last executing test programs:

6.674694769s ago: executing program 1 (id=103):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, r3)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
socket(0x2, 0x3, 0x6)
r5 = open_tree(0xffffffffffffff9c, &(0x7f00000012c0)='\x00', 0x89901)
close(r5)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount$bpf(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0xa, 0x1000, 0x3fd, 0x1, 0x104, r5, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r6 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r6, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
connect$unix(r5, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
socket$kcm(0x2, 0x2, 0x73)

5.716563364s ago: executing program 2 (id=105):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x3, &(0x7f0000000300)=0x401)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
ioperm(0x0, 0x5, 0x1)
creat(&(0x7f0000000040)='./file0\x00', 0x72)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0xfffffffffffffffe)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_POWER_SAVE(r3, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x80}, 0x1c)
listen(r6, 0x0)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r8 = accept(r5, 0x0, 0x0)
syz_emit_ethernet(0x10c, &(0x7f0000000480)=ANY=[@ANYBLOB="aa07aaaaaabbffffffffffff86dd60dd690b00d62ffffc000000000000000000000000000000ff0200000000000000000000000000015c10000700000000fe880000000000000000000000000101fc020000000000000000000000000001fe8000000000000000000000000000aaff020000000000000000000000000001ff020000000000000000000000000001fe800000000000000000000000000018fe8000000000000000000000000000aafe880000000000000000000000000101242022eb000000000000000000000800000086dd000100080005080088be00000000100000000100000000000000080022eb000000002000e0ff020000000000000200000000080065580000000003555a0616e6883cb35c00c93d5f97c7a4235a90d6e02503461655ac2b80904f10ce821c83d34ac0a5f12319a16ae0609a0e0bf882be"], 0x0)
setsockopt$inet6_tcp_int(r8, 0x6, 0x12, &(0x7f00000000c0), 0x3f)

5.678247s ago: executing program 4 (id=106):
io_setup(0x1, &(0x7f0000000500)=<r0=>0x0)
io_cancel(r0, &(0x7f0000003d40)={0x0, 0x0, 0x0, 0x3, 0x10, 0xffffffffffffffff, 0x0, 0x0, 0x7ff}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
openat$cgroup_devices(r1, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000000)='cgroup.kill\x00', 0x0, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'veth1_to_bridge\x00'})
r3 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r3, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0x100, 0x9, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000002c0), 0x8, r4}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x2, r4}, 0x38)

5.090089955s ago: executing program 1 (id=108):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
mremap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000c51000/0x2000)=nil)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmmsg$inet6(r2, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000580)="02d7c84546a2885b359af363e4e7de79c9db28b44f78f2a977827636b473a9424f44fec684dee6d0d13d0b8d824f92f71333c66e421b8f2bad1cd7273e0daca3b77f99935f36381dc5e9b9f9e5ccc44b3f4ad75edc0f03a6d7f1b45a786750ab8ba8df3696417af65c25f3df46315b832f90d3fe978d139a40286ea3423719a5a791fb9c5054a80a46e7d3c1ff2de68ef509cbad292f4e767c4d5ab126827a57e733aeea3d51d5e5", 0xa8}, {&(0x7f00000002c0)="1949d64c96c402221f", 0x9}, {&(0x7f0000000780)="fc", 0x1}], 0x3}}], 0x1, 0x0)
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x4004, r1})

5.00733492s ago: executing program 1 (id=109):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b4000000000"], 0xcc}}, 0x0)
syz_emit_ethernet(0x3a, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@sack_perm={0x4, 0x2}]}}}}}}}, 0x0) (fail_nth: 4)

4.972971738s ago: executing program 3 (id=110):
r0 = socket$inet6(0xa, 0x1, 0x3)
sendmsg$inet6(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000040)="803485a6f09766a105ea924614ddceeac61cab1a5b2ca3b47cab51521c0ba27fe4e69b3954834256c74d6095b53703577b59090f90f8ea9caf67fe2692eb9b20afefdd4329547de46324e81bcc789360647fd70623bb80a3434ea050e9dd100af10ab4a190003ab28f1a1110ea9529cca309fffe7d11cb89347d9ab3250814305997e346edf34d008a3fcad2975bfe4abaa709778783d5279f94b53bfd4573016d", 0xa1}, {&(0x7f0000000100)="03c67ce88ae0a895c60506300e3d205e272a81273c807665a9d34afb5d89d1d2da58ddbd9193ce80fec08e64e7a3fbf423374dc0bf21de04b6cd03a486bdca54c41e02ff08b9480a330fbca3723217ac79d9e592337b3138692753eb2330336623fd9d6bc39452eb9e890e3b05b7a84412bf5da51e5f9783bcc8a1070f", 0x7d}, {&(0x7f0000000180)="874ed194f76a9e2194deacb04f4071fb4a0dde14f62e5f84b7e2a81fc21ebaf982f12fa4ef58f638350f8dfe14308ad4f7a714ea1b026bf4d7fe1042bbf8badb32", 0x41}, {&(0x7f0000000200)="d4c2ce4395fa959cc790", 0xa}], 0x4}, 0x44080)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000340)={<r2=>0x0, @loopback, @local}, &(0x7f0000000380)=0xc)
sendmsg$can_bcm(r1, &(0x7f00000004c0)={&(0x7f00000003c0)={0x1d, r2}, 0x10, &(0x7f0000000480)={&(0x7f0000000400)={0x5, 0xe03, 0x4, {}, {0x77359400}, {0x0, 0x1, 0x1}, 0x1, @can={{0x4, 0x1, 0x1}, 0x5, 0x2, 0x0, 0x0, "5f4034f880081961"}}, 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000500), 0x10200, 0x0)
rt_sigprocmask(0x3, &(0x7f0000002880)={[0x2]}, &(0x7f00000028c0), 0x8)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002940), r3)
sendmsg$NL80211_CMD_SET_NOACK_MAP(r3, &(0x7f0000002a40)={&(0x7f0000002900)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000002a00)={&(0x7f00000029c0)={0x38, r4, 0x800, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0xd92f, 0x4e}}}}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0xffff}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x9}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x24000010)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000002ac0)={0x8, 0x0, &(0x7f0000002a80)=[0x0, 0x0, 0x0, <r5=>0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_SETPLANE(r3, 0xc03064b7, &(0x7f0000002bc0)={0x0, r5, 0x0, 0x4, 0x3ff, 0x1, 0x9, 0x4, 0x5, 0x0, 0x3, 0x5})
shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000002c00)=""/221)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000002e40)={[{0x2b, 'freezer'}, {0x2b, 'net_cls'}, {0x2b, 'rdma'}, {0x2b, 'io'}, {0x2d, 'hugetlb'}, {0x2b, 'devices'}, {0x2d, 'perf_event'}]}, 0x3a)
ioctl$KVM_SET_VAPIC_ADDR(r1, 0x4008ae93, &(0x7f0000002e80)=0xeeef0000)
syz_genetlink_get_family_id$batadv(&(0x7f0000002f00), r1)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000003000)={[{0x2d, 'rlimit'}, {0x2b, 'perf_event'}, {0x2b, 'io'}, {0x2d, 'cpuacct'}, {0x2d, 'freezer'}, {0x2b, 'hugetlb'}, {0x2d, 'cpu'}]}, 0x38)
ioctl$BTRFS_IOC_SNAP_CREATE(0xffffffffffffffff, 0x50009401, &(0x7f00000030c0)={{r1}, "ee2f4fb63b8a2e58fa5d4c7fb58d381e05e28ef72dda80684dc7050da24da4b1479105a9533d3aacc712e35410fb9a5634e01a761b185dddb97ef64926d2eb4d97a2b5ad8310514ca22fc533af11eb3032ab6435bb5964706d6a89fbf0aad77686df7b71ea0de6a56fc4ed4fb493e49e3bed2bf6dae0c99880d5bdfc0e6aff1e57de642de8fdc80bf70e2e886643fcdd0c9b93736b6626b06ac475c6a38f8530c6a707306f16b21dbd676f89737c25b85e8c63ae599bad6dedb0ba581a4c34c082e058a18480aae47e927bf6f810e9b57178702270cf50cb27989ac010fecd955bc0e4dce1b8bd25cd05ec2a255cb58880f714269857cb7798a399145174dff2267f16e25acd364ede233552159c9f9e6933145400d299c0b288622a1849724852996cd7e4adf157d8bb3cb0b691feb61e465a98ce4578de9999db7237014ec42987d4938517113c70ba65efeca1673e8eba041ae46a199097147f4837bc773b6dcc7b94b064ea8f9f34474542d76f049b18198d841e1963e3879796293ce5016da40a37e59d87a0f4360e16ec7918b8e4b612411863a9dad836c3fc402e0ae36048fd73ccf504348a842333fdb6f38f5ad7841e9be59ca6b11d43755e9a341249f952298349d86308da797096b7a34e2b9c0dcff7b09f5ecf696f709c8a8953db65a26c11dade5f10be83ea907dbf9356fee475d6d37a0434a62ea71e85f6bd4d709fd8b925c2df37f76c5534a99f04ad0abecfbb0d15c4aaf968c285134f12f2064c811ce8cc8703c7cdb1b156809378c7254bb619e5541f35c0995a7ae786fb99221483c22d659f5d2871dbdcc9037151469411d2aa5cb9238829b17ea4566ddd703fa412c314ede39335d570da7d1efcc4a96e30cc3757a441e992e789b796a1c26dcbbfcbe075c7dba792c49319e2871b2650427b401eeb7f34e9d8c6b05b996396516aaf4c099e69730e2b5e3d8fc47eb8cc3166729f148014ddd42c796fd6486f2c818a0c6a9f6cf808423870ff74ef2d0a4ce15938c6d787da95d6fb2d90caf5cdbfbc966cfef2d6b3996895ef6ed80dd2378a49248684277a15ad853a5d2f538b88f0386ca42fa123443e5549b11ff8736793b08ff24f86a1686922e406ab435066f2935726f060d26ec8c08b6228bc506db4f3209d88ddaf7eebdc545ca40603733fb35a0b5fe6f51002687d0fc0bb6c4e3ac508397279e5bacff0828733a06148218880ee769dc5501d0e89823271113ed2759c500eab7e48b82c168ad3a9566088a4f39355f77b909da8fdf13a90b3449d647a513913a9e088bca0b71ba13d617eebfb84db6cd65116546a5fb447016bfa466089e6a12f8567cc0a0b592e1cb6c006a6e659c2ec4cd9c8928863cd8e46e56e9301359635ed44a5150aacd4ca91edd68f46ddc300f34ebab13fd1e359779995cc30fb3304be7cc8ddece2a503d76c15cd47b981dd6da5085dbf7cca38272fa155b0198d3b5856874e9cdba2414cca9c8b0863e63e45b795bef2d6a2f4f0c4c2fdc7968ceb5bc2a4262dce39962fcdc4b1a488195a6e1242da38d17ad97e77735988b27e6beccd50d91ce879e12f2e72bc748ea62285bf7cfa4157efae770dcb82e8b1fbb115630f14d5034f59dec6d63d6a01bf02ffdc30f43bd689c23cb4a7dab32cb072631799412005bd53e0a93cc2a3c214f073e3f90ee74b2d73e7be380f83ad8ceb7aa78432db9f5959c47fe82af4bebc110a0385c8ceb4c85fe9ee17abe8d0ecaa75036f6a54f62f8c59265a356fa9c85ac807272d3130fd1746d20bc20f7bc69cc7a3a95414d6234d08c3a33336a3095f62fb0b8d5ca5aed66a4a0b294d5b97550ae714dea62ea94cc3339a40c2a822d074c856fb3ec9e5ef23a5026362903e7c1440e42689e8a462b18731c0f09d4a2653f1b213fe3ba1712178f14b35cb032e08f44ca0098c5c03c9b6e417892ad6c2a9411601f8155be075dfbd650cfb300f8ca7a483a684a855a10a64f27249836a79d5ee713d9254bd0dd2e674c647b03eeddb308d9942d9fc01ef0fb3399a22c075cb94a901dc710c8ea6b276341da8cfbf6365814288ad7694703f26852173dd08883007654cb1972c3a1c38389f3d04c9361a109b770b28e78de2ab00e04b7d471d0161a4e5a9732abea1ac6e8253a9e285a7de49d26e5e9531cd909d7b5117b21c0e08095bd78e484f232d1ad7d38fc62e0616e78ac1649771f1f2831047e32fd37a9d4273bcef3231c79c7658dd101519dd60a8139476dcfa354940269131cacff124f86c411bfc475362bc23a208a21ccf9ef6a43f78dd36463805b7a970d410510b1dd4c484336b0b943017662e193190b2dc9b57a8aa126bc6c8f23975c6226697594979981a63082b88ff34df2c1efb1b407629848ad2838bfddfa21f5030b6695f131b577475499766b8050e8dc5a5b1917abea03b00632704db402d8e3c5da7d83136248360f228d781d28840179d050ab4a6905e0378863af8a23ce0fa2b55e6243a47dd8f6895d7b052ae94e15e216662398a1d6781456e8272c78cdc938e297745551dcd41503d2a66ccbe374feaa862b59c0e307917ebd6e8dd924bf6d4cbafeaab53af1cd9c26fbbbce79f3dce93710016168d6636463eb2a6173c470e91a52ada48e8bd44c507c258d5732305fa1bb94adf9f7a8a06c5820504aeaa2b44a47ba9c3e96094939c0cb458e8eef73ac62187b8cdaccd3c53e7daf66f2dcf7cc18a7b4dad75cd57066e4db5ab48ef7ffdab2a1f4c24f8c9d22588d0de32fa57e1e84afd7b1eb956000eaa149dd0bff5bb17e40d588cd2c13c7aaf50a4c69dc6ed5b3380f9666f2235eaccd432bf042b8087d82fe75264715beb4c5e2f89da985f71b46244773eceea368f181188c498c0213c37ec43a130f970c77a288a60fed86fc730d0ddb5621751312af25dd516d6eddac65df4c671b1076f55ef3eb4375af9e2d72a69b2b729dab214ac5c924cd6d8d139355a1dba0ded03dae800e2b43de52ad5b839d4b899e8942bbe1a91e1ff04c00c15785ac0171e7475e47c2d61d2aa029a03cc9561da5549330ac591b60509121bb4dbe3a5db803c88d285306bf7b654b87f6922251a63fdf4d4cfd5e31037677682f7b6f3e838381ca7cf405bc119a77173afe01c6bdbc8a5a07d289f965ac58143b323700071e3bb66a9ed94ba404a5019ecbde9276a94e0e157a3391d950646ebc02e615cabb1ef3bca184da519a23c3713db63a63b186b5a4aca50c1e3fc87e6cf741e700a87c0ce7be7d8b31795b18083a95a3508fe8d1fda1bdbbc79aac894f8e291a245e06d889936074dfa703ab885cc4843394886f2f54869ddea57e54fb1a3aa5965bbad3f0242b6871eb561a1cb32cd0cbc81e4380a6744edc7039156fda8572b607470bf4d43082655228e4d66b68427e3ddacc4ce248f166eb833141bb86b4ab7e7942adf9041a0b15cc2378d9d53609867dbc6a119a26b0ecde11fb5af61d8c17a393be3607b0eeb804f33c7bcbdb6410eac40acca5c150cf847ecfdb5a69e70df764fcbc1cd1a401dafe2d847c07db5c9cbaa5ee4b4b642f817fce72910d10161030db1d364c399e2b4bcb91735d0a9615c372a4a16f8cf38ee6030ddae882e0cf79d55a2ac390be177a59f26742d1b1e25908d70a3ef9825ee3d5345e5d5e559a254bda00836f0f9a32e031b177b6f1a132c8cc5b78e2629588c1df728338f987710cc8da8db924c9c5c8e7f8ee1e97dcd36049a03d7c355a1a443fb2c3ed436aa6e99093fb3b5f8d36f0c60bfa95d8b67ce95641af5001b7f8214d8678c9639ccea78057f89f945e39cc6d2e146fdcb94f1bd2b671972ea921c5447ab40637250dba856568796e4851af36e49496cec3953cdc55f7fcef896c78d87d4dc2bb6f2286d0e9c0617a6fb13815f90fce7a4ea3ce181c7d62d5bd28ac57e2340ba3d9c51dbc9db6a0afa77811f0d4473cef636d3e294e49c2b0f65ab72adff6e09c6082c78850c2fa041ac9e414c488950d4ac75c6f43807ff8d242bc91027e610d685ce7e222be439e83fdbfb3d6d5069c53af9f7f6be9e3d36e5635d6577c32c5e55dd45d96ad03162616c68809d634cfbf2c2db1d4e8cd71a326cd1acf09869a94c481ddc4d1a6d74d6254e9d31343c6255848974c5b85d7d8ccb519d020589ca1401049cb215663bd4054f5c1ca1d41c2bc133e2e369e1de94943f712c4701aa0b973473b385ced38b5d4f225467c147ab5b42ed431e8a283a83c34b9aa9beddab8697d6ebb4a15d45fd7e11aeb7b9d77ac14dfd250bbe4bbb16ccedaa47e37ccfc9cd22227832ef92602819debba895033e6b7d35ea38eb1a2d3080e505ee08321a335ea2cf1d7b422d683063417db507b5f7d49b1827e72ea954e8eab969c7237736930e7825ae6ffd72898edcb0dc81e3b332d86ddc51e427040b0f6fb26cd2eccd5bba5780f1f29f7a9235212489967f275bd23a091fc291491609cc704398476487565a6d4ebfd29346da0bb78e3ad9b9c1cce5405bb2296b3472168edfb6132492abb5b201ab90e76918721f9df7a0c7bb2bd83fbec8f1fc7790ac394c2df74edbbd75b57d3b2314ce5316c5cee00f31374b76db7078ce597b60299d6cb6446582a0f9175e9747e382f4f73526ac40ebb2cbecd021df5ad5e59d44f086c1f3c6cc861e50a1e782e9ad33a713786d8cf5343b9462c50ce7a8d35a422df971ac94c105cbcebd060d9c79ca52f1275bffdf93dd71c8b342d0b43c0c8ef86fde74c393dbb3bf23fbb009e4e4d25e530405f9fe693cd3f739357b96ca481a4c2e5cac8e9de36854d20334497fde65e93fb580b2f8e666e69c644d7a013fe82cb50f05338b727cb5bd04dd929f5aa01cb95f3c9d8e55e8927989e3bb2ceae23c5db8fce4a505ce8036ad67d984dbdbc8d9ad0ae330e8eb986508f55e2d45d1747a3c7a318c5c3aa02b30729adbdda72c0f09149d689490e8ea0ccf0566bcc01117feec7f52b8eab196c66b8ab09d8bf3f040b92a3bfe76a32ae9e4e6887ec14927b0dd9dc73228a4262fb7f18772611c48f4d5a93667fce53627f415f435521f0fa200a8ba0a68ed225b09fc3b1b8ad855b499d8e08ff40941c959362389309daef3d5cb487fce0db0c1e163f4c66672302b71e99e99fe7a3ac79db32bc84f2d1dd1271c779c2b6657614f5a5172de1d8a99d9e179d5ce82810384194e6de69704731323821561a9130495b0bc7ef4efe2ace4a04cb359aa5e11ecc84b0822c494f0f34b15b4045790ec137297dcc7631f10ebd5528257b2a73bb976483748aeb4a709c43ab1d9de38df9b2b8051ce68f4a2984d6c957cfd3174467c674b213f7474906bf7d5e24fba7e52aa111e4bfaebd0bfb86593149ddb02fbdea03e7d420715d364e0ee0022341153fd59a71cb9eaef6c087606f1f09523a7479dc0bf8f1397d0931febe538084bf5472cba03332f41d94b1e957be1bc7cd66a26d888401dba363ad1f7ed8c50254c4e2d58afdcde99a5a1b818a0ae6886a67fa8e54d2766f7f8f807ef3be5fd2374d05a3f40bdb9120663b0da62374d0035a99c7e6b4fca1f5bdfad4893d5901d7d4f6c40944297e307f1954ac8a479c841a13fb4eed364a540bf530cd6545b68f6d09ba95c26c98eee5d87e9ab3d8d0b82ddbbb229f5c0cc9f88b8bad629b6db843855ae218764355901aba1987643855a9c6a687e8477f9d623bfe84a3a010f06e6d70868da9fb0111fc1df685cd99e397f95f45ba8b3e7b465be33134b4a43db"})

4.971768265s ago: executing program 4 (id=111):
socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800"/15], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket(0x1, 0x803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = userfaultfd(0x1)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x2})
ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000340)={&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x1000, 0x2}) (fail_nth: 4)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)

4.048511704s ago: executing program 2 (id=112):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe2}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = dup2(r1, r1)
ioctl$BTRFS_IOC_SEND(r0, 0x40489426, &(0x7f00000002c0)={{r2}, 0x0, &(0x7f0000000040), 0x570, 0x19, 0x1})
syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f00000003c0)={0x11})
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f000001ce80)=[{{0x0, 0x0, &(0x7f0000000900)=[{0x0}, {0x0}, {&(0x7f0000003d80)="08ffffffff0f27ba8a9619ab35", 0xd}], 0x3}}, {{0x0, 0x0, &(0x7f0000003b80)=[{&(0x7f0000000240)}, {&(0x7f0000001800)}, {0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000002ac0)="df29d0908a2b053dda3044ba1b614021d0c5862f2d1c6ad8ec772af2a8707e5441e41593980185a12a7ae3b8762bf4e8731391dbe64ed612783a0fb6dd698cb5dae6c0f8d0765083ebac50258e5d17d8859f3f41e0a7981aa741d38192bdfe8d4f9284cfd45202557cb22d01f2a5b27a13429c896c6df3f77bef9cad4da422b51f215095fa58e5f82376a267fd2f2e6f3a579d3257d3f77defcf0d4d7953203736583d1f668b9b0b488fd7a16ee41c176daa6b5b212025c3755ef24652a80cdabf8f681fba7dc3d94c9d50ca360e77025b4593d6086cd0ba13e3bfde5f5e0a9b31f49e4606e434da7c4141f76030c94516b8d068009e6f065bbe35caa47af655a2204084c2136fa7ade38086f6bc395708f7760b61ea3060d408cc65c1998bbcccd0114b5b7dcb07ddaf879d6ee40a5b1980534fcaee8234f8cb4a3069ce4d59568f906ba52f2fcc9e82185f5d1ae5b13a6f6ccce92243677c433edc3364d33891bfba4422a5c544e67f6626d680d8bf532d1e84e2a90a5bc0c1e0edca7a2197f4784dc09a9d1473ab228bcf20ea1b566517e11838309cac75df9eae923f49f0718de000e8cd30f3c14c40b089f975cc81fbe10735c21c1da64ce0abf393a5f2e8c656d38af436ac790ff80f33eaee1bb54336bc29175e17e3e4233f8562663730ee5489d06234f9b77243f253308e525938427357ac774169ae623f478dc4e4c66d36409bb3a993b63ebc601ba9b304f51057d8537486cc26d5cce4b7d1165d2488453f0d3fd99c93377a16bb9516a34867f8e8cbb53109046a1482744cf1a98354130c0fadf855befa46b3001497069b299bf0105831c68a27e77f92f99fc5da0afff7f8ef5f1e98c0fe5a3d7385a4fe18efe7608c7eb2bc11720f9755d419a469c1b786684b35d6a37a5618bf6294ab8653340e70b08dadbad96938ad9ff53d260fb28f89b38858c6052d0ba918cf90b1cec0a780e7d83594ced26d8887c45f06cbb659381898d0d34dd250a50eb9348550c3407eecb29b15bc45b3559f0e3d06d930150e0f818d854c216fb4d1a08ecd21ab5dc8e023c8c5c0bd467468c4aa9758a9fff2b7bfd1404fd12364a4318f31c95760c1761ff2a8850e08278473945d301256174dd26a779f02f22ed371a2b85f4dabddf9ed7f5315da74c5314797e6aeffccff90ae4b466175b33e91076254bd14ab7fb45413f4c5eb2df7693a26dcad5e0380ffdfa90aaede3ccc51a7bc501660e1294f33266526bff3c83052750f634a642c935b6144aee1f4a2b0ee9af8b88ca5099c430120d3e4246519b9243bf1f9633e3d4f0fc61a37831e5ed964a9f2f9d4d2f030cb97a23991dfe2a98f4af6f0656dc5ce579cbba5534548daf27d8bad606493d85ab0c1184d723d02328145eb6055f197d527e5dd2fceac05261e1f1261b1bb85612c34de60b9a4432d6ecd09798ebca17009754ab6bb40e9c08c9e8d6b1b105d0cb1eb4364c9568df8e505534c976def2eeab7b8f8f7433ab7ca1a592ab42f30b78db724655866045ff7422fb0e0d7b15fc345690a03178b80da5905ab4440f95dae86a90277225874999459c754126a92d054e095e1fb5f4b7eb501d2894c25b476ee65b05229762f0190239fbac5e36ba17be1550a6c78b96df72e00963698c676c6232de54b3442ae04c7399e5e5a3e48d3d3f8bc6cb5e2bf2b02519404c776f746ac3022e339e463a0ebe933f189f0caf2dfac1684e0c17f31567de41f81dfcaac53fa285fec43b4341115ab99697bd406d9d8af06e88886b5535b11e29f52ae901e8bcfc3e92b36d0ae9b1539134b66593f88788834f5fc2f748a6166f1363fdbe2d23e809ff08b43f8c684b4e03159843ce872838a1248a946d1384a0905eb306b0e9806804090fb30683a36bcb604ae26d836f9f5d181a2a0f79004a07620808bdd73c7c223d88358f763041139ac7fa90da7a8b2893df0f51a3d73051318de5d0819558fbd7b910c18205cb79d5378e19484c3cc2e8f4e3c0199a74537807cefa68651045e676dc42d904581df28eb7a61bfecae8800c2b046eef2714e043301ca61f793928f1e2f825074aed125d6827981ca9f8afac48214396718ee1789e6a8dd69f9ef24ca9582103f81c68daba0f5ab16fae5fc40da1ab1ef9b8a4eb82b3ef1692b237a7f19929960f2656ce5143ce9a928931e2fa5818b4505abeda0ea1f6a22187eebec94e14f30be8ef2e42f281a19731d7b39a35d595c0f90f272d1af2575b50c5733099bc3d01f31eac9603abb9d2d9f5fa25de123bf97e9eae30fe07c7a26639e8a1c2eb33275a9eb6a37471e5d884fc166ef7407c011c325efe4726334a1988f903d8c872da2efcbd1d7554c540c5ad8d4bcc1475014445478dd39fa8823c370beff1cd84a07087cea86f3be12d1deb86c19096d89a22f65d1edf1841761471c59890459588442a2e5c8e2c6c142114790f1b9cf762824c08b86d5a2f7faa11a1e633dd91cd2ba69f8dff015552267e753ca2cb9a906f78cb0d98641df59a8e9c37a78780c2ee35e22b1e8aba64bea4f7dd0ae9660d7e9ac19163720228d8b340918d8721436cf9ecd4c01a34be397af4269", 0x734}], 0x7, &(0x7f0000003c40)=[@ip_ttl={{0x14, 0x0, 0x2, 0xfffffffc}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@generic={0x86, 0x5, "aa6dd1"}, @cipso={0x86, 0x6}]}}}], 0x38}}], 0x2, 0x0)

3.936890534s ago: executing program 0 (id=113):
socket$inet6(0xa, 0x6, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000007d00000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000000900010073797a300000000038010000060a010400000000000000000100000008000b40000000000900010073797a3000000000100104800c0101800b0001007461726765740000fc000280080002400000000208000240000000020800024000000002080002400000000065000300561523012ef101214a92d1afdba5743e9740c1035a08fe412c3a48dea91e47b007d5785ba3b06941f0a40bf18fb274093f0b989301497487226e9a22150c676c13401506260116fe46e447444da6b7881aee37165e70b4972e5181fb587cb7bb5c0000005e000300aa6f75499ce1e5c2eff4d9a4a55f403ec2eb456a2d7a85a003000000dd73db3fc05c09418c651db00aef8e618c6b20fea72a28df73b98419d867ee0635d4f1f3d5857f079fd46303769e48d6f4ccdde118b6fb1426dc55b7dfc300000e00010049444c4554494d4552"], 0x1c0}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a44, 0x1700)
mount(&(0x7f00000003c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='ocfs2\x00', 0x402, &(0x7f0000000480)=',}:(.(\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0xf0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000010003b15000000000000000000004888", @ANYRES32=0x0, @ANYBLOB="d530d995212cf95a2000128008000100687372001400028008000200", @ANYRES32, @ANYBLOB="08000100", @ANYRES64=r5], 0x40}}, 0x0)

3.223298354s ago: executing program 4 (id=114):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, r3)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
timer_create(0x0, &(0x7f0000000180)={0x0, 0x13, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000240))
socket(0x2, 0x3, 0x6)
r5 = open_tree(0xffffffffffffff9c, &(0x7f00000012c0)='\x00', 0x89901)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
connect$unix(r5, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

2.786661465s ago: executing program 2 (id=115):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_TARGET={0x8}, @TCA_CODEL_LIMIT={0x8}]}}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012"], 0x3}}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
socket$nl_route(0x10, 0x3, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@dev={0xfe, 0x80, '\x00', 0x3a}, 0x1, 0x1, 0x1, 0x3}, 0x20)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r3, 0x8b32, &(0x7f0000000040))

2.783943028s ago: executing program 3 (id=116):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe2}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = dup2(r1, r1)
ioctl$BTRFS_IOC_SEND(r0, 0x40489426, &(0x7f00000002c0)={{r2}, 0x0, 0x0, 0x570, 0x19, 0x1})
syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f00000003c0)={0x11})
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f000001ce80)=[{{0x0, 0x0, &(0x7f0000000900)=[{0x0}, {0x0}, {&(0x7f0000003d80)="08ffffffff0f27ba8a9619ab35", 0xd}], 0x3}}, {{0x0, 0x0, &(0x7f0000003b80)=[{&(0x7f0000000240)}, {&(0x7f0000001800)}, {0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000002ac0)="df29d0908a2b053dda3044ba1b614021d0c5862f2d1c6ad8ec772af2a8707e5441e41593980185a12a7ae3b8762bf4e8731391dbe64ed612783a0fb6dd698cb5dae6c0f8d0765083ebac50258e5d17d8859f3f41e0a7981aa741d38192bdfe8d4f9284cfd45202557cb22d01f2a5b27a13429c896c6df3f77bef9cad4da422b51f215095fa58e5f82376a267fd2f2e6f3a579d3257d3f77defcf0d4d7953203736583d1f668b9b0b488fd7a16ee41c176daa6b5b212025c3755ef24652a80cdabf8f681fba7dc3d94c9d50ca360e77025b4593d6086cd0ba13e3bfde5f5e0a9b31f49e4606e434da7c4141f76030c94516b8d068009e6f065bbe35caa47af655a2204084c2136fa7ade38086f6bc395708f7760b61ea3060d408cc65c1998bbcccd0114b5b7dcb07ddaf879d6ee40a5b1980534fcaee8234f8cb4a3069ce4d59568f906ba52f2fcc9e82185f5d1ae5b13a6f6ccce92243677c433edc3364d33891bfba4422a5c544e67f6626d680d8bf532d1e84e2a90a5bc0c1e0edca7a2197f4784dc09a9d1473ab228bcf20ea1b566517e11838309cac75df9eae923f49f0718de000e8cd30f3c14c40b089f975cc81fbe10735c21c1da64ce0abf393a5f2e8c656d38af436ac790ff80f33eaee1bb54336bc29175e17e3e4233f8562663730ee5489d06234f9b77243f253308e525938427357ac774169ae623f478dc4e4c66d36409bb3a993b63ebc601ba9b304f51057d8537486cc26d5cce4b7d1165d2488453f0d3fd99c93377a16bb9516a34867f8e8cbb53109046a1482744cf1a98354130c0fadf855befa46b3001497069b299bf0105831c68a27e77f92f99fc5da0afff7f8ef5f1e98c0fe5a3d7385a4fe18efe7608c7eb2bc11720f9755d419a469c1b786684b35d6a37a5618bf6294ab8653340e70b08dadbad96938ad9ff53d260fb28f89b38858c6052d0ba918cf90b1cec0a780e7d83594ced26d8887c45f06cbb659381898d0d34dd250a50eb9348550c3407eecb29b15bc45b3559f0e3d06d930150e0f818d854c216fb4d1a08ecd21ab5dc8e023c8c5c0bd467468c4aa9758a9fff2b7bfd1404fd12364a4318f31c95760c1761ff2a8850e08278473945d301256174dd26a779f02f22ed371a2b85f4dabddf9ed7f5315da74c5314797e6aeffccff90ae4b466175b33e91076254bd14ab7fb45413f4c5eb2df7693a26dcad5e0380ffdfa90aaede3ccc51a7bc501660e1294f33266526bff3c83052750f634a642c935b6144aee1f4a2b0ee9af8b88ca5099c430120d3e4246519b9243bf1f9633e3d4f0fc61a37831e5ed964a9f2f9d4d2f030cb97a23991dfe2a98f4af6f0656dc5ce579cbba5534548daf27d8bad606493d85ab0c1184d723d02328145eb6055f197d527e5dd2fceac05261e1f1261b1bb85612c34de60b9a4432d6ecd09798ebca17009754ab6bb40e9c08c9e8d6b1b105d0cb1eb4364c9568df8e505534c976def2eeab7b8f8f7433ab7ca1a592ab42f30b78db724655866045ff7422fb0e0d7b15fc345690a03178b80da5905ab4440f95dae86a90277225874999459c754126a92d054e095e1fb5f4b7eb501d2894c25b476ee65b05229762f0190239fbac5e36ba17be1550a6c78b96df72e00963698c676c6232de54b3442ae04c7399e5e5a3e48d3d3f8bc6cb5e2bf2b02519404c776f746ac3022e339e463a0ebe933f189f0caf2dfac1684e0c17f31567de41f81dfcaac53fa285fec43b4341115ab99697bd406d9d8af06e88886b5535b11e29f52ae901e8bcfc3e92b36d0ae9b1539134b66593f88788834f5fc2f748a6166f1363fdbe2d23e809ff08b43f8c684b4e03159843ce872838a1248a946d1384a0905eb306b0e9806804090fb30683a36bcb604ae26d836f9f5d181a2a0f79004a07620808bdd73c7c223d88358f763041139ac7fa90da7a8b2893df0f51a3d73051318de5d0819558fbd7b910c18205cb79d5378e19484c3cc2e8f4e3c0199a74537807cefa68651045e676dc42d904581df28eb7a61bfecae8800c2b046eef2714e043301ca61f793928f1e2f825074aed125d6827981ca9f8afac48214396718ee1789e6a8dd69f9ef24ca9582103f81c68daba0f5ab16fae5fc40da1ab1ef9b8a4eb82b3ef1692b237a7f19929960f2656ce5143ce9a928931e2fa5818b4505abeda0ea1f6a22187eebec94e14f30be8ef2e42f281a19731d7b39a35d595c0f90f272d1af2575b50c5733099bc3d01f31eac9603abb9d2d9f5fa25de123bf97e9eae30fe07c7a26639e8a1c2eb33275a9eb6a37471e5d884fc166ef7407c011c325efe4726334a1988f903d8c872da2efcbd1d7554c540c5ad8d4bcc1475014445478dd39fa8823c370beff1cd84a07087cea86f3be12d1deb86c19096d89a22f65d1edf1841761471c59890459588442a2e5c8e2c6c142114790f1b9cf762824c08b86d5a2f7faa11a1e633dd91cd2ba69f8dff015552267e753ca2cb9a906f78cb0d98641df59a8e9c37a78780c2ee35e22b1e8aba64bea4f7dd0ae9660d7e9ac19163720228d8b340918d8721436cf9ecd4c01a34be397af4269", 0x734}], 0x7, &(0x7f0000003c40)=[@ip_ttl={{0x14, 0x0, 0x2, 0xfffffffc}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@generic={0x86, 0x5, "aa6dd1"}, @cipso={0x86, 0x6}]}}}], 0x38}}], 0x2, 0x0)

2.732121033s ago: executing program 1 (id=117):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@bridge_setlink={0x20, 0x13, 0x1, 0x0, 0x0, {0x10}, [@IFLA_IFNAME={0x14, 0x3, 'veth0_to_bond\x00'}, @IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0xfffffffd}}]}]}]}, 0x48}}, 0x0)

2.731505258s ago: executing program 0 (id=118):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)={0x5c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_FRAME={0x3f, 0x33, @action={{{}, {}, @device_b}, @sp_mp_open={0xf, 0x1, {0x4, {0x1, 0x1, [{0xb, 0x1}]}, @void, @val={0x2d, 0x1a, {0x1, 0x0, 0x7, 0x0, {0x8000000000000000, 0xc2d, 0x0, 0x227, 0x0, 0x1, 0x1, 0x3, 0x1}, 0x300, 0x7, 0x3}}}}}}]}, 0x5c}}, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0)
setsockopt(0xffffffffffffffff, 0x0, 0x81, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0b010510"], 0xe)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="401dcf4c2c63ba0f", 0x8}], 0x1}, 0x8880)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000500)=ANY=[], 0x20)

2.630805699s ago: executing program 0 (id=119):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
mremap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000c51000/0x2000)=nil)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmmsg$inet6(r2, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000580)="02d7c84546a2885b359af363e4e7de79c9db28b44f78f2a977827636b473a9424f44fec684dee6d0d13d0b8d824f92f71333c66e421b8f2bad1cd7273e0daca3b77f99935f36381dc5e9b9f9e5ccc44b3f4ad75edc0f03a6d7f1b45a786750ab8ba8df3696417af65c25f3df46315b832f90d3fe978d139a40286ea3423719a5a791fb9c5054a80a46e7d3c1ff2de68ef509cbad292f4e767c4d5ab126827a57e733aeea3d51d5e5", 0xa8}, {0x0}, {&(0x7f00000002c0)="1949d64c96c402221f", 0x9}, {&(0x7f0000000780)="fc", 0x1}], 0x4}}], 0x1, 0x0)
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x4004, r1})

1.821952176s ago: executing program 1 (id=120):
ioperm(0x0, 0x5, 0x1) (async, rerun: 64)
creat(&(0x7f0000000040)='./file0\x00', 0x0) (async, rerun: 64)
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
socket$rds(0x15, 0x5, 0x0) (async)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, 0x0) (async)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0xfffffffffffffffe) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_POWER_SAVE(r1, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) (async, rerun: 32)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) (rerun: 32)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3) (async)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x80}, 0x1c) (async)
listen(r4, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) (async)
r6 = accept(r3, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0) (async)
syz_emit_ethernet(0x7e, &(0x7f0000000280)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb86dd60dd690b00482f00fc000000000000000000000000000000ff020000000000000000000000000001242022eb000000000000000000000800000086dd080088be00000000100000000100000000000000080022eb000000002000e00002000000000000000017825a4d62164e943400004c795144ede6a258729d9b1a50736db2fb18c1cb00000000da31c00288e244e2fad4b7082f58f5ef8b37212ce2"], 0x0) (async)
setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f00000000c0), 0x3f) (async)
socket$inet_smc(0x2b, 0x1, 0x0) (async)
sendmsg$TIPC_CMD_RESET_LINK_STATS(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 32)
r7 = socket$inet_smc(0x2b, 0x1, 0x0) (rerun: 32)
setsockopt$IP_VS_SO_SET_ADD(r7, 0x0, 0x483, &(0x7f0000000000)={0x6, @private, 0x0, 0x3, 'dh\x00'}, 0x2c) (async)
r8 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0)
write$sndseq(r8, &(0x7f00000005c0)=[{0x6, 0x4, 0x0, 0x0, @time, {0x4}, {}, @addr}, {0x0, 0x80, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x4, @tick, {}, {}, @control={0x0, 0x2}}, {0x0, 0x0, 0x63, 0x0, @tick, {}, {}, @note={0x0, 0x0, 0x9}}], 0x70)

1.788057623s ago: executing program 0 (id=121):
r0 = socket$netlink(0x10, 0x3, 0x14)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x5b8dbb091ab7904a, 0x0)
ioperm(0x0, 0x7, 0x400)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000014c0), 0xe8}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xa, 0x3, 0x1, 0x79, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001480)={r6, 0x58, &(0x7f0000001500)={0x0, <r7=>0x0}}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
sendmsg$inet(r9, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r8, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
sendmsg$inet(r11, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r10, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180), 0x100}, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000001600)={r7}, 0xc)
r12 = open(0x0, 0x0, 0x0)
getdents(r12, 0x0, 0x0)
connect$bt_l2cap(r12, &(0x7f0000000080)={0x1f, 0xe, @none, 0x2}, 0xe)
ioctl$PPPIOCCONNECT(r1, 0x4004743a, &(0x7f0000000040)=0x1)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000640)=ANY=[], 0x38}}, 0x0)

1.73124066s ago: executing program 4 (id=122):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c0004002800018007000100637400001c00028008000240000000150500030000000000080001400000000d0900010073797a30000000000900020073797a320000000014000000110001"], 0x80}}, 0x0)
ppoll(&(0x7f0000000280)=[{r0, 0x8401}], 0x1, 0x0, 0x0, 0x0)
r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x8, 0x8002)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
r4 = openat$vmci(0xffffff9c, &(0x7f0000001640), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000040)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f00000000c0)={@hyper})
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r4, 0x7b2, &(0x7f00000010c0)={&(0x7f00000000c0)=[0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x531, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xad, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbb2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90cd], 0x1, 0x400})
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r4, 0x7b0, &(0x7f0000001100)={0x0})
r5 = syz_open_dev$radio(&(0x7f0000000040), 0x2, 0x2)
ioctl$VIDIOC_S_HW_FREQ_SEEK(r5, 0x40305652, &(0x7f00000000c0)={0x1, 0x1})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
r7 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x3c}}, 0x0)
r8 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000300), r7)
sendmsg$SEG6_CMD_GET_TUNSRC(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001280)=ANY=[@ANYBLOB="2ba5feb3b27e85851c3cbe179b226f000000", @ANYRES16=r8, @ANYBLOB="2302000000000000000003000000080002000000000014000100fe8000000000000000000000000000aa"], 0x30}}, 0x0)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x30, r8, 0x0, 0x70bd2a, 0x25dfdbff, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}, @SEG6_ATTR_DST={0x14, 0x1, @mcast1}]}, 0x30}, 0x1, 0x0, 0x0, 0x50}, 0x40000)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000001240)={&(0x7f0000001140)={0x10, 0x0, 0x0, 0x4417ab135131a72d}, 0xc, &(0x7f0000001200)={&(0x7f0000001180)={0x78, r8, 0x10, 0x70bd26, 0x25dfdbfc, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x4}, @SEG6_ATTR_ALGID={0x5, 0x6, 0xa}, @SEG6_ATTR_DST={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @SEG6_ATTR_DSTLEN={0x8}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x100}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x81}, @SEG6_ATTR_SECRET={0x18, 0x4, [0x4, 0x6, 0xd42, 0x7, 0xb]}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x401}]}, 0x78}, 0x1, 0x0, 0x0, 0x8011}, 0x0)
connect$unix(r6, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="180100"/13, @ANYRESOCT=r3, @ANYRESDEC=r6, @ANYRES64=r6, @ANYRES64=r2, @ANYRESHEX=r6, @ANYRES8=r5], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r9}, 0x10)
signalfd4(r9, &(0x7f0000000000)={[0x8000000000000000]}, 0x8, 0x0)
sendto$inet6(r0, &(0x7f0000000040)='T', 0x1, 0x0, &(0x7f0000000180)={0xa, 0x0, 0xfffffffc, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, 0xe)
shutdown(r0, 0x1)

1.728424215s ago: executing program 3 (id=123):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000400)=0x200002)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
read$msr(r0, 0x0, 0x0)
write$smackfs_netlabel(0xffffffffffffffff, &(0x7f0000000200)=@l1={{0x19, 0x2e, 0x40, 0x2e, 0x1, 0x2e, 0x4}, 0x20, '.['}, 0x58)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b05d25a806c8c6f94f90524fc600400037a0a000900050282c137153e370e0c1180fc0b10000300", 0x33fe0}], 0x1}, 0x0)

1.633557613s ago: executing program 2 (id=124):
write$vhost_msg(0xffffffffffffffff, &(0x7f00000005c0)={0x1, {&(0x7f0000000400)=""/148, 0x94, &(0x7f00000004c0)=""/195, 0x3, 0x3}}, 0x48)

1.574452174s ago: executing program 0 (id=125):
socket$inet6(0xa, 0x2, 0x38)
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @mcast2}, 0x20)
r1 = memfd_create(0x0, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r1, 0x0)
r2 = userfaultfd(0x1)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000080))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000ffa000/0x4000)=nil, 0x4000}, 0x1})
pwritev(r1, &(0x7f00000002c0)=[{&(0x7f0000000100)='E', 0x1}], 0x1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1200000004000000000000000600000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000003a000000000000f683a09f000000000000"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
open(0x0, 0x133080, 0x12a)
timer_create(0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, @thr={&(0x7f0000000300), &(0x7f0000002500)}}, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r4}, 0x10)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r5 = io_uring_setup(0x168e, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0xffffffff})
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r7, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r7, 0xc01064b5, &(0x7f00000002c0)={&(0x7f0000000100)=[<r8=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r7, 0xc02064b6, &(0x7f00000001c0)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETPLANE(r6, 0xc02064b6, &(0x7f0000000200)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

1.569614378s ago: executing program 3 (id=126):
r0 = socket$inet6(0xa, 0x1, 0x3)
sendmsg$inet6(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000040)="803485a6f09766a105ea924614ddceeac61cab1a5b2ca3b47cab51521c0ba27fe4e69b3954834256c74d6095b53703577b59090f90f8ea9caf67fe2692eb9b20afefdd4329547de46324e81bcc789360647fd70623bb80a3434ea050e9dd100af10ab4a190003ab28f1a1110ea9529cca309fffe7d11cb89347d9ab3250814305997e346edf34d008a3fcad2975bfe4abaa709778783d5279f94b53bfd4573016d", 0xa1}, {&(0x7f0000000100)="03c67ce88ae0a895c60506300e3d205e272a81273c807665a9d34afb5d89d1d2da58ddbd9193ce80fec08e64e7a3fbf423374dc0bf21de04b6cd03a486bdca54c41e02ff08b9480a330fbca3723217ac79d9e592337b3138692753eb2330336623fd9d6bc39452eb9e890e3b05b7a84412bf5da51e5f9783bcc8a1070f", 0x7d}, {&(0x7f0000000180)="874ed194f76a9e2194deacb04f4071fb4a0dde14f62e5f84b7e2a81fc21ebaf982f12fa4ef58f638350f8dfe14308ad4f7a714ea1b026bf4d7fe1042bbf8badb32", 0x41}, {&(0x7f0000000200)="d4c2ce4395fa959cc790", 0xa}], 0x4}, 0x44080)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000340)={<r2=>0x0, @loopback, @local}, &(0x7f0000000380)=0xc)
sendmsg$can_bcm(r1, &(0x7f00000004c0)={&(0x7f00000003c0)={0x1d, r2}, 0x10, &(0x7f0000000480)={&(0x7f0000000400)={0x5, 0xe03, 0x4, {}, {0x77359400}, {0x0, 0x1, 0x1}, 0x1, @can={{0x4, 0x1, 0x1}, 0x5, 0x2, 0x0, 0x0, "5f4034f880081961"}}, 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000500), 0x10200, 0x0)
rt_sigprocmask(0x3, &(0x7f0000002880)={[0x2]}, &(0x7f00000028c0), 0x8)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002940), r3)
sendmsg$NL80211_CMD_SET_NOACK_MAP(r3, &(0x7f0000002a40)={&(0x7f0000002900)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000002a00)={&(0x7f00000029c0)={0x38, r4, 0x800, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0xd92f, 0x4e}}}}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0xffff}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x9}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x24000010)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000002ac0)={0x8, 0x0, &(0x7f0000002a80)=[0x0, 0x0, 0x0, <r5=>0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_SETPLANE(r3, 0xc03064b7, &(0x7f0000002bc0)={0x0, r5, 0x0, 0x4, 0x3ff, 0x1, 0x9, 0x4, 0x5, 0x0, 0x3, 0x5})
shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000002c00)=""/221)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000002e40)={[{0x2b, 'freezer'}, {0x2b, 'net_cls'}, {0x2b, 'rdma'}, {0x2b, 'io'}, {0x2d, 'hugetlb'}, {0x2b, 'devices'}, {0x2d, 'perf_event'}]}, 0x3a)
ioctl$KVM_SET_VAPIC_ADDR(r1, 0x4008ae93, &(0x7f0000002e80)=0xeeef0000)
syz_genetlink_get_family_id$batadv(&(0x7f0000002f00), r1)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000003000)={[{0x2d, 'rlimit'}, {0x2b, 'perf_event'}, {0x2b, 'io'}, {0x2d, 'cpuacct'}, {0x2d, 'freezer'}, {0x2b, 'hugetlb'}, {0x2d, 'cpu'}]}, 0x38)
ioctl$BTRFS_IOC_SNAP_CREATE(0xffffffffffffffff, 0x50009401, &(0x7f00000030c0)={{r1}, "ee2f4fb63b8a2e58fa5d4c7fb58d381e05e28ef72dda80684dc7050da24da4b1479105a9533d3aacc712e35410fb9a5634e01a761b185dddb97ef64926d2eb4d97a2b5ad8310514ca22fc533af11eb3032ab6435bb5964706d6a89fbf0aad77686df7b71ea0de6a56fc4ed4fb493e49e3bed2bf6dae0c99880d5bdfc0e6aff1e57de642de8fdc80bf70e2e886643fcdd0c9b93736b6626b06ac475c6a38f8530c6a707306f16b21dbd676f89737c25b85e8c63ae599bad6dedb0ba581a4c34c082e058a18480aae47e927bf6f810e9b57178702270cf50cb27989ac010fecd955bc0e4dce1b8bd25cd05ec2a255cb58880f714269857cb7798a399145174dff2267f16e25acd364ede233552159c9f9e6933145400d299c0b288622a1849724852996cd7e4adf157d8bb3cb0b691feb61e465a98ce4578de9999db7237014ec42987d4938517113c70ba65efeca1673e8eba041ae46a199097147f4837bc773b6dcc7b94b064ea8f9f34474542d76f049b18198d841e1963e3879796293ce5016da40a37e59d87a0f4360e16ec7918b8e4b612411863a9dad836c3fc402e0ae36048fd73ccf504348a842333fdb6f38f5ad7841e9be59ca6b11d43755e9a341249f952298349d86308da797096b7a34e2b9c0dcff7b09f5ecf696f709c8a8953db65a26c11dade5f10be83ea907dbf9356fee475d6d37a0434a62ea71e85f6bd4d709fd8b925c2df37f76c5534a99f04ad0abecfbb0d15c4aaf968c285134f12f2064c811ce8cc8703c7cdb1b156809378c7254bb619e5541f35c0995a7ae786fb99221483c22d659f5d2871dbdcc9037151469411d2aa5cb9238829b17ea4566ddd703fa412c314ede39335d570da7d1efcc4a96e30cc3757a441e992e789b796a1c26dcbbfcbe075c7dba792c49319e2871b2650427b401eeb7f34e9d8c6b05b996396516aaf4c099e69730e2b5e3d8fc47eb8cc3166729f148014ddd42c796fd6486f2c818a0c6a9f6cf808423870ff74ef2d0a4ce15938c6d787da95d6fb2d90caf5cdbfbc966cfef2d6b3996895ef6ed80dd2378a49248684277a15ad853a5d2f538b88f0386ca42fa123443e5549b11ff8736793b08ff24f86a1686922e406ab435066f2935726f060d26ec8c08b6228bc506db4f3209d88ddaf7eebdc545ca40603733fb35a0b5fe6f51002687d0fc0bb6c4e3ac508397279e5bacff0828733a06148218880ee769dc5501d0e89823271113ed2759c500eab7e48b82c168ad3a9566088a4f39355f77b909da8fdf13a90b3449d647a513913a9e088bca0b71ba13d617eebfb84db6cd65116546a5fb447016bfa466089e6a12f8567cc0a0b592e1cb6c006a6e659c2ec4cd9c8928863cd8e46e56e9301359635ed44a5150aacd4ca91edd68f46ddc300f34ebab13fd1e359779995cc30fb3304be7cc8ddece2a503d76c15cd47b981dd6da5085dbf7cca38272fa155b0198d3b5856874e9cdba2414cca9c8b0863e63e45b795bef2d6a2f4f0c4c2fdc7968ceb5bc2a4262dce39962fcdc4b1a488195a6e1242da38d17ad97e77735988b27e6beccd50d91ce879e12f2e72bc748ea62285bf7cfa4157efae770dcb82e8b1fbb115630f14d5034f59dec6d63d6a01bf02ffdc30f43bd689c23cb4a7dab32cb072631799412005bd53e0a93cc2a3c214f073e3f90ee74b2d73e7be380f83ad8ceb7aa78432db9f5959c47fe82af4bebc110a0385c8ceb4c85fe9ee17abe8d0ecaa75036f6a54f62f8c59265a356fa9c85ac807272d3130fd1746d20bc20f7bc69cc7a3a95414d6234d08c3a33336a3095f62fb0b8d5ca5aed66a4a0b294d5b97550ae714dea62ea94cc3339a40c2a822d074c856fb3ec9e5ef23a5026362903e7c1440e42689e8a462b18731c0f09d4a2653f1b213fe3ba1712178f14b35cb032e08f44ca0098c5c03c9b6e417892ad6c2a9411601f8155be075dfbd650cfb300f8ca7a483a684a855a10a64f27249836a79d5ee713d9254bd0dd2e674c647b03eeddb308d9942d9fc01ef0fb3399a22c075cb94a901dc710c8ea6b276341da8cfbf6365814288ad7694703f26852173dd08883007654cb1972c3a1c38389f3d04c9361a109b770b28e78de2ab00e04b7d471d0161a4e5a9732abea1ac6e8253a9e285a7de49d26e5e9531cd909d7b5117b21c0e08095bd78e484f232d1ad7d38fc62e0616e78ac1649771f1f2831047e32fd37a9d4273bcef3231c79c7658dd101519dd60a8139476dcfa354940269131cacff124f86c411bfc475362bc23a208a21ccf9ef6a43f78dd36463805b7a970d410510b1dd4c484336b0b943017662e193190b2dc9b57a8aa126bc6c8f23975c6226697594979981a63082b88ff34df2c1efb1b407629848ad2838bfddfa21f5030b6695f131b577475499766b8050e8dc5a5b1917abea03b00632704db402d8e3c5da7d83136248360f228d781d28840179d050ab4a6905e0378863af8a23ce0fa2b55e6243a47dd8f6895d7b052ae94e15e216662398a1d6781456e8272c78cdc938e297745551dcd41503d2a66ccbe374feaa862b59c0e307917ebd6e8dd924bf6d4cbafeaab53af1cd9c26fbbbce79f3dce93710016168d6636463eb2a6173c470e91a52ada48e8bd44c507c258d5732305fa1bb94adf9f7a8a06c5820504aeaa2b44a47ba9c3e96094939c0cb458e8eef73ac62187b8cdaccd3c53e7daf66f2dcf7cc18a7b4dad75cd57066e4db5ab48ef7ffdab2a1f4c24f8c9d22588d0de32fa57e1e84afd7b1eb956000eaa149dd0bff5bb17e40d588cd2c13c7aaf50a4c69dc6ed5b3380f9666f2235eaccd432bf042b8087d82fe75264715beb4c5e2f89da985f71b46244773eceea368f181188c498c0213c37ec43a130f970c77a288a60fed86fc730d0ddb5621751312af25dd516d6eddac65df4c671b1076f55ef3eb4375af9e2d72a69b2b729dab214ac5c924cd6d8d139355a1dba0ded03dae800e2b43de52ad5b839d4b899e8942bbe1a91e1ff04c00c15785ac0171e7475e47c2d61d2aa029a03cc9561da5549330ac591b60509121bb4dbe3a5db803c88d285306bf7b654b87f6922251a63fdf4d4cfd5e31037677682f7b6f3e838381ca7cf405bc119a77173afe01c6bdbc8a5a07d289f965ac58143b323700071e3bb66a9ed94ba404a5019ecbde9276a94e0e157a3391d950646ebc02e615cabb1ef3bca184da519a23c3713db63a63b186b5a4aca50c1e3fc87e6cf741e700a87c0ce7be7d8b31795b18083a95a3508fe8d1fda1bdbbc79aac894f8e291a245e06d889936074dfa703ab885cc4843394886f2f54869ddea57e54fb1a3aa5965bbad3f0242b6871eb561a1cb32cd0cbc81e4380a6744edc7039156fda8572b607470bf4d43082655228e4d66b68427e3ddacc4ce248f166eb833141bb86b4ab7e7942adf9041a0b15cc2378d9d53609867dbc6a119a26b0ecde11fb5af61d8c17a393be3607b0eeb804f33c7bcbdb6410eac40acca5c150cf847ecfdb5a69e70df764fcbc1cd1a401dafe2d847c07db5c9cbaa5ee4b4b642f817fce72910d10161030db1d364c399e2b4bcb91735d0a9615c372a4a16f8cf38ee6030ddae882e0cf79d55a2ac390be177a59f26742d1b1e25908d70a3ef9825ee3d5345e5d5e559a254bda00836f0f9a32e031b177b6f1a132c8cc5b78e2629588c1df728338f987710cc8da8db924c9c5c8e7f8ee1e97dcd36049a03d7c355a1a443fb2c3ed436aa6e99093fb3b5f8d36f0c60bfa95d8b67ce95641af5001b7f8214d8678c9639ccea78057f89f945e39cc6d2e146fdcb94f1bd2b671972ea921c5447ab40637250dba856568796e4851af36e49496cec3953cdc55f7fcef896c78d87d4dc2bb6f2286d0e9c0617a6fb13815f90fce7a4ea3ce181c7d62d5bd28ac57e2340ba3d9c51dbc9db6a0afa77811f0d4473cef636d3e294e49c2b0f65ab72adff6e09c6082c78850c2fa041ac9e414c488950d4ac75c6f43807ff8d242bc91027e610d685ce7e222be439e83fdbfb3d6d5069c53af9f7f6be9e3d36e5635d6577c32c5e55dd45d96ad03162616c68809d634cfbf2c2db1d4e8cd71a326cd1acf09869a94c481ddc4d1a6d74d6254e9d31343c6255848974c5b85d7d8ccb519d020589ca1401049cb215663bd4054f5c1ca1d41c2bc133e2e369e1de94943f712c4701aa0b973473b385ced38b5d4f225467c147ab5b42ed431e8a283a83c34b9aa9beddab8697d6ebb4a15d45fd7e11aeb7b9d77ac14dfd250bbe4bbb16ccedaa47e37ccfc9cd22227832ef92602819debba895033e6b7d35ea38eb1a2d3080e505ee08321a335ea2cf1d7b422d683063417db507b5f7d49b1827e72ea954e8eab969c7237736930e7825ae6ffd72898edcb0dc81e3b332d86ddc51e427040b0f6fb26cd2eccd5bba5780f1f29f7a9235212489967f275bd23a091fc291491609cc704398476487565a6d4ebfd29346da0bb78e3ad9b9c1cce5405bb2296b3472168edfb6132492abb5b201ab90e76918721f9df7a0c7bb2bd83fbec8f1fc7790ac394c2df74edbbd75b57d3b2314ce5316c5cee00f31374b76db7078ce597b60299d6cb6446582a0f9175e9747e382f4f73526ac40ebb2cbecd021df5ad5e59d44f086c1f3c6cc861e50a1e782e9ad33a713786d8cf5343b9462c50ce7a8d35a422df971ac94c105cbcebd060d9c79ca52f1275bffdf93dd71c8b342d0b43c0c8ef86fde74c393dbb3bf23fbb009e4e4d25e530405f9fe693cd3f739357b96ca481a4c2e5cac8e9de36854d20334497fde65e93fb580b2f8e666e69c644d7a013fe82cb50f05338b727cb5bd04dd929f5aa01cb95f3c9d8e55e8927989e3bb2ceae23c5db8fce4a505ce8036ad67d984dbdbc8d9ad0ae330e8eb986508f55e2d45d1747a3c7a318c5c3aa02b30729adbdda72c0f09149d689490e8ea0ccf0566bcc01117feec7f52b8eab196c66b8ab09d8bf3f040b92a3bfe76a32ae9e4e6887ec14927b0dd9dc73228a4262fb7f18772611c48f4d5a93667fce53627f415f435521f0fa200a8ba0a68ed225b09fc3b1b8ad855b499d8e08ff40941c959362389309daef3d5cb487fce0db0c1e163f4c66672302b71e99e99fe7a3ac79db32bc84f2d1dd1271c779c2b6657614f5a5172de1d8a99d9e179d5ce82810384194e6de69704731323821561a9130495b0bc7ef4efe2ace4a04cb359aa5e11ecc84b0822c494f0f34b15b4045790ec137297dcc7631f10ebd5528257b2a73bb976483748aeb4a709c43ab1d9de38df9b2b8051ce68f4a2984d6c957cfd3174467c674b213f7474906bf7d5e24fba7e52aa111e4bfaebd0bfb86593149ddb02fbdea03e7d420715d364e0ee0022341153fd59a71cb9eaef6c087606f1f09523a7479dc0bf8f1397d0931febe538084bf5472cba03332f41d94b1e957be1bc7cd66a26d888401dba363ad1f7ed8c50254c4e2d58afdcde99a5a1b818a0ae6886a67fa8e54d2766f7f8f807ef3be5fd2374d05a3f40bdb9120663b0da62374d0035a99c7e6b4fca1f5bdfad4893d5901d7d4f6c40944297e307f1954ac8a479c841a13fb4eed364a540bf530cd6545b68f6d09ba95c26c98eee5d87e9ab3d8d0b82ddbbb229f5c0cc9f88b8bad629b6db843855ae218764355901aba1987643855a9c6a687e8477f9d623bfe84a3a010f06e6d70868da9fb0111fc1df685cd99e397f95f45ba8b3e7b465be33134b4a43db"})

1.459420429s ago: executing program 2 (id=127):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x3, &(0x7f0000000300)=0x401)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
creat(&(0x7f0000000040)='./file0\x00', 0x72)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
socket$rds(0x15, 0x5, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0xfffffffffffffffe)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_POWER_SAVE(r3, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x80}, 0x1c)
listen(r6, 0x0)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r8 = accept(r5, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f00000002c0)=ANY=[@ANYRES8=r8, @ANYRES16=r5], 0xfffffdef}}, 0x20040045)
syz_emit_ethernet(0x10c, &(0x7f0000000480)=ANY=[@ANYBLOB="aa07aaaaaabbffffffffffff86dd60dd690b00d62ffffc000000000000000000000000000000ff0200000000000000000000000000015c10000700000000fe880000000000000000000000000101fc020000000000000000000000000001fe8000000000000000000000000000aaff020000000000000000000000000001ff020000000000000000000000000001fe800000000000000000000000000018fe8000000000000000000000000000aafe880000000000000000000000000101242022eb000000000000000000000800000086dd000100080005080088be00000000100000000100000000000000080022eb000000002000e0ff020000000000000200000000080065580000000003555a0616e6883cb35c00c93d5f97c7a4235a90d6e02503461655ac2b80904f10ce821c83d34ac0a5f12319a16ae0609a0e0bf882be"], 0x0)
setsockopt$inet6_tcp_int(r8, 0x6, 0x12, &(0x7f00000000c0), 0x3f)
socket$inet_smc(0x2b, 0x1, 0x0)

1.459202202s ago: executing program 1 (id=128):
socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, 0x0, 0x4894)
accept$packet(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xec)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r0, r1, 0x6, 0x0, @void}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
r3 = openat$vcs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = mmap$binder(&(0x7f00007ce000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x0)
r5 = mmap$binder(&(0x7f0000ff2000/0xd000)=nil, 0xd000, 0x1, 0x11, r3, 0x5000000000)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000600)={0xdc, 0x0, &(0x7f0000000740)=[@free_buffer={0x40086303, r4}, @enter_looper, @acquire, @free_buffer={0x40086303, r5}, @request_death={0x400c630e, 0x2}, @transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000380)={@fda={0x66646185, 0xa, 0x0, 0x29}, @ptr={0x70742a85, 0x0, &(0x7f0000000280)=""/206, 0xce, 0x1, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1a}}, &(0x7f0000000200)={0x0, 0x20, 0x48}}}, @request_death={0x400c630e, 0x2}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f00000006c0)={@fd={0x66642a85, 0x0, r2}, @flat=@handle={0x73682a85, 0x100a, 0x3}, @fd={0x66642a85, 0x0, r3}}, &(0x7f00000004c0)={0x0, 0x18, 0x30}}, 0x40}], 0xc1, 0x0, &(0x7f0000000840)="ace921091b5af09123758573500d1255add5986b9d8780f1d2db86f754c6fe591a5630e66606da2089f2d09262a5773e4a65532ed4b93cf2b731feb0a33cd6e47eeb59569f0f230765ea2750f4871da562ea9e0020adb05cac619da9de7c9ebdd4799b282c5d822d6294a26e93199bc8e986b206775aa4ee9fe911819a438b33dd268a9e06c29be1bdc494ca0ddf74ed0b5c38121e607a34bfa25c4fe0cb96538e225a3052bee505f968035fa3cb939fab1a93084f6e7ddb3ae9897843c07b9263"})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0xc, 0x0, &(0x7f0000000340)=[@free_buffer={0x40086303, r4}], 0x0, 0x0, 0x0})
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000080)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r7, 0x40047438, &(0x7f0000000180)=""/246)
writev(r7, &(0x7f0000000440)=[{&(0x7f0000000280)="c021", 0x1700}], 0x1)

1.341227231s ago: executing program 3 (id=129):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe2}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = dup2(r1, r1)
ioctl$BTRFS_IOC_SEND(r0, 0x40489426, &(0x7f00000002c0)={{r2}, 0x0, 0x0, 0x570, 0x19, 0x1})
sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f000001ce80)=[{{0x0, 0x0, &(0x7f0000000900)=[{0x0}, {0x0}, {&(0x7f0000003d80)="08ffffffff0f27ba8a9619ab35", 0xd}], 0x3}}, {{0x0, 0x0, &(0x7f0000003b80)=[{&(0x7f0000000240)}, {&(0x7f0000001800)}, {0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000002ac0)="df29d0908a2b053dda3044ba1b614021d0c5862f2d1c6ad8ec772af2a8707e5441e41593980185a12a7ae3b8762bf4e8731391dbe64ed612783a0fb6dd698cb5dae6c0f8d0765083ebac50258e5d17d8859f3f41e0a7981aa741d38192bdfe8d4f9284cfd45202557cb22d01f2a5b27a13429c896c6df3f77bef9cad4da422b51f215095fa58e5f82376a267fd2f2e6f3a579d3257d3f77defcf0d4d7953203736583d1f668b9b0b488fd7a16ee41c176daa6b5b212025c3755ef24652a80cdabf8f681fba7dc3d94c9d50ca360e77025b4593d6086cd0ba13e3bfde5f5e0a9b31f49e4606e434da7c4141f76030c94516b8d068009e6f065bbe35caa47af655a2204084c2136fa7ade38086f6bc395708f7760b61ea3060d408cc65c1998bbcccd0114b5b7dcb07ddaf879d6ee40a5b1980534fcaee8234f8cb4a3069ce4d59568f906ba52f2fcc9e82185f5d1ae5b13a6f6ccce92243677c433edc3364d33891bfba4422a5c544e67f6626d680d8bf532d1e84e2a90a5bc0c1e0edca7a2197f4784dc09a9d1473ab228bcf20ea1b566517e11838309cac75df9eae923f49f0718de000e8cd30f3c14c40b089f975cc81fbe10735c21c1da64ce0abf393a5f2e8c656d38af436ac790ff80f33eaee1bb54336bc29175e17e3e4233f8562663730ee5489d06234f9b77243f253308e525938427357ac774169ae623f478dc4e4c66d36409bb3a993b63ebc601ba9b304f51057d8537486cc26d5cce4b7d1165d2488453f0d3fd99c93377a16bb9516a34867f8e8cbb53109046a1482744cf1a98354130c0fadf855befa46b3001497069b299bf0105831c68a27e77f92f99fc5da0afff7f8ef5f1e98c0fe5a3d7385a4fe18efe7608c7eb2bc11720f9755d419a469c1b786684b35d6a37a5618bf6294ab8653340e70b08dadbad96938ad9ff53d260fb28f89b38858c6052d0ba918cf90b1cec0a780e7d83594ced26d8887c45f06cbb659381898d0d34dd250a50eb9348550c3407eecb29b15bc45b3559f0e3d06d930150e0f818d854c216fb4d1a08ecd21ab5dc8e023c8c5c0bd467468c4aa9758a9fff2b7bfd1404fd12364a4318f31c95760c1761ff2a8850e08278473945d301256174dd26a779f02f22ed371a2b85f4dabddf9ed7f5315da74c5314797e6aeffccff90ae4b466175b33e91076254bd14ab7fb45413f4c5eb2df7693a26dcad5e0380ffdfa90aaede3ccc51a7bc501660e1294f33266526bff3c83052750f634a642c935b6144aee1f4a2b0ee9af8b88ca5099c430120d3e4246519b9243bf1f9633e3d4f0fc61a37831e5ed964a9f2f9d4d2f030cb97a23991dfe2a98f4af6f0656dc5ce579cbba5534548daf27d8bad606493d85ab0c1184d723d02328145eb6055f197d527e5dd2fceac05261e1f1261b1bb85612c34de60b9a4432d6ecd09798ebca17009754ab6bb40e9c08c9e8d6b1b105d0cb1eb4364c9568df8e505534c976def2eeab7b8f8f7433ab7ca1a592ab42f30b78db724655866045ff7422fb0e0d7b15fc345690a03178b80da5905ab4440f95dae86a90277225874999459c754126a92d054e095e1fb5f4b7eb501d2894c25b476ee65b05229762f0190239fbac5e36ba17be1550a6c78b96df72e00963698c676c6232de54b3442ae04c7399e5e5a3e48d3d3f8bc6cb5e2bf2b02519404c776f746ac3022e339e463a0ebe933f189f0caf2dfac1684e0c17f31567de41f81dfcaac53fa285fec43b4341115ab99697bd406d9d8af06e88886b5535b11e29f52ae901e8bcfc3e92b36d0ae9b1539134b66593f88788834f5fc2f748a6166f1363fdbe2d23e809ff08b43f8c684b4e03159843ce872838a1248a946d1384a0905eb306b0e9806804090fb30683a36bcb604ae26d836f9f5d181a2a0f79004a07620808bdd73c7c223d88358f763041139ac7fa90da7a8b2893df0f51a3d73051318de5d0819558fbd7b910c18205cb79d5378e19484c3cc2e8f4e3c0199a74537807cefa68651045e676dc42d904581df28eb7a61bfecae8800c2b046eef2714e043301ca61f793928f1e2f825074aed125d6827981ca9f8afac48214396718ee1789e6a8dd69f9ef24ca9582103f81c68daba0f5ab16fae5fc40da1ab1ef9b8a4eb82b3ef1692b237a7f19929960f2656ce5143ce9a928931e2fa5818b4505abeda0ea1f6a22187eebec94e14f30be8ef2e42f281a19731d7b39a35d595c0f90f272d1af2575b50c5733099bc3d01f31eac9603abb9d2d9f5fa25de123bf97e9eae30fe07c7a26639e8a1c2eb33275a9eb6a37471e5d884fc166ef7407c011c325efe4726334a1988f903d8c872da2efcbd1d7554c540c5ad8d4bcc1475014445478dd39fa8823c370beff1cd84a07087cea86f3be12d1deb86c19096d89a22f65d1edf1841761471c59890459588442a2e5c8e2c6c142114790f1b9cf762824c08b86d5a2f7faa11a1e633dd91cd2ba69f8dff015552267e753ca2cb9a906f78cb0d98641df59a8e9c37a78780c2ee35e22b1e8aba64bea4f7dd0ae9660d7e9ac19163720228d8b340918d8721436cf9ecd4c01a34be397af4269", 0x734}], 0x7, &(0x7f0000003c40)=[@ip_ttl={{0x14, 0x0, 0x2, 0xfffffffc}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@generic={0x86, 0x5, "aa6dd1"}, @cipso={0x86, 0x6}]}}}], 0x38}}], 0x2, 0x0)

146.711552ms ago: executing program 2 (id=130):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_extract_tcp_res$synack(&(0x7f0000000000)={0x41424344, <r1=>0x41424344}, 0x1, 0x0)
syz_emit_ethernet(0x139, &(0x7f00000002c0)={@empty, @link_local, @void, {@ipv4={0x800, @tcp={{0x16, 0x4, 0x2, 0x10, 0x12b, 0x64, 0x0, 0x9, 0x6, 0x0, @broadcast, @multicast2, {[@cipso={0x86, 0x42, 0x1, [{0x6, 0xb, "1244b5171f97145903"}, {0x5, 0x11, "0d618623fc2f20c44a8825160850da"}, {0x5, 0x11, "5bf78ed920ae5f0d9122b031ddec90"}, {0x7, 0xf, "b25a104cc0f51d420434f9428e"}]}]}}, {{0x4e22, 0x4e22, 0x41424344, r1, 0x0, 0x0, 0x8, 0x80, 0x8, 0x0, 0x5, {[@generic={0x27, 0xa, "6312e25941099e2e"}]}}, {"d889925815e28ff5b3a2e355e81782712d2243b2420d5b7f1669492a3c1482472f4c14ac4f1c9468e4bf3a324b29228ba3bf1c775e945779085325ced7504c78eea1e8fcb38718b6b79c711588c22b2eee00e7163dc5e07effc0df6eae4374e580cc1f0850c677ff0c25810d7a123a6369b1c384bde7365132193e06c39e0b02152d7427f820df2458abe123625beb2512c0f6a7d83689fde36a87fc9b1d8103bd6f12f780403f32628df544c779c3b3637cd8"}}}}}}, &(0x7f0000000080)={0x0, 0x2, [0x1b0, 0xa8a, 0xcfc, 0x16]})
syz_emit_ethernet(0x3a, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@mss={0x2, 0x4, 0xa005}]}}}}}}}, 0x0)

98.081532ms ago: executing program 4 (id=131):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
mremap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000c51000/0x2000)=nil)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmmsg$inet6(r2, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000580)="02d7c84546a2885b359af363e4e7de79c9db28b44f78f2a977827636b473a9424f44fec684dee6d0d13d0b8d824f92f71333c66e421b8f2bad1cd7273e0daca3b77f99935f36381dc5e9b9f9e5ccc44b3f4ad75edc0f03a6d7f1b45a786750ab8ba8df3696417af65c25f3df46315b832f90d3fe978d139a40286ea3423719a5a791fb9c5054a80a46e7d3c1ff2de68ef509cbad292f4e767c4d5ab126827a57e733aeea3d51d5e5", 0xa8}, {0x0}, {&(0x7f00000002c0)="1949d64c96c402221f", 0x9}, {&(0x7f0000000780)="fc", 0x1}], 0x4}}], 0x1, 0x0)
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x4004, r1})

35.560653ms ago: executing program 3 (id=132):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, r3)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
timer_create(0x0, &(0x7f0000000180)={0x0, 0x13, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000240))
socket(0x2, 0x3, 0x6)
r5 = open_tree(0xffffffffffffff9c, &(0x7f00000012c0)='\x00', 0x89901)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
connect$unix(r5, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

17.535198ms ago: executing program 0 (id=133):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x15, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x3, 0x0, 0x6, 0x1, 0x0, 0xc}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000631108000000000007000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
socket$netlink(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x19, 0x4, 0x4, 0x3, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r1}, &(0x7f0000000000), &(0x7f0000000500)=r1}, 0x20)
r2 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$RXRPC_SECURITY_KEY(r0, 0x110, 0x1, &(0x7f0000000140)='\x85\x00', 0x2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r4=>0x0})
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_SNDMTU(r5, 0x112, 0xe, 0x0, &(0x7f0000000080))
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r4, @ANYBLOB="0200000000020000"], 0x20}}, 0x0)

0s ago: executing program 4 (id=134):
socket$nl_route(0x10, 0x3, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = syz_io_uring_setup(0x6167, &(0x7f0000000480)={0x0, 0x0, 0x10100, 0x2}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x2d3e, 0xea37, 0x0, 0x0, 0x0) (fail_nth: 4)

kernel console output (not intermixed with test programs):

DUID 00:04:48:2f:83:80:5e:82:2f:af:2e:03:8c:bf:d4:14:8e:03
forked to background, child pid 4883
[   29.291071][ T4884] 8021q: adding VLAN 0 to HW filter on device bond0
[   29.304633][ T4884] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.11' (ED25519) to the list of known hosts.
syzkaller login: [   54.127229][ T5202] cgroup: Unknown subsys name 'net'
[   54.235325][ T5202] cgroup: Unknown subsys name 'cpuset'
[   54.243317][ T5202] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   55.465826][ T5202] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   57.512656][ T5222] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   57.520555][ T5222] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   57.529377][ T5222] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   57.537921][ T5222] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   57.539164][ T5227] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   57.547539][ T5222] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   57.553504][ T5227] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   57.566694][ T5227] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   57.574392][ T5227] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   57.574850][ T5222] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   57.588988][ T5227] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   57.597048][ T5227] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   57.602796][ T5222] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   57.605211][ T5227] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   57.611162][ T5232] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   57.619316][ T5227] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   57.625939][ T5232] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   57.639194][ T5227] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   57.639866][ T5232] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   57.653601][ T5227] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   57.653982][ T5222] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   57.667914][ T5227] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   57.668711][ T5222] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   57.676234][ T5227] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   57.682625][ T5222] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   57.697340][ T5222] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   57.705756][   T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   57.713876][   T55] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   57.714906][ T5222] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   57.722803][   T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   58.116943][ T5223] chnl_net:caif_netlink_parms(): no params data found
[   58.169817][ T5215] chnl_net:caif_netlink_parms(): no params data found
[   58.205294][ T5221] chnl_net:caif_netlink_parms(): no params data found
[   58.279528][ T5213] chnl_net:caif_netlink_parms(): no params data found
[   58.295710][ T5212] chnl_net:caif_netlink_parms(): no params data found
[   58.390191][ T5215] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.399591][ T5215] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.408473][ T5215] bridge_slave_0: entered allmulticast mode
[   58.416887][ T5215] bridge_slave_0: entered promiscuous mode
[   58.425296][ T5223] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.432764][ T5223] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.439889][ T5223] bridge_slave_0: entered allmulticast mode
[   58.447026][ T5223] bridge_slave_0: entered promiscuous mode
[   58.468202][ T5221] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.475387][ T5221] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.482847][ T5221] bridge_slave_0: entered allmulticast mode
[   58.489327][ T5221] bridge_slave_0: entered promiscuous mode
[   58.496313][ T5215] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.503508][ T5215] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.510611][ T5215] bridge_slave_1: entered allmulticast mode
[   58.517859][ T5215] bridge_slave_1: entered promiscuous mode
[   58.524786][ T5223] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.531867][ T5223] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.539321][ T5223] bridge_slave_1: entered allmulticast mode
[   58.545987][ T5223] bridge_slave_1: entered promiscuous mode
[   58.586474][ T5221] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.593942][ T5221] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.601067][ T5221] bridge_slave_1: entered allmulticast mode
[   58.608037][ T5221] bridge_slave_1: entered promiscuous mode
[   58.658743][ T5223] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.669613][ T5223] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.695449][ T5212] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.702655][ T5212] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.709790][ T5212] bridge_slave_0: entered allmulticast mode
[   58.719536][ T5212] bridge_slave_0: entered promiscuous mode
[   58.737404][ T5221] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.749192][ T5215] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.768810][ T5223] team0: Port device team_slave_0 added
[   58.775116][ T5213] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.782329][ T5213] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.789500][ T5213] bridge_slave_0: entered allmulticast mode
[   58.796196][ T5213] bridge_slave_0: entered promiscuous mode
[   58.803835][ T5213] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.810915][ T5213] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.818461][ T5213] bridge_slave_1: entered allmulticast mode
[   58.826446][ T5213] bridge_slave_1: entered promiscuous mode
[   58.833719][ T5212] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.840980][ T5212] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.848308][ T5212] bridge_slave_1: entered allmulticast mode
[   58.854842][ T5212] bridge_slave_1: entered promiscuous mode
[   58.864056][ T5221] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.874699][ T5215] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.893409][ T5223] team0: Port device team_slave_1 added
[   58.954055][ T5221] team0: Port device team_slave_0 added
[   58.961812][ T5215] team0: Port device team_slave_0 added
[   58.979201][ T5213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.989839][ T5212] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.000881][ T5212] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.011975][ T5221] team0: Port device team_slave_1 added
[   59.019217][ T5215] team0: Port device team_slave_1 added
[   59.028673][ T5223] batman_adv: batadv0: Adding interface: batadv_slave_0
[   59.035688][ T5223] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.062780][ T5223] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   59.075895][ T5213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.116381][ T5223] batman_adv: batadv0: Adding interface: batadv_slave_1
[   59.123436][ T5223] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.149428][ T5223] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   59.197124][ T5213] team0: Port device team_slave_0 added
[   59.205943][ T5213] team0: Port device team_slave_1 added
[   59.221346][ T5212] team0: Port device team_slave_0 added
[   59.228686][ T5212] team0: Port device team_slave_1 added
[   59.235155][ T5221] batman_adv: batadv0: Adding interface: batadv_slave_0
[   59.242103][ T5221] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.268762][ T5221] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   59.280543][ T5215] batman_adv: batadv0: Adding interface: batadv_slave_0
[   59.290105][ T5215] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.316591][ T5215] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   59.329565][ T5215] batman_adv: batadv0: Adding interface: batadv_slave_1
[   59.336718][ T5215] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.362775][ T5215] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   59.390074][ T5221] batman_adv: batadv0: Adding interface: batadv_slave_1
[   59.397620][ T5221] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.424139][ T5221] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   59.445297][ T5213] batman_adv: batadv0: Adding interface: batadv_slave_0
[   59.452892][ T5213] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.479269][ T5213] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   59.524466][ T5213] batman_adv: batadv0: Adding interface: batadv_slave_1
[   59.531434][ T5213] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.557977][ T5213] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   59.570037][ T5212] batman_adv: batadv0: Adding interface: batadv_slave_0
[   59.577852][ T5212] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.604166][ T5212] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   59.616700][ T5212] batman_adv: batadv0: Adding interface: batadv_slave_1
[   59.624031][ T5212] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.650542][ T5212] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   59.668854][ T5223] hsr_slave_0: entered promiscuous mode
[   59.674967][ T5223] hsr_slave_1: entered promiscuous mode
[   59.696255][ T5221] hsr_slave_0: entered promiscuous mode
[   59.702574][ T5221] hsr_slave_1: entered promiscuous mode
[   59.708575][ T5221] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   59.716789][ T5221] Cannot create hsr debugfs directory
[   59.773135][ T5225] Bluetooth: hci1: command tx timeout
[   59.778742][   T55] Bluetooth: hci3: command tx timeout
[   59.778759][ T5229] Bluetooth: hci4: command tx timeout
[   59.779237][ T5229] Bluetooth: hci2: command tx timeout
[   59.784713][ T5225] Bluetooth: hci0: command tx timeout
[   59.817084][ T5215] hsr_slave_0: entered promiscuous mode
[   59.823653][ T5215] hsr_slave_1: entered promiscuous mode
[   59.829587][ T5215] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   59.837772][ T5215] Cannot create hsr debugfs directory
[   59.898256][ T5212] hsr_slave_0: entered promiscuous mode
[   59.904625][ T5212] hsr_slave_1: entered promiscuous mode
[   59.910569][ T5212] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   59.918743][ T5212] Cannot create hsr debugfs directory
[   59.943803][ T5213] hsr_slave_0: entered promiscuous mode
[   59.949823][ T5213] hsr_slave_1: entered promiscuous mode
[   59.958570][ T5213] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   59.967013][ T5213] Cannot create hsr debugfs directory
[   60.177934][ T5223] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   60.205599][ T5223] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   60.227828][ T5223] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   60.243894][ T5223] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   60.296083][ T5215] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   60.310891][ T5215] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   60.342596][ T5215] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   60.351055][ T5215] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   60.359659][ T5221] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   60.369349][ T5221] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   60.398860][ T5221] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   60.411030][ T5221] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   60.462104][ T5213] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   60.508085][ T5213] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   60.532130][ T5213] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   60.541151][ T5213] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   60.560903][ T5223] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.578912][ T5212] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   60.591545][ T5212] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   60.612077][ T5212] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   60.636174][ T5223] 8021q: adding VLAN 0 to HW filter on device team0
[   60.645408][ T5212] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   60.701590][ T5215] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.725761][ T2939] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.733042][ T2939] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.743418][ T2939] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.750482][ T2939] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.776139][ T5221] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.791171][ T5215] 8021q: adding VLAN 0 to HW filter on device team0
[   60.825096][ T2939] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.832186][ T2939] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.856457][ T2906] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.863579][ T2906] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.873957][ T5221] 8021q: adding VLAN 0 to HW filter on device team0
[   60.910772][ T2939] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.917896][ T2939] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.930252][ T5223] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   60.980173][ T2939] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.987323][ T2939] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.028676][ T5213] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.039083][ T5212] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.109570][ T5212] 8021q: adding VLAN 0 to HW filter on device team0
[   61.130202][ T5213] 8021q: adding VLAN 0 to HW filter on device team0
[   61.168862][ T2906] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.176064][ T2906] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.188608][ T2906] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.195739][ T2906] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.206957][ T2906] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.214270][ T2906] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.240039][ T5221] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   61.260014][ T2906] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.267111][ T2906] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.339007][ T5223] 8021q: adding VLAN 0 to HW filter on device batadv0
[   61.368919][ T5213] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   61.487403][ T5215] 8021q: adding VLAN 0 to HW filter on device batadv0
[   61.574994][ T5221] 8021q: adding VLAN 0 to HW filter on device batadv0
[   61.636175][ T5223] veth0_vlan: entered promiscuous mode
[   61.660592][ T5223] veth1_vlan: entered promiscuous mode
[   61.682918][ T5215] veth0_vlan: entered promiscuous mode
[   61.755353][ T5213] 8021q: adding VLAN 0 to HW filter on device batadv0
[   61.768643][ T5223] veth0_macvtap: entered promiscuous mode
[   61.783154][ T5215] veth1_vlan: entered promiscuous mode
[   61.796315][ T5221] veth0_vlan: entered promiscuous mode
[   61.811040][ T5223] veth1_macvtap: entered promiscuous mode
[   61.854147][ T5225] Bluetooth: hci2: command tx timeout
[   61.859594][ T5225] Bluetooth: hci1: command tx timeout
[   61.866159][   T55] Bluetooth: hci4: command tx timeout
[   61.866180][ T5222] Bluetooth: hci0: command tx timeout
[   61.866214][ T5222] Bluetooth: hci3: command tx timeout
[   61.895262][ T5223] batman_adv: batadv0: Interface activated: batadv_slave_0
[   61.907279][ T5223] batman_adv: batadv0: Interface activated: batadv_slave_1
[   61.920634][ T5212] 8021q: adding VLAN 0 to HW filter on device batadv0
[   61.941798][ T5215] veth0_macvtap: entered promiscuous mode
[   61.966173][ T5221] veth1_vlan: entered promiscuous mode
[   61.980467][ T5223] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.003562][ T5223] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.013452][ T5223] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.022168][ T5223] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.046851][ T5215] veth1_macvtap: entered promiscuous mode
[   62.135474][ T5221] veth0_macvtap: entered promiscuous mode
[   62.157803][ T5215] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   62.175933][ T5215] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.187244][ T5215] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.197043][ T5221] veth1_macvtap: entered promiscuous mode
[   62.220616][ T5215] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   62.231596][ T5215] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.243342][ T5215] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.284027][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.294205][ T5212] veth0_vlan: entered promiscuous mode
[   62.303805][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.327108][ T5215] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.336510][ T5215] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.346420][ T5215] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.355311][ T5215] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.376404][ T5221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   62.387175][ T5221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.397529][ T5221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   62.410853][ T5221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.423187][ T5221] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.438065][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.439639][ T5213] veth0_vlan: entered promiscuous mode
[   62.452593][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.479909][ T5212] veth1_vlan: entered promiscuous mode
[   62.502380][ T5221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   62.517420][ T5221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.527795][ T5221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   62.533715][ T5223] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   62.538565][ T5221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.570040][ T5221] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.579282][ T5213] veth1_vlan: entered promiscuous mode
[   62.600685][ T5221] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.624827][ T5221] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.638548][ T5221] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.647401][ T5221] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.853221][ T5212] veth0_macvtap: entered promiscuous mode
[   62.869443][ T5213] veth0_macvtap: entered promiscuous mode
[   62.879043][ T5213] veth1_macvtap: entered promiscuous mode
[   63.139182][ T5212] veth1_macvtap: entered promiscuous mode
[   63.164257][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   63.300157][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.365755][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.598938][ T5212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   63.643456][ T5212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.660650][ T5212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   63.677141][ T5212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.698185][ T5212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   63.711184][ T5212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.728515][ T5212] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.748959][ T5212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   63.759990][ T5212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.776612][ T5212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   63.790137][ T5212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.806006][ T5212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   63.817986][ T5212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.835231][ T5212] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.872598][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   63.892716][ T1112] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.910783][ T1112] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.930310][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.932722][ T5222] Bluetooth: hci3: command tx timeout
[   63.944632][ T5229] Bluetooth: hci1: command tx timeout
[   63.945675][ T5222] Bluetooth: hci4: command tx timeout
[   63.950855][ T5229] Bluetooth: hci0: command tx timeout
[   63.956479][ T5222] Bluetooth: hci2: command tx timeout
[   63.967186][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   63.977681][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.988438][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   63.999852][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.010281][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.021999][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.033954][ T5213] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.056550][ T5212] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.065718][ T5212] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.074917][ T5212] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.083838][ T5212] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.111997][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.122992][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.136707][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.142573][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.154897][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.165583][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.179649][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.191945][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.202030][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.212727][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.225216][ T5213] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.249541][ T5213] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.258833][ T5213] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.267878][ T5213] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.276827][ T5213] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.302946][ T5230] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   64.351732][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.379912][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.494538][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.515502][ T5230] usb 2-1: too many configurations: 100, using maximum allowed: 8
[   64.527380][ T2906] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.535611][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.563643][ T2906] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.579645][ T5230] usb 2-1: unable to read config index 0 descriptor/start: -61
[   64.593528][ T5230] usb 2-1: can't read configurations, error -61
[   64.609296][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.617998][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.628599][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.644186][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.752391][ T5230] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   64.824241][ T5313] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   64.922936][ T5230] usb 2-1: too many configurations: 100, using maximum allowed: 8
[   64.961348][ T5230] usb 2-1: unable to read config index 0 descriptor/start: -61
[   64.971866][ T5230] usb 2-1: can't read configurations, error -61
[   64.982627][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   65.029303][ T5230] usb usb2-port1: attempt power cycle
[   65.048975][ T5326] capability: warning: `syz.3.9' uses 32-bit capabilities (legacy support in use)
[   65.088254][ T5327] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.9'.
[   65.111096][ T5327] openvswitch: netlink: IP tunnel attribute has 3060 unknown bytes.
[   65.382742][ T5230] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   65.403675][ T5230] usb 2-1: too many configurations: 100, using maximum allowed: 8
[   65.414057][ T5230] usb 2-1: unable to read config index 0 descriptor/start: -61
[   65.435730][ T5230] usb 2-1: can't read configurations, error -61
[   66.012488][ T5225] Bluetooth: hci0: command tx timeout
[   66.018781][ T5222] Bluetooth: hci4: command tx timeout
[   66.024676][ T5222] Bluetooth: hci1: command tx timeout
[   66.030776][ T5222] Bluetooth: hci3: command tx timeout
[   66.044120][ T5225] Bluetooth: hci2: command tx timeout
[   66.138691][ T5230] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   66.172741][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   66.232476][ T5230] usb 2-1: too many configurations: 100, using maximum allowed: 8
[   66.272552][ T5230] usb 2-1: unable to read config index 0 descriptor/start: -61
[   66.301976][ T5230] usb 2-1: can't read configurations, error -61
[   66.331668][ T5230] usb usb2-port1: unable to enumerate USB device
[   66.339535][    T0] NOHZ tick-stop error: local softirq work is pending, handler #348!!!
[   66.372120][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   66.381921][ T5341] Zero length message leads to an empty skb
[   66.404691][    T0] NOHZ tick-stop error: local softirq work is pending, handler #01!!!
[   66.452467][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   66.452578][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   66.460752][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   66.469437][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   67.301092][ T5355] can0: slcan on ptm0.
[   68.140951][ T5350] can0 (unregistered): slcan off ptm0.
[   68.322498][ T5370] warning: `syz.3.16' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   69.068202][ T5375] syz.1.21 uses obsolete (PF_INET,SOCK_PACKET)
[   69.182388][ T5376] FAULT_INJECTION: forcing a failure.
[   69.182388][ T5376] name failslab, interval 1, probability 0, space 0, times 0
[   69.622348][ T5376] CPU: 0 UID: 0 PID: 5376 Comm: syz.0.20 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[   69.632550][ T5376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   69.642605][ T5376] Call Trace:
[   69.645875][ T5376]  <TASK>
[   69.648797][ T5376]  dump_stack_lvl+0x241/0x360
[   69.653484][ T5376]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.658674][ T5376]  ? __pfx__printk+0x10/0x10
[   69.663257][ T5376]  ? __kmalloc_cache_noprof+0x44/0x2c0
[   69.668707][ T5376]  ? __pfx___might_resched+0x10/0x10
[   69.673986][ T5376]  should_fail_ex+0x3b0/0x4e0
[   69.678667][ T5376]  should_failslab+0xac/0x100
[   69.683344][ T5376]  ? __rdma_create_id+0x65/0x590
[   69.688278][ T5376]  __kmalloc_cache_noprof+0x6c/0x2c0
[   69.693567][ T5376]  ? __pfx_ucma_event_handler+0x10/0x10
[   69.699109][ T5376]  __rdma_create_id+0x65/0x590
[   69.703872][ T5376]  ? __pfx_ucma_event_handler+0x10/0x10
[   69.709408][ T5376]  rdma_create_user_id+0x83/0xc0
[   69.714342][ T5376]  ucma_create_id+0x2d0/0x500
[   69.719013][ T5376]  ? __might_fault+0xaa/0x120
[   69.723689][ T5376]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   69.729667][ T5376]  ? __pfx_ucma_create_id+0x10/0x10
[   69.734862][ T5376]  ? __might_fault+0xc6/0x120
[   69.739535][ T5376]  ? __pfx_ucma_create_id+0x10/0x10
[   69.744722][ T5376]  ucma_write+0x2d9/0x420
[   69.749044][ T5376]  ? __pfx_ucma_write+0x10/0x10
[   69.753882][ T5376]  ? __sanitizer_cov_trace_const_cmp4+0x11/0x90
[   69.760116][ T5376]  ? rw_verify_area+0x1c3/0x6f0
[   69.764962][ T5376]  vfs_writev+0x5a9/0xba0
[   69.769286][ T5376]  ? __pfx_ucma_write+0x10/0x10
[   69.774126][ T5376]  ? __pfx_vfs_writev+0x10/0x10
[   69.778976][ T5376]  ? __rcu_read_unlock+0xa1/0x110
[   69.784049][ T5376]  ? __fdget_pos+0x19a/0x320
[   69.788648][ T5376]  do_writev+0x1b1/0x350
[   69.792887][ T5376]  ? __pfx_do_writev+0x10/0x10
[   69.797644][ T5376]  ? do_syscall_64+0x100/0x230
[   69.802404][ T5376]  ? do_syscall_64+0xb6/0x230
[   69.807092][ T5376]  do_syscall_64+0xf3/0x230
[   69.811616][ T5376]  ? clear_bhb_loop+0x35/0x90
[   69.816305][ T5376]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.822210][ T5376] RIP: 0033:0x7efe7d77def9
[   69.826633][ T5376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.846246][ T5376] RSP: 002b:00007efe7e561038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   69.854675][ T5376] RAX: ffffffffffffffda RBX: 00007efe7d935f80 RCX: 00007efe7d77def9
[   69.862640][ T5376] RDX: 0000000000000003 RSI: 0000000020000000 RDI: 0000000000000003
[   69.870601][ T5376] RBP: 00007efe7e561090 R08: 0000000000000000 R09: 0000000000000000
[   69.878560][ T5376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   69.886521][ T5376] R13: 0000000000000000 R14: 00007efe7d935f80 R15: 00007ffc2d047cd8
[   69.894495][ T5376]  </TASK>
[   70.116650][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[   70.426220][ T5389] x_tables: (null)_tables: IDLETIMER.0 target: invalid size 40 (kernel) != (user) 96
[   70.765237][ T5389] team0: entered promiscuous mode
[   70.770318][ T5389] team_slave_0: entered promiscuous mode
[   70.793371][ T5389] team_slave_1: entered promiscuous mode
[   70.801690][ T5389] dummy0: entered promiscuous mode
[   70.832339][ T5268] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   71.583668][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[   71.591099][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[   71.851804][ T5406] FAULT_INJECTION: forcing a failure.
[   71.851804][ T5406] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   71.878241][ T5406] CPU: 1 UID: 0 PID: 5406 Comm: syz.0.33 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[   71.888429][ T5406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   71.898509][ T5406] Call Trace:
[   71.901792][ T5406]  <TASK>
[   71.904727][ T5406]  dump_stack_lvl+0x241/0x360
[   71.909422][ T5406]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.914636][ T5406]  ? __pfx__printk+0x10/0x10
[   71.919236][ T5406]  ? __pfx_lock_release+0x10/0x10
[   71.924276][ T5406]  should_fail_ex+0x3b0/0x4e0
[   71.928969][ T5406]  _copy_from_iter+0x1ed/0x1d60
[   71.933837][ T5406]  ? __virt_addr_valid+0x183/0x530
[   71.938962][ T5406]  ? __pfx_lock_release+0x10/0x10
[   71.944008][ T5406]  ? __alloc_skb+0x28f/0x440
[   71.948607][ T5406]  ? __pfx__copy_from_iter+0x10/0x10
[   71.953902][ T5406]  ? __virt_addr_valid+0x183/0x530
[   71.959020][ T5406]  ? __virt_addr_valid+0x183/0x530
[   71.964137][ T5406]  ? __virt_addr_valid+0x45f/0x530
[   71.969258][ T5406]  ? __check_object_size+0x48e/0x900
[   71.974561][ T5406]  netlink_sendmsg+0x73d/0xcb0
[   71.979346][ T5406]  ? __pfx_netlink_sendmsg+0x10/0x10
[   71.984651][ T5406]  ? __pfx_netlink_sendmsg+0x10/0x10
[   71.989949][ T5406]  __sock_sendmsg+0x221/0x270
[   71.994637][ T5406]  ____sys_sendmsg+0x52a/0x7e0
[   71.999419][ T5406]  ? __pfx_____sys_sendmsg+0x10/0x10
[   72.004734][ T5406]  __sys_sendmsg+0x2aa/0x390
[   72.009336][ T5406]  ? __pfx___sys_sendmsg+0x10/0x10
[   72.014463][ T5406]  ? vfs_write+0x7bf/0xc90
[   72.018932][ T5406]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   72.025273][ T5406]  ? do_syscall_64+0x100/0x230
[   72.030047][ T5406]  ? do_syscall_64+0xb6/0x230
[   72.034736][ T5406]  do_syscall_64+0xf3/0x230
[   72.039425][ T5406]  ? clear_bhb_loop+0x35/0x90
[   72.044204][ T5406]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.050107][ T5406] RIP: 0033:0x7efe7d77def9
[   72.054530][ T5406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.074148][ T5406] RSP: 002b:00007efe7e561038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   72.082573][ T5406] RAX: ffffffffffffffda RBX: 00007efe7d935f80 RCX: 00007efe7d77def9
[   72.090559][ T5406] RDX: 000000000000c000 RSI: 0000000020000000 RDI: 0000000000000003
[   72.098547][ T5406] RBP: 00007efe7e561090 R08: 0000000000000000 R09: 0000000000000000
[   72.106528][ T5406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   72.114494][ T5406] R13: 0000000000000000 R14: 00007efe7d935f80 R15: 00007ffc2d047cd8
[   72.122495][ T5406]  </TASK>
[   72.129128][ T1845] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   72.183374][ T5268] usb 5-1: Using ep0 maxpacket: 16
[   72.190490][ T5268] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[   72.198929][ T5268] usb 5-1: config 0 has no interface number 0
[   72.220298][ T5268] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[   72.229665][ T5268] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   72.240952][ T5268] usb 5-1: Product: syz
[   72.246455][ T5268] usb 5-1: Manufacturer: syz
[   72.251182][ T5268] usb 5-1: SerialNumber: syz
[   72.272473][ T5268] usb 5-1: config 0 descriptor??
[   72.288197][ T5268] gspca_main: spca1528-2.14.0 probing 04fc:1528
[   72.303803][ T1845] usb 4-1: Using ep0 maxpacket: 8
[   72.314142][ T1845] usb 4-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54
[   72.323818][ T1845] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   72.331835][ T1845] usb 4-1: Product: syz
[   72.336182][ T1845] usb 4-1: Manufacturer: syz
[   72.340797][ T1845] usb 4-1: SerialNumber: syz
[   72.356987][ T1845] usb 4-1: config 0 descriptor??
[   72.391832][ T1845] cdc_phonet 4-1:0.0: skipping garbage
[   72.406818][ T1845] cdc_phonet 4-1:0.0: probe with driver cdc_phonet failed with error -22
[   72.452396][ T5230] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   72.694702][ T5230] usb 3-1: too many configurations: 9, using maximum allowed: 8
[   72.896102][ T5230] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[   72.906026][ T5230] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0
[   72.916267][ T5230] usb 3-1: config 0 interface 0 has no altsetting 0
[   72.924836][ T5230] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[   72.933840][ T5230] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0
[   72.955127][ T5230] usb 3-1: config 0 interface 0 has no altsetting 0
[   72.979763][ T5268] gspca_spca1528: reg_w err -110
[   72.996769][ T5230] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[   73.002326][ T5268] spca1528 5-1:0.1: probe with driver spca1528 failed with error -110
[   73.022957][ T5230] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0
[   73.030539][ T5268] usb 5-1: USB disconnect, device number 2
[   73.047096][ T5230] usb 3-1: config 0 interface 0 has no altsetting 0
[   73.057004][ T5230] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[   73.057049][ T5230] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0
[   73.057147][ T5230] usb 3-1: config 0 interface 0 has no altsetting 0
[   73.063895][ T5230] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[   73.063939][ T5230] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0
[   73.063962][ T5230] usb 3-1: config 0 interface 0 has no altsetting 0
[   73.064854][ T5230] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[   73.065315][ T5230] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0
[   73.065341][ T5230] usb 3-1: config 0 interface 0 has no altsetting 0
[   73.075866][ T5230] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[   73.075903][ T5230] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0
[   73.075926][ T5230] usb 3-1: config 0 interface 0 has no altsetting 0
[   73.076795][ T5230] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[   73.076832][ T5230] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0
[   73.076856][ T5230] usb 3-1: config 0 interface 0 has no altsetting 0
[   73.081417][ T5230] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[   73.131606][ T5419] netlink: 'syz.1.37': attribute type 9 has an invalid length.
[   73.135601][ T5230] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[   73.154062][ T5419] netlink: 'syz.1.37': attribute type 6 has an invalid length.
[   73.160398][ T5230] usb 3-1: Product: syz
[   73.232342][    T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   73.234247][ T5230] usb 3-1: Manufacturer: syz
[   73.259601][ T5230] usb 3-1: SerialNumber: syz
[   73.272793][ T5230] usb 3-1: config 0 descriptor??
[   73.281504][ T5230] yurex 3-1:0.0: Could not find endpoints
[   73.403640][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   73.417549][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   73.428159][    T9] usb 1-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[   73.437313][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   73.450351][    T9] usb 1-1: config 0 descriptor??
[   74.445535][    T9] usbhid 1-1:0.0: can't add hid device: -71
[   74.456426][    T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[   74.460498][    T9] usb 1-1: USB disconnect, device number 2
[   74.480540][ T1165] usb 4-1: USB disconnect, device number 2
[   75.083452][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[   75.659980][    T8] usb 3-1: USB disconnect, device number 2
[   75.731842][ T5438] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   76.362336][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[   76.699955][   T47] cfg80211: failed to load regulatory.db
[   76.867180][    T8] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   77.049767][ T5467] overlayfs: failed to resolve './file2': -2
[   77.062437][    T8] usb 2-1: Using ep0 maxpacket: 8
[   77.085131][ T5468] mmap: syz.3.49 (5468) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   77.094305][    T8] usb 2-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54
[   77.177253][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   77.202160][    T8] usb 2-1: Product: syz
[   77.208055][    T8] usb 2-1: Manufacturer: syz
[   77.216390][    T8] usb 2-1: SerialNumber: syz
[   77.241254][    T8] usb 2-1: config 0 descriptor??
[   77.266894][    T8] cdc_phonet 2-1:0.0: skipping garbage
[   77.287456][    T8] cdc_phonet 2-1:0.0: probe with driver cdc_phonet failed with error -22
[   78.036502][ T5480] netlink: 40 bytes leftover after parsing attributes in process `syz.2.55'.
[   78.949254][   T47] usb 2-1: USB disconnect, device number 6
[   79.022064][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[   79.372344][    T9] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[   79.622543][    T9] usb 3-1: device descriptor read/64, error -71
[   79.832313][   T47] usb 2-1: new full-speed USB device number 7 using dummy_hcd
[   79.872832][    T9] usb 3-1: new full-speed USB device number 4 using dummy_hcd
[   80.012699][    T9] usb 3-1: device descriptor read/64, error -71
[   80.100848][   T47] usb 2-1: unable to get BOS descriptor or descriptor too short
[   80.113421][   T47] usb 2-1: no configurations
[   80.120723][   T47] usb 2-1: can't read configurations, error -22
[   80.144148][    T9] usb usb3-port1: attempt power cycle
[   80.522421][    T9] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[   80.570403][    T9] usb 3-1: device descriptor read/8, error -71
[   80.744513][ T5519] netlink: 12 bytes leftover after parsing attributes in process `syz.4.66'.
[   80.858936][ T5522] netlink: 'syz.1.67': attribute type 9 has an invalid length.
[   80.871791][ T5522] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.67'.
[   80.908469][    T9] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[   81.043342][   T25] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   81.101955][    T9] usb 3-1: device descriptor read/8, error -71
[   81.232528][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   81.277062][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   81.315132][    T9] usb usb3-port1: unable to enumerate USB device
[   81.342817][   T25] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[   81.362871][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   81.422815][   T25] usb 5-1: config 0 descriptor??
[   81.894050][   T25] pyra 0003:1E7D:2CF6.0001: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.4-1/input0
[   82.114826][ T5531] netlink: 40 bytes leftover after parsing attributes in process `syz.0.64'.
[   82.161519][   T25] pyra 0003:1E7D:2CF6.0001: couldn't init struct pyra_device
[   82.170016][   T25] pyra 0003:1E7D:2CF6.0001: couldn't install mouse
[   82.186292][   T25] pyra 0003:1E7D:2CF6.0001: probe with driver pyra failed with error -32
[   84.614605][   T25] usb 5-1: USB disconnect, device number 3
[   85.031075][ T5571] can0: slcan on ptm0.
[   85.071514][ T5571] process 'syz.1.79' launched './file0' with NULL argv: empty string added
[   86.114235][ T5573] netlink: 'syz.4.80': attribute type 9 has an invalid length.
[   86.121908][ T5573] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.80'.
[   86.142359][ T5561] can0 (unregistered): slcan off ptm0.
[   87.502564][    T9] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[   87.927911][    T9] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0xC has invalid wMaxPacketSize 0
[   87.985820][    T9] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x84 has invalid wMaxPacketSize 0
[   88.016289][    T9] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x5 has invalid wMaxPacketSize 0
[   88.028537][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[   88.046881][    T9] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[   88.195516][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   88.870533][    T9] usb 5-1: Product: syz
[   88.874829][    T9] usb 5-1: Manufacturer: syz
[   88.879446][    T9] usb 5-1: SerialNumber: syz
[   88.906599][    T9] usb 5-1: config 0 descriptor??
[   88.932714][    T9] em28xx 5-1:0.0: New device syz syz @ 12 Mbps (2040:0264, interface 0, class 0)
[   88.942430][    T9] em28xx 5-1:0.0: Device initialization failed.
[   88.958698][    T9] em28xx 5-1:0.0: Device must be connected to a high-speed USB 2.0 port.
[   89.225154][ T5619] netlink: 212912 bytes leftover after parsing attributes in process `syz.1.93'.
[   89.255393][ T5619] openvswitch: netlink: IP tunnel dst address not specified
[   89.562498][ T5302] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[   89.566964][ T5623] netlink: 'syz.2.94': attribute type 9 has an invalid length.
[   89.577895][ T5623] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.94'.
[   90.077659][ T5302] usb 2-1: Using ep0 maxpacket: 8
[   90.085167][ T5302] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[   90.096494][ T5302] usb 2-1: New USB device found, idVendor=0bda, idProduct=0139, bcdDevice=db.d0
[   90.105602][ T5302] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.160613][ T5302] usb 2-1: config 0 descriptor??
[   90.184315][ T5625] netlink: 12 bytes leftover after parsing attributes in process `syz.3.97'.
[   90.313371][ T5302] rtsx_usb 2-1:0.0: probe with driver rtsx_usb failed with error -8
[   90.432865][    T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   90.442314][   T25] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   90.502402][    T8] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[   90.511734][   T47] usb 5-1: USB disconnect, device number 4
[   90.594166][    T9] usb 1-1: config 0 has no interfaces?
[   90.599681][    T9] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   90.610150][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.617666][   T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   90.622746][    T9] usb 1-1: config 0 descriptor??
[   90.640055][    T9] usb 2-1: USB disconnect, device number 9
[   90.657097][   T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   90.664701][    T8] usb 3-1: unable to get BOS descriptor or descriptor too short
[   90.675993][   T25] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[   90.691277][   T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.693465][    T8] usb 3-1: config 127 has an invalid interface number: 98 but max is 0
[   90.709384][   T25] usb 4-1: config 0 descriptor??
[   90.731016][    T8] usb 3-1: config 127 has no interface number 0
[   90.740686][    T8] usb 3-1: config 127 interface 98 altsetting 1 has an endpoint descriptor with address 0xE7, changing to 0x87
[   90.752931][    T8] usb 3-1: config 127 interface 98 has no altsetting 0
[   90.762029][    T8] usb 3-1: New USB device found, idVendor=07c0, idProduct=1504, bcdDevice=4b.9b
[   90.771277][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.795430][    T8] usb 3-1: Product: syz
[   90.799617][    T8] usb 3-1: Manufacturer: syz
[   90.809506][    T8] usb 3-1: SerialNumber: syz
[   91.059426][ T5632] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   92.029024][   T25] pyra 0003:1E7D:2CF6.0002: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.3-1/input0
[   92.045030][ T5632] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   92.110740][   T25] pyra 0003:1E7D:2CF6.0002: couldn't init struct pyra_device
[   92.125652][   T25] pyra 0003:1E7D:2CF6.0002: couldn't install mouse
[   92.148334][    T8] iowarrior 3-1:127.98: no interrupt-out endpoint found
[   92.157991][   T25] pyra 0003:1E7D:2CF6.0002: probe with driver pyra failed with error -32
[   92.433632][    T8] usb 3-1: USB disconnect, device number 7
[   93.593502][   T47] usb 1-1: USB disconnect, device number 3
[   93.627306][   T25] usb 4-1: USB disconnect, device number 3
[   93.746994][ T5677] netlink: 40 bytes leftover after parsing attributes in process `syz.1.109'.
[   93.768124][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[   93.892976][ T5684] netlink: 'syz.0.107': attribute type 9 has an invalid length.
[   93.893627][ T5677] FAULT_INJECTION: forcing a failure.
[   93.893627][ T5677] name failslab, interval 1, probability 0, space 0, times 0
[   93.900670][ T5684] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.107'.
[   93.913289][ T5677] CPU: 1 UID: 0 PID: 5677 Comm: syz.1.109 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[   93.913316][ T5677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   93.913326][ T5677] Call Trace:
[   93.913334][ T5677]  <TASK>
[   93.913342][ T5677]  dump_stack_lvl+0x241/0x360
[   93.913373][ T5677]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.913396][ T5677]  ? __pfx__printk+0x10/0x10
[   93.913425][ T5677]  ? __pfx_lock_acquire+0x10/0x10
[   93.913450][ T5677]  ? is_bpf_text_address+0x26/0x2a0
[   93.913475][ T5677]  should_fail_ex+0x3b0/0x4e0
[   93.978262][ T5677]  ? dst_alloc+0x12b/0x190
[   93.982676][ T5677]  should_failslab+0xac/0x100
[   93.987354][ T5677]  ? dst_alloc+0x12b/0x190
[   93.991761][ T5677]  kmem_cache_alloc_noprof+0x6c/0x2a0
[   93.997133][ T5677]  dst_alloc+0x12b/0x190
[   94.001384][ T5677]  ip_route_input_rcu+0x24be/0x3910
[   94.006577][ T5677]  ? __pfx_ip_route_input_rcu+0x10/0x10
[   94.012111][ T5677]  ? __pfx_lock_acquire+0x10/0x10
[   94.017129][ T5677]  ? ipt_do_table+0x157a/0x1860
[   94.021972][ T5677]  ip_route_input_noref+0x170/0x260
[   94.027155][ T5677]  ? ip_route_input_noref+0xb1/0x260
[   94.032426][ T5677]  ? __pfx_ip_route_input_noref+0x10/0x10
[   94.038133][ T5677]  ? tcp_v4_early_demux+0x99/0x930
[   94.043237][ T5677]  ip_rcv_finish_core+0x5ab/0x1b40
[   94.048335][ T5677]  ip_rcv_finish+0x14a/0x560
[   94.052911][ T5677]  ? NF_HOOK+0x392/0x450
[   94.057139][ T5677]  ? __pfx_ip_rcv_finish+0x10/0x10
[   94.062244][ T5677]  NF_HOOK+0x3a4/0x450
[   94.066301][ T5677]  ? NF_HOOK+0x9a/0x450
[   94.070440][ T5677]  ? __pfx_NF_HOOK+0x10/0x10
[   94.075016][ T5677]  ? ip_rcv_core+0x801/0xd10
[   94.079594][ T5677]  ? __pfx_ip_rcv_finish+0x10/0x10
[   94.084715][ T5677]  ? __pfx_ip_rcv+0x10/0x10
[   94.089217][ T5677]  __netif_receive_skb+0x2bf/0x650
[   94.094335][ T5677]  ? __pfx_lock_acquire+0x10/0x10
[   94.099350][ T5677]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   94.105576][ T5677]  ? __pfx___netif_receive_skb+0x10/0x10
[   94.111190][ T5677]  ? __kasan_slab_alloc+0x66/0x80
[   94.116210][ T5677]  ? read_tsc+0x9/0x20
[   94.120273][ T5677]  ? timekeeping_get_ns+0x2c0/0x420
[   94.125466][ T5677]  ? netif_receive_skb+0x131/0x890
[   94.130561][ T5677]  ? netif_receive_skb+0x131/0x890
[   94.135657][ T5677]  netif_receive_skb+0x1e8/0x890
[   94.140602][ T5677]  ? tun_rx_batched+0x160/0x8f0
[   94.145444][ T5677]  ? __pfx_netif_receive_skb+0x10/0x10
[   94.150909][ T5677]  ? tun_rx_batched+0x160/0x8f0
[   94.155748][ T5677]  tun_rx_batched+0x1b7/0x8f0
[   94.160413][ T5677]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   94.166818][ T5677]  ? __pfx_lock_acquire+0x10/0x10
[   94.171917][ T5677]  ? __pfx_tun_rx_batched+0x10/0x10
[   94.177113][ T5677]  tun_get_user+0x3056/0x47e0
[   94.181779][ T5677]  ? tun_get_user+0x2b44/0x47e0
[   94.186629][ T5677]  ? __lock_acquire+0x1384/0x2050
[   94.191658][ T5677]  ? __pfx_tun_get_user+0x10/0x10
[   94.196703][ T5677]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   94.202149][ T5677]  ? tun_get+0x1e/0x2f0
[   94.206307][ T5677]  ? __pfx_lock_release+0x10/0x10
[   94.211326][ T5677]  ? tun_get+0x1e/0x2f0
[   94.215469][ T5677]  ? tun_get+0x27d/0x2f0
[   94.219698][ T5677]  tun_chr_write_iter+0x10d/0x1f0
[   94.224710][ T5677]  vfs_write+0xa6d/0xc90
[   94.228939][ T5677]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   94.234472][ T5677]  ? __pfx_vfs_write+0x10/0x10
[   94.239249][ T5677]  ? __fdget_pos+0x19a/0x320
[   94.243836][ T5677]  ksys_write+0x1a0/0x2c0
[   94.248155][ T5677]  ? __pfx_ksys_write+0x10/0x10
[   94.252990][ T5677]  ? do_syscall_64+0x100/0x230
[   94.257744][ T5677]  ? do_syscall_64+0xb6/0x230
[   94.262409][ T5677]  do_syscall_64+0xf3/0x230
[   94.266899][ T5677]  ? clear_bhb_loop+0x35/0x90
[   94.271564][ T5677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.277442][ T5677] RIP: 0033:0x7f316697c9df
[   94.281842][ T5677] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
[   94.301433][ T5677] RSP: 002b:00007f3167851000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   94.309837][ T5677] RAX: ffffffffffffffda RBX: 00007f3166b35f80 RCX: 00007f316697c9df
[   94.317796][ T5677] RDX: 000000000000003a RSI: 0000000020000100 RDI: 00000000000000c8
[   94.325750][ T5677] RBP: 00007f3167851090 R08: 0000000000000000 R09: 0000000000000000
[   94.333704][ T5677] R10: 000000000000003a R11: 0000000000000293 R12: 0000000000000001
[   94.341667][ T5677] R13: 0000000000000000 R14: 00007f3166b35f80 R15: 00007fff34b5ae68
[   94.349631][ T5677]  </TASK>
[   94.933400][ T5682] FAULT_INJECTION: forcing a failure.
[   94.933400][ T5682] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   94.947054][ T5682] CPU: 1 UID: 0 PID: 5682 Comm: syz.4.111 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[   94.957284][ T5682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   94.967323][ T5682] Call Trace:
[   94.970584][ T5682]  <TASK>
[   94.973501][ T5682]  dump_stack_lvl+0x241/0x360
[   94.978172][ T5682]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.983361][ T5682]  ? __pfx__printk+0x10/0x10
[   94.987944][ T5682]  ? lockdep_unlock+0x16a/0x300
[   94.992787][ T5682]  should_fail_ex+0x3b0/0x4e0
[   94.997459][ T5682]  prepare_alloc_pages+0x1da/0x5d0
[   95.002576][ T5682]  __alloc_pages_noprof+0x166/0x6c0
[   95.007765][ T5682]  ? __pfx___alloc_pages_noprof+0x10/0x10
[   95.013606][ T5682]  alloc_pages_mpol_noprof+0x3e8/0x680
[   95.019061][ T5682]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[   95.025044][ T5682]  ? alloc_pages_noprof+0xef/0x170
[   95.030143][ T5682]  pte_alloc_one+0x88/0x5d0
[   95.034640][ T5682]  ? __pfx_pte_alloc_one+0x10/0x10
[   95.039742][ T5682]  ? down_read+0x82b/0xa40
[   95.044149][ T5682]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[   95.049684][ T5682]  __pte_alloc+0x79/0x390
[   95.054008][ T5682]  ? __pfx___pte_alloc+0x10/0x10
[   95.058958][ T5682]  ? uffd_lock_vma+0x91/0x2e0
[   95.063624][ T5682]  mfill_atomic_copy+0xbdb/0x1b40
[   95.068651][ T5682]  ? __pfx___might_resched+0x10/0x10
[   95.073929][ T5682]  ? __pfx_mfill_atomic_copy+0x10/0x10
[   95.079378][ T5682]  ? __pfx_lock_release+0x10/0x10
[   95.084392][ T5682]  ? preempt_count_add+0x93/0x190
[   95.089403][ T5682]  ? __might_fault+0xc6/0x120
[   95.094067][ T5682]  userfaultfd_ioctl+0x2906/0x66f0
[   95.099169][ T5682]  ? __kernel_text_address+0xd/0x40
[   95.104361][ T5682]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[   95.109818][ T5682]  ? stack_trace_save+0x118/0x1d0
[   95.114839][ T5682]  ? __pfx_stack_trace_save+0x10/0x10
[   95.120203][ T5682]  ? stack_depot_save_flags+0x29/0x830
[   95.125655][ T5682]  ? kasan_save_track+0x51/0x80
[   95.130511][ T5682]  ? kasan_save_track+0x3f/0x80
[   95.135358][ T5682]  ? kasan_save_free_info+0x40/0x50
[   95.140552][ T5682]  ? __kasan_slab_free+0x59/0x70
[   95.145487][ T5682]  ? kfree+0x1a0/0x440
[   95.149546][ T5682]  ? tomoyo_path_number_perm+0x68d/0x880
[   95.155183][ T5682]  ? security_file_ioctl+0xc6/0x2a0
[   95.160377][ T5682]  ? __se_sys_ioctl+0x47/0x170
[   95.165133][ T5682]  ? do_syscall_64+0xf3/0x230
[   95.169805][ T5682]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.175872][ T5682]  ? do_vfs_ioctl+0xf08/0x2e40
[   95.180636][ T5682]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   95.185664][ T5682]  ? mark_lock+0x9a/0x360
[   95.189998][ T5682]  ? tomoyo_path_number_perm+0x208/0x880
[   95.195625][ T5682]  ? __pfx_lock_release+0x10/0x10
[   95.200644][ T5682]  ? lockdep_hardirqs_on+0x99/0x150
[   95.205843][ T5682]  ? kfree+0x1a0/0x440
[   95.209901][ T5682]  ? tomoyo_path_number_perm+0x68d/0x880
[   95.215547][ T5682]  ? tomoyo_path_number_perm+0x71a/0x880
[   95.221199][ T5682]  ? tomoyo_path_number_perm+0x208/0x880
[   95.226827][ T5682]  ? smack_log+0x123/0x540
[   95.231238][ T5682]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   95.237216][ T5682]  ? __pfx_smack_log+0x10/0x10
[   95.241976][ T5682]  ? smk_access+0x4ab/0x4e0
[   95.246478][ T5682]  ? smk_tskacc+0x300/0x370
[   95.250973][ T5682]  ? smack_file_ioctl+0x2f7/0x3a0
[   95.255991][ T5682]  ? __pfx_smack_file_ioctl+0x10/0x10
[   95.261361][ T5682]  ? __fget_files+0x3f3/0x470
[   95.266037][ T5682]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[   95.271488][ T5682]  __se_sys_ioctl+0xf9/0x170
[   95.276074][ T5682]  do_syscall_64+0xf3/0x230
[   95.280571][ T5682]  ? clear_bhb_loop+0x35/0x90
[   95.285243][ T5682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.291131][ T5682] RIP: 0033:0x7f6129f7def9
[   95.295541][ T5682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   95.315141][ T5682] RSP: 002b:00007f612ad9b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   95.323550][ T5682] RAX: ffffffffffffffda RBX: 00007f612a135f80 RCX: 00007f6129f7def9
[   95.331513][ T5682] RDX: 0000000020000340 RSI: 00000000c028aa03 RDI: 0000000000000007
[   95.339476][ T5682] RBP: 00007f612ad9b090 R08: 0000000000000000 R09: 0000000000000000
[   95.347441][ T5682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   95.355405][ T5682] R13: 0000000000000000 R14: 00007f612a135f80 R15: 00007ffcc549c268
[   95.363380][ T5682]  </TASK>
[   95.783996][ T5692] x_tables: (null)_tables: IDLETIMER.0 target: invalid size 40 (kernel) != (user) 96
[   96.119742][ T5706] netlink: 4 bytes leftover after parsing attributes in process `syz.2.115'.
[   97.129858][ T5722] netlink: 'syz.3.123': attribute type 9 has an invalid length.
[   97.137981][ T5722] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.123'.
[  117.932200][    C0] sched: DL replenish lagged too much
[  125.563278][ T5225] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  125.585634][ T5225] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  125.593822][ T5225] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  125.724758][ T5222] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  125.736211][ T5222] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  125.752524][ T5222] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  125.760623][ T5222] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  125.768950][ T5222] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  125.787485][ T5222] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  125.795269][ T5222] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  125.811340][ T5222] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  125.824737][ T5222] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  126.231095][ T4609] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  126.240048][ T4609] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  126.249487][ T5232] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  126.261089][ T4609] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  126.271020][ T5232] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  126.279593][ T5232] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  126.286778][ T4609] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  126.294467][ T5232] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  126.302219][ T5232] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  126.321691][ T5232] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  126.338459][ T5232] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  126.346793][ T5232] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  126.408903][ T5225] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  126.418187][ T5225] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  126.428156][ T5225] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  126.436068][ T5225] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  126.443860][ T5225] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  126.453025][ T5225] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  128.413980][   T55] Bluetooth: hci6: command tx timeout
[  128.419754][   T55] Bluetooth: hci5: command tx timeout
[  128.429283][ T5225] Bluetooth: hci2: command tx timeout
[  128.434921][ T5222] Bluetooth: hci3: command tx timeout
[  128.494111][ T5222] Bluetooth: hci4: command tx timeout
[  130.492456][ T5222] Bluetooth: hci3: command tx timeout
[  130.497908][ T5222] Bluetooth: hci2: command tx timeout
[  130.503457][ T5225] Bluetooth: hci5: command tx timeout
[  130.508862][ T5225] Bluetooth: hci6: command tx timeout
[  130.572410][ T5225] Bluetooth: hci4: command tx timeout
[  132.572374][ T5222] Bluetooth: hci2: command tx timeout
[  132.577825][ T5222] Bluetooth: hci5: command tx timeout
[  132.583456][ T5227] Bluetooth: hci3: command tx timeout
[  132.593722][ T5225] Bluetooth: hci6: command tx timeout
[  132.653429][ T5222] Bluetooth: hci4: command tx timeout
[  132.975837][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  132.982212][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[  134.652380][ T5222] Bluetooth: hci5: command tx timeout
[  134.657831][ T5222] Bluetooth: hci6: command tx timeout
[  134.663399][ T5225] Bluetooth: hci3: command tx timeout
[  134.668809][ T5225] Bluetooth: hci2: command tx timeout
[  134.732426][ T5225] Bluetooth: hci4: command tx timeout
[  188.305603][ T5222] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  188.322554][ T5222] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  188.332433][ T5222] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  188.342322][ T5222] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  188.352742][ T5222] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  188.360022][ T5222] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  188.489003][ T5225] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  188.497745][ T5225] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  188.506419][ T5225] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  188.514470][ T5225] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  188.522008][ T5225] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  188.529309][ T5225] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  188.657631][ T5222] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  188.666592][ T5222] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  188.674661][ T5222] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  188.685268][ T5222] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  188.692902][ T5222] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  188.700174][ T5222] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  188.802774][ T5225] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  188.813230][ T5225] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  188.824707][ T5225] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  188.833962][ T5225] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  188.841992][ T5225] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3
[  188.849661][ T5225] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  188.899723][ T5225] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  188.912341][ T5225] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  188.920686][ T5225] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  188.931492][ T5225] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  188.939494][ T5225] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3
[  188.948118][ T5225] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  190.412313][ T5222] Bluetooth: hci0: command tx timeout
[  190.668153][ T5222] Bluetooth: hci1: command tx timeout
[  190.732301][ T5222] Bluetooth: hci7: command tx timeout
[  190.892382][ T5222] Bluetooth: hci8: command tx timeout
[  190.972526][ T5222] Bluetooth: hci9: command tx timeout
[  192.492245][ T5222] Bluetooth: hci0: command tx timeout
[  192.732268][ T5222] Bluetooth: hci1: command tx timeout
[  192.812357][ T5222] Bluetooth: hci7: command tx timeout
[  192.972342][ T5222] Bluetooth: hci8: command tx timeout
[  193.052474][ T5222] Bluetooth: hci9: command tx timeout
[  194.416826][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  194.431041][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[  194.572323][ T5222] Bluetooth: hci0: command tx timeout
[  194.812323][ T5222] Bluetooth: hci1: command tx timeout
[  194.892276][ T5222] Bluetooth: hci7: command tx timeout
[  195.052437][ T5225] Bluetooth: hci8: command tx timeout
[  195.132483][ T5222] Bluetooth: hci9: command tx timeout
[  196.652268][ T5222] Bluetooth: hci0: command tx timeout
[  196.892280][ T5222] Bluetooth: hci1: command tx timeout
[  196.972279][ T5222] Bluetooth: hci7: command tx timeout
[  197.134471][ T5222] Bluetooth: hci8: command tx timeout
[  197.212519][ T5222] Bluetooth: hci9: command tx timeout
[  247.185725][ T5225] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  247.195437][ T5225] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  247.203404][ T5225] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  247.213108][ T5225] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  247.220751][ T5225] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3
[  247.231064][ T5225] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  247.832714][ T5222] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  247.844698][ T5222] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  247.862325][ T5222] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  247.870720][ T5222] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  247.886143][ T5222] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3
[  247.898551][ T5222] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  247.949539][ T5225] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[  247.963763][ T5225] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[  247.971787][ T5225] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[  247.983251][ T5225] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[  247.990918][ T5225] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3
[  247.999763][ T5225] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[  248.054152][ T5225] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1
[  248.066287][ T5225] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9
[  248.076765][ T5225] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9
[  248.086760][ T5225] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4
[  248.094591][ T5225] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3
[  248.103439][ T5225] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2
[  248.442059][ T5225] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1
[  248.457384][ T5225] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9
[  248.465326][ T5225] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9
[  248.474311][ T5225] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4
[  248.484318][ T5225] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3
[  248.500358][ T5225] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2
[  249.292402][ T5225] Bluetooth: hci10: command tx timeout
[  249.932300][ T5225] Bluetooth: hci11: command tx timeout
[  250.092289][ T5225] Bluetooth: hci12: command tx timeout
[  250.173352][ T5225] Bluetooth: hci13: command tx timeout
[  250.572310][ T5225] Bluetooth: hci14: command tx timeout
[  251.372427][ T5222] Bluetooth: hci10: command tx timeout
[  252.013406][ T5222] Bluetooth: hci11: command tx timeout
[  252.172281][ T5222] Bluetooth: hci12: command tx timeout
[  252.252258][ T5222] Bluetooth: hci13: command tx timeout
[  252.660112][ T4609] Bluetooth: hci14: command tx timeout
[  252.826141][ T4609] Bluetooth: hci2: command 0x0406 tx timeout
[  252.832265][ T5220] Bluetooth: hci3: command 0x0406 tx timeout
[  252.838332][ T5220] Bluetooth: hci5: command 0x0406 tx timeout
[  252.844430][ T5234] Bluetooth: hci6: command 0x0406 tx timeout
[  252.854069][ T5222] Bluetooth: hci4: command 0x0406 tx timeout
[  253.452356][ T5225] Bluetooth: hci10: command tx timeout
[  254.092254][ T5225] Bluetooth: hci11: command tx timeout
[  254.252234][ T5225] Bluetooth: hci12: command tx timeout
[  254.332256][ T5225] Bluetooth: hci13: command tx timeout
[  254.740173][ T5225] Bluetooth: hci14: command tx timeout
[  255.532417][ T5225] Bluetooth: hci10: command tx timeout
[  255.853837][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  255.860175][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[  256.177659][ T5225] Bluetooth: hci11: command tx timeout
[  256.332332][ T5225] Bluetooth: hci12: command tx timeout
[  256.412272][ T5225] Bluetooth: hci13: command tx timeout
[  256.820049][ T5225] Bluetooth: hci14: command tx timeout
[  279.532396][   T30] INFO: task kworker/1:1:47 blocked for more than 143 seconds.
[  279.541184][   T30]       Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  279.593295][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  279.624681][   T30] task:kworker/1:1     state:D stack:23032 pid:47    tgid:47    ppid:2      flags:0x00004000
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  279.732051][   T30] Workqueue: events_power_efficient crda_timeout_work
[  279.739039][   T30] Call Trace:
[  279.807645][   T30]  <TASK>
[  279.810628][   T30]  __schedule+0x1843/0x4ae0
[  279.852210][   T30]  ? do_raw_spin_lock+0x14f/0x370
[  279.857287][   T30]  ? schedule+0x90/0x320
[  279.902267][   T30]  ? __pfx___schedule+0x10/0x10
[  279.907171][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  279.972251][   T30]  ? __pfx_lock_release+0x10/0x10
[  279.977347][   T30]  ? kick_pool+0x1bd/0x620
[  279.981797][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  280.052163][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  280.057425][   T30]  ? schedule+0x90/0x320
[  280.061691][   T30]  schedule+0x14b/0x320
[  280.112251][   T30]  schedule_preempt_disabled+0x13/0x30
[  280.117767][   T30]  __mutex_lock+0x6a7/0xd70
[  280.155025][   T30]  ? __mutex_lock+0x52a/0xd70
[  280.159758][   T30]  ? crda_timeout_work+0x15/0x50
[  280.192157][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  280.197243][   T30]  ? process_scheduled_works+0x976/0x1850
[  280.242238][   T30]  crda_timeout_work+0x15/0x50
[  280.247062][   T30]  process_scheduled_works+0xa63/0x1850
[  280.277494][   T30]  ? __pfx_process_scheduled_works+0x10/0x10
[  280.312154][   T30]  ? assign_work+0x364/0x3d0
[  280.316817][   T30]  worker_thread+0x870/0xd30
[  280.321441][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  280.366358][   T30]  ? __kthread_parkme+0x169/0x1d0
[  280.391788][   T30]  ? __pfx_worker_thread+0x10/0x10
[  280.400797][   T30]  kthread+0x2f0/0x390
[  280.422239][   T30]  ? __pfx_worker_thread+0x10/0x10
[  280.427394][   T30]  ? __pfx_kthread+0x10/0x10
[  280.432003][   T30]  ret_from_fork+0x4b/0x80
[  280.462862][   T30]  ? __pfx_kthread+0x10/0x10
[  280.467494][   T30]  ret_from_fork_asm+0x1a/0x30
[  280.488165][   T30]  </TASK>
[  280.495954][   T30] INFO: task kworker/u8:7:2911 blocked for more than 144 seconds.
[  280.520429][   T30]       Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  280.538647][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  280.560911][   T30] task:kworker/u8:7    state:D stack:23312 pid:2911  tgid:2911  ppid:2      flags:0x00004000
[  280.591277][   T30] Workqueue: events_unbound linkwatch_event
[  280.617732][   T30] Call Trace:
[  280.621058][   T30]  <TASK>
[  280.629194][   T30]  __schedule+0x1843/0x4ae0
[  280.643538][   T30]  ? __pfx___schedule+0x10/0x10
[  280.658483][   T30]  ? __pfx_lock_release+0x10/0x10
[  280.676744][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  280.689009][   T30]  ? kthread_data+0x52/0xd0
[  280.703319][   T30]  ? schedule+0x90/0x320
[  280.707597][   T30]  ? wq_worker_sleeping+0x66/0x240
[  280.728432][   T30]  ? schedule+0x90/0x320
[  280.747582][   T30]  schedule+0x14b/0x320
[  280.751789][   T30]  schedule_preempt_disabled+0x13/0x30
[  280.779859][   T30]  __mutex_lock+0x6a7/0xd70
[  280.792162][   T30]  ? __mutex_lock+0x52a/0xd70
[  280.796886][   T30]  ? linkwatch_event+0xe/0x60
[  280.801584][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  280.828009][   T30]  ? process_scheduled_works+0x976/0x1850
[  280.847709][   T30]  linkwatch_event+0xe/0x60
[  280.854109][   T30]  process_scheduled_works+0xa63/0x1850
[  280.859721][   T30]  ? __pfx_process_scheduled_works+0x10/0x10
[  280.886752][   T30]  ? assign_work+0x364/0x3d0
[  280.891397][   T30]  worker_thread+0x870/0xd30
[  280.942062][   T30]  ? __kthread_parkme+0x169/0x1d0
[  280.947187][   T30]  ? __pfx_worker_thread+0x10/0x10
[  280.968034][   T30]  kthread+0x2f0/0x390
[  280.981812][   T30]  ? __pfx_worker_thread+0x10/0x10
[  281.000002][   T30]  ? __pfx_kthread+0x10/0x10
[  281.012145][   T30]  ret_from_fork+0x4b/0x80
[  281.016598][   T30]  ? __pfx_kthread+0x10/0x10
[  281.021208][   T30]  ret_from_fork_asm+0x1a/0x30
[  281.051024][   T30]  </TASK>
[  281.058600][   T30] INFO: task syz-executor:5212 blocked for more than 144 seconds.
[  281.078436][   T30]       Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  281.100528][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  281.126190][   T30] task:syz-executor    state:D stack:19792 pid:5212  tgid:5212  ppid:1      flags:0x00004006
[  281.149380][   T30] Call Trace:
[  281.157593][   T30]  <TASK>
[  281.160554][   T30]  __schedule+0x1843/0x4ae0
[  281.179486][   T30]  ? __pfx___schedule+0x10/0x10
[  281.191686][   T30]  ? __pfx_lock_release+0x10/0x10
[  281.205385][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  281.210891][   T30]  ? schedule+0x90/0x320
[  281.235480][   T30]  schedule+0x14b/0x320
[  281.239688][   T30]  schedule_preempt_disabled+0x13/0x30
[  281.262175][   T30]  __mutex_lock+0x6a7/0xd70
[  281.266793][   T30]  ? __mutex_lock+0x52a/0xd70
[  281.271504][   T30]  ? tun_chr_close+0x3b/0x1b0
[  281.297554][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  281.312509][   T30]  ? __pfx_call_rcu+0x10/0x10
[  281.317442][   T30]  tun_chr_close+0x3b/0x1b0
[  281.321980][   T30]  ? __pfx_tun_chr_close+0x10/0x10
[  281.348389][   T30]  __fput+0x23f/0x880
[  281.358154][   T30]  task_work_run+0x24f/0x310
[  281.368048][   T30]  ? kasan_quarantine_put+0xdc/0x230
[  281.382178][   T30]  ? __pfx_task_work_run+0x10/0x10
[  281.402144][   T30]  ? do_exit+0xa2a/0x28e0
[  281.406516][   T30]  ? kmem_cache_free+0x1a2/0x420
[  281.411472][   T30]  ? do_exit+0xa2a/0x28e0
[  281.437739][   T30]  do_exit+0xa2f/0x28e0
[  281.441961][   T30]  ? __pfx_do_exit+0x10/0x10
[  281.465241][   T30]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  281.489398][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  281.505059][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  281.511429][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  281.531485][   T30]  do_group_exit+0x207/0x2c0
[  281.551627][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  281.566156][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  281.571405][   T30]  get_signal+0x176f/0x1810
[  281.602159][   T30]  ? __pfx_get_signal+0x10/0x10
[  281.609587][   T30]  arch_do_signal_or_restart+0x96/0x860
[  281.632207][   T30]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  281.638401][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  281.662154][   T30]  ? syscall_exit_to_user_mode+0xa3/0x370
[  281.667923][   T30]  syscall_exit_to_user_mode+0xc9/0x370
[  281.700902][   T30]  do_syscall_64+0x100/0x230
[  281.717733][   T30]  ? clear_bhb_loop+0x35/0x90
[  281.726180][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.743056][   T30] RIP: 0033:0x7fcc3397c93c
[  281.747517][   T30] RSP: 002b:00007ffe69316fe0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  281.801326][   T30] RAX: fffffffffffffe00 RBX: 00000000ffffffff RCX: 00007fcc3397c93c
[  281.819536][   T30] RDX: 0000000000000028 RSI: 00007ffe69317090 RDI: 00000000000000f9
[  281.837404][   T30] RBP: 00007ffe6931703c R08: 0000000000000000 R09: 0079746972756365
[  281.859497][   T30] R10: 00007fcc33b087e0 R11: 0000000000000246 R12: 0000000000000047
[  281.882184][   T30] R13: 0000000000019a18 R14: 0000000000018176 R15: 00007ffe69317090
[  281.912420][   T30]  </TASK>
[  281.916510][   T30] INFO: task syz-executor:5213 blocked for more than 145 seconds.
[  281.952249][   T30]       Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  281.959562][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  281.988008][   T30] task:syz-executor    state:D stack:20608 pid:5213  tgid:5213  ppid:1      flags:0x00004006
[  282.021483][   T30] Call Trace:
[  282.034372][   T30]  <TASK>
[  282.037340][   T30]  __schedule+0x1843/0x4ae0
[  282.041885][   T30]  ? __pfx___schedule+0x10/0x10
[  282.065238][   T30]  ? __pfx_lock_release+0x10/0x10
[  282.070312][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  282.091844][   T30]  ? schedule+0x90/0x320
[  282.111698][   T30]  schedule+0x14b/0x320
[  282.127580][   T30]  schedule_preempt_disabled+0x13/0x30
[  282.140385][   T30]  __mutex_lock+0x6a7/0xd70
[  282.152201][   T30]  ? __mutex_lock+0x52a/0xd70
[  282.156917][   T30]  ? tun_chr_close+0x3b/0x1b0
[  282.161617][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  282.190158][   T30]  ? __pfx_call_rcu+0x10/0x10
[  282.208318][   T30]  tun_chr_close+0x3b/0x1b0
[  282.213348][   T30]  ? __pfx_tun_chr_close+0x10/0x10
[  282.231390][   T30]  __fput+0x23f/0x880
[  282.239614][   T30]  task_work_run+0x24f/0x310
[  282.256388][   T30]  ? kasan_quarantine_put+0xdc/0x230
[  282.261716][   T30]  ? __pfx_task_work_run+0x10/0x10
[  282.279498][   T30]  ? do_exit+0xa2a/0x28e0
[  282.289376][   T30]  ? kmem_cache_free+0x1a2/0x420
[  282.299004][   T30]  ? do_exit+0xa2a/0x28e0
[  282.312212][   T30]  do_exit+0xa2f/0x28e0
[  282.316412][   T30]  ? __pfx_do_exit+0x10/0x10
[  282.331673][   T30]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  282.352213][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  282.358240][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  282.387764][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  282.399836][   T30]  do_group_exit+0x207/0x2c0
[  282.411551][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  282.431969][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  282.441524][   T30]  get_signal+0x176f/0x1810
[  282.457000][   T30]  ? __pfx_get_signal+0x10/0x10
[  282.461989][   T30]  arch_do_signal_or_restart+0x96/0x860
[  282.482300][   T30]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  282.488497][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  282.509615][   T30]  ? syscall_exit_to_user_mode+0xa3/0x370
[  282.515650][   T30]  syscall_exit_to_user_mode+0xc9/0x370
[  282.521233][   T30]  do_syscall_64+0x100/0x230
[  282.532188][   T30]  ? clear_bhb_loop+0x35/0x90
[  282.536904][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  282.549417][   T30] RIP: 0033:0x7f6129f7c93c
[  282.555406][   T30] RSP: 002b:00007ffcc549c5d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  282.569577][   T30] RAX: fffffffffffffe00 RBX: 00000000ffffffff RCX: 00007f6129f7c93c
[  282.578813][   T30] RDX: 0000000000000028 RSI: 00007ffcc549c680 RDI: 00000000000000f9
[  282.593806][   T30] RBP: 00007ffcc549c62c R08: 0000000000000000 R09: 0079746972756365
[  282.601813][   T30] R10: 00007f612a1087e0 R11: 0000000000000246 R12: 0000000000000042
[  282.616380][   T30] R13: 000000000001dc55 R14: 0000000000018217 R15: 00007ffcc549c680
[  282.626239][   T30]  </TASK>
[  282.629444][   T30] INFO: task syz-executor:5221 blocked for more than 146 seconds.
[  282.643887][   T30]       Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  282.651193][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  282.671085][   T30] task:syz-executor    state:D stack:20240 pid:5221  tgid:5221  ppid:1      flags:0x00004006
[  282.685372][   T30] Call Trace:
[  282.688680][   T30]  <TASK>
[  282.691637][   T30]  __schedule+0x1843/0x4ae0
[  282.701080][   T30]  ? __pfx___schedule+0x10/0x10
[  282.707386][   T30]  ? __pfx_lock_release+0x10/0x10
[  282.718646][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  282.725635][   T30]  ? schedule+0x90/0x320
[  282.729908][   T30]  schedule+0x14b/0x320
[  282.742264][   T30]  schedule_preempt_disabled+0x13/0x30
[  282.747761][   T30]  __mutex_lock+0x6a7/0xd70
[  282.757554][   T30]  ? __mutex_lock+0x52a/0xd70
[  282.762607][   T30]  ? tun_chr_close+0x3b/0x1b0
[  282.767323][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  282.778596][   T30]  ? __pfx_call_rcu+0x10/0x10
[  282.785029][   T30]  tun_chr_close+0x3b/0x1b0
[  282.789571][   T30]  ? __pfx_tun_chr_close+0x10/0x10
[  282.800914][   T30]  __fput+0x23f/0x880
[  282.805253][   T30]  task_work_run+0x24f/0x310
[  282.809867][   T30]  ? kasan_quarantine_put+0xdc/0x230
[  282.832198][   T30]  ? __pfx_task_work_run+0x10/0x10
[  282.838215][   T30]  ? do_exit+0xa2a/0x28e0
[  282.848512][   T30]  ? kmem_cache_free+0x1a2/0x420
[  282.854139][   T30]  ? do_exit+0xa2a/0x28e0
[  282.858496][   T30]  do_exit+0xa2f/0x28e0
[  282.868548][   T30]  ? __pfx_do_exit+0x10/0x10
[  282.873484][   T30]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  282.878889][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  282.892204][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  282.898571][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  282.909136][   T30]  do_group_exit+0x207/0x2c0
[  282.914074][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  282.920859][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  282.933327][   T30]  get_signal+0x176f/0x1810
[  282.938310][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  282.949371][   T30]  ? do_sys_openat2+0x17a/0x1d0
[  282.955332][   T30]  ? __pfx_get_signal+0x10/0x10
[  282.960215][   T30]  ? do_sys_openat2+0x17a/0x1d0
[  282.971101][   T30]  arch_do_signal_or_restart+0x96/0x860
[  282.978965][   T30]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  282.990832][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  282.997646][   T30]  ? syscall_exit_to_user_mode+0xa3/0x370
[  283.009058][   T30]  syscall_exit_to_user_mode+0xc9/0x370
[  283.014977][   T30]  do_syscall_64+0x100/0x230
[  283.021167][   T30]  ? clear_bhb_loop+0x35/0x90
[  283.033573][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.039534][   T30] RIP: 0033:0x7f80c457d7f1
[  283.050252][   T30] RSP: 002b:00007ffea2bf2870 EFLAGS: 00000287 ORIG_RAX: 0000000000000101
[  283.060447][   T30] RAX: 0000000000000003 RBX: 00007f80c45f0a14 RCX: 00007f80c457d7f1
[  283.076402][   T30] RDX: 0000000000090800 RSI: 00007ffea2bf3a10 RDI: 00000000ffffff9c
[  283.087929][   T30] RBP: 00007ffea2bf39fc R08: 0000000000000000 R09: 7fffffffffffffff
[  283.098383][   T30] R10: 0000000000000000 R11: 0000000000000287 R12: 00007ffea2bf3a10
[  283.110365][   T30] R13: 00007f80c45f0a14 R14: 0000000000018163 R15: 00007ffea2bf3a50
[  283.126989][   T30]  </TASK>
[  283.130106][   T30] INFO: task syz-executor:5223 blocked for more than 146 seconds.
[  283.138780][   T30]       Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  283.151815][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  283.162010][   T30] task:syz-executor    state:D stack:19312 pid:5223  tgid:5223  ppid:1      flags:0x00004006
[  283.178025][   T30] Call Trace:
[  283.181330][   T30]  <TASK>
[  283.184643][   T30]  __schedule+0x1843/0x4ae0
[  283.189197][   T30]  ? __pfx___schedule+0x10/0x10
[  283.199950][   T30]  ? __pfx_lock_release+0x10/0x10
[  283.205278][   T30]  ? schedule+0x90/0x320
[  283.209544][   T30]  schedule+0x14b/0x320
[  283.223289][   T30]  schedule_timeout+0xb0/0x310
[  283.228085][   T30]  ? __pfx_schedule_timeout+0x10/0x10
[  283.238431][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  283.245190][   T30]  ? wait_for_completion+0x2fe/0x620
[  283.250508][   T30]  ? wait_for_completion+0x2fe/0x620
[  283.262900][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  283.268128][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  283.279264][   T30]  ? wait_for_completion+0x2fe/0x620
[  283.284910][   T30]  wait_for_completion+0x355/0x620
[  283.290067][   T30]  ? __pfx_wait_for_completion+0x10/0x10
[  283.301703][   T30]  ? __flush_work+0xe7/0xc50
[  283.306570][   T30]  __flush_work+0xa37/0xc50
[  283.311102][   T30]  ? __flush_work+0xe7/0xc50
[  283.322347][   T30]  ? __pfx___flush_work+0x10/0x10
[  283.328379][   T30]  ? __pfx_wq_barrier_func+0x10/0x10
[  283.339982][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  283.346628][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  283.357847][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  283.364623][   T30]  unregister_netdevice_many_notify+0x87b/0x1da0
[  283.370988][   T30]  ? enqueue_timer+0x21b/0x570
[  283.381554][   T30]  ? __mod_timer+0xb89/0xeb0
[  283.386573][   T30]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  283.399154][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  283.405416][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  283.411778][   T30]  ? queue_delayed_work_on+0x1eb/0x390
[  283.422138][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  283.436094][   T30]  unregister_netdevice_queue+0x303/0x370
[  283.441851][   T30]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  283.449967][   T30]  __tun_detach+0x6b9/0x1600
[  283.460690][   T30]  tun_chr_close+0x105/0x1b0
[  283.466674][   T30]  ? __pfx_tun_chr_close+0x10/0x10
[  283.471816][   T30]  __fput+0x23f/0x880
[  283.480612][   T30]  task_work_run+0x24f/0x310
[  283.486680][   T30]  ? kasan_quarantine_put+0xdc/0x230
[  283.491999][   T30]  ? __pfx_task_work_run+0x10/0x10
[  283.501959][   T30]  ? do_exit+0xa2a/0x28e0
[  283.508861][   T30]  ? kmem_cache_free+0x1a2/0x420
[  283.518510][   T30]  ? do_exit+0xa2a/0x28e0
[  283.524222][   T30]  do_exit+0xa2f/0x28e0
[  283.528413][   T30]  ? __pfx_do_exit+0x10/0x10
[  283.541071][   T30]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  283.547856][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  283.560758][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  283.568882][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  283.578630][   T30]  do_group_exit+0x207/0x2c0
[  283.584608][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  283.589836][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  283.599801][   T30]  get_signal+0x176f/0x1810
[  283.607466][   T30]  ? __pfx_get_signal+0x10/0x10
[  283.618882][   T30]  arch_do_signal_or_restart+0x96/0x860
[  283.625820][   T30]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  283.638401][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  283.647124][   T30]  ? syscall_exit_to_user_mode+0xa3/0x370
[  283.657906][   T30]  syscall_exit_to_user_mode+0xc9/0x370
[  283.665253][   T30]  do_syscall_64+0x100/0x230
[  283.669876][   T30]  ? clear_bhb_loop+0x35/0x90
[  283.679265][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.686568][   T30] RIP: 0033:0x7f316697c93c
[  283.691013][   T30] RSP: 002b:00007fff34b5b1d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  283.712353][   T30] RAX: fffffffffffffe00 RBX: 00000000ffffffff RCX: 00007f316697c93c
[  283.720363][   T30] RDX: 0000000000000028 RSI: 00007fff34b5b280 RDI: 00000000000000f9
[  283.733258][   T30] RBP: 00007fff34b5b22c R08: 0000000000000000 R09: 0079746972756365
[  283.748875][   T30] R10: 00007f3166b087e0 R11: 0000000000000246 R12: 0000000000000062
[  283.758732][   T30] R13: 0000000000018222 R14: 0000000000017d22 R15: 00007fff34b5b280
[  283.771353][   T30]  </TASK>
[  283.778240][   T30] INFO: task syz-executor:5768 blocked for more than 147 seconds.
[  283.791813][   T30]       Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  283.800525][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  283.815028][   T30] task:syz-executor    state:D stack:24128 pid:5768  tgid:5768  ppid:1      flags:0x00000004
[  283.827730][   T30] Call Trace:
[  283.831037][   T30]  <TASK>
[  283.840446][   T30]  __schedule+0x1843/0x4ae0
[  283.847670][   T30]  ? __pfx___schedule+0x10/0x10
[  283.867646][   T30]  ? __pfx_lock_release+0x10/0x10
[  283.874131][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  283.879633][   T30]  ? schedule+0x90/0x320
[  283.890881][   T30]  schedule+0x14b/0x320
[  283.896753][   T30]  schedule_preempt_disabled+0x13/0x30
[  283.906848][   T30]  __mutex_lock+0x6a7/0xd70
[  283.911621][   T30]  ? __mutex_lock+0x52a/0xd70
[  283.917959][   T30]  ? rtnetlink_rcv_msg+0x6e6/0xcf0
[  283.932011][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  283.941467][   T30]  rtnetlink_rcv_msg+0x6e6/0xcf0
[  283.951210][   T30]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  283.957745][   T30]  ? __lock_acquire+0x1384/0x2050
[  283.967892][   T30]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  283.974800][   T30]  netlink_rcv_skb+0x1e3/0x430
[  283.979598][   T30]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  283.990908][   T30]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  283.998160][   T30]  ? netlink_deliver_tap+0x2e/0x1b0
[  284.007972][   T30]  netlink_unicast+0x7f6/0x990
[  284.018592][   T30]  ? __pfx_netlink_unicast+0x10/0x10
[  284.028486][   T30]  ? __virt_addr_valid+0x183/0x530
[  284.035053][   T30]  ? __check_object_size+0x48e/0x900
[  284.040375][   T30]  netlink_sendmsg+0x8e4/0xcb0
[  284.052240][   T30]  ? __pfx_netlink_sendmsg+0x10/0x10
[  284.057567][   T30]  ? __might_fault+0xaa/0x120
[  284.067902][   T30]  ? __pfx_netlink_sendmsg+0x10/0x10
[  284.073942][   T30]  __sock_sendmsg+0x221/0x270
[  284.078656][   T30]  __sys_sendto+0x398/0x4f0
[  284.090159][   T30]  ? __pfx___sys_sendto+0x10/0x10
[  284.096592][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  284.109059][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  284.115753][   T30]  __x64_sys_sendto+0xde/0x100
[  284.120552][   T30]  do_syscall_64+0xf3/0x230
[  284.132183][   T30]  ? clear_bhb_loop+0x35/0x90
[  284.136894][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.151151][   T30] RIP: 0033:0x7f9fc657fd8c
[  284.155885][   T30] RSP: 002b:00007ffc88faff10 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  284.171638][   T30] RAX: ffffffffffffffda RBX: 00007f9fc7264620 RCX: 00007f9fc657fd8c
[  284.179952][   T30] RDX: 000000000000002c RSI: 00007f9fc7264670 RDI: 0000000000000003
[  284.193785][   T30] RBP: 0000000000000000 R08: 00007ffc88faff64 R09: 000000000000000c
[  284.201784][   T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  284.216038][   T30] R13: 0000000000000000 R14: 00007f9fc7264670 R15: 0000000000000000
[  284.227413][   T30]  </TASK>
[  284.230525][   T30] INFO: task syz-executor:5770 blocked for more than 148 seconds.
[  284.242070][   T30]       Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  284.256708][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  284.268302][   T30] task:syz-executor    state:D stack:24128 pid:5770  tgid:5770  ppid:1      flags:0x00004006
[  284.284388][   T30] Call Trace:
[  284.287688][   T30]  <TASK>
[  284.290631][   T30]  __schedule+0x1843/0x4ae0
[  284.298795][   T30]  ? __pfx___schedule+0x10/0x10
[  284.306171][   T30]  ? __pfx_lock_release+0x10/0x10
[  284.311227][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  284.324932][   T30]  ? schedule+0x90/0x320
[  284.329211][   T30]  schedule+0x14b/0x320
[  284.336063][   T30]  schedule_preempt_disabled+0x13/0x30
[  284.341552][   T30]  __mutex_lock+0x6a7/0xd70
[  284.351373][   T30]  ? __mutex_lock+0x52a/0xd70
[  284.358528][   T30]  ? ip_tunnel_init_net+0x20e/0x720
[  284.368933][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  284.377017][   T30]  ? read_word_at_a_time+0xe/0x20
[  284.382074][   T30]  ? sized_strscpy+0x8d/0x220
[  284.390550][   T30]  ip_tunnel_init_net+0x20e/0x720
[  284.398103][   T30]  ? __pfx_ip_tunnel_init_net+0x10/0x10
[  284.407219][   T30]  ? ops_init+0x75/0x590
[  284.411500][   T30]  ops_init+0x31e/0x590
[  284.419562][   T30]  ? lockdep_init_map_type+0xa1/0x910
[  284.428468][   T30]  setup_net+0x287/0x9e0
[  284.435464][   T30]  ? __pfx_down_read_killable+0x10/0x10
[  284.441259][   T30]  ? __pfx_setup_net+0x10/0x10
[  284.449722][   T30]  copy_net_ns+0x33f/0x570
[  284.458194][   T30]  create_new_namespaces+0x425/0x7b0
[  284.468926][   T30]  unshare_nsproxy_namespaces+0x124/0x180
[  284.477588][   T30]  ksys_unshare+0x619/0xc10
[  284.485734][   T30]  ? __pfx_ksys_unshare+0x10/0x10
[  284.490793][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  284.499452][   T30]  ? do_syscall_64+0x100/0x230
[  284.507798][   T30]  __x64_sys_unshare+0x38/0x40
[  284.516969][   T30]  do_syscall_64+0xf3/0x230
[  284.521507][   T30]  ? clear_bhb_loop+0x35/0x90
[  284.529820][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.539145][   T30] RIP: 0033:0x7fbb09d7f6f7
[  284.547564][   T30] RSP: 002b:00007ffce32c7968 EFLAGS: 00000202 ORIG_RAX: 0000000000000110
[  284.561594][   T30] RAX: ffffffffffffffda RBX: 00007fbb09f35f40 RCX: 00007fbb09d7f6f7
[  284.577439][   T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
[  284.587191][   T30] RBP: 00007fbb09f36a38 R08: 0000000000000000 R09: 0000000000000000
[  284.601130][   T30] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000000000c
[  284.610542][   T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[  284.622200][   T30]  </TASK>
[  284.627530][   T30] INFO: task syz-executor:5773 blocked for more than 148 seconds.
[  284.638937][   T30]       Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  284.649853][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  284.667598][   T30] task:syz-executor    state:D stack:24128 pid:5773  tgid:5773  ppid:1      flags:0x00004004
[  284.678635][   T30] Call Trace:
[  284.681940][   T30]  <TASK>
[  284.690757][   T30]  __schedule+0x1843/0x4ae0
[  284.697572][   T30]  ? __pfx___schedule+0x10/0x10
[  284.708247][   T30]  ? __pfx_lock_release+0x10/0x10
[  284.713576][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  284.719071][   T30]  ? schedule+0x90/0x320
[  284.730024][   T30]  schedule+0x14b/0x320
[  284.739154][   T30]  schedule_preempt_disabled+0x13/0x30
[  284.750601][   T30]  __mutex_lock+0x6a7/0xd70
[  284.756681][   T30]  ? __mutex_lock+0x52a/0xd70
[  284.763229][   T30]  ? rtnetlink_rcv_msg+0x6e6/0xcf0
[  284.768380][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  284.780147][   T30]  rtnetlink_rcv_msg+0x6e6/0xcf0
[  284.785400][   T30]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  284.790540][   T30]  ? __lock_acquire+0x1384/0x2050
[  284.802650][   T30]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  284.808160][   T30]  netlink_rcv_skb+0x1e3/0x430
[  284.820939][   T30]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  284.826478][   T30]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  284.831807][   T30]  ? netlink_deliver_tap+0x2e/0x1b0
[  284.843078][   T30]  netlink_unicast+0x7f6/0x990
[  284.847884][   T30]  ? __pfx_netlink_unicast+0x10/0x10
[  284.859026][   T30]  ? __virt_addr_valid+0x183/0x530
[  284.867220][   T30]  ? __check_object_size+0x48e/0x900
[  284.878712][   T30]  netlink_sendmsg+0x8e4/0xcb0
[  284.885741][   T30]  ? __pfx_netlink_sendmsg+0x10/0x10
[  284.891064][   T30]  ? __might_fault+0xaa/0x120
[  284.911398][   T30]  ? __pfx_netlink_sendmsg+0x10/0x10
[  284.916976][   T30]  __sock_sendmsg+0x221/0x270
[  284.921686][   T30]  __sys_sendto+0x398/0x4f0
[  284.932147][   T30]  ? __pfx___sys_sendto+0x10/0x10
[  284.937238][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  284.949256][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  284.955897][   T30]  ? exc_page_fault+0x590/0x8c0
[  284.960778][   T30]  __x64_sys_sendto+0xde/0x100
[  284.972290][   T30]  do_syscall_64+0xf3/0x230
[  284.976918][   T30]  ? clear_bhb_loop+0x35/0x90
[  284.988809][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.997767][   T30] RIP: 0033:0x7f53d437fd8c
[  285.008046][   T30] RSP: 002b:00007fff884b6de0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  285.016804][   T30] RAX: ffffffffffffffda RBX: 00007f53d5064620 RCX: 00007f53d437fd8c
[  285.030748][   T30] RDX: 0000000000000028 RSI: 00007f53d5064670 RDI: 0000000000000003
[  285.040465][   T30] RBP: 0000000000000000 R08: 00007fff884b6e34 R09: 000000000000000c
[  285.052137][   T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  285.060145][   T30] R13: 0000000000000000 R14: 00007f53d5064670 R15: 0000000000000000
[  285.075660][   T30]  </TASK>
[  285.078778][   T30] INFO: task syz-executor:5774 blocked for more than 148 seconds.
[  285.091755][   T30]       Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  285.103090][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  285.111779][   T30] task:syz-executor    state:D stack:24128 pid:5774  tgid:5774  ppid:1      flags:0x00000004
[  285.129471][   T30] Call Trace:
[  285.134169][   T30]  <TASK>
[  285.137125][   T30]  __schedule+0x1843/0x4ae0
[  285.141674][   T30]  ? __pfx___schedule+0x10/0x10
[  285.152152][   T30]  ? __pfx_lock_release+0x10/0x10
[  285.157219][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  285.169644][   T30]  ? schedule+0x90/0x320
[  285.175273][   T30]  schedule+0x14b/0x320
[  285.179461][   T30]  schedule_preempt_disabled+0x13/0x30
[  285.190823][   T30]  __mutex_lock+0x6a7/0xd70
[  285.196111][   T30]  ? __mutex_lock+0x52a/0xd70
[  285.200832][   T30]  ? rtnetlink_rcv_msg+0x6e6/0xcf0
[  285.211865][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  285.217234][   T30]  rtnetlink_rcv_msg+0x6e6/0xcf0
[  285.227925][   T30]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  285.234929][   T30]  ? __lock_acquire+0x1384/0x2050
[  285.239991][   T30]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  285.251554][   T30]  netlink_rcv_skb+0x1e3/0x430
[  285.256636][   T30]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  285.267880][   T30]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  285.277040][   T30]  ? netlink_deliver_tap+0x2e/0x1b0
[  285.288174][   T30]  netlink_unicast+0x7f6/0x990
[  285.293706][   T30]  ? __pfx_netlink_unicast+0x10/0x10
[  285.299025][   T30]  ? __virt_addr_valid+0x183/0x530
[  285.309970][   T30]  ? __check_object_size+0x48e/0x900
[  285.317047][   T30]  netlink_sendmsg+0x8e4/0xcb0
[  285.321855][   T30]  ? __pfx_netlink_sendmsg+0x10/0x10
[  285.333204][   T30]  ? __might_fault+0xaa/0x120
[  285.337922][   T30]  ? __pfx_netlink_sendmsg+0x10/0x10
[  285.348360][   T30]  __sock_sendmsg+0x221/0x270
[  285.354680][   T30]  __sys_sendto+0x398/0x4f0
[  285.359224][   T30]  ? __pfx___sys_sendto+0x10/0x10
[  285.370310][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  285.379318][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  285.389973][   T30]  ? exc_page_fault+0x590/0x8c0
[  285.397225][   T30]  __x64_sys_sendto+0xde/0x100
[  285.402032][   T30]  do_syscall_64+0xf3/0x230
[  285.411414][   T30]  ? clear_bhb_loop+0x35/0x90
[  285.418580][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  285.428071][   T30] RIP: 0033:0x7f0d1d17fd8c
[  285.434976][   T30] RSP: 002b:00007fff745feb80 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  285.447104][   T30] RAX: ffffffffffffffda RBX: 00007f0d1de64620 RCX: 00007f0d1d17fd8c
[  285.459843][   T30] RDX: 0000000000000028 RSI: 00007f0d1de64670 RDI: 0000000000000003
[  285.471489][   T30] RBP: 0000000000000000 R08: 00007fff745febd4 R09: 000000000000000c
[  285.486903][   T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  285.498489][   T30] R13: 0000000000000000 R14: 00007f0d1de64670 R15: 0000000000000000
[  285.511256][   T30]  </TASK>
[  285.515699][   T30] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
[  285.529421][   T30] INFO: task syz-executor:5776 blocked for more than 149 seconds.
[  285.538656][   T30]       Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  285.551742][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  285.561826][   T30] task:syz-executor    state:D stack:24128 pid:5776  tgid:5776  ppid:1      flags:0x00000004
[  285.578321][   T30] Call Trace:
[  285.581641][   T30]  <TASK>
[  285.586760][   T30]  __schedule+0x1843/0x4ae0
[  285.591323][   T30]  ? __pfx___schedule+0x10/0x10
[  285.601381][   T30]  ? __pfx_lock_release+0x10/0x10
[  285.608910][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  285.619509][   T30]  ? schedule+0x90/0x320
[  285.626271][   T30]  schedule+0x14b/0x320
[  285.630459][   T30]  schedule_preempt_disabled+0x13/0x30
[  285.639681][   T30]  __mutex_lock+0x6a7/0xd70
[  285.646738][   T30]  ? __mutex_lock+0x52a/0xd70
[  285.651448][   T30]  ? rtnetlink_rcv_msg+0x6e6/0xcf0
[  285.661725][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  285.669364][   T30]  rtnetlink_rcv_msg+0x6e6/0xcf0
[  285.681565][   T30]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  285.689597][   T30]  ? __lock_acquire+0x1384/0x2050
[  285.700214][   T30]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  285.708923][   T30]  netlink_rcv_skb+0x1e3/0x430
[  285.716305][   T30]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  285.721810][   T30]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  285.730903][   T30]  ? netlink_deliver_tap+0x2e/0x1b0
[  285.738701][   T30]  netlink_unicast+0x7f6/0x990
[  285.747083][   T30]  ? __pfx_netlink_unicast+0x10/0x10
[  285.756099][   T30]  ? __virt_addr_valid+0x183/0x530
[  285.761261][   T30]  ? __check_object_size+0x48e/0x900
[  285.770388][   T30]  netlink_sendmsg+0x8e4/0xcb0
[  285.783222][   T30]  ? __pfx_netlink_sendmsg+0x10/0x10
[  285.788574][   T30]  ? __might_fault+0xaa/0x120
[  285.800680][   T30]  ? __pfx_netlink_sendmsg+0x10/0x10
[  285.806826][   T30]  __sock_sendmsg+0x221/0x270
[  285.811546][   T30]  __sys_sendto+0x398/0x4f0
[  285.821964][   T30]  ? __pfx___sys_sendto+0x10/0x10
[  285.827358][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  285.839140][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  285.845840][   T30]  ? exc_page_fault+0x590/0x8c0
[  285.850730][   T30]  __x64_sys_sendto+0xde/0x100
[  285.865564][   T30]  do_syscall_64+0xf3/0x230
[  285.870131][   T30]  ? clear_bhb_loop+0x35/0x90
[  285.877528][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  285.888837][   T30] RIP: 0033:0x7efded97fd8c
[  285.897756][   T30] RSP: 002b:00007ffe02f16c00 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  285.910663][   T30] RAX: ffffffffffffffda RBX: 00007efdee664620 RCX: 00007efded97fd8c
[  285.921260][   T30] RDX: 0000000000000028 RSI: 00007efdee664670 RDI: 0000000000000003
[  285.932137][   T30] RBP: 0000000000000000 R08: 00007ffe02f16c54 R09: 000000000000000c
[  285.941061][   T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  285.964076][   T30] R13: 0000000000000000 R14: 00007efdee664670 R15: 0000000000000000
[  285.976790][   T30]  </TASK>
[  285.979842][   T30] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
[  285.993093][   T30] 
[  285.993093][   T30] Showing all locks held in the system:
[  286.000836][   T30] 1 lock held by khungtaskd/30:
[  286.011033][   T30]  #0: ffffffff8e937ee0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  286.023055][   T30] 3 locks held by kworker/1:1/47:
[  286.029159][   T30]  #0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  286.047636][   T30]  #1: ffffc90000b77d00 ((crda_timeout).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  286.059917][   T30]  #2: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: crda_timeout_work+0x15/0x50
[  286.072436][   T30] 4 locks held by kworker/u8:5/1112:
[  286.077749][   T30]  #0: ffff88801baeb148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  286.096646][   T30]  #1: ffffc90004727d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  286.109703][   T30]  #2: ffffffff8fcaccd0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[  286.127614][   T30]  #3: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: wg_netns_pre_exit+0x1f/0x1e0
[  286.141902][   T30] 3 locks held by kworker/u8:7/2911:
[  286.150853][   T30]  #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  286.169023][   T30]  #1: ffffc9000a3b7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  286.189608][   T30]  #2: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[  286.200526][   T30] 2 locks held by getty/4966:
[  286.211401][   T30]  #0: ffff88803346a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  286.221506][   T30]  #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00
[  286.238574][   T30] 1 lock held by syz-executor/5212:
[  286.244507][   T30]  #0: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0
[  286.259219][   T30] 1 lock held by syz-executor/5213:
[  286.264738][   T30]  #0: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0
[  286.280581][   T30] 1 lock held by syz-executor/5221:
[  286.286105][   T30]  #0: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0
[  286.302210][   T30] 2 locks held by syz-executor/5223:
[  286.307515][   T30]  #0: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0
[  286.323772][   T30]  #1: ffffffff8e7d1dd0 (cpu_hotplug_lock){++++}-{0:0}, at: unregister_netdevice_many_notify+0x5ea/0x1da0
[  286.340928][   T30] 6 locks held by kworker/0:5/5268:
[  286.346472][   T30] 3 locks held by kworker/1:4/5270:
[  286.351687][   T30]  #0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  286.372159][   T30]  #1: ffffc90003a5fd00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  286.388292][   T30]  #2: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x99/0xfd0
[  286.399817][   T30] 3 locks held by kworker/u8:10/5663:
[  286.412815][   T30]  #0: ffff88814c6d8948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  286.431228][   T30]  #1: ffffc90009e07d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  286.450902][   T30]  #2: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30
[  286.467623][   T30] 1 lock held by syz-executor/5768:
[  286.473499][   T30]  #0: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  286.488686][   T30] 2 locks held by syz-executor/5770:
[  286.496198][   T30]  #0: ffffffff8fcaccd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  286.512356][   T30]  #1: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20e/0x720
[  286.527808][   T30] 1 lock held by syz-executor/5773:
[  286.533319][   T30]  #0: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  286.549920][   T30] 1 lock held by syz-executor/5774:
[  286.555435][   T30]  #0: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  286.570641][   T30] 1 lock held by syz-executor/5776:
[  286.576124][   T30]  #0: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  286.592217][   T30] 1 lock held by syz-executor/5788:
[  286.597436][   T30]  #0: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  286.614220][   T30] 1 lock held by syz-executor/5792:
[  286.619918][   T30]  #0: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  286.636995][   T30] 1 lock held by syz-executor/5795:
[  286.644720][   T30]  #0: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  286.659104][   T30] 1 lock held by syz-executor/5797:
[  286.666912][   T30]  #0: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  286.679942][   T30] 1 lock held by syz-executor/5799:
[  286.689377][   T30]  #0: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  286.704720][   T30] 1 lock held by syz-executor/5811:
[  286.709953][   T30]  #0: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  286.724437][   T30] 1 lock held by syz-executor/5816:
[  286.729662][   T30]  #0: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  286.745482][   T30] 1 lock held by syz-executor/5818:
[  286.750707][   T30]  #0: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  286.764084][   T30] 1 lock held by syz-executor/5820:
[  286.769302][   T30]  #0: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  286.785852][   T30] 1 lock held by syz-executor/5823:
[  286.791072][   T30]  #0: ffffffff8fcb97c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  286.808434][   T30] 
[  286.810781][   T30] =============================================
[  286.810781][   T30] 
[  286.836536][   T30] NMI backtrace for cpu 1
[  286.840898][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  286.851059][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  286.861121][   T30] Call Trace:
[  286.864407][   T30]  <TASK>
[  286.867348][   T30]  dump_stack_lvl+0x241/0x360
[  286.872046][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  286.877261][   T30]  ? __pfx__printk+0x10/0x10
[  286.881877][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[  286.886836][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  286.892306][   T30]  ? _printk+0xd5/0x120
[  286.896479][   T30]  ? __pfx__printk+0x10/0x10
[  286.901085][   T30]  ? __wake_up_klogd+0xcc/0x110
[  286.905954][   T30]  ? __pfx__printk+0x10/0x10
[  286.910562][   T30]  ? __rcu_read_unlock+0xa1/0x110
[  286.915604][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  286.921600][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  286.927596][   T30]  watchdog+0xff4/0x1040
[  286.931859][   T30]  ? watchdog+0x1ea/0x1040
[  286.936297][   T30]  ? __pfx_watchdog+0x10/0x10
[  286.940992][   T30]  kthread+0x2f0/0x390
[  286.945076][   T30]  ? __pfx_watchdog+0x10/0x10
[  286.949766][   T30]  ? __pfx_kthread+0x10/0x10
[  286.954366][   T30]  ret_from_fork+0x4b/0x80
[  286.958796][   T30]  ? __pfx_kthread+0x10/0x10
[  286.963396][   T30]  ret_from_fork_asm+0x1a/0x30
[  286.968186][   T30]  </TASK>
[  286.972067][   T30] Sending NMI from CPU 1 to CPUs 0:
[  286.977920][    C0] NMI backtrace for cpu 0
[  286.977932][    C0] CPU: 0 UID: 0 PID: 5268 Comm: kworker/0:5 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  286.977951][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  286.977962][    C0] Workqueue: events nsim_dev_trap_report_work
[  286.977989][    C0] RIP: 0010:synproxy_parse_options+0x191/0x8d0
[  286.978009][    C0] Code: 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 61 5e 1f f8 4c 63 24 24 4c 03 23 0f 84 cf 05 00 00 e8 af cd b8 f7 <48> 8b 5c 24 20 48 89 d9 48 c1 e9 03 48 b8 00 00 00 00 00 fc ff df
[  286.978022][    C0] RSP: 0018:ffffc90000007140 EFLAGS: 00000246
[  286.978035][    C0] RAX: ffffffff89dbebb1 RBX: ffff88805894d498 RCX: ffff888065775a00
[  286.978048][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  286.978058][    C0] RBP: ffffc90000007250 R08: ffffffff89dbeb66 R09: 0000000000000000
[  286.978069][    C0] R10: ffffc900000071a0 R11: fffff52000000e39 R12: ffff8880a2836168
[  286.978081][    C0] R13: 0000000000000014 R14: ffff88805894d434 R15: 0000000000000000
[  286.978092][    C0] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  286.978105][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  286.978116][    C0] CR2: 000000110c2771e0 CR3: 000000000e734000 CR4: 00000000003506f0
[  286.978131][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  286.978140][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  286.978150][    C0] Call Trace:
[  286.978156][    C0]  <NMI>
[  286.978162][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  286.978178][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  286.978201][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  286.978216][    C0]  ? nmi_handle+0x2a/0x5a0
[  286.978237][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  286.978257][    C0]  ? nmi_handle+0x14f/0x5a0
[  286.978272][    C0]  ? nmi_handle+0x2a/0x5a0
[  286.978287][    C0]  ? synproxy_parse_options+0x191/0x8d0
[  286.978304][    C0]  ? default_do_nmi+0x63/0x160
[  286.978319][    C0]  ? exc_nmi+0x123/0x1f0
[  286.978334][    C0]  ? end_repeat_nmi+0xf/0x53
[  286.978355][    C0]  ? synproxy_parse_options+0x146/0x8d0
[  286.978371][    C0]  ? synproxy_parse_options+0x191/0x8d0
[  286.978388][    C0]  ? synproxy_parse_options+0x191/0x8d0
[  286.978406][    C0]  ? synproxy_parse_options+0x191/0x8d0
[  286.978423][    C0]  ? synproxy_parse_options+0x191/0x8d0
[  286.978440][    C0]  </NMI>
[  286.978446][    C0]  <IRQ>
[  286.978454][    C0]  ? __pfx_synproxy_parse_options+0x10/0x10
[  286.978472][    C0]  ? __pfx_nft_synproxy_eval_v4+0x10/0x10
[  286.978493][    C0]  ? nf_ip_checksum+0x13a/0x500
[  286.978514][    C0]  nft_synproxy_do_eval+0x2ee/0xa60
[  286.978535][    C0]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[  286.978553][    C0]  ? validate_chain+0x11e/0x5920
[  286.978571][    C0]  ? __pfx_validate_chain+0x10/0x10
[  286.978591][    C0]  nft_do_chain+0x4ad/0x1da0
[  286.978616][    C0]  ? __pfx_nft_do_chain+0x10/0x10
[  286.978633][    C0]  ? __local_bh_enable_ip+0x168/0x200
[  286.978664][    C0]  ? __pfx_nf_nat_inet_fn+0x10/0x10
[  286.978688][    C0]  nft_do_chain_inet+0x418/0x6b0
[  286.978707][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  286.978725][    C0]  ? ipt_do_table+0x312/0x1860
[  286.978768][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  286.978785][    C0]  nf_hook_slow+0xc3/0x220
[  286.978802][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  286.978825][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  286.978847][    C0]  NF_HOOK+0x29e/0x450
[  286.978870][    C0]  ? NF_HOOK+0x9a/0x450
[  286.978890][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  286.978913][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  286.978938][    C0]  ? ip_rcv_finish+0x406/0x560
[  286.978960][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  286.978982][    C0]  NF_HOOK+0x3a4/0x450
[  286.979003][    C0]  ? __lock_acquire+0x1384/0x2050
[  286.979025][    C0]  ? NF_HOOK+0x9a/0x450
[  286.979045][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  286.979066][    C0]  ? ip_rcv_core+0x801/0xd10
[  286.979088][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  286.979113][    C0]  ? __pfx_ip_rcv+0x10/0x10
[  286.979135][    C0]  __netif_receive_skb+0x2bf/0x650
[  286.979152][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  286.979173][    C0]  ? __pfx___netif_receive_skb+0x10/0x10
[  286.979187][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  286.979209][    C0]  ? __pfx_lock_release+0x10/0x10
[  286.979230][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[  286.979251][    C0]  process_backlog+0x662/0x15b0
[  286.979270][    C0]  ? process_backlog+0x33b/0x15b0
[  286.979289][    C0]  ? __pfx_process_backlog+0x10/0x10
[  286.979305][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  286.979327][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  286.979350][    C0]  __napi_poll+0xcb/0x490
[  286.979366][    C0]  net_rx_action+0x89b/0x1240
[  286.979392][    C0]  ? __pfx_net_rx_action+0x10/0x10
[  286.979408][    C0]  ? __pfx_tmigr_handle_remote+0x10/0x10
[  286.979443][    C0]  handle_softirqs+0x2c5/0x980
[  286.979464][    C0]  ? do_softirq+0x11b/0x1e0
[  286.979484][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  286.979507][    C0]  do_softirq+0x11b/0x1e0
[  286.979524][    C0]  </IRQ>
[  286.979529][    C0]  <TASK>
[  286.979535][    C0]  ? __pfx_do_softirq+0x10/0x10
[  286.979553][    C0]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[  286.979576][    C0]  ? rcu_is_watching+0x15/0xb0
[  286.979593][    C0]  __local_bh_enable_ip+0x1bb/0x200
[  286.979612][    C0]  ? nsim_dev_trap_report_work+0x75d/0xaa0
[  286.979634][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  286.979653][    C0]  ? do_raw_spin_unlock+0x13c/0x8b0
[  286.979672][    C0]  ? nsim_dev_trap_report_work+0x6a7/0xaa0
[  286.979696][    C0]  nsim_dev_trap_report_work+0x75d/0xaa0
[  286.979724][    C0]  ? process_scheduled_works+0x976/0x1850
[  286.979744][    C0]  process_scheduled_works+0xa63/0x1850
[  286.979779][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  286.979803][    C0]  ? assign_work+0x364/0x3d0
[  286.979823][    C0]  worker_thread+0x870/0xd30
[  286.979847][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  286.979865][    C0]  ? __kthread_parkme+0x169/0x1d0
[  286.979887][    C0]  ? __pfx_worker_thread+0x10/0x10
[  286.979907][    C0]  kthread+0x2f0/0x390
[  286.979920][    C0]  ? __pfx_worker_thread+0x10/0x10
[  286.979940][    C0]  ? __pfx_kthread+0x10/0x10
[  286.979954][    C0]  ret_from_fork+0x4b/0x80
[  286.979974][    C0]  ? __pfx_kthread+0x10/0x10
[  286.979988][    C0]  ret_from_fork_asm+0x1a/0x30
[  286.980015][    C0]  </TASK>
[  287.644476][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  287.651366][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  287.661530][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  287.671595][   T30] Call Trace:
[  287.674881][   T30]  <TASK>
[  287.677821][   T30]  dump_stack_lvl+0x241/0x360
[  287.682519][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  287.687746][   T30]  ? __pfx__printk+0x10/0x10
[  287.692347][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  287.698352][   T30]  ? vscnprintf+0x5d/0x90
[  287.702695][   T30]  panic+0x349/0x880
[  287.706611][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  287.712775][   T30]  ? __pfx_panic+0x10/0x10
[  287.717201][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[  287.722585][   T30]  ? __irq_work_queue_local+0x137/0x410
[  287.728146][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  287.733529][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  287.739690][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  287.745863][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  287.752030][   T30]  watchdog+0x1033/0x1040
[  287.756377][   T30]  ? watchdog+0x1ea/0x1040
[  287.760811][   T30]  ? __pfx_watchdog+0x10/0x10
[  287.765500][   T30]  kthread+0x2f0/0x390
[  287.769578][   T30]  ? __pfx_watchdog+0x10/0x10
[  287.774270][   T30]  ? __pfx_kthread+0x10/0x10
[  287.778872][   T30]  ret_from_fork+0x4b/0x80
[  287.783304][   T30]  ? __pfx_kthread+0x10/0x10
[  287.787904][   T30]  ret_from_fork_asm+0x1a/0x30
[  287.792692][   T30]  </TASK>
[  287.795966][   T30] Kernel Offset: disabled
[  287.800299][   T30] Rebooting in 86400 seconds..