last executing test programs: 16.50275566s ago: executing program 2 (id=53): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001b00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x70, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}]}}}, {0x40, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_DATA={0xc, 0x7, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, '+'}]}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x10c}}, 0x0) 16.395504327s ago: executing program 0 (id=55): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r0}, 0x10) socket(0x200000000000011, 0x2, 0xd) socket$inet6(0xa, 0x80000, 0x10000) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mremap(&(0x7f000000a000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180200000000000000000000000000001801000020646c4300000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000000700000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xe02, 0x1c0) r5 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) sendfile(r5, r4, 0x0, 0x3a) r6 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r6, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) 16.194663903s ago: executing program 2 (id=57): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$qrtrtun(r1, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], &(0x7f0000000500)=[0x2], 0x0, 0x1}}, 0x3c) close_range(r0, 0xffffffffffffffff, 0x0) 14.422112146s ago: executing program 4 (id=61): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) fcntl$addseals(r0, 0x409, 0x9) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_int(r2, 0x29, 0x48, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[], 0x50) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000004140)=ANY=[@ANYBLOB="02000000040000", @ANYBLOB="000000000000000018004a28e495d6e91be6fb1d9a20ff730e5fe4621b8768b5fa24cef6efd89d5718fc89b68d3ccbb4ca7dc7d615408663367bd98415", @ANYBLOB="1f15c2663936d0145be26d7ea8653335edd2c09ae5d13b36b3b2bc2aa842eff83a79fdd5ee1df58091818dbb6626a40810775e9d28a17419d6bd9352db10ad75b1f266d7981e716ed50c327f3f47b39900b4cbf7c9c986326f64e1ae288183b5f805cb2d8ad8c4a5500ecccf633d269f00c8cdfe3e0f667b511e50e4298f7884adc92b88f6a77285de48a88e0a92f57d1868982854595982fa60f18770cf39291bcf95ef86b88afee986d75ae1aebb530030166ea2a20e1133989ff904bd411675d89d9827261ed3044e5d1f0b114a6a434a92dd433ac0e84d55ff09fe13469fbfe12bb093f01635f55d4943abe6e949539a7dc64167b725e4c1b4cd8fcb52b989174ffb58e85ab2af3d46538d616af5adc3f936c5b86b2a0afec1039716c381200e26603dd9844570ab737cfc65bb147eab3863834ee8f971f1d23fde1d8586681f97b9fc715b9b81211ba0a3638565a6e389c01608080909f0b3a7ca675f52922e19cf40b1ef127bc79b0ea80671e74c326fe22e0115d3f3dff88f7ed2c313648d28c6fc8e218b528b56b1af9d2b4a898abf8f5638aedc49b9ccab69fc1d179f22d0b58093e67cddf2af12c8bc3016217ec8de0c2a191bdee789111014395b73a35000de9a4d44e974067e22773d569be4e0731f9347536dcb7a6ac924958cd9b299c67b09b9e0fb8673c596b53ff6b9714d5a86b833176b9b4c57b907a807e2505c73977a16a6f30fb3f821ed46256832c57df3b42e7cbbcf3de0fc09d6eb78d0e1d0afd002940fa0d4aa1e7e11e01b410d9a6f9dbee760f81329772033b1045649907c80d89e86adbd860a5ce55b9ca9a5fbef774be0b084746640a8ada57a684ac3f6e61d64eb766f5c0dfd9c4c2553c8fea17be7a2c438f2445198feab6149085e002482a655809b5fb523dad38bc22a506871a7f749e6dd32c25d12dd3cef6257aec8a684e87c380cf21d961dcc6a19997f07c655e0bfa1d7944b71281becac52b6d1cf6929abb6ed4f36b33a2340a18f1044159e623a592f0d9bfbea1fc66dd71a9118259b155984fdbea2aef572daed20d58cb441ed0ee395cfde5ac54e60d41210b71c9d42f52e05755aa937f8bfff15a68c493e9208b7b66203bcfd06cbeca3128832cb19ee48f246731a350aad250a70b950e90fa9d2bd641dd1c247f1a18a85d2b444a93bbe10616a864b811c8bf733a6bc603a7b4d515c156e73eba4fee34a2afa1df7d802c8ab9d5b68749f0f7c61112862ad790772d07ebd5a4cb305d826c0584e38b5eea90cac7c5799ad8bade81df39827c0797d3baa42f2227c27c2c40c29196586819547c2b9c0c6b07860b7d1af749c240273526f294be6395a4b6e19411d7cce4ade0533bd5b8bcfda54cca4c248223a35bf124a18c74c079e1d31d06729b9eb08cd39e58574de56c40fc96d62df67c0c2811ad641d1c6285b8107516aa6f0ffd69fc5e600d98d2d6dfe2c2b9603275406423fd0ce4c88f99e9962eb75be45102b2ff3b89fa0de79ea80eb65f5fd4583b86d88d34dcdced1282fc451b4d75cd43f88fd5bd74210a2785abd9d3e4f9101f5c6b8684cd7a8f4b4050dd999cc13339c3a98817da0396997b311c7e6c95ad8d40c9f96162b4a444fe07ef620c83757978584b19afe68e623a2960d215062622c0fddbdb0d2a029290b8587a4a155adcbd5629746eb981d6c9f0da4bcad8dcbc72942ec3c220b89a65f7d1bbd25e4f83100109e957c14e5dad53311de7a10c11fe2dcb1940763e9cffed673f943e382f05999e6d5dbf29d6f0fc529194d07ebae66e0172274d736058cb64d56de1774b3df1738a3acea60a763475c322a48c8932111ee01ec85e0e43ecd955541ba14a33cf67af40eee1709e2ae014eb017741ec62bddd8660eb5947c9911000b57ca81760f36c9bfa7bcf2fdbb7992a1e53f690f66582026a3e4b58812d93a8145c0066a20619f4597a70a5a9157182cd4cae9ff3e547f836b260ca93b4493ffb8a3ca1a7fb9cc21d8704fbf99cfdf2f710915fca25673e2f00a71a9754a51cb8c20738d79640932ef2c215cb142e7df1ca2ff27ead10b318f9700b7ca07c2b4858f9472c79d55b1c11a050870a67d6a9fec6b017fcdf9e1301abd00968b5f172ffe6b2c8f58092eb4ef96b71cca0c20045cff2b03dbd9f8571a5f331bee427ed38980f52899d8e8254f96bc5e65c2f2021ae7054f418489e645ab167c897aaef892a69955ce498cbc6035b0e38fdd777bf0d3b6860e4240168c343bb3152a079c204158acb052b7bcd2c55deafbf068cc194b9c4d51078fe7033df94e262082a0bbdf2ff56731ae5311e2e1b4a8dd62d54b02463befae273e35406d4607155d3cfffaddb8ddf55dfc56a6f80e3042d882711052edcd869af2019f13104ea63c04b19112577a98848468642e46b49ae3cc81e72bf5c63cb126a3312f364b0efa12b9dd97a96871459a274a127eb0d11d8c599b3309dec99ff510fb84ff916eb4c23671efb21acb61c853bc540db8dcc17a5b0e48e9402baa58ddfa1c3fc06b61cecf3162c349c77215c3b96dd8d89bd04a9bb2c3e265bbe372ccae14d81b8ba6ea331bf7a4e4bd986ec01adf275b048a6f1874834ae9d6ad768b5f0b24ddd3c1f96b496c9c5ce935de869cf964cd6331f34a86226fcf2529eec25f7baa40da08dd7ff963d4f0fdf2ef8f6685568150684b34ddf01df753b78e3750b07709e998767887f8c02ffd9d3f4817ef6e94b72cd25bc625bb9143031290d23f090f3c99a204e82089b78c2e56e5fe5b8da2ef8b7c6ec1f86b78a03c683af177088135dfa3d3ec078d950bd35930fec3864e77e2c5fcb91beb28ecdd6ba7d0855612af8ac057741becd5ffa10f44d09453dec0e0bed733144526fcbc6c39fc329f5f8368e2ede988adf2721bd67a3aac5e269f8804cdf61c33cf7b5709167b84749b8c215fdf0d7a6137167dfd78d41eba56862b9256359ac59dc6eeb22cc1b16a87733389db4404db53188a9c0d437bd530fed71df9974c487554404f3ebab7e8a64c37bb743fafbb47b74a79847ebde16c32dc22c48549a45879e4379ba5e30fd12f49faf1cd32bf67830f18c3e8334054816588492f0e070370142a7383cb05989c534d14b372d50d4900d5d7eebc3bf97808b3eea035729046743294de4d81ad2590475b9db75f9d26f34e4b1ba61fe6e30a2ba61927f63cbd4a089a9d44ca9cabb4e2bfd971f9e085e933129fdfb698ea32fbd1a962e97370f2a2ae58e0e2fa1bc59250ea8a8edeaa8125d16742e6394350eac919df4ee9a498bf08a970f76d20b241e1659f85a414167e5329fa3445b8197bfb1217582ad60c8ef8fcd4af290b48610445e8b491fe8e416f80cf6a4749ee8f98232e4407fd70689629823c4191cca64f5b5b960fe86a0409ab928f847796d26e372115772b2a16279957d96c131d103dbc292e62f1e8a5527acd3f135b9f616f74181c9514f99b77cf0c1113157ad1d2b6cb6af0384f9ac66de79868ca8f9dd4362342fa3737c2355398fd15015588ac51752670833603991a35ced11671c5254bbbaeb355b52b9efb92af097e5983b29fda57f4d9fc9220890cd982c97d0fa8e595033de3987a0652a9eef2318d36e3f2321976a2c7d7a10ae583d2859733544955032e1b13bb164870c41c19e723d7d1a6745abcfdc9becb30bf6e4fe5affbfd50c8718280bd4ed9800ce3d07870ef17ffed58cbe5505e8d50b27009c91f95188b0eb14d6bc73ea2202feeb02cdb7920d021b623d4eaa34388a8dbc9969a9d6c8e2b1166f1817f8d1f2e1ca5d675e0e898582bf429a2eb4653ad5f97a67346d881c6f450a4146604e555b247e57aa673506c3520b006dff3a53c0fea3373691ffe41bf31888d557e568ee49f8503dd83f16bf945b1bb41f234052ff2241a0df6f5ce9f54bbd2a97c2906fe1a106292580b2332c36d7813d23be7306f07a3b3c1a6ddc809047015eb8ea575d61691c31bbba34c3db97068c38da267fae47bd61964c360ead45cb6ee8b93a963cdf3d10ba9f22922695ed6bc6756a727448e3dffc8e331a4c497670296cc6a2331a5896df6314d5ab6925d2e8f18f615cb4a1a5200735d4a6e94a93f704ace359c1a0920a76ab932723c2f80895a733e9bf6f4586fbac54fe2dc94133bf5c98e0b78ff3df1323f28e545aa79c265e63521d288f741c32f3882229fbff67db8a7f9aab82e8d13c582911395366e2d9ea1d67d9ed4b75869a5894730612fe6cedc9182cec5b50e2929369138e70dda057b71f33bff986997245bd85498cba0184c0262d7372457bf88f90d4d77bc3c619e7c80d7ab75a0372b5ee54820e34efdab41d9597f2c971617a3cadefd84f7700574eac7e75db6da8300efc300c0a2a4bd8291cc4b3fd44797ee6d76ebbd5da91a28f33f8cba5d47de4d0859696c71d400abf72d1857bdbd2e36e52173dc1996e832da8a1e703315e5d4bce4061d824a844caf3c4c6b761525210f9f8fc343d06569f0645f23d586cced89849f44a5735a6272c79bccc977c319a0a7c4d3aa45af3d0675500562b5c0e5341e2a86a6355fa510e987e5998f1589e1b0f071678682c68fc3443d3e60304acfb6b5665cddcb7c4f9e6ff56e7b3e902c8bb80a0bb064762eef5df0c7751baab61f57152a80dcf151dcd458c45dc0c7461fa8462b38bebf483a58fd18a8639d601232cc6f83471822f32817aac1e8323dd8ed5cf339301faaf858c0ebc89ea5f948348b6997f509526eb95257fb8b3f42e2f705ef94c9d79087c219df28026998ea9ff1bb78ba7dbb4b4aafec20b55760da94509de0dba45eb8d4f51fc6c19f4cd1b01852efad7af6f546c1bc71cf553d7f72a9847c2fff23c9a110cb61e981d8fe2b236da79d593afc0e524cf7ef2bc446ecf5ecccb7e8a071907ffe6e3c5b80a33e913dcd7754c7736c8253bd6b524362ae437cbb01a9c063e9fb42e4fda93221203a409d239dd0af6aaff671d36c79503f0fd99b78c171a80d29bbbe5d1a2440c6add499bbdc766ce09030ef5a615430e1bdfc60a1ae7a491e9787fce0e266051525fed232697877c76cc39b3a77329780606b105ac5b7f7ab81814f4a2f629f07d42bcfcab3ee6fae67ea15ff30dde0560e91e509e944510722e97b566494daad981e3c972baec7ab1ad9672210b60fa7db5359f53a5567c0ebe7187f9a9f81bee34e4821b5fedde56b0c376a8c7d4955a88857639842dd53fc9c3f71be193e40144d41ffc1cc6f087558634f57f7c3bb89cc87d09098c7b66b992b44f8842db25ecaed77af16b8c84e3c2da5217cf47f5728260051dfe5e4a09739922737497f308e0108b1e60dce601068060d49c1e4640ba506140130d23f35c35f5cf11895e58334fdeb890d74d7a07ed7fec2e91370f283d7c252c772", @ANYRESDEC, @ANYBLOB="000000000200"/21], 0x50) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$UHID_INPUT(r3, &(0x7f0000002080)={0xfc, {"a2336848149e516d4b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f383563030890e0879b0a71c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b3e31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9903f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928d28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f2730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b81305c038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849cd9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484539ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1f93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb8843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b2804563407308c58c89d9e99c81769177e6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463373b4b87c9050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e080000007ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e3933ed07c2b8081c128ad2706f48261ff07000000000000613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59500000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) socket$netlink(0x10, 0x3, 0x5) ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, &(0x7f0000000340)={0x3, 0x900900, 0x3}) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e20, 0x1a86f, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x8}, 0x1c) ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc008561c, 0x0) io_submit(0x0, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) 14.085857742s ago: executing program 2 (id=63): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000000), &(0x7f0000000040)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000, 0x0, &(0x7f0000389000/0x4000)=nil) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0x4}, 0x0) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="010000000400100004012200a3e2000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="82a3bf5bcc74b49600"/28], 0x50) 11.39834924s ago: executing program 4 (id=64): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xffffffffffffff64, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0xffffffffffffffff, 0x803, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x9) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0xfffffedb) epoll_create1(0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)=@newqdisc={0x80, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x50, 0x2, {{}, [@TCA_NETEM_LOSS={0x34, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18}, @NETEM_LOSS_GI={0x4}]}]}}}]}, 0x80}}, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000002d00)={0x1, {{0xa, 0x4e22, 0x1000, @mcast2, 0x3}}, {{0xa, 0x4e22, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0xb0}}}, 0x108) r8 = syz_open_procfs(0x0, &(0x7f0000000640)='net/mcfilter6\x00') preadv(r8, &(0x7f0000001640)=[{&(0x7f0000000280)=""/191, 0xbf}], 0x1, 0x86, 0x451) sendto$inet(r3, &(0x7f0000001600)="09268a927f1f6588b967481241ba7860fcfaf65ac635ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcec8044ab4ea6f7ae55d88fecf90b1a7511bf746b152124eb38d6c7a207112eb1bf554bc070626792d394df5adf7355fa5f8deb9db3da042d88", 0xfdef, 0x11, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) 11.355682648s ago: executing program 1 (id=65): r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x40001) ioctl$BLKTRACESETUP(r0, 0xc0401273, &(0x7f0000000000)={'\x00', 0x2, 0x6f11, 0x8, 0xfffffffffffffeff, 0x11c3adec}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000010001, 0x4, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, &(0x7f0000000040)=0x54) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x800000019) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_GET_IRQCHIP(r4, 0xc208ae62, &(0x7f0000000600)={0x0, 0x0, @pic={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}}) process_mrelease(0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x10252000) bpf$PROG_LOAD(0x5, 0x0, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r5, &(0x7f0000000000), 0xfffffecc) 9.690675713s ago: executing program 3 (id=67): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001b00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x70, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}]}}}, {0x40, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_DATA={0xc, 0x7, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, '+'}]}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x10c}}, 0x0) 9.3567629s ago: executing program 3 (id=68): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\\\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000001000500050007000000000008000900030000001400200000000000000000000000ffffe000000108000a0000000000060002000100000014001f"], 0x5c}, 0x1, 0x6c}, 0x0) 9.053888082s ago: executing program 3 (id=69): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfb, 0x4000000}, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x2, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x4) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0xffea, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3000000070000100000000000000000007000000", @ANYRES32=r6, @ANYBLOB="0c00018008000100000001000c0002"], 0x30}}, 0x0) syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0xfffffd9d) r7 = socket(0x1e, 0x4, 0x0) connect$tipc(r7, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x1, 0x4}}, 0x10) sendfile(r7, r3, 0x0, 0x8010002b) getsockopt$netlink(r0, 0x10e, 0x9, 0x0, &(0x7f0000000040)) 8.574797283s ago: executing program 1 (id=70): r0 = socket$inet6(0xa, 0x3, 0x3c) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) futex(&(0x7f0000000140)=0x1, 0x4, 0x0, 0x0, 0x0, 0x2) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @remote, 0x5}, 0x1c) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1) 8.359539117s ago: executing program 0 (id=71): socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x100, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e78, 0x3, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x80}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x25, 0x8b}, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount$9p_virtio(&(0x7f0000000540), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x200000, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e63616368653d667363616368652c0000000000000000"]) chdir(&(0x7f0000000300)='./file0\x00') sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) keyctl$clear(0x7, 0xfffffffffffffffb) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r4, 0x29, 0x8, &(0x7f0000000000)=0x3, 0x4) sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x104}}, 0x0) r5 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f0000000340)={{0x4, 0x5, 0x1, 0x6, 'syz1\x00'}, 0x6, 0x0, 0xb84, 0x0, 0xffffffffffffff8a, 0x0, 'syz1\x00', 0x0}) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r5, 0xc1105518, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x1, [0x2, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0xfffffffffffffffe, 0x8, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d51e619, 0x0, 0x0, 0x6, 0x3, 0x0, 0x0, 0x7f, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x800000, 0x0, 0x101, 0x9, 0xd721, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x83, 0x4, 0x0, 0x3]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) 7.976928769s ago: executing program 1 (id=72): syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, &(0x7f00000001c0)="5cba", 0x2) socket(0x10, 0x80002, 0x0) r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) fchdir(r2) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r3, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) mkdir(&(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)='./file0\x00') 6.575256484s ago: executing program 1 (id=73): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, 0x0, 0x44}, 0x28) fsopen(0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000080)=0x48) mkdir(&(0x7f0000000400)='./file0\x00', 0x103) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000003c0007010000000000000000010000000400fc800c00018008000600ffff0000080002800400728008000900"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota') r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0) 5.364176433s ago: executing program 4 (id=74): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000f9000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) 5.362950098s ago: executing program 2 (id=75): r0 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x36}, @empty, 0x0, 0x1, 0x0, 0x1}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x0, 0x0, 0x0, 0x4007}}) gettid() prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x4000)=nil) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, 0x0, &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$netlink(0x10, 0x3, 0x0) 4.982611121s ago: executing program 4 (id=76): socketpair$unix(0x1, 0x3, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000a04fcff", 0x7d}], 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00') sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x19) set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff) r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) ftruncate(r2, 0x8800000) ioctl$USBDEVFS_DROP_PRIVILEGES(r2, 0x4004551e, &(0x7f0000000300)=0x5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), r2) recvmmsg(r4, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0) sendfile(r3, r2, 0x0, 0x578410eb) r5 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000340)={0x0, 0x4}, 0x8) sendto$inet6(r5, &(0x7f0000000240)='\f', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x5, @private1={0xfc, 0x1, '\x00', 0x1}, 0x100}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r5, 0x84, 0x7c, &(0x7f0000000400)={0x0, 0x0, 0x200}, 0x8) process_vm_readv(0x0, &(0x7f0000008400), 0x0, &(0x7f0000008640), 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) socket$kcm(0x29, 0x5, 0x0) pipe(&(0x7f0000000040)) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @thr={0x0, &(0x7f0000000380)="c75f16175bb69c4013d0479f629c0ba46ff8ac8dc98098b878545ed70bb5bc1bacf36b28b91a23b1365fa8e67059f7c1fc1ade5eb855207f7066f96bdafb14234e8d9afeee1f3fd22e4b4fe5a61f4afde21805ae5206b87bb22d882df14583a3"}}, &(0x7f0000000100)) 3.182334572s ago: executing program 2 (id=77): r0 = syz_clone(0x0, &(0x7f0000001100), 0x0, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f0000000380)=r0, 0x12) 3.09647048s ago: executing program 3 (id=78): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001b00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x70, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}]}}}, {0x40, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_DATA={0xc, 0x7, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, '+'}]}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x10c}}, 0x0) 2.381479858s ago: executing program 0 (id=79): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\\\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000001000500050007000000000008000900030000001400200000000000000000000000ffffe000000108000a0000000000060002000100000014001f"], 0x5c}, 0x1, 0x6c}, 0x0) 2.334428017s ago: executing program 3 (id=80): r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x40001) ioctl$BLKTRACESETUP(r0, 0xc0401273, &(0x7f0000000000)={'\x00', 0x2, 0x6f11, 0x8, 0xfffffffffffffeff, 0x11c3adec}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000010001, 0x4, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, &(0x7f0000000040)=0x54) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x800000019) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_GET_IRQCHIP(r4, 0xc208ae62, &(0x7f0000000600)={0x0, 0x0, @pic={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}}) process_mrelease(0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x10252000) bpf$PROG_LOAD(0x5, 0x0, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r5, &(0x7f0000000000), 0xfffffecc) 2.276580869s ago: executing program 2 (id=81): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r0}, 0x10) socket(0x200000000000011, 0x2, 0xd) socket$inet6(0xa, 0x80000, 0x10000) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mremap(&(0x7f000000a000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180200000000000000000000000000001801000020646c4300000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000000700000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xe02, 0x1c0) r5 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) sendfile(r5, r4, 0x0, 0x3a) r6 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r6, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) 2.028746077s ago: executing program 0 (id=82): r0 = socket$inet6(0xa, 0x3, 0x3c) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) futex(&(0x7f0000000140)=0x1, 0x4, 0x0, 0x0, 0x0, 0x2) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @remote, 0x5}, 0x1c) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1) 1.374860028s ago: executing program 4 (id=83): syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, &(0x7f00000001c0)="5cba91", 0x3) socket(0x10, 0x80002, 0x0) r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) fchdir(r2) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r3, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) mkdir(&(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)='./file0\x00') 1.291377148s ago: executing program 0 (id=84): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1) removexattr(0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x19) set_mempolicy(0x2, 0x0, 0x3ff) r1 = syz_io_uring_setup(0xb7f, &(0x7f0000000180)={0x0, 0x38ab, 0x80, 0x0, 0x1e6}, &(0x7f0000000340)=0x0, &(0x7f0000000600)=0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x0, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x20, 0x3, 0x7, 0x301, 0x0, 0x0, {0x5, 0x0, 0xd}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x10) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r4, 0x0, 0x0, 0x0, 0x322, 0x1, {0x1}}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000003500)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x8000) ftruncate(0xffffffffffffffff, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, 0x0) syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), 0xffffffffffffffff) recvmmsg(0xffffffffffffffff, &(0x7f00000034c0), 0x0, 0x700, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x578410eb) process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) socket$kcm(0x29, 0x5, 0x0) socket$packet(0x11, 0x3, 0x300) 1.158806021s ago: executing program 1 (id=85): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) recvfrom(r0, 0x0, 0x0, 0x32, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10) 306.366561ms ago: executing program 4 (id=86): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000000), &(0x7f0000000040)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000, 0x0, &(0x7f0000389000/0x4000)=nil) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0x4}, 0x0) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="010000000400100004012200a3e2000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="82a3bf5bcc74b49600"/28], 0x50) 176.862747ms ago: executing program 0 (id=87): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x6, 0x4, 0x5b, 0x8a}, 0x48) bpf$PROG_LOAD(0x4, &(0x7f0000000680)={0x3, 0x3, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) io_setup(0x4, &(0x7f00000014c0)=0x0) r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='mounts\x00') io_submit(r0, 0x1, &(0x7f0000000280)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) mount$binderfs(0x0, &(0x7f0000000700)='./binderfs\x00', 0x0, 0x20, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) setrlimit(0x6, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) socket(0x1d, 0x2, 0x6) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000180)={'syztnl1\x00', &(0x7f00000003c0)={'syztnl2\x00', 0x0, 0x4, 0x0, 0x80, 0x0, 0x42, @empty, @mcast1, 0x40, 0x8, 0x1, 0x7}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000240)={'erspan0\x00', &(0x7f0000000500)={'syztnl2\x00', r3, 0x40, 0x80, 0xc795, 0x9, {{0xa, 0x4, 0x1, 0x1f, 0x28, 0x64, 0x0, 0x3, 0x2f, 0x0, @loopback, @remote, {[@rr={0x7, 0x13, 0x5f, [@broadcast, @remote, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}}}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xa, 0x801, 0x1ffa, 0x8c, 0x10, 0x1, 0xcb02, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x180}, 0x50) syz_open_dev$tty1(0xc, 0x4, 0x1) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) r4 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) write$binfmt_script(r4, &(0x7f0000000040)={'#! ', '', [{0x20, '\t\xbb\x9b\x81\xa61\xdd\xd6\xe6\xb3R\xb9\xdb?\xbe\xd3&n\xe2\xb6\xf5%\xb2\xdf\xf5\x83\xba\xeb\x93~\x88\xdc\xec[6=\x01p\xcd\x8ay\x0ez\\U\xae\x9fj@5q\xb2\x89\x00\x17\xe3\x82\x81\xbeS\xd8\x00\x1c\x10\xf8\xf3\xd4\xddI<%\xbb\xa6\xab\x9a\xe5\xec\x19\xfa\xcb\x94\x90u\x9b\x13W\xbd\x9f\xfa\x032-{\x96{\x12\xddy\xb8\x0e%\xabx/\x9cb\xfe\xccO\x00\xf0\xf2\x9dZ\x19_\xc7\xf2\vI'}]}, 0x7d) execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 30.869629ms ago: executing program 1 (id=88): r0 = syz_open_dev$radio(&(0x7f0000000040), 0x2, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f0000000000)={0x0, 0x1, 0xe98, 0x0, 0x0, 0x300}) 0s ago: executing program 3 (id=89): bpf$PROG_LOAD(0x4, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, 0x0, 0x80202, 0x0) setrlimit(0x6, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) r2 = socket$tipc(0x1e, 0x5, 0x0) r3 = io_uring_setup(0x1de0, &(0x7f0000000a00)={0x0, 0x7068, 0x400}) io_uring_register$IORING_REGISTER_PBUF_RING(r3, 0x16, 0x0, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) io_uring_register$IORING_UNREGISTER_PBUF_RING(r3, 0x17, &(0x7f0000000300)={0x0}, 0x1) bind$tipc(r2, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x0, 0x0, 0x20}}, 0x10) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000), 0x4) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001140)='/proc/zoneinfo\x00', 0x0, 0x0) ioctl$SIOCGSKNS(r2, 0x894c, &(0x7f0000000040)={'gretap0\x00', 0x200}) lseek(r4, 0xfffffffffffffff7, 0x2) socket(0x1d, 0x2, 0x6) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x100000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xd, 0x80000006}, 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) close_range(r0, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): [ 92.302443][ T1247] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.35' (ED25519) to the list of known hosts. [ 97.266522][ T5824] cgroup: Unknown subsys name 'net' [ 97.534199][ T5824] cgroup: Unknown subsys name 'cpuset' [ 97.588567][ T5824] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 99.848616][ T5824] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 102.933646][ T5844] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 102.938786][ T5844] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 102.956630][ T5850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 102.961632][ T5844] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 102.962671][ T5844] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 102.970478][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 102.991340][ T5863] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 102.993408][ T5862] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 102.994620][ T5863] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 103.012904][ T5859] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 103.018240][ T5862] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 103.019328][ T5861] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 103.019533][ T5863] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 103.023322][ T5863] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 103.023597][ T5863] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 103.024848][ T5859] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 103.028957][ T5861] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 103.029632][ T5863] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 103.031807][ T5859] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 103.039376][ T5859] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 103.042633][ T5859] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 103.048633][ T5851] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 103.065705][ T5854] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 103.069413][ T5854] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 103.109894][ T5854] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 104.171713][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 104.302444][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 104.424495][ T5852] chnl_net:caif_netlink_parms(): no params data found [ 104.450641][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 104.579291][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 105.099484][ T5155] Bluetooth: hci3: command tx timeout [ 105.099500][ T5854] Bluetooth: hci2: command tx timeout [ 105.099658][ T5155] Bluetooth: hci4: command tx timeout [ 105.159117][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.160220][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.160690][ T5843] bridge_slave_0: entered allmulticast mode [ 105.162861][ T5843] bridge_slave_0: entered promiscuous mode [ 105.178700][ T5857] Bluetooth: hci0: command tx timeout [ 105.259431][ T5857] Bluetooth: hci1: command tx timeout [ 105.312973][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.313071][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.313226][ T5843] bridge_slave_1: entered allmulticast mode [ 105.315143][ T5843] bridge_slave_1: entered promiscuous mode [ 105.669182][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.669328][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.669521][ T5846] bridge_slave_0: entered allmulticast mode [ 105.672460][ T5846] bridge_slave_0: entered promiscuous mode [ 106.009528][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.009670][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.009904][ T5846] bridge_slave_1: entered allmulticast mode [ 106.012007][ T5846] bridge_slave_1: entered promiscuous mode [ 106.109458][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.109614][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.109799][ T5852] bridge_slave_0: entered allmulticast mode [ 106.112881][ T5852] bridge_slave_0: entered promiscuous mode [ 106.128154][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.129820][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.129975][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.130229][ T5842] bridge_slave_0: entered allmulticast mode [ 106.133398][ T5842] bridge_slave_0: entered promiscuous mode [ 106.339413][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.339567][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.339753][ T5852] bridge_slave_1: entered allmulticast mode [ 106.342712][ T5852] bridge_slave_1: entered promiscuous mode [ 106.356723][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.357027][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.357180][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.357394][ T5842] bridge_slave_1: entered allmulticast mode [ 106.361090][ T5842] bridge_slave_1: entered promiscuous mode [ 106.547637][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.555713][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.556041][ T5841] bridge_slave_0: entered allmulticast mode [ 106.572489][ T5841] bridge_slave_0: entered promiscuous mode [ 106.750846][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.832769][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.832912][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.833110][ T5841] bridge_slave_1: entered allmulticast mode [ 106.835639][ T5841] bridge_slave_1: entered promiscuous mode [ 106.973727][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.977183][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.068171][ T5843] team0: Port device team_slave_0 added [ 107.074318][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.154898][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.178078][ T5857] Bluetooth: hci4: command tx timeout [ 107.188136][ T5155] Bluetooth: hci3: command tx timeout [ 107.188243][ T5857] Bluetooth: hci2: command tx timeout [ 107.235461][ T5843] team0: Port device team_slave_1 added [ 107.239751][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.258644][ T5857] Bluetooth: hci0: command tx timeout [ 107.337971][ T5857] Bluetooth: hci1: command tx timeout [ 107.383190][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.732602][ T5846] team0: Port device team_slave_0 added [ 107.815525][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.974885][ T5846] team0: Port device team_slave_1 added [ 107.978702][ T5852] team0: Port device team_slave_0 added [ 108.062069][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 108.062084][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.062105][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 108.065726][ T5842] team0: Port device team_slave_0 added [ 108.194379][ T5852] team0: Port device team_slave_1 added [ 108.261396][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 108.261413][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.261433][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 108.263725][ T5842] team0: Port device team_slave_1 added [ 108.512871][ T5841] team0: Port device team_slave_0 added [ 108.616785][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 108.616801][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.616822][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 108.720328][ T5841] team0: Port device team_slave_1 added [ 108.804886][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 108.804905][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.804934][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.059791][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.059809][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.059839][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.118654][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.118673][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.118702][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.149042][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.149064][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.149099][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.258495][ T5857] Bluetooth: hci2: command tx timeout [ 109.258523][ T5155] Bluetooth: hci3: command tx timeout [ 109.258551][ T5155] Bluetooth: hci4: command tx timeout [ 109.331509][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.331523][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.331544][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.345282][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.345302][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.345342][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.347880][ T5857] Bluetooth: hci0: command tx timeout [ 109.417926][ T5857] Bluetooth: hci1: command tx timeout [ 109.483125][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.483138][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.483159][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.497363][ T5843] hsr_slave_0: entered promiscuous mode [ 109.501733][ T5843] hsr_slave_1: entered promiscuous mode [ 109.839694][ T5846] hsr_slave_0: entered promiscuous mode [ 109.841104][ T5846] hsr_slave_1: entered promiscuous mode [ 109.842229][ T5846] debugfs: 'hsr0' already exists in 'hsr' [ 109.842371][ T5846] Cannot create hsr debugfs directory [ 110.230803][ T5852] hsr_slave_0: entered promiscuous mode [ 110.232280][ T5852] hsr_slave_1: entered promiscuous mode [ 110.233246][ T5852] debugfs: 'hsr0' already exists in 'hsr' [ 110.233264][ T5852] Cannot create hsr debugfs directory [ 110.257380][ T5842] hsr_slave_0: entered promiscuous mode [ 110.260512][ T5842] hsr_slave_1: entered promiscuous mode [ 110.262087][ T5842] debugfs: 'hsr0' already exists in 'hsr' [ 110.262119][ T5842] Cannot create hsr debugfs directory [ 110.440428][ T5841] hsr_slave_0: entered promiscuous mode [ 110.441849][ T5841] hsr_slave_1: entered promiscuous mode [ 110.442874][ T5841] debugfs: 'hsr0' already exists in 'hsr' [ 110.442900][ T5841] Cannot create hsr debugfs directory [ 111.338049][ T5857] Bluetooth: hci4: command tx timeout [ 111.338086][ T5857] Bluetooth: hci3: command tx timeout [ 111.338131][ T5857] Bluetooth: hci2: command tx timeout [ 111.428044][ T5854] Bluetooth: hci0: command tx timeout [ 111.497953][ T5854] Bluetooth: hci1: command tx timeout [ 112.134206][ T5843] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 112.168648][ T5843] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 112.194914][ T5843] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 112.253520][ T5843] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 112.425333][ T5852] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 112.464461][ T5852] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 112.502619][ T5852] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 112.556046][ T5852] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 112.728091][ T5842] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 112.765412][ T5842] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 112.802968][ T5842] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 112.856198][ T5842] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 113.079425][ T5846] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 113.141222][ T5846] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 113.188859][ T5846] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 113.259322][ T5846] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 113.355666][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.457097][ T5841] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 113.496873][ T5841] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 113.535206][ T5841] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 113.585684][ T5841] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 113.636914][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 113.703085][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.703752][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 113.760945][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.773808][ T1177] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.773996][ T1177] bridge0: port 2(bridge_slave_1) entered forwarding state [ 113.925554][ T5852] 8021q: adding VLAN 0 to HW filter on device team0 [ 113.981462][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.990963][ T1458] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.991225][ T1458] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.052512][ T1177] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.052642][ T1177] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.136816][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.222021][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.226442][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.226600][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.329124][ T1177] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.329285][ T1177] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.456445][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.502112][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.532108][ T155] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.532335][ T155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.612135][ T2930] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.612302][ T2930] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.724286][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.767356][ T155] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.769685][ T155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.835936][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 114.853467][ T1177] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.853631][ T1177] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.145418][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 115.271195][ T5843] veth0_vlan: entered promiscuous mode [ 115.395490][ T5843] veth1_vlan: entered promiscuous mode [ 115.588397][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 115.605459][ T5852] veth0_vlan: entered promiscuous mode [ 115.672563][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 115.676213][ T5852] veth1_vlan: entered promiscuous mode [ 115.742318][ T5843] veth0_macvtap: entered promiscuous mode [ 115.785074][ T5843] veth1_macvtap: entered promiscuous mode [ 115.959243][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 116.008162][ T5842] veth0_vlan: entered promiscuous mode [ 116.053041][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.056140][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 116.056799][ T5852] veth0_macvtap: entered promiscuous mode [ 116.166501][ T5852] veth1_macvtap: entered promiscuous mode [ 116.175073][ T67] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.184912][ T67] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.193813][ T5842] veth1_vlan: entered promiscuous mode [ 116.196493][ T67] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.220851][ T67] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.380584][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 116.518391][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 116.638972][ T67] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.674858][ T1177] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.693274][ T1177] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.710119][ T1177] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.713351][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.713380][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.746396][ T5842] veth0_macvtap: entered promiscuous mode [ 116.846722][ T5841] veth0_vlan: entered promiscuous mode [ 116.848543][ T5846] veth0_vlan: entered promiscuous mode [ 116.861629][ T5842] veth1_macvtap: entered promiscuous mode [ 116.992464][ T5846] veth1_vlan: entered promiscuous mode [ 116.992961][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.992979][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.079695][ T5841] veth1_vlan: entered promiscuous mode [ 117.225701][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 117.255963][ T157] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.255986][ T157] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.266210][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 117.349513][ T1177] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.379019][ T1177] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.402232][ T1177] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.455764][ T1177] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.481532][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.481556][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.525869][ T5846] veth0_macvtap: entered promiscuous mode [ 117.630073][ T5841] veth0_macvtap: entered promiscuous mode [ 117.634831][ T5846] veth1_macvtap: entered promiscuous mode [ 117.771676][ T5841] veth1_macvtap: entered promiscuous mode [ 118.135593][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 118.235226][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.235252][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.265241][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 118.273254][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 118.364709][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 118.364812][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.409577][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.438197][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.469138][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.474216][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.474232][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.557846][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 118.567836][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 118.568001][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 118.577796][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 118.586399][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 118.637799][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 118.647796][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 118.657809][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 118.667793][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 118.677792][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 118.761056][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.877084][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.948255][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.982020][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.589282][ T5970] warning: `syz.3.4' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 119.621663][ T4549] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.621681][ T4549] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.890322][ T4549] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.890344][ T4549] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.938455][ T981] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 120.258084][ T1458] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.258109][ T1458] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.378103][ T981] usb 2-1: Using ep0 maxpacket: 16 [ 120.407306][ T981] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 120.407340][ T981] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 120.407391][ T981] usb 2-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 120.407416][ T981] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.512324][ T5984] 9pnet_virtio: no channels available for device syz [ 121.363905][ T981] usb 2-1: config 0 descriptor?? [ 121.395050][ T157] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.395088][ T157] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.577467][ T981] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 124.720905][ T1247] usb 2-1: USB disconnect, device number 2 [ 127.066082][ C1] vkms_vblank_simulate: vblank timer overrun [ 127.468259][ C1] vkms_vblank_simulate: vblank timer overrun [ 127.584026][ T6031] I/O error, dev loop2, sector 2 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 1 [ 127.584102][ T6031] hfsplus: unable to find HFS+ superblock [ 129.025884][ T6022] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 129.025906][ T6022] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 129.029681][ T6022] vhci_hcd vhci_hcd.0: Device attached [ 129.327152][ T6022] Zero length message leads to an empty skb [ 129.467605][ T5916] usb 34-1: SetAddress Request (2) to port 0 [ 129.467667][ T5916] usb 34-1: new SuperSpeed USB device number 2 using vhci_hcd [ 129.475762][ T6047] vhci_hcd: connection closed [ 129.484692][ T6048] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 129.509326][ T155] vhci_hcd: stop threads [ 129.511146][ T155] vhci_hcd: release socket [ 129.527471][ T155] vhci_hcd: disconnect device [ 129.817700][ T6041] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 130.770762][ T6040] mmap: syz.3.23 (6040) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 131.260325][ C1] vkms_vblank_simulate: vblank timer overrun [ 132.811672][ T6077] netlink: 128 bytes leftover after parsing attributes in process `syz.0.31'. [ 133.675457][ T6095] I/O error, dev loop3, sector 2 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 1 [ 133.675507][ T6095] hfsplus: unable to find HFS+ superblock [ 134.150020][ T38] audit: type=1326 audit(1757281455.203:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6101 comm="syz.2.38" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcef715ebe9 code=0x7ffc0000 [ 134.150075][ T38] audit: type=1326 audit(1757281455.253:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6101 comm="syz.2.38" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fcef7155ba7 code=0x7ffc0000 [ 134.150114][ T38] audit: type=1326 audit(1757281455.253:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6101 comm="syz.2.38" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcef70fadb9 code=0x7ffc0000 [ 134.150151][ T38] audit: type=1326 audit(1757281455.253:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6101 comm="syz.2.38" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcef715ebe9 code=0x7ffc0000 [ 134.150189][ T38] audit: type=1326 audit(1757281455.263:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6101 comm="syz.2.38" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fcef7155ba7 code=0x7ffc0000 [ 134.150238][ T38] audit: type=1326 audit(1757281455.263:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6101 comm="syz.2.38" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcef70fadb9 code=0x7ffc0000 [ 134.150282][ T38] audit: type=1326 audit(1757281455.263:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6101 comm="syz.2.38" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fcef7155ba7 code=0x7ffc0000 [ 134.150329][ T38] audit: type=1326 audit(1757281455.263:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6101 comm="syz.2.38" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcef70fadb9 code=0x7ffc0000 [ 134.150375][ T38] audit: type=1326 audit(1757281455.263:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6101 comm="syz.2.38" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcef715ebe9 code=0x7ffc0000 [ 134.150421][ T38] audit: type=1326 audit(1757281455.263:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6101 comm="syz.2.38" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcef715ebe9 code=0x7ffc0000 [ 134.551574][ T5916] usb 34-1: device descriptor read/8, error -110 [ 134.941677][ T5916] usb usb34-port1: attempt power cycle [ 135.551714][ T5916] usb usb34-port1: unable to enumerate USB device [ 135.587584][ C0] vkms_vblank_simulate: vblank timer overrun [ 135.987917][ T981] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 136.120350][ T6122] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 136.178044][ T981] usb 3-1: Using ep0 maxpacket: 32 [ 136.180926][ T981] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 136.184309][ T981] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 136.184344][ T981] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 136.184367][ T981] usb 3-1: Product: syz [ 136.184383][ T981] usb 3-1: Manufacturer: syz [ 136.184399][ T981] usb 3-1: SerialNumber: syz [ 136.216845][ T981] usb 3-1: config 0 descriptor?? [ 136.222725][ T6120] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 136.938888][ T981] usb 3-1: USB disconnect, device number 2 [ 138.386731][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.386844][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 142.886152][ T6182] kAFS: No cell specified [ 143.527070][ C1] vkms_vblank_simulate: vblank timer overrun [ 143.530846][ T6182] lo speed is unknown, defaulting to 1000 [ 143.531448][ T6182] lo speed is unknown, defaulting to 1000 [ 143.575981][ T6182] lo speed is unknown, defaulting to 1000 [ 143.656656][ T6182] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 143.837547][ T6182] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 144.121671][ T6182] lo speed is unknown, defaulting to 1000 [ 144.168697][ T6182] lo speed is unknown, defaulting to 1000 [ 144.190139][ C1] vkms_vblank_simulate: vblank timer overrun [ 144.198224][ T6182] lo speed is unknown, defaulting to 1000 [ 144.225498][ T6182] lo speed is unknown, defaulting to 1000 [ 144.248437][ T6182] lo speed is unknown, defaulting to 1000 [ 147.040111][ T6208] netem: incorrect gi model size [ 147.040132][ T6208] netem: change failed [ 147.753990][ C1] vkms_vblank_simulate: vblank timer overrun [ 151.231594][ T6230] : entered promiscuous mode [ 161.058321][ T6285] [ 161.058335][ T6285] ===================================== [ 161.058343][ T6285] WARNING: bad unlock balance detected! [ 161.058360][ T6285] syzkaller #0 Not tainted [ 161.058372][ T6285] ------------------------------------- [ 161.058379][ T6285] syz.1.88/6285 is trying to release lock (&sighand->siglock) at: [ 161.058418][ T6285] [] copy_process+0x2697/0x3ae0 [ 161.058464][ T6285] but there[ 161.058464][ T6285] but there are no more locks to release! [ 161.058472][ T6285] [ 161.058472][ T6285] other info that might help us debug this: [ 161.058480][ T6285] 1 lock held by syz.1.88/6285: [ 161.058492][ T6285] #0: ffffffff8d9e0a30 (cgroup_threadgroup_rwsem){++++}-{0:0}, at: copy_process+0x2034/0x3ae0 [ 161.058553][ T6285] [ 161.058553][ T6285] stack backtrace: [ 161.058579][ T6285] CPU: 1 UID: 0 PID: 6285 Comm: syz.1.88 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 161.058605][ T6285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 161.058626][ T6285] Call Trace: [ 161.058635][ T6285] [ 161.058644][ T6285] dump_stack_lvl+0x189/0x250 [ 161.058684][ T6285] ? __pfx_dump_stack_lvl+0x10/0x10 [ 161.058716][ T6285] ? __pfx__printk+0x10/0x10 [ 161.058748][ T6285] ? copy_process+0x2697/0x3ae0 [ 161.058777][ T6285] print_unlock_imbalance_bug+0xdc/0xf0 [ 161.058813][ T6285] lock_release+0x269/0x3e0 [ 161.058842][ T6285] ? copy_process+0x2697/0x3ae0 [ 161.058873][ T6285] rt_spin_unlock+0x16/0x80 [ 161.058900][ T6285] copy_process+0x2697/0x3ae0 [ 161.058934][ T6285] ? copy_process+0x979/0x3ae0 [ 161.058969][ T6285] ? __pfx_copy_process+0x10/0x10 [ 161.059000][ T6285] ? __asan_memset+0x22/0x50 [ 161.059026][ T6285] kernel_clone+0x224/0x7c0 [ 161.059058][ T6285] ? __pfx_kernel_clone+0x10/0x10 [ 161.059094][ T6285] ? __lock_acquire+0xab9/0xd20 [ 161.059127][ T6285] __se_sys_clone3+0x256/0x2d0 [ 161.059159][ T6285] ? __might_fault+0xb0/0x130 [ 161.059193][ T6285] ? __pfx___se_sys_clone3+0x10/0x10 [ 161.059233][ T6285] ? _copy_to_user+0x8a/0xb0 [ 161.059268][ T6285] ? do_user_addr_fault+0xc8a/0x1390 [ 161.059298][ T6285] ? do_syscall_64+0xbe/0x3b0 [ 161.059319][ T6285] do_syscall_64+0xfa/0x3b0 [ 161.059338][ T6285] ? lockdep_hardirqs_on+0x9c/0x150 [ 161.059369][ T6285] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.059392][ T6285] ? clear_bhb_loop+0x60/0xb0 [ 161.059424][ T6285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.059446][ T6285] RIP: 0033:0x7f38f7f63449 [ 161.059469][ T6285] Code: d7 08 00 48 8d 3d fc d7 08 00 e8 e2 28 f6 ff 66 90 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 161.059487][ T6285] RSP: 002b:00007ffc26e5f748 EFLAGS: 00000206 ORIG_RAX: 00000000000001b3 [ 161.059509][ T6285] RAX: ffffffffffffffda RBX: 00007f38f7ee5830 RCX: 00007f38f7f63449 [ 161.059525][ T6285] RDX: 00007f38f7ee5830 RSI: 0000000000000058 RDI: 00007ffc26e5f790 [ 161.059541][ T6285] RBP: 00007f38f618e6c0 R08: 00007f38f618e6c0 R09: 00007ffc26e5f877 [ 161.059557][ T6285] R10: 0000000000000008 R11: 0000000000000206 R12: ffffffffffffffa8 [ 161.059572][ T6285] R13: 000000000000000b R14: 00007ffc26e5f790 R15: 00007ffc26e5f878 [ 161.059595][ T6285] [ 161.147961][ T6285] ------------[ cut here ]------------ [ 161.147982][ T6285] WARNING: CPU: 0 PID: 6285 at kernel/sched/core.c:2418 migrate_enable+0x30e/0x3c0 [ 161.148027][ T6285] Modules linked in: [ 161.148046][ T6285] CPU: 0 UID: 0 PID: 6285 Comm: syz.1.88 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 161.148072][ T6285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 161.148086][ T6285] RIP: 0010:migrate_enable+0x30e/0x3c0 [ 161.148115][ T6285] Code: 00 00 00 65 48 8b 05 01 f2 65 10 48 3b 84 24 a0 00 00 00 75 46 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 90 <0f> 0b 90 49 bc 00 00 00 00 00 fc ff df eb af 89 d1 80 e1 07 fe c1 [ 161.148133][ T6285] RSP: 0018:ffffc90005f978a0 EFLAGS: 00010246 [ 161.148167][ T6285] RAX: 0000000000000000 RBX: 1ffff11004d787f8 RCX: dffffc0000000000 [ 161.148184][ T6285] RDX: ffff888026bc3fc0 RSI: ffffffff8d21a336 RDI: ffffffff8b621000 [ 161.148201][ T6285] RBP: ffffc90005f979a0 R08: 0000000000000000 R09: 0000000000000000 [ 161.148215][ T6285] R10: dffffc0000000000 R11: fffffbfff1b10884 R12: ffff888026bc3fb0 [ 161.148232][ T6285] R13: 1ffff92000bf2f1c R14: ffff888026bc3b80 R15: 0000000000000000 [ 161.148248][ T6285] FS: 0000555568a81500(0000) GS:ffff8881268bf000(0000) knlGS:0000000000000000 [ 161.148268][ T6285] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 161.148283][ T6285] CR2: 00002000000f9030 CR3: 0000000039cee000 CR4: 00000000003526f0 [ 161.148303][ T6285] Call Trace: [ 161.148311][ T6285] [ 161.148324][ T6285] ? __pfx_migrate_enable+0x10/0x10 [ 161.148354][ T6285] ? lock_release+0x2b5/0x3e0 [ 161.148386][ T6285] ? copy_process+0x2697/0x3ae0 [ 161.148427][ T6285] rt_spin_unlock+0x1b/0x80 [ 161.148453][ T6285] copy_process+0x2697/0x3ae0 [ 161.148489][ T6285] ? copy_process+0x979/0x3ae0 [ 161.148524][ T6285] ? __pfx_copy_process+0x10/0x10 [ 161.148555][ T6285] ? __asan_memset+0x22/0x50 [ 161.148581][ T6285] kernel_clone+0x224/0x7c0 [ 161.148615][ T6285] ? __pfx_kernel_clone+0x10/0x10 [ 161.148650][ T6285] ? __lock_acquire+0xab9/0xd20 [ 161.148684][ T6285] __se_sys_clone3+0x256/0x2d0 [ 161.148715][ T6285] ? __might_fault+0xb0/0x130 [ 161.148751][ T6285] ? __pfx___se_sys_clone3+0x10/0x10 [ 161.148790][ T6285] ? _copy_to_user+0x8a/0xb0 [ 161.148824][ T6285] ? do_user_addr_fault+0xc8a/0x1390 [ 161.148855][ T6285] ? do_syscall_64+0xbe/0x3b0 [ 161.148878][ T6285] do_syscall_64+0xfa/0x3b0 [ 161.148901][ T6285] ? lockdep_hardirqs_on+0x9c/0x150 [ 161.148939][ T6285] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.148965][ T6285] ? clear_bhb_loop+0x60/0xb0 [ 161.148990][ T6285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.149013][ T6285] RIP: 0033:0x7f38f7f63449 [ 161.149033][ T6285] Code: d7 08 00 48 8d 3d fc d7 08 00 e8 e2 28 f6 ff 66 90 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 161.149053][ T6285] RSP: 002b:00007ffc26e5f748 EFLAGS: 00000206 ORIG_RAX: 00000000000001b3 [ 161.149078][ T6285] RAX: ffffffffffffffda RBX: 00007f38f7ee5830 RCX: 00007f38f7f63449 [ 161.149097][ T6285] RDX: 00007f38f7ee5830 RSI: 0000000000000058 RDI: 00007ffc26e5f790 [ 161.149112][ T6285] RBP: 00007f38f618e6c0 R08: 00007f38f618e6c0 R09: 00007ffc26e5f877 [ 161.149130][ T6285] R10: 0000000000000008 R11: 0000000000000206 R12: ffffffffffffffa8 [ 161.149147][ T6285] R13: 000000000000000b R14: 00007ffc26e5f790 R15: 00007ffc26e5f878 [ 161.149171][ T6285] [ 161.149185][ T6285] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 161.149203][ T6285] CPU: 0 UID: 0 PID: 6285 Comm: syz.1.88 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 161.149231][ T6285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 161.149245][ T6285] Call Trace: [ 161.149253][ T6285] [ 161.149262][ T6285] dump_stack_lvl+0x99/0x250 [ 161.149294][ T6285] ? __asan_memcpy+0x40/0x70 [ 161.149315][ T6285] ? __pfx_dump_stack_lvl+0x10/0x10 [ 161.149345][ T6285] ? __pfx__printk+0x10/0x10 [ 161.149373][ T6285] vpanic+0x281/0x750 [ 161.149414][ T6285] ? __pfx__printk+0x10/0x10 [ 161.149437][ T6285] ? __pfx_vpanic+0x10/0x10 [ 161.149470][ T6285] ? is_bpf_text_address+0x26/0x2b0 [ 161.149509][ T6285] panic+0xb9/0xc0 [ 161.149544][ T6285] ? __pfx_panic+0x10/0x10 [ 161.149589][ T6285] __warn+0x31b/0x4b0 [ 161.149624][ T6285] ? migrate_enable+0x30e/0x3c0 [ 161.149655][ T6285] ? migrate_enable+0x30e/0x3c0 [ 161.149684][ T6285] report_bug+0x2be/0x4f0 [ 161.149720][ T6285] ? migrate_enable+0x30e/0x3c0 [ 161.149747][ T6285] ? migrate_enable+0x30e/0x3c0 [ 161.149774][ T6285] ? migrate_enable+0x310/0x3c0 [ 161.149803][ T6285] handle_bug+0x84/0x160 [ 161.149828][ T6285] exc_invalid_op+0x1a/0x50 [ 161.149853][ T6285] asm_exc_invalid_op+0x1a/0x20 [ 161.149876][ T6285] RIP: 0010:migrate_enable+0x30e/0x3c0 [ 161.149908][ T6285] Code: 00 00 00 65 48 8b 05 01 f2 65 10 48 3b 84 24 a0 00 00 00 75 46 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 90 <0f> 0b 90 49 bc 00 00 00 00 00 fc ff df eb af 89 d1 80 e1 07 fe c1 [ 161.149928][ T6285] RSP: 0018:ffffc90005f978a0 EFLAGS: 00010246 [ 161.149949][ T6285] RAX: 0000000000000000 RBX: 1ffff11004d787f8 RCX: dffffc0000000000 [ 161.149988][ T6285] RDX: ffff888026bc3fc0 RSI: ffffffff8d21a336 RDI: ffffffff8b621000 [ 161.150007][ T6285] RBP: ffffc90005f979a0 R08: 0000000000000000 R09: 0000000000000000 [ 161.150023][ T6285] R10: dffffc0000000000 R11: fffffbfff1b10884 R12: ffff888026bc3fb0 [ 161.150042][ T6285] R13: 1ffff92000bf2f1c R14: ffff888026bc3b80 R15: 0000000000000000 [ 161.150073][ T6285] ? __pfx_migrate_enable+0x10/0x10 [ 161.150104][ T6285] ? lock_release+0x2b5/0x3e0 [ 161.150140][ T6285] ? copy_process+0x2697/0x3ae0 [ 161.150175][ T6285] rt_spin_unlock+0x1b/0x80 [ 161.150204][ T6285] copy_process+0x2697/0x3ae0 [ 161.150245][ T6285] ? copy_process+0x979/0x3ae0 [ 161.150284][ T6285] ? __pfx_copy_process+0x10/0x10 [ 161.150319][ T6285] ? __asan_memset+0x22/0x50 [ 161.150347][ T6285] kernel_clone+0x224/0x7c0 [ 161.150384][ T6285] ? __pfx_kernel_clone+0x10/0x10 [ 161.150432][ T6285] ? __lock_acquire+0xab9/0xd20 [ 161.150471][ T6285] __se_sys_clone3+0x256/0x2d0 [ 161.150509][ T6285] ? __might_fault+0xb0/0x130 [ 161.150547][ T6285] ? __pfx___se_sys_clone3+0x10/0x10 [ 161.150591][ T6285] ? _copy_to_user+0x8a/0xb0 [ 161.150631][ T6285] ? do_user_addr_fault+0xc8a/0x1390 [ 161.150663][ T6285] ? do_syscall_64+0xbe/0x3b0 [ 161.150688][ T6285] do_syscall_64+0xfa/0x3b0 [ 161.150709][ T6285] ? lockdep_hardirqs_on+0x9c/0x150 [ 161.150744][ T6285] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.150766][ T6285] ? clear_bhb_loop+0x60/0xb0 [ 161.150791][ T6285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.150813][ T6285] RIP: 0033:0x7f38f7f63449 [ 161.150831][ T6285] Code: d7 08 00 48 8d 3d fc d7 08 00 e8 e2 28 f6 ff 66 90 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 161.150850][ T6285] RSP: 002b:00007ffc26e5f748 EFLAGS: 00000206 ORIG_RAX: 00000000000001b3 [ 161.150871][ T6285] RAX: ffffffffffffffda RBX: 00007f38f7ee5830 RCX: 00007f38f7f63449 [ 161.150888][ T6285] RDX: 00007f38f7ee5830 RSI: 0000000000000058 RDI: 00007ffc26e5f790 [ 161.150903][ T6285] RBP: 00007f38f618e6c0 R08: 00007f38f618e6c0 R09: 00007ffc26e5f877 [ 161.150919][ T6285] R10: 0000000000000008 R11: 0000000000000206 R12: ffffffffffffffa8 [ 161.150934][ T6285] R13: 000000000000000b R14: 00007ffc26e5f790 R15: 00007ffc26e5f878 [ 161.150957][ T6285] [ 161.151280][ T6285] Kernel Offset: disabled