last executing test programs:

2m13.061387062s ago: executing program 2 (id=624):
r0 = open(&(0x7f00000001c0)='./file0\x00', 0x80ff, 0x88)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x8, 0x395, 0x5, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x2, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000300)={0x0, <r1=>0x0})
sched_setscheduler(r1, 0x1, &(0x7f0000000280)=0x3)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r5 = io_uring_setup(0x332, &(0x7f0000000080)={0x0, 0x21e, 0x10})
r6 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2)
r7 = dup2(r6, r6)
ioctl$vim2m_VIDIOC_ENUM_FMT(r7, 0xc0405602, &(0x7f0000000000)={0x6b09, 0x1, 0x0, "adbdeec74e9e4aeabde9eefaff7a78cda902552f08cefca462dda36c7451f8e5"})
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
statx(r0, &(0x7f0000000380)='./file0\x00', 0x1000, 0x2, &(0x7f00000004c0))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x28c81, 0x0)
r10 = add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)=ANY=[@ANYBLOB="01"], 0x29, 0xfffffffffffffffd)
keyctl$revoke(0x3, r10)
ioctl$SNAPSHOT_ATOMIC_RESTORE(r9, 0x3304)
open(&(0x7f0000000000)='\x00', 0x40440, 0x2)
ioctl$SIOCSIFHWADDR(r8, 0x8b04, &(0x7f0000000100)={'wlan1\x00', @random='\n\x00'})

2m11.715558703s ago: executing program 2 (id=628):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4138ae84, &(0x7f0000000c40)=@arm64={0x9, 0x40, 0x3, '\x00', 0x7})
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x8, 0x0, 0x7fff0000}]})
close_range(r3, 0xffffffffffffffff, 0x0)

2m11.345104504s ago: executing program 2 (id=629):
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1) (async)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = socket$inet(0x2, 0x1, 0x100)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) (async)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
shmget$private(0x0, 0x1000, 0x78000051, &(0x7f000033d000/0x1000)=nil)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r2, 0x90004)
syz_emit_vhci(0x0, 0x16) (async)
syz_emit_vhci(0x0, 0x16)
ppoll(&(0x7f00000000c0)=[{r2, 0x260}], 0x1, 0x0, 0x0, 0x0) (async)
ppoll(&(0x7f00000000c0)=[{r2, 0x260}], 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shutdown(r0, 0x1)
r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) (async)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
gettid()
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000800)=ANY=[@ANYBLOB="4c0100001800010029bd7000fddbdf251dd1ab001e010600010e0300ff71ec6d721744cd5200080000f8cfcad4c4ec6511ec028c5028564abce83afe14c93e15e556c2baed7f897fe841c155a2b2a4b9f3052995cdf66a9c7922ff0300005b6c673c00000000000000bf7563b9452575505da99ea128d37616896be8764a2c78edbad5bde7a5e405bdc893770338925f824bd20e0cc0d11a5568fc3aaa9ad0d7766d8ea8d3bf1006e3df494e2f373148ecb4adafdd39874e9808b11830050000000000000043523f5de7b347f3b740e105d0ed18fae7289635301ebd8949268090b3bcd4cbed5f1cfe93cff41a9630802f96defe9e8ea850529827c5e301953a8abaafa1f121e590f74e28233f4129d4587eee87ec5d425a1d49332490019a8d586b2a88d818b56d2a5e15c8a95d29e1b2ea000015000400030000a000050000090000000000000001000010"], 0x14c}}, 0x4c0c8)
syz_open_dev$tty1(0xc, 0x4, 0x1) (async)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r6, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3})

2m11.252035482s ago: executing program 2 (id=631):
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[@ANYRES64, @ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x23, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace$peekuser(0x3, r1, 0x7fffffff)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='net/ptype\x00')
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'team0\x00', <r6=>0x0})
bind$packet(r5, &(0x7f0000000140)={0x11, 0x0, r6, 0x1, 0x4, 0x6, @remote}, 0x14)
preadv(r0, &(0x7f0000001400)=[{&(0x7f0000000500)=""/209, 0xd1}], 0x1, 0x7fff, 0x2)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000040)="0000006aac", 0x5)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x4080000)
socket$nl_route(0x10, 0x3, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000340)={<r8=>0x0, 0x6, 0x3}, &(0x7f0000000380)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000003c0)={r8, @in6={{0xa, 0x4e23, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4}}, 0x8, 0x100, 0x59, 0x7, 0x2, 0x0, 0x8}, 0x9c)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)

2m9.91154367s ago: executing program 2 (id=648):
socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000540)={'syz_tun\x00', &(0x7f0000000500)=@ethtool_link_settings={0x3c, 0x400, 0xf, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, [0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1]}}) (async)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000540)={'syz_tun\x00', &(0x7f0000000500)=@ethtool_link_settings={0x3c, 0x400, 0xf, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, [0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1]}})
r1 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x2, 0x1bd}, &(0x7f0000000100), &(0x7f0000000140))
ioctl$BTRFS_IOC_QGROUP_LIMIT(r1, 0x8030942b, &(0x7f0000000040)={0x1, {0x0, 0xfffffffffffffffe, 0x9, 0xfffffffffffffff9, 0x9}})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=ANY=[@ANYRES16=r1], 0x1c}, 0x1, 0x0, 0x0, 0x4004001}, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=ANY=[@ANYRES16=r1], 0x1c}, 0x1, 0x0, 0x0, 0x4004001}, 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402)
ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000400)={0x23, 0x1, 0x1, 0x2, 0x0, 0x5, 0x0}) (async)
ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000400)={0x23, 0x1, 0x1, 0x2, 0x0, 0x5, 0x0})
r3 = openat$ocfs2_control(0xffffff9c, &(0x7f0000000040), 0x40000, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(r3, 0x4068aea3, &(0x7f0000000080)={0xc1, 0x0, 0x1}) (async)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(r3, 0x4068aea3, &(0x7f0000000080)={0xc1, 0x0, 0x1})
mkdir(&(0x7f00000000c0)='./file0\x00', 0x82)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r5 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
bind$unix(r5, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
dup(r4) (async)
r6 = dup(r4)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
r7 = syz_open_procfs(0x0, &(0x7f00000002c0)='loginuid\x00')
writev(r7, &(0x7f0000000280)=[{&(0x7f0000000400)="3f45b10e20", 0x5}], 0x1) (async)
writev(r7, &(0x7f0000000280)=[{&(0x7f0000000400)="3f45b10e20", 0x5}], 0x1)
r8 = socket$kcm(0x2, 0x5, 0x84)
ioctl$SIOCSIFHWADDR(r8, 0x8931, &(0x7f0000000000)={'dummy0\x00'}) (async)
ioctl$SIOCSIFHWADDR(r8, 0x8931, &(0x7f0000000000)={'dummy0\x00'})
syz_emit_ethernet(0xbe, &(0x7f0000000740)=ANY=[], 0x0)
r9 = socket$netlink(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010000005400fbdbdf25250000000e0001006e6574646576736d6d0000000ec4226690853636b67673696d300000"], 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
r11 = socket$inet_tcp(0x2, 0x1, 0x0)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r12, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r12, 0x0, 0x0)
bind$inet(r11, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) (async)
bind$inet(r11, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)

2m8.888757797s ago: executing program 2 (id=653):
r0 = open_tree(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x9000)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x94)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x35dc00, 0x0) (async)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x35dc00, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/custom0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0x88c0, 0x0) (async)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0x88c0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000200), 0x802, 0x48fc2)
writev(r2, &(0x7f0000000300)=[{&(0x7f0000000340)="273afd05206ef003", 0x8}, {0x0}], 0x2)
fchmod(r1, 0x48)
socket$nl_route(0x10, 0x3, 0x0)
read$FUSE(r0, 0x0, 0x17) (async)
read$FUSE(r0, 0x0, 0x17)
socket$inet6_udplite(0xa, 0x2, 0x88) (async)
socket$inet6_udplite(0xa, 0x2, 0x88)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180200002020702500000000002020207b0af8ff00000000bda100000000000026010000f8ffffffb702000008000000b703000000000000850000004b00000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180200002020702500000000002020207b0af8ff00000000bda100000000000026010000f8ffffffb702000008000000b703000000000000850000004b00000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFBR(r3, 0x8940, &(0x7f0000000000)=@generic={0x1, 0x4d, 0xea1a})
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
r4 = socket$inet6(0x10, 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendmsg(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000003c0)="5500000020007fafb72d13b2a4a2719302000000030b43026c26a36925000400fe7f0080bd2dca8a9848a3c728f1c46b7b1800e0693aa1237a31afdc927e97da008000000100005ae583de0dd7ff3184fda542e718f94b929ade", 0x5a}], 0x1}, 0x0) (async)
sendmsg(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000003c0)="5500000020007fafb72d13b2a4a2719302000000030b43026c26a36925000400fe7f0080bd2dca8a9848a3c728f1c46b7b1800e0693aa1237a31afdc927e97da008000000100005ae583de0dd7ff3184fda542e718f94b929ade", 0x5a}], 0x1}, 0x0)
write(r4, &(0x7f0000000040)="1c00000021002551071c01a1ba75696c06000003100f000c0000000100000000", 0x20)
prlimit64(0x0, 0xc, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000480)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000000880)=""/102379, 0xfffffffffffffffc) (async)
read$msr(r5, &(0x7f0000000880)=""/102379, 0xfffffffffffffffc)

1m53.65133859s ago: executing program 32 (id=653):
r0 = open_tree(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x9000)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x94)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x35dc00, 0x0) (async)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x35dc00, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/custom0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0x88c0, 0x0) (async)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0x88c0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000200), 0x802, 0x48fc2)
writev(r2, &(0x7f0000000300)=[{&(0x7f0000000340)="273afd05206ef003", 0x8}, {0x0}], 0x2)
fchmod(r1, 0x48)
socket$nl_route(0x10, 0x3, 0x0)
read$FUSE(r0, 0x0, 0x17) (async)
read$FUSE(r0, 0x0, 0x17)
socket$inet6_udplite(0xa, 0x2, 0x88) (async)
socket$inet6_udplite(0xa, 0x2, 0x88)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180200002020702500000000002020207b0af8ff00000000bda100000000000026010000f8ffffffb702000008000000b703000000000000850000004b00000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180200002020702500000000002020207b0af8ff00000000bda100000000000026010000f8ffffffb702000008000000b703000000000000850000004b00000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFBR(r3, 0x8940, &(0x7f0000000000)=@generic={0x1, 0x4d, 0xea1a})
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
r4 = socket$inet6(0x10, 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendmsg(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000003c0)="5500000020007fafb72d13b2a4a2719302000000030b43026c26a36925000400fe7f0080bd2dca8a9848a3c728f1c46b7b1800e0693aa1237a31afdc927e97da008000000100005ae583de0dd7ff3184fda542e718f94b929ade", 0x5a}], 0x1}, 0x0) (async)
sendmsg(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000003c0)="5500000020007fafb72d13b2a4a2719302000000030b43026c26a36925000400fe7f0080bd2dca8a9848a3c728f1c46b7b1800e0693aa1237a31afdc927e97da008000000100005ae583de0dd7ff3184fda542e718f94b929ade", 0x5a}], 0x1}, 0x0)
write(r4, &(0x7f0000000040)="1c00000021002551071c01a1ba75696c06000003100f000c0000000100000000", 0x20)
prlimit64(0x0, 0xc, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000480)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000000880)=""/102379, 0xfffffffffffffffc) (async)
read$msr(r5, &(0x7f0000000880)=""/102379, 0xfffffffffffffffc)

1m3.067144204s ago: executing program 0 (id=927):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0) (async)
syz_open_dev$MSR(0x0, 0x0, 0x0)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) (async)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400246}, 0x0, 0x0) (async)
syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400246}, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000000140)=[@request_death={0x400c630e, 0x1}], 0x0, 0x0, 0x0})
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) (async)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/time_for_children\x00')
ioctl$NS_GET_USERNS(r1, 0xb701, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000001c0)={0xaa, 0x428})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000000300)=""/102392, 0x18ff8)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) (async)
setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x32}, 0xa, @in6=@private1, 0x0, 0x4}]}]}, 0xfc}}, 0x0)
connect$inet(r4, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) (async)
connect$inet(r4, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r4, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c)
write$binfmt_misc(r0, &(0x7f0000000000), 0x6) (async)
write$binfmt_misc(r0, &(0x7f0000000000), 0x6)
socket$rds(0x15, 0x5, 0x0)

1m0.430614166s ago: executing program 0 (id=945):
r0 = creat(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeed, 0x40010, r0, 0x0)
r1 = getpid()
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
setgid(0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r6 = add_key$keyring(&(0x7f0000000380), &(0x7f00000003c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff9)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000280)={'syz', 0x3}, 0x0, 0x0, r6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0500000009000000030000004f0c000001000000", @ANYRES32=0x1, @ANYBLOB="00000400000000000000000000000000a4497d0a", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000740), &(0x7f0000000840), 0xffff, r7}, 0x38)

59.655584562s ago: executing program 0 (id=947):
prctl$PR_MCE_KILL(0x35, 0x1, 0x8)
syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x22c01)
io_setup(0x6, &(0x7f0000001380)=<r0=>0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00')
io_submit(r0, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
read$FUSE(r2, &(0x7f0000003240)={0x2020}, 0x2020)
prctl$PR_MCE_KILL(0x35, 0x1, 0x8) (async)
syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x22c01) (async)
io_setup(0x6, &(0x7f0000001380)) (async)
syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00') (async)
io_submit(r0, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) (async)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') (async)
read$FUSE(r2, &(0x7f0000003240)={0x2020}, 0x2020) (async)

59.465077833s ago: executing program 0 (id=950):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000340)='./file0/../file0\x00', &(0x7f0000000280)='./file0/file0\x00', 0x0, 0xb101e, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125499, 0x0) (async)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125499, 0x0)
mount$9p_unix(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3047c4a, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000006680)={{0x12, 0x1, 0x201, 0xca, 0x9e, 0x54, 0x40, 0x19d2, 0x1069, 0xc389, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x10, 0x9, 0x10, 0xfa, [{{0x9, 0x4, 0xc4, 0x9, 0x1, 0xff, 0xff, 0xff, 0x6, [], [{{0x9, 0x5, 0xd, 0x8, 0x3ff, 0x6, 0x10, 0x8}}]}}]}}]}}, &(0x7f0000006e00)={0x0, 0x0, 0x0, 0x0})

58.097440186s ago: executing program 0 (id=956):
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {<r1=>0xffffffffffffffff}}, './file0\x00'})
write$P9_RRENAMEAT(r0, &(0x7f0000000040)={0x7, 0x4b, 0x2}, 0x7)
ioctl$KVM_GET_REGS(r1, 0x8090ae81, &(0x7f0000000080))
mount$afs(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x8004, &(0x7f0000000200)={[{@dyn}, {@flock_openafs}, {@flock_local}, {@flock_openafs}], [{@pcr={'pcr', 0x3d, 0x13}}, {@dont_hash}]})
socket$netlink(0x10, 0x3, 0x10) (async)
r2 = socket$netlink(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r2, 0x10e, 0x8, &(0x7f0000000280)=0x4, 0x4) (async)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r2, 0x10e, 0x8, &(0x7f0000000280)=0x4, 0x4)
getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in=@initdev, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@private1}, 0x0, @in=@multicast1}}, &(0x7f00000003c0)=0xe4)
quotactl_fd$Q_GETINFO(r0, 0xffffffff80000502, r3, &(0x7f0000000400))
socket$nl_route(0x10, 0x3, 0x0)
r4 = accept4$tipc(r0, 0x0, &(0x7f0000000440), 0x800)
fsetxattr$trusted_overlay_redirect(r4, &(0x7f0000000480), &(0x7f00000004c0)='./file1\x00', 0x8, 0x2) (async)
fsetxattr$trusted_overlay_redirect(r4, &(0x7f0000000480), &(0x7f00000004c0)='./file1\x00', 0x8, 0x2)
quotactl_fd$Q_SETQUOTA(r4, 0xffffffff80000801, r3, &(0x7f0000000500)={0x5, 0x4, 0x8000, 0x8, 0x6, 0x7, 0xa1, 0x5, 0x400})
openat$mice(0xffffff9c, &(0x7f0000000580), 0x40400) (async)
r5 = openat$mice(0xffffff9c, &(0x7f0000000580), 0x40400)
pipe(&(0x7f00000005c0)) (async)
pipe(&(0x7f00000005c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = syz_open_dev$evdev(&(0x7f0000000600), 0x1, 0x400)
ioctl$EVIOCSMASK(r8, 0x40104593, &(0x7f00000006c0)={0x5, 0x80, &(0x7f0000000640)="c341511a039ca02a26c00ec1a64373b94b6e3d9e1429e7144c3e975bd2fba394601c78c9c3ddf6616a2c5061990b4ea74b36e9f6572eb824bdd957d450c658e18a96c2cbf980f08e97b4ac072d8826d81a9dee970411e576f079b9c5d976acd1a68949718ce72e153a44749c40dcc2b40c1648557702da61de758055b7fef9d3"})
syz_open_dev$vivid(&(0x7f0000000700), 0x3, 0x2) (async)
r9 = syz_open_dev$vivid(&(0x7f0000000700), 0x3, 0x2)
fsync(r9)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r1, 0x4, &(0x7f0000000740)='!\x00', &(0x7f0000000780)='./file0\x00', r0) (async)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r1, 0x4, &(0x7f0000000740)='!\x00', &(0x7f0000000780)='./file0\x00', r0)
recvmmsg(r0, &(0x7f0000000940)=[{{&(0x7f00000007c0)=@sco, 0x80, &(0x7f0000000880)=[{&(0x7f0000000840)=""/19, 0x13}], 0x1, &(0x7f00000008c0)=""/68, 0x44}, 0xfffffffe}], 0x1, 0x1, 0x0)
write$P9_RSTATFS(r7, &(0x7f0000000980)={0x43, 0x9, 0x1, {0x1, 0x30, 0x5, 0x5199, 0x5, 0xf, 0x36d0, 0x7, 0x6}}, 0x43)
preadv(r9, &(0x7f0000001bc0)=[{&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f0000001a00)=""/75, 0x4b}, {&(0x7f0000001a80)=""/206, 0xce}, {&(0x7f0000001b80)=""/14, 0xe}], 0x4, 0xd, 0x7)
quotactl_fd$Q_SETQUOTA(r5, 0xffffffff80000800, r3, &(0x7f0000001c00)={0x0, 0x7, 0x1, 0x6ec, 0xc0a6, 0x10, 0x0, 0x80000001, 0x7})
sendmsg$IPSET_CMD_LIST(r5, &(0x7f0000001d80)={&(0x7f0000001c80)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001d40)={&(0x7f0000001cc0)={0x60, 0x7, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0x1}, [@IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x7}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x113b1a1f}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x4}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000000}, 0x48000) (async)
sendmsg$IPSET_CMD_LIST(r5, &(0x7f0000001d80)={&(0x7f0000001c80)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001d40)={&(0x7f0000001cc0)={0x60, 0x7, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0x1}, [@IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x7}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x113b1a1f}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x4}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000000}, 0x48000)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f0000001dc0)=<r10=>0x0)
bind$nfc_llcp(r7, &(0x7f0000001e00)={0x27, r10, 0x1, 0x3, 0x4, 0x5, "6b9bffa8d79f90893d113b1149f62a598ca1c40d33479f9caf4b37e16cf36acef0accbc25182be941ee28f5d88fe476c525995a16e3b3eb6c401e7169630b1", 0x18}, 0x58)
write$P9_RLOCK(r0, &(0x7f0000001e80)={0x8, 0x35, 0x2, 0x1}, 0x8)
setsockopt$netlink_NETLINK_PKTINFO(r6, 0x10e, 0x3, &(0x7f0000001ec0)=0x3, 0x4) (async)
setsockopt$netlink_NETLINK_PKTINFO(r6, 0x10e, 0x3, &(0x7f0000001ec0)=0x3, 0x4)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$team(&(0x7f0000001f00), r11)

57.953311952s ago: executing program 0 (id=957):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x8042)
ioctl$int_in(r1, 0x5452, &(0x7f0000000040)=0x3)
write$UHID_INPUT(r1, 0x0, 0x0)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000300)=0x1fc, 0x4)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
pipe(0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x2c, 0x24, 0x200, 0x1, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xb, 0x5}, {0x3134da121b5383f4, 0xffff}, {0xa, 0x8}}, [@TCA_RATE={0x6, 0x5, {0x7, 0x9}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x4048084)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a000100"], 0x3}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xfffffecc)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x80000001, 0x2008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r8, &(0x7f0000001700)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000280)="b69e858ecdbabb9fd992734f2b", 0xd}, {&(0x7f0000000340)="babd108c9be49b2d37085c37030e64be11543989d15107b9e0ee7f0e12ec8582108fcedca24deda9e97039eec5f64429995a5c8adb42f5a9c15f01c73989046fc38d6c7b57381cd46eec1285c9135f219d0118a43b0e7c0afb1c07b2e4ef3926870c032ad5e9fb3d5a72db39c5a1c2a8b38ebb6795d95c53bead403867980e2d5c587e53e6b93f2b888b3cccc5968950b8a1ef00f8b4165b0b472149e0a43d242769bced0bba080961ab15ebc38268dad29fbd2ff89e878e2c0d8f676e419070d9f625c6008347c0c5c56f773e9e9409a9de99b6f92195064e6edd19f49b4bfca74e60da84b7f3d787cdb35ecc5bafaea650954947c6c1d0a9a94bb668", 0xfd}, {&(0x7f0000000440)="32b7f1fcb02beb110a4264760542a851340d4e454bf6f5e393635de77210377a4178a7a44736915ed2c912c70328dbd4", 0x30}], 0x3, &(0x7f00000004c0)=[@rights={{0x24, 0x1, 0x1, [r8, r8, r4, r3, 0xffffffffffffffff, r3]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, r4, r2, r7, r1, r8]}}, @rights={{0x30, 0x1, 0x1, [r7, r3, r2, 0xffffffffffffffff, r8, r3, r2, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18, 0x1, 0x2, {0x0, 0x0, 0xee00}}}, @cred={{0x18, 0x1, 0x2, {r6}}}, @rights={{0x2c, 0x1, 0x1, [r1, r2, r2, r1, r1, r5, r3, r0]}}, @cred={{0x18, 0x1, 0x2, {r6}}}, @rights={{0x1c, 0x1, 0x1, [r8, 0xffffffffffffffff, r1, r2]}}], 0x108, 0x4000001}}], 0x1, 0x0)
sched_setaffinity(r6, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r7, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r9 = socket$inet6(0xa, 0x80000, 0x1008)
r10 = dup2(r9, r9)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r10, 0x8933, &(0x7f0000000240)={'batadv_slave_0\x00', <r11=>0x0})
ioctl$sock_inet6_SIOCDELRT(r10, 0x890c, &(0x7f00000000c0)={@local, @private0, @empty, 0x40003, 0x40, 0x5, 0x100, 0x0, 0x590043, r11})
bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0)
semctl$IPC_INFO(0x0, 0x3, 0x3, 0x0)

57.803331028s ago: executing program 33 (id=957):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x8042)
ioctl$int_in(r1, 0x5452, &(0x7f0000000040)=0x3)
write$UHID_INPUT(r1, 0x0, 0x0)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000300)=0x1fc, 0x4)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
pipe(0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x2c, 0x24, 0x200, 0x1, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xb, 0x5}, {0x3134da121b5383f4, 0xffff}, {0xa, 0x8}}, [@TCA_RATE={0x6, 0x5, {0x7, 0x9}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x4048084)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a000100"], 0x3}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xfffffecc)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x80000001, 0x2008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r8, &(0x7f0000001700)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000280)="b69e858ecdbabb9fd992734f2b", 0xd}, {&(0x7f0000000340)="babd108c9be49b2d37085c37030e64be11543989d15107b9e0ee7f0e12ec8582108fcedca24deda9e97039eec5f64429995a5c8adb42f5a9c15f01c73989046fc38d6c7b57381cd46eec1285c9135f219d0118a43b0e7c0afb1c07b2e4ef3926870c032ad5e9fb3d5a72db39c5a1c2a8b38ebb6795d95c53bead403867980e2d5c587e53e6b93f2b888b3cccc5968950b8a1ef00f8b4165b0b472149e0a43d242769bced0bba080961ab15ebc38268dad29fbd2ff89e878e2c0d8f676e419070d9f625c6008347c0c5c56f773e9e9409a9de99b6f92195064e6edd19f49b4bfca74e60da84b7f3d787cdb35ecc5bafaea650954947c6c1d0a9a94bb668", 0xfd}, {&(0x7f0000000440)="32b7f1fcb02beb110a4264760542a851340d4e454bf6f5e393635de77210377a4178a7a44736915ed2c912c70328dbd4", 0x30}], 0x3, &(0x7f00000004c0)=[@rights={{0x24, 0x1, 0x1, [r8, r8, r4, r3, 0xffffffffffffffff, r3]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, r4, r2, r7, r1, r8]}}, @rights={{0x30, 0x1, 0x1, [r7, r3, r2, 0xffffffffffffffff, r8, r3, r2, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18, 0x1, 0x2, {0x0, 0x0, 0xee00}}}, @cred={{0x18, 0x1, 0x2, {r6}}}, @rights={{0x2c, 0x1, 0x1, [r1, r2, r2, r1, r1, r5, r3, r0]}}, @cred={{0x18, 0x1, 0x2, {r6}}}, @rights={{0x1c, 0x1, 0x1, [r8, 0xffffffffffffffff, r1, r2]}}], 0x108, 0x4000001}}], 0x1, 0x0)
sched_setaffinity(r6, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r7, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r9 = socket$inet6(0xa, 0x80000, 0x1008)
r10 = dup2(r9, r9)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r10, 0x8933, &(0x7f0000000240)={'batadv_slave_0\x00', <r11=>0x0})
ioctl$sock_inet6_SIOCDELRT(r10, 0x890c, &(0x7f00000000c0)={@local, @private0, @empty, 0x40003, 0x40, 0x5, 0x100, 0x0, 0x590043, r11})
bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0)
semctl$IPC_INFO(0x0, 0x3, 0x3, 0x0)

8.450694381s ago: executing program 5 (id=1150):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f00000012c0), 0x8000, 0x0)
ioctl$RTC_PIE_OFF(r1, 0x7006)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_S_AUDOUT(r2, 0x40345632, &(0x7f00000002c0)={0x0, "fbd78df8363b88d9c3a4cae9b29b529de5e20000000000001400", 0x3})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0xa5)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r3 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000200)=0x20)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x4, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000f000000000000000085000000180000001801000020756c2500000000002020207b1af8ff00000000bfa100005a2e31a2c4a6ddf0f8ffffffb702000008120000b703000003ee0000850000000600000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x1)
socket(0x18, 0x0, 0x1)
mount$9p_virtio(&(0x7f0000000400), &(0x7f0000000480)='./file1\x00', &(0x7f0000000280), 0x810008, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
ioctl(r1, 0xffffffff, &(0x7f0000002080))
r5 = io_uring_setup(0x1d34, &(0x7f0000000300)={0x0, 0x5779, 0x2, 0x400000, 0xd4})
syz_io_uring_setup(0x49e, &(0x7f0000000580)={0x0, 0xd74d, 0x40, 0x2, 0x162, 0x0, r5}, 0x0, &(0x7f0000000380))
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)

7.220292239s ago: executing program 5 (id=1156):
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getrlimit(0xc, &(0x7f0000000300))
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000000), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8002, &(0x7f0000000700)=ANY=[@ANYBLOB="56c78e3c733d76697274676f2c6e6f65bc33dbde548d51f5638173733d616e792c63616368653d66736361636865"])
chdir(&(0x7f0000000300)='./file0\x00')
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f00000002c0)='./file0\x00', 0x408)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
r4 = fanotify_init(0x200, 0x0)
r5 = epoll_create1(0x0)
r6 = fcntl$dupfd(r5, 0x2, 0xffffffffffffffff)
fanotify_mark(r4, 0x445, 0x40001003, r6, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x54)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')

5.447562335s ago: executing program 5 (id=1164):
r0 = socket$netlink(0x10, 0x3, 0x0) (async)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
r3 = socket(0x400000000010, 0x3, 0x0) (async)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
poll(&(0x7f0000000280)=[{r6, 0x10}], 0x1, 0x743d) (async)
ioctl$TCSETS(r6, 0x5402, &(0x7f0000000100)={0x7, 0x0, 0x7, 0x8, 0x0, "67ed74343a8346d364bbbe7c36145a2a6886ad"}) (async)
sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r5, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0xfffffffd, 0x400, 0xffffffffffffffff, 0x6, 0x7}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x1}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x0) (async)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWSET={0x14, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}}, @NFT_MSG_DELOBJ={0x38, 0x14, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x74}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf}, {0xe}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0xf, 0x491, 0x3, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4000c00)

5.040170755s ago: executing program 5 (id=1168):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3fff, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7c, 0x5, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x9, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x4dfe33d9}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0x9, &(0x7f0000000140)={0x8, 0x4}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x8000, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000140)={0x36, 0x2, 0x0, "d569e8000000fa44966262631e8ac11e00"})
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SMC_PNETID_DEL(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="00000000ed8ffc414748f36667787f4a6233315012d7fbfe16a94de6ff77d009595c16d3713d1caaa02424caaa5ecc4d27c90da26233d242bf5edf0da614b44f41db0500"/83, @ANYRES16=r4, @ANYBLOB="00010000000004002000020202000900030073797a32000000000900030073797a3100000000"], 0x2c}, 0x1, 0x40030000000000, 0x0, 0x800}, 0x80)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x800c2, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000440), 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x9})
io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x4, 0xb, 0x4, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0)
r6 = dup(r5)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r7)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000500)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="4d7e2ebd7000fbdbdf252a0000000c00050000000000000000000a0001007770616e3000000008002f00040000001400370002000000050036000100000092d4ecad70ddea6537f87d9982179a761c2cd2ca18ed903131a6179ebbfeb246aa20bfbf1e14f82fd959f4d1675d764707a9ec6e0dc4fe1ebb63efa86f7ff81c29444dffb58f01130f0507a47f43171a2accd72743772aebf05e631ebb6d80a070b20dd692ee792946fb3a3eb308e2e24649e8fa125159c83fc91de405eb677bf9618deb2e2f180eea03f8cedf20a699775c7ac96c1f22215df592e377d51ddb174a57c8b3165eb459d0006d9f47dfdbaf8b8a43cc8935bb478a183d203299f759bd15669998f8f12603"], 0x44}, 0x4, 0x700000000000000, 0x0, 0x4}, 0x8850)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000007, 0x40032, 0xffffffffffffffff, 0x40000000)
move_pages(0x0, 0x1, &(0x7f00000000c0)=[&(0x7f0000000000/0x3000)=nil], 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r6, 0x0)

4.070781781s ago: executing program 4 (id=1175):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000000)={<r1=>0x0, 0x10001}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000000c0)={r1, @in6={{0xa, 0x4e20, 0xcb, @remote, 0x101}}, 0x3, 0x401, 0x8, 0x80, 0x14, 0x3, 0x10}, 0x9c)
r2 = socket$netlink(0x10, 0x3, 0x14)
setreuid(0xee01, 0xee01)
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002140)=@newtaction={0xfc4d, 0x30, 0x800, 0x70bd27}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x10)

3.97075406s ago: executing program 4 (id=1176):
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0) (async)
set_mempolicy(0x8000, &(0x7f0000000000)=0x2, 0xa7) (async, rerun: 64)
r0 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)={0x3c, 0x40, 0x119, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x20, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @nested={0x14, 0x19, 0x0, 0x1, [@nested={0x10, 0x47, 0x0, 0x1, [@nested={0x4, 0x146}, @nested={0x4, 0xb5}, @nested={0x4, 0x7e}]}]}]}, @nested={0x4, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='devpts\x00', 0x0, 0x0) (async)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0002}]})
fcntl$F_SET_RW_HINT(r1, 0x40c, &(0x7f0000000040))
mount$binder(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0xe2ca6, &(0x7f0000000200)={[{@max={'max', 0x3d, 0x1}}]})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x3, 0x8, 0x7ffd}, 0x48)

3.907287564s ago: executing program 4 (id=1177):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SMC_PNETID_DEL(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x34, r4, 0x1, 0x0, 0x200004, {0x2, 0x2, 0x2}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'ip6_vti0\x00'}]}, 0x34}, 0x1, 0x40030000000000, 0x0, 0x800}, 0x80)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0)
r6 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x0, 0x80, 0x0, 0x4000}, &(0x7f0000000340)=<r7=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000440)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r6, 0x3516, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x4, 0xb, 0x4, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0)
r8 = dup(r5)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000007, 0x40032, 0xffffffffffffffff, 0x40000000)
move_pages(0x0, 0x1, &(0x7f00000000c0)=[&(0x7f0000000000/0x3000)=nil], 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r8, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
sendfile(r8, r5, 0x0, 0x40008)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x30, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x58}}, 0x200008d4)

3.540739405s ago: executing program 1 (id=1179):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) (async)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
write$P9_RLOCK(r0, &(0x7f0000000040)={0x8, 0x35, 0x1, 0x1}, 0x8) (async)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) (async)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x800000, &(0x7f0000000000)=ANY=[])

3.527154336s ago: executing program 1 (id=1180):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000180), 0x2, 0x2)
r5 = dup(r4)
r6 = syz_io_uring_setup(0x10e, &(0x7f00000000c0)={0x0, 0x8d2dc, 0x0, 0xffffffff, 0x0, 0x0, r5}, &(0x7f00000003c0)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
r9 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r9, &(0x7f0000000000)={0xc0002023})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r5, 0x0, 0x0, 0x0, 0x80000})
io_uring_enter(r6, 0x47f5, 0x0, 0x0, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
openat$comedi(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r10 = socket$inet_sctp(0x2, 0x5, 0x84)
sendmmsg$inet_sctp(r10, 0x0, 0x0, 0x40)

2.72999468s ago: executing program 5 (id=1181):
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @vbi={0x6, 0x2, 0xc7a, 0xe731a25, [0x3, 0x7], [0x2, 0x6], 0x2}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYRES16=r2, @ANYRESDEC=r2, @ANYRESDEC=r1, @ANYRES32=r2, @ANYRESDEC=r0], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x0)
read$msr(r2, &(0x7f0000019540)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
r5 = getegid()
fchown(r2, 0x0, r5)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0xaf)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
syz_open_dev$usbfs(0x0, 0xff, 0x60c002)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r7=>0x0})
socket(0x10, 0x80002, 0x0)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_aout(r8, &(0x7f0000000340)=ANY=[], 0xff2e)
r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000280)=0x1)
ioctl$TCXONC(r8, 0x540a, 0x2)
ioctl$TIOCSETD(r8, 0x5423, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0x9, 0x7}}}, 0x24}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0)

1.99073525s ago: executing program 3 (id=1183):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) (async, rerun: 64)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x22, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xfffffffffffffea1, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x9}, 0x80}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) (async, rerun: 64)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) (async)
r0 = getpid() (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async, rerun: 64)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) (async, rerun: 64)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) (async, rerun: 32)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (rerun: 32)
syz_usbip_server_init(0x6) (async)
socket$netlink(0x10, 0x3, 0x15) (async, rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) (async, rerun: 64)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
pipe(&(0x7f00000001c0)) (async)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r3, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000000080)='D', 0x1, 0x4014, 0x0, 0x0)
shutdown(r3, 0x1)
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
preadv(r4, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/98, 0x62}], 0x1, 0x0, 0x0) (async)
close(r4)
r5 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x101005)
writev(r5, &(0x7f0000000080)=[{&(0x7f0000000000)="aefdda9d040000005a90f57f07703aefeef64ebbee07962cff772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f00000000c0)="530000002412ffa0273b7809ffffff0f945e44670c8e5300000000200000000000000000a55991b8f7d9ea5761cfc05bdc12c22913a248d9fc8fae5638e158ccb3db91fa10748c1427761af70d62f728303bcba7113b5c0d", 0x58}], 0x2)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000004c0)={0x5c, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x2000000}, 0x0)

1.990324499s ago: executing program 4 (id=1184):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x27, &(0x7f0000000180)={@multicast2, @loopback}, 0xc)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000040)={'lo\x00'})
setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000080)=ANY=[@ANYBLOB="e00000027f"], 0x18)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140))
ioctl$PPPIOCSPASS(r1, 0x40087447, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0xce}]})
pwritev(r1, &(0x7f0000000480)=[{&(0x7f00000004c0)='\x00!', 0x2}], 0x1, 0x1000000, 0x0)
r4 = syz_pidfd_open(r0, 0x0)
flistxattr(r4, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWSETELEM={0x60, 0xc, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x38, 0x3, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}, @NFTA_SET_ELEM_EXPRESSIONS={0x4, 0x6, 0x0, 0x1, [{0x14, 0x7, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}, {0x14, 0x1, 0x0, 0x1, @counter={{0x6}, @val={0x480}}}]}]}]}]}], {0x14, 0x10}}, 0xe4}}, 0x0)

1.685270417s ago: executing program 1 (id=1185):
mkdir(&(0x7f0000000000)='./file3\x00', 0x40)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0xee01, 0xffffffffffffffff}}, './file3\x00'})
sendto$isdn(r0, &(0x7f00000004c0)={0x3, 0x1, "f55e813c17bcbe643eab2d05a140dd92c9a62b1cbed08f09684137b23ab7607bef82b7a2ddf0c2c30ce20d1a77dea84b4d875ce9dfadb6f40831cd8b9d82a80b23ddb65851437577f8f6de3b23cc87157e106bd50b4f84aed889e00f7c81318f371bd388cfba7bbc4c916b9fdbb98d20279bd1fae007e343b5db283c81eb10f775e17bc3c019ec8f1afb06c6169ca29603b66b3f09ec64bec0a9e93f318dbe6736cde714f8afeb31bf0fd1013773d0d173fa9f30c1561b6863e045f3564031e914309b8940a12d4cc884f38f7ba05a80efa0b4890094b0e58222d041a818f09d21f9fe8ee679dd0e08d8be5f6ecb343bb3b57935fe57bfe017068dc0a859fc957471e6e3ab15d8e9cf08c8acc6717ef76086ef5c612f2f870904d5d96d485a040d04620173e9323903f0bb8edc78f4b5f0dd717f637cde5c16e895f09ff3e20375431151d468b212c9af80c90dc39b79143602c7652919035d483a30f592a893ed63f1eac1ed713870864474bf2f91abd7cc5bd12879e07cf59255da0af6a4ec6e07a4622a209f666220729cbf09e0add7170e5fe3219f810681cab90e273a565f06c452e1f5874993c33f9ee166e36b23d30c36087aaa7c44d5cc2d204c93ed8493788a3d04c24b3517515b2828ed3379b3947219338e4057416e7a7f1260516e8415d1c994a07903c61d942fda365590a7906f46083dafc8c32603ae4f9b706fb492a07566b0927764a348dd759e48e4a94163ce517932c44b074cb566211f8f3301d31ea8cbbf13b2731eb055feb5697f465bcea86a95778cc481ffb4afc78406a5d43a846fd25819918829412b8d2464f85027c79f6adad1f1feffd29d90d795731984248e57ae8b4ddb71d325713a1880b0ba51f7d97aa7387e2b1fab812d8e6e38c1eb3ded5e02acccb8b241f173cbf18310e115a89730ab101e6714038b8e6f60a359989877e5bdee86953db867cbdccfa266a360d273d2bb2012f61a86f75cdcf18437f70db075a7e6ad6cba88558e5992204878275e53d247381f6314f476558c06c2a93c5d08841622a96308d9c31ebd2d536122ec064e21ed416d2377bc881e323afdbe99c45e767e210f6b0fe453f790cf1373bc58fa890f5fb27980338105fb9d41b6b8da82ed0fe710c044bc0168ce8e4de2e3f31c36a1f31fae670e2dd5acb6736d36ec334c34f0637cfe3ca42cfa6486d8e6d939e226d6a0fe0a47a36600b06f73a37eb8707dcafe17c6f2d549b4ab975c8464ba24cbd733769d1af499ec8bfaca363615f720d59b5e9f0ed1b59f4853d6f4f24bc09ab6b734851cc6ecc3f3de5718f9b9d3bae0283a8d55d58abc5df6e0b216b2812f292b1c59b59ebd139f14e617e792ebb1becde6e2c88556d2002c8a638a809d8a9adbc22cb8b8793286aa9899fa12db27e6f67a23545a762b87c92a071717ac5179086acc2ca5144577e624628be7b5055965402faec403c9ae7fd38bc7e5aa096ba5a3e39a2258badc042ac41880237742d8660ef34db4933cf48225325a954d615594d515859609479113ff7823f66df683c73fd75436135c7f3694399b83e8a560170f9fb10adc8cdceb7c2fb7af806ebb4a3f6d15f5df3275ba7af0331f919d5931199a107e1473bf4ad0a2150f228141b2bcf9e99c048102878fb736c9a7e859a2047448552472a16c687d1c8dec28db1b2dd5438d8b2dceb04917f88c714bb7beada7daf918140c822d8d8786a7a064439d096fefb4ed19bc1f9613b29632ec5c551a8a7093c05f2f36304333df7c0da7b3b0c99a8fda1eda44aa197aef2a7184e983f7b30fc3feafe7f59eadea0ae0d3479cce0bb7a54a59f71eabfaac1fe05c9d0c9f483ac1bc2f4832ae9317c4f4fb313c2c42a03203637d975fb942da57cddc637f53773c79528baa497c3eb1692f58f4d3b3e96a6a7e194e9a1138da1afb83c8f68670101b19fbf2b019a5f7106ffc629642d9f000994477b8c70e33e83c7dc072119221e92d94fdde4206a25d9eee1a03de0c6156a33eecd9b6034230a8c0e9cf965377ef3974c2046ab90a6557dea8a142baab4b8846a25f42648d26e563d03b433dfaa1712f0287755670627eb083f18fa5b07090e7e7b2535eda17025e91a35c7aafb74ff3348d348732918b6a27d02ab9e796532282f0deea96b193c37a9d8c8d6e3236d3fd7ed45b1865ffdabf0db31006a3b0c59a77cdd615263989e55ae2aacc8c614089095cb87a06c22422627249674b20bac9cf382df38620b4eab65fc94acb9d5d8f72879f39557a2137daaada41678069a2569af5471b365bfd08182acf8fcc0a01049f6a9d1b4aaa48ccbf35f0e3a6e1e09dba854a9bf30a1ebb511ede1ac5b2c49a2f09e799f62fcb75064d87a30e60ef922ba45b3633b374b00d269e75551b61e346ad870a6f7f1420e2f2d3ae84730f46ec0f192174f690b37ecf9796c8b7fe51e0b11fd7665379c51b76b2b51c6262211912b0a17b19c001050364fb4032fcf7d5d49f8cd3fb482ea7de7d37460629fd341ce1d49500b37df59c5a53fed03e0fdd06c5b1de68070729ba5b1e7c4dcb8aef1f13d612a7b5b826c71c89d13e4c211e6e3b58c343f8d40fcfc488abf7543ca08fa5d65cddae93f532a9968250fdfcaeb53b9a3ad17d84453ae7241047770962b111be3ffe18eaea6ed8f04f76074f40a4d61b62d32908c0bd742886eab5fbb0bf4bf9b8564a910681f11f2cd88f74b47e7946cc3037615b832141975c117edd0a61b4765aae1eed43c6da2fb8a96bd1dd0d8a8f2887279a77901c8fa3b5721b20c7828e38759b90f30deca9762328ebe41f891dd78dd38d6ed031da3f6fc560139a5c5527c68a583c5fe04a1940a527bb704e90961d9f0d675907392d0bb2fb1704474cbdcbde821fcdb6ab090b93b73e8139b33ea1f537a0e7e39aa03081736a2daa15afa44b45245bcd4d7ed541e05f8291879598455dd738ac70b8f09f7ff8853db755e6554fbf86137be08488c3d320304083aed94cdcc8fdb80540dbe64566ce5db56e0912b36c1ef80ec54b647a161099fe0ccbfbf01289b6eaedd52655cb0fa4482d0bb38d4ad66910f412b42bc50e1edab8bcda6ecd11daf5a8c8a1a7059afab7e6962aa64fbf9f27ce981d175fdbd5ad3459f82faa4743d10f446118f944e58c319f5269075d2690a854ddb83c112dd60435d080d7b3cd8914ddae367f13933c92dff16b8895e39fda9fcf47ad908b209dccd7e0e06d4039ac6c4982f2a30204472ac6abdcae229a105260822274c761ddadd055cd512abb4ff7a2d060f63044f11fc5cf37b09a98f21133934294fe8e75c0c1f8d97730b09fee549001feab47979d48c1d279df6cb0c5741f855939ff848e33cdf7cd1aa4deb9a4a5a8b530f300a375a730c7cef7151ee1abf7443765bc97c46ed2e86bc498b56b785129b74fb633931779e3c8030b0c4361ae8f529c1d3ddb7715f5cdbd4c95a1590121ebcd6daeee83044f62d7f2577ddc41406c783b2cd011cb60061731304a2ed59edaee981ec8d11ffabd4b2050e937335c170f94f15dc7918d48dc8c591329b2f46877670bb6c1a0038c5dfdc85c287d4b43ca9dee6313ad20f1f51db7a930fc24ea3a3e8a109eba0f26eaa47d49570d81cc892ce1a257c86b52d80d2c722704b0ad3cfc6ea1de4276c84de43bdbc25a7ecebe177f8d950011ef095d5225cdf097bbc418cdfc20d823917055c6aac4de9294c9e7a405a1c80ca6eb1fabdd7867d11704de06ae0184a2d6263795f826de5bf4d2e938445d8aca68fe7889880f560cf3dcb001bc1f3b206741057814ed09d8bf5094140bcbc4e99cb9a28b05c89f66e539f26cfc628b90d552450f68c18a42a599a6ba8bb780bd54a3b2d89ce3ab9ff5db824de03c2fc36ecc6296ab613f6f9ce6ba930fda5bd6e4ab2046a5b447d7a4451b487ea79dfa9d3cee4084d937d1cf2033427983d37af935259f7061c278022a61c795b2d34d47bf8d3bce080cd2d21e9437b9bae5fee0352e0695429bf30efd297e4aa9b4effcfb2debe4ae393186b172ccef78921000dc2b92725ad5eeba619d09eb162ae3b1c9a82c9ad25d7cb85990f0aedd8e195c3ddc9f499d68e196dcf4ad50e250eba6b73d7f2dffed2e32f5b2af5c7c53ae5e261dda66581d0ea0e5f1af087b0d25635b0fab1ccba3549a699c71fa95976cd1062f5a0916ebb52056eedcd5dd44a4564d7f17aa8a22d86569c8253af32fa635b30ceab51177bb36a53d1c62bb7f4eb569c194849428e304b17346bbb3259b880781cd0efd8bf7be531a4dab89bd23d9efb763a754449a74c182f7c0949d6ab7e9d28f9a86fb239e3dce22c57ed33552eb8ca27cb1a22ff03e5731d96012d96478f0d86aa4a6e6c06a3d5c09d9b5a3490085173dc99eb302a2ef8746dc37fccb8854411497a3a1a9eebd298e907c1f6dfea587baefa619b9584f001d98361cd8cf80515c96f748b6f7e3a08f68ecb40301ba26f6571f346ac3be9604194ea2c3b4e3b0a632af9a6b2f64548d9ff31bfc4262f99cc0d6ebcdb7657f45088dfd2ec0ad34790c635f18b3369892d2b828dc26cdda1fe7a8807e08fbf37d9eeaeb8f75f85c90125b3add43707726be9606cc6d490411936d6b8d20de817aed86e74d2df249a3daa01cbfb4b32f65f7d38ddc8e8096bb18d64a47536725196f735adc7b7bbc2c47ba29d3662e7f594c2573bdfdf93b5124c9a0bd45f75ad9463b28d804c329862751970a728b376e092481a6c60e9c3aa91343cd7afe4c3764af994f6a472bcc85a042f81eeb6d2fe3d6d439bac8d81a4b6872c2dd3036ad610a7554929e15e97d67a9441a1fe4b2f0e57ddb660a4f5a6868c9674b2f9d5b7467cdea32075068914a2d3294420840b9084a9ef0a0c85fe064364cdefb53cc20b0f4f827d4d45472af914c6ac150956fec3ec6d7ed4707d6881bb8a9a3e57620ec1565b9c6177788c83f5c72b54bd5ce8990a2cdf4265c7d408e2f90f2cdf3796cf42dea48af5c2fa20d517fcfe6fc8812ea425dd90f15472f3b855b26adc4fd63a4940ce889ada6cdf7a1352f3c035d13c9a75b9325474f1f20939c8b687288f35a27c9e8ae4cc8e0ff45fa615a155895f092999948beaf0a56497db847eb94a4ac8928941d9ac5a1d296e7c7a9d6f588888906ceef80101f14047b15ac02cc4e8ebd0c4a635f156f07af91fff6b480975c60e1351ac78bac58e79b4bf945c5ca49f6cc3f75f3004f2834a4a838771118b1ce704a451907454dd0211b88e577b5d4d2f231b46002820d25090789e3483f1ef29daf8fc4fb8c68e99c6adee9cb8bc50d47294addfe1f3f139c4a324e62d5ef1620dfbc6e96bd33021a09ba6423714c45867d9b590c18acbd93e4806ce69568368fe4e570331b6fc5b6ff14ee898541aaf091521c78a648eebcf4b8807d253fcb61e6077156264cff9c29addbed48a33ea0b82337a389fd640313b226088fc0c870cdf942b9336d1f237bdc479c40e21e85e33d225ecbc90bfdac1e3ebe21813a09be5035700fe826fd0ce018494f640404c3fa363b3af37b32fa6ef8273f0b8cb7479b8828b52c4da7ebd93cf0a96f61240bbb421823b7ca73d3ba02694770100569791f07441ca232f1df9d27aa671b159b16cbb94a3d6bbb8e4a6bbc4cef8e9bcb4b00c97544eb5540b4eaeebd94b191b3980d2ca4d08209811dcece49672c189783b245c8868b4239a6a7b52fbf211e70484eb8c3efc844234a736d6d0f3de54edd7bbd43648ab9e7b0a01dda8e900b6438571fc567"}, 0x1008, 0x4000810, 0x0, 0x0)
mount$cgroup(0x0, &(0x7f0000000140)='./file3\x00', &(0x7f0000000180), 0x1000000, &(0x7f0000000340)={[{@name={'name', 0x3d, 'S\xd7\xaa\xe0\x83H\xbbQ\xf0|\x1c\xcfj\x9d\x88\xa31B\x1e\xc33\t\x8f\x81\x12\xa1\xf3\xcd\xc4|\xbbq\x04\x06\xfda\tW\x99;+\xea\xdd\xb4n\x13\n\xd1\x84nT\xf4\xef\xb6\xde\xfa\xd8K#\x02-\xc2R\x9a\xc6\x8e\xc5\xc2\b\x97\x98\xb9\xa7\xc9\xb0\xdaz\xfb)\x96WDKaJ\x96\a\x0em\x95\x86/\x89\x9dS4\x958ko\x82\"\xbf\xcdt#n\x89S\xe6\xe8\xfc\xf3\x18j\xb8\xfa\xbf\x02\xd1\xc2\xd7\x1e\xd4_\x0e\xc0x\xed\xae\xa0n\xd3q\x96\x8bN\xee\xa9\xc6M\xd8V\xe6\x9b\no\xe6?\x03\x88\x86\xbdF\xe9m\x03%\xf8!\xe3\xdd\xe6\x9e:\x9c\x05\xa1\xa8\x9a\x02\xaaJ\x8b\xfblY\xd2\x00\xfb[D\x93?\x91\xa7\xa4\xf9\xbe8\x018G{z{.`\xb5qR\xbf\xc8\f\x14\xc6M\xcdW\x86!\xa7\xb5\xc5y\xf5*#di?,\xd3\xfb\xbc\xca\xae\xe7_\x8d\x85\xae\xfa(\xd8\xb9\xf8?\xd7\x9a\x10\x9dn\xfd\xa1\vr[#7\x80\xf3?Q\xb6[N:h\xe8\a\xd4*\x05\xa3a\xab\xdbh\xd5\x1a\xbb\xd7L\awKMFK\f\xe4\tQ\x1f[N\xe6\xc8\xb4\xb2\'9\xb0\xf7\xd7\xda\xb69t\x8e\x9b\x96\x8e\x0e\xd14\x04Y\xc4\x8b\x18GV\x8e\xf1\xc9\xe5'}}]})

1.570818356s ago: executing program 1 (id=1186):
r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x161483)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0}, './file0\x00'})
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000080)={<r2=>0x0, 0x7, 0x6, [0x1, 0x12a, 0xecd, 0x0, 0x4, 0x1ff]}, &(0x7f00000000c0)=0x14)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r1, 0x84, 0x78, &(0x7f0000000100)=r2, 0x4) (async)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r1, 0x84, 0x78, &(0x7f0000000100)=r2, 0x4)
ioctl$NBD_CLEAR_SOCK(r0, 0x125f)

1.490923154s ago: executing program 3 (id=1187):
openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newchain={0x2c, 0x64, 0x20, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0x3}, {0x14, 0x5}, {0x0, 0x10}}, [@TCA_RATE={0x6, 0x5, {0x0, 0x7f}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0)
ioctl$MEDIA_IOC_DEVICE_INFO(r0, 0xc1007c00, &(0x7f00000003c0)) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid() (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cgroup.events\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[], 0x118) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) (async)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) (async)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0x0, 0x0) (async)
r5 = socket$netlink(0x10, 0x3, 0x15)
writev(r5, &(0x7f0000000280)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff0600000001ffa6004500000025", 0x1d}, {&(0x7f0000000580)="fa21bd2b5c40cc420740358ffc7f9f4b6e68fc8d1aa2597e7b484f301f11e3", 0x1f}], 0x2)
semctl$SETVAL(0x0, 0xff7f0000, 0x10, 0x0)
setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0x1, &(0x7f0000000300)='GPL\x00', 0x4) (async)
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x4)
socket$nl_route(0x10, 0x3, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r6, 0x800448f0, &(0x7f0000000200)={0x4, 0x0, '\x00\x00q', 0x3, 0x80}) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="45a400fbff000000ff0f00000700000000ff0100fd2b8590e0891ff91f05d38ac18cbb9b65ecae05d591d6697c64b699adfd95e91a50cff5a89c6104c30e9f768e85e25c8abfc58ed828b7397947b711d0755f1bbdb276b899d3bf206f59966e4dcdbe7b2825952afe92c1aefd32be60890c07e91006f0f7159779460aebe8e23cf21390dcede87f249637869f992dbec69e481478c55a08d2ea4db0523cabadce30a56aea34be439a32cf043df86370f7d56be98ad33c1fb4da4fa88a69b24dbd4c81264c809829baa6f392470c44d2af5c8ead0cf6a85f80d16788ef37fc6d83025e9292e94adecc89057e5e76009d1bc2cd283210b2a91b6c7cd435f48231c338a535ed39266ce18e2a889881a6f060d1c4148cf3caf7da75a2a76579501882c225a0bd8120cf", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRESDEC, @ANYRES32, @ANYRESHEX=r2, @ANYRES32=0x0, @ANYRES32=r5, @ANYBLOB="00000000010000431b39536d00000000000000162d3c46a60fa848c0"], 0x50)

1.360506904s ago: executing program 1 (id=1188):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x283c2, 0x0)
fcntl$setlease(r0, 0x400, 0x1)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={0x0, &(0x7f0000003540)=""/4112, 0x0, 0x1010, 0x1, 0x9}, 0x28)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x100, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000500)={0x2c, 0x7, 0xa, 0x101, 0x0, 0x0, {}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x24004004)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x48c00, 0x0)
timer_delete(0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
io_setup(0x4, &(0x7f00000014c0))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x103000, 0x8d)
close(0x3)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@index_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wg1\x00'})

1.100385053s ago: executing program 5 (id=1189):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000400)=ANY=[@ANYBLOB="1201000009b768405e0483020b9901e40001090227000100000000090400fb015cc7aa00090509"], 0x0)
getpgid(0x0)
syz_open_dev$vim2m(&(0x7f00000003c0), 0x6, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e78, 0x20000000, 0x1, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0xe3}, 0x7c}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40010)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket(0x2c, 0x4, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
getsockopt$inet6_int(r3, 0x29, 0x5, 0x0, &(0x7f0000000c00))
connect$unix(r1, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setrlimit(0xc, 0x0)
socket$unix(0x1, 0x5, 0x0)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'dummy0\x00', <r7=>0x0})
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f0000000040)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x46, r7})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f00000003c0)={'ip6gre0\x00', &(0x7f00000000c0)={'syztnl2\x00', 0x0, 0x2d, 0x0, 0x0, 0xcbf, 0xc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private1, 0x700, 0x8, 0x101, 0xd66}})
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r9=>0x0})
connect$can_bcm(r4, &(0x7f00000000c0)={0x1d, r9}, 0x10)

1.099501483s ago: executing program 4 (id=1190):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x106}}, 0x20) (async)
r2 = socket$packet(0x11, 0x2, 0x300) (async)
openat$tun(0xffffffffffffff9c, 0x0, 0x20702, 0x0)
fchmodat(0xffffffffffffff9c, 0x0, 0x20) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x15, 0x100) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r3 = getpid() (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r6 = syz_open_procfs(r3, &(0x7f0000000040)='smaps\x00')
execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x1000)
r7 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
close(r7)
read$FUSE(r6, &(0x7f0000000640)={0x2020}, 0x2020) (async)
execve(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000800)={[&(0x7f0000000940)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab?P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb8\x10\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\x03\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7vC\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']}) (async)
syz_open_dev$tty20(0xc, 0x4, 0x1) (async)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x3ff, 0x8006}, 0x4) (async)
r8 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r8, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) (async)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', <r9=>0x0})
sendto$packet(r8, &(0x7f0000000500)="10030600e0fc020004aa96a13bb1000011000a1189f252ae0dba4c807fca1a0022afc0d5071a204bd318", 0x2a, 0x40800, &(0x7f0000000140)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @local}, 0x14)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x4e20, 0x7, @mcast2}, r1}}, 0x48)

917.572549ms ago: executing program 3 (id=1191):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
r1 = open(&(0x7f00000002c0)='./cgroup.net/devices.allow\x00', 0x40542, 0x2)
ioctl$BTRFS_IOC_DEFRAG(r0, 0x50009402, 0x0)
sendfile(r0, r1, 0x0, 0x3)
r2 = socket$kcm(0xa, 0x5, 0x0)
setsockopt$sock_attach_bpf(r2, 0x29, 0x21, &(0x7f0000000100), 0x4)
sendmsg$kcm(r2, &(0x7f00000002c0)={&(0x7f0000001580)=@l2tp6={0xa, 0x0, 0x180000, @private1, 0xfffffffe}, 0x80, &(0x7f0000000300)=[{&(0x7f0000002340)='L', 0x1}], 0x1}, 0x8c1)

440.432851ms ago: executing program 4 (id=1192):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8) (async, rerun: 32)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async, rerun: 32)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async)
mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
syz_open_dev$radio(&(0x7f0000000100), 0x2, 0x2) (async)
io_setup(0x13, &(0x7f0000000040))
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, &(0x7f0000000000)) (async)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async)
socket$netlink(0x10, 0x3, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix={0x8, 0x0, 0x3136564e, 0x3, 0x0, 0x6, 0x2, 0x78f0, 0x0, 0x8, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) (async, rerun: 32)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (rerun: 32)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
rseq(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f00000005c0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) (async)
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0) (async)
timer_settime(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
ioprio_get$pid(0x3, 0x0)
r2 = getpgid(0xffffffffffffffff)
socket$kcm(0x21, 0x2, 0x2) (async)
gettid() (async)
syz_clone3(&(0x7f00000011c0)={0x14201000, &(0x7f0000001240), &(0x7f0000000080)=<r3=>0x0, &(0x7f0000000100), {0x38}, &(0x7f0000000140)=""/46, 0x2e, &(0x7f0000000180)=""/4096, &(0x7f0000001180)=[r2, r2, r2], 0x3}, 0x58)
syz_pidfd_open(r3, 0x0) (async, rerun: 32)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x53, &(0x7f00000008c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="d80000001b00010000000000fdfffffffc000000000000000000000000000000200100000000000000000000000000004e240000000000010000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000ffffffffffffff7ffcffffffffffffff04000000000000000000000000000000fdffffffffffffff00000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000006fcffff00000000000003000000000000000000000000000c0008"], 0xd8}}, 0x20008004) (async, rerun: 32)
socket$nl_route(0x10, 0x3, 0x0)

287.609198ms ago: executing program 3 (id=1193):
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x2, 0x0, &(0x7f00000004c0)=[{0x0, 0x0, 0x0, 0x2}, {0x2, 0x1}]}, 0x94) (async)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000e00)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffff7}}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1d, 0x5, 0x0, 0x0, 0x9, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000011c0)='/proc/cpuinfo\x00', 0x0, 0x0) (async)
sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x400c4)
r2 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) (async)
syz_emit_ethernet(0x74, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x73, 0x0, @private=0x300, @multicast1}, {0x0, 0x0, 0xfffffe9a, 0x0, @gue={{0x2}}}}}}}, 0x0)
ioctl$sock_SIOCINQ(r2, 0x541b, &(0x7f0000000040))
preadv(r1, &(0x7f0000001280)=[{&(0x7f0000000180)=""/4096, 0x1000}], 0x1, 0x4, 0x0)
ioctl$PPPIOCSPASS(r1, 0x40087447, &(0x7f0000000180)={0x1, &(0x7f0000000100)=[{0x6, 0x3, 0x5, 0xfffffff9}]}) (async)
socket(0x1d, 0x5, 0x8) (async)
r3 = syz_open_dev$cec(&(0x7f0000000280), 0xffffffffffffffff, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f0000000040)={'\x00\f\x00', 0x0, 0x5, 0x2, 0x0, 0x9, "00000000020000000000002100", "00004702", "0300", "97ad3700", ["fdffffff84a438dfc5d5c010", "d78cb8b0211a83be12ff0bff", "0000efffffffffffbfff00"]}) (async)
ioctl$CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f0000000140)={"4497acf4", 0xb, 0x5, 0x0, 0x3, 0x1000006, 'U\x00', "1575a859", "0725eade", '\'q6O', ["aabe8459c62224475793e8a7", "7f9ce2d2c4f439ff80e1d1c8", "fa0700f22b42a3023be516d1", "0000000000ed2f416000"]}) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f00000000c0)={0x0, 0xfffffffffffffd05, &(0x7f0000000080)={&(0x7f0000000200)={0xe4, 0x43, 0x107, 0xfffffffe, 0x25dfdbfc, {0x1, 0x7c}, [@nested={0x4, 0x145}, @nested={0xca, 0x1, 0x0, 0x1, [@typed={0x0, 0x5a, 0x0, 0x0, @str='%+\'\')\x00'}]}, @typed={0xfd73, 0x88, 0x0, 0x0, @pid}]}, 0xe4}, 0x1, 0x0, 0x0, 0xc004}, 0xc000) (async)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500e2ff00000000bb7ccc2db638ecdcb975607aaad7c13b0bb7fbbb6c999f0c1bb32e5d8dcac681616269f821aa5dc0d11472093bb4b01d06e10b6518a98774a0d09061f06e4d74207f837997c36ab39ecd0c36b7a61721a36eae01eb224c045a38e701a4d196a4c9e14977c4d8d6396d84198d0a7fc83e02c9cc8882112e8ed59e1c0e1f3a00b0c8478dadbd2cc98fbc7153efbacc41497c78726b161ce3c2610bb71a2b0774abd84b26932d1bfac295d893f94ae878f90d909dccd4fe770435a013d09f88"], &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x700}, 0x2}, 0x80) (async, rerun: 64)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000001180)=@req3={0x3, 0xc5e, 0x81, 0x0, 0x9, 0x2, 0x8}, 0x1c) (rerun: 64)

130.717067ms ago: executing program 3 (id=1194):
socket$nl_route(0x10, 0x3, 0x0) (async)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) (async)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) (async)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x2, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x12, 0x5, 0x0, 0x29, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x43100}) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_CAP_HYPERV_DIRECT_TLBFLUSH(r7, 0x4068aea3, &(0x7f0000000380)) (async)
r8 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f00000003c0)={[0x7, 0x1000000000, 0x0, 0x43, 0x2000001, 0x0, 0x2004cb, 0x0, 0xa7c, 0x68ff, 0x5, 0x9, 0x3, 0x0, 0x401], 0xeeee8000, 0x202}) (async)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x3000, 0xeeee0000, 0x8, 0x8, 0xb, 0xe6, 0x40, 0xff, 0x0, 0x81, 0x80}, {0x5000, 0xf000, 0x3, 0x0, 0x42, 0x5, 0x7d, 0x6, 0x16, 0x0, 0x2, 0x87}, {0x0, 0xdddd0000, 0xe, 0x5, 0x3, 0x7, 0x0, 0x9, 0x1, 0xa3, 0x5, 0x5}, {0x1, 0xeeef0000, 0x9, 0x6, 0x5, 0x42, 0xb, 0xff, 0x8, 0x7, 0xe}, {0xeeee0000, 0xd000, 0xf, 0x3, 0x15, 0x7, 0xab, 0x8, 0x6, 0x9, 0xf7, 0x97}, {0xeeefa000, 0xdddd0000, 0x0, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x82, 0x2f, 0x1, 0x7}, {0x3000, 0x3000, 0x4, 0x5, 0x7, 0x5, 0x7, 0x3, 0x8, 0x81, 0x40, 0x70}, {0xd000, 0x4000, 0xa, 0x5, 0xcd, 0x7, 0x0, 0x9, 0x2, 0xc, 0xb0, 0x9}, {0xeeef0000, 0x30}, {0x8000000, 0x7}, 0x80000031, 0x0, 0x0, 0x2024, 0x2, 0x0, 0x100000, [0x6800000000000000, 0x4, 0x3, 0x8]})
ioctl$KVM_RUN(r8, 0xae80, 0x0) (async)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) (async)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000042c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x7c, 0x6, 0xa, 0x403, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x50, 0x4, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x22, 0x3, "7339f2f304fdd672bad09dfb040000000001000001f9580dabf95ddc9196"}, @NFTA_TARGET_REV={0x8}, @NFTA_TARGET_NAME={0xc, 0x1, 'RATEEST\x00'}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x20008040) (async)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async)
bpf$MAP_CREATE(0x700000000000000, &(0x7f0000001a00)=@base={0x1d, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5}, 0x50) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)

128.147164ms ago: executing program 1 (id=1195):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e22, @private=0xa010101}]}, &(0x7f0000000180)=0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000150000000000000000000200000000000000000800000000"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000200b7030000ffffff90850000000400000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00', r5}, 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000200)={0x1, [<r6=>0x0]}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r3, 0x84, 0x6c, &(0x7f00000008c0)={r6}, &(0x7f0000000340)=0x8)
getsockopt$inet_sctp6_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f0000000000)={r6, 0x401, 0x6, 0x2, 0x0, 0x2, 0x1, 0xfffffffb, {0x0, @in6={{0xa, 0x4e20, 0x5, @local, 0xa}}, 0x1ff, 0x5, 0x3b9, 0x3, 0xa6c}}, &(0x7f0000000140)=0xb0)
r7 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r7, 0xc0d05605, &(0x7f0000000580)={0x1, @vbi={0x97c, 0x100, 0x4, 0x34424752, [0x101, 0x9], [0x200, 0x101], 0x1}})
sendto$inet6(r3, &(0x7f0000000780)="baee5d950f2ef9470c353441c1d575dc110717ff4938127200a974705cd2d10fd3980d0fc12caf87a3222b8a00a14c4bfd5bd3799d9fe6995d53fe17170c1fa831cf745f4528f2369ccccd578c837d56705fe90007635739d70874c37da2e6594f6a9d719b10fedb4445a699ae5d0d830afdbbf718d67b0b1a41bd4f29f7c5c1c2d7773a", 0x84, 0x4040040, &(0x7f0000000380)={0xa, 0x4e20, 0x7, @mcast2, 0x9239}, 0x1c)
ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4})
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
ioctl$TUNSETGROUP(r9, 0x400454ce, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r8, 0x0, 0x8}, 0x18)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r8, 0x40605346, &(0x7f00000002c0)={0x7fffffff, 0x2, {0x1, 0x0, 0x800, 0x3, 0xffff}, 0x4})
ioctl$vim2m_VIDIOC_STREAMOFF(r7, 0x40045612, &(0x7f0000000240)=0x1)
ioctl$vim2m_VIDIOC_ENUM_FMT(r8, 0xc0405602, &(0x7f0000000680)={0x5, 0x2, 0x0, "ee4f6da8d2cf401105e900", 0x43353039})
r10 = socket$nl_generic(0x10, 0x3, 0x10)
fcntl$getown(r0, 0x9)
r11 = syz_genetlink_get_family_id$smc(&(0x7f00000003c0), r8)
sendmsg$SMC_PNETID_ADD(r10, &(0x7f0000000480)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x40, r11, 0x100, 0x70bd25, 0x25dfdbfe, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth1_to_bridge\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x11}, 0x4000041)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r12=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)={0x38, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0xa, 0x7bcf, 0x2830, 0x9, 0x1, 0x2, 0x7, 0x2]}}]}]}]}, 0x38}}, 0x4000)

0s ago: executing program 3 (id=1196):
r0 = socket$inet(0x2, 0x1, 0x100)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newtaction={0x148, 0x30, 0x1, 0x0, 0x0, {}, [{0x18a, 0x1, [@m_tunnel_key={0x104, 0xf, 0x0, 0x0, {{0xf}, {0x50, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e24}, @TCA_TUNNEL_KEY_NO_CSUM={0x5}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @loopback}, @TCA_TUNNEL_KEY_NO_CSUM={0x5}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @loopback}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x2, 0x4, 0x0, 0x8, 0x8}, 0x2}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x28}}]}, {0x86, 0x6, "2850324b264d7fa755d3bccc00b380375b6a1aa4b0121015021256307273abd3fe63b93027b2c917ff712b4cf6f49856b51dbe09d30492eab7ccbd5bb4f8c7fe37cbc4b8e8ae331e6e9c2bc1cc20147ca09966ea9297dff648903a11cf371b9469caa79eda73468fbbb1ef983de3eec2586ae1759f739a00f71dbeccae7328f9c3c3"}, {0xc}, {0xc, 0x8, {0x3}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0x148}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x103042, 0x0)
mount$nfs(0x0, &(0x7f0000000180)='./file1\x00', &(0x7f00000001c0), 0x1004000, &(0x7f0000000200)={[{'noac,'}]})
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x3, 0xc, &(0x7f0000000540)=ANY=[@ANYRES16=0x0, @ANYRES32, @ANYRES64=r0, @ANYRESHEX=r1, @ANYRESDEC=r0, @ANYRESHEX=r2], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @sched_cls=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r4, 0x18000000000002a0, 0x6, 0x0, &(0x7f00000002c0)="00105db186dd", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000380), 0x109000, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
close(0x3)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r8 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
tkill(r8, 0xb)
utimensat(0xffffffffffffff9c, &(0x7f00000003c0)='.\x00', 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r9, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)

kernel console output (not intermixed with test programs):

 T8503] XFS (nbd0): SB validate failed with error -5.
[  156.943197][ T8485] Process accounting paused
[  157.156023][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  157.158846][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  157.174326][ T8522] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  157.234601][ T8525] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  157.258175][ T8522] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  157.338557][ T8517] RDS: rds_bind could not find a transport for ::ffff:100.1.1.0, load rds_tcp or rds_rdma?
[  157.369389][ T8529] bond5: option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  157.375986][ T8529] bond5 (unregistering): Released all slaves
[  157.478404][   T40] audit: type=1326 audit(2000000056.190:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8534 comm="syz.1.614" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  157.499744][   T40] audit: type=1326 audit(2000000056.190:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8534 comm="syz.1.614" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  157.516242][   T40] audit: type=1326 audit(2000000056.200:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8534 comm="syz.1.614" exe="/syz-executor" sig=0 arch=40000003 syscall=77 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  157.527523][   T40] audit: type=1326 audit(2000000056.200:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8534 comm="syz.1.614" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  157.530023][ T8544] erspan0: left allmulticast mode
[  157.540372][   T40] audit: type=1326 audit(2000000056.200:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8534 comm="syz.1.614" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  157.540847][ T8544] erspan0: left promiscuous mode
[  157.547218][   T40] audit: type=1326 audit(2000000056.200:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8534 comm="syz.1.614" exe="/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  157.549233][ T8544] bridge0: port 3(erspan0) entered disabled state
[  157.563701][ T8544] bridge_slave_0: left allmulticast mode
[  157.565542][ T8544] bridge_slave_0: left promiscuous mode
[  157.568747][ T8544] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.572869][ T8544] bridge_slave_1: left allmulticast mode
[  157.574790][ T8544] bridge_slave_1: left promiscuous mode
[  157.577524][ T8544] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.581330][ T8547] netlink: 'syz.3.615': attribute type 10 has an invalid length.
[  157.586515][ T8544] bond0: (slave bond_slave_0): Releasing backup interface
[  157.591884][ T8544] bond0: (slave bond_slave_1): Releasing backup interface
[  157.603707][ T8544] team0: Port device team_slave_0 removed
[  157.604600][   T40] audit: type=1326 audit(2000000056.200:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8534 comm="syz.1.614" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  157.612841][   T40] audit: type=1326 audit(2000000056.200:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8534 comm="syz.1.614" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  157.622502][ T8544] team0: Port device team_slave_1 removed
[  157.624887][ T8544] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  157.628267][ T8544] batman_adv: batadv0: Removing interface: batadv_slave_0
[  157.634428][ T8544] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  157.638660][ T8544] batman_adv: batadv0: Removing interface: batadv_slave_1
[  157.643846][ T8544] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  157.658858][ T8547] bond0: (slave wlan1): Opening slave failed
[  157.732137][ T8556] netlink: 'syz.3.619': attribute type 4 has an invalid length.
[  157.734682][ T8556] netlink: 17 bytes leftover after parsing attributes in process `syz.3.619'.
[  158.047749][   T40] audit: type=1326 audit(2000000056.760:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8557 comm="syz.3.620" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  158.084076][ T8560] pim6reg: entered allmulticast mode
[  158.098661][ T8560] pim6reg: left allmulticast mode
[  158.102933][   T40] audit: type=1326 audit(2000000056.770:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8557 comm="syz.3.620" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  160.067042][ T8583] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  160.069847][ T8583] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  160.073542][ T8583] vhci_hcd vhci_hcd.0: Device attached
[  160.372523][ T1020] usb 40-1: SetAddress Request (18) to port 0
[  160.374720][ T1020] usb 40-1: new SuperSpeed USB device number 18 using vhci_hcd
[  160.411359][ T8594] random: crng reseeded on system resumption
[  160.777310][ T8602] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  160.836088][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  160.838981][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  160.841634][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  160.844286][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  160.848937][ T8604] overlayfs: failed to resolve './file1': -2
[  160.996068][ T8602] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[  161.000908][ T8602] overlayfs: failed to look up (tracing) for ino (-66)
[  161.084390][ T8584] vhci_hcd: connection reset by peer
[  161.094626][   T46] vhci_hcd vhci_hcd.1: stop threads
[  161.101009][   T46] vhci_hcd vhci_hcd.1: release socket
[  161.103683][   T46] vhci_hcd vhci_hcd.1: disconnect device
[  161.251872][ T8607] No control pipe specified
[  161.798710][ T8624] netlink: 32 bytes leftover after parsing attributes in process `syz.1.633'.
[  161.845676][ T8624] netlink: 'syz.1.633': attribute type 10 has an invalid length.
[  161.851492][ T8624] bond0: (slave wlan1): Opening slave failed
[  162.189599][ T8644] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  162.193418][ T8644] overlayfs: failed to set xattr on upper
[  162.195699][ T8644] overlayfs: ...falling back to redirect_dir=nofollow.
[  162.238779][ T8644] overlayfs: ...falling back to index=off.
[  162.241260][ T8644] overlayfs: ...falling back to uuid=null.
[  162.248545][ T8646] overlayfs: cleanup of 'bus/work' failed (-13)
[  162.251274][ T8646] overlayfs: failed to create directory ./bus/work (errno: 17); mounting read-only
[  162.254548][ T8646] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  162.277644][ T8646] overlayfs: failed to get uuid (/file1, err=-95); falling back to uuid=null.
[  163.136171][ T8671] netlink: 16 bytes leftover after parsing attributes in process `syz.2.648'.
[  163.388628][ T8679] netlink: 'syz.3.646': attribute type 10 has an invalid length.
[  163.396848][ T8679] 8021q: adding VLAN 0 to HW filter on device batadv0
[  163.401470][ T8679] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  163.405103][ T6033] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  163.605864][ T6033] usb 5-1: Using ep0 maxpacket: 32
[  163.785906][ T6033] usb 5-1: config 0 has an invalid interface number: 19 but max is 0
[  163.788587][ T6033] usb 5-1: config 0 has no interface number 0
[  163.791025][ T6033] usb 5-1: config 0 interface 19 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 16
[  163.811089][ T8690] input: syz1 as /devices/virtual/input/input14
[  163.869182][ T6033] usb 5-1: New USB device found, idVendor=04a4, idProduct=0014, bcdDevice=c9.57
[  163.872128][ T6033] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  163.885916][ T6033] usb 5-1: Product: syz
[  163.887552][ T6033] usb 5-1: Manufacturer: syz
[  163.889654][ T6033] usb 5-1: SerialNumber: syz
[  163.895940][ T6033] usb 5-1: config 0 descriptor??
[  163.914452][ T8667] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  163.940485][ T8691] random: crng reseeded on system resumption
[  163.974927][ T8676] bond0: (slave batadv0): Releasing backup interface
[  164.047478][   T40] kauditd_printk_skb: 31 callbacks suppressed
[  164.047491][   T40] audit: type=1326 audit(2000000062.760:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8689 comm="syz.1.652" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  164.056774][   T40] audit: type=1326 audit(2000000062.760:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8689 comm="syz.1.652" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  164.068593][   T40] audit: type=1326 audit(2000000062.770:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8689 comm="syz.1.652" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  164.075774][   T40] audit: type=1326 audit(2000000062.780:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8689 comm="syz.1.652" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  164.096450][   T40] audit: type=1326 audit(2000000062.780:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8689 comm="syz.1.652" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  164.103798][   T40] audit: type=1326 audit(2000000062.800:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8689 comm="syz.1.652" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  164.116593][   T40] audit: type=1326 audit(2000000062.800:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8689 comm="syz.1.652" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  164.123577][   T40] audit: type=1326 audit(2000000062.800:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8689 comm="syz.1.652" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  164.132701][   T40] audit: type=1326 audit(2000000062.800:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8689 comm="syz.1.652" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  164.145934][   T40] audit: type=1326 audit(2000000062.810:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8689 comm="syz.1.652" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  164.397277][ T6021] usb 5-1: USB disconnect, device number 3
[  164.564589][ T8705] syzkaller1: entered promiscuous mode
[  164.567080][ T8705] syzkaller1: entered allmulticast mode
[  164.581362][ T8705] tmpfs: Unknown parameter '�䗣�l�/_block_har'
[  164.846114][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  164.848869][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  164.851621][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  164.854255][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  164.982312][ T8712] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  164.985134][ T8712] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  164.996185][ T8712] vhci_hcd vhci_hcd.0: Device attached
[  165.472326][ T8713] vhci_hcd: connection closed
[  165.472617][ T6337] vhci_hcd vhci_hcd.1: stop threads
[  165.477356][ T6337] vhci_hcd vhci_hcd.1: release socket
[  165.480237][ T1020] usb 40-1: device descriptor read/8, error -110
[  165.481291][ T6337] vhci_hcd vhci_hcd.1: disconnect device
[  165.886852][ T1020] usb usb40-port1: attempt power cycle
[  165.925072][ T8735] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  165.927885][ T8735] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  165.932837][ T8735] vhci_hcd vhci_hcd.0: Device attached
[  166.175966][ T6021] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  166.206057][   T34] usb 44-1: SetAddress Request (18) to port 0
[  166.208836][   T34] usb 44-1: new SuperSpeed USB device number 18 using vhci_hcd
[  166.302621][ T5952] Bluetooth: hci1: SCO packet for unknown connection handle 200
[  166.337682][ T6021] usb 8-1: config index 0 descriptor too short (expected 39, got 27)
[  166.345753][ T6021] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has an invalid bInterval 123, changing to 10
[  166.350548][ T6021] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid maxpacket 42796, setting to 1024
[  166.359402][ T6021] usb 8-1: config 0 interface 0 has no altsetting 0
[  166.372188][ T6021] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  166.376994][ T6021] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  166.380804][ T6021] usb 8-1: Product: syz
[  166.382520][ T6021] usb 8-1: Manufacturer: syz
[  166.384438][ T6021] usb 8-1: SerialNumber: syz
[  166.389708][ T6021] usb 8-1: config 0 descriptor??
[  166.393926][ T8735] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  166.397507][ T6021] hub 8-1:0.0: bad descriptor, ignoring hub
[  166.400107][ T6021] hub 8-1:0.0: probe with driver hub failed with error -5
[  166.405685][ T6021] usb 8-1: selecting invalid altsetting 0
[  166.446730][ T1020] usb usb40-port1: unable to enumerate USB device
[  166.911100][ T8782] syzkaller1: tun_chr_ioctl cmd 1074025677
[  166.913116][ T8782] syzkaller1: Linktype set failed because interface is up
[  166.964487][ T8780] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  166.967610][ T8780] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  166.970887][ T8780] vhci_hcd vhci_hcd.0: Device attached
[  167.007760][ T8735] usb 8-1: reset high-speed USB device number 5 using dummy_hcd
[  167.145913][ T6021] vhci_hcd vhci_hcd.1: vhci_device speed not set
[  167.161287][ T8771] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  167.205979][ T6021] usb 39-1: new low-speed USB device number 2 using vhci_hcd
[  167.326467][   T13] syzkaller1: tun_net_xmit 76
[  167.329039][   T13] syzkaller1: tun_net_xmit 48
[  167.356292][ T6671] syzkaller1: tun_net_xmit 76
[  167.367020][ T8735] usb 8-1: failed to restore interface 0 altsetting 251 (error=-71)
[  167.372255][ T6033] usb 8-1: USB disconnect, device number 5
[  167.519662][ T8783] vhci_hcd: connection reset by peer
[  167.524787][   T46] vhci_hcd vhci_hcd.1: stop threads
[  167.527481][   T46] vhci_hcd vhci_hcd.1: release socket
[  167.530118][   T46] vhci_hcd vhci_hcd.1: disconnect device
[  167.573828][ T8736] vhci_hcd: connection reset by peer
[  167.577712][   T13] vhci_hcd vhci_hcd.3: stop threads
[  167.579533][   T13] vhci_hcd vhci_hcd.3: release socket
[  167.581738][   T13] vhci_hcd vhci_hcd.3: disconnect device
[  168.195544][ T8788] netlink: 28 bytes leftover after parsing attributes in process `syz.0.676'.
[  168.321920][ T8800] syz.3.680 (8800): drop_caches: 2
[  168.385904][ T5991] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  168.545940][ T5991] usb 6-1: Using ep0 maxpacket: 8
[  168.565186][ T5991] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  168.568780][ T5991] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  168.572470][ T5991] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  168.576309][ T5991] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  168.580182][ T5991] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  168.584647][ T5991] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  168.590294][ T5991] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.007639][ T5944] Bluetooth: hci3: command 0x0c1a tx timeout
[  169.956027][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  169.958882][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  170.174648][ T5944] Bluetooth: hci2: unexpected event for opcode 0x080d
[  170.179116][ T8823] input: syz1 as /devices/virtual/input/input15
[  170.299934][ T8824] random: crng reseeded on system resumption
[  171.153747][ T6033] usb 6-1: USB disconnect, device number 5
[  171.236006][   T34] usb 44-1: device descriptor read/8, error -110
[  171.636393][   T34] usb usb44-port1: attempt power cycle
[  171.972079][ T8844] syz.1.692: page allocation failure: order:0, mode:0x10cc0(GFP_KERNEL|__GFP_NORETRY), nodemask=(null),cpuset=/,mems_allowed=0-1
[  171.976541][ T8844] CPU: 2 UID: 0 PID: 8844 Comm: syz.1.692 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  171.976561][ T8844] Tainted: [L]=SOFTLOCKUP
[  171.976565][ T8844] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  171.976572][ T8844] Call Trace:
[  171.976577][ T8844]  <TASK>
[  171.976582][ T8844]  dump_stack_lvl+0x16c/0x1f0
[  171.976605][ T8844]  warn_alloc+0x248/0x3a0
[  171.976621][ T8844]  ? __pfx_warn_alloc+0x10/0x10
[  171.976636][ T8844]  ? psi_memstall_leave+0x19f/0x2d0
[  171.976656][ T8844]  ? __pfx___alloc_pages_direct_compact+0x10/0x10
[  171.976684][ T8844]  ? psi_memstall_leave+0x1e1/0x2d0
[  171.976702][ T8844]  ? psi_memstall_leave+0x1e6/0x2d0
[  171.976723][ T8844]  __alloc_frozen_pages_noprof+0xe9b/0x2430
[  171.976752][ T8844]  ? rcu_is_watching+0x12/0xc0
[  171.976773][ T8844]  ? rcu_is_watching+0x12/0xc0
[  171.976789][ T8844]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  171.976803][ T8844]  ? lockdep_hardirqs_on+0x7c/0x110
[  171.976828][ T8844]  ? policy_nodemask+0x3d3/0x4e0
[  171.976847][ T8844]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  171.976866][ T8844]  ? policy_nodemask+0xea/0x4e0
[  171.976885][ T8844]  alloc_pages_mpol+0x1fb/0x550
[  171.976904][ T8844]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  171.976926][ T8844]  alloc_pages_noprof+0x131/0x390
[  171.976944][ T8844]  kimage_alloc_pages+0x74/0x350
[  171.976968][ T8844]  kimage_alloc_control_pages+0x153/0xa00
[  171.976991][ T8844]  ? __pfx_kimage_alloc_control_pages+0x10/0x10
[  171.977014][ T8844]  do_kexec_load+0x439/0x860
[  171.977026][ T8844]  ? __pfx_do_kexec_load+0x10/0x10
[  171.977041][ T8844]  __ia32_compat_sys_kexec_load+0x37f/0x400
[  171.977055][ T8844]  ? __pfx___ia32_compat_sys_kexec_load+0x10/0x10
[  171.977073][ T8844]  __do_fast_syscall_32+0xe8/0x680
[  171.977093][ T8844]  do_fast_syscall_32+0x32/0x80
[  171.977112][ T8844]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  171.977127][ T8844] RIP: 0023:0xf7f52579
[  171.977136][ T8844] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  171.977148][ T8844] RSP: 002b:00000000f544655c EFLAGS: 00000296 ORIG_RAX: 000000000000011b
[  171.977159][ T8844] RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 0000000000000007
[  171.977167][ T8844] RDX: 0000000080000200 RSI: 0000000000160000 RDI: 0000000000000000
[  171.977173][ T8844] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  171.977180][ T8844] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  171.977187][ T8844] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  171.977201][ T8844]  </TASK>
[  171.977251][ T8844] Mem-Info:
[  172.105936][ T8844] active_anon:5543 inactive_anon:10759 isolated_anon:0
[  172.105936][ T8844]  active_file:676 inactive_file:11629 isolated_file:0
[  172.105936][ T8844]  unevictable:1768 dirty:6 writeback:0
[  172.105936][ T8844]  slab_reclaimable:6054 slab_unreclaimable:85586
[  172.105936][ T8844]  mapped:22421 shmem:15190 pagetables:1068
[  172.105936][ T8844]  sec_pagetables:313 bounce:0
[  172.105936][ T8844]  kernel_misc_reclaimable:0
[  172.105936][ T8844]  free:25294 free_pcp:1054 free_cma:0
[  172.140486][ T8844] Node 0 active_anon:1800kB inactive_anon:356kB active_file:76kB inactive_file:320kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:8kB writeback:0kB shmem:6096kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:10048kB pagetables:1380kB sec_pagetables:1136kB all_unreclaimable? yes Balloon:0kB
[  172.150720][ T8844] Node 1 active_anon:18472kB inactive_anon:42360kB active_file:2628kB inactive_file:46196kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:89668kB dirty:16kB writeback:0kB shmem:52764kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:3552kB pagetables:2792kB sec_pagetables:116kB all_unreclaimable? no Balloon:0kB
[  172.161424][ T8844] Node 0 DMA free:1916kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  172.170985][ T8844] lowmem_reserve[]: 0 289 289 289 289
[  172.173034][ T8844] Node 0 DMA32 free:14848kB boost:4096kB min:17428kB low:20760kB high:24092kB reserved_highatomic:2048KB free_highatomic:112KB active_anon:1800kB inactive_anon:356kB active_file:76kB inactive_file:320kB unevictable:3536kB writepending:8kB zspages:212kB present:1032196kB managed:296820kB mlocked:0kB bounce:0kB free_pcp:1908kB local_pcp:0kB free_cma:0kB
[  172.184347][ T8844] lowmem_reserve[]: 0 0 0 0 0
[  172.186200][ T8844] Node 1 DMA32 free:86424kB boost:24576kB min:71720kB low:83504kB high:95288kB reserved_highatomic:0KB free_highatomic:0KB active_anon:18472kB inactive_anon:42360kB active_file:2628kB inactive_file:46196kB unevictable:3536kB writepending:16kB zspages:4088kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:2608kB local_pcp:980kB free_cma:0kB
[  172.198594][ T8844] lowmem_reserve[]: 0 0 0 0 0
[  172.201066][ T8844] Node 0 DMA: 1*4kB (U) 1*8kB (U) 2*16kB (U) 3*32kB (U) 2*64kB (U) 1*128kB (U) 0*256kB 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 1932kB
[  172.205766][ T8844] Node 0 DMA32: 86*4kB (MEH) 101*8kB (UMEH) 60*16kB (UME) 77*32kB (MEH) 39*64kB (UME) 24*128kB (UME) 16*256kB (UME) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 14752kB
[  172.206793][   T34] usb usb44-port1: unable to enumerate USB device
[  172.211138][ T8844] Node 1 DMA32: 1345*4kB (UME) 917*8kB (UME) 370*16kB (ME) 305*32kB (UME) 170*64kB (UME) 83*128kB (UME) 37*256kB (ME) 24*512kB (UME) 13*1024kB (M) 1*2048kB (M) 0*4096kB = 87020kB
[  172.218943][ T8844] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  172.222236][ T8844] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  172.225310][ T8844] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  172.228544][ T8844] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  172.231621][ T8844] 27508 total pagecache pages
[  172.233270][ T8844] 496 pages in swap cache
[  172.234789][ T8844] Free swap  = 99024kB
[  172.236242][ T8844] Total swap = 124996kB
[  172.237759][ T8844] 524155 pages RAM
[  172.239087][ T8844] 0 pages HighMem/MovableOnly
[  172.240701][ T8844] 209057 pages reserved
[  172.242168][ T8844] 0 pages cma reserved
[  172.365940][ T6021] vhci_hcd vhci_hcd.1: vhci_device speed not set
[  172.415600][ T8844] kexec: Could not allocate control_code_buffer
[  173.044786][ T8861] trusted_key: syz.0.696 sent an empty control message without MSG_MORE.
[  173.076030][ T5952] Bluetooth: hci3: command 0x0c1a tx timeout
[  173.156059][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  173.159368][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  173.161989][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  173.220076][ T8867] netlink: 'syz.3.697': attribute type 10 has an invalid length.
[  173.256917][   T40] kauditd_printk_skb: 5 callbacks suppressed
[  173.256928][   T40] audit: type=1326 audit(2000000071.970:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8869 comm="syz.1.698" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  173.280906][ T8873] netlink: 'syz.3.697': attribute type 10 has an invalid length.
[  173.283630][ T8873] netlink: 40 bytes leftover after parsing attributes in process `syz.3.697'.
[  173.305978][   T40] audit: type=1326 audit(2000000071.980:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8869 comm="syz.1.698" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  173.312967][   T40] audit: type=1326 audit(2000000071.980:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8869 comm="syz.1.698" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  173.346187][   T40] audit: type=1326 audit(2000000071.980:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8869 comm="syz.1.698" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  173.368197][   T40] audit: type=1326 audit(2000000071.980:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8869 comm="syz.1.698" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  173.431254][   T40] audit: type=1326 audit(2000000071.980:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8869 comm="syz.1.698" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  173.465991][   T40] audit: type=1326 audit(2000000071.980:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8869 comm="syz.1.698" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  173.472944][   T40] audit: type=1326 audit(2000000071.980:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8869 comm="syz.1.698" exe="/syz-executor" sig=0 arch=40000003 syscall=71 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  173.485865][   T40] audit: type=1326 audit(2000000071.980:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8869 comm="syz.1.698" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  173.492658][   T40] audit: type=1326 audit(2000000071.980:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8869 comm="syz.1.698" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  173.493784][ T8875] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.613320][ T8875] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.708312][ T8875] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.948099][ T8875] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.622334][  T169] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  174.657473][ T8883] cdrom: dropping to single frame dma
[  174.705461][  T169] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  174.720612][  T169] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  174.737757][  T169] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  174.925020][ T8899] tipc: Started in network mode
[  174.933141][ T8899] tipc: Node identity 080211000001, cluster identity 4711
[  174.935540][ T8899] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  175.216120][ T1020] usb 8-1: new full-speed USB device number 6 using dummy_hcd
[  175.318389][ T8907] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  175.321223][ T8907] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  175.324811][ T8907] vhci_hcd vhci_hcd.0: Device attached
[  175.447762][ T1020] usb 8-1: not running at top speed; connect to a high speed hub
[  175.448809][ T1020] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 6008, setting to 64
[  175.452422][ T1020] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  175.452439][ T1020] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.452449][ T1020] usb 8-1: Product: Ј
[  175.452457][ T1020] usb 8-1: Manufacturer: ӿ
[  175.452464][ T1020] usb 8-1: SerialNumber: syz
[  175.458530][ T8905] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  175.484975][ T8910] wg2 speed is unknown, defaulting to 1000
[  175.487812][ T8910] wg2 speed is unknown, defaulting to 1000
[  175.488333][ T8910] wg2 speed is unknown, defaulting to 1000
[  175.619706][   T34] usb 40-1: SetAddress Request (22) to port 0
[  175.622957][   T34] usb 40-1: new SuperSpeed USB device number 22 using vhci_hcd
[  175.746276][ T1020] usb 8-1: USB disconnect, device number 6
[  175.927244][ T8916] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  175.929521][ T8916] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  175.932634][ T8916] vhci_hcd vhci_hcd.0: Device attached
[  176.066115][ T6671] tipc: Node number set to 134418688
[  176.122117][ T5991] wg2 speed is unknown, defaulting to 1000
[  176.129475][ T8910] infiniband syz2: set active
[  176.138870][ T8910] infiniband syz2: added wg2
[  176.199035][ T8908] vhci_hcd: connection reset by peer
[  176.206171][ T6671] usb 38-1: SetAddress Request (6) to port 0
[  176.208416][ T6671] usb 38-1: new SuperSpeed USB device number 6 using vhci_hcd
[  176.209130][  T169] vhci_hcd vhci_hcd.1: stop threads
[  176.216414][  T169] vhci_hcd vhci_hcd.1: release socket
[  176.219514][ T8910] RDS/IB: syz2: added
[  176.222828][  T169] vhci_hcd vhci_hcd.1: disconnect device
[  176.226626][ T8910] smc: adding ib device syz2 with port count 1
[  176.233061][ T8910] smc:    ib device syz2 port 1 has no pnetid
[  176.243678][ T5991] wg2 speed is unknown, defaulting to 1000
[  176.248744][ T8910] wg2 speed is unknown, defaulting to 1000
[  176.346710][ T8927] netlink: 40 bytes leftover after parsing attributes in process `syz.3.711'.
[  176.448922][ T8922] vhci_hcd: connection reset by peer
[  176.450938][ T6340] vhci_hcd vhci_hcd.0: stop threads
[  176.452160][ T8910] wg2 speed is unknown, defaulting to 1000
[  176.453211][ T6340] vhci_hcd vhci_hcd.0: release socket
[  176.457241][ T6340] vhci_hcd vhci_hcd.0: disconnect device
[  176.619623][ T8910] wg2 speed is unknown, defaulting to 1000
[  176.666012][ T6033] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  176.761297][ T8910] wg2 speed is unknown, defaulting to 1000
[  176.825929][ T6033] usb 8-1: Using ep0 maxpacket: 32
[  176.829091][ T6033] usb 8-1: config 4 has an invalid descriptor of length 49, skipping remainder of the config
[  176.832403][ T6033] usb 8-1: config 4 has 0 interfaces, different from the descriptor's value: 9
[  176.837298][ T6033] usb 8-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  176.840491][ T6033] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.843168][ T6033] usb 8-1: Product: syz
[  176.844900][ T6033] usb 8-1: Manufacturer: syz
[  176.846763][ T6033] usb 8-1: SerialNumber: syz
[  177.187191][ T8936] netlink: 4 bytes leftover after parsing attributes in process `syz.0.714'.
[  177.192405][ T8934] netlink: 4 bytes leftover after parsing attributes in process `syz.0.714'.
[  177.233447][ T8941] netlink: 116 bytes leftover after parsing attributes in process `syz.1.713'.
[  177.236909][ T8941] netlink: 116 bytes leftover after parsing attributes in process `syz.1.713'.
[  177.639450][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  177.643715][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  177.647361][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  177.926267][ T6033] usb 8-1: USB disconnect, device number 7
[  178.050719][ T5944] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  178.727682][ T8969] block device autoloading is deprecated and will be removed.
[  179.495103][ T5952] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  179.505025][ T5952] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  179.509435][ T5952] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  179.514459][ T5952] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  179.518056][ T5952] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  179.551529][ T8986] wg2 speed is unknown, defaulting to 1000
[  179.837486][ T8989] netlink: 12 bytes leftover after parsing attributes in process `syz.3.726'.
[  179.864430][ T8986] chnl_net:caif_netlink_parms(): no params data found
[  179.938505][ T8986] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.940824][ T8986] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.943357][ T8986] bridge_slave_0: entered allmulticast mode
[  179.946022][ T8986] bridge_slave_0: entered promiscuous mode
[  179.950810][ T8986] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.952945][ T8986] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.955070][ T8986] bridge_slave_1: entered allmulticast mode
[  179.957648][ T8986] bridge_slave_1: entered promiscuous mode
[  179.973920][ T8986] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  179.977936][ T5952] Bluetooth: hci1: unexpected event for opcode 0x204e
[  179.978321][ T8986] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  179.997270][ T8986] team0: Port device team_slave_0 added
[  180.000700][ T8986] team0: Port device team_slave_1 added
[  180.015328][ T8986] batman_adv: batadv0: Adding interface: batadv_slave_0
[  180.017483][ T8986] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  180.024849][ T8986] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  180.029520][ T8986] batman_adv: batadv0: Adding interface: batadv_slave_1
[  180.031660][ T8986] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  180.040932][ T8986] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  180.063843][ T8986] hsr_slave_0: entered promiscuous mode
[  180.066073][ T8986] hsr_slave_1: entered promiscuous mode
[  180.068039][ T8986] debugfs: 'hsr0' already exists in 'hsr'
[  180.069761][ T8986] Cannot create hsr debugfs directory
[  180.230210][ T8986] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  180.238741][ T8986] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  180.244009][ T8986] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  180.249454][ T8986] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  180.270251][ T8986] bridge0: port 2(bridge_slave_1) entered blocking state
[  180.272741][ T8986] bridge0: port 2(bridge_slave_1) entered forwarding state
[  180.275481][ T8986] bridge0: port 1(bridge_slave_0) entered blocking state
[  180.278270][ T8986] bridge0: port 1(bridge_slave_0) entered forwarding state
[  180.314783][ T8986] 8021q: adding VLAN 0 to HW filter on device bond0
[  180.333084][ T6333] bridge0: port 1(bridge_slave_0) entered disabled state
[  180.338810][ T6333] bridge0: port 2(bridge_slave_1) entered disabled state
[  180.358685][ T8986] 8021q: adding VLAN 0 to HW filter on device team0
[  180.366043][ T6333] bridge0: port 1(bridge_slave_0) entered blocking state
[  180.368984][ T6333] bridge0: port 1(bridge_slave_0) entered forwarding state
[  180.375431][ T6333] bridge0: port 2(bridge_slave_1) entered blocking state
[  180.378326][ T6333] bridge0: port 2(bridge_slave_1) entered forwarding state
[  180.521341][ T8986] 8021q: adding VLAN 0 to HW filter on device batadv0
[  180.549805][ T9016] netlink: 'syz.1.730': attribute type 12 has an invalid length.
[  180.596135][ T9017] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10)
[  180.598332][ T9017] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  180.601177][ T9017] vhci_hcd vhci_hcd.0: Device attached
[  180.645271][ T9023] binder: 9021:9023 ioctl c00c620f 80000040 returned -22
[  180.677686][   T34] usb 40-1: device descriptor read/8, error -110
[  180.764418][ T8986] veth0_vlan: entered promiscuous mode
[  180.771134][ T8986] veth1_vlan: entered promiscuous mode
[  180.790999][ T8986] veth0_macvtap: entered promiscuous mode
[  180.795109][ T8986] veth1_macvtap: entered promiscuous mode
[  180.804130][ T8986] batman_adv: batadv0: Interface activated: batadv_slave_0
[  180.811723][ T8986] batman_adv: batadv0: Interface activated: batadv_slave_1
[  180.820290][ T6342] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  180.823743][ T6342] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  180.833686][ T6342] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  180.842604][ T6342] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  180.877463][ T6058] usb 44-1: SetAddress Request (22) to port 0
[  180.879738][ T6058] usb 44-1: new SuperSpeed USB device number 22 using vhci_hcd
[  180.913417][ T6342] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  180.916842][ T6342] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  180.942612][  T169] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  180.950610][ T9036] random: crng reseeded on system resumption
[  180.960213][  T169] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  181.083540][   T34] usb usb40-port1: attempt power cycle
[  181.246177][ T6671] usb 38-1: device descriptor read/8, error -110
[  181.344011][ T9018] vhci_hcd: connection reset by peer
[  181.348804][ T6342] vhci_hcd vhci_hcd.3: stop threads
[  181.350537][ T6342] vhci_hcd vhci_hcd.3: release socket
[  181.356356][ T6342] vhci_hcd vhci_hcd.3: disconnect device
[  181.486172][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  181.489292][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  181.492158][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  181.495446][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  181.556902][ T5952] Bluetooth: hci4: command tx timeout
[  181.646512][   T34] usb usb40-port1: unable to enumerate USB device
[  181.649258][ T6671] usb usb38-port1: attempt power cycle
[  182.101580][ T9051] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found
[  182.104288][ T9051] UDF-fs: Scanning with blocksize 2048 failed
[  182.114963][ T9051] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found
[  182.117644][ T9051] UDF-fs: Scanning with blocksize 4096 failed
[  182.217037][ T6671] usb usb38-port1: unable to enumerate USB device
[  183.011791][ T9061] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  183.014067][ T9061] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  183.017996][ T9061] vhci_hcd vhci_hcd.0: Device attached
[  183.296052][   T24] usb 40-1: SetAddress Request (26) to port 0
[  183.298304][   T24] usb 40-1: new SuperSpeed USB device number 26 using vhci_hcd
[  183.645956][ T5952] Bluetooth: hci4: command tx timeout
[  183.675282][ T9062] vhci_hcd: connection reset by peer
[  183.678404][  T169] vhci_hcd vhci_hcd.1: stop threads
[  183.680228][  T169] vhci_hcd vhci_hcd.1: release socket
[  183.686224][  T169] vhci_hcd vhci_hcd.1: disconnect device
[  184.337063][ T9094] tipc: Started in network mode
[  184.338717][ T9094] tipc: Node identity be68e7e795f4, cluster identity 4711
[  184.341234][ T9094] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  184.344486][ T9094] syzkaller0: entered promiscuous mode
[  184.347859][ T9094] syzkaller0: entered allmulticast mode
[  184.361705][   T40] audit: type=1326 audit(2000000083.070:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9093 comm="syz.1.747" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  184.370746][   T40] audit: type=1326 audit(2000000083.080:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9093 comm="syz.1.747" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  184.374737][ T9094] tipc: Resetting bearer <eth:syzkaller0>
[  184.386104][   T40] audit: type=1326 audit(2000000083.080:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9093 comm="syz.1.747" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  184.392881][   T40] audit: type=1326 audit(2000000083.080:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9093 comm="syz.1.747" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  184.393061][ T9093] tipc: Resetting bearer <eth:syzkaller0>
[  184.402430][   T40] audit: type=1326 audit(2000000083.080:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9093 comm=77DEA305FF07 exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  184.416174][   T40] audit: type=1326 audit(2000000083.080:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9093 comm=77DEA305FF07 exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  184.422898][   T40] audit: type=1326 audit(2000000083.080:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9093 comm="syz.1.747" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  184.433348][ T9093] tipc: Disabling bearer <eth:syzkaller0>
[  184.436065][   T40] audit: type=1326 audit(2000000083.080:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9093 comm="syz.1.747" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  184.456086][   T40] audit: type=1326 audit(2000000083.080:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9093 comm=77DEA305FF07 exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  184.462837][   T40] audit: type=1326 audit(2000000083.080:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9093 comm=77DEA305FF07 exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  184.526858][ T9097] bond5: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0)
[  184.531970][ T9097] bond5 (unregistering): Released all slaves
[  184.540702][ T9098] netlink: 220 bytes leftover after parsing attributes in process `syz.3.748'.
[  184.544299][ T9098] netlink: 220 bytes leftover after parsing attributes in process `syz.3.748'.
[  185.270790][ T9111] netlink: 28 bytes leftover after parsing attributes in process `syz.1.751'.
[  185.505632][ T9116] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  185.512947][ T9116] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  185.591280][ T9119] wg2 speed is unknown, defaulting to 1000
[  185.715939][ T5952] Bluetooth: hci4: command tx timeout
[  185.728409][ T9116] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  185.731347][ T9116] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  185.745948][ T6671] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  185.798153][ T9120] netlink: 'syz.3.753': attribute type 13 has an invalid length.
[  185.801236][ T9120] netlink: 4 bytes leftover after parsing attributes in process `syz.3.753'.
[  185.886917][ T6671] usb 6-1: device descriptor read/64, error -71
[  185.956325][ T6058] usb 44-1: device descriptor read/8, error -110
[  186.356780][ T6058] usb usb44-port1: attempt power cycle
[  186.408097][ T9132] wg2 speed is unknown, defaulting to 1000
[  186.606067][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  186.609457][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  186.612309][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  186.937714][ T6058] usb usb44-port1: unable to enumerate USB device
[  186.994817][ T9150] vxcan3: entered promiscuous mode
[  186.997000][ T9150] vxcan3: entered allmulticast mode
[  187.006983][   T34] usb 8-1: new low-speed USB device number 8 using dummy_hcd
[  187.177240][   T34] usb 8-1: config 0 has an invalid interface number: 55 but max is 0
[  187.180424][   T34] usb 8-1: config 0 has no interface number 0
[  187.182400][   T34] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  187.186673][   T34] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  187.190610][   T34] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  187.194978][   T34] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  187.199913][   T34] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  187.203671][   T34] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  187.208383][   T34] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  187.212021][   T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.216685][   T34] usb 8-1: config 0 descriptor??
[  187.219297][ T9144] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  187.222333][ T9144] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  187.228454][   T34] ldusb 8-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  187.430131][ T9144] netlink: 24 bytes leftover after parsing attributes in process `syz.3.759'.
[  187.464885][ T6033] usb 8-1: USB disconnect, device number 8
[  187.471331][ T6033] ldusb 8-1:0.55: LD USB Device #0 now disconnected
[  187.796106][ T5952] Bluetooth: hci4: command tx timeout
[  188.001552][ T9143] Process accounting resumed
[  188.356141][   T24] usb 40-1: device descriptor read/8, error -110
[  188.748229][   T24] usb usb40-port1: attempt power cycle
[  188.784741][ T9168] netlink: 4 bytes leftover after parsing attributes in process `syz.1.765'.
[  188.799665][ T9167] netlink: 4 bytes leftover after parsing attributes in process `syz.1.765'.
[  188.810513][ T5952] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  188.939963][ T9171] netlink: 28 bytes leftover after parsing attributes in process `syz.3.767'.
[  189.407425][   T24] usb usb40-port1: unable to enumerate USB device
[  189.536402][ T9179] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  189.538984][ T9179] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  189.542418][ T9179] vhci_hcd vhci_hcd.0: Device attached
[  189.579529][ T9179] afs: Unknown parameter 'dy��l��U���n'
[  189.610998][ T9184] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  189.616126][ T9184] 8021q: VLANs not supported on gre0
[  189.685720][ T9181] vhci_hcd: connection closed
[  189.694231][ T6342] vhci_hcd vhci_hcd.0: stop threads
[  189.698008][ T6342] vhci_hcd vhci_hcd.0: release socket
[  189.700063][ T6342] vhci_hcd vhci_hcd.0: disconnect device
[  189.796038][    C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  189.799683][    C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  190.665372][   T40] kauditd_printk_skb: 35 callbacks suppressed
[  190.665393][   T40] audit: type=1326 audit(2000000089.370:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9213 comm="syz.1.776" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  190.690583][   T40] audit: type=1326 audit(2000000089.380:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9213 comm="syz.1.776" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  190.705623][   T40] audit: type=1326 audit(2000000089.410:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9213 comm="syz.1.776" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  190.723194][   T40] audit: type=1326 audit(2000000089.410:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9213 comm="syz.1.776" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  190.735919][   T40] audit: type=1326 audit(2000000089.410:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9213 comm="syz.1.776" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  190.748261][   T40] audit: type=1326 audit(2000000089.410:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9213 comm="syz.1.776" exe="/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  190.756373][   T40] audit: type=1326 audit(2000000089.410:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9213 comm="syz.1.776" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  190.764334][   T40] audit: type=1326 audit(2000000089.410:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9213 comm="syz.1.776" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  190.772531][   T40] audit: type=1326 audit(2000000089.410:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9213 comm="syz.1.776" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  190.780466][   T40] audit: type=1326 audit(2000000089.410:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9213 comm="syz.1.776" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x7ffc0000
[  190.939752][ T9214] netfs: Couldn't get user pages (rc=-14)
[  191.007713][ T9214] netlink: 96 bytes leftover after parsing attributes in process `syz.1.776'.
[  191.501877][ T6327] Bluetooth: hci5: Frame reassembly failed (-84)
[  191.716132][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  193.565952][ T5952] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  194.196013][    C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  194.198907][    C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  194.201534][    C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  194.625773][ T9229] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11)
[  194.628393][ T9229] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  194.631918][ T9229] vhci_hcd vhci_hcd.0: Device attached
[  194.634334][ T9238] vhci_hcd: connection closed
[  194.635888][ T6337] vhci_hcd vhci_hcd.1: stop threads
[  194.640273][ T6337] vhci_hcd vhci_hcd.1: release socket
[  194.642505][ T6337] vhci_hcd vhci_hcd.1: disconnect device
[  195.431338][ T9246] netlink: 'syz.1.784': attribute type 4 has an invalid length.
[  195.433782][ T9246] netlink: 17 bytes leftover after parsing attributes in process `syz.1.784'.
[  195.458775][   T34] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  195.632721][   T34] usb 9-1: Using ep0 maxpacket: 8
[  195.637216][   T34] usb 9-1: config 0 interface 0 has no altsetting 0
[  195.642929][   T34] usb 9-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  195.648182][   T34] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.652783][   T34] usb 9-1: config 0 descriptor??
[  195.670165][ T9248] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  195.672252][ T9248] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  195.696079][ T6058] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  195.725978][ T9248] vhci_hcd vhci_hcd.0: Device attached
[  195.846039][ T6058] usb 6-1: Using ep0 maxpacket: 16
[  195.857522][ T6058] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  195.862732][ T6058] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  195.868580][ T6058] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  195.875522][ T6058] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  195.880014][ T6058] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.886241][ T6058] usb 6-1: config 0 descriptor??
[  195.956104][ T6033] usb 38-1: SetAddress Request (11) to port 0
[  195.958137][ T6033] usb 38-1: new SuperSpeed USB device number 11 using vhci_hcd
[  196.115436][ T9249] vhci_hcd: connection reset by peer
[  196.118439][ T6333] vhci_hcd vhci_hcd.0: stop threads
[  196.120778][ T6333] vhci_hcd vhci_hcd.0: release socket
[  196.123157][ T6333] vhci_hcd vhci_hcd.0: disconnect device
[  196.305096][ T9246] netlink: 'syz.1.784': attribute type 2 has an invalid length.
[  196.308927][ T9246] netlink: 244 bytes leftover after parsing attributes in process `syz.1.784'.
[  196.318234][ T6058] usbhid 6-1:0.0: can't add hid device: -71
[  196.320711][ T6058] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  196.324536][ T6058] usb 6-1: USB disconnect, device number 8
[  196.765966][   T24] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  196.917405][   T24] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  196.922665][   T24] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  196.937755][   T24] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  196.941553][   T24] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  196.945455][   T24] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  196.952154][   T24] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  196.955415][   T24] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  196.963603][   T24] usb 8-1: Product: syz
[  196.965158][   T24] usb 8-1: Manufacturer: syz
[  196.977047][   T24] cdc_wdm 8-1:1.0: skipping garbage
[  196.978889][   T24] cdc_wdm 8-1:1.0: skipping garbage
[  196.981872][   T24] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  196.984638][   T24] cdc_wdm 8-1:1.0: Unknown control protocol
[  197.389552][   T24] usb 8-1: USB disconnect, device number 9
[  197.846020][ T6030] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  197.879580][   T34] usbhid 9-1:0.0: can't add hid device: -71
[  197.882268][   T34] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  197.897811][   T34] usb 9-1: USB disconnect, device number 2
[  198.005588][ T6030] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  198.011035][ T6030] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  198.015488][ T6030] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  198.018660][ T6030] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  198.023321][ T6030] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  198.028623][ T9270] netlink: 'syz.1.791': attribute type 1 has an invalid length.
[  198.031220][ T6030] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  198.038774][ T6030] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  198.042453][ T6030] usb 8-1: Product: syz
[  198.044300][ T6030] usb 8-1: Manufacturer: syz
[  198.053441][ T6030] cdc_wdm 8-1:1.0: skipping garbage
[  198.056782][ T6030] cdc_wdm 8-1:1.0: skipping garbage
[  198.060380][ T6030] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  198.062927][ T6030] cdc_wdm 8-1:1.0: Unknown control protocol
[  198.116057][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  198.119006][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  198.121954][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  198.443548][ T9289] xt_hashlimit: invalid rate
[  198.837894][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[  198.839970][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[  199.525981][ T9299] usb 8-1: USB disconnect, device number 10
[  199.985055][ T9313] x_tables: duplicate underflow at hook 1
[  200.166650][ T9315] netlink: 4 bytes leftover after parsing attributes in process `syz.3.801'.
[  200.172036][ T9315] xt_SECMARK: invalid mode: 0
[  200.242650][ T9299] hub 8-0:1.0: USB hub found
[  200.276335][ T9299] hub 8-0:1.0: 1 port detected
[  200.279079][ T9309] random: crng reseeded on system resumption
[  200.801486][ T9321] netlink: 124 bytes leftover after parsing attributes in process `syz.1.803'.
[  200.995943][ T6033] usb 38-1: device descriptor read/8, error -110
[  201.016364][ T6671] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  201.165938][ T6671] usb 8-1: Using ep0 maxpacket: 8
[  201.169274][ T6671] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 5
[  201.172320][ T6671] usb 8-1: config 0 interface 0 has no altsetting 0
[  201.174612][ T6671] usb 8-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  201.177734][ T6671] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.182112][ T6671] usb 8-1: config 0 descriptor??
[  201.187611][ T9322] siw: device registration error -23
[  201.316038][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  201.319242][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  201.389174][ T6033] usb usb38-port1: attempt power cycle
[  202.271918][ T6033] usb usb38-port1: unable to enumerate USB device
[  202.493743][ T6671] usbhid 8-1:0.0: can't add hid device: -71
[  202.493880][   T40] kauditd_printk_skb: 64 callbacks suppressed
[  202.493895][   T40] audit: type=1326 audit(2000000101.200:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9317 comm="syz.3.802" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  202.496636][ T6671] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  202.516552][   T40] audit: type=1326 audit(2000000101.200:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9317 comm="syz.3.802" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  202.519892][ T6671] usb 8-1: USB disconnect, device number 11
[  203.596008][   T40] audit: type=1326 audit(2000000101.200:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9317 comm="syz.3.802" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  203.604532][   T40] audit: type=1326 audit(2000000101.200:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9317 comm="syz.3.802" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  203.612992][   T40] audit: type=1326 audit(2000000101.200:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9317 comm="syz.3.802" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  204.128138][ T9348] program syz.3.809 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  204.516098][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  204.520143][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  204.524328][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  204.978199][   T40] audit: type=1800 audit(2000000103.690:353): pid=9366 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.813" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="9p" ino=71827851 res=0 errno=0
[  204.996244][ T9366] overlay: ./file0 is not a directory
[  205.031875][ T9374] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  205.038981][ T9373] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  205.107171][ T9377] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  205.110026][ T9377] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  205.117726][ T9377] vhci_hcd vhci_hcd.0: Device attached
[  205.424063][ T9387] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  205.436296][ T6433] usb 44-1: SetAddress Request (26) to port 0
[  205.439149][ T6433] usb 44-1: new SuperSpeed USB device number 26 using vhci_hcd
[  205.460106][ T6671] wg2 speed is unknown, defaulting to 1000
[  205.574617][ T9387] vlan0: entered promiscuous mode
[  205.608562][ T9394] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  206.154788][ T9401] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  206.157633][ T9401] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  206.163766][ T9401] vhci_hcd vhci_hcd.0: Device attached
[  206.427154][ T9378] vhci_hcd: connection reset by peer
[  206.429461][   T46] vhci_hcd vhci_hcd.3: stop threads
[  206.431659][   T46] vhci_hcd vhci_hcd.3: release socket
[  206.436622][ T6030] usb 40-1: SetAddress Request (30) to port 0
[  206.439362][ T6030] usb 40-1: new SuperSpeed USB device number 30 using vhci_hcd
[  206.446365][   T46] vhci_hcd vhci_hcd.3: disconnect device
[  206.886539][ T9401] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  207.303025][   T40] audit: type=1326 audit(2000000106.010:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9427 comm="syz.0.828" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87579 code=0x7ffc0000
[  207.314470][   T40] audit: type=1326 audit(2000000106.010:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9427 comm="syz.0.828" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87579 code=0x7ffc0000
[  207.324674][   T40] audit: type=1326 audit(2000000106.010:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9427 comm="syz.0.828" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7f87579 code=0x7ffc0000
[  207.333246][   T40] audit: type=1326 audit(2000000106.020:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9427 comm="syz.0.828" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87579 code=0x7ffc0000
[  207.373301][ T6033] libceph: connect (1)[c::]:6789 error -101
[  207.376146][ T6033] libceph: mon0 (1)[c::]:6789 connect error
[  207.564022][ T9424] ceph: No mds server is up or the cluster is laggy
[  207.698188][ T6671] hid (null): report_id 51625 is invalid
[  207.709099][ T6671] hid-generic 0001:0003:FFFFFF81.0004: reserved main item tag 0xd
[  208.043198][ T9442] netlink: 8 bytes leftover after parsing attributes in process `syz.4.830'.
[  208.228837][ T9403] vhci_hcd: connection reset by peer
[  208.230162][ T6340] vhci_hcd vhci_hcd.1: stop threads
[  208.230183][ T6340] vhci_hcd vhci_hcd.1: release socket
[  208.230268][ T6340] vhci_hcd vhci_hcd.1: disconnect device
[  208.365980][    C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  208.366097][    C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  208.917306][ T6671] hid-generic 0001:0003:FFFFFF81.0004: unexpected long global item
[  208.917693][ T6671] hid-generic 0001:0003:FFFFFF81.0004: probe with driver hid-generic failed with error -22
[  208.964550][ T9452] netlink: 12 bytes leftover after parsing attributes in process `syz.3.832'.
[  209.022938][ T9452] veth3: entered promiscuous mode
[  209.024641][ T9452] veth3: entered allmulticast mode
[  209.081280][ T9452] veth5: entered promiscuous mode
[  209.082911][ T9452] veth5: entered allmulticast mode
[  209.922719][ T9475] netlink: 4 bytes leftover after parsing attributes in process `syz.3.839'.
[  210.015969][ T9478] netlink: 'syz.0.840': attribute type 10 has an invalid length.
[  210.046611][ T9478] bridge0: port 3(dummy0) entered disabled state
[  210.063127][ T9478] dummy0: left allmulticast mode
[  210.066276][ T9481] netlink: 'syz.0.840': attribute type 10 has an invalid length.
[  210.068759][ T9478] dummy0: left promiscuous mode
[  210.074110][ T9478] bridge0: port 3(dummy0) entered disabled state
[  210.098216][ T9478] team0: Port device dummy0 added
[  210.102876][ T9481] team0: Port device dummy0 removed
[  210.106518][ T9481] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  210.114326][ T9480] wg2 speed is unknown, defaulting to 1000
[  210.115132][ T1142] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  210.125288][ T1142] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  210.136915][ T9478] netlink: 'syz.0.840': attribute type 1 has an invalid length.
[  210.141149][ T9484] 9p: Bad value for 'rfdno'
[  210.526133][ T6433] usb 44-1: device descriptor read/8, error -110
[  210.942320][ T6433] usb usb44-port1: attempt power cycle
[  211.555977][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  211.558784][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  211.561541][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  211.724956][ T6030] usb 40-1: device descriptor read/8, error -110
[  211.885930][ T6433] usb usb44-port1: unable to enumerate USB device
[  211.915509][ T9508] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  211.917768][ T9508] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  211.937687][ T9518] random: crng reseeded on system resumption
[  212.176831][ T9508] vhci_hcd vhci_hcd.0: Device attached
[  212.356190][ T6030] usb 40-1: SetAddress Request (31) to port 0
[  212.359357][ T6030] usb 40-1: new SuperSpeed USB device number 31 using vhci_hcd
[  212.495952][ T9514] vhci_hcd: connection closed
[  212.506807][   T13] vhci_hcd vhci_hcd.1: stop threads
[  212.510846][   T13] vhci_hcd vhci_hcd.1: release socket
[  212.546580][   T13] vhci_hcd vhci_hcd.1: disconnect device
[  212.980291][ T9550] netlink: 107460 bytes leftover after parsing attributes in process `syz.3.855'.
[  213.007489][ T5944] Bluetooth: hci5: sending frame failed (-49)
[  213.012651][ T5952] Bluetooth: hci5: Opcode 0x1003 failed: -49
[  213.066242][ T6030] usb 40-1: enqueue for inactive port 0
[  213.176170][ T6030] usb usb40-port1: attempt power cycle
[  213.926410][ T6030] usb usb40-port1: unable to enumerate USB device
[  214.146126][ T9560] netlink: 24 bytes leftover after parsing attributes in process `syz.0.857'.
[  214.172905][ T6671] IPVS: starting estimator thread 0...
[  214.256098][ T9582] IPVS: using max 24 ests per chain, 57600 per kthread
[  215.396206][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  215.400473][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  215.404525][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  216.199493][ T9605] fuse: Unknown parameter 'fd0x0000000000000003'
[  216.419370][ T9607] bridge0: port 2(bridge_slave_1) entered disabled state
[  216.422542][ T9607] bridge0: port 1(bridge_slave_0) entered disabled state
[  216.468942][ T9615] netlink: 4 bytes leftover after parsing attributes in process `syz.4.871'.
[  216.826006][ T9624] netlink: 8 bytes leftover after parsing attributes in process `syz.1.872'.
[  216.863044][ T9607] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  216.877435][ T9607] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  216.979720][ T1142] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  217.094554][ T1142] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  217.098016][ T1142] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  217.100982][ T1142] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  218.109135][ T9647] netlink: 16 bytes leftover after parsing attributes in process `syz.1.878'.
[  218.235294][ T9649] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  218.242106][ T9649] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512
[  218.250651][ T9649] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  218.253057][ T9649] UDF-fs: Scanning with blocksize 512 failed
[  218.255421][ T9649] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  218.263443][ T9649] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512
[  218.271039][ T9649] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  218.276237][ T9649] UDF-fs: Scanning with blocksize 1024 failed
[  218.279456][ T9649] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  218.291473][ T9649] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512
[  218.294282][ T9649] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  218.316057][ T9649] UDF-fs: Scanning with blocksize 2048 failed
[  218.319577][ T9649] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  218.323422][ T9649] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512
[  218.356045][ T9649] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  218.366595][ T9649] UDF-fs: Scanning with blocksize 4096 failed
[  218.369338][ T9649] UDF-fs: warning (device loop1): udf_fill_super: No partition found (1)
[  218.929273][ T9642] Process accounting paused
[  219.665970][   T10] usb 8-1: new full-speed USB device number 12 using dummy_hcd
[  219.857722][   T10] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has an invalid bInterval 39, changing to 4
[  219.861808][   T10] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid maxpacket 15380, setting to 1023
[  219.865626][   T10] usb 8-1: config 0 interface 0 has no altsetting 0
[  219.871133][   T10] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  219.876080][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  219.880347][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  219.884201][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  219.905614][   T10] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  219.908557][   T10] usb 8-1: Product: syz
[  219.929334][   T10] usb 8-1: Manufacturer: syz
[  219.931196][   T10] usb 8-1: SerialNumber: syz
[  220.076523][   T10] usb 8-1: config 0 descriptor??
[  220.106179][   T10] usb 8-1: selecting invalid altsetting 0
[  220.284156][ T9662] usb 8-1: cannot submit urb 0, error -2: endpoint not enabled
[  220.377791][ T9680] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  220.652227][ T6033] usb 8-1: USB disconnect, device number 12
[  220.656589][ T9662] usb 8-1: cannot submit urb 0, error -19: no device
[  220.659953][ T9662] usb 8-1: cannot submit urb 0, error -19: no device
[  220.948971][ T9662] usb 8-1: cannot submit urb 0, error -19: no device
[  220.952223][ T9662] usb 8-1: cannot submit urb 0, error -19: no device
[  221.046191][ T9662] usb 8-1: cannot submit urb 0, error -19: no device
[  221.049318][ T9662] usb 8-1: cannot submit urb 0, error -19: no device
[  221.056306][ T9662] usb 8-1: cannot submit urb 0, error -19: no device
[  221.059631][ T9662] usb 8-1: cannot submit urb 0, error -19: no device
[  221.062906][ T9662] usb 8-1: cannot submit urb 0, error -19: no device
[  221.128825][ T9662] usb 8-1: cannot submit urb 0, error -19: no device
[  221.132570][ T9662] usb 8-1: cannot submit urb 0, error -19: no device
[  221.176569][ T9662] usb 8-1: cannot submit urb 0, error -19: no device
[  221.183508][ T9662] usb 8-1: cannot submit urb 0, error -19: no device
[  221.193193][ T9662] usb 8-1: cannot submit urb 0, error -19: no device
[  221.197365][ T9662] usb 8-1: cannot submit urb 0, error -19: no device
[  221.202105][ T9662] usb 8-1: cannot submit urb 0, error -19: no device
[  221.206706][ T9662] usb 8-1: cannot submit urb 0, error -19: no device
[  221.212228][ T9662] usb 8-1: cannot submit urb 0, error -19: no device
[  221.219889][ T9662] usb 8-1: cannot submit urb 0, error -19: no device
[  221.226785][ T9662] usb 8-1: cannot submit urb 0, error -19: no device
[  221.236693][ T9662] usb 8-1: cannot submit urb 0, error -19: no device
[  221.246701][ T9662] usb 8-1: cannot submit urb 0, error -19: no device
[  221.331268][ T9689] netlink: 4 bytes leftover after parsing attributes in process `syz.4.884'.
[  222.145369][ T9690] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  222.148188][ T9690] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  222.165986][ T9690] vhci_hcd vhci_hcd.0: Device attached
[  222.337161][ T9702] vhci_hcd: connection closed
[  222.338302][   T46] vhci_hcd vhci_hcd.1: stop threads
[  222.341927][   T46] vhci_hcd vhci_hcd.1: release socket
[  222.343914][   T46] vhci_hcd vhci_hcd.1: disconnect device
[  223.075988][    C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  223.078755][    C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  223.081445][    C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  223.636614][ T9717] fuse: Unknown parameter 'al'
[  223.685064][   T40] kauditd_printk_skb: 41 callbacks suppressed
[  223.685076][   T40] audit: type=1326 audit(2000000122.390:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9709 comm="syz.3.896" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7fc00000
[  223.694411][   T40] audit: type=1326 audit(2000000122.390:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9709 comm="syz.3.896" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f75579 code=0x7fc00000
[  223.701259][   T40] audit: type=1326 audit(2000000122.390:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9709 comm="syz.3.896" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7fc00000
[  223.709829][   T40] audit: type=1326 audit(2000000122.390:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9709 comm="syz.3.896" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7fc00000
[  223.718007][   T40] audit: type=1326 audit(2000000122.390:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9709 comm="syz.3.896" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7fc00000
[  223.725082][   T40] audit: type=1326 audit(2000000122.390:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9709 comm="syz.3.896" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7fc00000
[  223.731812][   T40] audit: type=1326 audit(2000000122.390:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9709 comm="syz.3.896" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7fc00000
[  223.745957][   T40] audit: type=1326 audit(2000000122.390:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9709 comm="syz.3.896" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7fc00000
[  223.755898][   T40] audit: type=1326 audit(2000000122.390:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9709 comm="syz.3.896" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7fc00000
[  223.771116][   T40] audit: type=1326 audit(2000000122.390:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9709 comm="syz.3.896" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7fc00000
[  223.871859][ T9722] wg2 speed is unknown, defaulting to 1000
[  224.252292][ T9717] netlink: 'syz.4.899': attribute type 10 has an invalid length.
[  224.254974][ T9717] netlink: 40 bytes leftover after parsing attributes in process `syz.4.899'.
[  224.258944][ T9717] net veth1_virt_wifi virt_wifi0: entered promiscuous mode
[  224.262182][ T9717] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  224.266047][ T9717] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check.
[  224.422173][ T9745] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  224.436062][ T9729] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9)
[  224.441999][ T9729] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  224.477129][ T9729] vhci_hcd vhci_hcd.0: Device attached
[  224.756235][ T6022] usb 40-1: SetAddress Request (34) to port 0
[  224.758714][ T6022] usb 40-1: new SuperSpeed USB device number 34 using vhci_hcd
[  225.246938][ T9741] vhci_hcd: connection reset by peer
[  225.251015][ T4289] vhci_hcd vhci_hcd.1: stop threads
[  225.252847][ T4289] vhci_hcd vhci_hcd.1: release socket
[  225.255904][ T4289] vhci_hcd vhci_hcd.1: disconnect device
[  225.976209][ T6058] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  226.115987][ T6058] usb 5-1: device descriptor read/64, error -71
[  226.355955][ T6058] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  226.442902][ T9785] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(103)
[  226.445359][ T9785] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  226.448205][ T9785] vhci_hcd vhci_hcd.0: Device attached
[  226.496050][ T6058] usb 5-1: device descriptor read/64, error -71
[  226.617811][ T6058] usb usb5-port1: attempt power cycle
[  226.957353][ T6058] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  226.986646][ T6058] usb 5-1: device descriptor read/8, error -71
[  227.014564][ T9786] vhci_hcd: connection closed
[  227.014862][ T6327] vhci_hcd vhci_hcd.1: stop threads
[  227.019592][ T6327] vhci_hcd vhci_hcd.1: release socket
[  227.022092][ T6327] vhci_hcd vhci_hcd.1: disconnect device
[  227.041585][ T9793] mkiss: ax0: crc mode is auto.
[  227.153222][ T9798] netlink: 'syz.3.917': attribute type 1 has an invalid length.
[  227.158859][ T9798] loop5: detected capacity change from 0 to 7
[  227.163891][ T9798] Dev loop5: unable to read RDB block 7
[  227.165759][ T9798]  loop5: unable to read partition table
[  227.168760][ T9798] loop5: partition table beyond EOD, truncated
[  227.171187][ T9798] loop_reread_partitions: partition scan of loop5 (�被x������ ) failed (rc=-5)
[  227.246055][ T6058] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  227.356577][ T6058] usb 5-1: device descriptor read/8, error -71
[  227.476296][ T6058] usb usb5-port1: unable to enumerate USB device
[  227.556067][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  227.558791][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  228.906729][ T9809] netlink: 24 bytes leftover after parsing attributes in process `syz.1.919'.
[  228.937267][ T9809] netlink: 4 bytes leftover after parsing attributes in process `syz.1.919'.
[  229.291867][ T9815] netlink: 4 bytes leftover after parsing attributes in process `syz.0.920'.
[  229.808120][ T6022] usb 40-1: device descriptor read/8, error -110
[  229.880019][ T9851] fuse: Bad value for 'fd'
[  229.981924][ T9854] netlink: 4 bytes leftover after parsing attributes in process `syz.0.927'.
[  230.001740][ T9859] openvswitch: netlink: Missing key (keys=40, expected=80)
[  230.230351][ T6022] usb usb40-port1: attempt power cycle
[  230.265991][ T6671] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  230.284547][ T9863] ubi31: attaching mtd0
[  230.289870][ T9863] ubi31: scanning is finished
[  230.292333][ T9863] ubi31 error: ubi_read_volume_table: the layout volume was not found
[  230.297210][ T6033] vhci_hcd vhci_hcd.1: vhci_device speed not set
[  230.368512][ T9863] ubi31 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22
[  230.435984][ T6671] usb 8-1: Using ep0 maxpacket: 16
[  230.442467][ T6671] usb 8-1: config 1 has an invalid interface number: 4 but max is 2
[  230.447481][ T6671] usb 8-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  230.462263][ T6671] usb 8-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  230.466556][ T6671] usb 8-1: config 1 has no interface number 1
[  230.469168][ T6671] usb 8-1: too many endpoints for config 1 interface 4 altsetting 4: 57, using maximum allowed: 30
[  230.473895][ T6671] usb 8-1: config 1 interface 4 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 57
[  230.496021][ T6671] usb 8-1: config 1 interface 4 has no altsetting 0
[  230.501898][ T6671] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  230.505179][ T6671] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  230.515981][ T6671] usb 8-1: Product: 狇凯䧉헃폅垅堚
[  230.517957][ T6671] usb 8-1: Manufacturer: ႉ
[  230.519640][ T6671] usb 8-1: SerialNumber: 験㬋劜킷Ⲷ⩘ﮜ儒㉧㹃ⵗ㠬풫憍恻똶䞈䞽ࡘ忾멚凰枳サ朠嗰⥠অ㔾籃鄁芬埂僓㽻뗏眶諻뱼㏆단䜭ค봒袷 剂岒卟軣㫤
[  230.756012][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  230.759647][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  230.763333][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  230.766786][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  230.801198][ T9870] overlayfs: maximum fs stacking depth exceeded
[  230.943239][ T9861] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  230.948192][ T9861] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  230.958572][ T6671] usb 8-1: 0:2 : does not exist
[  230.979062][ T6671] usb 8-1: USB disconnect, device number 13
[  231.596959][ T6022] usb usb40-port1: unable to enumerate USB device
[  231.921873][ T9888] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  231.924873][ T9888] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  231.932872][ T9888] vhci_hcd vhci_hcd.0: Device attached
[  232.195951][   T24] usb 44-1: SetAddress Request (30) to port 0
[  232.198419][   T24] usb 44-1: new SuperSpeed USB device number 30 using vhci_hcd
[  232.295456][ T9901] kAFS: No cell specified
[  232.404211][ T9907] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  232.417105][ T9907] syz.1.943: attempt to access beyond end of device
[  232.417105][ T9907] sr0: rw=6144, sector=128, nr_sectors = 8 limit=128
[  232.421409][ T9907] gfs2: error -5 reading superblock
[  233.373563][ T9923] tipc: Started in network mode
[  233.375727][ T9923] tipc: Node identity e0000001, cluster identity 4711
[  233.380684][ T9923] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  233.695919][ T6021] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  233.835261][ T9889] vhci_hcd: connection reset by peer
[  233.872513][ T6021] usb 5-1: unable to get BOS descriptor or descriptor too short
[  233.877708][ T6021] usb 5-1: config 16 has an invalid interface number: 196 but max is 0
[  233.881121][ T6021] usb 5-1: config 16 has no interface number 0
[  233.884678][ T6021] usb 5-1: config 16 interface 196 altsetting 9 endpoint 0xD has invalid maxpacket 1023, setting to 64
[  233.886067][ T4289] vhci_hcd vhci_hcd.3: stop threads
[  233.891614][ T4289] vhci_hcd vhci_hcd.3: release socket
[  233.892780][ T6021] usb 5-1: config 16 interface 196 has no altsetting 0
[  233.894318][ T4289] vhci_hcd vhci_hcd.3: disconnect device
[  233.900986][ T6021] usb 5-1: New USB device found, idVendor=19d2, idProduct=1069, bcdDevice=c3.89
[  233.904077][ T6021] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.906855][ T6021] usb 5-1: Product: syz
[  233.908263][ T6021] usb 5-1: Manufacturer: syz
[  233.914719][ T6021] usb 5-1: SerialNumber: syz
[  234.121860][ T6021] option 5-1:16.196: GSM modem (1-port) converter detected
[  234.129109][ T6021] usb 5-1: USB disconnect, device number 8
[  234.132465][ T6021] option 5-1:16.196: device disconnected
[  234.503159][ T9946] netlink: 24 bytes leftover after parsing attributes in process `syz.1.952'.
[  234.567641][ T9948] netlink: 4 bytes leftover after parsing attributes in process `syz.3.954'.
[  234.831494][ T9943] netlink: 4 bytes leftover after parsing attributes in process `syz.1.952'.
[  235.216479][ T5944] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  235.221728][ T5944] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  235.224962][ T5944] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  235.229251][ T5944] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  235.232279][ T5944] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  235.574407][ T6327] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.609206][ T9960] wg2 speed is unknown, defaulting to 1000
[  235.671602][ T9968] 9p: Bad value for 'wfdno'
[  235.683223][ T6327] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.805960][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  235.886305][ T6327] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.978869][ T9960] chnl_net:caif_netlink_parms(): no params data found
[  236.053526][ T9960] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.056960][ T9960] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.060295][ T9960] bridge_slave_0: entered allmulticast mode
[  236.064533][ T9960] bridge_slave_0: entered promiscuous mode
[  236.069871][ T9960] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.072926][ T9960] bridge0: port 2(bridge_slave_1) entered disabled state
[  236.076097][ T9960] bridge_slave_1: entered allmulticast mode
[  236.080111][ T9960] bridge_slave_1: entered promiscuous mode
[  236.108601][ T9960] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  236.115371][ T9960] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  236.149193][ T9960] team0: Port device team_slave_0 added
[  236.157759][ T9960] team0: Port device team_slave_1 added
[  236.201183][ T6327] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.328194][ T9960] batman_adv: batadv0: Adding interface: batadv_slave_0
[  236.330491][ T9960] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  236.341001][ T9960] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  236.348229][ T9960] batman_adv: batadv0: Adding interface: batadv_slave_1
[  236.350881][ T9960] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  236.361962][ T9960] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  236.430167][ T9960] hsr_slave_0: entered promiscuous mode
[  236.433702][ T9960] hsr_slave_1: entered promiscuous mode
[  236.438148][ T9960] debugfs: 'hsr0' already exists in 'hsr'
[  236.440414][ T9960] Cannot create hsr debugfs directory
[  236.572277][ T6327] bridge_slave_1: left allmulticast mode
[  236.574357][ T6327] bridge_slave_1: left promiscuous mode
[  236.578236][ T6327] bridge0: port 2(bridge_slave_1) entered disabled state
[  236.583590][ T6327] bridge_slave_0: left allmulticast mode
[  236.588513][ T6327] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.865994][ T6024] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  237.045942][ T6024] usb 9-1: Using ep0 maxpacket: 16
[  237.049555][ T6024] usb 9-1: unable to get BOS descriptor or descriptor too short
[  237.057537][ T6024] usb 9-1: config 1 interface 0 altsetting 6 bulk endpoint 0x1 has invalid maxpacket 32
[  237.061040][ T6024] usb 9-1: config 1 interface 0 altsetting 6 bulk endpoint 0x82 has invalid maxpacket 32
[  237.065055][ T6024] usb 9-1: config 1 interface 0 has no altsetting 0
[  237.088050][ T6327] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  237.088837][ T6024] usb 9-1: string descriptor 0 read error: -22
[  237.097872][ T6024] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  237.098264][ T6327] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  237.101718][ T6024] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  237.106153][ T9986] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  237.116155][ T9986] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  237.127109][ T6327] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  237.138660][ T6327] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  237.147676][ T6327] bond0 (unregistering): Released all slaves
[  237.174629][ T9991] lo: entered allmulticast mode
[  237.186073][ T9991] tunl0: entered allmulticast mode
[  237.198968][ T9991] gre0: entered allmulticast mode
[  237.213234][ T9991] gretap0: entered allmulticast mode
[  237.227733][ T9991] erspan0: entered allmulticast mode
[  237.236696][ T9991] ip_vti0: entered allmulticast mode
[  237.240110][   T24] usb 44-1: device descriptor read/8, error -110
[  237.249275][ T9991] ip6_vti0: entered allmulticast mode
[  237.255141][ T9991] sit0: entered allmulticast mode
[  237.271826][ T9991] ip6tnl0: entered allmulticast mode
[  237.277203][ T9991] ip6gre0: entered allmulticast mode
[  237.306569][ T9991] syz_tun: entered allmulticast mode
[  237.316276][ T5952] Bluetooth: hci1: command tx timeout
[  237.320512][ T9991] ip6gretap0: entered allmulticast mode
[  237.327062][ T9991] vcan0: entered allmulticast mode
[  237.330986][ T6024] usblp 9-1:1.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 6 proto 2 vid 0x0525 pid 0xA4A8
[  237.331874][ T9991] bond0: entered allmulticast mode
[  237.337388][ T9991] bond1: entered allmulticast mode
[  237.339216][ T9991] dummy0: entered allmulticast mode
[  237.356404][ T9991] nlmon0: entered allmulticast mode
[  237.360862][ T9991] caif0: entered allmulticast mode
[  237.363006][ T9991] batadv0: entered allmulticast mode
[  237.366624][ T6024] usb 9-1: USB disconnect, device number 3
[  237.369020][ T9991] vxcan0: entered allmulticast mode
[  237.373022][ T9991] vxcan1: entered allmulticast mode
[  237.377431][ T9991] veth0: entered allmulticast mode
[  237.384853][ T6024] usblp0: removed
[  237.384869][ T9991] veth1: entered allmulticast mode
[  237.391997][ T9991] wg0: entered allmulticast mode
[  237.406215][ T9991] wg1: entered allmulticast mode
[  237.411200][ T9991] wg2: entered allmulticast mode
[  237.416619][ T9991] veth0_to_bridge: entered allmulticast mode
[  237.423269][ T9991] bridge_slave_0: entered allmulticast mode
[  237.429236][ T9991] veth1_to_bridge: entered allmulticast mode
[  237.437446][ T9991] bridge_slave_1: entered allmulticast mode
[  237.449813][ T9991] bond_slave_0: entered allmulticast mode
[  237.453805][ T9991] veth1_to_bond: entered allmulticast mode
[  237.459356][ T9991] bond_slave_1: entered allmulticast mode
[  237.462913][ T9991] veth0_to_team: entered allmulticast mode
[  237.466798][ T9991] team_slave_0: entered allmulticast mode
[  237.476646][ T9991] veth1_to_team: entered allmulticast mode
[  237.481143][ T9991] team_slave_1: entered allmulticast mode
[  237.485703][ T9991] veth0_to_batadv: entered allmulticast mode
[  237.493177][ T9991] batadv_slave_0: entered allmulticast mode
[  237.500446][ T9991] veth1_to_batadv: entered allmulticast mode
[  237.508418][ T9991] batadv_slave_1: entered allmulticast mode
[  237.513160][ T9991] xfrm0: entered allmulticast mode
[  237.520395][ T9991] veth0_to_hsr: entered allmulticast mode
[  237.525947][ T9991] hsr_slave_0: entered allmulticast mode
[  237.533031][ T9991] veth1_to_hsr: entered allmulticast mode
[  237.541656][ T9991] hsr_slave_1: entered allmulticast mode
[  237.551397][ T9991] hsr0: entered allmulticast mode
[  237.560673][ T9991] veth1_virt_wifi: entered allmulticast mode
[  237.569634][ T9991] veth0_virt_wifi: entered allmulticast mode
[  237.577802][ T9991] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  237.582182][ T9991] veth1_macvtap: entered allmulticast mode
[  237.591373][ T9991] veth0_macvtap: entered allmulticast mode
[  237.601428][ T9991] macvtap0: entered allmulticast mode
[  237.608101][ T9991] macsec0: entered allmulticast mode
[  237.614557][ T9991] geneve0: entered allmulticast mode
[  237.620743][ T9991] geneve1: entered allmulticast mode
[  237.626165][ T9991] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[  237.626459][   T24] usb usb44-port1: attempt power cycle
[  237.628615][ T9991] vlan2: entered allmulticast mode
[  237.632377][ T9991] bridge0: entered allmulticast mode
[  237.637238][ T9991] wireguard0: entered allmulticast mode
[  237.644878][ T9991] ip6gretap1: entered allmulticast mode
[  237.651835][ T9991] gre1: entered allmulticast mode
[  237.654782][ T9991] netdevsim netdevsim1 eth0: entered allmulticast mode
[  237.657995][ T9991] netdevsim netdevsim1 eth1: entered allmulticast mode
[  237.660454][ T9991] netdevsim netdevsim1 eth2: entered allmulticast mode
[  237.662890][ T9991] netdevsim netdevsim1 eth3: entered allmulticast mode
[  237.665280][ T9991] vxcan2: entered allmulticast mode
[  237.667275][ T9991] vxcan3: left promiscuous mode
[  237.669028][ T9991] macvlan2: entered allmulticast mode
[  237.671303][ T9991] bond2: entered allmulticast mode
[  237.673619][ T9991] veth2: entered allmulticast mode
[  237.675591][ T9991] veth3: entered allmulticast mode
[  237.687401][ T6327] tipc: Disabling bearer <eth:syzkaller0>
[  237.690335][ T9994] netlink: 32 bytes leftover after parsing attributes in process `syz.3.965'.
[  237.693346][ T6327] tipc: Left network mode
[  237.712539][ T9994] netlink: 32 bytes leftover after parsing attributes in process `syz.3.965'.
[  237.720127][ T9995] netlink: 32 bytes leftover after parsing attributes in process `syz.3.965'.
[  237.723597][ T9995] netlink: 32 bytes leftover after parsing attributes in process `syz.3.965'.
[  237.730344][ T6342] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  237.733092][ T6058] wg2 speed is unknown, defaulting to 1000
[  237.734993][ T6058] syz2: Port: 1 Link DOWN
[  237.741751][ T6342] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  237.744287][ T6342] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  237.792406][ T6342] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  237.795115][ T6058] wg2 speed is unknown, defaulting to 1000
[  237.838319][ T9960] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  237.958356][ T9960] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  238.007205][ T9960] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  238.018114][ T9960] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  238.228965][   T24] usb usb44-port1: unable to enumerate USB device
[  238.273626][ T9960] 8021q: adding VLAN 0 to HW filter on device bond0
[  238.293036][ T9960] 8021q: adding VLAN 0 to HW filter on device team0
[  238.299185][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  238.301641][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  238.308102][T10016] netlink: 'syz.1.971': attribute type 4 has an invalid length.
[  238.311245][T10016] netlink: 17 bytes leftover after parsing attributes in process `syz.1.971'.
[  238.311840][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  238.317850][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  238.484408][ T6327] hsr_slave_0: left promiscuous mode
[  238.496043][ T6327] hsr_slave_1: left promiscuous mode
[  238.498362][ T6327] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  238.500779][ T6327] batman_adv: batadv0: Removing interface: batadv_slave_0
[  238.503888][ T6327] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  238.513911][ T6327] batman_adv: batadv0: Removing interface: batadv_slave_1
[  238.524374][ T6327] veth1_macvtap: left promiscuous mode
[  238.526837][ T6327] veth0_macvtap: left promiscuous mode
[  238.528867][ T6327] veth1_vlan: left promiscuous mode
[  238.530601][ T6327] veth0_vlan: left promiscuous mode
[  238.651246][ T6327] team0 (unregistering): Port device batadv1 removed
[  239.076243][    C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  239.080315][    C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  239.083953][    C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  239.188721][T10033] netlink: 4 bytes leftover after parsing attributes in process `syz.4.974'.
[  239.405946][ T5952] Bluetooth: hci1: command tx timeout
[  239.446001][ T6327] team0 (unregistering): Port device team_slave_1 removed
[  239.538178][ T6327] team0 (unregistering): Port device team_slave_0 removed
[  240.158886][T10040] IPVS: Error connecting to the multicast addr
[  240.193719][ T9960] 8021q: adding VLAN 0 to HW filter on device batadv0
[  240.428310][ T9960] veth0_vlan: entered promiscuous mode
[  240.434612][ T9960] veth1_vlan: entered promiscuous mode
[  240.461948][ T9960] veth0_macvtap: entered promiscuous mode
[  240.467955][ T9960] veth1_macvtap: entered promiscuous mode
[  240.492420][ T9960] batman_adv: batadv0: Interface activated: batadv_slave_0
[  240.500818][ T9960] batman_adv: batadv0: Interface activated: batadv_slave_1
[  240.507773][ T6342] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  240.520674][ T6342] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  240.554645][ T6342] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  240.581327][ T6342] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  240.633466][ T6342] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  240.637275][ T6342] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  240.676972][ T6342] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  240.679713][ T6342] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  240.754772][ T6327] IPVS: stop unused estimator thread 0...
[  240.819940][T10060] overlayfs: failed to clone lowerpath
[  241.476083][ T5944] Bluetooth: hci1: command tx timeout
[  242.756116][ T5944] Bluetooth: hci5: command 0x1003 tx timeout
[  242.759976][ T5952] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  243.556061][ T5952] Bluetooth: hci1: command tx timeout
[  244.836121][    C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  244.839121][    C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  244.841890][    C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  244.844763][    C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  245.077098][T10096] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  245.124256][T10096] netlink: 'syz.1.986': attribute type 4 has an invalid length.
[  245.860545][T10119] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  246.532016][T10145] netlink: 52 bytes leftover after parsing attributes in process `syz.3.995'.
[  246.541139][T10145] bridge0: port 1(team0) entered blocking state
[  246.544043][T10145] bridge0: port 1(team0) entered disabled state
[  246.547030][T10145] team0: entered allmulticast mode
[  246.551715][T10145] team0: entered promiscuous mode
[  246.568750][T10145] netlink: 4 bytes leftover after parsing attributes in process `syz.3.995'.
[  246.572631][T10145] team0: left allmulticast mode
[  246.574781][T10145] team0: left promiscuous mode
[  246.577218][T10145] bridge0: port 1(team0) entered disabled state
[  247.313960][T10165] netlink: 14 bytes leftover after parsing attributes in process `syz.1.998'.
[  247.430408][T10164] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  247.559828][ T6671] hid-generic 0003:0003:0000.0005: unknown main item tag 0x0
[  247.562958][ T6671] hid-generic 0003:0003:0000.0005: unknown main item tag 0x0
[  247.572408][T10173] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  247.576695][ T6671] hid-generic 0003:0003:0000.0005: unknown main item tag 0x0
[  247.585904][ T6671] hid-generic 0003:0003:0000.0005: hidraw0: USB HID v0.00 Device [syz1] on syz1
[  247.606582][T10173] 9p: Bad value for 'source'
[  248.087695][ T6337] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  248.091702][ T6337] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  248.099252][ T6337] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  248.115620][ T6337] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  248.231964][ T5952] Bluetooth: hci2: unexpected event for opcode 0x2023
[  248.626946][T10189] 9p: Bad value for 'wfdno'
[  249.184719][T10183] Process accounting resumed
[  249.664365][T10204] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1009'.
[  249.667497][T10204] openvswitch: netlink: Flow key attr not present in new flow.
[  250.349469][T10215] netlink: 'syz.4.1011': attribute type 24 has an invalid length.
[  250.355321][T10215] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1011'.
[  250.434716][T10215] bond1: option ad_actor_sys_prio: invalid value (0)
[  250.445960][T10215] bond1: option ad_actor_sys_prio: allowed values 1 - 65535
[  250.452470][T10215] bond1 (unregistering): Released all slaves
[  250.540367][T10219] tmpfs: Cannot disable swap on remount
[  250.635367][T10221] wg2 speed is unknown, defaulting to 1000
[  251.500222][T10243] netlink: 16410 bytes leftover after parsing attributes in process `syz.4.1017'.
[  251.579878][T10245] overlayfs: failed to resolve './file0': -2
[  252.054736][T10252] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1021'.
[  252.082790][T10254] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1022'.
[  252.219595][T10257] 9p: Bad value for 'wfdno'
[  252.725264][T10275] pim6reg: entered allmulticast mode
[  252.733512][T10275] pim6reg: left allmulticast mode
[  253.042533][T10284] netlink: 'syz.3.1030': attribute type 17 has an invalid length.
[  253.045385][T10284] netlink: 5 bytes leftover after parsing attributes in process `syz.3.1030'.
[  253.280791][T10291] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1033'.
[  254.888600][T10324] wg2 speed is unknown, defaulting to 1000
[  256.027519][T10337] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7)
[  256.030522][T10337] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  256.088152][T10337] vhci_hcd vhci_hcd.0: Device attached
[  256.366248][ T6022] usb 48-1: SetAddress Request (2) to port 0
[  256.369110][ T6022] usb 48-1: new SuperSpeed USB device number 2 using vhci_hcd
[  257.928091][T10338] vhci_hcd: connection reset by peer
[  257.970107][ T1155] vhci_hcd vhci_hcd.5: stop threads
[  257.972158][ T1155] vhci_hcd vhci_hcd.5: release socket
[  257.985110][ T1155] vhci_hcd vhci_hcd.5: disconnect device
[  258.384197][T10348] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1046'.
[  258.663858][T10357] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1045'.
[  258.667469][T10357] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1045'.
[  258.738953][T10358] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1045'.
[  258.742508][T10358] netlink: 'syz.3.1045': attribute type 15 has an invalid length.
[  258.746826][T10358] netlink: 'syz.3.1045': attribute type 18 has an invalid length.
[  258.772065][T10358] vxlan0: entered promiscuous mode
[  259.274198][ T6030] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  259.278125][ T6342] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  259.282316][ T6342] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  259.286926][ T6342] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  259.292547][ T6342] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  259.436964][ T6030] usb 9-1: Using ep0 maxpacket: 16
[  259.442707][ T6030] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  259.451919][ T6030] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  259.456591][ T6030] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  259.460863][ T6030] usb 9-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  259.464131][ T6030] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  259.468601][ T6030] usb 9-1: config 0 descriptor??
[  259.878721][ T6030] shield 0003:0955:7214.0006: unknown main item tag 0x0
[  259.881851][ T6030] shield 0003:0955:7214.0006: unknown main item tag 0x0
[  259.884805][ T6030] shield 0003:0955:7214.0006: unknown main item tag 0x0
[  259.888106][ T6030] shield 0003:0955:7214.0006: unknown main item tag 0x0
[  259.890963][ T6030] shield 0003:0955:7214.0006: unknown main item tag 0x0
[  259.899000][ T6030] input: HID 0955:7214 Haptics as /devices/virtual/input/input17
[  259.997720][ T6030] shield 0003:0955:7214.0006: Registered Thunderstrike controller
[  260.000949][ T6030] shield 0003:0955:7214.0006: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0
[  260.090251][ T6033] shield 0003:0955:7214.0006: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  260.098317][   T24] usb 9-1: USB disconnect, device number 4
[  260.105254][ T6033] shield 0003:0955:7214.0006: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  260.110341][ T6033] shield 0003:0955:7214.0006: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  260.115246][ T6033] shield 0003:0955:7214.0006: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  260.277470][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[  260.279561][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[  261.138298][T10400] overlayfs: failed to clone upperpath
[  261.173186][T10400] overlayfs: failed to clone upperpath
[  261.182172][   T40] kauditd_printk_skb: 497 callbacks suppressed
[  261.182189][   T40] audit: type=1800 audit(2000000159.889:906): pid=10400 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1059" name="#1602" dev="tmpfs" ino=1602 res=0 errno=0
[  261.227708][T10398] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1057'.
[  261.475989][ T6022] usb 48-1: device descriptor read/8, error -110
[  261.827630][T10415] bond3: option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  261.837187][T10415] bond3 (unregistering): Released all slaves
[  261.866259][T10417] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  261.968872][ T6022] usb usb48-port1: attempt power cycle
[  262.772406][T10428] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1066'.
[  262.787472][ T6022] usb usb48-port1: unable to enumerate USB device
[  262.938802][T10433] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1068'.
[  262.992175][T10433] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1068'.
[  263.044089][T10434] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1068'.
[  263.047331][T10434] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1068'.
[  263.523269][   T40] audit: type=1326 audit(2000000162.229:907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.5.1075" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d579 code=0x7ffc0000
[  263.534600][   T40] audit: type=1326 audit(2000000162.239:908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.5.1075" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d579 code=0x7ffc0000
[  263.549742][   T40] audit: type=1326 audit(2000000162.249:909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.5.1075" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf703d579 code=0x7ffc0000
[  263.563052][   T40] audit: type=1326 audit(2000000162.249:910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.5.1075" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d579 code=0x7ffc0000
[  263.571795][   T40] audit: type=1326 audit(2000000162.249:911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.5.1075" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d579 code=0x7ffc0000
[  263.580683][   T40] audit: type=1326 audit(2000000162.259:912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.5.1075" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf703d579 code=0x7ffc0000
[  263.590330][   T40] audit: type=1326 audit(2000000162.259:913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.5.1075" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d579 code=0x7ffc0000
[  263.674320][   T40] audit: type=1326 audit(2000000162.259:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.5.1075" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d579 code=0x7ffc0000
[  263.691025][   T40] audit: type=1326 audit(2000000162.259:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.5.1075" exe="/syz-executor" sig=0 arch=40000003 syscall=120 compat=1 ip=0xf703d579 code=0x7ffc0000
[  264.437807][T10483] bridge0: port 3(erspan0) entered blocking state
[  264.440831][T10483] bridge0: port 3(erspan0) entered disabled state
[  264.458541][T10483] erspan0: entered allmulticast mode
[  264.465476][T10486] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT
[  264.470578][T10483] erspan0: entered promiscuous mode
[  264.476495][T10483] bridge0: port 3(erspan0) entered blocking state
[  264.479635][T10483] bridge0: port 3(erspan0) entered forwarding state
[  264.486843][T10490] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT
[  264.725965][ T6021] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  264.827085][T10508] netlink: 'syz.5.1087': attribute type 1 has an invalid length.
[  264.848234][T10508] 8021q: adding VLAN 0 to HW filter on device bond2
[  264.877237][T10508] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1087'.
[  264.885148][ T5952] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  264.885902][ T6021] usb 6-1: Using ep0 maxpacket: 16
[  264.889651][ T5952] CPU: 2 UID: 0 PID: 5952 Comm: kworker/u33:7 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  264.889685][ T5952] Tainted: [L]=SOFTLOCKUP
[  264.889691][ T5952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  264.889705][ T5952] Workqueue: hci1 hci_rx_work
[  264.889735][ T5952] Call Trace:
[  264.889743][ T5952]  <TASK>
[  264.889754][ T5952]  dump_stack_lvl+0x16c/0x1f0
[  264.889784][ T5952]  sysfs_warn_dup+0x7f/0xa0
[  264.889809][ T5952]  sysfs_create_dir_ns+0x24b/0x2b0
[  264.889829][ T5952]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  264.889849][ T5952]  ? find_held_lock+0x2b/0x80
[  264.889879][ T5952]  ? do_raw_spin_unlock+0x172/0x230
[  264.889902][ T5952]  kobject_add_internal+0x2c4/0x9d0
[  264.889924][ T5952]  kobject_add+0x16e/0x240
[  264.889948][ T5952]  ? __pfx_kobject_add+0x10/0x10
[  264.889973][ T5952]  ? kobject_put+0xaf/0x6f0
[  264.890002][ T5952]  ? _raw_spin_unlock+0x28/0x50
[  264.890033][ T5952]  device_add+0x288/0x1980
[  264.890060][ T5952]  ? __pfx_dev_set_name+0x10/0x10
[  264.890088][ T5952]  ? __pfx_device_add+0x10/0x10
[  264.890122][ T5952]  ? mgmt_send_event_skb+0x2fb/0x460
[  264.890156][ T5952]  hci_conn_add_sysfs+0x1a8/0x260
[  264.890189][ T5952]  le_conn_complete_evt+0x11ed/0x1fa0
[  264.890223][ T5952]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  264.890256][ T5952]  hci_le_conn_complete_evt+0x23c/0x3a0
[  264.890287][ T5952]  hci_le_meta_evt+0x357/0x610
[  264.890312][ T5952]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  264.890340][ T5952]  hci_event_packet+0x685/0x1210
[  264.890364][ T5952]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  264.890390][ T5952]  ? __pfx_hci_event_packet+0x10/0x10
[  264.890417][ T5952]  ? kcov_remote_start+0x399/0x680
[  264.890445][ T5952]  ? lockdep_hardirqs_on+0x7c/0x110
[  264.890478][ T5952]  hci_rx_work+0x2c9/0x1020
[  264.890507][ T5952]  process_one_work+0x9ba/0x1b20
[  264.890540][ T5952]  ? __pfx_process_one_work+0x10/0x10
[  264.890567][ T5952]  ? assign_work+0x1a0/0x250
[  264.890592][ T5952]  worker_thread+0x6c8/0xf10
[  264.890625][ T5952]  ? __pfx_worker_thread+0x10/0x10
[  264.890646][ T5952]  kthread+0x3c5/0x780
[  264.890667][ T5952]  ? __pfx_kthread+0x10/0x10
[  264.890688][ T5952]  ? rcu_is_watching+0x12/0xc0
[  264.890714][ T5952]  ? __pfx_kthread+0x10/0x10
[  264.890734][ T5952]  ret_from_fork+0x983/0xb10
[  264.890755][ T5952]  ? __pfx_ret_from_fork+0x10/0x10
[  264.890776][ T5952]  ? __switch_to+0x7af/0x10d0
[  264.890805][ T5952]  ? __pfx_kthread+0x10/0x10
[  264.890824][ T5952]  ret_from_fork_asm+0x1a/0x30
[  264.890869][ T5952]  </TASK>
[  264.890899][ T5952] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  264.894883][ T6021] usb 6-1: config 6 has an invalid interface number: 174 but max is 0
[  264.897105][ T5952] Bluetooth: hci1: failed to register connection device
[  264.898573][ T6021] usb 6-1: config 6 contains an unexpected descriptor of type 0x2, skipping
[  264.898596][ T6021] usb 6-1: config 6 has no interface number 0
[  264.898632][ T6021] usb 6-1: config 6 interface 174 altsetting 9 has a duplicate endpoint with address 0x9, skipping
[  264.993495][T10515] netlink: 824 bytes leftover after parsing attributes in process `syz.5.1087'.
[  264.997961][ T6021] usb 6-1: config 6 interface 174 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  265.023920][ T6021] usb 6-1: config 6 interface 174 altsetting 9 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  265.023943][ T6021] usb 6-1: config 6 interface 174 altsetting 9 endpoint 0xB has invalid maxpacket 1024, setting to 64
[  265.023958][ T6021] usb 6-1: config 6 interface 174 altsetting 9 has a duplicate endpoint with address 0xE, skipping
[  265.023972][ T6021] usb 6-1: config 6 interface 174 altsetting 9 has a duplicate endpoint with address 0x1, skipping
[  265.023986][ T6021] usb 6-1: config 6 interface 174 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  265.023999][ T6021] usb 6-1: config 6 interface 174 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  265.024011][ T6021] usb 6-1: config 6 interface 174 altsetting 9 has a duplicate endpoint with address 0x1, skipping
[  265.024024][ T6021] usb 6-1: config 6 interface 174 has no altsetting 0
[  265.025581][ T6021] usb 6-1: New USB device found, idVendor=12d1, idProduct=1406, bcdDevice= 0.00
[  265.025598][ T6021] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.025610][ T6021] usb 6-1: Manufacturer: 칝湣溏젳厇ↀ㵲⥁﾿⡽謹쌍혥틁൑ꕽ얌륂吸儐㜷㉾喎Ļ๭항巗횺
[  265.025622][ T6021] usb 6-1: SerialNumber: 倊
[  265.027468][T10488] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  265.027836][T10488] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  265.817215][T10537] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1092'.
[  266.345389][T10543] binder: 10542:10543 ioctl 4018620d 0 returned -22
[  266.989878][ T6021] usb-storage 6-1:6.174: USB Mass Storage device detected
[  267.212981][ T6021] usb 6-1: USB disconnect, device number 9
[  268.430722][T10582] netlink: 'syz.5.1103': attribute type 39 has an invalid length.
[  268.440185][T10582] veth0_macvtap: left promiscuous mode
[  269.180146][T10598] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1108'.
[  269.434068][T10608] netlink: 'syz.4.1111': attribute type 6 has an invalid length.
[  269.447396][T10608] netlink: 'syz.4.1111': attribute type 6 has an invalid length.
[  271.026653][T10622] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  271.028832][T10622] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  271.036651][T10622] vhci_hcd vhci_hcd.0: Device attached
[  271.209309][ T5952] Bluetooth: hci3: unexpected event for opcode 0x0000
[  271.435940][ T6021] usb 46-1: SetAddress Request (2) to port 0
[  271.438576][ T6021] usb 46-1: new SuperSpeed USB device number 2 using vhci_hcd
[  271.621980][T10623] vhci_hcd: connection reset by peer
[  271.624510][ T1142] vhci_hcd vhci_hcd.4: stop threads
[  271.627658][ T1142] vhci_hcd vhci_hcd.4: release socket
[  271.630216][ T1142] vhci_hcd vhci_hcd.4: disconnect device
[  271.893061][T10632] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11)
[  271.895865][T10632] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  271.942937][T10632] vhci_hcd vhci_hcd.0: Device attached
[  272.209333][T10648] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1118'.
[  272.216803][ T6671] usb 40-1: SetAddress Request (38) to port 0
[  272.218991][ T6671] usb 40-1: new SuperSpeed USB device number 38 using vhci_hcd
[  272.517389][T10633] vhci_hcd: connection reset by peer
[  272.521899][ T6333] vhci_hcd vhci_hcd.1: stop threads
[  272.525642][ T6333] vhci_hcd vhci_hcd.1: release socket
[  272.528658][ T6333] vhci_hcd vhci_hcd.1: disconnect device
[  273.157717][ T5952] Bluetooth: hci1: command 0x0405 tx timeout
[  273.943828][T10666] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1122'.
[  273.947808][T10666] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1122'.
[  273.950862][T10666] netlink: 176 bytes leftover after parsing attributes in process `syz.4.1122'.
[  275.248153][ T5944] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  275.251024][ T5944] Bluetooth: hci3: Injecting HCI hardware error event
[  275.254789][ T5944] Bluetooth: hci3: hardware error 0x00
[  275.747063][T10681] binder: 10680:10681 ioctl 400c620e 80000680 returned -22
[  275.945624][T10684] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1127'.
[  276.183738][T10686] securityfs: Unknown parameter 'norecovery'
[  276.222498][T10686] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer.
[  276.515962][ T6021] usb 46-1: device descriptor read/8, error -110
[  276.890418][   T40] kauditd_printk_skb: 45 callbacks suppressed
[  276.890430][   T40] audit: type=1804 audit(2000000175.599:961): pid=10696 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1130" name="/newroot/308/file0/bus" dev="9p" ino=71827933 res=1 errno=0
[  277.066921][ T6021] usb usb46-port1: attempt power cycle
[  277.315974][ T6671] usb 40-1: device descriptor read/8, error -110
[  277.315996][ T5944] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  277.636349][ T6021] usb usb46-port1: unable to enumerate USB device
[  277.679441][T10702] input: syz1 as /devices/virtual/input/input19
[  277.706754][ T6671] usb usb40-port1: attempt power cycle
[  277.737196][   T40] audit: type=1326 audit(2000000176.449:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10700 comm="syz.1.1131" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f52579 code=0x0
[  278.268218][ T6671] usb usb40-port1: unable to enumerate USB device
[  280.822796][T10726] Process accounting paused
[  280.939428][T10730] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  280.942004][T10730] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  280.979705][T10730] vhci_hcd vhci_hcd.0: Device attached
[  281.255965][ T6671] usb 40-1: SetAddress Request (42) to port 0
[  281.256022][ T6671] usb 40-1: new SuperSpeed USB device number 42 using vhci_hcd
[  281.274088][T10739] syz2: rxe_newlink: already configured on wg2
[  281.436167][T10734] vhci_hcd: connection reset by peer
[  281.438802][ T1155] vhci_hcd vhci_hcd.1: stop threads
[  281.440908][ T1155] vhci_hcd vhci_hcd.1: release socket
[  281.443408][ T1155] vhci_hcd vhci_hcd.1: disconnect device
[  282.146457][T10741] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1142'.
[  282.579264][T10752] overlayfs: failed to clone upperpath
[  285.033506][T10784] pim6reg: entered allmulticast mode
[  285.243966][T10784] fuse: Unknown parameter '�'
[  285.935046][T10794] netlink: 'syz.4.1155': attribute type 3 has an invalid length.
[  285.938699][T10794] netlink: 118428 bytes leftover after parsing attributes in process `syz.4.1155'.
[  286.082135][T10800] IPVS: set_ctl: invalid protocol: 1 0.0.0.0:1536
[  286.186356][T10800] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1157'.
[  286.366112][ T6671] usb 40-1: device descriptor read/8, error -110
[  286.418750][T10801] overlay: ./bus is not a directory
[  286.594656][T10813] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  286.594656][T10813]    program syz.1.1161 not setting count and/or reply_len properly
[  286.768434][ T6671] usb usb40-port1: attempt power cycle
[  287.347027][ T6671] usb usb40-port1: unable to enumerate USB device
[  287.517447][T10821] input: syz0 as /devices/virtual/input/input20
[  287.921485][T10836] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  287.921516][T10836] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  287.921667][T10836] vhci_hcd vhci_hcd.0: Device attached
[  287.939236][T10836] geneve0: mtu less than device minimum
[  288.286146][ T6033] usb 40-1: SetAddress Request (46) to port 0
[  288.288903][ T6033] usb 40-1: new SuperSpeed USB device number 46 using vhci_hcd
[  288.305865][T10837] vhci_hcd: connection closed
[  288.306051][ T6327] vhci_hcd vhci_hcd.1: stop threads
[  288.315879][ T6327] vhci_hcd vhci_hcd.1: release socket
[  288.317788][ T6327] vhci_hcd vhci_hcd.1: disconnect device
[  288.879829][T10850] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1168'.
[  289.247549][T10869] gretap1: entered promiscuous mode
[  289.287879][T10871] netlink: 'syz.1.1178': attribute type 10 has an invalid length.
[  289.290429][T10871] dummy0: left allmulticast mode
[  289.292462][T10871] netlink: 'syz.1.1178': attribute type 10 has an invalid length.
[  289.297705][T10871] dummy0: entered allmulticast mode
[  289.299573][T10871] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  289.303769][T10871] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1178'.
[  289.556082][ T5944] Bluetooth: hci0: command 0x0c1a tx timeout
[  289.556078][ T6671] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  289.570499][ T6671] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[  290.674013][T10890] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1181'.
[  290.681309][T10890] erspan0: left allmulticast mode
[  290.685062][T10890] erspan0: left promiscuous mode
[  290.695230][T10890] bridge0: port 3(erspan0) entered disabled state
[  290.901550][T10890] bridge_slave_1: left allmulticast mode
[  290.904712][T10890] bridge_slave_1: left promiscuous mode
[  290.909880][T10890] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.956675][T10890] bridge_slave_0: left allmulticast mode
[  290.959355][T10890] bridge_slave_0: left promiscuous mode
[  290.963872][T10890] bridge0: port 1(bridge_slave_0) entered disabled state
[  291.256989][T10904] cgroup: Name too long
[  291.522251][T10913] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1184'.
[  291.635898][ T6671] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  291.635931][ T5944] Bluetooth: hci2: command 0x0c1a tx timeout
[  291.638640][ T6671] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  292.046000][ T6058] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  292.270199][ T6058] usb 10-1: config index 0 descriptor too short (expected 39, got 27)
[  292.355960][ T6058] usb 10-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  292.370431][ T6058] usb 10-1: config 0 interface 0 has no altsetting 0
[  292.396352][T10930] overlayfs: option "index=on" is useless in a non-upper mount, ignore
[  292.436526][ T6058] usb 10-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  292.444910][ T6058] usb 10-1: New USB device strings: Mfr=1, Product=228, SerialNumber=0
[  292.451284][ T6058] usb 10-1: Product: syz
[  292.457852][ T6058] usb 10-1: Manufacturer: syz
[  292.490167][ T6058] usb 10-1: config 0 descriptor??
[  292.519105][ T6058] hub 10-1:0.0: bad descriptor, ignoring hub
[  292.525272][ T6058] hub 10-1:0.0: probe with driver hub failed with error -5
[  292.554450][ T6058] usb 10-1: selecting invalid altsetting 0
[  292.594544][T10937] netlink: zone id is out of range
[  292.605982][T10937] netlink: zone id is out of range
[  292.638380][T10937] netlink: zone id is out of range
[  292.640583][T10937] netlink: set zone limit has 8 unknown bytes
[  293.315986][ T6033] usb 40-1: device descriptor read/8, error -110
[  293.708736][ T6033] usb usb40-port1: attempt power cycle
[  293.715994][ T6671] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[  293.718733][ T6671] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[  293.725884][    C2] ------------[ cut here ]------------
[  293.728935][    C2] workqueue: cannot queue hci_cmd_timeout on wq hci4
[  293.731739][    C2] WARNING: kernel/workqueue.c:2251 at __queue_work+0xc9d/0x10e0, CPU#2: syz-executor/5948
[  293.736089][    C2] Modules linked in:
[  293.738342][    C2] CPU: 2 UID: 0 PID: 5948 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  293.743042][    C2] Tainted: [L]=SOFTLOCKUP
[  293.744894][    C2] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  293.749454][    C2] RIP: 0010:__queue_work+0xca1/0x10e0
[  293.751769][    C2] Code: 78 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 0c 04 00 00 48 8d 3d 03 8e 07 0f 48 8b 75 18 <67> 48 0f b9 3a e9 90 f7 ff ff e8 50 11 3a 00 90 0f 0b 90 e9 15 f6
[  293.759923][    C2] RSP: 0018:ffffc90000538be8 EFLAGS: 00010046
[  293.762318][    C2] RAX: dffffc0000000000 RBX: 0000000000000100 RCX: 1ffff11009e9c951
[  293.765282][    C2] RDX: ffff88802470c178 RSI: ffffffff8a68c4a0 RDI: ffffffff908bd2d0
[  293.768427][    C2] RBP: ffff88804f4e4a70 R08: 0000000000000005 R09: 0000000000000000
[  293.771249][    C2] R10: 0000000000000100 R11: ffff8880250c2ff0 R12: 1ffff920000a718f
[  293.773764][    C2] R13: ffffffff81845610 R14: 0000000000000101 R15: ffff88802470c000
[  293.776330][    C2] FS:  0000000000000000(0000) GS:ffff8880978fd000(0063) knlGS:0000000056892440
[  293.779454][    C2] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  293.781985][    C2] CR2: 0000000080dc4000 CR3: 000000004d41b000 CR4: 0000000000352ef0
[  293.784580][    C2] Call Trace:
[  293.785707][    C2]  <IRQ>
[  293.786707][    C2]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  293.788546][    C2]  call_timer_fn+0x19a/0x5a0
[  293.790063][    C2]  ? __pfx_call_timer_fn+0x10/0x10
[  293.791690][    C2]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  293.793557][    C2]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  293.795413][    C2]  ? __run_timers+0x559/0xae0
[  293.796919][    C2]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  293.798759][    C2]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  293.800608][    C2]  __run_timers+0x569/0xae0
[  293.802103][    C2]  ? __pfx___run_timers+0x10/0x10
[  293.803691][    C2]  run_timer_base+0x114/0x190
[  293.805199][    C2]  ? __pfx_run_timer_base+0x10/0x10
[  293.806876][    C2]  ? rcu_is_watching+0x12/0xc0
[  293.808415][    C2]  run_timer_softirq+0x1a/0x40
[  293.809954][    C2]  handle_softirqs+0x219/0x950
[  293.811494][    C2]  ? __pfx_handle_softirqs+0x10/0x10
[  293.813204][    C2]  __irq_exit_rcu+0x109/0x170
[  293.814707][    C2]  irq_exit_rcu+0x9/0x30
[  293.816062][    C2]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  293.817862][    C2]  </IRQ>
[  293.818818][    C2]  <TASK>
[  293.819772][    C2]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  293.821691][    C2] RIP: 0010:_raw_spin_unlock_irq+0x29/0x50
[  293.823551][    C2] Code: 90 f3 0f 1e fa 53 48 8b 74 24 08 48 89 fb 48 83 c7 18 e8 9a 45 21 f6 48 89 df e8 52 98 21 f6 e8 2d 41 4e f6 fb bf 01 00 00 00 <e8> 62 9b 11 f6 65 8b 05 9b f9 39 08 85 c0 74 06 5b e9 01 4d 00 00
[  293.829625][    C2] RSP: 0018:ffffc90004b4fc88 EFLAGS: 00000202
[  293.831539][    C2] RAX: 0000000000228a61 RBX: ffff888024eaca00 RCX: ffffffff81c676bf
[  293.834014][    C2] RDX: 0000000000000000 RSI: ffffffff8daca141 RDI: 0000000000000001
[  293.836526][    C2] RBP: ffff888024eacc00 R08: 0000000000000001 R09: 0000000000000001
[  293.839004][    C2] R10: ffffffff9088e1d7 R11: ffff8880250c2ff0 R12: 0000000000000000
[  293.841534][    C2] R13: 0000000000000011 R14: 0000000000000200 R15: ffff888024eaca00
[  293.844120][    C2]  ? trace_irq_enable.constprop.0+0x2f/0x110
[  293.846139][    C2]  ? _raw_spin_unlock_irq+0x23/0x50
[  293.847908][    C2]  get_signal+0x1e6a/0x26d0
[  293.849400][    C2]  ? __pfx_get_signal+0x10/0x10
[  293.850952][    C2]  ? __pfx_hrtimer_nanosleep+0x10/0x10
[  293.852706][    C2]  arch_do_signal_or_restart+0x8f/0x7a0
[  293.854431][    C2]  ? get_old_timespec32+0xda/0x130
[  293.856022][    C2]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  293.857919][    C2]  ? __ia32_sys_clock_nanosleep_time32+0x351/0x4f0
[  293.859842][    C2]  exit_to_user_mode_loop+0x8c/0x540
[  293.861424][    C2]  __do_fast_syscall_32+0x4a4/0x680
[  293.863036][    C2]  do_fast_syscall_32+0x32/0x80
[  293.864547][    C2]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  293.866505][    C2] RIP: 0023:0xf7f52579
[  293.867804][    C2] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  293.873742][    C2] RSP: 002b:00000000ffbdbcf0 EFLAGS: 00000293 ORIG_RAX: 000000000000010b
[  293.876377][    C2] RAX: fffffffffffffdfc RBX: 0000000000000000 RCX: 0000000000000000
[  293.878874][    C2] RDX: 00000000ffbdbd24 RSI: 00000000ffbdbd1c RDI: 00000000ffbdbd24
[  293.881379][    C2] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  293.883876][    C2] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  293.886409][    C2] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  293.888913][    C2]  </TASK>
[  293.889908][    C2] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  293.892212][    C2] CPU: 2 UID: 0 PID: 5948 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  293.895617][    C2] Tainted: [L]=SOFTLOCKUP
[  293.897023][    C2] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  293.900351][    C2] Call Trace:
[  293.901454][    C2]  <IRQ>
[  293.902382][    C2]  dump_stack_lvl+0x3d/0x1f0
[  293.903922][    C2]  vpanic+0x640/0x6f0
[  293.905294][    C2]  ? __queue_work+0xc9d/0x10e0
[  293.906882][    C2]  panic+0xca/0xd0
[  293.908104][    C2]  ? __pfx_panic+0x10/0x10
[  293.909569][    C2]  ? check_panic_on_warn+0x1f/0xb0
[  293.911298][    C2]  check_panic_on_warn+0xab/0xb0
[  293.912950][    C2]  __warn+0x108/0x3c0
[  293.914284][    C2]  __report_bug+0x2a0/0x520
[  293.915753][    C2]  ? __queue_work+0xc9d/0x10e0
[  293.917377][    C2]  ? __pfx___report_bug+0x10/0x10
[  293.919043][    C2]  ? __pfx_hci_cmd_timeout+0x10/0x10
[  293.920829][    C2]  ? look_up_lock_class+0x59/0x130
[  293.922545][    C2]  report_bug_entry+0xe1/0x290
[  293.924110][    C2]  ? __queue_work+0xca1/0x10e0
[  293.925690][    C2]  handle_bug+0x18a/0x260
[  293.927118][    C2]  exc_invalid_op+0x17/0x50
[  293.928600][    C2]  asm_exc_invalid_op+0x1a/0x20
[  293.930206][    C2] RIP: 0010:__queue_work+0xca1/0x10e0
[  293.931937][    C2] Code: 78 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 0c 04 00 00 48 8d 3d 03 8e 07 0f 48 8b 75 18 <67> 48 0f b9 3a e9 90 f7 ff ff e8 50 11 3a 00 90 0f 0b 90 e9 15 f6
[  293.938053][    C2] RSP: 0018:ffffc90000538be8 EFLAGS: 00010046
[  293.940062][    C2] RAX: dffffc0000000000 RBX: 0000000000000100 RCX: 1ffff11009e9c951
[  293.942814][    C2] RDX: ffff88802470c178 RSI: ffffffff8a68c4a0 RDI: ffffffff908bd2d0
[  293.945652][    C2] RBP: ffff88804f4e4a70 R08: 0000000000000005 R09: 0000000000000000
[  293.948230][    C2] R10: 0000000000000100 R11: ffff8880250c2ff0 R12: 1ffff920000a718f
[  293.950650][    C2] R13: ffffffff81845610 R14: 0000000000000101 R15: ffff88802470c000
[  293.953145][    C2]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  293.955024][    C2]  ? __pfx_hci_cmd_timeout+0x10/0x10
[  293.956755][    C2]  ? __queue_work+0xc70/0x10e0
[  293.958298][    C2]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  293.960156][    C2]  call_timer_fn+0x19a/0x5a0
[  293.961791][    C2]  ? __pfx_call_timer_fn+0x10/0x10
[  293.963484][    C2]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  293.965401][    C2]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  293.967290][    C2]  ? __run_timers+0x559/0xae0
[  293.968796][    C2]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  293.970712][    C2]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  293.972597][    C2]  __run_timers+0x569/0xae0
[  293.974069][    C2]  ? __pfx___run_timers+0x10/0x10
[  293.975872][    C2]  run_timer_base+0x114/0x190
[  293.977400][    C2]  ? __pfx_run_timer_base+0x10/0x10
[  293.978987][    C2]  ? rcu_is_watching+0x12/0xc0
[  293.980474][    C2]  run_timer_softirq+0x1a/0x40
[  293.982010][    C2]  handle_softirqs+0x219/0x950
[  293.983578][    C2]  ? __pfx_handle_softirqs+0x10/0x10
[  293.985428][    C2]  __irq_exit_rcu+0x109/0x170
[  293.987165][    C2]  irq_exit_rcu+0x9/0x30
[  293.988671][    C2]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  293.990562][    C2]  </IRQ>
[  293.991508][    C2]  <TASK>
[  293.992435][    C2]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  293.994276][    C2] RIP: 0010:_raw_spin_unlock_irq+0x29/0x50
[  293.996148][    C2] Code: 90 f3 0f 1e fa 53 48 8b 74 24 08 48 89 fb 48 83 c7 18 e8 9a 45 21 f6 48 89 df e8 52 98 21 f6 e8 2d 41 4e f6 fb bf 01 00 00 00 <e8> 62 9b 11 f6 65 8b 05 9b f9 39 08 85 c0 74 06 5b e9 01 4d 00 00
[  294.002117][    C2] RSP: 0018:ffffc90004b4fc88 EFLAGS: 00000202
[  294.004019][    C2] RAX: 0000000000228a61 RBX: ffff888024eaca00 RCX: ffffffff81c676bf
[  294.006518][    C2] RDX: 0000000000000000 RSI: ffffffff8daca141 RDI: 0000000000000001
[  294.009014][    C2] RBP: ffff888024eacc00 R08: 0000000000000001 R09: 0000000000000001
[  294.011443][    C2] R10: ffffffff9088e1d7 R11: ffff8880250c2ff0 R12: 0000000000000000
[  294.013926][    C2] R13: 0000000000000011 R14: 0000000000000200 R15: ffff888024eaca00
[  294.016441][    C2]  ? trace_irq_enable.constprop.0+0x2f/0x110
[  294.018420][    C2]  ? _raw_spin_unlock_irq+0x23/0x50
[  294.020075][    C2]  get_signal+0x1e6a/0x26d0
[  294.021503][    C2]  ? __pfx_get_signal+0x10/0x10
[  294.023017][    C2]  ? __pfx_hrtimer_nanosleep+0x10/0x10
[  294.024669][    C2]  arch_do_signal_or_restart+0x8f/0x7a0
[  294.026400][    C2]  ? get_old_timespec32+0xda/0x130
[  294.028012][    C2]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  294.029961][    C2]  ? __ia32_sys_clock_nanosleep_time32+0x351/0x4f0
[  294.031966][    C2]  exit_to_user_mode_loop+0x8c/0x540
[  294.033604][    C2]  __do_fast_syscall_32+0x4a4/0x680
[  294.035207][    C2]  do_fast_syscall_32+0x32/0x80
[  294.036757][    C2]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  294.038659][    C2] RIP: 0023:0xf7f52579
[  294.039945][    C2] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  294.045944][    C2] RSP: 002b:00000000ffbdbcf0 EFLAGS: 00000293 ORIG_RAX: 000000000000010b
[  294.048487][    C2] RAX: fffffffffffffdfc RBX: 0000000000000000 RCX: 0000000000000000
[  294.050862][    C2] RDX: 00000000ffbdbd24 RSI: 00000000ffbdbd1c RDI: 00000000ffbdbd24
[  294.053278][    C2] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  294.055678][    C2] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  294.058310][    C2] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  294.060807][    C2]  </TASK>
[  294.062708][    C2] Kernel Offset: disabled
[  294.064028][    C2] Rebooting in 86400 seconds..