1)
sendmmsg$unix(r5, &(0x7f0000000f40)=[{{&(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000000000)=[{&(0x7f0000000380)="0cdc1783127d3a650b81c0c543b1370623601f699fb317b10e3ba72ca5bbcb3ac5d5c1665f90e83f70f6d3c7e161c2ad765ab983a59f4600b259516eb0616ec94b3329ffc4a4d0ed4e432d44a8df04d10558ae8f18544a225b4962b94346e178bc254d6abe7d366e109183eb6e14b2de3e9019142af98209dce24f7c8e438c88", 0x80}], 0x1, &(0x7f0000000480)=ANY=[@ANYBLOB="1c0000000002000000000002000000", @ANYRES32=r2, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000002c000000000000000100000001000000", @ANYRES32=r5, @ANYRES32=r5, @ANYRES32, @ANYRES32=r3, @ANYRES32, @ANYRES32=r3, @ANYRES32=r3, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00'], 0x68, 0x20002004}}, {{0x0, 0x0, &(0x7f0000000c40)=[{&(0x7f00000005c0)="d9343c152ab41cc19ebf1bb2b79945f3571173ff94657476441ef1ee8c185b49aa42454eed5a653a041dea928b572892da08977e36d6ffff4ebcc3d4b136aaa57a962899f3c22638adbb8f48c4c9910184294a3bc5ebd1515a7eac894386c86c0c39ec747aa4effc267b7f41edb0e19fbe02ff580e3d024d107a72c1f0e91b73ca629cc6e06e843f46b1e20530b9b461f474b8d5e6fed4ce831ef0d50a4e80b02463c8aba6b40ff42fc6a1", 0xab}, {&(0x7f0000000700)="4b67e66f4ad12a8cec862308d4e347d4615e02f9a434b2a59c07756d56c8016cee1f86ce07f30debaf489dfa2d0673d8ad8fc51339446066d0520c4fae02f25b26693ee5928e498791fa5c08b1158d66baee8f592f681bcf82bba9f99e851ea3ee88e31f446884ec076e4f0c81d70e50776c0585b62852daff0b99af64409b6c7ea936609168ba80ac5358ae830b3d2f74ff245538231f555d", 0x99}, {&(0x7f00000007c0)="5cc8e0a947f659cf3c24f5ddcdbf1d2cf86a67614eda9bf7de3357f64a162f57b03eb93497e5d18b2449c7ea274dd9379eb617c8c308a6a24094ffb0099c35d9cdbf5056cf16cd7f39de8550d68ec959db98a209311e50625f0fd2c64c9ec2509734b1d9737d60bfa11aee2fdc8dae1ad86877006d55a5a479f5d8bbcd1022962f2bc22143f76a75ef5c5c9705cd3d1184a11e5b12311b0fa3f7582e4a2234b872d9e875714bb08a4db668a9418bbb02f4370af272086fd817c348c96dce4d2e32778857f194268aec3c238e3432febeffc43ff40b3f58445b", 0xd9}, {&(0x7f00000008c0)="258d98c2db29a29f73d938ea15cf7d0c2083208b921aa0d2c59907e04df86ffa89fc1a6c2a9b4b1662febd96b0d90cb4e5eb54e72811279355212b95e567d9119e6c7e39dfaf04ac55a6ec0ef67298cc6c8e3521453d57147d422817d911a32d252b6ac4c92a0e3f5b9e103e21776afeaf5859f9ad7ef6fbfc4aadf5192da1ab888349", 0x83}, {&(0x7f0000000980)="62340ab5489a9d24faa418a61c6edadabb7a4580b74c331bbede2b02092d5bc61859a02c58a5fd8732da08de8b94571f14de950d59063bcfcbe1d64b7f2017b45bd3bc07a6d3e589f62cfdce40248d7c27692595ae7835f46b789d70525c189ed156595978baa9414f355090d62111794beab5f38ecbbf9ee2c096a9a0558600302d13920e5f37688e9bccc288c6c94f024f2e39ec722f76364e5e2cd3cf8d", 0x9f}, {&(0x7f0000000a40)="3b037f996f978001f4e504cb82b7010604f158edffcca88f6f8ee4f26d47b4151c38406ffe6954e07fee790010ed007c185a2ca336484c97d8063e9961e0a9d5bdb3a2b980949250807edaedd00759823f7ff3486140ccc867bc32b6c18d283df2551ae91a0f0a6e6ba6b042c30801b10ea5ac26cef51a45ba48fecdad930f535f170bdb95fb06e62b053aa7e4728edb6146cf9839fc383c773eb75854a876e4f4628d93e5c120a16f9fa55ab9babe8cf20d6906e2b75042cbbf1ed8593f569ae785554f922423", 0xc7}, {&(0x7f0000000500)="8b2ac48f9f3eabfffef1af81fc1d467227054dd49b8fe21f687d281b35e88dd3ba25f7a55c435f2fa1b1579097d9be007bfaa0b1c4749adec33929971f77da192fc8069877e8cfaadc965c", 0x4b}, {&(0x7f0000000b40)="cf421336420b0ff39b2b7c442a225adcc16e4de3b7ac3cbf54747d9b12eaec796e18b1542ab28c745551444172b4556d1bf991d0b402b36f6fc494f0b2ef8f1b4c9beb04891c1dbb81fc16a4226ef5b2b3bba35ac7e8217d5f1debff50f320a9dbeadf8ff2c8b55658fbb4a39866c287d4f069430a04a88c95882fe5ed39282b1296c903d2f2b2e9797184f010a4fae894d03765d74aa3722fa158a7c0866ca825b9f846f91ceec8423aa7072add5b69e9e72ef9b314b99c1b9ed2896b51024f4a0f79e6f1dde83f6b03a4fb79e15c05fbd1067e2561b2309c3c26a44df3fc0c330df4d2da5279194a0502873b", 0xed}], 0x8, &(0x7f0000000cc0)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {r2}}}], 0x60, 0x4004}}, {{&(0x7f0000000d40)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000001c0)=[{&(0x7f0000000dc0)="e630dd6d62a4c686f8f3ff8895c7498b73b6caf5d84fd6fbbc4ffacefd6eee6075fc452316b1e7b5db8cc26819b3267a688471382e5584b75d597fb949863a9cdef8b21ed443b32a5b269c46a7932acf0b656d956cacd867ae8c98df6b26b30be53e8b8f8854c6d77d48ce62026f5f98ea1d51dc160873573bd706169acf403a1408d4ca3322a5acb0f94b1dd7e54fa7205718f470c54187bb793f2b397ef3142b459b7944b9b7f17f2c68a09c9a707bed0bd620ddcdc9b6cfb7", 0xba}, {&(0x7f0000000100)}], 0x2, &(0x7f0000000400)=ANY=[@ANYBLOB="1c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32=r1, @ANYBLOB="00190000"], 0x20, 0x40000}}, {{&(0x7f0000000e80)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000000f00)=[{&(0x7f0000000680)="b8e888f4d392c7a14e8f8172ad03d57281c3b09ed65b64d865b7de2c63651371", 0x20}], 0x1, 0x0, 0x0, 0x4000000}}], 0x4, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000010c0)=[{{&(0x7f0000001040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, &(0x7f0000000100)}, 0x7}], 0x1, 0x2120, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0xd)
write$binfmt_aout(r7, &(0x7f0000000940)=ANY=[], 0xff2e)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000180)=0x5)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000000040)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c00000010000304000000000000000000000400", @ANYRES32=0x0, @ANYBLOB="0003000000000000140012800b00010062726964676500000400028008000a00", @ANYRES32=r9], 0x3c}, 0x1, 0x0, 0x0, 0x20004084}, 0x8044)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f00000006c0)={0x2, 0x1, 0x1c, 0x14, 0x43, 0x0})

15.164055378s ago: executing program 3 (id=310):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000040)=@x86={0xff, 0xe, 0x7, 0x0, 0x9, 0x3, 0x7f, 0x9, 0x62, 0x81, 0x7, 0xc, 0x0, 0x3ff, 0x7, 0x7, 0x2, 0xcd, 0x1, '\x00', 0xe, 0x84})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x400000000000001, 0x5, 0xfffffffffffffffe, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x1c, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000001a40)=""/102392, 0x18ff8)
syz_open_dev$dri(0x0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r4 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000001080)=0x8)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x1f, &(0x7f0000000180)={r5, @in={{0x2, 0x4e20, @empty}}, 0xd9d, 0x1}, &(0x7f0000000040)=0x90)

15.108774693s ago: executing program 3 (id=311):
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
socket$inet6(0xa, 0x5, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x670, 0x5, 0x350, 0x0, 0x98, 0xfeffffff, 0x98, 0x98, 0x3b0, 0x3b0, 0xffffffff, 0x3b0, 0x3b0, 0x5, 0x0, {[{{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x1f}, 0x0, 0x0, 'veth0_to_bond\x00', 'veth1_to_team\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @broadcast, @remote, @icmp_id}}}}, {{@ip={@loopback, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'vlan0\x00', {}, {}, 0x0, 0x0, 0x46}, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id}}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x0, 0x0, 'pim6reg0\x00', 'wlan0\x00'}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @empty, 0x1, 0x7, [0xe, 0x5, 0x1a, 0x26, 0xb, 0xb, 0x9, 0x3c, 0x1c, 0x12, 0x1d, 0x1, 0x32, 0x3c, 0x1b, 0x6], 0x2, 0x0, 0x10}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3b0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xa0}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
openat$vim2m(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000a40), 0x800, 0x0)
ioctl$IOMMU_IOAS_COPY$syz(r4, 0x3b83, &(0x7f0000000b00)={0x28, 0x10002, 0x0, 0x0, 0x1d2662, 0x0, 0x5, 0x1548f})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000300)={0x5})
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r5, 0x84, 0x21, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000007110320000000000950000070000000084be288e72a7d71c8fbb79046c0adbac627f46ddd5835ac828725e6cac41e45582a33ed3eb617d83ecb8ec70f6cbb39133e50e0b307c71d089f745cfb27ff5080885d16ea7e27576d2d4"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x80)
getsockopt$inet_sctp_SCTP_RECVNXTINFO(r5, 0x84, 0x21, &(0x7f0000000180), 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @u32=0x1}]}, 0x1c}}, 0x20000000)

0s ago: executing program 36 (id=311):
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
socket$inet6(0xa, 0x5, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x670, 0x5, 0x350, 0x0, 0x98, 0xfeffffff, 0x98, 0x98, 0x3b0, 0x3b0, 0xffffffff, 0x3b0, 0x3b0, 0x5, 0x0, {[{{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x1f}, 0x0, 0x0, 'veth0_to_bond\x00', 'veth1_to_team\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @broadcast, @remote, @icmp_id}}}}, {{@ip={@loopback, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'vlan0\x00', {}, {}, 0x0, 0x0, 0x46}, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id}}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x0, 0x0, 'pim6reg0\x00', 'wlan0\x00'}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @empty, 0x1, 0x7, [0xe, 0x5, 0x1a, 0x26, 0xb, 0xb, 0x9, 0x3c, 0x1c, 0x12, 0x1d, 0x1, 0x32, 0x3c, 0x1b, 0x6], 0x2, 0x0, 0x10}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3b0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xa0}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
openat$vim2m(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000a40), 0x800, 0x0)
ioctl$IOMMU_IOAS_COPY$syz(r4, 0x3b83, &(0x7f0000000b00)={0x28, 0x10002, 0x0, 0x0, 0x1d2662, 0x0, 0x5, 0x1548f})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000300)={0x5})
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r5, 0x84, 0x21, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000007110320000000000950000070000000084be288e72a7d71c8fbb79046c0adbac627f46ddd5835ac828725e6cac41e45582a33ed3eb617d83ecb8ec70f6cbb39133e50e0b307c71d089f745cfb27ff5080885d16ea7e27576d2d4"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x80)
getsockopt$inet_sctp_SCTP_RECVNXTINFO(r5, 0x84, 0x21, &(0x7f0000000180), 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @u32=0x1}]}, 0x1c}}, 0x20000000)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.61' (ED25519) to the list of known hosts.
[   87.327084][ T5821] cgroup: Unknown subsys name 'net'
[   87.461743][ T5821] cgroup: Unknown subsys name 'cpuset'
[   87.471037][ T5821] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   89.148498][ T5821] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   92.081990][ T5846] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   92.090356][ T5846] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   92.098280][ T5846] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   92.098756][ T5848] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   92.106090][ T5846] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   92.115213][ T5848] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   92.121191][ T5846] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   92.127863][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   92.134680][ T5846] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   92.148051][ T5848] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   92.149326][ T5846] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   92.155587][ T5848] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   92.163999][ T5846] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   92.188711][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   92.196966][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   92.198151][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   92.204870][ T5846] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   92.222211][ T5851] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   92.230353][ T5851] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   92.233470][ T5850] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   92.244557][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   92.274610][ T5851] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   92.282660][ T5851] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   92.298547][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   92.307124][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   93.153323][ T5831] chnl_net:caif_netlink_parms(): no params data found
[   93.206910][ T5837] chnl_net:caif_netlink_parms(): no params data found
[   93.221394][ T5833] chnl_net:caif_netlink_parms(): no params data found
[   93.332277][ T5834] chnl_net:caif_netlink_parms(): no params data found
[   93.363997][ T5832] chnl_net:caif_netlink_parms(): no params data found
[   93.429689][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.436833][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.445151][ T5831] bridge_slave_0: entered allmulticast mode
[   93.454853][ T5831] bridge_slave_0: entered promiscuous mode
[   93.514480][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.522275][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.531965][ T5831] bridge_slave_1: entered allmulticast mode
[   93.539840][ T5831] bridge_slave_1: entered promiscuous mode
[   93.583503][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.590748][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.598278][ T5837] bridge_slave_0: entered allmulticast mode
[   93.605613][ T5837] bridge_slave_0: entered promiscuous mode
[   93.675163][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.683249][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.690486][ T5837] bridge_slave_1: entered allmulticast mode
[   93.698209][ T5837] bridge_slave_1: entered promiscuous mode
[   93.735206][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   93.765723][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.774053][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.781726][ T5833] bridge_slave_0: entered allmulticast mode
[   93.789467][ T5833] bridge_slave_0: entered promiscuous mode
[   93.806946][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   93.836230][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.843555][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.850938][ T5833] bridge_slave_1: entered allmulticast mode
[   93.859369][ T5833] bridge_slave_1: entered promiscuous mode
[   93.912170][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   93.925396][ T5831] team0: Port device team_slave_0 added
[   93.976698][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.002518][ T5831] team0: Port device team_slave_1 added
[   94.039429][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.048780][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.055995][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.063456][ T5832] bridge_slave_0: entered allmulticast mode
[   94.071789][ T5832] bridge_slave_0: entered promiscuous mode
[   94.123637][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.130871][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.141019][ T5834] bridge_slave_0: entered allmulticast mode
[   94.149460][ T5834] bridge_slave_0: entered promiscuous mode
[   94.166771][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.176893][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.184645][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.191913][ T5832] bridge_slave_1: entered allmulticast mode
[   94.199881][ T5832] bridge_slave_1: entered promiscuous mode
[   94.209155][ T5837] team0: Port device team_slave_0 added
[   94.216117][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0
[   94.223653][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.249797][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.261330][ T5851] Bluetooth: hci3: command tx timeout
[   94.263689][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.274422][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.281764][ T5834] bridge_slave_1: entered allmulticast mode
[   94.289751][ T5834] bridge_slave_1: entered promiscuous mode
[   94.342193][ T5851] Bluetooth: hci4: command tx timeout
[   94.342209][ T5848] Bluetooth: hci2: command tx timeout
[   94.342378][ T5848] Bluetooth: hci1: command tx timeout
[   94.369248][ T5837] team0: Port device team_slave_1 added
[   94.375831][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.383365][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.410269][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   94.421035][ T5848] Bluetooth: hci0: command tx timeout
[   94.442899][ T5833] team0: Port device team_slave_0 added
[   94.452070][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.465228][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.512284][ T5833] team0: Port device team_slave_1 added
[   94.565680][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.575770][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0
[   94.583685][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.609892][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.651440][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.675291][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.684607][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.711191][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   94.723511][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0
[   94.730923][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.756916][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.771215][ T5832] team0: Port device team_slave_0 added
[   94.778940][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.785917][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.812346][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   94.861177][ T5832] team0: Port device team_slave_1 added
[   94.894645][ T5834] team0: Port device team_slave_0 added
[   94.903469][ T5834] team0: Port device team_slave_1 added
[   94.958933][ T5831] hsr_slave_0: entered promiscuous mode
[   94.965555][ T5831] hsr_slave_1: entered promiscuous mode
[   95.014979][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.022168][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.048445][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.062478][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.069571][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.095747][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.119307][ T5837] hsr_slave_0: entered promiscuous mode
[   95.126155][ T5837] hsr_slave_1: entered promiscuous mode
[   95.135627][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   95.144515][ T5837] Cannot create hsr debugfs directory
[   95.185631][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.192807][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.220459][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.288565][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.295608][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.322764][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.378777][ T5833] hsr_slave_0: entered promiscuous mode
[   95.385320][ T5833] hsr_slave_1: entered promiscuous mode
[   95.392873][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   95.401299][ T5833] Cannot create hsr debugfs directory
[   95.535943][ T5832] hsr_slave_0: entered promiscuous mode
[   95.543842][ T5832] hsr_slave_1: entered promiscuous mode
[   95.550436][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   95.558116][ T5832] Cannot create hsr debugfs directory
[   95.620812][ T5834] hsr_slave_0: entered promiscuous mode
[   95.627325][ T5834] hsr_slave_1: entered promiscuous mode
[   95.633850][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   95.641875][ T5834] Cannot create hsr debugfs directory
[   96.163050][ T5831] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   96.179675][ T5831] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   96.191126][ T5831] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   96.202563][ T5831] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   96.299579][ T5837] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   96.329572][ T5837] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   96.338662][ T5848] Bluetooth: hci3: command tx timeout
[   96.362216][ T5837] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   96.373420][ T5837] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   96.418581][ T5155] Bluetooth: hci4: command tx timeout
[   96.418729][ T5851] Bluetooth: hci2: command tx timeout
[   96.424103][ T5848] Bluetooth: hci1: command tx timeout
[   96.466005][ T5833] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   96.489779][ T5833] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   96.499092][ T5848] Bluetooth: hci0: command tx timeout
[   96.508676][ T5833] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   96.521040][ T5833] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   96.643076][ T5832] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   96.662967][ T5832] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   96.685729][ T5832] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   96.699071][ T5832] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   96.719757][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0
[   96.803833][ T5831] 8021q: adding VLAN 0 to HW filter on device team0
[   96.862304][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0
[   96.886021][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.893485][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   96.909216][ T5834] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   96.920209][ T5834] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   96.939122][ T5834] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   96.955771][ T3462] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.963142][ T3462] bridge0: port 2(bridge_slave_1) entered forwarding state
[   96.988236][ T5834] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   97.035061][ T5837] 8021q: adding VLAN 0 to HW filter on device team0
[   97.087319][ T3462] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.094567][ T3462] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.132033][ T3462] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.139230][ T3462] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.213121][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.247124][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.306841][  T977] cfg80211: failed to load regulatory.db
[   97.314152][ T5833] 8021q: adding VLAN 0 to HW filter on device team0
[   97.364889][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.372100][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.390888][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.398156][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.442937][ T5832] 8021q: adding VLAN 0 to HW filter on device team0
[   97.473838][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.481119][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.531027][ T3462] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.538258][ T3462] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.753807][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0
[   97.865421][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.011997][ T5831] veth0_vlan: entered promiscuous mode
[   98.026072][ T5834] 8021q: adding VLAN 0 to HW filter on device team0
[   98.074902][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.082136][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.151421][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.158680][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.183596][ T5831] veth1_vlan: entered promiscuous mode
[   98.242977][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.351669][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.370602][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.407356][ T5831] veth0_macvtap: entered promiscuous mode
[   98.427556][ T5848] Bluetooth: hci3: command tx timeout
[   98.452563][ T5831] veth1_macvtap: entered promiscuous mode
[   98.497756][ T5848] Bluetooth: hci1: command tx timeout
[   98.498745][ T5851] Bluetooth: hci4: command tx timeout
[   98.503190][ T5155] Bluetooth: hci2: command tx timeout
[   98.526708][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0
[   98.578276][ T5155] Bluetooth: hci0: command tx timeout
[   98.619330][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1
[   98.687427][ T5831] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.706978][ T5831] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.718794][ T5831] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.728894][ T5831] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   98.753863][ T5833] veth0_vlan: entered promiscuous mode
[   98.761916][ T5832] veth0_vlan: entered promiscuous mode
[   98.775652][ T5832] veth1_vlan: entered promiscuous mode
[   98.841940][ T5833] veth1_vlan: entered promiscuous mode
[   98.986904][ T5832] veth0_macvtap: entered promiscuous mode
[   99.010925][ T5832] veth1_macvtap: entered promiscuous mode
[   99.040453][ T5837] veth0_vlan: entered promiscuous mode
[   99.056115][ T5837] veth1_vlan: entered promiscuous mode
[   99.068188][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.076203][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.085223][ T5833] veth0_macvtap: entered promiscuous mode
[   99.119232][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.134680][ T5833] veth1_macvtap: entered promiscuous mode
[   99.179905][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.209498][ T3462] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.214916][ T5837] veth0_macvtap: entered promiscuous mode
[   99.224088][ T3462] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.251755][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.269441][ T5837] veth1_macvtap: entered promiscuous mode
[   99.291591][ T5832] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.304884][ T5832] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.315536][ T5832] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.324954][ T5832] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.342164][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.381141][ T5831] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   99.384583][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.413988][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.455309][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.517392][ T5833] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.538853][ T5833] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.553877][ T5833] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.562900][ T5833] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.596331][ T5958] tipc: Started in network mode
[   99.601632][ T5958] tipc: Node identity 56bc3baef579, cluster identity 4711
[   99.609562][ T5958] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   99.633857][ T5837] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.643925][ T5837] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.656503][ T5837] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.666082][ T5837] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.680340][ T5834] veth0_vlan: entered promiscuous mode
[   99.690905][ T5957] syzkaller0: entered promiscuous mode
[   99.696429][ T5957] syzkaller0: entered allmulticast mode
[   99.792722][ T5834] veth1_vlan: entered promiscuous mode
[   99.852778][ T5938] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.862898][ T5938] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.912023][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.920934][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.947072][ T5958] tipc: Resetting bearer <eth:syzkaller0>
[   99.971468][ T5958] tipc: Disabling bearer <eth:syzkaller0>
[  100.018546][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.029417][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.102062][ T5834] veth0_macvtap: entered promiscuous mode
[  100.115762][   T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.154200][   T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.183666][ T5834] veth1_macvtap: entered promiscuous mode
[  100.246982][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.275299][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.285839][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.364729][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.420904][ T5834] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.432650][ T5834] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.432704][ T5834] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.432735][ T5834] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.501840][ T5155] Bluetooth: hci3: command tx timeout
[  100.577642][ T5155] Bluetooth: hci2: command tx timeout
[  100.578249][ T5155] Bluetooth: hci4: command tx timeout
[  100.578502][ T5155] Bluetooth: hci1: command tx timeout
[  100.658178][ T5851] Bluetooth: hci0: command tx timeout
[  100.778878][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  100.841069][ T5973] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  100.850675][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.850716][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.190697][    T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!!
[  101.208058][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  101.429892][ T5938] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.429917][ T5938] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.541188][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.541213][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.110309][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  102.315889][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  102.417544][    T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!!
[  102.519972][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  102.638110][ T5995] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9'.
[  102.818434][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  102.917993][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  102.928002][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  103.150952][ T5997] netlink: 'syz.0.10': attribute type 1 has an invalid length.
[  103.169714][ T5997] netlink: 172 bytes leftover after parsing attributes in process `syz.0.10'.
[  103.361978][ T6004] ip6t_srh: unknown srh invflags 4000
[  103.373601][ T6000] netlink: 16 bytes leftover after parsing attributes in process `syz.0.10'.
[  104.108226][ T5983] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  104.272840][ T5983] usb 2-1: Using ep0 maxpacket: 8
[  104.298987][ T5983] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  104.342407][ T5983] usb 2-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x7F, changing to 0xF
[  104.364818][ T5983] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  104.393638][ T5983] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  104.422903][ T5983] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.477682][ T5983] usb 2-1: Product: syz
[  104.483259][ T5983] usb 2-1: Manufacturer: syz
[  104.508128][ T5983] usb 2-1: SerialNumber: syz
[  105.143991][ T6019] capability: warning: `syz.4.14' uses deprecated v2 capabilities in a way that may be insecure
[  106.041862][ T5999] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  106.082241][ T5999] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  106.155164][ T5983] cdc_ncm 2-1:1.0: bind() failure
[  106.213826][ T5983] usbtest 2-1:1.1: probe with driver usbtest failed with error -71
[  106.246955][ T5983] usb 2-1: USB disconnect, device number 2
[  106.853091][ T6045] Zero length message leads to an empty skb
[  107.272240][ T6059] overlay: ./bus is not a directory
[  107.429736][ T6028] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  107.521285][ T6065] ip6erspan0: entered promiscuous mode
[  109.310361][ T6087] netlink: 'syz.4.34': attribute type 1 has an invalid length.
[  109.394074][ T6087] syz.4.34: attempt to access beyond end of device
[  109.394074][ T6087] loop4: rw=2048, sector=2, nr_sectors = 1 limit=0
[  109.739740][ T6087] hfsplus: unable to find HFS+ superblock
[  110.593213][ T6094] gretap1: entered promiscuous mode
[  111.023488][ T6108] netlink: 755 bytes leftover after parsing attributes in process `syz.4.40'.
[  113.291280][ T1217] IPVS: starting estimator thread 0...
[  113.438677][ T6137] IPVS: using max 25 ests per chain, 60000 per kthread
[  113.541723][ T6134] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  113.583094][ T6134] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  113.684790][ T6134] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  113.762874][ T6134] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  113.785193][ T6134] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  113.807305][ T6134] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  113.859692][ T6134] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  113.874621][ T6134] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  114.072374][ T6134] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  114.161789][ T6134] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  114.170523][ T6134] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  114.212827][ T6134] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  114.239061][ T6134] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  114.247796][ T6134] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  114.270643][ T6134] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  115.855659][ T5155] Bluetooth: hci0: command 0x0c1a tx timeout
[  115.866333][ T5848] Bluetooth: hci1: command 0x0c1a tx timeout
[  115.895330][ T6166] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  115.927557][  T977] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  115.937724][ T5848] Bluetooth: hci2: command 0x0c1a tx timeout
[  116.038549][ T6166] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  116.101711][ T6166] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  116.179946][ T6166] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  116.191487][ T5848] Bluetooth: hci4: command 0x0c1a tx timeout
[  116.257815][ T5848] Bluetooth: hci3: command 0x0c1a tx timeout
[  116.267825][ T6168] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  116.276666][  T977] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  116.295962][  T977] usb 1-1: config 0 has no interface number 0
[  116.365782][ T6168] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  116.429953][  T977] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  116.450317][  T977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.487654][  T977] usb 1-1: Product: syz
[  116.500913][  T977] usb 1-1: Manufacturer: syz
[  116.510004][  T977] usb 1-1: SerialNumber: syz
[  116.562840][  T977] usb 1-1: config 0 descriptor??
[  116.717617][ T5896] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  116.898123][  T977] usb 1-1: can't set config #0, error -71
[  116.959376][  T977] usb 1-1: USB disconnect, device number 2
[  117.146373][ T6194] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  117.171674][ T6194] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  117.947584][ T5851] Bluetooth: hci1: command 0x0c1a tx timeout
[  117.953739][ T5848] Bluetooth: hci0: command 0x0c1a tx timeout
[  118.017791][ T5851] Bluetooth: hci2: command 0x0c1a tx timeout
[  118.257854][ T5851] Bluetooth: hci4: command 0x0c1a tx timeout
[  118.337659][ T5851] Bluetooth: hci3: command 0x0c1a tx timeout
[  118.529227][ T6197] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  118.592965][ T6197] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  118.626594][ T6194] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  119.302360][ T6194] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  119.472822][ T6201] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  120.153082][ T6204] =======================================================
[  120.153082][ T6204] WARNING: The mand mount option has been deprecated and
[  120.153082][ T6204]          and is ignored by this kernel. Remove the mand
[  120.153082][ T6204]          option from the mount to silence this warning.
[  120.153082][ T6204] =======================================================
[  120.188039][    C0] vkms_vblank_simulate: vblank timer overrun
[  120.196524][ T5851] Bluetooth: hci1: command 0x0c1a tx timeout
[  120.198894][ T5848] Bluetooth: hci0: command 0x0c1a tx timeout
[  120.203280][ T5851] Bluetooth: hci2: command 0x0c1a tx timeout
[  120.215717][ T6204] sch_fq: defrate 4294967295 ignored.
[  120.364290][ T5851] Bluetooth: hci4: command 0x0c1a tx timeout
[  120.417581][ T5851] Bluetooth: hci3: command 0x0c1a tx timeout
[  121.583042][ T6234] xt_TPROXY: Can be used only with -p tcp or -p udp
[  121.907779][ T5896] usb 3-1: device descriptor read/64, error -110
[  122.498091][ T5851] Bluetooth: hci3: command 0x0c1a tx timeout
[  123.947674][ T5896] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  124.117543][ T5896] usb 3-1: device descriptor read/64, error -32
[  124.278933][ T5896] usb usb3-port1: attempt power cycle
[  124.707567][ T5896] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  124.911027][ T5896] usb 3-1: device descriptor read/8, error -32
[  125.011765][ T6257] veth1_to_bond: entered allmulticast mode
[  125.906357][ T5896] raw-gadget.4 gadget.2: failed to queue reset event
[  125.987933][ T5896] raw-gadget.4 gadget.2: failed to queue resume event
[  126.959007][ T5896] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  126.996364][    C1] raw-gadget.4 gadget.2: ignoring, device is not running
[  127.004865][ T5896] usb 3-1: device descriptor read/8, error -32
[  128.003141][ T5896] raw-gadget.4 gadget.2: failed to queue suspend event
[  128.011139][ T5896] usb usb3-port1: unable to enumerate USB device
[  129.446253][ T6256] veth1_to_bond: left allmulticast mode
[  129.742986][ T6267] netlink: 24 bytes leftover after parsing attributes in process `syz.3.79'.
[  130.001874][ T6276] input: syz1 as /devices/virtual/input/input5
[  130.968211][ T1217] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  131.158854][ T1217] usb 5-1: Using ep0 maxpacket: 8
[  131.187419][ T1217] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  131.215083][ T1217] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  131.217705][ T6298] netlink: 'syz.0.86': attribute type 1 has an invalid length.
[  131.255894][ T1217] usb 5-1: config 1 has no interface number 1
[  131.271329][ T1217] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  131.315828][ T1217] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  131.332347][ T6298] netlink: 15 bytes leftover after parsing attributes in process `syz.0.86'.
[  131.342646][ T1217] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.356105][ T1217] usb 5-1: Product: syz
[  131.371831][ T1217] usb 5-1: Manufacturer: syz
[  131.386477][ T1217] usb 5-1: SerialNumber: syz
[  131.687973][ T1217] usb 5-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  131.966028][ T1217] usb 5-1: USB disconnect, device number 2
[  132.079068][ T5886] udevd[5886]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  132.156711][ T6308] mkiss: ax0: crc mode is auto.
[  134.998838][ T5155] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  135.017124][ T5155] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  135.038480][ T5155] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  135.058351][ T5155] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  135.072841][ T5155] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  135.441383][ T6328] netlink: 4 bytes leftover after parsing attributes in process `syz.3.94'.
[  136.459641][ T6184] raw-gadget.4 gadget.2: failed to queue disconnect event
[  137.297799][ T5155] Bluetooth: hci5: command tx timeout
[  138.272638][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  139.336785][ T6332] syz.0.95 (6332): drop_caches: 2
[  139.364526][ T6332] syz.0.95 (6332): drop_caches: 2
[  139.377626][ T5155] Bluetooth: hci5: command tx timeout
[  139.801812][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  141.463476][ T5155] Bluetooth: hci5: command tx timeout
[  141.678960][ T6342] syz.3.98 uses obsolete (PF_INET,SOCK_PACKET)
[  142.359527][ T6349] netlink: 12 bytes leftover after parsing attributes in process `syz.0.99'.
[  142.433861][ T6322] chnl_net:caif_netlink_parms(): no params data found
[  142.593614][ T6349] 8021q: adding VLAN 0 to HW filter on device bond0
[  142.611486][ T6349] bond0: (slave rose0): Enslaving as an active interface with an up link
[  143.475354][ T6361] netlink: 8 bytes leftover after parsing attributes in process `syz.0.102'.
[  143.513695][ T6361] netlink: 20 bytes leftover after parsing attributes in process `syz.0.102'.
[  143.547760][ T5155] Bluetooth: hci5: command tx timeout
[  143.917327][ T5976] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  143.950255][ T6377] netlink: 52 bytes leftover after parsing attributes in process `syz.3.101'.
[  144.018368][ T6369] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  144.191580][ T5976] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.572709][ T5976] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.036167][ T5976] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.076338][ T6322] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.114739][ T6322] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.127825][ T5983] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  145.140388][ T6406] netlink: 15 bytes leftover after parsing attributes in process `syz.3.107'.
[  145.147061][ T6322] bridge_slave_0: entered allmulticast mode
[  145.175522][ T6322] bridge_slave_0: entered promiscuous mode
[  145.194934][ T6322] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.208497][ T6322] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.226143][ T6322] bridge_slave_1: entered allmulticast mode
[  145.248372][ T6322] bridge_slave_1: entered promiscuous mode
[  145.321583][ T5983] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  145.355834][ T5983] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 255, changing to 11
[  145.377764][ T5983] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 59391, setting to 1024
[  145.407620][ T5983] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  145.434501][ T5983] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.478479][ T6400] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  145.487218][ T6322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  145.519912][ T5983] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  145.540060][ T6322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  145.842896][ T5896] usb 3-1: USB disconnect, device number 6
[  145.948935][ T6322] team0: Port device team_slave_0 added
[  145.999186][ T6322] team0: Port device team_slave_1 added
[  146.060595][ T6428] netlink: 16 bytes leftover after parsing attributes in process `syz.4.109'.
[  146.144562][ T6428] netlink: 16 bytes leftover after parsing attributes in process `syz.4.109'.
[  146.452880][ T6322] batman_adv: batadv0: Adding interface: batadv_slave_0
[  146.460656][ T6438] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  146.479529][ T6322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  146.509233][ T6438] VFS: Can't find a romfs filesystem on dev nullb0.
[  146.509233][ T6438] 
[  146.591855][ T6322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  146.641077][ T6322] batman_adv: batadv0: Adding interface: batadv_slave_1
[  146.682471][ T6322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  146.745819][ T6322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  147.059127][ T6322] hsr_slave_0: entered promiscuous mode
[  147.085152][ T6322] hsr_slave_1: entered promiscuous mode
[  147.115817][ T6322] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  147.128402][ T6322] Cannot create hsr debugfs directory
[  147.378250][ T5976] bridge_slave_1: left allmulticast mode
[  147.387627][ T5976] bridge_slave_1: left promiscuous mode
[  147.393969][ T5976] bridge0: port 2(bridge_slave_1) entered disabled state
[  147.662040][ T5976] bridge_slave_0: left allmulticast mode
[  147.692597][ T5976] bridge_slave_0: left promiscuous mode
[  147.716517][ T5976] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.119552][ T6467] program syz.4.117 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  148.301276][ T6477] input: syz0 as /devices/virtual/input/input6
[  148.367918][    C1] sd 0:0:1:0: [sda] tag#7368 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  148.378451][    C1] sd 0:0:1:0: [sda] tag#7368 CDB: Write(6) 0a 00 00 00 73 d0
[  148.743917][ T6484] misc userio: Invalid payload size
[  148.796270][ T6484] afs: Unknown parameter 'sm!ckfsdeāK&@&--}'
[  150.266006][ T5976] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  150.282685][ T5976] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  150.302463][ T5976] bond0 (unregistering): Released all slaves
[  151.173040][ T6322] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  151.201077][ T6322] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  151.216090][ T6322] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  151.240497][ T6322] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  151.481956][ T6322] 8021q: adding VLAN 0 to HW filter on device bond0
[  151.521905][ T6322] 8021q: adding VLAN 0 to HW filter on device team0
[  151.554618][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  151.561901][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  151.592998][ T3462] bridge0: port 2(bridge_slave_1) entered blocking state
[  151.600207][ T3462] bridge0: port 2(bridge_slave_1) entered forwarding state
[  152.135534][ T6322] 8021q: adding VLAN 0 to HW filter on device batadv0
[  152.677032][ T6322] veth0_vlan: entered promiscuous mode
[  152.884047][ T6322] veth1_vlan: entered promiscuous mode
[  152.901297][ T5896] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  152.908037][ T5155] Bluetooth: hci0: command 0x0c1a tx timeout
[  152.935078][ T5896] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[  153.016787][ T6322] veth0_macvtap: entered promiscuous mode
[  153.041416][ T6322] veth1_macvtap: entered promiscuous mode
[  153.100649][ T6322] batman_adv: batadv0: Interface activated: batadv_slave_0
[  153.121963][ T6322] batman_adv: batadv0: Interface activated: batadv_slave_1
[  153.140609][ T6322] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  153.150927][ T6322] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  153.162498][ T6322] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  153.172313][ T6322] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  154.977849][ T5155] Bluetooth: hci1: command 0x0c1a tx timeout
[  154.984288][ T5896] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  155.002277][ T5896] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[  157.117892][ T5155] Bluetooth: hci2: command 0x0c1a tx timeout
[  157.118084][ T5896] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  157.131440][ T5896] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  158.783306][ T6719] netlink: 8 bytes leftover after parsing attributes in process `syz.3.138'.
[  158.792331][ T6719] netlink: 12 bytes leftover after parsing attributes in process `syz.3.138'.
[  159.217807][ T5896] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[  159.224014][ T5155] Bluetooth: hci4: command 0x0c1a tx timeout
[  159.232589][ T5896] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[  161.159560][ T6795] 9pnet_fd: Insufficient options for proto=fd
[  161.457936][ T5155] Bluetooth: hci5: command 0x0c1a tx timeout
[  161.464283][ T5896] Bluetooth: hci5: Opcode 0x0c1a failed: -110
[  161.477486][ T5896] Bluetooth: hci5: Error when powering off device on rfkill (-110)
[  166.756516][ T6857] overlayfs: failed to clone upperpath
[  170.314247][ T6901] overlayfs: failed to clone upperpath
[  170.411290][ T6901] overlayfs: failed to clone upperpath
[  170.530561][ T6908] netlink: 24 bytes leftover after parsing attributes in process `syz.3.164'.
[  173.773290][ T6961] netlink: 'syz.3.166': attribute type 1 has an invalid length.
[  173.823222][ T6961] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  173.840799][ T6961] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  173.849977][ T6961] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  173.859286][ T6961] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  173.871720][ T6961] bond2: (slave geneve2): making interface the new active one
[  173.881798][ T6961] bond2: (slave geneve2): Enslaving as an active interface with an up link
[  176.022546][ T7031] netlink: 8 bytes leftover after parsing attributes in process `syz.3.170'.
[  177.243714][ T7053] netlink: 'syz.3.172': attribute type 6 has an invalid length.
[  177.344549][ T7055] netlink: 'syz.3.173': attribute type 2 has an invalid length.
[  177.417533][ T7057] netlink: 28 bytes leftover after parsing attributes in process `syz.3.174'.
[  177.521354][   T30] audit: type=1800 audit(1754283117.192:2): pid=7063 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.175" name="nullb0" dev="tmpfs" ino=420 res=0 errno=0
[  178.131390][ T7073] netlink: 8 bytes leftover after parsing attributes in process `syz.3.178'.
[  178.140616][ T7073] netlink: 12 bytes leftover after parsing attributes in process `syz.3.178'.
[  179.472471][ T7086] fuse: Bad value for 'user_id'
[  179.479635][ T7086] fuse: Bad value for 'user_id'
[  179.491918][ T7086] netlink: 32 bytes leftover after parsing attributes in process `syz.3.182'.
[  179.491923][ T7087] netlink: 32 bytes leftover after parsing attributes in process `syz.3.182'.
[  179.493254][ T7088] netlink: 8 bytes leftover after parsing attributes in process `syz.3.182'.
[  179.521837][ T7088] netlink: 312 bytes leftover after parsing attributes in process `syz.3.182'.
[  179.534074][ T7088] netlink: 'syz.3.182': attribute type 1 has an invalid length.
[  179.542765][ T7087] netlink: 8 bytes leftover after parsing attributes in process `syz.3.182'.
[  179.551802][ T7087] netlink: 312 bytes leftover after parsing attributes in process `syz.3.182'.
[  179.560861][ T7087] netlink: 'syz.3.182': attribute type 1 has an invalid length.
[  179.612283][ T7090] 8021q: VLANs not supported on vcan0
[  184.283570][ T7103] netlink: 16 bytes leftover after parsing attributes in process `syz.3.188'.
[  184.630765][ T7116] netlink: 48 bytes leftover after parsing attributes in process `syz.3.192'.
[  187.750911][   T30] audit: type=1326 audit(1754283127.422:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7142 comm="syz.3.200" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb3c5f8eb69 code=0x0
[  194.176989][ T7183] netlink: 28 bytes leftover after parsing attributes in process `syz.3.209'.
[  195.214704][   T30] audit: type=1800 audit(1754283134.882:4): pid=7187 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.210" name="nullb0" dev="tmpfs" ino=420 res=0 errno=0
[  195.254639][   T30] audit: type=1804 audit(1754283134.922:5): pid=7187 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.210" name="file0" dev="tmpfs" ino=599 res=1 errno=0
[  200.176608][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  200.183149][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  201.386646][ T7220] netlink: 500 bytes leftover after parsing attributes in process `syz.3.218'.
[  203.201809][ T7234] overlayfs: missing 'lowerdir'
[  203.212177][ T7234] process 'syz.3.221' launched './file0' with NULL argv: empty string added
[  204.319273][ T7240] netlink: 12 bytes leftover after parsing attributes in process `syz.3.223'.
[  205.024441][ T7244] netlink: 20 bytes leftover after parsing attributes in process `syz.3.224'.
[  207.055408][   T30] audit: type=1326 audit(1754283146.722:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7261 comm="syz.3.230" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb3c5f8eb69 code=0x0
[  211.873821][ T7307] netlink: 4 bytes leftover after parsing attributes in process `syz.3.242'.
[  211.888368][ T7307] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  211.897340][ T7307] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  211.906162][ T7307] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  211.915295][ T7307] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  213.652567][   T30] audit: type=1326 audit(1754283153.322:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7328 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3c5f8eb69 code=0x7ffc0000
[  213.674128][   T30] audit: type=1326 audit(1754283153.322:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7328 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3c5f8eb69 code=0x7ffc0000
[  213.713874][   T30] audit: type=1326 audit(1754283153.322:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7328 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb3c5f8eb69 code=0x7ffc0000
[  213.742248][   T30] audit: type=1326 audit(1754283153.322:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7328 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3c5f8eb69 code=0x7ffc0000
[  213.763871][   T30] audit: type=1326 audit(1754283153.322:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7328 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb3c5f8eb69 code=0x7ffc0000
[  213.786468][   T30] audit: type=1326 audit(1754283153.372:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7328 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3c5f8eb69 code=0x7ffc0000
[  213.809225][   T30] audit: type=1326 audit(1754283153.372:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7328 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb3c5f85b27 code=0x7ffc0000
[  213.830674][   T30] audit: type=1326 audit(1754283153.372:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7328 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb3c5f2ad69 code=0x7ffc0000
[  213.858449][   T30] audit: type=1326 audit(1754283153.372:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7328 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb3c5f85b27 code=0x7ffc0000
[  213.881549][   T30] audit: type=1326 audit(1754283153.372:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7328 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb3c5f2ad69 code=0x7ffc0000
[  214.977775][ T7336] overlay: Unknown parameter 'uid<00000000000000000000'
[  215.091299][ T7341] netlink: 'syz.3.251': attribute type 10 has an invalid length.
[  215.116461][ T7341] 8021q: adding VLAN 0 to HW filter on device bond0
[  215.126354][ T7341] team0: Port device bond0 added
[  215.798546][ T7348] netlink: 'syz.3.254': attribute type 1 has an invalid length.
[  223.872127][ T7413] trusted_key: syz.3.272 sent an empty control message without MSG_MORE.
[  223.889915][ T7413] netlink: 'syz.3.272': attribute type 1 has an invalid length.
[  224.002553][ T7416] overlayfs: failed to resolve './file0': -2
[  224.833137][ T7418] netlink: 24 bytes leftover after parsing attributes in process `syz.3.274'.
[  225.001288][  T977] libceph: connect (1)[c::]:6789 error -101
[  225.010921][  T977] libceph: mon0 (1)[c::]:6789 connect error
[  225.026477][  T977] libceph: connect (1)[c::]:6789 error -101
[  225.043279][  T977] libceph: mon0 (1)[c::]:6789 connect error
[  225.054275][ T7422] ceph: No mds server is up or the cluster is laggy
[  230.812634][ T7475] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  235.301427][ T7492] netlink: 44 bytes leftover after parsing attributes in process `syz.3.296'.
[  235.677213][ T7496] overlayfs: failed to resolve './file1': -2
[  243.148723][ T7536] bridge3: entered promiscuous mode
[  243.154022][ T7536] bridge3: entered allmulticast mode
[  243.166250][ T7536] team0: Port device bridge3 added
[  261.144200][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  261.150703][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  312.338435][   T31] INFO: task syz-executor:5837 blocked for more than 143 seconds.
[  312.346349][   T31]       Not tainted 6.16.0-syzkaller #0
[  312.352316][   T31]       Blocked by coredump.
[  312.356995][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  312.365764][   T31] task:syz-executor    state:D stack:21016 pid:5837  tgid:5837  ppid:1      task_flags:0x40054c flags:0x00004006
[  312.377809][   T31] Call Trace:
[  312.381111][   T31]  <TASK>
[  312.384062][   T31]  __schedule+0x16aa/0x4c90
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  312.388752][   T31]  ? __lock_acquire+0x9c0/0xd20
[  312.393692][   T31]  ? schedule+0x165/0x360
[  312.398194][   T31]  ? __pfx___schedule+0x10/0x10
[  312.403116][   T31]  ? schedule+0x91/0x360
[  312.407456][   T31]  schedule+0x165/0x360
[  312.411751][   T31]  schedule_preempt_disabled+0x13/0x30
[  312.417250][   T31]  __mutex_lock+0x724/0xe80
[  312.422030][   T31]  ? kobject_put+0x43f/0x480
[  312.426773][   T31]  ? __mutex_lock+0x51b/0xe80
[  312.431653][   T31]  ? rfkill_unregister+0xc8/0x220
[  312.437762][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  312.442871][   T31]  ? __pfx_device_del+0x10/0x10
[  312.478108][   T31]  ? hci_sock_dev_event+0x42d/0x600
[  312.483427][   T31]  rfkill_unregister+0xc8/0x220
[  312.526090][   T31]  hci_unregister_dev+0x374/0x510
[  312.531378][   T31]  vhci_release+0x80/0xd0
[  312.535779][   T31]  ? __pfx_vhci_release+0x10/0x10
[  312.557446][   T31]  __fput+0x449/0xa70
[  312.561553][   T31]  task_work_run+0x1d1/0x260
[  312.566222][   T31]  ? __pfx_task_work_run+0x10/0x10
[  312.571649][   T31]  ? kmem_cache_free+0x18f/0x400
[  312.576662][   T31]  do_exit+0x6b5/0x22e0
[  312.580966][   T31]  ? __pfx_do_exit+0x10/0x10
[  312.585611][   T31]  ? preempt_schedule_common+0x83/0xd0
[  312.591157][   T31]  ? preempt_schedule+0xae/0xc0
[  312.596062][   T31]  ? __pfx_preempt_schedule+0x10/0x10
[  312.601576][   T31]  do_group_exit+0x21c/0x2d0
[  312.606238][   T31]  get_signal+0x125e/0x1310
[  312.610889][   T31]  arch_do_signal_or_restart+0x9a/0x750
[  312.616496][   T31]  ? __pfx___x64_sys_wait4+0x10/0x10
[  312.621928][   T31]  ? fput_close_sync+0x119/0x200
[  312.626934][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  312.633237][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[  312.638914][   T31]  exit_to_user_mode_loop+0x75/0x110
[  312.644249][   T31]  do_syscall_64+0x2bd/0x3b0
[  312.648947][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  312.654187][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.660614][   T31]  ? clear_bhb_loop+0x60/0xb0
[  312.665328][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.671328][   T31] RIP: 0033:0x7fa0e6984dd7
[  312.675793][   T31] RSP: 002b:00007fff32b2f6f0 EFLAGS: 00000293 ORIG_RAX: 000000000000003d
[  312.684379][   T31] RAX: fffffffffffffe00 RBX: 000000000000006f RCX: 00007fa0e6984dd7
[  312.692403][   T31] RDX: 0000000040000000 RSI: 00007fff32b2f75c RDI: 00000000ffffffff
[  312.700468][   T31] RBP: 00007fff32b2f75c R08: 0000000000000000 R09: 0000000000000000
[  312.708522][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000001d
[  312.716543][   T31] R13: 0000555583b0a590 R14: 00000000000249cc R15: 00007fff32b2f7b0
[  312.724667][   T31]  </TASK>
[  312.728367][   T31] INFO: task kworker/1:7:5960 blocked for more than 143 seconds.
[  312.736124][   T31]       Not tainted 6.16.0-syzkaller #0
[  312.741833][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  312.750685][   T31] task:kworker/1:7     state:D stack:23496 pid:5960  tgid:5960  ppid:2      task_flags:0x4208060 flags:0x00004000
[  312.762795][   T31] Workqueue: events rfkill_global_led_trigger_worker
[  312.769816][   T31] Call Trace:
[  312.773117][   T31]  <TASK>
[  312.776085][   T31]  __schedule+0x16aa/0x4c90
[  312.780709][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  312.786144][   T31]  ? schedule+0x165/0x360
[  312.790525][   T31]  ? __pfx___schedule+0x10/0x10
[  312.795399][   T31]  ? schedule+0x91/0x360
[  312.799720][   T31]  schedule+0x165/0x360
[  312.803903][   T31]  schedule_preempt_disabled+0x13/0x30
[  312.809423][   T31]  __mutex_lock+0x724/0xe80
[  312.813958][   T31]  ? look_up_lock_class+0x74/0x170
[  312.819275][   T31]  ? __mutex_lock+0x51b/0xe80
[  312.824185][   T31]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[  312.831164][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  312.836239][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  312.842620][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  312.848452][   T31]  rfkill_global_led_trigger_worker+0x27/0xd0
[  312.854580][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  312.860464][   T31]  process_scheduled_works+0xade/0x17b0
[  312.866124][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  312.872638][   T31]  worker_thread+0x8a0/0xda0
[  312.877249][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  312.883860][   T31]  ? __kthread_parkme+0x7b/0x200
[  312.888919][   T31]  kthread+0x70e/0x8a0
[  312.893135][   T31]  ? __pfx_worker_thread+0x10/0x10
[  312.898329][   T31]  ? __pfx_kthread+0x10/0x10
[  312.903055][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  312.908313][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  312.913553][   T31]  ? __pfx_kthread+0x10/0x10
[  312.918258][   T31]  ret_from_fork+0x3fc/0x770
[  312.922889][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  312.928095][   T31]  ? __switch_to_asm+0x39/0x70
[  312.932999][   T31]  ? __switch_to_asm+0x33/0x70
[  312.937884][   T31]  ? __pfx_kthread+0x10/0x10
[  312.942518][   T31]  ret_from_fork_asm+0x1a/0x30
[  312.947319][   T31]  </TASK>
[  312.950451][   T31] INFO: task kworker/u8:8:5976 blocked for more than 143 seconds.
[  312.961531][   T31]       Not tainted 6.16.0-syzkaller #0
[  312.967119][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  312.975846][   T31] task:kworker/u8:8    state:D stack:20760 pid:5976  tgid:5976  ppid:2      task_flags:0x4208060 flags:0x00004000
[  312.988352][   T31] Workqueue: netns cleanup_net
[  312.993211][   T31] Call Trace:
[  312.996556][   T31]  <TASK>
[  312.999629][   T31]  __schedule+0x16aa/0x4c90
[  313.004210][   T31]  ? __lock_acquire+0x9c1/0xd20
[  313.009162][   T31]  ? schedule+0x165/0x360
[  313.013545][   T31]  ? __pfx___schedule+0x10/0x10
[  313.018500][   T31]  ? schedule+0x91/0x360
[  313.022773][   T31]  schedule+0x165/0x360
[  313.026940][   T31]  schedule_preempt_disabled+0x13/0x30
[  313.032508][   T31]  __mutex_lock+0x724/0xe80
[  313.037060][   T31]  ? kobject_put+0x43f/0x480
[  313.041808][   T31]  ? __mutex_lock+0x51b/0xe80
[  313.046553][   T31]  ? rfkill_unregister+0xc8/0x220
[  313.051707][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  313.056801][   T31]  ? __pfx_device_del+0x10/0x10
[  313.061816][   T31]  rfkill_unregister+0xc8/0x220
[  313.066690][   T31]  wiphy_unregister+0x238/0xae0
[  313.071683][   T31]  ? __pfx_skb_queue_purge_reason+0x10/0x10
[  313.077690][   T31]  ? __pfx_wiphy_unregister+0x10/0x10
[  313.083251][   T31]  ? kasan_quarantine_put+0xdd/0x220
[  313.088874][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  313.094338][   T31]  ? kfree+0x18e/0x440
[  313.098681][   T31]  ieee80211_unregister_hw+0x1e2/0x2c0
[  313.104179][   T31]  mac80211_hwsim_del_radio+0x275/0x460
[  313.109878][   T31]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[  313.116128][   T31]  hwsim_exit_net+0x584/0x640
[  313.120952][   T31]  ? __pfx_hwsim_exit_net+0x10/0x10
[  313.126307][   T31]  ? __ip_vs_dev_cleanup_batch+0x238/0x260
[  313.132256][   T31]  ops_undo_list+0x497/0x990
[  313.136903][   T31]  ? __pfx_ops_undo_list+0x10/0x10
[  313.142203][   T31]  cleanup_net+0x4c5/0x800
[  313.146668][   T31]  ? __pfx_cleanup_net+0x10/0x10
[  313.151715][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  313.157539][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  313.163324][   T31]  process_scheduled_works+0xade/0x17b0
[  313.169187][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  313.175211][   T31]  worker_thread+0x8a0/0xda0
[  313.180056][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  313.186431][   T31]  ? __kthread_parkme+0x7b/0x200
[  313.191585][   T31]  kthread+0x70e/0x8a0
[  313.195707][   T31]  ? __pfx_worker_thread+0x10/0x10
[  313.200884][   T31]  ? __pfx_kthread+0x10/0x10
[  313.205495][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  313.210971][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  313.216244][   T31]  ? __pfx_kthread+0x10/0x10
[  313.221112][   T31]  ret_from_fork+0x3fc/0x770
[  313.225758][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  313.231371][   T31]  ? __switch_to_asm+0x39/0x70
[  313.236202][   T31]  ? __switch_to_asm+0x33/0x70
[  313.241172][   T31]  ? __pfx_kthread+0x10/0x10
[  313.245932][   T31]  ret_from_fork_asm+0x1a/0x30
[  313.250936][   T31]  </TASK>
[  313.254048][   T31] INFO: task syz-executor:6322 blocked for more than 144 seconds.
[  313.261970][   T31]       Not tainted 6.16.0-syzkaller #0
[  313.267648][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  313.276360][   T31] task:syz-executor    state:D stack:21792 pid:6322  tgid:6322  ppid:1      task_flags:0x400140 flags:0x00004004
[  313.288553][   T31] Call Trace:
[  313.292052][   T31]  <TASK>
[  313.295027][   T31]  __schedule+0x16aa/0x4c90
[  313.299868][   T31]  ? __lock_acquire+0xab9/0xd20
[  313.305118][   T31]  ? schedule+0x165/0x360
[  313.309525][   T31]  ? __pfx___schedule+0x10/0x10
[  313.314405][   T31]  ? schedule+0x91/0x360
[  313.318977][   T31]  schedule+0x165/0x360
[  313.323170][   T31]  schedule_preempt_disabled+0x13/0x30
[  313.328725][   T31]  __mutex_lock+0x724/0xe80
[  313.333253][   T31]  ? __lock_acquire+0xab9/0xd20
[  313.338172][   T31]  ? __mutex_lock+0x51b/0xe80
[  313.342899][   T31]  ? nfc_rfkill_set_block+0x50/0x2e0
[  313.348277][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  313.353353][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  313.358615][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  313.364528][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  313.370919][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  313.376662][   T31]  nfc_rfkill_set_block+0x50/0x2e0
[  313.381858][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  313.387804][   T31]  rfkill_set_block+0x1cf/0x440
[  313.392780][   T31]  rfkill_fop_open+0x28f/0x820
[  313.397629][   T31]  ? __pfx_rfkill_fop_open+0x10/0x10
[  313.402927][   T31]  misc_open+0x2b9/0x330
[  313.407299][   T31]  chrdev_open+0x4c9/0x5e0
[  313.412083][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  313.417059][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  313.422091][   T31]  do_dentry_open+0xdf0/0x1970
[  313.426912][   T31]  vfs_open+0x3b/0x340
[  313.431313][   T31]  ? path_openat+0x2ecd/0x3830
[  313.436118][   T31]  path_openat+0x2ee5/0x3830
[  313.440936][   T31]  ? arch_stack_walk+0xfc/0x150
[  313.445872][   T31]  ? __pfx_path_openat+0x10/0x10
[  313.450913][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.457037][   T31]  do_filp_open+0x1fa/0x410
[  313.461735][   T31]  ? __lock_acquire+0xab9/0xd20
[  313.466615][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  313.471848][   T31]  ? _raw_spin_unlock+0x28/0x50
[  313.476763][   T31]  ? alloc_fd+0x64c/0x6c0
[  313.481160][   T31]  do_sys_openat2+0x121/0x1c0
[  313.486315][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  313.491615][   T31]  ? fput_close_sync+0x119/0x200
[  313.496576][   T31]  ? __pfx_fput_close_sync+0x10/0x10
[  313.501955][   T31]  __x64_sys_openat+0x138/0x170
[  313.506843][   T31]  do_syscall_64+0xfa/0x3b0
[  313.511450][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.517578][   T31]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  313.523768][   T31]  ? clear_bhb_loop+0x60/0xb0
[  313.528534][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.534457][   T31] RIP: 0033:0x7f4a79b8d4d0
[  313.539135][   T31] RSP: 002b:00007ffd34e74c90 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  313.547830][   T31] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f4a79b8d4d0
[  313.555886][   T31] RDX: 0000000000000002 RSI: 00007f4a79c12891 RDI: 00000000ffffff9c
[  313.563982][   T31] RBP: 00007f4a79c12891 R08: 0000000000000000 R09: 0000000000000000
[  313.572123][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000008
[  313.580246][   T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[  313.588391][   T31]  </TASK>
[  313.591538][   T31] INFO: task syz.4.119:6484 blocked for more than 144 seconds.
[  313.599264][   T31]       Not tainted 6.16.0-syzkaller #0
[  313.604842][   T31]       Blocked by coredump.
[  313.609514][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  313.618279][   T31] task:syz.4.119       state:D stack:25032 pid:6484  tgid:6483  ppid:5837   task_flags:0x40054c flags:0x00004002
[  313.630363][   T31] Call Trace:
[  313.633687][   T31]  <TASK>
[  313.636648][   T31]  __schedule+0x16aa/0x4c90
[  313.641244][   T31]  ? __lock_acquire+0xab9/0xd20
[  313.646127][   T31]  ? schedule+0x165/0x360
[  313.650742][   T31]  ? __pfx___schedule+0x10/0x10
[  313.655640][   T31]  ? schedule+0x91/0x360
[  313.659969][   T31]  schedule+0x165/0x360
[  313.664176][   T31]  schedule_preempt_disabled+0x13/0x30
[  313.669737][   T31]  __mutex_lock+0x724/0xe80
[  313.674360][   T31]  ? kobject_put+0x43f/0x480
[  313.679048][   T31]  ? __mutex_lock+0x51b/0xe80
[  313.683769][   T31]  ? rfkill_unregister+0xc8/0x220
[  313.688914][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  313.694020][   T31]  ? __pfx_device_del+0x10/0x10
[  313.698957][   T31]  rfkill_unregister+0xc8/0x220
[  313.703829][   T31]  nfc_unregister_device+0x96/0x2a0
[  313.709156][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[  313.714982][   T31]  virtual_ncidev_close+0x56/0x90
[  313.720093][   T31]  __fput+0x449/0xa70
[  313.724221][   T31]  task_work_run+0x1d1/0x260
[  313.728964][   T31]  ? __pfx_task_work_run+0x10/0x10
[  313.734295][   T31]  do_exit+0x6b5/0x22e0
[  313.738554][   T31]  ? do_raw_spin_lock+0x121/0x290
[  313.743659][   T31]  ? __pfx_do_exit+0x10/0x10
[  313.748455][   T31]  do_group_exit+0x21c/0x2d0
[  313.753117][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  313.758595][   T31]  get_signal+0x125e/0x1310
[  313.763144][   T31]  arch_do_signal_or_restart+0x9a/0x750
[  313.768817][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  313.775015][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[  313.780563][   T31]  exit_to_user_mode_loop+0x75/0x110
[  313.786010][   T31]  do_syscall_64+0x2bd/0x3b0
[  313.790672][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.796752][   T31]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  313.802973][   T31]  ? clear_bhb_loop+0x60/0xb0
[  313.807751][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.813874][   T31] RIP: 0033:0x7fa0e698eb69
[  313.818422][   T31] RSP: 002b:00007fa0e67f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  313.826863][   T31] RAX: 000000000000000d RBX: 00007fa0e6bb5fa0 RCX: 00007fa0e698eb69
[  313.835034][   T31] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  313.843141][   T31] RBP: 00007fa0e6a11df1 R08: 0000000000000000 R09: 0000000000000000
[  313.851230][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  313.859406][   T31] R13: 0000000000000000 R14: 00007fa0e6bb5fa0 R15: 00007fff32b2f398
[  313.867803][   T31]  </TASK>
[  313.870888][   T31] INFO: task syz.0.152:6829 blocked for more than 144 seconds.
[  313.878537][   T31]       Not tainted 6.16.0-syzkaller #0
[  313.884102][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  313.892842][   T31] task:syz.0.152       state:D stack:25240 pid:6829  tgid:6825  ppid:5833   task_flags:0x400040 flags:0x00004004
[  313.904840][   T31] Call Trace:
[  313.908211][   T31]  <TASK>
[  313.911179][   T31]  __schedule+0x16aa/0x4c90
[  313.915704][   T31]  ? __lock_acquire+0x9c0/0xd20
[  313.920636][   T31]  ? schedule+0x165/0x360
[  313.925002][   T31]  ? __pfx___schedule+0x10/0x10
[  313.929942][   T31]  ? schedule+0x91/0x360
[  313.934309][   T31]  schedule+0x165/0x360
[  313.938644][   T31]  schedule_preempt_disabled+0x13/0x30
[  313.944163][   T31]  __mutex_lock+0x724/0xe80
[  313.948790][   T31]  ? __mutex_lock+0x51b/0xe80
[  313.953517][   T31]  ? misc_open+0x51/0x330
[  313.957929][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  313.963094][   T31]  misc_open+0x51/0x330
[  313.967303][   T31]  chrdev_open+0x4c9/0x5e0
[  313.971876][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  313.976844][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  313.982026][   T31]  do_dentry_open+0xdf0/0x1970
[  313.986829][   T31]  vfs_open+0x3b/0x340
[  313.990996][   T31]  ? path_openat+0x2ecd/0x3830
[  313.995810][   T31]  path_openat+0x2ee5/0x3830
[  314.000514][   T31]  ? arch_stack_walk+0xfc/0x150
[  314.005433][   T31]  ? __pfx_path_openat+0x10/0x10
[  314.010484][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.016612][   T31]  do_filp_open+0x1fa/0x410
[  314.021300][   T31]  ? __lock_acquire+0xab9/0xd20
[  314.026173][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  314.031317][   T31]  ? _raw_spin_unlock+0x28/0x50
[  314.036214][   T31]  ? alloc_fd+0x64c/0x6c0
[  314.040660][   T31]  do_sys_openat2+0x121/0x1c0
[  314.045415][   T31]  ? __se_sys_futex+0x36f/0x400
[  314.050414][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  314.055674][   T31]  ? rcu_is_watching+0x15/0xb0
[  314.060562][   T31]  __x64_sys_openat+0x138/0x170
[  314.065469][   T31]  do_syscall_64+0xfa/0x3b0
[  314.070070][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.076184][   T31]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  314.081892][   T31]  ? clear_bhb_loop+0x60/0xb0
[  314.086615][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.092749][   T31] RIP: 0033:0x7f077618eb69
[  314.097267][   T31] RSP: 002b:00007f0776f7d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  314.105901][   T31] RAX: ffffffffffffffda RBX: 00007f07763b6080 RCX: 00007f077618eb69
[  314.114308][   T31] RDX: 0000000000101080 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[  314.122648][   T31] RBP: 00007f0776211df1 R08: 0000000000000000 R09: 0000000000000000
[  314.130767][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  314.138791][   T31] R13: 0000000000000000 R14: 00007f07763b6080 R15: 00007ffc42dcedc8
[  314.146806][   T31]  </TASK>
[  314.149922][   T31] INFO: task syz-executor:6848 blocked for more than 145 seconds.
[  314.157814][   T31]       Not tainted 6.16.0-syzkaller #0
[  314.163397][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  314.172441][   T31] task:syz-executor    state:D stack:28008 pid:6848  tgid:6848  ppid:1      task_flags:0x400040 flags:0x00004000
[  314.184826][   T31] Call Trace:
[  314.188206][   T31]  <TASK>
[  314.191188][   T31]  __schedule+0x16aa/0x4c90
[  314.195741][   T31]  ? __kasan_slab_free+0x62/0x70
[  314.201064][   T31]  ? security_file_open+0xb1/0x270
[  314.206233][   T31]  ? __lock_acquire+0x9c1/0xd20
[  314.211152][   T31]  ? schedule+0x165/0x360
[  314.215503][   T31]  ? __pfx___schedule+0x10/0x10
[  314.220449][   T31]  ? schedule+0x91/0x360
[  314.224731][   T31]  schedule+0x165/0x360
[  314.228976][   T31]  schedule_preempt_disabled+0x13/0x30
[  314.234464][   T31]  __mutex_lock+0x724/0xe80
[  314.239015][   T31]  ? __mutex_lock+0x51b/0xe80
[  314.243712][   T31]  ? misc_open+0x51/0x330
[  314.248240][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  314.253334][   T31]  misc_open+0x51/0x330
[  314.257869][   T31]  chrdev_open+0x4c9/0x5e0
[  314.262354][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  314.267351][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  314.272420][   T31]  do_dentry_open+0xdf0/0x1970
[  314.277227][   T31]  vfs_open+0x3b/0x340
[  314.281402][   T31]  ? path_openat+0x2ecd/0x3830
[  314.286243][   T31]  path_openat+0x2ee5/0x3830
[  314.290916][   T31]  ? __pfx_css_rstat_updated+0x10/0x10
[  314.296406][   T31]  ? count_memcg_event_mm+0x21/0x260
[  314.301770][   T31]  ? __pfx_path_openat+0x10/0x10
[  314.306749][   T31]  ? __pfx___up_read+0x10/0x10
[  314.311827][   T31]  ? do_user_addr_fault+0xbc1/0x1390
[  314.317194][   T31]  do_filp_open+0x1fa/0x410
[  314.321796][   T31]  ? __lock_acquire+0xab9/0xd20
[  314.326703][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  314.331824][   T31]  ? _raw_spin_unlock+0x28/0x50
[  314.336710][   T31]  ? alloc_fd+0x64c/0x6c0
[  314.341293][   T31]  do_sys_openat2+0x121/0x1c0
[  314.346019][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  314.351386][   T31]  ? fd_install+0x97/0x540
[  314.355821][   T31]  ? fd_install+0x30d/0x540
[  314.360401][   T31]  __x64_sys_openat+0x138/0x170
[  314.365301][   T31]  do_syscall_64+0xfa/0x3b0
[  314.369879][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  314.375103][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.381338][   T31]  ? clear_bhb_loop+0x60/0xb0
[  314.386067][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.392089][   T31] RIP: 0033:0x7f27ad98d451
[  314.396566][   T31] RSP: 002b:00007ffcdda090b0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  314.405071][   T31] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f27ad98d451
[  314.413119][   T31] RDX: 0000000000000002 RSI: 00007f27ada127e6 RDI: 00000000ffffff9c
[  314.421441][   T31] RBP: 00007f27ada127e6 R08: 0000000000000000 R09: 00007f27ae6ed6c0
[  314.429731][   T31] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008
[  314.437801][   T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[  314.446021][   T31]  </TASK>
[  314.449251][   T31] INFO: task syz.2.156:6850 blocked for more than 145 seconds.
[  314.456822][   T31]       Not tainted 6.16.0-syzkaller #0
[  314.462544][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  314.471289][   T31] task:syz.2.156       state:D stack:25352 pid:6850  tgid:6849  ppid:5832   task_flags:0x400140 flags:0x00004004
[  314.483320][   T31] Call Trace:
[  314.486625][   T31]  <TASK>
[  314.490981][   T31]  __schedule+0x16aa/0x4c90
[  314.495535][   T31]  ? __kasan_slab_free+0x62/0x70
[  314.500680][   T31]  ? security_file_open+0xb1/0x270
[  314.505857][   T31]  ? __lock_acquire+0x9c1/0xd20
[  314.510857][   T31]  ? schedule+0x165/0x360
[  314.515250][   T31]  ? __pfx___schedule+0x10/0x10
[  314.520232][   T31]  ? schedule+0x91/0x360
[  314.524520][   T31]  schedule+0x165/0x360
[  314.529024][   T31]  schedule_preempt_disabled+0x13/0x30
[  314.534567][   T31]  __mutex_lock+0x724/0xe80
[  314.539161][   T31]  ? __mutex_lock+0x51b/0xe80
[  314.543895][   T31]  ? misc_open+0x51/0x330
[  314.548351][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  314.553453][   T31]  misc_open+0x51/0x330
[  314.557687][   T31]  chrdev_open+0x4c9/0x5e0
[  314.562154][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  314.567155][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  314.572240][   T31]  do_dentry_open+0xdf0/0x1970
[  314.577076][   T31]  vfs_open+0x3b/0x340
[  314.581247][   T31]  ? path_openat+0x2ecd/0x3830
[  314.586074][   T31]  path_openat+0x2ee5/0x3830
[  314.590862][   T31]  ? arch_stack_walk+0xfc/0x150
[  314.595822][   T31]  ? __pfx_path_openat+0x10/0x10
[  314.600915][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.607060][   T31]  do_filp_open+0x1fa/0x410
[  314.611813][   T31]  ? __lock_acquire+0xab9/0xd20
[  314.616824][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  314.622032][   T31]  ? _raw_spin_unlock+0x28/0x50
[  314.626963][   T31]  ? alloc_fd+0x64c/0x6c0
[  314.631400][   T31]  do_sys_openat2+0x121/0x1c0
[  314.636121][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  314.641679][   T31]  ? exc_page_fault+0x76/0xf0
[  314.646507][   T31]  ? do_user_addr_fault+0xc8a/0x1390
[  314.652067][   T31]  __x64_sys_openat+0x138/0x170
[  314.656990][   T31]  do_syscall_64+0xfa/0x3b0
[  314.661577][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  314.666803][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.672979][   T31]  ? clear_bhb_loop+0x60/0xb0
[  314.677752][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.683713][   T31] RIP: 0033:0x7f205998d4d0
[  314.688245][   T31] RSP: 002b:00007f205a70eef0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  314.696692][   T31] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f205998d4d0
[  314.704745][   T31] RDX: 0000000000000002 RSI: 00007f2059a11acc RDI: 00000000ffffff9c
[  314.712890][   T31] RBP: 00007f2059a11acc R08: 0000000000000000 R09: 0000000000000000
[  314.720991][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  314.729045][   T31] R13: 000000000000002d R14: 00002000000000c0 R15: 00007fff554d6ee8
[  314.737050][   T31]  </TASK>
[  314.740156][   T31] 
[  314.740156][   T31] Showing all locks held in the system:
[  314.748199][   T31] 1 lock held by khungtaskd/31:
[  314.753076][   T31]  #0: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  314.763032][   T31] 2 locks held by getty/5595:
[  314.767842][   T31]  #0: ffff8880309ac0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  314.777833][   T31]  #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  314.788054][   T31] 1 lock held by syz-executor/5837:
[  314.793272][   T31]  #0: ffffffff8f7e53e8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[  314.803489][   T31] 3 locks held by kworker/1:7/5960:
[  314.808763][   T31]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  314.819922][   T31]  #1: ffffc90005067bc0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  314.833592][   T31]  #2: ffffffff8f7e53e8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[  314.845019][   T31] 4 locks held by kworker/u8:8/5976:
[  314.850366][   T31]  #0: ffff88801b2fb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  314.861472][   T31]  #1: ffffc9000b2afbc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  314.872453][   T31]  #2: ffffffff8f4fd310 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
[  314.883390][   T31]  #3: ffffffff8f7e53e8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[  314.893644][   T31] 3 locks held by syz-executor/6322:
[  314.899081][   T31]  #0: ffffffff8e9af388 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  314.907700][   T31]  #1: ffffffff8f7e53e8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_open+0x12d/0x820
[  314.917852][   T31]  #2: ffff88807a0e6100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[  314.927723][   T31] 4 locks held by kworker/u8:11/6474:
[  314.933125][   T31]  #0: ffff8880b8639e18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[  314.943177][   T31]  #1: ffff8880b8723f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39e/0x6d0
[  314.954708][   T31]  #2: ffff8880b8725958 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x1ae/0xf30
[  314.963754][   T31]  #3: ffffffff99c86f98 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0xbb/0x420
[  314.974375][   T31] 2 locks held by syz.4.119/6484:
[  314.979555][   T31]  #0: ffff88807a0e6100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[  314.989716][   T31]  #1: ffffffff8f7e53e8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[  314.999956][   T31] 1 lock held by syz.0.152/6829:
[  315.004899][   T31]  #0: ffffffff8e9af388 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  315.013481][   T31] 1 lock held by syz-executor/6848:
[  315.018768][   T31]  #0: ffffffff8e9af388 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  315.027555][   T31] 1 lock held by syz.2.156/6850:
[  315.032536][   T31]  #0: ffffffff8e9af388 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  315.041087][   T31] 1 lock held by syz-executor/7068:
[  315.046292][   T31]  #0: ffffffff8e9af388 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  315.054821][   T31] 1 lock held by syz-executor/7096:
[  315.060058][   T31]  #0: ffffffff8e9af388 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  315.069219][   T31] 1 lock held by syz-executor/7163:
[  315.074457][   T31]  #0: ffffffff8e9af388 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  315.083158][   T31] 1 lock held by syz-executor/7427:
[  315.088438][   T31]  #0: ffffffff8e9af388 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  315.096961][   T31] 1 lock held by syz-executor/7504:
[  315.102212][   T31]  #0: ffffffff8e9af388 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  315.110724][   T31] 1 lock held by syz-executor/7514:
[  315.115955][   T31]  #0: ffffffff8e9af388 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  315.124520][   T31] 3 locks held by syz.3.311/7542:
[  315.129620][   T31]  #0: ffffffff8f5701f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  315.138109][   T31]  #1: ffffffff8f570008 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  315.147135][   T31]  #2: ffffffff8f7e53e8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[  315.157265][   T31] 1 lock held by syz-executor/7545:
[  315.162558][   T31]  #0: ffffffff8e9af388 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  315.171280][   T31] 1 lock held by syz-executor/7550:
[  315.176533][   T31]  #0: ffffffff8e9af388 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  315.185038][   T31] 1 lock held by syz-executor/7552:
[  315.190563][   T31]  #0: ffffffff8e9af388 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  315.199151][   T31] 1 lock held by syz-executor/7558:
[  315.204378][   T31]  #0: ffffffff8e9af388 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  315.212914][   T31] 1 lock held by syz-executor/7560:
[  315.218424][   T31]  #0: ffffffff8e9af388 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  315.226945][   T31] 
[  315.229371][   T31] =============================================
[  315.229371][   T31] 
[  315.237843][   T31] NMI backtrace for cpu 0
[  315.237859][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  315.237876][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  315.237885][   T31] Call Trace:
[  315.237892][   T31]  <TASK>
[  315.237900][   T31]  dump_stack_lvl+0x189/0x250
[  315.237920][   T31]  ? __wake_up_klogd+0xd9/0x110
[  315.237943][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  315.237960][   T31]  ? __pfx__printk+0x10/0x10
[  315.237989][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  315.238015][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  315.238035][   T31]  ? _printk+0xcf/0x120
[  315.238058][   T31]  ? __pfx__printk+0x10/0x10
[  315.238079][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  315.238104][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  315.238130][   T31]  watchdog+0xfee/0x1030
[  315.238154][   T31]  ? watchdog+0x1de/0x1030
[  315.238182][   T31]  kthread+0x70e/0x8a0
[  315.238205][   T31]  ? __pfx_watchdog+0x10/0x10
[  315.238227][   T31]  ? __pfx_kthread+0x10/0x10
[  315.238248][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  315.238262][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  315.238276][   T31]  ? __pfx_kthread+0x10/0x10
[  315.238299][   T31]  ret_from_fork+0x3fc/0x770
[  315.238316][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  315.238335][   T31]  ? __switch_to_asm+0x39/0x70
[  315.238353][   T31]  ? __switch_to_asm+0x33/0x70
[  315.238370][   T31]  ? __pfx_kthread+0x10/0x10
[  315.238392][   T31]  ret_from_fork_asm+0x1a/0x30
[  315.238423][   T31]  </TASK>
[  315.238429][   T31] Sending NMI from CPU 0 to CPUs 1:
[  315.393931][    C1] NMI backtrace for cpu 1
[  315.393949][    C1] CPU: 1 UID: 0 PID: 3462 Comm: kworker/u8:6 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  315.393970][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  315.393982][    C1] Workqueue: bat_events batadv_nc_worker
[  315.394016][    C1] RIP: 0010:check_preemption_disabled+0x49/0x120
[  315.394041][    C1] Code: 8b 0d eb ed 35 07 f7 c1 ff ff ff 7f 74 23 65 48 8b 0d cb ed 35 07 48 3b 4c 24 08 0f 85 cc 00 00 00 48 83 c4 10 5b 41 5e 41 5f <5d> c3 cc cc cc cc cc 48 c7 04 24 00 00 00 00 9c 8f 04 24 f7 04 24
[  315.394057][    C1] RSP: 0018:ffffc9000c2279a8 EFLAGS: 00000086
[  315.394071][    C1] RAX: 0000000000000001 RBX: 0000000000000202 RCX: 9e424961d8a02900
[  315.394084][    C1] RDX: 0000000000000000 RSI: ffffffff8d996859 RDI: ffffffff8be1ba40
[  315.394096][    C1] RBP: fffffffffffffe38 R08: 0000000000000000 R09: ffffffff8b345592
[  315.394109][    C1] R10: dffffc0000000000 R11: ffffffff8b3454c0 R12: dffffc0000000000
[  315.394122][    C1] R13: ffffffff8b345592 R14: ffffffff8e13f0e0 R15: ffff888031601e00
[  315.394136][    C1] FS:  0000000000000000(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
[  315.394150][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  315.394163][    C1] CR2: 00007ffc2fa5cf9c CR3: 000000000df38000 CR4: 00000000003526f0
[  315.394178][    C1] Call Trace:
[  315.394185][    C1]  <TASK>
[  315.394194][    C1]  lock_release+0xbc/0x3e0
[  315.394214][    C1]  ? batadv_nc_worker+0xd2/0x610
[  315.394241][    C1]  batadv_nc_worker+0x28c/0x610
[  315.394270][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  315.394290][    C1]  process_scheduled_works+0xade/0x17b0
[  315.394324][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  315.394353][    C1]  worker_thread+0x8a0/0xda0
[  315.394374][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  315.394408][    C1]  ? __kthread_parkme+0x7b/0x200
[  315.394434][    C1]  kthread+0x70e/0x8a0
[  315.394459][    C1]  ? __pfx_worker_thread+0x10/0x10
[  315.394478][    C1]  ? __pfx_kthread+0x10/0x10
[  315.394502][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  315.394518][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  315.394535][    C1]  ? __pfx_kthread+0x10/0x10
[  315.394558][    C1]  ret_from_fork+0x3fc/0x770
[  315.394577][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  315.394602][    C1]  ? __switch_to_asm+0x39/0x70
[  315.394623][    C1]  ? __switch_to_asm+0x33/0x70
[  315.394644][    C1]  ? __pfx_kthread+0x10/0x10
[  315.394668][    C1]  ret_from_fork_asm+0x1a/0x30
[  315.394698][    C1]  </TASK>
[  315.395041][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  315.641434][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  315.651255][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  315.661329][   T31] Call Trace:
[  315.664620][   T31]  <TASK>
[  315.667571][   T31]  dump_stack_lvl+0x99/0x250
[  315.672181][   T31]  ? __asan_memcpy+0x40/0x70
[  315.676791][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  315.682007][   T31]  ? __pfx__printk+0x10/0x10
[  315.686628][   T31]  panic+0x2db/0x790
[  315.690543][   T31]  ? __pfx_panic+0x10/0x10
[  315.694972][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[  315.700797][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  315.706194][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  315.712381][   T31]  watchdog+0x102d/0x1030
[  315.716754][   T31]  ? watchdog+0x1de/0x1030
[  315.721209][   T31]  kthread+0x70e/0x8a0
[  315.725304][   T31]  ? __pfx_watchdog+0x10/0x10
[  315.730024][   T31]  ? __pfx_kthread+0x10/0x10
[  315.734634][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  315.739844][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  315.745147][   T31]  ? __pfx_kthread+0x10/0x10
[  315.749765][   T31]  ret_from_fork+0x3fc/0x770
[  315.754370][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  315.759500][   T31]  ? __switch_to_asm+0x39/0x70
[  315.764290][   T31]  ? __switch_to_asm+0x33/0x70
[  315.769077][   T31]  ? __pfx_kthread+0x10/0x10
[  315.773686][   T31]  ret_from_fork_asm+0x1a/0x30
[  315.778479][   T31]  </TASK>
[  315.781852][   T31] Kernel Offset: disabled
[  315.786186][   T31] Rebooting in 86400 seconds..