last executing test programs:

1m39.923622572s ago: executing program 2 (id=3):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x10, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'geneve0\x00'})
syz_io_uring_setup(0x239, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
socket(0x1, 0xa, 0x9)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
fanotify_init(0x0, 0x0)
openat$adsp1(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
userfaultfd(0x80001)
ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, 0x0)
set_mempolicy(0x3, 0x0, 0x5)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x18)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r2, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010100}, 0x10, 0x0}, 0x0)

1m38.276674466s ago: executing program 2 (id=6):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
r3 = openat$udambuf(0xffffffffffffff9c, 0x0, 0x2)
r4 = memfd_create(0x0, 0x2)
ftruncate(r4, 0xffff)
ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f0000000140)={r4, 0x0, 0x0, 0x4000})
mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x1214040, 0x0)
syz_open_dev$ttys(0xc, 0x2, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x9)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={{0x14, 0x3e8}, [], {0x14, 0x3f5, 0x1, 0x0, 0x0, {0x3}}}, 0x28}, 0x1, 0x0, 0x0, 0x44840}, 0x0)
syslog(0x4, &(0x7f0000002240)=""/142, 0x8e)

1m36.945767866s ago: executing program 2 (id=7):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsmount(r0, 0x0, 0x8)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x12)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
socket(0x200000000000011, 0x2, 0x0)
socket(0x200000000000011, 0x2, 0xd)

1m35.690730697s ago: executing program 2 (id=8):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1f)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000000c0)={0x1fd, 0xdde6f5e34f1fb078, 0xb000, 0x2000, &(0x7f0000738000/0x2000)=nil})
io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, &(0x7f0000000740)={&(0x7f0000001000)={[{0x0}]}, 0x1}, 0x1)
io_uring_register$IORING_UNREGISTER_PBUF_RING(0xffffffffffffffff, 0x17, 0x0, 0x1)
eventfd2(0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0)
getcwd(0x0, 0x0)

1m33.485999566s ago: executing program 2 (id=11):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x204001)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000f40)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, <r3=>0xffffffffffffffff]}}], 0x78}, 0x0)
sendmsg$NFC_CMD_DEV_UP(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010028bd70000700000002000000080001"], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x40)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

1m17.5744871s ago: executing program 32 (id=11):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x204001)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000f40)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, <r3=>0xffffffffffffffff]}}], 0x78}, 0x0)
sendmsg$NFC_CMD_DEV_UP(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010028bd70000700000002000000080001"], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x40)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

27.278804351s ago: executing program 1 (id=83):
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, r0}, 0x94)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
io_getevents(0x0, 0x6, 0x6, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}], &(0x7f0000000180)={0x0, 0x3938700})
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x40)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1a0)
mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x34, 0xd, 0x6, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x1}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000800}, 0x20000084)

25.797029059s ago: executing program 0 (id=85):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x3)
socket$vsock_stream(0x28, 0x1, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r2, 0x8048ae66, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0xdddd0000, 0x1000, &(0x7f000000d000/0x1000)=nil})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x44, r4, 0x211, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x44}}, 0x0)

20.860590691s ago: executing program 0 (id=90):
syz_open_dev$tty1(0xc, 0x4, 0x1)
msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000400)=""/85)
syz_open_dev$vbi(0x0, 0x1, 0x2)
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
read$FUSE(r0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0xc, 0x7, 0x0, 0x40000005, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, &(0x7f0000000180)=@id={0x1e, 0x3, 0x1, {0x4e24, 0x2}}, 0x10)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
r3 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10)
r4 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01)
io_setup(0x1, &(0x7f0000000380))
write$char_usb(r4, &(0x7f0000000040)="e2", 0x2778)
getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000580)=ANY=[@ANYBLOB], 0x0)

18.058562527s ago: executing program 0 (id=93):
r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000b00)=0x6)
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x30}}, 0x0)
epoll_create(0x7)
pipe(0x0)
getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x3d, 0x0, 0x0)
openat$urandom(0xffffffffffffff9c, &(0x7f0000000080), 0x482, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000b00), r3)
sendmsg$ETHTOOL_MSG_FEATURES_GET(r3, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000000)={0x2c, r4, 0x101, 0x70bd2c, 0x25dfdbfe, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_team\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8080}, 0x20008020)

18.039947822s ago: executing program 3 (id=94):
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, 0x0, 0x0)
recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x2120, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = openat$incfs(0xffffffffffffff9c, 0x0, 0x400000, 0x110)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet(0x2, 0x800, 0x9)
ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000005880)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4001090}, 0x40080)
syz_emit_ethernet(0x1046, 0x0, 0x0)
setfsgid(0xee00)
socket$kcm(0x10, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)

16.835889684s ago: executing program 3 (id=95):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$NL80211_CMD_TDLS_MGMT(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x3, 0x38)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @remote, 0x3}, 0x1c)
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xf338}], 0x1)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
lsetxattr$security_capability(&(0x7f0000000180)='./file2\x00', &(0x7f0000000080), &(0x7f0000000380)=@v2={0x2000000, [{0x8e2, 0x6851}, {0x3, 0x5}]}, 0x14, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000780)={[{@workdir={'workdir', 0x3d, './bus'}}]})
truncate(&(0x7f0000000140)='./file2\x00', 0xff)

16.672895352s ago: executing program 1 (id=96):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440))
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0}}, 0x80)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454c9, 0xba98575a95aeb70d)
ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x337)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000001a00)={0x0, 0x0, &(0x7f0000001740)=[{0x0}], 0x1}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000001b1401002abdd444d446df2508000100000000000900"], 0x24}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r4, &(0x7f0000000740)={0x2, 0x4001, @remote}, 0x10)
setsockopt$SO_BINDTODEVICE_wg(r4, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4)
sendto$inet(r4, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)

14.713884153s ago: executing program 4 (id=97):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0xffffffffffffffff}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10)
fcntl$setstatus(r3, 0x4, 0x40800)
setsockopt$inet_mtu(r3, 0x0, 0xa, &(0x7f0000000180)=0x4, 0x4)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
setsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000000c0)={r0, 0xee01}, 0xc)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000040)='sit0\x00', 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
write$P9_RUNLINKAT(r4, 0x0, 0x0)
ftruncate(r4, 0x2000009)
sendfile(r3, r4, 0x0, 0x7ffff004)

14.699489148s ago: executing program 1 (id=98):
bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8084)
socket(0x10, 0x803, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = signalfd(0xffffffffffffffff, 0x0, 0x0)
fcntl$setown(r3, 0x8, 0x0)
fspick(0xffffffffffffff9c, 0x0, 0x0)
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/protocols\x00')
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
read$FUSE(r4, &(0x7f0000004100)={0x2020}, 0x2020)

14.686846346s ago: executing program 3 (id=99):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_HEADER(r0, 0x0, 0x800)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x101c42, 0x0)
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000064}, 0xc010)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xd)
read(r2, 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x48}}, 0x0)
pipe2(&(0x7f0000000000)={0x0, <r3=>0x0}, 0x0)
write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[], 0xfffffee2)
splice(r1, 0x0, r3, 0x0, 0x807, 0x0)
setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r3, 0x84, 0x4, &(0x7f0000000240)=0x2, 0x4)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000104000500010001"], 0x24}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r0, 0x0, 0x200c004)
pipe(&(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
fcntl$setpipe(r5, 0x407, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = syz_open_dev$sg(0x0, 0x6f5e, 0x0)
ioctl$FIBMAP(r6, 0x1, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)=ANY=[@ANYRESOCT=r4, @ANYBLOB="8b040400000000002000128008000100736974001400028008200300ffffffff08000200ac14142e"], 0x40}}, 0x0)

11.981017337s ago: executing program 4 (id=100):
mkdir(0x0, 0x0)
mprotect(&(0x7f0000afb000/0x4000)=nil, 0x4000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@x86={0x7, 0x4, 0x8, 0x0, 0x1000, 0xe, 0x7, 0xf3, 0x9, 0x7, 0x6, 0x0, 0x0, 0x6, 0x10, 0x4a, 0x9, 0x7f, 0x9f, '\x00', 0x6b})
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
clock_gettime(0x9, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_vs\x00')
preadv(r6, &(0x7f00000001c0)=[{&(0x7f00000002c0)=""/83, 0x53}], 0x1, 0x8f, 0x3b16)

10.732197239s ago: executing program 4 (id=101):
sched_setaffinity(0x0, 0x0, 0x0)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x34}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xb2, &(0x7f0000000140)=""/178, 0x2c8a4ed31704d5db, 0x6f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000007c0)=ANY=[], 0x9c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e)
sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f000000c280)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c71329afd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e6ef001881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452942200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa81a98b74de0a26cebf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2caa3c4d872744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de7007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4c62e217bd9e19460762f36c66bc948fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449ede7ba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c5789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e38ae665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2643508861a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9af741e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beae69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c3d2a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3386abdf69540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a579aeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0f58b12ca4dc131c381b49b42b570bcfc0dd663f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f95011a3ba1d2fd8086a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc08fee00308420121d4c7431b3cfb80f9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906918966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e710cfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935ae91f7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007db9976f351717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992febcc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c799a903f651b0d013f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d20969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dce05a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f2948fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db679c67ea59c1350b8442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e195464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b22c1727d4b6df01957cae47443b706d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda4518b2e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdcdbf3ac27265b779db4f49bade0128eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5042d2a6e78bbfe5ee146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cd2c44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af418075338328f24e7504341c22bef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a", 0x2000, &(0x7f0000001940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x90, 0x0, 0x0, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x2000}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x90)
socket$key(0xf, 0x3, 0x2)

9.57436387s ago: executing program 4 (id=102):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf5c5d000)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r4, 0x0, 0x400d0)
r5 = fanotify_init(0x8, 0x1)
fanotify_mark(r5, 0x105, 0x40001032, 0xffffffffffffffff, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
timer_create(0x0, 0x0, &(0x7f0000000100))
mknodat$null(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x8000, 0x103)
mount$cgroup(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x0, &(0x7f0000000080)={[{@name={'name', 0x3d, 'user_.'}}, {@name={'name', 0x3d, 'name'}}]})

8.068704125s ago: executing program 4 (id=103):
syz_open_dev$tty1(0xc, 0x4, 0x1)
msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000400)=""/85)
syz_open_dev$vbi(0x0, 0x1, 0x2)
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
read$FUSE(r0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0xc, 0x7, 0x0, 0x40000005, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, &(0x7f0000000180)=@id={0x1e, 0x3, 0x1, {0x4e24, 0x2}}, 0x10)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
r3 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10)
r4 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01)
io_setup(0x1, &(0x7f0000000380))
write$char_usb(r4, &(0x7f0000000040)="e2", 0x2778)
getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000580)=ANY=[@ANYBLOB], 0x0)

7.901413563s ago: executing program 1 (id=104):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$unix(0x1, 0x1, 0x0)
openat$panthor(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
keyctl$set_reqkey_keyring(0xe, 0x3)
sendmsg$unix(r1, 0x0, 0x88d4)
r4 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000040)={r5, 0x7, 0x1, 0xffff}, &(0x7f0000000080)=0x10)

7.060149949s ago: executing program 3 (id=105):
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
syz_open_dev$sndpcmp(&(0x7f0000000080), 0x1ff, 0x2000)
r0 = socket(0x40000000015, 0x5, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r3 = fcntl$dupfd(r2, 0x0, r2)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_BEARER_SET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16, @ANYBLOB="0100280000000000000004000000200001800d0001007564703a73797a32"], 0x34}}, 0x4040)
write$sndseq(r3, &(0x7f0000000180)=[{0x0, 0x47, 0x0, 0x0, @tick, {0x40, 0xff}, {0x0, 0x9}, @control={0x3, 0x5a, 0x93}}, {0x0, 0x0, 0x0, 0x2, @time={0x367f, 0xfffffffd}, {}, {0x80}, @connect={{0x40, 0x7}, {0x80, 0xf6}}}], 0x38)
read$msr(r1, 0x0, 0xffffffffffffff87)
socket$inet6(0xa, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, r0)
read$rfkill(r3, &(0x7f00000002c0), 0x8)
socket(0x10, 0x2, 0x0)

7.052685488s ago: executing program 0 (id=106):
r0 = socket$packet(0x11, 0x2, 0x300)
bind$packet(r0, &(0x7f0000000300)={0x11, 0x16, 0x0, 0x1, 0x81}, 0x14)
r1 = syz_io_uring_setup(0x5c2, &(0x7f00000003c0)={0x0, 0x8832, 0x0, 0x4, 0x21b}, &(0x7f0000000180)=<r2=>0x0, &(0x7f0000000580)=<r3=>0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x8d8, 0x5, 0x36315247, 0x6, 0x8000002, 0xb, 0x0, 0xffffffff, 0x0, 0x6, 0x0, 0x4}})
r4 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$int_in(r4, 0x5452, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r4, 0xc0045516, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x49, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x40, 0x1})
io_uring_enter(r1, 0x6e2, 0x3900, 0x3, 0x0, 0x0)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r5, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
listen(r5, 0xda90)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendto$inet_nvme_of_msg(r6, &(0x7f00000001c0)={@data_h2c={{0x6, 0x2, 0x18, 0x3}, 0x1, 0x8, 0x7ff, 0x7, "103fcafa"}, @val=0x0}, 0x88, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff})
getpeername$packet(r7, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000002100)=ANY=[])
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0)

6.085968025s ago: executing program 3 (id=107):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'vcan0\x00', <r4=>0x0})
setsockopt$MRT6_ADD_MIF(r3, 0x29, 0xca, &(0x7f0000000240)={0x4, 0x0, 0x0, r4}, 0xc)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0})
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x404000, 0x0)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_procs(r5, 0x0, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000047c0)={0x2020}, 0x2020)
r6 = socket(0x10, 0x3, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x24000040, 0x0, 0x0)

4.681023365s ago: executing program 0 (id=108):
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xf, 0xfffffffffffff801}, 0x0)
write$binfmt_register(0xffffffffffffffff, &(0x7f0000000080)={0x3a, 'syz0', 0x3a, 'M', 0x3a, 0xffffffffffffff0c, 0x3a, '', 0x3a, '\x00', 0x3a, './file0'}, 0x28)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000001380)={0x0, 0x1130}, 0x1, 0x0, 0x0, 0xa8ba7482a5555606}, 0x8080)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="58000000020605000000000000000000000000030c000300686173683a6970000900020073797a320000000005000400000000000500050002000000050001"], 0x58}}, 0x20000000)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r2, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={0x0}, 0x1, 0x0, 0x0, 0x41}, 0x4000000)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x9840)
ioctl$SG_IO(r3, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffffffffffb, 0x6, 0x4, @buffer={0x300, 0x56, &(0x7f0000000440)=""/86}, &(0x7f0000000380)="259374c94982", 0x0, 0x0, 0x14, 0x0, 0x0})
socket$inet_icmp(0x2, 0x2, 0x1)
r4 = fanotify_init(0x200, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r4, 0x455, 0x8000003, r5, 0x0)

4.260388534s ago: executing program 3 (id=109):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000003c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0xffffffffffffffff, 0x806, 0x2, 0xffffffff}, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1})
memfd_create(&(0x7f0000000440)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
mount(0x0, 0x0, &(0x7f0000000080)='configfs\x00', 0x200, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
getdents64(r2, 0x0, 0x22)
r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x80001, 0x0)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000000)={0x5, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", <r4=>0xffffffffffffffff})
fanotify_init(0x10, 0x40000)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000180)={"2486910284ed923431d4c5d5fbf514fd00", r4})
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
ioctl$SW_SYNC_IOC_INC(r3, 0x40045701, &(0x7f00000002c0)=0x5)

3.33807446s ago: executing program 0 (id=110):
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
add_key$keyring(&(0x7f0000000180), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x7, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000046000200000000000700000000000000050001000000000085100000faffffff95"], &(0x7f0000000000)='GPL\x00'}, 0x94)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, r0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000059770c40c009030243d3000000010902120001000000000904"], 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000800)={0x84, &(0x7f00000002c0)={0x0, 0xd, 0x1, "a4"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$ttys(0xc, 0x2, 0x0)
keyctl$link(0x8, r0, r1)
r3 = syz_open_dev$evdev(&(0x7f0000000040), 0x3ff, 0x121000)
keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000dc0)={r0, 0x2f, 0x80}, &(0x7f0000000e00)={'enc=', 'oaep', ' hash=', {'streebog512-generic\x00'}}, &(0x7f0000000e80)="e831f3e9430582f734042a430d98fe372817199beb324f0419fa8c5a50ae77ac098d74a0694a5ab66ef40f9ba64af8", &(0x7f0000000ec0)=""/128)
ioctl$EVIOCGKEYCODE(r3, 0x80084504, &(0x7f0000000200)=""/27)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x7, 0x7ffc0001}]})
syz_usb_connect$cdc_ncm(0x0, 0x94, &(0x7f0000000740)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x82, 0x2, 0x1, 0x0, 0x40, 0x81, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x9, 0x24, 0x6, 0x0, 0x1, "b50a8dc0"}, {0x5, 0x24, 0x0, 0x3}, {0xd, 0x24, 0xf, 0x1, 0x8001, 0x2, 0x8000, 0x4}, {0x6, 0x24, 0x1a, 0xd, 0x1}, [@call_mgmt={0x5, 0x24, 0x1, 0x1, 0x80}, @network_terminal={0x7, 0x24, 0xa, 0x9, 0x7, 0x8, 0x9}, @mbim={0xc, 0x24, 0x1b, 0x4, 0x5, 0x6, 0x5, 0x10, 0x43}, @obex={0x5, 0x24, 0x15, 0x4}, @call_mgmt={0x5, 0x24, 0x1, 0x0, 0x5}]}, {{0x9, 0x5, 0x81, 0x3, 0x400, 0xa, 0x9, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200, 0xd, 0x2, 0x9}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x8, 0x4, 0xf7}}}}}}}]}}, &(0x7f0000000d40)={0xa, &(0x7f00000008c0)={0xa, 0x6, 0x200, 0x4, 0x13, 0xff, 0x10, 0x8}, 0x171, &(0x7f0000000900)={0x5, 0xf, 0x171, 0x4, [@ssp_cap={0xc, 0x10, 0xa, 0x8, 0x0, 0x0, 0xff00, 0xad4}, @generic={0xd4, 0x10, 0x2, "cc1d5a687ecd6fcb8894d73fdf4332a82b9ce61602f5e72f225190d7ca26622e402ed52c1da7ddf766d723323d198b54b74ae56a817556f5a58dc48b8c0974d0b4824d873316fbe5b9e86dff8c09fc28852585b6f213f6f6a3ae0c74ffc121ddb4ebf049f6591f54c33abcf608eea4261ee88859daed1dd4c84ed3fd292537eb60157a82c9b01ad4c39b75b2f6f2a11a4e96e18476b1c2f5104e551c5e33d92dc1e9f46e9c961651eae6b210d1e34dbbcefcaee3911c68d3e1b3f958b2e32d79046b263ad1a4a56d7b4a743afb53dfd2ec"}, @generic={0x81, 0x10, 0xb, "a5e86f2d65d07ee5af021599c6e6211b267d399b25e646445d8bf9f2ffbdda8e3c7dc3ef40165df7973aa200f0ee142ca3340a46dcd6b33b6632c31aae49ac6706d97ffc54a3700ac30a61d96f6a99704888aeb24fb0c12f0614118c85087767d25d410778928f979452133f36ee4432af1e044ae1328f4a706ef12d656a"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x6, 0xf, 0x0, 0xaa, 0x9}]}, 0x5, [{0x93, &(0x7f0000000a80)=@string={0x93, 0x3, "fb0108acf48408ab5f7aee3adeb81c0fd52516db13eb931a86c781b45181dc899800219e16ff5ad0f56b524caea840e40ea816eddf97a77f0d4af3e0f47972c49dd22536600f0b9924c5f6c4586690f359cc4811286fff61f93200aa041b0e917fa0cf236c4827247aca58b1232d918dd0d811c660e010646cdb186597cb933821aa82f423f830853b8f031d61bafa20a2"}}, {0xf1, &(0x7f0000000b40)=@string={0xf1, 0x3, "d0fdb63d7439516206da160804fa962f564c3552c600272bcd8fb044606643bee34627bc4d8c60f6059cedcd76596f907cc674deba253dd2b6434e37292a3c58561e4b57060c8401edffada4d9edbf9d31f34373045570803521e64aa00b7fcdb6fbe372f077bccbcb0157a0d628907547324b6bfc8d11d994eb45e7722e6adbfe51ec3e7ac6e82cecc457739d0e2ae779d46f3480415b7d040fbd86d79129f55074a477c64c70ca1d99fa985fe338b7fb434806e9e8e31d99e3865b7f104e2cdf627399f4ed7e9e7b536f46cadad989d32595a7b2a0f6bc29df1582549a1e0a1c34c81f750f5707be4eb9cc7f62f7"}}, {0x0, 0x0}, {0x5b, &(0x7f0000000c80)=@string={0x5b, 0x3, "1e59668640600466ee885cd045e874250d7bf0904b47a04b472a77708c3035f366a1ef9e594b5b94f11dc2f365f8aab23eb25af92d29e0fe6ca5f6e9b2473d4af979c669592d6a0b02f2a1a965542fadda89d9291b2b6d82c2"}}, {0x40, &(0x7f0000000d00)=@string={0x40, 0x3, "b42865e068f39b084a99f91cf301a914f040e5f1ac7a7bea6627436b20a3c76c8cfb076bb263ad99edaf04a8ac0406a4692c7f98fab264581f31010b43c5"}}]})
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
syz_usb_control_io$printer(r2, &(0x7f0000000440)={0x14, &(0x7f00000003c0)={0x20, 0x11, 0x8, {0x8, 0x9, "ad9229c99934"}}, &(0x7f0000000400)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x820}}}, &(0x7f0000000700)={0x34, &(0x7f00000004c0)={0x40, 0x10, 0x83, "cc9e6d914026e837fdae8e9df484302b27de341c72f40b81bd092bc8e84a1e65a0fdb9ddcbe413d26e7d921b4f7c7942732d2c42ee2f9ee2ebde7b13847a9633006895fb03b675f3f26df549db43c3ed0dac3c863e987002a03bf1594b92e0e818c62a0d50e9273e24aee5a60746b02d9662c1070ff613a1dfcf60684b88b70252f81c"}, &(0x7f0000000580)={0x0, 0xa, 0x1, 0x4}, &(0x7f00000005c0)={0x0, 0x8, 0x1, 0x81}, &(0x7f0000000600)={0x20, 0x0, 0x2}, &(0x7f0000000680)={0x20, 0x1, 0x1, 0x1}, &(0x7f00000006c0)={0x20, 0x0, 0x1, 0x40}})
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="20000000111401"], 0x20}, 0x1, 0x0, 0x0, 0x811}, 0x4080)
bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0)={0x0, r5}, 0x8)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a1b000000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140004"], 0xa4}}, 0x0)
seccomp$SECCOMP_GET_NOTIF_SIZES(0x3, 0x0, &(0x7f0000000000))
ioctl$SIOCGSTAMPNS(r4, 0x8907, &(0x7f0000000100))

3.304452005s ago: executing program 4 (id=111):
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000))
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(0xffffffffffffffff, 0xc080661a, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0x5c, 0x30, 0x1, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getrlimit(0xc, &(0x7f0000000300))
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004840}, 0x40000)
socket(0x400000000010, 0x3, 0x0)
creat(&(0x7f0000000440)='./file0\x00', 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
sendfile(r3, r3, 0x0, 0x40008)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))

1.822520399s ago: executing program 1 (id=112):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
r1 = socket(0x11, 0x3, 0x0)
setsockopt(r1, 0x107, 0xf, 0x0, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
sendmsg(r1, &(0x7f0000000100)={&(0x7f0000000040)=@xdp={0x2c, 0x8, 0x0, 0x6}, 0x80, &(0x7f0000000600)=[{&(0x7f00000004c0)="00030200ffff000007000000a2ff8201045e957323d254f0", 0x18}, {&(0x7f00000003c0)="60a75dc565ef116aa412580445034943beea59637ecdd8a174caf38d7adc18f6b256e8bed6bca0ce4f2f8f300a86", 0x2e}], 0x2}, 0x40011)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r3 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f9})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000240), 0x0, 0x501, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x50)
r4 = socket$inet(0x2, 0x80001, 0x84)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{0x0, 0x10}], 0x1}, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='8', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845)
io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000001000/0x1000)=nil)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040), 0x111, 0x9}}, 0x20)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000640)=""/4104, 0x440000}], 0x1f77)
open(&(0x7f0000000040)='./bus\x00', 0x64842, 0x44)
gettid()

0s ago: executing program 1 (id=113):
syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xf635, 0x2000, 0x0, 0xfffffffc}, &(0x7f0000000240), 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'wg0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x5}, {0xfff1, 0xffff}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @qdisc_kind_options=@q_clsact={0xb}]}, 0x40}}, 0x10)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r6, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r6, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c900"], 0x16)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.112' (ED25519) to the list of known hosts.
[   82.326505][ T5781] cgroup: Unknown subsys name 'net'
[   82.577557][ T5781] cgroup: Unknown subsys name 'cpuset'
[   82.622632][ T5781] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   84.515577][ T5781] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   86.888818][ T5799] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   86.908811][ T5803] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   86.913216][ T5803] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   86.916599][   T10] cfg80211: failed to load regulatory.db
[   86.926142][ T5799] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   86.927716][ T5803] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   86.928657][ T5803] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   86.929522][ T5803] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   86.937623][ T5803] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   86.943954][ T5803] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   86.963788][ T5803] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   87.034099][ T5803] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   87.036573][ T5803] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   87.037295][ T5803] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   87.040517][ T5803] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   87.042772][ T5803] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   87.161270][ T5799] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   87.173156][ T5113] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   87.174367][ T5799] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   87.176231][ T5799] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   87.185897][ T5799] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   87.186592][ T5799] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   87.211776][   T61] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   87.217852][   T61] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   87.218987][   T61] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   87.220223][   T61] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   87.938243][ T5796] chnl_net:caif_netlink_parms(): no params data found
[   87.953528][ T5800] chnl_net:caif_netlink_parms(): no params data found
[   88.004882][ T5804] chnl_net:caif_netlink_parms(): no params data found
[   88.208148][ T5808] chnl_net:caif_netlink_parms(): no params data found
[   88.221654][ T5810] chnl_net:caif_netlink_parms(): no params data found
[   88.387803][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.389746][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.389963][ T5796] bridge_slave_0: entered allmulticast mode
[   88.391879][ T5796] bridge_slave_0: entered promiscuous mode
[   88.428180][ T5800] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.428294][ T5800] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.428457][ T5800] bridge_slave_0: entered allmulticast mode
[   88.430125][ T5800] bridge_slave_0: entered promiscuous mode
[   88.477569][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.477653][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.477827][ T5796] bridge_slave_1: entered allmulticast mode
[   88.479180][ T5796] bridge_slave_1: entered promiscuous mode
[   88.481822][ T5800] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.481930][ T5800] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.483872][ T5800] bridge_slave_1: entered allmulticast mode
[   88.486626][ T5800] bridge_slave_1: entered promiscuous mode
[   88.488334][ T5804] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.488445][ T5804] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.488594][ T5804] bridge_slave_0: entered allmulticast mode
[   88.491284][ T5804] bridge_slave_0: entered promiscuous mode
[   88.588984][ T5804] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.589093][ T5804] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.589382][ T5804] bridge_slave_1: entered allmulticast mode
[   88.591136][ T5804] bridge_slave_1: entered promiscuous mode
[   88.701088][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.715023][ T5800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.759853][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.774540][ T5800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.778264][ T5804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.778502][ T5808] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.778611][ T5808] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.778764][ T5808] bridge_slave_0: entered allmulticast mode
[   88.780440][ T5808] bridge_slave_0: entered promiscuous mode
[   88.785484][ T5810] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.786776][ T5810] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.786971][ T5810] bridge_slave_0: entered allmulticast mode
[   88.789669][ T5810] bridge_slave_0: entered promiscuous mode
[   88.838874][ T5804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.839798][ T5808] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.839937][ T5808] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.840443][ T5808] bridge_slave_1: entered allmulticast mode
[   88.843744][ T5808] bridge_slave_1: entered promiscuous mode
[   88.845639][ T5810] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.845760][ T5810] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.846345][ T5810] bridge_slave_1: entered allmulticast mode
[   88.849036][ T5810] bridge_slave_1: entered promiscuous mode
[   88.989061][   T61] Bluetooth: hci0: command tx timeout
[   89.063593][   T61] Bluetooth: hci1: command tx timeout
[   89.153040][   T61] Bluetooth: hci2: command tx timeout
[   89.197536][ T5796] team0: Port device team_slave_0 added
[   89.199394][ T5800] team0: Port device team_slave_0 added
[   89.222256][   T61] Bluetooth: hci3: command tx timeout
[   89.249290][ T5796] team0: Port device team_slave_1 added
[   89.268233][ T5800] team0: Port device team_slave_1 added
[   89.269846][ T5804] team0: Port device team_slave_0 added
[   89.288243][ T5808] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   89.304103][   T61] Bluetooth: hci4: command tx timeout
[   89.310018][ T5810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   89.330517][ T5804] team0: Port device team_slave_1 added
[   89.338397][ T5808] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   89.355778][ T5810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   89.394719][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.394731][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   89.394747][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.445160][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.445178][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   89.445202][ T5800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.489400][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.489417][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   89.489440][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.511172][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.511190][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   89.511215][ T5800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.512498][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.512511][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   89.512535][ T5804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.519044][ T5808] team0: Port device team_slave_0 added
[   89.537683][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.537701][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   89.537725][ T5804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.559709][ T5810] team0: Port device team_slave_0 added
[   89.563986][ T5808] team0: Port device team_slave_1 added
[   89.586388][ T5810] team0: Port device team_slave_1 added
[   89.716423][ T5808] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.716440][ T5808] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   89.716463][ T5808] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.789405][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.789422][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   89.789445][ T5810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.800496][ T5796] hsr_slave_0: entered promiscuous mode
[   89.804426][ T5796] hsr_slave_1: entered promiscuous mode
[   89.806400][ T5808] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.806414][ T5808] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   89.806439][ T5808] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.839419][ T5800] hsr_slave_0: entered promiscuous mode
[   89.840672][ T5800] hsr_slave_1: entered promiscuous mode
[   89.841863][ T5800] debugfs: 'hsr0' already exists in 'hsr'
[   89.844520][ T5800] Cannot create hsr debugfs directory
[   89.846298][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.846312][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   89.846336][ T5810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.878026][ T5804] hsr_slave_0: entered promiscuous mode
[   89.879402][ T5804] hsr_slave_1: entered promiscuous mode
[   89.880292][ T5804] debugfs: 'hsr0' already exists in 'hsr'
[   89.880318][ T5804] Cannot create hsr debugfs directory
[   90.679159][ T5808] hsr_slave_0: entered promiscuous mode
[   90.680009][ T5808] hsr_slave_1: entered promiscuous mode
[   90.680589][ T5808] debugfs: 'hsr0' already exists in 'hsr'
[   90.680611][ T5808] Cannot create hsr debugfs directory
[   90.729615][ T5810] hsr_slave_0: entered promiscuous mode
[   90.730416][ T5810] hsr_slave_1: entered promiscuous mode
[   90.730931][ T5810] debugfs: 'hsr0' already exists in 'hsr'
[   90.730953][ T5810] Cannot create hsr debugfs directory
[   91.072251][   T61] Bluetooth: hci0: command tx timeout
[   91.142289][   T61] Bluetooth: hci1: command tx timeout
[   91.222230][   T61] Bluetooth: hci2: command tx timeout
[   91.303521][   T61] Bluetooth: hci3: command tx timeout
[   91.392281][   T61] Bluetooth: hci4: command tx timeout
[   91.404850][ T5796] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   91.452905][ T5796] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   91.488696][ T5796] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   91.539972][ T5796] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   91.644011][ T5800] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   91.690964][ T5800] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   91.709454][ T5800] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   91.765466][ T5800] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   91.905660][ T5804] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   91.936523][ T5804] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   91.980116][ T5804] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   92.020724][ T5804] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   92.149862][ T5810] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   92.182716][ T5810] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   92.230184][ T5810] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   92.298137][ T5810] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   92.457993][ T5808] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   92.505961][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.506298][ T5808] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   92.553924][ T5808] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   92.598736][ T5808] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   92.701564][ T5796] 8021q: adding VLAN 0 to HW filter on device team0
[   92.738195][ T5800] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.758527][  T211] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.759846][  T211] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.793368][  T211] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.793447][  T211] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.865942][ T5800] 8021q: adding VLAN 0 to HW filter on device team0
[   92.887446][ T5804] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.913765][ T1360] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.913974][ T1360] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.954696][ T1360] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.954807][ T1360] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.007122][ T5804] 8021q: adding VLAN 0 to HW filter on device team0
[   93.045211][  T213] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.045286][  T213] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.049647][ T5810] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.110341][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.110938][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.143793][   T61] Bluetooth: hci0: command tx timeout
[   93.206314][ T5810] 8021q: adding VLAN 0 to HW filter on device team0
[   93.210120][ T5808] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.222272][   T61] Bluetooth: hci1: command tx timeout
[   93.278467][ T1360] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.279318][ T1360] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.302460][   T61] Bluetooth: hci2: command tx timeout
[   93.351303][   T57] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.351458][   T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.387325][   T61] Bluetooth: hci3: command tx timeout
[   93.411901][ T5808] 8021q: adding VLAN 0 to HW filter on device team0
[   93.456912][  T211] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.457038][  T211] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.462896][   T61] Bluetooth: hci4: command tx timeout
[   93.534263][ T1360] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.534339][ T1360] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.640800][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.801945][ T5800] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.005105][ T5796] veth0_vlan: entered promiscuous mode
[   94.087818][ T5796] veth1_vlan: entered promiscuous mode
[   94.171384][ T5800] veth0_vlan: entered promiscuous mode
[   94.206986][ T5804] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.239427][ T5800] veth1_vlan: entered promiscuous mode
[   94.290449][ T5808] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.318834][ T5796] veth0_macvtap: entered promiscuous mode
[   94.330636][ T5810] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.363963][ T5796] veth1_macvtap: entered promiscuous mode
[   94.472957][ T5800] veth0_macvtap: entered promiscuous mode
[   94.501377][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.517388][ T5804] veth0_vlan: entered promiscuous mode
[   94.533134][ T5800] veth1_macvtap: entered promiscuous mode
[   94.566997][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.600524][ T5804] veth1_vlan: entered promiscuous mode
[   94.628720][ T1419] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.631656][ T1419] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.636264][ T1419] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.673662][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.677771][ T1419] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.721762][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.727467][ T5810] veth0_vlan: entered promiscuous mode
[   94.826785][  T213] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.848299][  T213] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.863782][  T213] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.868827][ T5810] veth1_vlan: entered promiscuous mode
[   94.915647][  T213] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.117734][ T5804] veth0_macvtap: entered promiscuous mode
[   95.187845][  T211] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.187870][  T211] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.198938][ T5804] veth1_macvtap: entered promiscuous mode
[   95.222970][   T61] Bluetooth: hci0: command tx timeout
[   95.249819][ T5808] veth0_vlan: entered promiscuous mode
[   95.306396][   T61] Bluetooth: hci1: command tx timeout
[   95.325012][  T213] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.325034][  T213] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.338782][ T5810] veth0_macvtap: entered promiscuous mode
[   95.358405][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.363585][ T5808] veth1_vlan: entered promiscuous mode
[   95.382160][   T61] Bluetooth: hci2: command tx timeout
[   95.401309][ T5810] veth1_macvtap: entered promiscuous mode
[   95.414257][   T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.414277][   T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.418519][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.464607][   T61] Bluetooth: hci3: command tx timeout
[   95.488118][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.488138][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.491522][   T57] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.504532][   T57] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.510759][   T57] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.530772][   T57] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.543343][   T61] Bluetooth: hci4: command tx timeout
[   95.620607][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.709117][ T5808] veth0_macvtap: entered promiscuous mode
[   95.720490][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.860966][ T5808] veth1_macvtap: entered promiscuous mode
[   95.869647][ T1419] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.898548][ T1419] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.919185][ T1419] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.991925][ T1419] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.056562][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_0
[   97.063664][ T1493] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.063683][ T1493] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.235839][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.252034][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   97.282090][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   97.408063][   T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.455087][   T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.489082][   T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.513737][  T213] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.513757][  T213] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.539272][   T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.782490][ T5918] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'.
[   97.835686][ T1493] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.835709][ T1493] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.098964][   T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.098987][   T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.227840][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.227862][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.322053][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  100.332056][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  100.342035][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  100.402072][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  100.412080][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  100.422029][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  100.432024][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  100.442120][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  102.002385][   T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.002413][   T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.172280][ T5940] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  103.365326][ T5862] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  103.612187][ T5862] usb 1-1: Using ep0 maxpacket: 32
[  103.639719][ T5862] usb 1-1: config 0 has an invalid interface number: 146 but max is 0
[  103.639756][ T5862] usb 1-1: config 0 has no interface number 0
[  103.639809][ T5862] usb 1-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  103.639832][ T5862] usb 1-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  103.639860][ T5862] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[  103.639888][ T5862] usb 1-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  103.639913][ T5862] usb 1-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82
[  103.639955][ T5862] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  103.639978][ T5862] usb 1-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  103.640003][ T5862] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid maxpacket 28910, setting to 1024
[  103.640030][ T5862] usb 1-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[  103.640054][ T5862] usb 1-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  104.719956][ T5862] usb 1-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95
[  104.719987][ T5862] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.720007][ T5862] usb 1-1: Product: syz
[  104.720029][ T5862] usb 1-1: Manufacturer: syz
[  104.720043][ T5862] usb 1-1: SerialNumber: syz
[  104.924721][ T5862] usb 1-1: config 0 descriptor??
[  104.931460][ T5941] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  104.948909][ T5941] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  105.247582][ T5862] microtek usb (rev 0.4.3): will this work? Response EP is not usually 3
[  105.247601][ T5862] microtek usb (rev 0.4.3): will this work? Image data EP is not usually 2
[  105.320711][ T5862] scsi host1: microtekX6
[  106.448885][ T5862] usb 1-1: USB disconnect, device number 2
[  106.473027][   T59] microtek usb (rev 0.4.3): error -19 submitting URB
[  108.137219][   T36] audit: type=1326 audit(1772588355.673:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5968 comm="syz.3.15" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9375cec799 code=0x7ffc0000
[  108.137272][   T36] audit: type=1326 audit(1772588355.673:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5968 comm="syz.3.15" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9375cec799 code=0x7ffc0000
[  108.137426][   T36] audit: type=1326 audit(1772588355.673:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5968 comm="syz.3.15" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9375cacfce code=0x7ffc0000
[  108.137474][   T36] audit: type=1326 audit(1772588355.673:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5968 comm="syz.3.15" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9375cec799 code=0x7ffc0000
[  108.137513][   T36] audit: type=1326 audit(1772588355.673:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5968 comm="syz.3.15" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9375cec799 code=0x7ffc0000
[  108.137552][   T36] audit: type=1326 audit(1772588355.673:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5968 comm="syz.3.15" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9375cec799 code=0x7ffc0000
[  108.137589][   T36] audit: type=1326 audit(1772588355.673:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5968 comm="syz.3.15" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9375cec799 code=0x7ffc0000
[  108.137628][   T36] audit: type=1326 audit(1772588355.673:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5968 comm="syz.3.15" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9375cec799 code=0x7ffc0000
[  108.137666][   T36] audit: type=1326 audit(1772588355.673:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5968 comm="syz.3.15" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f9375cec799 code=0x7ffc0000
[  108.137704][   T36] audit: type=1326 audit(1772588355.673:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5968 comm="syz.3.15" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9375cec799 code=0x7ffc0000
[  109.018661][ T5984] warning: `syz.3.17' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  114.910981][ T6013] autofs: Unknown parameter '00000000000000000000'
[  117.576338][   T36] kauditd_printk_skb: 1 callbacks suppressed
[  117.576379][   T36] audit: type=1326 audit(1772588365.153:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6024 comm="syz.4.25" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7634f3c799 code=0x7ffc0000
[  117.576868][   T36] audit: type=1326 audit(1772588365.153:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6024 comm="syz.4.25" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7634f3c799 code=0x7ffc0000
[  117.577190][   T36] audit: type=1326 audit(1772588365.173:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6024 comm="syz.4.25" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f7634f3c799 code=0x7ffc0000
[  117.854308][ T6029] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR
[  119.806500][ T5803] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  119.809850][ T5803] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  119.839585][ T5803] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  119.857353][ T5803] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  119.858085][ T5803] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  120.300513][ T5996] NFSD: Failed to start, no listeners configured.
[  121.377434][ T6065] Can't find ip_set type bitmap:ip
[  121.930055][ T6073] comedi comedi0: Minor 3 could not be opened
[  121.944317][ T5803] Bluetooth: hci5: command tx timeout
[  124.056760][ T5803] Bluetooth: hci5: command tx timeout
[  124.512789][ T6082] 8021q: adding VLAN 0 to HW filter on device batadv1
[  126.395835][ T5803] Bluetooth: hci5: command tx timeout
[  128.592402][ T6101] =======================================================
[  128.592402][ T6101] WARNING: The mand mount option has been deprecated and
[  128.592402][ T6101]          and is ignored by this kernel. Remove the mand
[  128.592402][ T6101]          option from the mount to silence this warning.
[  128.592402][ T6101] =======================================================
[  130.232026][ T5803] Bluetooth: hci5: command tx timeout
[  131.190003][ T6050] chnl_net:caif_netlink_parms(): no params data found
[  132.032140][ T6114] syz.0.41 uses obsolete (PF_INET,SOCK_PACKET)
[  133.214382][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  133.214473][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  133.446343][  T809] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  134.782078][  T809] usb 4-1: Using ep0 maxpacket: 32
[  134.817541][  T809] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  134.817599][  T809] usb 4-1: New USB device found, idVendor=0421, idProduct=00a0, bcdDevice=c8.e1
[  134.817621][  T809] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.897781][ T6136] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  136.933933][ T6050] bridge0: port 1(bridge_slave_0) entered blocking state
[  136.944799][ T6050] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.945049][ T6050] bridge_slave_0: entered allmulticast mode
[  137.479661][  T809] usb 4-1: config 0 descriptor??
[  137.481297][  T809] usb 4-1: can't set config #0, error -71
[  137.695121][ T6050] bridge_slave_0: entered promiscuous mode
[  137.698331][  T809] usb 4-1: USB disconnect, device number 2
[  137.723207][ T6050] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.723328][ T6050] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.723556][ T6050] bridge_slave_1: entered allmulticast mode
[  137.730946][ T6050] bridge_slave_1: entered promiscuous mode
[  138.537609][ T6050] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  138.541143][ T6050] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  138.605737][ T6050] team0: Port device team_slave_0 added
[  138.609146][ T6050] team0: Port device team_slave_1 added
[  138.660980][ T6050] batman_adv: batadv0: Adding interface: batadv_slave_0
[  138.660996][ T6050] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  138.661020][ T6050] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  138.711277][ T6050] batman_adv: batadv0: Adding interface: batadv_slave_1
[  138.711294][ T6050] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  138.711318][ T6050] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  139.856282][ T6050] hsr_slave_0: entered promiscuous mode
[  139.857104][ T6050] hsr_slave_1: entered promiscuous mode
[  139.857625][ T6050] debugfs: 'hsr0' already exists in 'hsr'
[  139.857642][ T6050] Cannot create hsr debugfs directory
[  141.460854][  T809] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  142.343115][ T6178] netlink: 'syz.0.57': attribute type 21 has an invalid length.
[  146.602823][ T5882] IPVS: starting estimator thread 0...
[  146.713648][ T6196] IPVS: using max 9 ests per chain, 21600 per kthread
[  147.297427][ T6194] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4
[  147.297471][ T6194] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4
[  147.297491][ T6194] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  147.328687][   T36] audit: type=1800 audit(1772588395.213:16): pid=6194 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.63" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0
[  148.134475][   T36] audit: type=1326 audit(1772588396.053:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6198 comm="syz.0.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84e1dfc799 code=0x7ffc0000
[  148.134518][   T36] audit: type=1326 audit(1772588396.053:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6198 comm="syz.0.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84e1dfc799 code=0x7ffc0000
[  148.142979][   T36] audit: type=1326 audit(1772588396.053:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6198 comm="syz.0.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f84e1dfc799 code=0x7ffc0000
[  148.263891][   T36] audit: type=1326 audit(1772588396.093:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6198 comm="syz.0.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84e1dfc799 code=0x7ffc0000
[  148.264551][   T36] audit: type=1326 audit(1772588396.093:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6198 comm="syz.0.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84e1dfc799 code=0x7ffc0000
[  148.264809][   T36] audit: type=1326 audit(1772588396.103:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6198 comm="syz.0.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f84e1dfc799 code=0x7ffc0000
[  148.265611][   T36] audit: type=1326 audit(1772588396.103:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6198 comm="syz.0.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84e1dfc799 code=0x7ffc0000
[  148.266089][   T36] audit: type=1326 audit(1772588396.103:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6198 comm="syz.0.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84e1dfc799 code=0x7ffc0000
[  148.266538][   T36] audit: type=1326 audit(1772588396.113:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6198 comm="syz.0.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f84e1dfc799 code=0x7ffc0000
[  148.930157][  T213] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.935319][ T6212] comedi comedi0: Minor 3 could not be opened
[  151.362700][ T6221] Set syz0 is full, maxelem 0 reached
[  158.328381][  T213] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.720222][ T6252] trusted_key: encrypted_key: keyword 'update' not allowed when called from .instantiate method
[  166.854910][  T213] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  168.547595][ T6275] kvm: kvm [6274]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[  169.648435][  T213] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.927996][ T6050] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  176.809970][ T6050] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  177.326109][   T10] IPVS: starting estimator thread 0...
[  177.409586][ T6050] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  177.415122][ T6324] IPVS: using max 15 ests per chain, 36000 per kthread
[  177.556350][ T6050] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  178.069443][  T213] bridge_slave_1: left allmulticast mode
[  178.082987][  T213] bridge_slave_1: left promiscuous mode
[  178.091108][  T213] bridge0: port 2(bridge_slave_1) entered disabled state
[  178.928009][  T213] bridge_slave_0: left allmulticast mode
[  178.928038][  T213] bridge_slave_0: left promiscuous mode
[  178.928270][  T213] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.101723][ T6351] Zero length message leads to an empty skb
[  179.606637][ T6353] overlayfs: failed to resolve './bus': -2
[  181.430690][   T61] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  181.451229][   T61] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  182.419427][   T61] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  182.420608][   T61] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  182.421656][   T61] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  185.517135][   T61] Bluetooth: hci1: command tx timeout
[  186.162660][  T213] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  186.833943][ T6382] cgroup: name respecified
[  187.642314][   T61] Bluetooth: hci1: command tx timeout
[  187.682868][  T213] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  187.709436][  T213] bond0 (unregistering): Released all slaves
[  189.702446][   T61] Bluetooth: hci1: command tx timeout
[  191.206432][ T6410] vcan0: entered allmulticast mode
[  192.031519][   T61] Bluetooth: hci1: command tx timeout
[  192.082795][ T6422] netlink: 20 bytes leftover after parsing attributes in process `syz.0.108'.
[  193.122097][   T10] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[  193.509935][ T6363] chnl_net:caif_netlink_parms(): no params data found
[  193.585654][   T10] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  193.585686][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.624387][   T10] usb 1-1: config 0 descriptor??
[  193.653989][   T10] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  194.293922][   T36] kauditd_printk_skb: 43 callbacks suppressed
[  194.293935][   T36] audit: type=1326 audit(1772588442.213:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6428 comm="syz.0.110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84e1dfc799 code=0x7ffc0000
[  194.294211][   T36] audit: type=1326 audit(1772588442.213:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6428 comm="syz.0.110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84e1dfc799 code=0x7ffc0000
[  194.294652][   T36] audit: type=1326 audit(1772588442.213:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6428 comm="syz.0.110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84e1dfc799 code=0x7ffc0000
[  194.295050][   T36] audit: type=1326 audit(1772588442.213:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6428 comm="syz.0.110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84e1dfc799 code=0x7ffc0000
[  194.295105][   T36] audit: type=1326 audit(1772588442.213:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6428 comm="syz.0.110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f84e1dbcfce code=0x7ffc0000
[  194.296925][   T36] audit: type=1326 audit(1772588442.213:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6428 comm="syz.0.110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f84e1dfc42b code=0x7ffc0000
[  194.299000][   T36] audit: type=1326 audit(1772588442.213:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6428 comm="syz.0.110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f84e1dfc42b code=0x7ffc0000
[  194.301306][ T6431] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  194.337524][ T6431] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  194.381804][   T36] audit: type=1326 audit(1772588442.253:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6428 comm="syz.0.110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84e1dfc799 code=0x7ffc0000
[  194.382825][   T36] audit: type=1326 audit(1772588442.303:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6428 comm="syz.0.110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84e1dfc799 code=0x7ffc0000
[  194.530038][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  194.554928][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  194.558347][   T36] audit: type=1326 audit(1772588442.323:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6428 comm="syz.0.110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84e1dfc799 code=0x7ffc0000
[  195.585045][ T6431] netlink: 16 bytes leftover after parsing attributes in process `syz.0.110'.
[  195.829034][   T10] gp8psk: usb in 146 operation failed.
[  195.829052][   T10] gp8psk: failed to get FW version
[  195.829390][   T10] gp8psk: usb in 149 operation failed.
[  195.829400][   T10] gp8psk: failed to get FPGA version
[  195.829718][   T10] gp8psk: usb out operation failed.
[  195.829742][   T10] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  195.829782][   T10] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  195.928486][   T10] usb 1-1: USB disconnect, device number 4
[  196.857922][   T61] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  196.857976][ [  196.857976][   T61] CPU: 1 UID: 0 PID: 61 Comm: kworker/u9:0 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  196.858006][   T61] Tainted: [L]=SOFTLOCKUP
[  196.858013][   T61] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  196.858026][   T61] Workqueue: hci0 hci_rx_work
[  196.858082][   T61] Call Trace:
[  196.858094][   T61]  <TASK>
[  196.858104][   T61]  dump_stack_lvl+0xe8/0x150
[  196.858139][   T61]  sysfs_create_dir_ns+0x271/0x2a0
[  196.858163][   T61]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  196.858188][   T61]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  196.858214][   T61]  ? rt_spin_unlock+0x160/0x200
[  196.858239][   T61]  kobject_add_internal+0x631/0xd10
[  196.858267][   T61]  kobject_add+0x163/0x240
[  196.858303][   T61]  ? __pfx_kobject_add+0x10/0x10
[  196.858342][   T61]  ? get_device_parent+0x370/0x3a0
[  196.858378][   T61]  device_add+0x408/0xb80
[  196.858413][   T61]  hci_conn_add_sysfs+0xd5/0x210
[  196.858444][   T61]  le_conn_complete_evt+0xf1d/0x1430
[  196.858487][   T61]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  196.858520][   T61]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  196.858549][   T61]  ? lockdep_hardirqs_on+0x7a/0x110
[  196.858579][   T61]  ? skb_pull_data+0xfb/0x200
[  196.858616][   T61]  hci_le_conn_complete_evt+0x187/0x470
[  196.858655][   T61]  hci_event_packet+0x7af/0x12c0
[  196.858699][   T61]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  196.858731][   T61]  ? __pfx_hci_event_packet+0x10/0x10
[  196.858756][   T61]  ? rt_spin_unlock+0x14f/0x200
[  196.858788][   T61]  ? hci_send_to_monitor+0xe2/0x590
[  196.858812][   T61]  hci_rx_work+0x3ee/0x1030
[  196.858846][   T61]  ? process_scheduled_works+0xa25/0x1830
[  196.858876][   T61]  process_scheduled_works+0xb02/0x1830
[  196.858933][   T61]  ? __pfx_process_scheduled_works+0x10/0x10
[  196.858967][   T61]  ? assign_work+0x3d5/0x5e0
[  196.859001][   T61]  worker_thread+0xa50/0xfc0
[  196.859057][   T61]  kthread+0x388/0x470
[  196.859077][   T61]  ? __pfx_worker_thread+0x10/0x10
[  196.859102][   T61]  ? __pfx_kthread+0x10/0x10
[  196.859125][   T61]  ret_from_fork+0x51e/0xb90
[  196.859159][   T61]  ? __pfx_ret_from_fork+0x10/0x10
[  196.859182][   T61]  ? __switch_to+0xc7d/0x1450
[  196.859207][   T61]  ? __pfx_kthread+0x10/0x10
[  196.859225][   T61]  ret_from_fork_asm+0x1a/0x30
[  196.859251][   T61]  </TASK>
[  196.859276][   T61] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  196.859312][   T61] Bluetooth: hci0: failed to register connection device
[  196.868983][   T61] ==================================================================
[  196.868999][   T61] BUG: KASAN: slab-use-after-free in l2cap_sock_ready_cb+0xd6/0x160
[  196.869033][   T61] Read of size 8 at addr ffff88802a855200 by task kworker/u9:0/61
[  196.869050][   T61] 
[  196.869064][   T61] CPU: 1 UID: 0 PID: 61 Comm: kworker/u9:0 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  196.869094][   T61] Tainted: [L]=SOFTLOCKUP
[  196.869101][   T61] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  196.869115][   T61] Workqueue: hci0 hci_rx_work
[  196.869141][   T61] Call Trace:
[  196.869148][   T61]  <TASK>
[  196.869156][   T61]  dump_stack_lvl+0xe8/0x150
[  196.869186][   T61]  print_report+0xba/0x230
[  196.869211][   T61]  ? l2cap_sock_ready_cb+0xd6/0x160
[  196.869234][   T61]  kasan_report+0x117/0x150
[  196.869267][   T61]  ? l2cap_sock_ready_cb+0xd6/0x160
[  196.869294][   T61]  l2cap_sock_ready_cb+0xd6/0x160
[  196.869317][   T61]  l2cap_le_start+0x25b/0x1750
[  196.869349][   T61]  ? __pfx_l2cap_le_start+0x10/0x10
[  196.869379][   T61]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  196.869407][   T61]  ? lockdep_hardirqs_on+0x7a/0x110
[  196.869435][   T61]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  196.869462][   T61]  ? mutex_lock_nested+0x152/0x1d0
[  196.869483][   T61]  ? l2cap_connect_cfm+0x7fc/0x1390
[  196.869505][   T61]  l2cap_connect_cfm+0x83d/0x1390
[  196.869530][   T61]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  196.869550][   T61]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  196.869577][   T61]  ? lockdep_hardirqs_on+0x7a/0x110
[  196.869604][   T61]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  196.869632][   T61]  ? mutex_lock_nested+0x152/0x1d0
[  196.869652][   T61]  ? hci_connect_cfm+0x2c/0x140
[  196.869681][   T61]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  196.869712][   T61]  hci_connect_cfm+0x95/0x140
[  196.869743][   T61]  le_conn_complete_evt+0xf65/0x1430
[  196.869780][   T61]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  196.869812][   T61]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  196.869839][   T61]  ? lockdep_hardirqs_on+0x7a/0x110
[  196.869861][   T61]  ? skb_pull_data+0xfb/0x200
[  196.869891][   T61]  hci_le_conn_complete_evt+0x187/0x470
[  196.869922][   T61]  hci_event_packet+0x7af/0x12c0
[  196.869945][   T61]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  196.869971][   T61]  ? __pfx_hci_event_packet+0x10/0x10
[  196.869994][   T61]  ? rt_spin_unlock+0x14f/0x200
[  196.870020][   T61]  ? hci_send_to_monitor+0xe2/0x590
[  196.870041][   T61]  hci_rx_work+0x3ee/0x1030
[  196.870065][   T61]  ? process_scheduled_works+0xa25/0x1830
[  196.870094][   T61]  process_scheduled_works+0xb02/0x1830
[  196.870132][   T61]  ? __pfx_process_scheduled_works+0x10/0x10
[  196.870160][   T61]  ? assign_work+0x3d5/0x5e0
[  196.870186][   T61]  worker_thread+0xa50/0xfc0
[  196.870224][   T61]  kthread+0x388/0x470
[  196.870244][   T61]  ? __pfx_worker_thread+0x10/0x10
[  196.870271][   T61]  ? __pfx_kthread+0x10/0x10
[  196.870291][   T61]  ret_from_fork+0x51e/0xb90
[  196.870319][   T61]  ? __pfx_ret_from_fork+0x10/0x10
[  196.870345][   T61]  ? __switch_to+0xc7d/0x1450
[  196.870371][   T61]  ? __pfx_kthread+0x10/0x10
[  196.870391][   T61]  ret_from_fork_asm+0x1a/0x30
[  196.870417][   T61]  </TASK>
[  196.870425][   T61] 
[  196.870430][   T61] Allocated by task 6451:
[  196.870439][   T61]  kasan_save_track+0x3e/0x80
[  196.870466][   T61]  __kasan_kmalloc+0x93/0xb0
[  196.870493][   T61]  __kmalloc_noprof+0x3e7/0x7b0
[  196.870518][   T61]  sk_prot_alloc+0xe7/0x210
[  196.870539][   T61]  sk_alloc+0x3a/0x390
[  196.870559][   T61]  bt_sock_alloc+0x3b/0x310
[  196.870582][   T61]  l2cap_sock_create+0x147/0x330
[  196.870602][   T61]  bt_sock_create+0x163/0x240
[  196.870628][   T61]  __sock_create+0x4b2/0x9d0
[  196.870645][   T61]  __sys_socket+0xd6/0x1b0
[  196.870662][   T61]  __x64_sys_socket+0x7a/0x90
[  196.870678][   T61]  do_syscall_64+0x14d/0xf80
[  196.870713][   T61]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  196.870730][   T61] 
[  196.870735][   T61] Freed by task 6447:
[  196.870744][   T61]  kasan_save_track+0x3e/0x80
[  196.870774][   T61]  kasan_save_free_info+0x46/0x50
[  196.870792][   T61]  __kasan_slab_free+0x5c/0x80
[  196.870818][   T61]  kfree+0x1c1/0x6c0
[  196.870839][   T61]  __sk_destruct+0x626/0x880
[  196.870863][   T61]  l2cap_sock_release+0x1c1/0x270
[  196.870881][   T61]  sock_close+0xc3/0x240
[  196.870896][   T61]  __fput+0x461/0xa90
[  196.870917][   T61]  task_work_run+0x1d9/0x270
[  196.870936][   T61]  exit_to_user_mode_loop+0xed/0x480
[  196.870964][   T61]  do_syscall_64+0x32d/0xf80
[  196.870989][   T61]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  196.871007][   T61] 
[  196.871012][   T61] The buggy address belongs to the object at ffff88802a855000
[  196.871012][   T61]  which belongs to the cache kmalloc-2k of size 2048
[  196.871029][   T61] The buggy address is located 512 bytes inside of
[  196.871029][   T61]  freed 2048-byte region [ffff88802a855000, ffff88802a855800)
[  196.871049][   T61] 
[  196.871054][   T61] The buggy address belongs to the physical page:
[  196.871071][   T61] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a850
[  196.871089][   T61] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  196.871105][   T61] flags: 0x80000000000040(head|node=0|zone=1)
[  196.871126][   T61] page_type: f5(slab)
[  196.871148][   T61] raw: 0080000000000040 ffff88813fe1d000 dead000000000100 dead000000000122
[  196.871165][   T61] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[  196.871183][   T61] head: 0080000000000040 ffff88813fe1d000 dead000000000100 dead000000000122
[  196.871200][   T61] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[  196.871215][   T61] head: 0080000000000003 ffffea0000aa1401 00000000ffffffff 00000000ffffffff
[  196.871229][   T61] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  196.871239][   T61] page dumped because: kasan: bad access detected
[  196.871257][   T61] page_owner tracks the page as allocated
[  196.871264][   T61] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 13287875175, free_ts 0
[  196.871298][   T61]  post_alloc_hook+0x231/0x280
[  196.871327][   T61]  get_page_from_freelist+0x28bb/0x2950
[  196.871346][   T61]  __alloc_frozen_pages_noprof+0x18d/0x380
[  196.871364][   T61]  allocate_slab+0x77/0x660
[  196.871383][   T61]  refill_objects+0x334/0x3c0
[  196.871399][   T61]  __pcs_replace_empty_main+0x328/0x5f0
[  196.871418][   T61]  __kmalloc_cache_noprof+0x44e/0x690
[  196.871442][   T61]  usb_create_ep_devs+0x59/0x230
[  196.871455][   T61]  usb_set_configuration+0x1bc7/0x2110
[  196.871479][   T61]  usb_generic_driver_probe+0x8d/0x150
[  196.871503][   T61]  usb_probe_device+0x1c4/0x3b0
[  196.871518][   T61]  really_probe+0x267/0xaf0
[  196.871535][   T61]  __driver_probe_device+0x18c/0x320
[  196.871551][   T61]  driver_probe_device+0x4f/0x240
[  196.871589][   T61]  __device_attach_driver+0x2d4/0x4c0
[  196.871609][   T61]  bus_for_each_drv+0x25b/0x2f0
[  196.871631][   T61] page_owner free stack trace missing
[  196.871639][   T61] 
[  196.871643][   T61] Memory state around the buggy address:
[  196.871654][   T61]  ffff88802a855100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  196.871669][   T61]  ffff88802a855180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  196.871682][   T61] >ffff88802a855200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  196.871700][   T61]                    ^
[  196.871710][   T61]  ffff88802a855280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  196.871723][   T61]  ffff88802a855300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  196.871733][   T61] ==================================================================
[  196.882103][   T61] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  196.882129][   T61] CPU: 0 UID: 0 PID: 61 Comm: kworker/u9:0 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  196.882159][   T61] Tainted: [L]=SOFTLOCKUP
[  196.882166][   T61] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  196.882180][   T61] Workqueue: hci0 hci_rx_work
[  196.882218][   T61] Call Trace:
[  196.882227][   T61]  <TASK>
[  196.882236][   T61]  vpanic+0x56c/0xa60
[  196.882272][   T61]  ? __pfx_vpanic+0x10/0x10
[  196.882307][   T61]  panic+0xc5/0xd0
[  196.882335][   T61]  ? __pfx_panic+0x10/0x10
[  196.882365][   T61]  ? preempt_schedule_thunk+0x16/0x30
[  196.882392][   T61]  ? preempt_schedule_thunk+0x16/0x30
[  196.882416][   T61]  ? l2cap_sock_ready_cb+0xd6/0x160
[  196.882440][   T61]  check_panic_on_warn+0x89/0xb0
[  196.882462][   T61]  ? l2cap_sock_ready_cb+0xd6/0x160
[  196.882485][   T61]  end_report+0x73/0x180
[  196.882516][   T61]  ? l2cap_sock_ready_cb+0xd6/0x160
[  196.882539][   T61]  kasan_report+0x128/0x150
[  196.882570][   T61]  ? l2cap_sock_ready_cb+0xd6/0x160
[  196.882598][   T61]  l2cap_sock_ready_cb+0xd6/0x160
[  196.882623][   T61]  l2cap_le_start+0x25b/0x1750
[  196.882659][   T61]  ? __pfx_l2cap_le_start+0x10/0x10
[  196.882692][   T61]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  196.882720][   T61]  ? lockdep_hardirqs_on+0x7a/0x110
[  196.882747][   T61]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  196.882774][   T61]  ? mutex_lock_nested+0x152/0x1d0
[  196.882795][   T61]  ? l2cap_connect_cfm+0x7fc/0x1390
[  196.882817][   T61]  l2cap_connect_cfm+0x83d/0x1390
[  196.882842][   T61]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  196.882862][   T61]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  196.882890][   T61]  ? lockdep_hardirqs_on+0x7a/0x110
[  196.882917][   T61]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  196.882945][   T61]  ? mutex_lock_nested+0x152/0x1d0
[  196.882965][   T61]  ? hci_connect_cfm+0x2c/0x140
[  196.882994][   T61]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  196.883015][   T61]  hci_connect_cfm+0x95/0x140
[  196.883046][   T61]  le_conn_complete_evt+0xf65/0x1430
[  196.883083][   T61]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  196.883114][   T61]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  196.883142][   T61]  ? lockdep_hardirqs_on+0x7a/0x110
[  196.883170][   T61]  ? skb_pull_data+0xfb/0x200
[  196.883212][   T61]  hci_le_conn_complete_evt+0x187/0x470
[  196.883246][   T61]  hci_event_packet+0x7af/0x12c0
[  196.883275][   T61]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  196.883304][   T61]  ? __pfx_hci_event_packet+0x10/0x10
[  196.883328][   T61]  ? rt_spin_unlock+0x14f/0x200
[  196.883354][   T61]  ? hci_send_to_monitor+0xe2/0x590
[  196.883376][   T61]  hci_rx_work+0x3ee/0x1030
[  196.883405][   T61]  ? process_scheduled_works+0xa25/0x1830
[  196.883434][   T61]  process_scheduled_works+0xb02/0x1830
[  196.883475][   T61]  ? __pfx_process_scheduled_works+0x10/0x10
[  196.883506][   T61]  ? assign_work+0x3d5/0x5e0
[  196.883534][   T61]  worker_thread+0xa50/0xfc0
[  196.883575][   T61]  kthread+0x388/0x470
[  196.883596][   T61]  ? __pfx_worker_thread+0x10/0x10
[  196.883623][   T61]  ? __pfx_kthread+0x10/0x10
[  196.883644][   T61]  ret_from_fork+0x51e/0xb90
[  196.883673][   T61]  ? __pfx_ret_from_fork+0x10/0x10
[  196.883700][   T61]  ? __switch_to+0xc7d/0x1450
[  196.883726][   T61]  ? __pfx_kthread+0x10/0x10
[  196.883746][   T61]  ret_from_fork_asm+0x1a/0x30
[  196.883773][   T61]  </TASK>
[  196.884062][   T61] Kernel Offset: disabled