last executing test programs:

13m39.226903216s ago: executing program 0 (id=503):
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000000940)=[{{&(0x7f0000000180), 0x80, &(0x7f00000005c0)=[{&(0x7f0000000040)=""/19, 0x6d}, {&(0x7f00000009c0)=""/71, 0x47}, {&(0x7f00000002c0)=""/59, 0x3b}, {&(0x7f0000000340)=""/210, 0xd2}, {&(0x7f0000000440)=""/249, 0xf9}, {&(0x7f0000000540)=""/92, 0x5c}], 0x6}, 0x4}, {{&(0x7f0000000640)=@pppol2tp, 0x80, &(0x7f0000000800)=[{&(0x7f00000006c0)=""/186, 0xba}, {&(0x7f0000000780)=""/15, 0xf}, {&(0x7f00000007c0)=""/47, 0x2f}], 0x3, &(0x7f0000000840)=""/247, 0xf7}, 0x9}], 0x2, 0x2082, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x5)
r3 = openat(0xffffffffffffff9c, 0x0, 0x40042, 0x1ff)
syz_emit_ethernet(0x4a, &(0x7f00000000c0)=ANY=[@ANYBLOB="cf599d3baed500000000000086dd60f2000000142c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa00024e21", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="df8ec46d6eae54998d3e53657e449e44deb36f78a2f57e8dbfd3a00d8cec60b3a0c8334a68e8a508b40e176790f0da23b8371118"], 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa11000001"], 0x0)
close(r3)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x3)
r4 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x1, 0x1)
fchdir(r5)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
getdents(0xffffffffffffffff, &(0x7f0000000300)=""/56, 0x38)
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3986dd6c370c8900082b010000000000"], 0x0)
recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
syz_open_dev$usbmon(&(0x7f0000000000), 0x7fffffff, 0x0)
io_setup(0x1ff, &(0x7f0000001380))

13m38.071578268s ago: executing program 0 (id=506):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_int(r0, 0x29, 0x10, 0x0, 0x0)

13m37.786286016s ago: executing program 0 (id=510):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, 0x0, 0x4000800)
sendmsg$IPSET_CMD_DESTROY(r0, 0x0, 0x1)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f00000003c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xe8, 0xe8, 0x8, [@fwd={0x9}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x5, 0x5, 0xffff}}, @fwd={0x4}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x3, 0x20}}, @float={0xa, 0x0, 0x0, 0x10, 0x10}, @enum={0xc, 0x4, 0x0, 0x6, 0x4, [{0x8, 0x8}, {0xa, 0x2}, {0xf, 0x3ad}, {0x10, 0x400}]}, @float={0x114, 0x0, 0x0, 0x10, 0x4}, @enum={0x1, 0xa, 0x0, 0x6, 0x4, [{0xb, 0x2}, {0xa, 0x200}, {0xb, 0x1}, {0xf, 0x8}, {0x7, 0x2}, {0xc, 0x4}, {0x1, 0x3}, {0x9, 0x400}, {0x7, 0x10}, {0x5, 0x800}]}]}, {0x0, [0x2e, 0x2e, 0x61, 0x5f, 0x2e, 0x2e]}}, &(0x7f0000000100)=""/92, 0x108, 0x5c, 0x0, 0x5}, 0x28)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f00000001c0)={0x5, 0x1000000})
r2 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000140), 0x10)
sendmsg$nl_route(r2, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000640)=@ipv4_delroute={0x24, 0x18, 0x901, 0x0, 0x0, {0x2, 0x18, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x6}, [@RTA_DST={0x8, 0x1, @rand_addr=0x64010102}]}, 0x24}}, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f0000000040))

13m33.974245486s ago: executing program 0 (id=515):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0a00000004000000dd0000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x16, 0x4, &(0x7f0000000480)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7b}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000040007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0xa)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x3, &(0x7f0000000000)=@framed={{}, [], {0x95, 0x0, 0x700}}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa}, 0x94)

13m33.452780692s ago: executing program 0 (id=519):
r0 = socket$isdn_base(0x22, 0x3, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)=0x8, 0x12)
close(0xffffffffffffffff)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x74, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f000001a180)=@newtfilter={0x754, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xa}, {0xfff1}, {0xffff}}, [@filter_kind_options=@f_flow={{0x9}, {0x724, 0x2, [@TCA_FLOW_PERTURB={0x8}, @TCA_FLOW_ADDEND={0x8, 0x5, 0x3ff}, @TCA_FLOW_XOR={0x8, 0x7, 0xffffffff}, @TCA_FLOW_RSHIFT={0x8, 0x4, 0x5}, @TCA_FLOW_ADDEND={0x8, 0x5, 0x7}, @TCA_FLOW_EMATCHES={0x1f0, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0xe4, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x14, 0x2, 0x0, 0x0, {{0x0, 0x9, 0x4}, [@TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x2}]}}, @TCF_EM_CANID={0x14, 0x3, 0x0, 0x0, {{0x200, 0x7, 0x6}, {{0x4, 0x0, 0x0, 0x1}, {0x0, 0x1}}}}, @TCF_EM_META={0xa8, 0x2, 0x0, 0x0, {{0x1ff, 0x4, 0x200}, [@TCA_EM_META_RVALUE={0x21, 0x3, [@TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_VAR="2511b556", @TCF_META_TYPE_VAR="a9eaf3", @TCF_META_TYPE_INT=0x8, @TCF_META_TYPE_VAR, @TCF_META_TYPE_VAR="40726de557a3c7afc898", @TCF_META_TYPE_INT=0x3]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x7, 0x4, 0x1}, {0x5d09, 0x30, 0x63990288ea87c10d}}}, @TCA_EM_META_LVALUE={0xe, 0x2, [@TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_VAR="a7c7", @TCF_META_TYPE_INT=0x6]}, @TCA_EM_META_RVALUE={0x0, 0x3, [@TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_VAR="ee09d0c720c2", @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_VAR, @TCF_META_TYPE_VAR]}, @TCA_EM_META_RVALUE={0x11, 0x3, [@TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_INT, @TCF_META_TYPE_VAR="c6", @TCF_META_TYPE_INT=0x8]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x6, 0x2, 0x2}, {0x8, 0x2}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0xf7, 0xd, 0x1}, {0x3, 0x3, 0x1}}}, @TCA_EM_META_LVALUE={0x0, 0x2, [@TCF_META_TYPE_VAR="79b3e017ea34e8", @TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_VAR="8956c87b22", @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_VAR="d21e60303c44473910", @TCF_META_TYPE_VAR="cde2df52484fb7"]}, @TCA_EM_META_RVALUE={0x10, 0x3, [@TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_INT=0x7]}]}}, @TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x7, 0x8, 0x7}, {0x3, 0x0, 0x1}}}]}, @TCA_EMATCH_TREE_LIST={0x108, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xd8, 0x2, 0x0, 0x0, {{0x8, 0x0, 0x3}, "588c6ff11c70ce501933cece2efbcca7aba2ebd3b3c16d4916cdbab5caca30c13a3d682562002e1a13a524c6970d449f1dfb8db24125f063f83892e9a49c938575b7baa26a5ce057371f5c41c6a7a6aaa5adcfad62b664d9b61d46bdbbc6a5352fe57c59d804ff70968390759cc5e659ab0376a118a3021503be429499ad79d27599a95a7e2ca2e4baaf976a8bb8fed4b8925ac1bcc281174e057b367a45439cc8b56f8fda02324a884514e191a7475bc16fed9f9b19d268bbbd66a5c27f8f9696279162865e5a27a4"}}, @TCF_EM_IPT={0x2c, 0x1, 0x0, 0x0, {{0xa, 0x9, 0x88}, [@TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x4}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x3}, @TCA_EM_IPT_HOOK={0x8}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x2}]}}]}]}, @TCA_FLOW_POLICE={0x4f0, 0xa, 0x0, 0x1, [@TCA_POLICE_TBF={0x3c, 0x1, {0xddb8, 0x5, 0x1764, 0x5, 0x4, {0x7, 0x2, 0x400, 0x3, 0x8, 0x10001}, {0x0, 0x1, 0xe86e, 0xf5a0, 0x3, 0x3}, 0xfffff9e5, 0xffffffff, 0x4}}, @TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0x0, 0x0, 0x8, 0x7, {0xc, 0x3, 0x7f, 0x9, 0x6}, {0x80, 0x0, 0x7fff, 0x2, 0x100, 0x2}, 0x1, 0x10, 0x101}}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x6}, @TCA_POLICE_AVRATE={0x8}, @TCA_POLICE_RATE64={0xc, 0x8, 0x9}, @TCA_POLICE_RATE={0xffffffffffffff4d, 0x2, [0x9, 0x10001, 0x1, 0x7, 0x1, 0x2, 0xfffffff4, 0x4, 0xfffffff7, 0x2, 0x1, 0x2, 0x7fffffff, 0x1a, 0x8, 0x3, 0x5, 0xffff, 0x8, 0xffffffff, 0x6, 0x401, 0x80a, 0x5a, 0x4, 0x9, 0x3ff, 0x893, 0xff, 0xdcad, 0xfffffffd, 0x8, 0x5, 0x5, 0x10000, 0x2, 0x9, 0x1000, 0x2, 0x9a, 0x3, 0x7, 0x6, 0x1ff, 0xffffff80, 0x7fffffff, 0x3739, 0x1, 0x8, 0x7, 0x8000, 0x0, 0x1ff, 0x0, 0x0, 0xc2e, 0x8, 0x3a6e8843, 0x8, 0x6e5, 0x0, 0x42, 0x5, 0x9, 0x7, 0xf15, 0x2, 0x5, 0xffffffff, 0xc92, 0x10001, 0xc0, 0x5, 0x9, 0x0, 0x4d, 0x8, 0x0, 0xdb05, 0x6, 0x5, 0x0, 0x7, 0x1, 0x4, 0x4, 0x5, 0x0, 0x1ff, 0x2, 0x2, 0xdd, 0x1, 0xfffffffd, 0x7, 0xb, 0xfffff000, 0x10000, 0x40, 0xfa, 0x7f, 0x4, 0x6, 0x1, 0x5f9, 0x3, 0x6, 0x5e, 0xffffffff, 0x8b02, 0x8, 0x8, 0x8001, 0x2, 0x80000001, 0x6, 0x1, 0x100, 0x8000, 0xb06, 0x5, 0x8, 0x3, 0x101, 0x6, 0x986bc1e, 0x3, 0x3, 0xff, 0x2, 0x4, 0xba, 0x2, 0x8001, 0x3, 0x8, 0xad85, 0x3, 0xd, 0x24000, 0x7f, 0x1fd, 0x7fff, 0xd, 0x375236e1, 0x10001, 0xe743, 0x3, 0x8, 0xb, 0x8, 0x5, 0x5, 0x5, 0x400, 0xfffffffb, 0x5, 0x6, 0xfffffffa, 0x3ff, 0x401, 0x72d, 0x7, 0x6, 0x81, 0x3, 0x4, 0x7, 0x9, 0x9, 0x4, 0x970, 0xd3dd, 0x80000000, 0x4, 0x9, 0x50, 0x6, 0x9, 0x0, 0xffff81a9, 0x4, 0x2, 0x10001, 0x7, 0x7, 0xd, 0x134, 0x1, 0x5, 0xf, 0xff, 0x8, 0x8, 0x8000, 0x1, 0xfffffffb, 0x1, 0x1, 0x200, 0x2, 0x800, 0x7f, 0x2, 0x7, 0xad27, 0x9, 0x0, 0x2, 0x5, 0x6, 0x0, 0x6, 0x5, 0x2, 0x200, 0x8, 0x7, 0x5, 0x4, 0x3, 0xff, 0x6e34, 0x7, 0x81, 0x1, 0x7, 0xe, 0xe, 0x1, 0x63, 0x4, 0x7, 0x9, 0x5, 0x0, 0x8, 0x6a1, 0x585, 0x9, 0x4, 0x1, 0x9, 0x34bc, 0xa, 0x11c, 0x6, 0x0, 0x6, 0x9, 0x3fe000, 0x6, 0x2, 0x6, 0xc752, 0x7]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x1}, @TCA_POLICE_AVRATE={0x8, 0x4, 0xfffffff8}, @TCA_POLICE_TBF={0x3c, 0x1, {0xc526, 0x10000002, 0x2, 0x67, 0x10, {0x5, 0x1, 0x7, 0xd, 0xd7d, 0x2}, {0x3, 0x2, 0x2, 0x0, 0x8ae}, 0x7fff, 0x6295, 0x10000}}]}, @TCA_FLOW_KEYS={0x8, 0x1, 0x7b5a}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x7ff}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}]}, 0x754}, 0x1, 0x0, 0x0, 0x8080}, 0x4800)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="9feb010018000000000000000c00000b0c000000070000001000000000000002020000000000612e002e00"], &(0x7f0000019600)=""/202, 0x2b, 0xca, 0x1, 0x80000001}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f0000019700)=ANY=[@ANYBLOB="1e00000003000000faffffff0200000002000000", @ANYRES32, @ANYBLOB="0500"/20, @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="0400000005000000010000000a000000000000000000"], 0x50)
r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000040)=0x10)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x3}, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r4, 0x8922, &(0x7f0000000180)={'veth1_vlan\x00', 0x2})
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r8 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r8, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c)
sendmmsg(r8, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000002c0)="ee", 0x1}], 0x1}}], 0x1, 0x9200000000000000)
r9 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DEST(r8, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20001000}, 0xc, &(0x7f0000000180)={&(0x7f0000019800)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="00032bbd7000fddbdf250700000048000180080005000100000008000500020000000600020087000000060002000c00000008000b00736970000600010002000000140003000a0101020000000c0000000000000000540003801400060000000000000000060000000000000000080003000200000006000400400000001400020076657468315f766972745f7769666900080005000a010102050008000f000000050008000900000044000380140002007665746831000000000000000000000006000400850500000800030004000000080001000100000014000200767863616e31000000000000000000003800018014000300ac1ee7010000000000000000000000000800090036000000060004004e220000080005000000000008000500010000005c000180080008002101000008000b0073697000080009005e00000014000300ac1e00010000000000000000000000000c0007008d625f54080000000800050000000000080008000010000008000500030000000800060073656400080004000400000008000400faffffff08000500050000004c5e050090000000", @ANYRESOCT=r4, @ANYRESDEC=r5, @ANYRESHEX=r2, @ANYRES32=r0, @ANYRES8=r5], 0x1a8}, 0x1, 0x0, 0x0, 0x40}, 0x8000)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000540)={r3, r2, 0x24, 0x0, @val=@uprobe_multi={&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)=[0xa8d0, 0x57226e55, 0x2, 0x1], &(0x7f0000000500)=[0x5, 0x4, 0x2], 0x3, 0x4, 0x1, r5}}, 0x40)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r10 = socket(0x15, 0x5, 0x0)
getsockopt(r10, 0x112, 0x270c, &(0x7f0000000600)=""/102389, &(0x7f00000197c0)=0x18ff5)

13m30.630229152s ago: executing program 0 (id=528):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800"/16], &(0x7f0000000300)='syzkaller\x00', 0x9, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)={0xb4, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x44, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @local}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xb4}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@getchain={0x24, 0x66, 0xfcd66a900070b359, 0x78bd27, 0x0, {0x0, 0x0, 0x0, 0x0, {0xfff3}, {0xfff3}, {0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x44)

13m14.475515122s ago: executing program 32 (id=528):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800"/16], &(0x7f0000000300)='syzkaller\x00', 0x9, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)={0xb4, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x44, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @local}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xb4}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@getchain={0x24, 0x66, 0xfcd66a900070b359, 0x78bd27, 0x0, {0x0, 0x0, 0x0, 0x0, {0xfff3}, {0xfff3}, {0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x44)

7m25.663233427s ago: executing program 5 (id=1336):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$mouse(&(0x7f0000000080), 0x81, 0x181800)
rseq(&(0x7f0000000300)={0x0, 0x0, 0x0, 0x2}, 0x20, 0x0, 0x0)
rt_sigprocmask(0x2, &(0x7f0000000040)={[0x6d285c1d]}, 0x0, 0x8)
r1 = gettid()
rt_sigtimedwait(&(0x7f00000001c0)={[0xfffffffffffffffd]}, &(0x7f0000000200), 0x0, 0x8)
tkill(r1, 0x1f)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1a, 0x0, &(0x7f0000000340))
r2 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000100)={0x2e5, 0x3, 0xfff, 0x7}, 0x10)
rt_sigqueueinfo(0x0, 0x21, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[@ANYBLOB="8c010000", @ANYRES16=r5, @ANYBLOB="010100000000bef4bb7d2b00000008000300", @ANYRES32=r6, @ANYBLOB="04004600050034006e000000080026006c090000240051802000008009000100dba06c89140000000500020003000000080003000aac0f0038015180580000800800030005ac0f00110001008282ea56e0ae7ecfb43bd2fd4e00000009000100fb58e3068000000004000600110001005a23795149c1b58f3abe063e9300000009000100e7fb38035900000005000200010000001c00008004000500110001009dd086e2e163b00839a24fe46e000000080000800400060004000080340000800800030005ac0f0008000700020000000800030001ac0f000d000400a6f060c4a1da571c6c00000005000900400000004c0000800400060024000880040001000400020004000200040002000400010004000200040001000400020009000100484a80089d0000000800030005ac0f0009000100c1f9b7e0b20000003400008004000600040005000500090002000000040005000e000400e274b381935eca9f57070000040006000500090002000000"], 0x18c}}, 0x4800)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
memfd_create(0x0, 0x2)
read$FUSE(r2, &(0x7f0000004d80)={0x2020}, 0x2020)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x50)
r7 = userfaultfd(0x801)
r8 = userfaultfd(0x0)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})

7m23.961477735s ago: executing program 5 (id=1340):
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x1c})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x200000000000000, 0x6040000})

7m21.516261767s ago: executing program 5 (id=1347):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000c010000000079104820000000f15700000000004daaf5267708ef5eb6ed"], 0x0, 0x5, 0xc6, &(0x7f0000000400)=""/198, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000900)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x8c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x64, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x2c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x100}}, 0x0)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000540)={&(0x7f0000000180)=[0x0, 0x0], &(0x7f0000000480)=[{}, {}], 0x0, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2, 0x0, 0x2})
r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
r8 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r8, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r8, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r9=>0x0], 0x1})
syz_emit_vhci(&(0x7f0000000600)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0x39}, {0x4, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x2, 0x5, 0x3, "f2efff"}, {@any, 0x6, 0x0, 0x3, "a03acd", 0x2}, {@none, 0x1, 0x5, 0x7, "a19686", 0x6}, {@any, 0x9, 0xfa, 0x7, "d92ef9", 0x5}]}}}, 0x3c)
ioctl$DRM_IOCTL_MODE_GETPLANE(r8, 0xc02064b6, &(0x7f0000000180)={r9, <r10=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000200)=[r7, r9, r10], 0x3})
pivot_root(&(0x7f0000000000)='.\x00', &(0x7f0000000080)='./file0/../file0\x00')
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r0, 0xc01064ab, &(0x7f00000005c0)={0x80000000, 0x0, r7})
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)=@o_path={&(0x7f0000000040)='./file0\x00', r1, 0x4000, r1}, 0x18)
syz_usb_connect(0x3, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000e0864040ac05d2a916950102030109021200010000000009045b0000ff01010085413270c8aa7d5fbd248272d0cff3b04610ad95fecf92820aae6aed8c419bb215115be760157613e7606820303fc57cc5c6ac127ba76cf82e57c68d9f53cfd0383dc54f10093d6b04887939042cd00d5e2ec7c23c873dafb22d8f0db1d0fd0f5d0d68f51b85e97b03caefedc22152f734b9df558f445f3757fbbb036b2300513c5a07993dc9a002da84e3229f2b7a77795f4683b10198"], 0x0)

7m17.597698492s ago: executing program 5 (id=1354):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0)
ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000000)={0xb070, 0xffffffff, 0x7e38, 0x3, 0x7f, "05e5ce9c294a2b0ee2c092d21d7642d7a3ef28", 0xfd, 0x69})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000893000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000000)="0f20c06635000001000f22c00f01c36565d804f0115b00660fd9430d0f3a0fcc35f20f38f14029f20fc24686490e", 0x2e}], 0x1, 0x8, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

7m15.503870877s ago: executing program 5 (id=1361):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x5, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x5, 0x93, &(0x7f0000000100)=""/147, 0x41000, 0x40}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="040ed7e54e"], 0x7)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
bind$xdp(0xffffffffffffffff, 0x0, 0x0)
write$6lowpan_control(0xffffffffffffffff, 0x0, 0x0)
r2 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x0)
fchdir(r3)
mkdir(&(0x7f00000008c0)='./bus\x00', 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r4, &(0x7f00000000c0)=""/55, 0x37)
rename(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0)='./file0\x00')
lseek(r4, 0x3, 0x4)
memfd_create(&(0x7f00000009c0)='y\x105\xf3\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x2)

7m13.187389176s ago: executing program 5 (id=1365):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, 0x0, 0x0)
bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e23, 0x8000, @loopback}, 0x1c)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x4}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r3}, 0xc)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r4, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x1})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r4, 0x7a5, &(0x7f00000000c0)={{@my=0x0}, 0x1})
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r4, 0x7a6, &(0x7f0000000040)={0x6, 0x0, 0x295, 0xfffffffffffffe03, 0x6, 0x1})
syz_usb_disconnect(0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r5 = socket$inet6(0xa, 0x5, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000140)={@private1, 0xfffffffe, 0x0, 0xff, 0xd, 0x0, 0x2}, &(0x7f0000000040)=0xfffffffffffffe0d)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x11}, 0x94)
ioctl$VIDIOC_S_SELECTION(0xffffffffffffffff, 0xc040565f, 0x0)

6m57.51980101s ago: executing program 33 (id=1365):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e)
r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, 0x0, 0x0)
bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e23, 0x8000, @loopback}, 0x1c)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x4}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r3}, 0xc)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r4, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x1})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r4, 0x7a5, &(0x7f00000000c0)={{@my=0x0}, 0x1})
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r4, 0x7a6, &(0x7f0000000040)={0x6, 0x0, 0x295, 0xfffffffffffffe03, 0x6, 0x1})
syz_usb_disconnect(0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r5 = socket$inet6(0xa, 0x5, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000140)={@private1, 0xfffffffe, 0x0, 0xff, 0xd, 0x0, 0x2}, &(0x7f0000000040)=0xfffffffffffffe0d)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x11}, 0x94)
ioctl$VIDIOC_S_SELECTION(0xffffffffffffffff, 0xc040565f, 0x0)

2m22.071207662s ago: executing program 2 (id=1984):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000002300)={'wlan1\x00', <r2=>0x0})
ioctl$PIO_FONTX(0xffffffffffffffff, 0x4b6c, &(0x7f0000000040)={0x1e1, 0x18, &(0x7f0000000380)="dc889922fb22d4850e8e56fb28e5dc137a6a61da504748322c3341c0c0f45650aac0d776ab51529f92933015541ac1248966e5f2beaf89ba3fe1fb902d967bdaee055c5a93e9ae4e7acdee5fbf23054c1e29c8a768d87918ac18e1bbaef8861f5cf0d698fe7a03092471600d0065a395e65373eac7640cc4efca28d8407badf206b33d6d1af27548d715b2c3ab25ad759e11e784ec368204f51e86b715177494f0c46558d28d9199dda73203492494ed709e57fd84016c83b0c20c28002ca97da87441bc083cbfc3e2d0f0ec9a06176a6d52f76100d5f926e221b70f9584542a1d08f49c2ebf23a18bb683be7681fa715ee49fac164642f960773073597d8d7a4de6b21137dd8e3be92b7988eb203a5cb6cb1be2ab1d810b64d3effa08a698475b51c7ec2a1401c81fcd120942023296c13bf1b1707a9ca79b4c6f51a346b4468c2e9c96e44e5af22eb642196b961de09c260b735e1c90db5d18496d9cef782957dad5ef96b5721ae844801aad4ae34fe4a1636a406d1d01ca71f2b19dfd9880d8460c654c35fd5ddbf4000b5c6340103ffb94d7d50fa4b9fb0109fca236b3265f469d30cb6be6acae23a17b721851649c14fbe5890d4363f3b2d8f1682409beb24eca31772557b7f19f0972a42c90feef4fb1735c10012ac3abc7e3eafe8f3b488cfd33ccaf6561b279b7e451cf488f50e9276228df3082ca8a299ec36c73720ce14fcb5ec110018f5c3f2549c945ea340577c1c2f29e1f1475dfd93f2e662cbca311a43f4047c5c4508f531ff3e99f4d23bb1dace71383513279f0e7f5e87153a9ce627d9f9f1e76fb91b9572561bad0a81ea9d55b35656509769b6ac1a8fa683548069632a19e69b41471537902f293b9b52536dfe89f4d2a05410e049a8e10bb180ebb920caf94fa8746cb5f2121e6bd39ca14d6ef3c3fd7842ea2d73d2e159b5527c1835e1e87ea61c91fa783d15028ee0508458493c490df4f74f938ae5472acf9608c1668d553bfd8570cbaef122638919683e946811a774aee511e96b12dbccc65d159d83f756e730897732d4d2f11e96a4eb35b803831cdfcc5633853b642faf0b9780e2afd8d73c2575ae41164dfd4ccca45c0c49b854052f347ee5e76c180fd81b580f005627adf5799d37fb3051279396629e67c5f24d8731d07a742c0e9ddd0899f3ad5f1f071e1674656f356e5a9c099ff96a66fea36e49fafa082b9568764961e91df9262bba51e5ec58418f423183e067159af1d18ebc05e445ba6df3938a7076d5f334843409b5bc9016d8888573aa8fc044b2a8d80a6ad5083541d186fc81ef381f0f0c4bfb8d955200eb443515ebc37d058feb897d1dbab251785bb7a5f6dd845aa8d9a58491d4fb8dded667d8de0dac7055dd5ef8c92361e8b85c793e1c53b8225d3ad2e625e92460592db0a8b55da497110a9bcbed3"})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000140)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2m20.714595957s ago: executing program 2 (id=1987):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, 0x0, 0x0)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0xf803, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r5 = syz_open_dev$mouse(&(0x7f0000000180), 0x0, 0x2)
readv(r5, &(0x7f0000000980)=[{&(0x7f0000000000)=""/58, 0x3a}], 0x1)

2m17.792966683s ago: executing program 2 (id=1991):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r0, &(0x7f00000000c0)=0x10001, 0x12)

2m16.756418045s ago: executing program 2 (id=1996):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xc)

2m16.463560886s ago: executing program 2 (id=1998):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r0)
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000004c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01012bbd7000000000002b00000008000300", @ANYRES32=r1, @ANYBLOB="040046000500340040000000080026006c09"], 0x58}, 0x1, 0x0, 0x0, 0x4010}, 0x0)

2m12.733106723s ago: executing program 2 (id=2003):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000140000006c07010033d43cfffe800000000000000000000000000010ff02000000000000000000000000000189"], 0x340a)

2m12.493938712s ago: executing program 1 (id=2005):
socket$inet_smc(0x2b, 0x1, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x202)
fanotify_init(0x200, 0x40000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x5})
io_uring_enter(r2, 0x47f6, 0x0, 0x4, 0x0, 0x0)

2m5.720806923s ago: executing program 1 (id=2013):
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x1, 0x800001, 0x0, 0x0, 0x0)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
mlock2(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x1)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00')
pread64(r0, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000)
mount(0x0, 0x0, 0x0, 0x200c008, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

2m3.206564777s ago: executing program 1 (id=2015):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0)
write$char_usb(r0, &(0x7f00000008c0)='-0', 0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWSET={0x84, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x11}, @NFTA_SET_EXPRESSIONS={0x40, 0x12, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}, {0x14, 0x1, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}, {0x14, 0x1, 0x0, 0x1, @notrack={{0xc}, @val={0x4}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x110}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xac}}, 0x20050800)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000700)={'bond0\x00', 0x500})

1m58.28747802s ago: executing program 1 (id=2018):
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/uts\x00')
ioctl$BTRFS_IOC_BALANCE(r0, 0x5000940c, 0x200000000000000)

1m58.03299505s ago: executing program 1 (id=2020):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0xfffffffffffffe8d, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x8d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x4, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x4}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x24000815}, 0x0)
r0 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x28, r0, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x28}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'bond0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000005a80)=[{{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000001040)="1afa930cacb9483ba427fdebe35364652f11c890067ca57a50fcdad0b85702e5cc0b945016028a3cc74937f47b829ffb57197295d7a2d38761146d9d4c35dbef7bf484deb62ddaa8dcf89ed8b8ad859bbcbb4593668e5953f537a33f9a56eabd738803eb8c0b864dc8fcdae1d0f715c660d6d3f06789efb0d8b12fe29792fde455e9b5438ece90f64f47cb446e9bfb07c2e67799b96d7d4fb2f171a6e31a178fac90050470d75d8cf04b7c144928d9eff3058b39af2fe86bbeec1d595fa1d6a4767179d8f3ffd772c6b2c81a2e2b2ff16eee04798a5da71a36d642135c012a1889c8f54c6fa79fd700850aa0a242da0de1db416effebacf50b70745155816f6c1c4cea841ad36f624202e0c04da611f1d60ee3f3c8b92e9abb5433232844aa1baaba03981599e43f2ded4df3168a4dde0dc57bde58aff3e2984c686c311e47874a28b0ef899f990a98abc002b90719ea82620c66b8db5c964c996523e7bd798477dd4f25cb30f5a52c8ea87ac7829c72cf5c48f422fd402945e26cc4aa6faa11b43de6c9307dc67c9af69db6977f6d20c0c97e8e4df718cf554b0bfd516f445514316824e974ef5166910bbd3b080b764e12f5542ff11ff67250a3c078306dfed88764473ece74350e5113ea49a7a19add306b9ff3709eec943b0e8680c8eea9741dd23e3f377ef0e9d59efee73803e7293e1a870a2e46e2765c304350aa7ba907d4ad344f542919aea5fc25f9b3446b66436b4600e7b1a58d3ba1d06d0c9576e40c54caaa7a35a9f16dd6a2b49097ef76dcc41de089c4ab2763aefcdf5ed8aab0675f0bc68d908538b129632ca82871f8e165e442bef0e306e391bb53507434e4166fb91f001601be498448774c23a996406d55a170aa45a2065e61d2c967687e64ac5ff6ad3907727cd6e7474a6a022b26d2bd6b040528910794eaeb726ee91545a734bc289ff5c7f323c3abd70b001159c5ceb242c7e4880ad0a61426c67ffe52fd8160b53fe8f34c3174b88ef7ced5ab77cbd12e7f4de73d33aa7c478bf7839373f96d8367ee34607f7c227bd0b18fecb68bacbd8631e25b7b8119fec8af772f428b5f67bb362df271796b2a996faf920d5c6338c0e805ccff5cc7d057badcdf1b5f46d75a77585556cffb9cfd0364e885de2752956b80338132a3dea920b76b2834c47f61c5313203503eb96cb985f1d55ef673829cf5ad027fe49c1545bde3657fb8b12132e6e6a3df6165424b43c80938724e9ad255f16cac8c2168cd6399d883ee86afd833f0f974eb1fa8742efa42050fea8fd254dbe908058ed2b52bdb155c5c050e9dd451094df2055df14c21ab600f19beeb8e2c160b81245b83de617f91fea8e8f37231849728b19996db4746207fa0de84ca5f11dce363a0ab0bbc74a84998ab194384f4ca29ea684cc00122c1f08653bc393f5ed0ec66d1e4e2f7109fff9b0eedc2ed18b78a257516c26d83717d7e5e2d86d1b3eaaad92872f713d94c2ad76ece3a18b64803686a35eb487f0ed0e4c3efb267dcd698ea4672203627c415a5427e411e32686ba6c5d35ed2f333630a62d721627554fbba63738d322625b2208c3042f2d2fc3229077b88292965676957ae6d88b711ebf6db27579792b4b2a7f88b402c93203d2410dfaa28b6b90db232d73be2edd8d3c4c958dc8d050992a070c8847e3e15b12effcb9690c0571b4de91581660c5d9e663a4207bbdacb60261a7c3513758d58a4cef1c34bb62002a8ed8bfad19257618f1917fa88a73dcdb9a85101a14758274e65cbd1dd79e0ad4ec03c21d86ee03d98d37d916836dee9907b1bb05d0209a8f867e33da8c5c3e1c78097f792942cdd51a47469bfefe327bc66527ab8456c78a1a7fe1d6edfab7aa924550c6dc332908f5feec95f42ec9237d2f75032e4ff52689bd65ed7c2d3829cd624d9bda04c6633563d02a15e529b1e4190ca93dce17e952a12059b8e8a5e730892fc414f99cd8ae3e45ba488703dc1e1af04c358b3aee9fa3f0fdc76b906471378bfc15f37ffe644c84bd25c7b396e7764093e322c923f7d4e4ab1ecfb7c153c667587fd23b2c774bcaefb1079093c80d0fc24456ec2e1b17d0a11f44d19fbf8706ea1c002afc172318b9ccfa5a7b181217cf3467e76090448123d8eb6285d8cfc2deaaa4ce7fa0391a7e63ad6e6bbec958e2b2660e59a89209f3cc945f7a87c0a48c669842e037b4544bc39c36bcabaf3c87c29bcdd76e880bbb0e06f84054131b18b9529cf184cb2ba9217284326c368da0038ed1df8db20f0eb203273e6f40c37ae03d066234c7ecd6f76c26f90899812f2742a71db4a18ab8513dbd0f94cc7617d7d86baa6072126dfe7b962cc4143abb28a530237c0ce2ddbb3585401b19316e19af09df45c1b7636a18b5e48c65596f229caddc5b9a39b3e06c0869b4599c67e922ee6f5b20b8170d79e1b09457e594884304cb943fde6d86177e360ebed58b33631649d0809159cc5a6f41287399d01c2fd26c0a01c594255dc57d988bc0369cc19423f62e0d6174620569825117a6b005c7be6c59922683e5523cfd06dfb9b88c5c720dc91dc7a07296b1225b11ebd54c229fcf53f91fbdd3b6c5956b4c55bd38b4cf78ee20863edae292c5642d3f8e4bd7735e41d903473c4770463e44148e07586f1756d8926c90ac3ef01a4693ab7abc9cd078a2793325889ef27812aa61f517c1650b3d89b693a98374cc780a7e9f62762a52590058a626287224eb06ee51ae36126892e6fc7459026f801c6fae0ec5839cabbf2380a2328356da012363e90fd3403bc45fa90a1dfc72b0f2ca25f10c31108b7a60ffb3511249c42bfa8e151bb309e9fa16e489e39c40ff0b1b066e41b5edd18e68b56cbee088a47fafc38c2e46b89ebefb6be8e4bcf3e92fa36955f59c08eac92c213c33692ff9b98788fb223f0a3739532e14792a3a0cc9240094ba6799ee6a2d0c7212564829353debf03839b2d81dc60a084eded7bd2a80cd949945140a1209619150bb528832d7d45cbb77bc68c04cb0a5a806399f10f67a9c60f0f1114a9526bc1b23ff9496bd3bee6af45134b4761579e2343e3f0fd5463fcc865960c63b80aed40d969fd5315d1b90f731460b7a82dcd8825f0fc4ee95b0212be8216754ea13b2b853330afc9cb4610a5b7982a68fb79b4b2cd80928661b06c474caf4259d5619b2b8f8d8daa291ab7ca332e978ec95d02536747f54afce4897bffcb7a54c79c9fea5826d14ca004d8777a544f8716b414b45d213923c716889e0e242af576442a906904108d647c540bcc101d69612fcc7b1158e31da8dc6c66ed894bf6a9c4a87e91f880c8726de9ae82b3836776bc33ac9d1f9415dce5c324b787c3323df85e76aa7e3b75261c89f63216b966b770ae30c6a3ef2ddac1b27c14e9f443202e2951d0948c982c71e6eca1ed8fb17bd7d3d7f01806bf95e7e2a485a446249dc4f879f8a94bd1dfb0f457489e6f5067331a971c3cf637d349eef391a5942b6da5d1ec0a31452f5ee2f4882c0b3c3f59652a2d2a9d6a67759514172fdf2b5dc18469dc34f826b1d8dec6bcfb244aab936d99e7f30f3577a0507c5defc43321f02be525a118b5da64df45af052d3a419a58c398eb1e21b238f93da2326c8c59ab3fea82546f5878b3c54b8b5a541ebb97550c56a096a76f9e288d5cc3731f189f735368bed001c56e630c0a068ef89495e389b86e43a8e6ac8eccc7c7683ed93264c4bef3981ccdd8c0504c10a73d81c188c89c08a5b4d1d47fdc18a3c5d8cc29ed03adcc5f1b7fe0feb156f0a91bd68bb3d2c91d62d596e3d2ea84d243bd56d2a13c556a43f6c6c219830f256105e7a98ab1734ba0b5251b740134f86834896672e9421b4aba3c038ac4b58095709f85ed086add1998eff56ef2059dd65da8000ba424769570284d24da2763774083fbe4c74ccd324d8aaea1435cc85edd5499d44702e546250630afc490bda76c61ef7951d521f00111dd779ec7c57a7cdc7dc6ddf7c89ae8edf9489ff53b5dd587d260f1b702e7f6b9281f0d973a9cadf41c32819be32e40d08956f2c18a5a01e976a1c6bbb0b31bfda9f8df0cd680e3bf3134cde1df408f49eb8505471b16f0558e471921df2dbbe3e4605f5f713a9cb3c6eb1931a11932194d298aa828c02e3afbf6681406af7cc45b4c659ee03ca0c59b333264c29d2a4803cd816c3756aa3412064eda75ff59d2ab863d3b96e99342df08015cf18716db41a56b344bb1ceecf915a3b0e50a7894feb607d89e74d891ceaf3ed8ff6ab2c460dc5b93f32c87d97fd4e3953c7d5406102fc85fccaa9bdd47f35dc0f619032c3aa3f88bfb37af4488b36b643edc7ef8501fa3553651d3da06c1655c06671f60f3d100cad302bad541a7f3079433025d820e60ced466ba960c3b3c25b02898cf98efdb08bc85484162b51a74ab19a5e02106b3e285be7bf1145bc668d3658e7fddeea8e53910c17d17f5cdb8ff00f3c843292838b3a86f9c9478c96d9137a56fa82fecbab390f53409d241b9c74889d141db864e1b48d9cdad4f5f27e50774eb2768576b2dd8d035a824eba1a76b84d7d6d09448d5762fdd99d6c4427291cd3193fbd24ee2d46a54cba7a50a01a659ea5b1ebd0ef9237ef8d9fdc36f0f018a5892af0cf782ba4b6445a0795c3bd50095974a612ed6b1825a7abc2a4dd83343171f933feec0d2914568f966a960ab3e1ea03bd8f1f330c016b671f686aef918818214d523eba7f058c70f2c43759f5615cfe5d79da030aabbe0e6cb6a9c045b4f815d36c34615e9b67ad4880a57fdb34770db4ba46699d9e215aab800bbd020d68fe597708af11f6b6b6631e859d5776bf77bb66e60b5ed3f44f5ec9653e8eeed11e21e6396892f42fc8630cb5587f1cd8fb5c72756618512668a6e25e707191327349c11a81d314f6f740a0fda00051de407752deb1098016a7505cae237b4705cdc17af5fc5cbbe25b2f8a36f2e75b191f25b44887f883140e4d9462434c0a614e6c7e6ce285e7aef4211c91f8cc5e6a5f74eec33227fe69777043bfa661d046319b7998481e59560c8969f4d3205ef9d5dced6d75415714d69555831778780c40b7023a3c21cba2b5a21dc91278d17378aed7397c438be0706e82bae2764b7f22a78cac928092a8fc47b08e8f10b6c7f49bc026de1f231aad8947e235b29edea696747db15dd6295810ef7dc39c870f6323bcdc15dcb262cd1c2374f79356b3df74689701a8b2ee637fc80c9554571fb71b1f3ca50203c7d39ace0f4ed5689bc6bbe83ac9fa2e7c881ff193e8de73a19da1722cf240e46ab35ddde756880e20c8cecae3ead8eb0f6372e05cbd5fff8998415cb57ce625f36ee2089db149e1ee17eac0ed57eb39104819ea08fad0502829a34e22ea7f50bc94e69f6d19377ed4efc637cc50458280a8318aca67f3df3d5f7628d0fb35f7f6c240a09311a6399eb70abb0aa42a9e018f27456fe8a61e29f811a694721baf5b7efc931dd1b7f20c644816f2ee2287d5f81632300afbdfc0153584f7b4c8284e6b911543b2b082a00be377dd5ff275a2a1181f52a617aca29c25b5a779c2b94d38c07bdf0f5ba4b84cb552774b2b59335581438d7a68f04501594e6ba1bd56b15b2a2998525a4c6ce3235f708b4079b10064304dda735c765080f241c8681b8918081bae95e647720b04aa113", 0xfbf}], 0x1, 0x0, 0x0, 0x40001}}], 0x1, 0x0)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
ptrace(0x10, 0x1)
sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x98, 0x24, 0xf0b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x12, r5, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x68, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x1, [0x5, 0x4, 0x2, 0x0, 0x8, 0x2, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x80000000}]}}]}, 0x98}, 0x1, 0x0, 0x0, 0xc850}, 0x0)
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, 0x0, 0x0)
getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0xf, 0x0, &(0x7f0000000640))
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0)
sendfile(r7, r7, 0x0, 0x40008)

1m56.879300328s ago: executing program 34 (id=2003):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000140000006c07010033d43cfffe800000000000000000000000000010ff02000000000000000000000000000189"], 0x340a)

1m50.613795613s ago: executing program 1 (id=2029):
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
fcntl$lock(r0, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
recvmmsg(r3, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)

1m35.40706855s ago: executing program 35 (id=2029):
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
fcntl$lock(r0, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
recvmmsg(r3, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)

40.267135899s ago: executing program 7 (id=2201):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000100)='./file0\x00')
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
r1 = socket$netlink(0x10, 0x3, 0xfa504544b0f0a783)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r1, 0x10e, 0xc, &(0x7f0000000040)=0x1f, 0x4)
sendmsg$nl_route(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c0000001a00210f4b03c512fcdbeddf241c001c0400000003e8220000"], 0x1c}}, 0x0)
write$binfmt_script(r0, &(0x7f0000000400)={'#! ', './file0'}, 0xb)
fcntl$lock(r0, 0x25, &(0x7f0000000080)={0x1, 0x0, 0x4, 0x3})
write$binfmt_format(r0, &(0x7f0000000200)='0\x00', 0x2)
pwritev2(r0, &(0x7f0000000980)=[{&(0x7f0000000000)="e9", 0x1}], 0x1, 0x10007, 0x9, 0x10)
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x90, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@xino_off}, {@index_off}]})
chdir(&(0x7f0000000140)='./bus\x00')
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
mkdirat(0xffffffffffffffff, &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
fchdir(0xffffffffffffffff)
sendmmsg$unix(r2, &(0x7f0000000d40)=[{{&(0x7f0000000080)=@abs={0x1, 0x30, 0x30}, 0x6e, 0x0}}], 0x1, 0x0)

39.463908128s ago: executing program 7 (id=2204):
syz_open_dev$MSR(0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008"], 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300), 0x2, 0x0, 0x6}, 0x4c)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xb3, &(0x7f0000000140)=""/179, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
io_submit(0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f00000001c0)={{0x0, 0x0, 0xfffd, 0x8001}, 'syz1\x00'})
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0)
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xb000000}, {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x4, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)

37.886083288s ago: executing program 7 (id=2207):
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, @none, 0x4, 0x2}, 0xe)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$packet(0x11, 0x3, 0x300)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x0, 0x2, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000280)={'vcan0\x00', <r6=>0x0})
ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, &(0x7f0000000000))
bind$can_j1939(r5, &(0x7f0000000100)={0x1d, r6, 0x0, {}, 0xfd}, 0x18)
connect$can_j1939(r5, &(0x7f0000000080)={0x1d, r6, 0x0, {0x0, 0xf0, 0x2}, 0xfe}, 0x18)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$can_j1939(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)='.', 0x1a000}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="5c000000100001040200"/20, @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="08000500e00000010800030002000000140003f768705f76746917000000000000000000f2d55b2601b9e8dfd2e0c68af73d4e08d0bff33744aa98ce6f"], 0x5c}, 0x1, 0x0, 0x0, 0x8c5}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r7, 0x1, 0x2c, &(0x7f0000000100), 0x4)
setsockopt$sock_attach_bpf(r7, 0x1, 0x1b, &(0x7f0000000800), 0x4)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000180)="b6", 0x1}], 0x1)

31.507319872s ago: executing program 7 (id=2225):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
ioctl$GIO_UNIMAP(r1, 0x4b66, &(0x7f0000000100)={0x0, 0x0})

31.126499302s ago: executing program 7 (id=2226):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0)
syz_open_procfs(r0, &(0x7f0000000000)='map_files\x00')
syz_usb_connect(0x0, 0x62, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000fb5d7d086d04c308166b010203010902"], 0x0)
mount$binder(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x810, 0x0)

28.640070182s ago: executing program 7 (id=2232):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000580)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x57, 0x7fc00100}]})
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000740)={<r2=>0x0})
r3 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r1, 0xc0182101, &(0x7f00000000c0)={r2})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f00000003c0)={<r6=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r1, 0x40182103, &(0x7f0000000080)={r6, 0x3, r0, 0x5})
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, &(0x7f0000002140)=ANY=[@ANYRESHEX, @ANYRESDEC=0x0, @ANYRESDEC=0x0])

15.761167817s ago: executing program 8 (id=2244):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$tipc(0x1e, 0x2, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000580)=""/230, 0xe6}], 0x1}, 0x2000000}], 0x1, 0x101, 0x0)
sendmsg$NL80211_CMD_NOTIFY_RADAR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)={0xfffffffffffffe4b, 0x0, 0x8, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0xffffffff, 0xa}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x2000005a}, 0xc000)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x1, 0x1}, 0x10)

14.645297933s ago: executing program 8 (id=2247):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e00000004000000080000000b"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x14, &(0x7f0000000280)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='contention_end\x00', r1, 0xe4}, 0x18)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000003c0)={0x1, 0x0, [{0x40000001, 0x0, 0x7}]})

13.229024382s ago: executing program 8 (id=2251):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=<r2=>0x0)
sched_setaffinity(r2, 0x8, &(0x7f00000000c0)=0x10000)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_setup(0x111, &(0x7f0000000140)={0x0, 0x9066, 0x0, 0x3, 0x180000}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000000))
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900027eb7a2ad14208b58000500010005000000050005000a0000000c00078008000b4000a3de2de702ed5d21d5bd000005050004000006000000000300686173683569702c6d61726b00000000"], 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x8800)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r5 = syz_io_uring_setup(0x110, &(0x7f00000003c0)={0x0, 0xfad6, 0x100, 0x1}, &(0x7f0000000040)=<r6=>0x0, &(0x7f0000002a00)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x3})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
io_uring_enter(r5, 0xdb4, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r5, 0x18, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x4, {0x1c8, 0x200000006d4}, 0xf0}, 0x1)
mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r9 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r9, 0x4008ae93, &(0x7f0000000040)=0x4)

12.975951194s ago: executing program 36 (id=2232):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000580)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x57, 0x7fc00100}]})
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000740)={<r2=>0x0})
r3 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r1, 0xc0182101, &(0x7f00000000c0)={r2})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f00000003c0)={<r6=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r1, 0x40182103, &(0x7f0000000080)={r6, 0x3, r0, 0x5})
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, &(0x7f0000002140)=ANY=[@ANYRESHEX, @ANYRESDEC=0x0, @ANYRESDEC=0x0])

12.921056027s ago: executing program 3 (id=2255):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0)
r2 = syz_open_procfs(r0, &(0x7f0000000000)='map_files\x00')
fchdir(r2)
mount$binder(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x810, 0x0)

12.027067624s ago: executing program 3 (id=2256):
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x40, r0, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_DEVKEY={0x24, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0102}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0xa77}, @NL802154_DEVKEY_ATTR_ID={0xc, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x5}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4004880}, 0x800)

11.302006435s ago: executing program 3 (id=2258):
socket$can_raw(0x1d, 0x3, 0x1)
syz_open_dev$vim2m(&(0x7f0000000040), 0x1002, 0x2)
openat$tun(0xffffffffffffff9c, 0x0, 0x8200, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xb, [{}, {}, {0x3}, {}, {}, {}, {}, {0x0, 0xfffffffe}]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019540)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, 0x0, 0x4040)
r1 = syz_io_uring_setup(0xbd9, &(0x7f0000000640)={0x0, 0xcc96, 0x400, 0x2, 0x40200333}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0)

11.248770224s ago: executing program 6 (id=2259):
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, <r1=>0x0, <r2=>0x0}, 0x2020)
syz_fuse_handle_req(r0, &(0x7f0000004380)="4e5350994ebf71ce3049a58c5d050078bf16b0757a4c27b455e2a547739587dd3380b5df8f40a0696c5bd6cdb672cffe4d870c5c90ca92095b9ebf3e92fe31d8cd74275d857d34a74f7eecc7fac15e2f148d4e9d47bb45b858bbf078999970d180f28d7b2cefd92635d45a563d9229c9fd770efdc0848e52fa5efd9ada5c94a1ba94b4b7c7507f8b0819bb20910f9f50a83a010abbe126dd9f6a7b84eab6b0d5ce78d2ade77a5f7e4e997df1d03ffab4b4c945d803e4457909013127a98769c938c237f37263bc509a42bc56ff2dbf80e847e2c407009eef94f18e1e59069d62298fdbadae007ffbdf403c5049a4530ac0abecceb5608da02754c9a575af52c0b7e41226e2d642a814861c4310c935bcbae413516dde2132652b39c7aa0218a6ce65dabb4494965209ce879ba7e7e59039db5c1d36d6a7f86d72dd59954fd6f46124a2506b245a0db11aa89d2feb312a6596ea2fecaa7b6021f37a255f628da7ff6b6c36b514d3b6be34e505f9dac6acfb888198004699fb350ac93431533554658c4957df36703591438d6488bc03dd8290a75ebb367a481a50e79a46b04d005649cabd79e5c6326c066bc2b6fc5febb87ef66d832ef31a16c2a450a0b990fb549a5d810c928d1a81fa1dc795db2607ac7d46cb5716b68acdeb00987e429fe6a394632c83b43336e7b51d9cfdb50e83d8c6ba1784d9f74c16b476e048e65e7ac0af683b347d7377ac1795422e00e5bd8da9b313af83abb3348861116de7a99959169b7dff9f7d9b7a6d107f2e76670a6214a419bf8298f80eb570fa29264ba57a383c5ec5836ce33104ecaf1aec76e311280a1d2c8bd7abff3a5a242e6a637f7db63038ef5d78aca9c680d72b60da4dbeb0e1e683ddc82898647c589a81b8f92db06711d8a0af05560cd77fa7005283db71e8da21713fccd450822062b994d152aaed2cdcf0dec9c60617e15ba4df628da4e71279bf9d1eee5c7f055c27cddfdd45f9225d5d5529ef7119e2e3c9838e7362971e069be487797e949b24297de19c61340d1cd7a2bfa3880b91a71e934720a59e1e0ea992d2a1633a0852ad8addfcab73a291e35745e694a6471f429b124305886c1f79f67c78de3f3ec998c91e7fc59d26766cd446f6f0de603f2c6892e13cdaa37d9e8e118d098b6986ccd991993ec152193e7d77394b05b99e7d310c506707f1be52249438fba9615f6dad2ec7244fedf36e34ec311b7d6bee64271d6491079e161190ded7e28e2ada4307a9b2986c267b1a30d2f720ff23408011f1d589ce9ee77f981c7833656ccf7df5b3a87ec253ff7c7ef1e67ceeb10c93e3fa683cdadad65850ffbc402b7744e94cdecef9db9d264c755c53d36278df23d4c9685fdefa69f7588a33b8a64b35191ee81abcb9765577d175cb06e31c582807ff7243bfef44961fbc0f8a235242f51ee991ea621803d4dcfed90d26f004b299425bf219f6d185fe6e088ae44601b03defada18794feac93787696a5d419f09f769bc590f43d2df6a131f6895da2de120c2644685e57b1d476c6aba5881e954fb2575356452b118b942cb02b4ea0fcf8f1bbb9a23b6e32c9d0accd3dd861452a3ad77b38fe709e216974932deb5397fd8033ff0e073d93ac0b4be762bca0424d69bd57b22ba914133f87671a29498b268c2911e793215463ca2164e38059456107dcb29beedfd6277e2b41a11d1c6f1361b19875c9384f04f9c53c1856d71f360a8fafe05f7aef750ec0cf2bfcfa971c017ad071b69a18fdaf970b384d4c889cfa5a0397dbe89543a5c6302645d6edf959aa60709ce0225fe6c3266c7ef62157ac8e78fddcd8a1f2ca5b58128218d19276885515775326aeeee0226cc810843eb05144bf8e2fe3340cf60b32cafd96d23cd7d0d3adcbdfec9a2a3d88307c362633b1c5637608ea8476d900b3f836a9734b5ecaf5e82983577128d3f74b903b0e3bf64326c1b564ae42aeeb0c07702b63a9ff74a2af6b45e5185a53f36c17bc29dfbc0ea28ca5cca43a15d751e9887ad3e6a87faacb6a278c4c8a8d21b9a77b9776f33102a6e645e99cc5cbc543ed0674282c2b9f8e5d14c2599aa9ac8f81438c77f2b9368bdac82edcdc5366f39adec9e9a3fbd55b79abc16d2ebff26b7d0c88f18b486e5836333575e3fc7808cb423b44781c57965767862922b4ff32d9bae76296843a46f430211c27ef9db168430026a5691623284dfd459dbdd1f1a6ec9bfad666507e6eacb1e2a7866da2e12e6d596d0bbb150500590013d9288af20596447f97bf1744eb9cfb244d8fca269b1fb71e14de664be4e95d83fff1b8abcfebcf3e78c1c66d28f260fb0c19f9fbcd2abbdd7dd7246e49dc25d954bf25f810a2ff6f9069dfdc62e7170fe3b0964b2ac95024256dfa3e7a426be5bb5f707fd82c2b3afec5d5dcf5bbb8fcb6dbc1b59f6c5330966c70d8b016956903a4278817414ba3652a102d7e7e37ecc79400267fc3bf7601c0731f87d479c33f100735e748874155267f708cea49d549e93cf7a398b20373dc90ad9afd56d9c77cd24e2c4a18f7130b366c7fe5b26bc4d11ca1ed1b98fa0b4d7396f82ae6593f4575d19f4d8fd586c991129e5cbe15c8bacc89c3ee15ca471dea966b5c48ede0d3ba2a7e28c75c04e6a4aa49a61f4e391ffe78eb5e40a5ef349f3aa4d15f2291cc86ec7e47ae301bf0b6083dae44b695820a893d46732553ef15ed1c16d28268d52a7e3a7e7c009d0c0708a356d3310c1ebcbcca4d7acf433e34bfc9fc115498142dcc725e7a16879c75e4c2f01c6c98b39619f3248bf530e6ee593467e38cf4026cfdc4db6296565722d587f3c580750b1453ecc141c0461495551297d88ae034acbd4f5e80ce198e6640c4c1e9501529988109cef006eb2090a6fcd974d7f60290b78f1a8ce3051ac2d69636c3219f0a6ad8c254764396a1684b2fd9805b1853525f2e640e513197283cc4d4073ac033e0539a88f08aabe1423cd40b8a7e073437d812b57a5d39a0531dcbe13f4466e89efc66c2a1e4b39a3e0b3073c9d44e6cf9b85f4df5c4e03628d05bc0f94ec04234c9eca4ed17463f190406834b02888728f625371cda75d15ec19efebd59f00ab659eb94eb88bcb2110862a369ad599610c1530fcc118f5b82205bc5215fe3623ac8ec297d8ff4eee75ace20731c5d505e6605c26203b7f754164c9463f0a6eefe3a2880b8e06e7bc66bb2adcc1a3f9b0325f5ec31d12a25f1f73c2aa6bb3a7680d786a082a63b13cce1822fa6a4b085a871ae3409eecbc1fd8661b5d52bb2b8b72f23e24a225075f272ed2ba0c6c5c693811a0ef8db6da7cfe7c966c647f0187ad223eedb1012a5b7af103e98464ac768c79b21ca45b12a52cf261de0d367442cda71c4b8ee39c94ded1b22ba06c13836cb467ebab4efea07bdf1e3de8da56a0ee6d4f848011253cc21fac10700003513d3167b7a73e0d752b861c49814bc5410ebe53a0264f76068c91ee6ec9e2daa343482b2f0f06e605c5aaf81f2a3cd570efc2094b4bc452f9526f1bbe7b22b694fb8109a5a987fabf6250912d6099e67da9cac79e8b6f2cce4702d1f17cbc5d06c38b8a48155ec758369c185ded839fb58cd736fbb74105fe5baf44e7e3ed06843f23601b60a43b1f88fd29e9b3f58479f9b95392a39d5ba1a31ee4441ca2d1fb57c0a8678a07a724b7a65b2ab16d1da197f435bce3ef003fce27fa2f0a67c9dd6c930a4bcf59e79e57b010000006fe34972958c28b56642d14ea89bf4d7d6f7fcbcf4fda8bd08fc9fe424de4359112b11f81fbdc1505658363697713ff6e1f8ca3c4be34a79993a9091f6017cda6c7489ae5c07062555231427c3eb42a049f42d22a060983b044a7d34ab5d2b5386cca79af72396a48aad6b8dcd7855410fc6106e4a165994f26efff1e7ea0aa8f560333b5dfdb2a0d899b0fda955155f90c75effd3c9535d88508e836feb7807d57b2a57cca42d3d08fe7de60d2a33376f49bdacdd3f814bd0927f417f15ad62a10b302f1cb390aaf82b0bc6af46bbf990b6ada45ef83ce13029d167c65134e7b82b59ddfdc367e61c40defd2732ccebb1d4000f6c742df964e1fb390c255d2b1dfc745c6ab34af8096b5b67aa179e3f341854f7a69f7bf47664c832037ec7a78f8e27209e3f20f833fb6e8c0fc4a40920a5ad2b0618982ff72540009d5db82f0f5bcaed2a27f35d1e50eaa0cf8e48c7a2d43c25d0264db750a7f33b44a4bfaae576cf9ee7594ed204513899566564ed8bbc97ed18b1d8868f926a5c70ac06fbac1eade46792186be7bf8ffa3301239edd093449b7d77192782b5111c14169d2b4a1b3443ad62e4abdf11aac6a5b89a5b20ab0ad0abd949b9d64582c67ffce018e7e46de4091fcc77a65b971fc67c8d9cbf0c341ca764b1056ee5014d9865059616a525a1d46ae2fad159afe86dd1df9b8246411827e19535ca0aa9f83050b06e70aa2737f27e93d584a9cef878a642e9361efaa5d20bd8da901fa2e064656f686d3b3ea31d1d850ae9196b7764548f5c6450a32a717e09b6b7e75d43fbbda76e43a24f186d5578933f408bfa28e0435cde525fb91e71d92d704cc5a9b5e3db7aaec46d2b1f8dcb3f921f69bd7397c96a1e132c39c8f1656cea4365c779abf76199cb5b6aada022edec5c901cdafa2e7f3765af9c8b20cb1a6785085fcb0dc901367b89051bdfdc6b68c5215fd04e2b3c7e1c454a4d21132953b25c50995af0f7159a5a8d0a1621f4808f126a5bd40ddc79fed90f49925ee367a57a05c070fbe39fe2c213e7c1724a907ecfa69efe6e021c06a262471a4377f3c9809e9fee4f375e27c31b6afbb2151da86b7cab63c7b4fa4b77fb30172b9d0d78b1c0535ec0639c4910b5eeecbb5b8b5c8aa74c140e7ad347812e36db3097a7ff85c09ab2c0020202307f50efefcdb497b9c060ca68c4be54a9165b4cebc6b2e2e14e5ffb9213142418faedcdf26fd326b7672399e71cfffe3ed712ced5317c254f9199ee10c24c802d102bd8749513d3145201ca4e01bc7c8bbcf430afa541ec5665f86dfb143be648521bb0f2b029018201444787f644f8c88b79e754e6ea9c797babdaec72a9680abadf3a41684cdd57c2b6e833acc0846be5aa927f1b1b36562d2acb9ecfb758455230d050daec6748ba280a5edc86d48e3f8af0f8f4ffb18ae3cd3c19a82d504a4fd52bb62289ae8026572a497fe268f87ef4b4b5886aa07eeb698b7cbf99683f710afc9ed1f8a488883ce0eb8f7fd055b82a9fe21a409caa231c41ba151008e9658919c611e157d7f3926a5e4248532a6860e615b9c86e9fea212128d96ed58c9b84ef22706071eb69f492e4d8321ed9faf6c6a8928f86172bdc930244583ea15be497d9ce4ae79cb3e6293a8512ffaa9e8e358f3c7c7117001fb92891a40b84f9126cc3def5cde67f463bbac9668b9f56c3e4ee72fceebb47e52fc226bab213d8193516e7064459fd1365350a95c5a1c3ac44a73bbba2a4c17ebe49dd781bff1995cd706b77bb533117594ad63566f4c0730beab85ff4c713b7f10b95480fe99a0f676c51ca11116b21e87887b462aa9770e85509e4e60f198148115f0a3ce6028516a946178d1acacf7767f6be7277891369eff67762aa58f928d48b7231e44d899cea8289003349117a53d61bc27b207fdc91c9db61e677d1e1a1bc6a1b6e8564130b335233db4b5de8d62324e6d0ccb2b08c2ff922324eb8c506711142d4b8d7a21223ef0a3d534fdb0de58be95cd827152f71bdd0a82766b62b4c87536f0b7e7df343c4263187da887de6e65d11d0360e2376c1d71c367ae85edeed8f767d24c644b1a9b455ded1dc3cc224f99936a6ee66931c45e5e3db2427719ab2d5cd9c20d9bb0ec004b69bccb00649f3d8e34a3572c257de114b9f027d76bc7db9007175cc03b9e2061b6b3fe7409e009b5371544e56fe438cbd361e5b11efbf2d79d1c250a1e73ca8c601c4f4d1e3761290950421c48c7daa45965e472f5ef3c4b8597444dc5dc01cd25358055b5000617f3e7291da3413e3f0853b1271366612405c35ff1b785b984d921b518425628a533a29ab65d3c11f44c6daa86f8b6457ebb9419274c481aa6f3fa4547641670aff58b9cc62c0993d49a509f02dee755ee5f1fd2710c995c43a91c4f873afa1bbdff19427cba2641052a8f361ecbc72e8a6cf587e83f8bd3110c95fb080edc77a6d43cd58c447b0e02261e4109500c6458dce70acb17aa8f9dc1d15b94a61354164031b5d563c25d0246fc45e6401cefceb501e1468903e5d677759dbe3f24bd48ce55ff8b8f26529fb3b2d669202a1e8a498984b449b4830a0126b18f0e78182c9ce78fe0c448c0e27845b926cfde28fa85e156fa98fefaeb19ed1247c9643b447b4342c94c114d3c4c35eed4d5b49aa70e6aad45bfb557f15e8fdb2d6e3d10d8338a13fe3f187751985b37a5bb10b750f79e36fc2e2ee9bdecc3ed156e202ed7b45a94809d77edaa398042fc6a825a4848c334c557303d24eb3f8e01be06995ceb283c70272b00da61c3381628f0e372fe2fcc779ff7daf7e4b7f2686c39d3fab674b8867b62b0bf9d5cfd0c1d3b270521f55f147de75142ffd7fc9ac7e5dae7ca2fdf26a9222d060823852409dd040cfd1f66f218c6dbdaaacddab34b123af22f97384d64fac64d84fd638c96378c8f9532a11927d48440bc777ff8b8b9be88f930f3b579a713c0bc449dca3a3bd5f2efa98240ccc594299e44451dc60c6c5c9edd0d7b777912b3dc40c57e0ea5f4425cd7047e686c7304f04ba9f7b5de6ad2bd524f1d29f8802a524441fa286015adf4589431710aa4d76de8a956dc1d39c0a13abb7fc309d24222d036e204ab6bb46ef8a7595d9e4512e0b9d5f8fd719a4e3072e1d806967045789c67a1681f2a9f1f4b19f4f5e1afdafc17db7a6d5196161499e62ab4b0ec27648f3eeb1fb2b78f8ecf9b05cf9509a3b9e2a361238deb1c91bdbc8b1d11bbeb939fd9da811cd439069da0ecc00665d72357aac01f259a0325409b201859cc0569e0eba67a7a9ca7e8b78078d9370bd3e37f0571680ede60cb6bbfe69435d6ab5efd80cf051d119a7004fc0b600844d49218d844de8f521524a47ee50229c7da25e42a8639b5db225e7f23967f5d4f8a297aff04a3cbedc2985b6393a5ba0b26b6c7b4ca22d369b35b410799d1ad02825104d34f73408db1948438597931ed1c1c260e78340517bfa2f734537dbdf5ec303518ff4640efe7f7b1c2f46babdb9247ce8eabad9718a8b9ddb7a18d5e87ced554c9d6de78f85d293349590c6c32483534bc968b24a28eb54b9515589d6dd8eb51a5ad0b4d896ce92250397cbc404323fcdf0ee47ed634e0c58213bc5b35a72b21a098e11b79c061430dc817c1e0c79a5b6ed3b002979933f1b83a17f250b1bd5c4958df4d75531ca03efbda89f6a92fe08c23ad9014ff562a7f3dcde578d6825b9847b5df04dbca4f2aa52d8e0f4cf8183ce121e39b50358a9796acde0372a8ff97769874a80ab997cd889145aad4888c06963c2f5b82f53a748a6729fbc79d35c06d84e05c62e44ff78040e56ebfc6efcf0d8b49337d5a17c4041f0d5a8b616244d585a162b69db073accd9071d12df5b326a43b834bbffc2f2a60deafcbddf1c6438a1769d6fb09fbe1990e89da12164ef237f326edb5be64bb64b143a030de8a99b3c5e543c871cb581e2be090a92134aa587701f864907cadd7c1ce20fcf8f5dc7f7ecd06a6c19d89a92ca0ad4393c208b80bba990c7a3702a9c79bddde75d5db244719ac32191b6ceb041ab541fb47680a97dc0422b8a50d91e32cb08cd341b0b099aca5bd12b69d4f89d10b755b351a6489180b786a3bebac926532a4a2d85b07bce6c090d1aaaff079e36d5394a612f1351b90c13a0fa6bf9d188d548dfe6fa51a9026edb52009c03ed45ac51d05c58a957bcc67e05a588985ba00d79f33ae9cdd5f5721d9fdc72ee6e880708be87e8a60c3c035c146f2091d1b9a4c2cfa56f292fe1ba62290d4e56c05669291bbe917f3cac51802a2cc8e9c90dadfe666c233c5a5bb71ee17deec51ce60c73f57bf9ecb84873afcc44815131810c6c1217bea485ef9aa2785e859b25315ef8aa3a274982786e45d622ae831fb76010d69a181b069e4cc55d4436edb10d1119b0c6000c6d5cff7c72f740a59dc0507e7a952b69403c62673f122c9d1264fac6ce2262e86cd8d6a402672f88530fc2d16f31736dd497a4e853253ac8d5aff8d1376895e9f5519b2490cc2a2412ba0c99cec855f668837310035e92fb646486de1b0acffb91ae7516df3eeef381456b55e65baa58e71461c928687e699d2b21814805591382e95e1b970aaa53259917f070281f2336b7d570249d838b3f1a32753c336864e15f4561badf8fee034a29c52ff3fca7456ae140f83e3b2fd5b57c9aef3f20c664200d235f236ec47dd2fc20b14dc6000812237aea992d987e5460679e8c5b76d931ef6d951e6c7087e3106b6ce2db9de6f228fdf3ffc38710c0e8d5000a195a79d1fa2301038f5b27c40b09c34c025e5099d40c2204ea0eae985263c9101cab88d6857a320c9e497f22348a24861a5fb8d734e08cad09f9933748ff01eab22f17756f58688dc1b486a397563ee9ad0784b8833cdb5f7c6bcf76d9c1105f71c3c6aabefd70dc6cd5c66d31caf916145ac5ed7fa070b4277c0448ab1eb78c943be9aeab0587d321a4bcb7754f070881178f8be668b686124899fac252519f4b60ec42db766a908755040463125c26850177402a977246d36d23afac0a11889d54640bd8f6f670d686cfd33f6fc5d90cf6cbd63d9d0fd201dd4c74dbbab899f3c23c0b7e37ea0b2aff421327200d0da58b5893a4186ae3652cc6e11c2c2a0e52184a3872532acce98c94cebf4f31333663a620f0dba0ffd89c3124380075bd28caa6d449a050b3661b8fbaf4747b77c4928b1378fdc8c7a7b38ade1aeec44bdfacc8271d0b132b2029b0f3582f9919f5c8cd543abc9caf6b82b197cd482c3ef61a64743506342bf50a3c1ff544563bb8b2002911ee1fad698f4ac133ffed5bfe81239c918207a03c7a8bd71a0a502aea78d38e970e3ab2abf754b598acb79cf276792aa08724d0ba24f2a694912ab795b3f45f52dec50d9bfbc99ae27e1d2c2216afec6709d6513a64b29ef58255bbe18478c5d4f15f74ea63a1e15487752eec8fd019f1d4a7aa25277664754bd2d7cd3a7a018b92c56d965a1974885363757286da9e055ef7fac17876f0a64c1026a597733b897a9155ecbf420159ae8e5209aa83a3544fff1fb4566f2d54f95e3bbd30dcca5f24397e4bd47ff01292f0d6fe9dd47a810e0c25382fa69b4987d1afd9b69ef125110ad6b240eaa9c85829a2646f9ab7874bc02bfa8346cc9190943e9d46b44880670b1e2aa3a29e83be5472d7418885a353faade6e8b18f4b588607bbb758588d1e2f11a9dfa1c4d61be50249f1ee32e6ff8c0c7722aaec1bc79654a4772efc578bd6a14c79abcc77a4e09c8b6c6ea35cd3ab31e35268fb55db843176f8042f8ce7be0ddd4ead6dbdad0ef9e7cb2323db5cc48119a72b27306b8ff6366c0bc682a85ab9e2cf2238b6d6eb2e38a97d5577e6334cb2aa6e7c86e489e876f9d7053577a5cb57f52812fab7c4bd7b19a34c228ffb67dcac9281612f778b58c580c140542200fd00cb3ad81d93420df93c5af2493f646d8de797102fa0a65247317882fbf171520f00b2c7638623b823ff11444fdde453570f99f9099b60061a908b83383ba8b82bb78edd074dccf9342afdf8d11a6129ba6ea7030f3629056264f1736c2b926171b6dc7e1fa455a473de656390495f3b6ad2f9f46f35eacb075628ff739ef78f28ba683448068c7f18fb63f28ba7dbbb78999100dde0a94e8b8570817c7114c13e139ceb333782b29a84a5b19497fa785915c7680dd7f972cb59ba22161f60886e5cb3c3e808726cbf96bc4da78914eee565c6d9d18e70d22cf8c0244cf3cf488c3550eaa400bc0f26d64e0f1bc8d0301a841d954073a641f3ef883d81f4d5db8e9df708e64e640b38df7295f7fe573863653086bae5507c880ab7fdb7a6c5ce77027ffa7395233d3ce536d77ae6c2e9c8ffb6fee78a3bcb3b5f888bd595caa3a5586948776b950a89cde4db8247ffff27491c882b430afdd60e7a22324f6635a9aa7139f3e624c6d9ece60f7f8153b2080cf0544fbf8e1c436503766e670b902604ab521e11aa5a65cedd64cfaf898ac5f55c08c87693c323517bcb0d99c28f5e072d4f6540c7ead70138d47c1a67fd72bd6ef5613af33a0af311c3d0a631ca2a2dfbe35d1021eb610e40b9be128683235a788b5a4cacf99babee382458d59e8aa1dd7bba7e09dd30c055a3df8ed721a1778b2c6ed587a403566325cd19962edd7831caa44a6b716517bad502130e7cf6a5ce5288dc84c0170f622ae0b1e1166a9c2c0771d91df9f9dd82ae210469602ce38964746c1c1d04321aae7d464eb801dbea7ec39505457e778208774d72673626c998b002c46a9b4b1e390d9344f0ca62212a1b6d41043a2100b35196bce42d40caa0ea9a486bf8526fd1f0f0d362c2cac463ea7377a20b54b9435442ca529fc00da4fd7e27c4eaf14215a06857b54254c26346956fd7fe215a5ce57ec38cedf50a3c759e563a4fd87494f00e7bd9b44f3b7e99c6ef67187056a21d2fe1ac9d24125b1947eb293189fdc448b591af4d9b8eb091d6bbb5e50fae79d000044e282bb2ab6c63cc9562b151c214e45015354e62be63e1881238b907f7bdb791ff44a4e03fa29dbd26db2f49d0f4729b7cd9ba69a65b0b493466d35d09b3f590c67c31660d95e2ab4af2c9f1df91f04ce5a57dde2d75206b42e3423126774d76593c2f713ae279d7092506b513fd5d18f0f52d3fafd7141dfd4a0de1063754dba865faf8dc0f6be9d90ef21ec86a275533f6ad4b4e360dc775413f29eab8b3daac6279b9abfe163ea2f183e09ed91ef67fbb090875109288a182cfdcc46d90678efe5edceda6518335e678438cac4bb47d376f3f0e12aa55301735d7f42653c073d6a4a37b2e17d332dc1be6b50918c007b14886307cc39250e81efecd63d24067a49994572725a9df1760caac13a28f5255556b27ec245e93969b85cdec7cd1c2d2a433d3f9572b93054a7ce8adff81bc1d30884d5fc4791e251bd907e37af5bec74235c3e2f804e4e0450b715289942b7859ad207bafcfec1b586dc15e7911fe6d20aa3d02fcd47e9956780e300d7c53c17dfa15754deb4c20efebc7270bda0fa6b37fc88c6be4250cac38c1b8186b364482026ab52d65d3a691903fccc39772277011bfaa421adba76bed9731077bec885ce88d40f36bbd2a839c67dc4b862c968491b877d4fd13fc90f8da57a29121e12f78e85af765cd66e72ba513593fe1cdf20019985b065d828707d8e509c6834eab188deea5c9ee97955f4b07d37b6fc7beed73be94887d423a349f35bb8782bc670ceaec870d97f061bda02ae73f6d575f81e0b6326eae6c1b3085cc584686120e12dd9ad8ce44036bec8a189f9", 0x2000, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x90, 0x0, 0x4000000000000, {0x0, 0x200000000, 0x20000000, 0x4, 0x6, 0x0, {0x0, 0x10041, 0x0, 0xc, 0x0, 0x100, 0x10000, 0x2, 0x0, 0x2000, 0xfffffffc, r2, 0x0, 0x7, 0x57}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
open$dir(&(0x7f0000000080)='./file0/file0\x00', 0x109140, 0x1)
write$FUSE_INIT(r0, &(0x7f0000004300)={0x50, 0x0, r1, {0x7, 0x26, 0x6caff549, 0xfffffffff323ca46, 0x0, 0xfffc, 0x1, 0x80, 0x0, 0x0, 0x1, 0x10001}}, 0x50)
read$FUSE(r0, &(0x7f0000002100)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r0, &(0x7f0000000040)={0x10, 0xffffffffffffffda, r3}, 0x10)
umount2(&(0x7f0000000000)='./file0\x00', 0x3)

9.748246782s ago: executing program 6 (id=2261):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)=@newtfilter={0x3c, 0x28, 0xd27, 0x1000004, 0x25dfdbfc, {0x0, 0x0, 0x0, r4, {0xd, 0x9}, {0x4}, {0xfff2, 0xa}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x3, 0x4}}]}, 0x3c}}, 0x4000)

8.778932969s ago: executing program 3 (id=2262):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x5, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x3a8bc000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
set_tid_address(0x0)

7.901299325s ago: executing program 8 (id=2263):
syz_open_dev$MSR(0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008"], 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300), 0x2, 0x0, 0x6}, 0x4c)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xb3, &(0x7f0000000140)=""/179, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
io_submit(0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f00000001c0)={{0x0, 0x0, 0xfffd, 0x8001}, 'syz1\x00'})
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000012c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xb000000}, {{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x4, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)

7.7650871s ago: executing program 6 (id=2264):
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f0000000100)={0x0, 0x0})

6.726235104s ago: executing program 6 (id=2266):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0)
r2 = syz_open_procfs(r0, &(0x7f0000000000)='map_files\x00')
fchdir(r2)
mount$binder(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x810, 0x0)

6.516485864s ago: executing program 8 (id=2267):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x1, 0x48001)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x4040001)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb0100", 0x25}, {&(0x7f0000000040)="aa1d484ea0a00000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfb", 0x26}], 0x2)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029e3b470d649b72ab25399cd956c07dead6a93690", 0x1c}], 0x1}, 0x0)
recvmsg(r4, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x2062)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0)
r5 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$UHID_CREATE(r5, &(0x7f0000002a00)={0x0, {'syz1\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000040)=""/53, 0x35, 0x0, 0x7f, 0xfffffffe, 0x0, 0x803}}, 0x11c)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff00"/20, @ANYBLOB="00f7ffffff1e00ff1300", @ANYRES32], 0x3c}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000000)={0x2, 0x4e24, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000d00)=[@rdma_args={0x48, 0x114, 0x1, {{0x2a, 0x3fffff}, {&(0x7f0000000a00)=""/197, 0xc5}, &(0x7f0000000440)=[{&(0x7f0000000b00)=""/224, 0xe0}, {&(0x7f0000000c00)=""/183, 0xb7}], 0x2, 0x44, 0x4}}, @mask_cswp={0x58, 0x114, 0x9, {{0x8, 0xc}, &(0x7f0000000800)=0x3, &(0x7f0000000cc0)=0x5, 0x7, 0x578d, 0x8, 0x5, 0x58, 0x8001}}], 0xa0, 0x40008080}, 0x20040080)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000800)='contention_end\x00'}, 0x18)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc2c45512, &(0x7f00000003c0)={{0x9, 0x1, 0x4, 0x6, 'syz0\x00', 0x63}, 0x0, [0xfffffd57, 0x2, 0x5, 0x687, 0x74859519, 0x6, 0x2, 0x4, 0x2, 0x2, 0x8000, 0x6, 0x4a13, 0xa, 0x6, 0x8, 0xfffffff8, 0xfffffff8, 0x10, 0x8, 0x7ff, 0x9, 0x10, 0x9, 0x10000, 0xac8, 0x10000, 0x3, 0x400, 0x2, 0x3, 0x5, 0x15, 0x1, 0x10000, 0x2, 0x8, 0x4, 0x8, 0x7, 0xfffffff7, 0x401, 0x1, 0x1, 0x4, 0x1, 0x1, 0xffffff95, 0x1, 0x5354fdb3, 0x6, 0x9, 0xcd, 0xf, 0x4, 0xfff, 0x1, 0x6, 0x800, 0x3, 0x80000000, 0x8, 0x7, 0x7, 0x4, 0x5, 0xc, 0x81, 0x1ff, 0x3, 0x7, 0x101, 0x6, 0x20000, 0x2, 0xfffffffa, 0x66, 0x3, 0x4, 0x800, 0x4, 0x3ff, 0x0, 0x8, 0x2, 0x4, 0x9, 0x0, 0x2, 0x3fb, 0x81, 0x6, 0x8, 0x8d3a, 0x0, 0x800, 0xf38f, 0xd926, 0x2, 0x1, 0x2, 0x3, 0x9, 0x7, 0x3, 0x4, 0x6, 0x10000, 0x8, 0x32284b62, 0x5, 0x8490, 0xdd00, 0xb, 0xfffff801, 0x7bd4, 0x7, 0xffffffff, 0x6, 0x1, 0x10000, 0x2, 0x1, 0x549ac63b, 0x5, 0x4, 0x8001, 0x2]})

6.233004072s ago: executing program 6 (id=2269):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$tipc(0x1e, 0x2, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
recvmmsg(r6, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000580)=""/230, 0xe6}], 0x1}, 0x2000000}], 0x1, 0x101, 0x0)
sendmsg$NL80211_CMD_NOTIFY_RADAR(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)={0xfffffffffffffe4b, 0x0, 0x8, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0xffffffff, 0xa}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x2000005a}, 0xc000)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x1, 0x1}, 0x10)

5.421791256s ago: executing program 3 (id=2270):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0x0, 0x0, 0x1}}}}}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000580)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x4}}}}}}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000003800)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1f, 0x8, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, [@call={0x85, 0x0, 0x0, 0x23}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r3 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r4, 0x40047438, 0x0)
r5 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
syz_usb_control_io(r3, &(0x7f00000005c0)={0x18, &(0x7f0000000280)={0x40, 0x10, 0xb4, {0xb4, 0x2d, "f1a11055b082e94bd03722afba595960071998f94a5d51580ab249c2d1edb2661512c0e3d2f472cb1e4158682091337679c34eb8112c8a14241702b935b1b9c525e8cbe789381dd8e69d0125c553546ea7dbbf1b8da463259a4a5a99b4ca30e4a35f561126d17a65c6c37a5a9d056c644c9ebf2c4d8e25a41ddf0f031bed5fe2bc95085c5602927c4565b12291fd526d11e67e2235e1bd93be5aa4dd295df0ae8615755676547555edb4de8b028495854f3f"}}, &(0x7f0000000340)={0x0, 0x3, 0x91, @string={0x91, 0x3, "d86075b38d06c27c487cab18f5cd318c74ace82ae43c1ce170b0606dbc2ab03e53090fac81e942f6fa8599839cc9acf604ceb5a5e2feda99c86550838d9db4b929177d5016ebc7a098708c3b0723861cd105687bf9dbebda29f44efbf4d94cb947881f15a709e7187ddf7363c46b7370b90645ce7c2ba6bfeba2203f9faafbbaad8311bc9456a0a494d8e2a170a2cb"}}, &(0x7f0000000400)={0x0, 0xf, 0x10b, {0x5, 0xf, 0x10b, 0x6, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x20, 0x0, 0x27}, @wireless={0xb, 0x10, 0x1, 0x2, 0x40, 0x1, 0x0, 0x4, 0x5}, @generic={0xbb, 0x10, 0x0, "1add56bf79e7038b34fb003a5a889cc137d4e2593b328f3a3f8315bc7c5ec6b92c99c7ab3cad417226a698380126b80fa68df649935a18bad2d5c2a82cf1626e852b4b0dade2550146ad45e5b611c52cff7c3f1fe3b23bff32716ee0b15924afde08abd2b9bc8e55aad5be0f6364c7a6c1659648642234ec1a6295de51147f79885512ccf6c21aeb37fca670c606b7eba819239466d67889d998f2040d5f9a3e55759ddb8a07e1143c80b94843a8c7b6fb8e777415c78ef0"}, @ssp_cap={0x18, 0x10, 0xa, 0x20, 0x3, 0x5, 0x1e, 0x71a, [0xffc000, 0xc0, 0xc00f]}, @ss_container_id={0x14, 0x10, 0x4, 0x5, "542fbf92845d0a59e8c0b362413c8bff"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x0, 0x6, 0x6, 0x2}]}}, &(0x7f0000000140)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x8, 0x6, 0xce, "7305ed80", "657256cf"}}, &(0x7f0000000540)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x0, 0xa, 0x6a, 0x4, 0x2, 0x1}}}, &(0x7f0000000a80)={0x44, &(0x7f0000000600)={0x20, 0xf, 0xad, "e03925347e00470fa9423336d743a5e9b30765725d8ffa3d83a99fa769575a99912a917e2344586b6e03151b38c25236b617596543d4d2b9e088355a8134fa07e433c2f13e4ad18ed597b91e7e93e20c0d173a882b2c2e3ede0b40434f1b8b618fbde2edb6f16001013cddb7dfbaf7067c5d02c059aae2da2acd2702abdc6475af07d2fc5645d0ab4047f2309bfe29f1067a2f25ca836229c2e1ace9855f361936edfa59627f50060a0ccb29ac"}, &(0x7f00000006c0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000700)={0x0, 0x8, 0x1, 0xe}, &(0x7f0000000740)={0x20, 0x0, 0x4, {0x1, 0x1}}, &(0x7f0000000780)={0x20, 0x0, 0x4, {0x8, 0x8}}, &(0x7f00000007c0)={0x40, 0x7, 0x2, 0x100}, &(0x7f0000000800)={0x40, 0x9, 0x1, 0x40}, &(0x7f0000000840)={0x40, 0xb, 0x2, "f805"}, &(0x7f0000000880)={0x40, 0xf, 0x2, 0x4}, &(0x7f00000008c0)={0x40, 0x13, 0x6, @local}, &(0x7f0000000900)={0x40, 0x17, 0x6, @link_local}, &(0x7f0000000940)={0x40, 0x19, 0x2, "35a4"}, &(0x7f0000000980)={0x40, 0x1a, 0x2}, &(0x7f00000009c0)={0x40, 0x1c, 0x1, 0x6}, &(0x7f0000000a00)={0x40, 0x1e, 0x1, 0x4}, &(0x7f0000000a40)={0x40, 0x21, 0x1, 0x2}})
ioctl$EVIOCGKEYCODE_V2(r5, 0x80284504, &(0x7f0000000040)=""/165)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x4000c00)

4.9000946s ago: executing program 6 (id=2271):
openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x8200, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xb, [{}, {}, {0x3}, {}, {}, {}, {}, {0x0, 0xfffffffe}]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYRES64], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x0)
read$msr(r0, &(0x7f0000019540)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4040)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000000400000000000000008500000030000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], &(0x7f0000000080)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe160, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
writev(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = getegid()
fchown(r0, 0x0, r4)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
syz_open_dev$usbfs(&(0x7f0000000480), 0xd, 0x141341)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r5=>0x0})
r6 = socket(0x10, 0x80002, 0x0)
connect$inet6(r6, 0x0, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r5, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_aout(r7, &(0x7f0000000340)=ANY=[], 0xff2e)
ioctl$TCXONC(r7, 0x540a, 0x2)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000100))
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x9}}}, 0x24}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)

4.388486482s ago: executing program 3 (id=2272):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x1, 0x48001)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB="180000000000000000000095000000000010009c07b346cb5e13f8772644f4971e732de04fedad572bac3404f614c6921cc6566233111a04388a1dd9abd53082a556d3870cc36484b7afd31929aee457d4af6b6ec2d0aec2be5822d676d4d9c11f086b9ee55435fa635bf655e9a79e6ef3c3e8ad04cf1da9c1a928f766b975a31f0c49d8b56581c9304a570a7c27812e5da8d9143ea1ecc8e0f700befc1d70bf4fa9b153672e1e6924fddc5f747e8013"], &(0x7f0000000140)='syzkaller\x00'}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x4040001)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb0100", 0x25}, {&(0x7f0000000040)="aa1d484ea0a00000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfb", 0x26}], 0x2)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029e3b470d649b72ab25399cd956c07dead6a93690", 0x1c}], 0x1}, 0x0)
recvmsg(r5, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x2062)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0)
r6 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$UHID_CREATE(r6, &(0x7f0000002a00)={0x0, {'syz1\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000040)=""/53, 0x35, 0x0, 0x7f, 0xfffffffe, 0x0, 0x803}}, 0x11c)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00f7ffffff1e00ff130012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000000)={0x2, 0x4e24, @multicast2}, 0x10, &(0x7f00000003c0)=[{0x0}, {&(0x7f0000000180)=""/39, 0x27}, {&(0x7f00000005c0)=""/97, 0x61}, {&(0x7f0000000640)=""/148, 0x94}, {&(0x7f0000000700)=""/246, 0xf6}, {&(0x7f00000001c0)=""/64, 0x40}, {&(0x7f0000000880)=""/242, 0xf2}, {&(0x7f0000000980)=""/84, 0x54}], 0x8, &(0x7f0000000d00)=[@rdma_args={0x48, 0x114, 0x1, {{0x2a, 0x3fffff}, {&(0x7f0000000a00)=""/197, 0xc5}, &(0x7f0000000440)=[{&(0x7f0000000b00)=""/224, 0xe0}, {&(0x7f0000000c00)=""/183, 0xb7}], 0x2, 0x44, 0x4}}, @rdma_dest={0x18, 0x114, 0x2, {0x400, 0x81}}, @mask_cswp={0x58, 0x114, 0x9, {{0x8, 0xc}, &(0x7f0000000800)=0x3, &(0x7f0000000cc0)=0x5, 0x7, 0x578d, 0x8, 0x5, 0x58, 0x8001}}], 0xb8, 0x40008080}, 0x20040080)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000800)='contention_end\x00', r1}, 0x18)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc2c45512, &(0x7f00000003c0)={{0x9, 0x1, 0x4, 0x6, 'syz0\x00', 0x63}, 0x0, [0xfffffd57, 0x2, 0x5, 0x687, 0x74859519, 0x6, 0x2, 0x4, 0x2, 0x2, 0x8000, 0x6, 0x4a13, 0xa, 0x6, 0x8, 0xfffffff8, 0xfffffff8, 0x10, 0x8, 0x7ff, 0x9, 0x10, 0x9, 0x10000, 0xac8, 0x10000, 0x3, 0x400, 0x2, 0x3, 0x5, 0x15, 0x1, 0x10000, 0x2, 0x8, 0x4, 0x8, 0x7, 0xfffffff7, 0x401, 0x1, 0x1, 0x4, 0x1, 0x1, 0xffffff95, 0x1, 0x5354fdb3, 0x6, 0x9, 0xcd, 0xf, 0x4, 0xfff, 0x1, 0x6, 0x800, 0x3, 0x80000000, 0x8, 0x7, 0x7, 0x4, 0x5, 0xc, 0x81, 0x1ff, 0x3, 0x7, 0x101, 0x6, 0x20000, 0x2, 0xfffffffa, 0x66, 0x3, 0x4, 0x800, 0x4, 0x3ff, 0x0, 0x8, 0x2, 0x4, 0x9, 0x0, 0x2, 0x3fb, 0x81, 0x6, 0x8, 0x8d3a, 0x0, 0x800, 0xf38f, 0xd926, 0x2, 0x1, 0x2, 0x3, 0x9, 0x7, 0x3, 0x4, 0x6, 0x10000, 0x8, 0x32284b62, 0x5, 0x8490, 0xdd00, 0xb, 0xfffff801, 0x7bd4, 0x7, 0xffffffff, 0x6, 0x1, 0x10000, 0x2, 0x1, 0x549ac63b, 0x5, 0x4, 0x8001, 0x2]})

4.242647177s ago: executing program 4 (id=2273):
syz_init_net_socket$netrom(0x6, 0x5, 0x300)
r0 = userfaultfd(0x1002)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xb, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x4e20, 0xf, @empty, 0x5}, 0x1c)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0)
syz_emit_ethernet(0x86, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaabbaaaaaaaaaaaa810018000004bc00d3789c2222584e025ac76cc58949d62fdb20693d84327f438ad03e4853d2aad5879c3d465076e6692dc3462f0c6fb55b543566db8db2d09d3fd4a176436b04edadcc2220bbb0f2f1da1f0480c088d2cf26591b8f51aa3c11336cd0b5bcf18843d2932bc1fe1002e09867cd43c03c9774b488"], &(0x7f0000000080)={0x0, 0x1, [0x2e9, 0x567, 0x865, 0x254]})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100), 0x458703, 0x0)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0xe26c, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0x101, 0x80000006}, 0x0, 0x0)

2.850143807s ago: executing program 8 (id=2274):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r3, &(0x7f0000001fc0)=""/184, 0xb8)

2.533231414s ago: executing program 4 (id=2275):
r0 = dup(0xffffffffffffffff)
ioctl$GIO_UNIMAP(r0, 0x4b66, &(0x7f0000000100)={0x0, 0x0})

2.03658036s ago: executing program 4 (id=2276):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x90)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x2, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r0, 0x0, 0x0)

1.721567977s ago: executing program 4 (id=2277):
syz_open_dev$MSR(0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008"], 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300), 0x2, 0x0, 0x6}, 0x4c)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xb3, &(0x7f0000000140)=""/179, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
io_submit(0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f00000001c0)={{0x0, 0x0, 0xfffd, 0x8001}, 'syz1\x00'})
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000012c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xb000000}, {{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x4, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)

399.909811ms ago: executing program 4 (id=2278):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0)
r2 = syz_open_procfs(r0, &(0x7f0000000000)='map_files\x00')
fchdir(r2)
mount$binder(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x810, 0x0)

0s ago: executing program 4 (id=2279):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

.5.1313" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa6d0a8ebe9 code=0x0
[  739.080725][ T9922] Bluetooth: hci3: unexpected event for opcode 0x004e
[  739.151303][T10951] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1320'.
[  742.526944][ T9922] Bluetooth: hci4: unexpected event for opcode 0x004e
[  742.616308][ T8837] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  742.925385][ T8837] usb 6-1: Using ep0 maxpacket: 32
[  742.930264][ T8837] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  742.930295][ T8837] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  742.930330][ T8837] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  742.930351][ T8837] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  743.341660][ T8837] usb 6-1: config 0 descriptor??
[  744.176321][T10994] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  744.176321][T10994]    program syz.5.1328 not setting count and/or reply_len properly
[  746.275462][ T8837] usbhid 6-1:0.0: can't add hid device: -71
[  746.275590][ T8837] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  746.309521][ T8837] usb 6-1: USB disconnect, device number 12
[  746.415486][ T1232] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  746.576581][ T1232] usb 2-1: config 0 has an invalid interface number: 91 but max is 0
[  746.576822][ T1232] usb 2-1: config 0 has no interface number 0
[  746.634553][ T1232] usb 2-1: New USB device found, idVendor=05ac, idProduct=a9d2, bcdDevice=95.16
[  746.636203][ T1232] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  746.636225][ T1232] usb 2-1: Product: syz
[  746.636239][ T1232] usb 2-1: Manufacturer: syz
[  746.636251][ T1232] usb 2-1: SerialNumber: syz
[  747.455490][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  747.455676][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[  747.680576][ T1232] usb 2-1: config 0 descriptor??
[  747.684239][ T1325] aoe: packet could not be sent on ipvlan1.  consider increasing tx_queue_len
[  747.684956][ T1232] usb 2-1: can't set config #0, error -71
[  747.789171][ T1232] usb 2-1: USB disconnect, device number 43
[  748.037886][ T9922] Bluetooth: hci0: unexpected event for opcode 0x004e
[  748.813085][    C0] vkms_vblank_simulate: vblank timer overrun
[  749.110159][   T37] audit: type=1326 audit(1756819997.914:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11021 comm="syz.3.1341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc87437ebe9 code=0x7ffc0000
[  749.110221][   T37] audit: type=1326 audit(1756819997.914:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11021 comm="syz.3.1341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc87437ebe9 code=0x7ffc0000
[  749.110262][   T37] audit: type=1326 audit(1756819997.914:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11021 comm="syz.3.1341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7fc87437ebe9 code=0x7ffc0000
[  749.110303][   T37] audit: type=1326 audit(1756819997.914:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11021 comm="syz.3.1341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc87437ebe9 code=0x7ffc0000
[  749.110343][   T37] audit: type=1326 audit(1756819997.914:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11021 comm="syz.3.1341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc87437ebe9 code=0x7ffc0000
[  749.110383][   T37] audit: type=1326 audit(1756819997.914:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11021 comm="syz.3.1341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fc87437ebe9 code=0x7ffc0000
[  749.110423][   T37] audit: type=1326 audit(1756819997.914:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11021 comm="syz.3.1341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc87437ebe9 code=0x7ffc0000
[  749.110462][   T37] audit: type=1326 audit(1756819997.914:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11021 comm="syz.3.1341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc87437ebe9 code=0x7ffc0000
[  749.110501][   T37] audit: type=1326 audit(1756819997.914:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11021 comm="syz.3.1341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc87437ebe9 code=0x7ffc0000
[  749.110541][   T37] audit: type=1326 audit(1756819997.914:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11021 comm="syz.3.1341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc87437ebe9 code=0x7ffc0000
[  749.192689][    C0] vkms_vblank_simulate: vblank timer overrun
[  749.655539][T11035] netlink: 'syz.1.1343': attribute type 10 has an invalid length.
[  750.267063][    C0] vkms_vblank_simulate: vblank timer overrun
[  750.584850][T11035] team0: Port device wlan1 added
[  750.917252][    C0] vkms_vblank_simulate: vblank timer overrun
[  752.891734][ T9922] Bluetooth: hci0: unexpected event for opcode 0x004e
[  753.025710][ T1232] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  753.802817][ T1232] usb 6-1: config 0 has an invalid interface number: 91 but max is 0
[  753.802844][ T1232] usb 6-1: config 0 has no interface number 0
[  753.810192][ T1232] usb 6-1: New USB device found, idVendor=05ac, idProduct=a9d2, bcdDevice=95.16
[  753.810218][ T1232] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  753.810236][ T1232] usb 6-1: Product: syz
[  753.810248][ T1232] usb 6-1: Manufacturer: syz
[  753.810260][ T1232] usb 6-1: SerialNumber: syz
[  753.817620][ T1232] usb 6-1: config 0 descriptor??
[  754.143787][T11068] IPv6: NLM_F_CREATE should be specified when creating new route
[  755.112996][ T5970] usb 6-1: USB disconnect, device number 13
[  755.212934][    C0] vkms_vblank_simulate: vblank timer overrun
[  755.948832][    C0] vkms_vblank_simulate: vblank timer overrun
[  756.216113][    C0] vkms_vblank_simulate: vblank timer overrun
[  757.561444][    C0] vkms_vblank_simulate: vblank timer overrun
[  757.707095][ T9922] Bluetooth: hci5: unexpected event for opcode 0x004e
[  758.143087][    C0] vkms_vblank_simulate: vblank timer overrun
[  758.596466][    C0] vkms_vblank_simulate: vblank timer overrun
[  759.694257][    C0] vkms_vblank_simulate: vblank timer overrun
[  765.470430][    C1] vkms_vblank_simulate: vblank timer overrun
[  765.608900][ T9922] Bluetooth: hci1: unexpected event for opcode 0x004e
[  766.625683][    C1] vkms_vblank_simulate: vblank timer overrun
[  767.224810][    C1] vkms_vblank_simulate: vblank timer overrun
[  769.347366][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.147544][ T6049] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  775.048371][ T6049] usb 2-1: config 0 has an invalid interface number: 91 but max is 0
[  775.048398][ T6049] usb 2-1: config 0 has no interface number 0
[  775.052647][ T6049] usb 2-1: New USB device found, idVendor=05ac, idProduct=a9d2, bcdDevice=95.16
[  775.052672][ T6049] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  775.052690][ T6049] usb 2-1: Product: syz
[  775.052702][ T6049] usb 2-1: Manufacturer: syz
[  775.052715][ T6049] usb 2-1: SerialNumber: syz
[  775.128284][ T6049] usb 2-1: config 0 descriptor??
[  776.309006][T11207] Smack: duplicate mount options
[  776.512914][    C0] vkms_vblank_simulate: vblank timer overrun
[  776.515141][ T6049] usb 2-1: USB disconnect, device number 44
[  776.752463][   T37] kauditd_printk_skb: 1 callbacks suppressed
[  776.752481][   T37] audit: type=1326 audit(1756820025.634:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11208 comm="syz.3.1391" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc87437ebe9 code=0x0
[  777.482059][    C0] vkms_vblank_simulate: vblank timer overrun
[  777.623410][    C0] vkms_vblank_simulate: vblank timer overrun
[  777.754381][    C0] vkms_vblank_simulate: vblank timer overrun
[  777.881512][    C0] vkms_vblank_simulate: vblank timer overrun
[  778.006928][    C0] vkms_vblank_simulate: vblank timer overrun
[  778.279382][    C0] vkms_vblank_simulate: vblank timer overrun
[  778.298926][ T5846] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  778.327918][ T5846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  778.329344][ T5846] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  778.548352][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  778.802429][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  779.478066][    C0] vkms_vblank_simulate: vblank timer overrun
[  780.587037][    C0] vkms_vblank_simulate: vblank timer overrun
[  781.888191][ T5846] Bluetooth: hci2: command tx timeout
[  783.039546][T11233] delete_channel: no stack
[  783.039696][T11233] delete_channel: no stack
[  783.106123][T11247] Process accounting resumed
[  784.229722][T11222] lo speed is unknown, defaulting to 1000
[  784.270442][ T5846] Bluetooth: hci2: command tx timeout
[  784.358943][T11264] syz_tun: entered allmulticast mode
[  785.162292][T11254] syz_tun: left allmulticast mode
[  786.554178][ T5846] Bluetooth: hci2: command tx timeout
[  786.560105][T11273] comedi comedi3: comedi_config --init_data is deprecated
[  787.249708][T11284] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1408'.
[  787.302299][T11284] Illegal XDP return value 4294967294 on prog  (id 358) dev N/A, expect packet loss!
[  787.563898][T11222] chnl_net:caif_netlink_parms(): no params data found
[  787.625117][   T37] audit: type=1326 audit(1756820036.504:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11288 comm="syz.4.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88c7bbebe9 code=0x7ffc0000
[  787.627729][   T37] audit: type=1326 audit(1756820036.504:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11288 comm="syz.4.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88c7bbebe9 code=0x7ffc0000
[  787.628117][   T37] audit: type=1326 audit(1756820036.514:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11288 comm="syz.4.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f88c7bbebe9 code=0x7ffc0000
[  787.635372][   T37] audit: type=1326 audit(1756820036.514:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11288 comm="syz.4.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88c7bbebe9 code=0x7ffc0000
[  787.635422][   T37] audit: type=1326 audit(1756820036.514:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11288 comm="syz.4.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88c7bbebe9 code=0x7ffc0000
[  787.635459][   T37] audit: type=1326 audit(1756820036.514:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11288 comm="syz.4.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f88c7bbebe9 code=0x7ffc0000
[  787.637096][   T37] audit: type=1326 audit(1756820036.524:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11288 comm="syz.4.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88c7bbebe9 code=0x7ffc0000
[  787.642650][   T37] audit: type=1326 audit(1756820036.524:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11288 comm="syz.4.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=316 compat=0 ip=0x7f88c7bbebe9 code=0x7ffc0000
[  787.825518][   T37] audit: type=1326 audit(1756820036.544:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11288 comm="syz.4.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88c7bbebe9 code=0x7ffc0000
[  787.826033][   T37] audit: type=1326 audit(1756820036.714:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11288 comm="syz.4.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f88c7bbebe9 code=0x7ffc0000
[  788.929413][ T5846] Bluetooth: hci2: command tx timeout
[  790.788075][ T5846] Bluetooth: hci4: unexpected event for opcode 0x004e
[  790.790730][T11314] netlink: 'syz.4.1418': attribute type 1 has an invalid length.
[  791.064723][T11314] 8021q: adding VLAN 0 to HW filter on device bond1
[  791.127604][T11222] bridge0: port 1(bridge_slave_0) entered blocking state
[  791.128913][T11222] bridge0: port 1(bridge_slave_0) entered disabled state
[  791.129162][T11222] bridge_slave_0: entered allmulticast mode
[  791.184856][T11222] bridge_slave_0: entered promiscuous mode
[  791.218756][T11222] bridge0: port 2(bridge_slave_1) entered blocking state
[  791.218901][T11222] bridge0: port 2(bridge_slave_1) entered disabled state
[  791.221413][T11222] bridge_slave_1: entered allmulticast mode
[  791.237994][T11222] bridge_slave_1: entered promiscuous mode
[  793.157034][T11222] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  793.161504][T11222] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  794.569361][ T5846] Bluetooth: hci0: unexpected event for opcode 0x004e
[  794.943747][T11222] team0: Port device team_slave_0 added
[  794.970605][T11222] team0: Port device team_slave_1 added
[  796.073450][ T5846] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  796.073476][ T5846] CPU: 0 UID: 0 PID: 5846 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  796.073499][ T5846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  796.073511][ T5846] Workqueue: hci0 hci_rx_work
[  796.073536][ T5846] Call Trace:
[  796.073544][ T5846]  <TASK>
[  796.073553][ T5846]  dump_stack_lvl+0x189/0x250
[  796.073586][ T5846]  ? __pfx_dump_stack_lvl+0x10/0x10
[  796.073611][ T5846]  ? __pfx__printk+0x10/0x10
[  796.073637][ T5846]  ? kernfs_path_from_node+0x2c/0x280
[  796.073655][ T5846]  ? kernfs_path_from_node+0x243/0x280
[  796.073670][ T5846]  ? kernfs_path_from_node+0x2c/0x280
[  796.073692][ T5846]  sysfs_create_dir_ns+0x259/0x280
[  796.073717][ T5846]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  796.073738][ T5846]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  796.073764][ T5846]  ? rt_spin_unlock+0x65/0x80
[  796.073790][ T5846]  kobject_add_internal+0x5a5/0xb50
[  796.073824][ T5846]  kobject_add+0x155/0x220
[  796.073853][ T5846]  ? __pfx_kobject_add+0x10/0x10
[  796.073885][ T5846]  ? get_device_parent+0x370/0x3a0
[  796.073914][ T5846]  device_add+0x408/0xb50
[  796.073943][ T5846]  hci_conn_add_sysfs+0xd5/0x1e0
[  796.073972][ T5846]  le_conn_complete_evt+0xc3a/0x1220
[  796.074017][ T5846]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  796.074040][ T5846]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  796.074060][ T5846]  ? lockdep_hardirqs_on+0x9c/0x150
[  796.074085][ T5846]  ? skb_pull_data+0xfb/0x200
[  796.074107][ T5846]  hci_le_conn_complete_evt+0x187/0x450
[  796.074138][ T5846]  hci_event_packet+0x78c/0x1200
[  796.074162][ T5846]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  796.074188][ T5846]  ? __pfx_hci_event_packet+0x10/0x10
[  796.074207][ T5846]  ? __pfx_migrate_enable+0x10/0x10
[  796.074237][ T5846]  ? hci_send_to_monitor+0xe2/0x570
[  796.074264][ T5846]  hci_rx_work+0x46a/0xe80
[  796.074301][ T5846]  ? process_scheduled_works+0x9ef/0x17b0
[  796.074327][ T5846]  process_scheduled_works+0xade/0x17b0
[  796.074382][ T5846]  ? __pfx_process_scheduled_works+0x10/0x10
[  796.074425][ T5846]  worker_thread+0x8a0/0xda0
[  796.074450][ T5846]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  796.074483][ T5846]  ? __kthread_parkme+0x7b/0x200
[  796.074517][ T5846]  kthread+0x711/0x8a0
[  796.074546][ T5846]  ? __pfx_worker_thread+0x10/0x10
[  796.074567][ T5846]  ? __pfx_kthread+0x10/0x10
[  796.074599][ T5846]  ? __pfx_kthread+0x10/0x10
[  796.074625][ T5846]  ret_from_fork+0x3f9/0x770
[  796.074650][ T5846]  ? __pfx_ret_from_fork+0x10/0x10
[  796.074680][ T5846]  ? __switch_to_asm+0x39/0x70
[  796.074696][ T5846]  ? __switch_to_asm+0x33/0x70
[  796.074711][ T5846]  ? __pfx_kthread+0x10/0x10
[  796.074737][ T5846]  ret_from_fork_asm+0x1a/0x30
[  796.074773][ T5846]  </TASK>
[  796.076998][ T5846] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  796.077053][ T5846] Bluetooth: hci0: failed to register connection device
[  796.126627][T11359] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1432'.
[  797.727593][ T5850] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  797.729287][T11359] bridge1: entered allmulticast mode
[  797.745601][T11222] batman_adv: batadv0: Adding interface: batadv_slave_0
[  797.745617][T11222] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  797.745642][T11222] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  797.749595][T11222] batman_adv: batadv0: Adding interface: batadv_slave_1
[  797.749609][T11222] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  797.749634][T11222] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  797.945780][ T5850] usb 5-1: config 0 has an invalid interface number: 91 but max is 0
[  797.945807][ T5850] usb 5-1: config 0 has no interface number 0
[  797.965774][ T5850] usb 5-1: New USB device found, idVendor=05ac, idProduct=a9d2, bcdDevice=95.16
[  797.965803][ T5850] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  797.965821][ T5850] usb 5-1: Product: syz
[  797.965833][ T5850] usb 5-1: Manufacturer: syz
[  797.965846][ T5850] usb 5-1: SerialNumber: syz
[  798.190001][ T5850] usb 5-1: config 0 descriptor??
[  799.351928][T11222] hsr_slave_0: entered promiscuous mode
[  799.354494][T11222] hsr_slave_1: entered promiscuous mode
[  799.371996][T11222] debugfs: 'hsr0' already exists in 'hsr'
[  799.372022][T11222] Cannot create hsr debugfs directory
[  800.522050][    C1] vkms_vblank_simulate: vblank timer overrun
[  800.565854][ T5851] usb 5-1: USB disconnect, device number 18
[  800.739834][ T9922] Bluetooth: hci3: unexpected event for opcode 0x004e
[  801.787224][    C1] vkms_vblank_simulate: vblank timer overrun
[  802.180099][    C1] vkms_vblank_simulate: vblank timer overrun
[  802.642208][    C1] vkms_vblank_simulate: vblank timer overrun
[  802.842160][    C1] vkms_vblank_simulate: vblank timer overrun
[  803.140719][    C1] vkms_vblank_simulate: vblank timer overrun
[  803.472758][    C1] vkms_vblank_simulate: vblank timer overrun
[  804.395455][    C1] vkms_vblank_simulate: vblank timer overrun
[  805.129608][    C1] vkms_vblank_simulate: vblank timer overrun
[  805.374202][    C1] vkms_vblank_simulate: vblank timer overrun
[  805.757108][ T9922] Bluetooth: hci3: unexpected event for opcode 0x004e
[  808.016127][ T5851] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  808.860142][ T5851] usb 2-1: config 0 has an invalid interface number: 91 but max is 0
[  808.860169][ T5851] usb 2-1: config 0 has no interface number 0
[  808.863290][ T5851] usb 2-1: New USB device found, idVendor=05ac, idProduct=a9d2, bcdDevice=95.16
[  808.863315][ T5851] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  808.863333][ T5851] usb 2-1: Product: syz
[  808.863345][ T5851] usb 2-1: Manufacturer: syz
[  808.863358][ T5851] usb 2-1: SerialNumber: syz
[  808.888148][ T5851] usb 2-1: config 0 descriptor??
[  809.005056][T11222] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  809.688750][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  809.688830][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[  809.712268][ T1325] aoe: packet could not be sent on ipvlan1.  consider increasing tx_queue_len
[  809.790157][T11222] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  809.922729][T11222] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  809.978406][T11222] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  810.105420][ T5970] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  810.152646][ T5850] usb 2-1: USB disconnect, device number 45
[  810.305730][ T5970] usb 5-1: device descriptor read/64, error -71
[  810.785923][ T5970] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  811.227267][ T5970] usb 5-1: device descriptor read/64, error -71
[  811.533151][T11222] 8021q: adding VLAN 0 to HW filter on device bond0
[  811.571731][ T5970] usb usb5-port1: attempt power cycle
[  811.771153][    C1] vkms_vblank_simulate: vblank timer overrun
[  812.696401][    C1] vkms_vblank_simulate: vblank timer overrun
[  812.921400][    C1] vkms_vblank_simulate: vblank timer overrun
[  813.082461][T11222] 8021q: adding VLAN 0 to HW filter on device team0
[  813.133123][ T1829] bridge0: port 1(bridge_slave_0) entered blocking state
[  813.133859][ T1829] bridge0: port 1(bridge_slave_0) entered forwarding state
[  813.196555][    C1] vkms_vblank_simulate: vblank timer overrun
[  813.333873][   T57] bridge0: port 2(bridge_slave_1) entered blocking state
[  813.334034][   T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[  813.665824][T10458] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  813.825375][T10458] usb 5-1: Using ep0 maxpacket: 16
[  813.828466][T10458] usb 5-1: config 1 has an invalid interface number: 105 but max is 0
[  813.828489][T10458] usb 5-1: config 1 has no interface number 0
[  813.828538][T10458] usb 5-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  813.828561][T10458] usb 5-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  813.829321][T10458] usb 5-1: config 1 interface 105 has no altsetting 0
[  813.835020][T10458] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  813.835045][T10458] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  813.835062][T10458] usb 5-1: Product: syz
[  813.835074][T10458] usb 5-1: Manufacturer: syz
[  813.835087][T10458] usb 5-1: SerialNumber: syz
[  813.894284][T11477] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  813.894576][T11477] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  814.592754][    C1] vkms_vblank_simulate: vblank timer overrun
[  814.744281][T11491] gfs2: gfs2 mount does not exist
[  814.749114][T11491] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  814.750035][T11491] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  814.751456][    C1] vkms_vblank_simulate: vblank timer overrun
[  816.148422][T11222] 8021q: adding VLAN 0 to HW filter on device batadv0
[  816.874837][T10458] aqc111 5-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: -71
[  816.875202][T10458] aqc111 5-1:1.105: probe with driver aqc111 failed with error -71
[  816.907336][T10458] usb 5-1: USB disconnect, device number 22
[  817.671804][    C0] vkms_vblank_simulate: vblank timer overrun
[  818.714132][T11222] veth0_vlan: entered promiscuous mode
[  818.877549][    C0] vkms_vblank_simulate: vblank timer overrun
[  818.929695][T11222] veth1_vlan: entered promiscuous mode
[  820.160443][    C0] vkms_vblank_simulate: vblank timer overrun
[  820.915773][    C0] vkms_vblank_simulate: vblank timer overrun
[  821.293422][T11222] veth0_macvtap: entered promiscuous mode
[  821.359882][T11222] veth1_macvtap: entered promiscuous mode
[  821.453392][T11222] batman_adv: batadv0: Interface activated: batadv_slave_0
[  821.586831][    C0] vkms_vblank_simulate: vblank timer overrun
[  822.638820][T11222] batman_adv: batadv0: Interface activated: batadv_slave_1
[  822.822673][ T6086] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  822.839660][ T6086] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  822.842111][ T6086] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  822.843708][ T6086] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  823.087776][T11554] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1482'.
[  823.586380][ T1027] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  823.586402][ T1027] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  826.129511][ T3658] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  826.129531][ T3658] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  829.336995][T11602] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1495'.
[  831.815865][ T5851] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  831.978654][ T5851] usb 2-1: config 0 has an invalid interface number: 91 but max is 0
[  831.978681][ T5851] usb 2-1: config 0 has no interface number 0
[  832.003163][ T5851] usb 2-1: New USB device found, idVendor=05ac, idProduct=a9d2, bcdDevice=95.16
[  832.003190][ T5851] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  832.003208][ T5851] usb 2-1: Product: syz
[  832.003221][ T5851] usb 2-1: Manufacturer: syz
[  832.003233][ T5851] usb 2-1: SerialNumber: syz
[  832.088268][ T5851] usb 2-1: config 0 descriptor??
[  832.225843][T11621] netlink: 96 bytes leftover after parsing attributes in process `syz.6.1500'.
[  833.404101][ T7874] usb 2-1: USB disconnect, device number 46
[  834.737576][    C0] vkms_vblank_simulate: vblank timer overrun
[  834.818937][    C0] vkms_vblank_simulate: vblank timer overrun
[  834.843484][    C0] vkms_vblank_simulate: vblank timer overrun
[  835.152509][    C0] vkms_vblank_simulate: vblank timer overrun
[  835.183488][    C0] vkms_vblank_simulate: vblank timer overrun
[  835.663857][    C0] vkms_vblank_simulate: vblank timer overrun
[  837.355724][    C0] vkms_vblank_simulate: vblank timer overrun
[  838.152663][    C0] vkms_vblank_simulate: vblank timer overrun
[  838.458469][    C0] vkms_vblank_simulate: vblank timer overrun
[  840.377313][T11685] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1519'.
[  840.880464][T11693] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1520'.
[  841.947123][ T7874] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  842.376928][    C1] vkms_vblank_simulate: vblank timer overrun
[  842.731709][    C1] vkms_vblank_simulate: vblank timer overrun
[  842.899004][    C1] vkms_vblank_simulate: vblank timer overrun
[  843.847917][    C1] vkms_vblank_simulate: vblank timer overrun
[  844.143493][T11707] lo speed is unknown, defaulting to 1000
[  844.165924][ T7874] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  844.760693][T11722] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1528'.
[  845.023214][ T7874] usb 7-1: config 0 has an invalid interface number: 91 but max is 0
[  845.023239][ T7874] usb 7-1: config 0 has no interface number 0
[  845.278959][    C1] vkms_vblank_simulate: vblank timer overrun
[  845.335498][    C1] vkms_vblank_simulate: vblank timer overrun
[  845.514956][ T7874] usb 7-1: New USB device found, idVendor=05ac, idProduct=a9d2, bcdDevice=95.16
[  845.514983][ T7874] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  845.515000][ T7874] usb 7-1: Product: syz
[  845.515012][ T7874] usb 7-1: Manufacturer: syz
[  845.515025][ T7874] usb 7-1: SerialNumber: syz
[  845.527709][ T7874] usb 7-1: config 0 descriptor??
[  845.645977][    C1] vkms_vblank_simulate: vblank timer overrun
[  845.646899][   T44] usb 7-1: USB disconnect, device number 3
[  846.162433][    C1] vkms_vblank_simulate: vblank timer overrun
[  846.219072][    C1] vkms_vblank_simulate: vblank timer overrun
[  846.512525][    C1] vkms_vblank_simulate: vblank timer overrun
[  846.570549][    C1] vkms_vblank_simulate: vblank timer overrun
[  847.000266][    C1] vkms_vblank_simulate: vblank timer overrun
[  847.069771][    C1] vkms_vblank_simulate: vblank timer overrun
[  847.543177][T11737] FAULT_INJECTION: forcing a failure.
[  847.543177][T11737] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  847.543209][T11737] CPU: 1 UID: 0 PID: 11737 Comm: syz.6.1532 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  847.543230][T11737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  847.543241][T11737] Call Trace:
[  847.543248][T11737]  <TASK>
[  847.543256][T11737]  dump_stack_lvl+0x189/0x250
[  847.543285][T11737]  ? __pfx____ratelimit+0x10/0x10
[  847.543307][T11737]  ? __pfx_dump_stack_lvl+0x10/0x10
[  847.543330][T11737]  ? __pfx__printk+0x10/0x10
[  847.543349][T11737]  ? __might_fault+0xb0/0x130
[  847.543384][T11737]  should_fail_ex+0x46c/0x600
[  847.543411][T11737]  _copy_from_user+0x2d/0xb0
[  847.543432][T11737]  __sys_bpf+0x1ed/0x870
[  847.543454][T11737]  ? __pfx___sys_bpf+0x10/0x10
[  847.543487][T11737]  ? ksys_write+0x230/0x260
[  847.543510][T11737]  ? __pfx_ksys_write+0x10/0x10
[  847.543528][T11737]  ? rcu_is_watching+0x15/0xb0
[  847.543559][T11737]  __x64_sys_bpf+0x7c/0x90
[  847.543578][T11737]  do_syscall_64+0xfa/0x3b0
[  847.543600][T11737]  ? lockdep_hardirqs_on+0x9c/0x150
[  847.543620][T11737]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  847.543638][T11737]  ? clear_bhb_loop+0x60/0xb0
[  847.543660][T11737]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  847.543677][T11737] RIP: 0033:0x7f5bae1eebe9
[  847.543699][T11737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  847.543714][T11737] RSP: 002b:00007f5bac44e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  847.543732][T11737] RAX: ffffffffffffffda RBX: 00007f5bae425fa0 RCX: 00007f5bae1eebe9
[  847.543746][T11737] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a
[  847.543757][T11737] RBP: 00007f5bac44e090 R08: 0000000000000000 R09: 0000000000000000
[  847.543768][T11737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  847.543779][T11737] R13: 00007f5bae426038 R14: 00007f5bae425fa0 R15: 00007ffd65f25508
[  847.543809][T11737]  </TASK>
[  848.306928][    C1] vkms_vblank_simulate: vblank timer overrun
[  848.375814][    C1] vkms_vblank_simulate: vblank timer overrun
[  848.534150][T11750] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1534'.
[  849.347281][    C1] vkms_vblank_simulate: vblank timer overrun
[  849.399326][    C1] vkms_vblank_simulate: vblank timer overrun
[  849.605420][    C1] vkms_vblank_simulate: vblank timer overrun
[  849.637942][    C1] vkms_vblank_simulate: vblank timer overrun
[  851.005543][ T7874] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  851.659461][    C0] vkms_vblank_simulate: vblank timer overrun
[  851.893647][    C0] vkms_vblank_simulate: vblank timer overrun
[  852.221116][ T7874] usb 3-1: device not accepting address 31, error -71
[  853.113458][    C0] vkms_vblank_simulate: vblank timer overrun
[  853.117599][T10458] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  854.868334][    C0] vkms_vblank_simulate: vblank timer overrun
[  854.907650][ T5851] usb 5-1: new full-speed USB device number 23 using dummy_hcd
[  855.067765][ T5851] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  855.067821][ T5851] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  855.067847][ T5851] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  855.067868][ T5851] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  855.069523][ T5851] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  855.069548][ T5851] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  855.069566][ T5851] usb 5-1: Manufacturer: syz
[  855.151544][    C0] vkms_vblank_simulate: vblank timer overrun
[  855.153631][T10458] usb 7-1: device descriptor read/64, error -71
[  855.268678][ T5851] usb 5-1: config 0 descriptor??
[  855.389378][    C0] vkms_vblank_simulate: vblank timer overrun
[  855.558287][T10458] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  855.615689][ T5851] rc_core: IR keymap rc-hauppauge not found
[  855.615710][ T5851] Registered IR keymap rc-empty
[  855.626254][ T5851] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  855.649689][ T5851] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  855.674410][ T5851] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  855.685826][T10458] usb 7-1: device descriptor read/64, error -71
[  855.727582][ T5851] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input15
[  855.796578][T10458] usb usb7-port1: attempt power cycle
[  856.575480][ T5851] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  856.595485][ T5851] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  856.615629][ T5851] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  856.635595][ T5851] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  856.666463][ T5851] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  856.695456][ T5851] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  856.715491][ T5851] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  856.745595][ T5851] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  856.779117][ T5851] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  856.797205][ T5851] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  856.862316][ T5851] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  856.862341][ T5851] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  856.915993][ T5851] usb 5-1: USB disconnect, device number 23
[  858.325786][   T44] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  858.532492][   T44] usb 3-1: config 0 has an invalid interface number: 91 but max is 0
[  858.532518][   T44] usb 3-1: config 0 has no interface number 0
[  858.596713][   T44] usb 3-1: New USB device found, idVendor=05ac, idProduct=a9d2, bcdDevice=95.16
[  858.596879][   T44] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  858.596899][   T44] usb 3-1: Product: syz
[  858.596960][   T44] usb 3-1: Manufacturer: syz
[  858.596973][   T44] usb 3-1: SerialNumber: syz
[  860.456981][    C1] vkms_vblank_simulate: vblank timer overrun
[  860.609421][   T44] usb 3-1: config 0 descriptor??
[  860.609997][   T44] usb 3-1: can't set config #0, error -71
[  860.694328][   T44] usb 3-1: USB disconnect, device number 33
[  860.771818][    C1] vkms_vblank_simulate: vblank timer overrun
[  861.212347][    C1] vkms_vblank_simulate: vblank timer overrun
[  861.975767][    C1] vkms_vblank_simulate: vblank timer overrun
[  862.315448][    C1] vkms_vblank_simulate: vblank timer overrun
[  863.186619][ T1232] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  863.837458][ T1232] usb 2-1: config 0 has an invalid interface number: 91 but max is 0
[  863.837484][ T1232] usb 2-1: config 0 has no interface number 0
[  863.840173][ T1232] usb 2-1: New USB device found, idVendor=05ac, idProduct=a9d2, bcdDevice=95.16
[  863.840198][ T1232] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  863.840216][ T1232] usb 2-1: Product: syz
[  863.840227][ T1232] usb 2-1: Manufacturer: syz
[  863.840239][ T1232] usb 2-1: SerialNumber: syz
[  864.035398][ T1232] usb 2-1: config 0 descriptor??
[  864.036054][ T1232] usb 2-1: can't set config #0, error -71
[  864.043363][ T1232] usb 2-1: USB disconnect, device number 47
[  864.516295][T11843] trusted_key: syz.1.1562 sent an empty control message without MSG_MORE.
[  864.534906][    C1] vkms_vblank_simulate: vblank timer overrun
[  872.128564][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  872.128647][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[  872.132514][ T1325] aoe: packet could not be sent on ipvlan1.  consider increasing tx_queue_len
[  872.419735][T11848] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1564'.
[  875.309241][ T8837] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  875.507687][ T8837] usb 7-1: config 0 has an invalid interface number: 91 but max is 0
[  875.507713][ T8837] usb 7-1: config 0 has no interface number 0
[  875.510381][ T8837] usb 7-1: New USB device found, idVendor=05ac, idProduct=a9d2, bcdDevice=95.16
[  875.510406][ T8837] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  875.510424][ T8837] usb 7-1: Product: syz
[  875.510443][ T8837] usb 7-1: Manufacturer: syz
[  875.510454][ T8837] usb 7-1: SerialNumber: syz
[  875.601040][ T8837] usb 7-1: config 0 descriptor??
[  876.931439][ T8837] usb 7-1: USB disconnect, device number 7
[  878.258730][    C1] vkms_vblank_simulate: vblank timer overrun
[  878.558090][T11889] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1574'.
[  879.495776][    C1] vkms_vblank_simulate: vblank timer overrun
[  879.743761][    C1] vkms_vblank_simulate: vblank timer overrun
[  879.963428][    C1] vkms_vblank_simulate: vblank timer overrun
[  880.158025][    C1] vkms_vblank_simulate: vblank timer overrun
[  880.185619][    C1] vkms_vblank_simulate: vblank timer overrun
[  880.577974][T11903] can0: slcan on ttyS3.
[  880.641610][    C1] vkms_vblank_simulate: vblank timer overrun
[  881.487071][    C1] vkms_vblank_simulate: vblank timer overrun
[  881.631785][T11901] can0 (unregistered): slcan off ttyS3.
[  881.702350][    C1] vkms_vblank_simulate: vblank timer overrun
[  883.095845][ T9922] Bluetooth: hci1: unexpected event for opcode 0x004e
[  883.116969][T11926] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1586'.
[  886.467758][    C1] vkms_vblank_simulate: vblank timer overrun
[  886.677373][    C1] vkms_vblank_simulate: vblank timer overrun
[  886.785197][    C1] vkms_vblank_simulate: vblank timer overrun
[  886.854964][    C1] vkms_vblank_simulate: vblank timer overrun
[  887.479226][    C1] vkms_vblank_simulate: vblank timer overrun
[  887.858592][    C1] vkms_vblank_simulate: vblank timer overrun
[  888.591116][    C1] vkms_vblank_simulate: vblank timer overrun
[  888.602659][ T5933] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  888.797475][    C1] vkms_vblank_simulate: vblank timer overrun
[  888.921335][ T5933] usb 3-1: device descriptor read/all, error -71
[  889.347283][    C1] vkms_vblank_simulate: vblank timer overrun
[  889.377888][ T9922] Bluetooth: hci4: unexpected event for opcode 0x004e
[  889.635991][    C1] vkms_vblank_simulate: vblank timer overrun
[  890.227189][    C1] vkms_vblank_simulate: vblank timer overrun
[  890.636440][    C1] vkms_vblank_simulate: vblank timer overrun
[  890.678058][    C1] vkms_vblank_simulate: vblank timer overrun
[  891.732135][    C1] vkms_vblank_simulate: vblank timer overrun
[  891.991767][ T5844] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  892.512177][    C1] vkms_vblank_simulate: vblank timer overrun
[  892.918634][ T5844] usb 7-1: config 0 has an invalid interface number: 91 but max is 0
[  892.918651][ T5844] usb 7-1: config 0 has no interface number 0
[  892.922795][ T5844] usb 7-1: New USB device found, idVendor=05ac, idProduct=a9d2, bcdDevice=95.16
[  892.922821][ T5844] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  892.922836][ T5844] usb 7-1: Product: syz
[  892.922843][ T5844] usb 7-1: Manufacturer: syz
[  892.922850][ T5844] usb 7-1: SerialNumber: syz
[  892.932917][ T5844] usb 7-1: config 0 descriptor??
[  893.184259][ T9922] Bluetooth: hci0: unexpected cc 0x0c7a length: 5 > 1
[  893.184288][ T9922] Bluetooth: hci0: unexpected event for opcode 0x0c7a
[  893.348002][ T5828] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  893.505791][ T5828] usb 3-1: Using ep0 maxpacket: 8
[  893.508114][ T5828] usb 3-1: config 0 interface 0 has no altsetting 0
[  893.508153][ T5828] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  893.508173][ T5828] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  893.527429][ T5828] usb 3-1: config 0 descriptor??
[  893.767277][T12002] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  893.782920][T12002] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  894.040820][ T5828] mcp2221 0003:04D8:00DD.0008: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0
[  894.261857][ T5844] usb 7-1: USB disconnect, device number 8
[  894.714779][ T5828] usb 3-1: USB disconnect, device number 36
[  895.512510][    C1] vkms_vblank_simulate: vblank timer overrun
[  895.982358][    C1] vkms_vblank_simulate: vblank timer overrun
[  896.077410][ T9922] Bluetooth: hci0: unexpected event for opcode 0x004e
[  896.459349][    C1] vkms_vblank_simulate: vblank timer overrun
[  897.741276][    C1] vkms_vblank_simulate: vblank timer overrun
[  897.903546][    C1] vkms_vblank_simulate: vblank timer overrun
[  898.602624][    C1] vkms_vblank_simulate: vblank timer overrun
[  898.674257][    C1] vkms_vblank_simulate: vblank timer overrun
[  899.127884][    C1] vkms_vblank_simulate: vblank timer overrun
[  899.290574][    C1] vkms_vblank_simulate: vblank timer overrun
[  899.293022][ T5828] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  899.438370][ T5828] usb 5-1: config 0 has an invalid interface number: 91 but max is 0
[  899.438395][ T5828] usb 5-1: config 0 has no interface number 0
[  899.445731][ T5828] usb 5-1: New USB device found, idVendor=05ac, idProduct=a9d2, bcdDevice=95.16
[  899.445877][ T5828] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  899.445896][ T5828] usb 5-1: Product: syz
[  899.445909][ T5828] usb 5-1: Manufacturer: syz
[  899.445921][ T5828] usb 5-1: SerialNumber: syz
[  899.471614][ T5828] usb 5-1: config 0 descriptor??
[  901.132403][    C0] vkms_vblank_simulate: vblank timer overrun
[  901.569576][    C0] vkms_vblank_simulate: vblank timer overrun
[  901.658024][ T5828] usb 5-1: USB disconnect, device number 24
[  901.672063][    C0] vkms_vblank_simulate: vblank timer overrun
[  901.849306][    C0] vkms_vblank_simulate: vblank timer overrun
[  902.195208][    C0] vkms_vblank_simulate: vblank timer overrun
[  902.636266][    C0] vkms_vblank_simulate: vblank timer overrun
[  903.456426][    C0] vkms_vblank_simulate: vblank timer overrun
[  903.791267][ T9922] Bluetooth: hci2: command 0x0406 tx timeout
[  903.988662][    C0] vkms_vblank_simulate: vblank timer overrun
[  904.893289][    C0] vkms_vblank_simulate: vblank timer overrun
[  905.487800][T12108] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.1636'.
[  909.460336][    C1] vkms_vblank_simulate: vblank timer overrun
[  909.541857][    C1] vkms_vblank_simulate: vblank timer overrun
[  910.055958][T12158] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1651'.
[  910.348103][T12160] trusted_key: encrypted_key: insufficient parameters specified
[  910.351775][    C1] vkms_vblank_simulate: vblank timer overrun
[  910.616556][    C1] vkms_vblank_simulate: vblank timer overrun
[  910.772882][    C1] vkms_vblank_simulate: vblank timer overrun
[  910.874593][    C1] vkms_vblank_simulate: vblank timer overrun
[  912.177004][    C1] vkms_vblank_simulate: vblank timer overrun
[  912.397302][    C1] vkms_vblank_simulate: vblank timer overrun
[  912.921946][    C1] vkms_vblank_simulate: vblank timer overrun
[  913.775410][    C1] vkms_vblank_simulate: vblank timer overrun
[  913.899111][    C1] vkms_vblank_simulate: vblank timer overrun
[  914.708138][    C1] vkms_vblank_simulate: vblank timer overrun
[  914.873363][    C1] vkms_vblank_simulate: vblank timer overrun
[  915.034004][    C1] vkms_vblank_simulate: vblank timer overrun
[  916.381876][    C1] vkms_vblank_simulate: vblank timer overrun
[  916.578392][T12201] bridge_slave_0: left allmulticast mode
[  916.578421][T12201] bridge_slave_0: left promiscuous mode
[  916.581848][T12201] bridge0: port 1(bridge_slave_0) entered disabled state
[  916.955613][T12201] bridge_slave_1: left allmulticast mode
[  916.955646][T12201] bridge_slave_1: left promiscuous mode
[  916.955967][T12201] bridge0: port 2(bridge_slave_1) entered disabled state
[  917.133106][    C1] vkms_vblank_simulate: vblank timer overrun
[  917.777164][    C1] vkms_vblank_simulate: vblank timer overrun
[  918.161002][    C1] vkms_vblank_simulate: vblank timer overrun
[  918.549674][T12201] bond0: (slave bond_slave_0): Releasing backup interface
[  918.612721][T12227] FAULT_INJECTION: forcing a failure.
[  918.612721][T12227] name failslab, interval 1, probability 0, space 0, times 0
[  918.612743][T12227] CPU: 0 UID: 0 PID: 12227 Comm: syz.4.1671 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  918.612755][T12227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  918.612762][T12227] Call Trace:
[  918.612766][T12227]  <TASK>
[  918.612771][T12227]  dump_stack_lvl+0x189/0x250
[  918.612790][T12227]  ? __pfx____ratelimit+0x10/0x10
[  918.612804][T12227]  ? __pfx_dump_stack_lvl+0x10/0x10
[  918.612816][T12227]  ? __pfx__printk+0x10/0x10
[  918.612829][T12227]  ? __pfx___might_resched+0x10/0x10
[  918.612840][T12227]  ? fs_reclaim_acquire+0x7d/0x100
[  918.612851][T12227]  should_fail_ex+0x46c/0x600
[  918.612866][T12227]  ? sock_alloc_inode+0x28/0xc0
[  918.612876][T12227]  should_failslab+0xa8/0x100
[  918.612891][T12227]  ? sock_alloc_inode+0x28/0xc0
[  918.612899][T12227]  kmem_cache_alloc_lru_noprof+0x73/0x310
[  918.612912][T12227]  ? __lock_acquire+0xab9/0xd20
[  918.612925][T12227]  ? __pfx_sock_alloc_inode+0x10/0x10
[  918.612935][T12227]  sock_alloc_inode+0x28/0xc0
[  918.612944][T12227]  alloc_inode+0x6a/0x1b0
[  918.612958][T12227]  do_accept+0x117/0x680
[  918.612969][T12227]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  918.612982][T12227]  ? __pfx_do_accept+0x10/0x10
[  918.613004][T12227]  __sys_accept4+0x11c/0x1c0
[  918.613017][T12227]  ? __pfx___sys_accept4+0x10/0x10
[  918.613028][T12227]  ? __pfx_ksys_write+0x10/0x10
[  918.613043][T12227]  __x64_sys_accept4+0x9a/0xb0
[  918.613055][T12227]  do_syscall_64+0xfa/0x3b0
[  918.613067][T12227]  ? lockdep_hardirqs_on+0x9c/0x150
[  918.613079][T12227]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  918.613088][T12227]  ? clear_bhb_loop+0x60/0xb0
[  918.613100][T12227]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  918.613109][T12227] RIP: 0033:0x7f88c7bbebe9
[  918.613121][T12227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  918.613129][T12227] RSP: 002b:00007f88c5e26038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[  918.613141][T12227] RAX: ffffffffffffffda RBX: 00007f88c7df5fa0 RCX: 00007f88c7bbebe9
[  918.613148][T12227] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[  918.613154][T12227] RBP: 00007f88c5e26090 R08: 0000000000000000 R09: 0000000000000000
[  918.613160][T12227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  918.613166][T12227] R13: 00007f88c7df6038 R14: 00007f88c7df5fa0 R15: 00007ffe5d938d98
[  918.613181][T12227]  </TASK>
[  918.920561][T12201] bond0: (slave bond_slave_1): Releasing backup interface
[  919.053135][T12201] team0: Port device team_slave_0 removed
[  919.158257][T12201] team0: Port device team_slave_1 removed
[  919.160625][T12201] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  919.160654][T12201] batman_adv: batadv0: Removing interface: batadv_slave_0
[  919.253772][T12201] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  919.258543][T12201] batman_adv: batadv0: Removing interface: batadv_slave_1
[  920.778207][T12201] team0: Port device wlan1 removed
[  924.654563][ T5970] usb 7-1: new full-speed USB device number 9 using dummy_hcd
[  925.737737][ T5970] usb 7-1: config 7 has an invalid interface number: 192 but max is 0
[  925.737763][ T5970] usb 7-1: config 7 has no interface number 0
[  925.737811][ T5970] usb 7-1: config 7 interface 192 has no altsetting 0
[  925.741261][ T5970] usb 7-1: New USB device found, idVendor=09fb, idProduct=ebbe, bcdDevice=d4.8d
[  925.741287][ T5970] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  925.741305][ T5970] usb 7-1: Product: syz
[  925.741317][ T5970] usb 7-1: Manufacturer: syz
[  925.741330][ T5970] usb 7-1: SerialNumber: syz
[  926.176441][ T1232] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  926.205287][T12287] bridge_slave_0: left allmulticast mode
[  926.205320][T12287] bridge_slave_0: left promiscuous mode
[  926.205568][T12287] bridge0: port 1(bridge_slave_0) entered disabled state
[  926.205574][ T5970] usb 7-1: USB disconnect, device number 9
[  926.834191][ T1232] usb 3-1: config 0 has an invalid interface number: 91 but max is 0
[  926.834218][ T1232] usb 3-1: config 0 has no interface number 0
[  926.837225][ T1232] usb 3-1: New USB device found, idVendor=05ac, idProduct=a9d2, bcdDevice=95.16
[  926.837251][ T1232] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  926.837269][ T1232] usb 3-1: Product: syz
[  926.837282][ T1232] usb 3-1: Manufacturer: syz
[  926.837294][ T1232] usb 3-1: SerialNumber: syz
[  927.051949][ T1232] usb 3-1: config 0 descriptor??
[  927.054950][T12287] bridge_slave_1: left allmulticast mode
[  927.054978][T12287] bridge_slave_1: left promiscuous mode
[  927.058833][T12287] bridge0: port 2(bridge_slave_1) entered disabled state
[  927.200531][T12287] bond0: (slave bond_slave_0): Releasing backup interface
[  927.459073][T12287] bond0: (slave bond_slave_1): Releasing backup interface
[  927.872678][T12287] team0: Port device team_slave_0 removed
[  928.864176][T12287] team0: Port device team_slave_1 removed
[  928.865266][T12287] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  928.865293][T12287] batman_adv: batadv0: Removing interface: batadv_slave_0
[  928.919484][T12287] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  928.919516][T12287] batman_adv: batadv0: Removing interface: batadv_slave_1
[  928.949884][ T1232] usb 3-1: USB disconnect, device number 37
[  928.999880][T12287] netdevsim netdevsim4 netdevsim0: left allmulticast mode
[  928.999907][T12287] netdevsim netdevsim4 netdevsim0: left promiscuous mode
[  929.000072][T12287] bridge0: port 3(netdevsim0) entered disabled state
[  932.226767][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  932.251579][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[  932.730174][ T1325] aoe: packet could not be sent on ipvlan1.  consider increasing tx_queue_len
[  933.281358][    C1] vkms_vblank_simulate: vblank timer overrun
[  936.149372][T12346] bridge_slave_0: left allmulticast mode
[  936.149405][T12346] bridge_slave_0: left promiscuous mode
[  936.149663][T12346] bridge0: port 1(bridge_slave_0) entered disabled state
[  937.546781][T12346] bridge_slave_1: left allmulticast mode
[  937.547149][T12346] bridge_slave_1: left promiscuous mode
[  937.562431][T12346] bridge0: port 2(bridge_slave_1) entered disabled state
[  937.708216][ T5970] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  937.872226][ T5970] usb 3-1: config 0 has an invalid interface number: 91 but max is 0
[  937.872279][ T5970] usb 3-1: config 0 has no interface number 0
[  937.874856][T12346] bond0: (slave bond_slave_0): Releasing backup interface
[  937.909568][ T5970] usb 3-1: New USB device found, idVendor=05ac, idProduct=a9d2, bcdDevice=95.16
[  937.909729][ T5970] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  937.909751][ T5970] usb 3-1: Product: syz
[  937.909764][ T5970] usb 3-1: Manufacturer: syz
[  937.909776][ T5970] usb 3-1: SerialNumber: syz
[  937.971117][ T5970] usb 3-1: config 0 descriptor??
[  938.066410][T12346] bond0: (slave bond_slave_1): Releasing backup interface
[  939.389135][    C1] vkms_vblank_simulate: vblank timer overrun
[  939.464375][T12346] team0: Port device team_slave_0 removed
[  939.485307][    C1] vkms_vblank_simulate: vblank timer overrun
[  939.554192][   T44] usb 3-1: USB disconnect, device number 38
[  939.681838][    C1] vkms_vblank_simulate: vblank timer overrun
[  939.866108][T12346] team0: Port device team_slave_1 removed
[  939.870981][T12346] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  939.871015][T12346] batman_adv: batadv0: Removing interface: batadv_slave_0
[  940.736525][    C1] vkms_vblank_simulate: vblank timer overrun
[  940.795483][T12346] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  940.795524][T12346] batman_adv: batadv0: Removing interface: batadv_slave_1
[  941.163930][T12385] netlink: 'syz.4.1717': attribute type 1 has an invalid length.
[  941.163953][T12385] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  941.677144][    C1] vkms_vblank_simulate: vblank timer overrun
[  941.940574][    C1] vkms_vblank_simulate: vblank timer overrun
[  942.538255][    C1] vkms_vblank_simulate: vblank timer overrun
[  942.984002][    C1] vkms_vblank_simulate: vblank timer overrun
[  943.148565][    C1] vkms_vblank_simulate: vblank timer overrun
[  943.281060][    C1] vkms_vblank_simulate: vblank timer overrun
[  943.428944][    C1] vkms_vblank_simulate: vblank timer overrun
[  944.045645][    C1] vkms_vblank_simulate: vblank timer overrun
[  944.219920][    C1] vkms_vblank_simulate: vblank timer overrun
[  950.296924][T12452] netlink: 'syz.6.1737': attribute type 10 has an invalid length.
[  951.383229][T12452] team0: Port device wlan1 added
[  954.293190][T12478] FAULT_INJECTION: forcing a failure.
[  954.293190][T12478] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  954.293212][T12478] CPU: 0 UID: 0 PID: 12478 Comm: syz.6.1745 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  954.293224][T12478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  954.293230][T12478] Call Trace:
[  954.293234][T12478]  <TASK>
[  954.293239][T12478]  dump_stack_lvl+0x189/0x250
[  954.293258][T12478]  ? __pfx____ratelimit+0x10/0x10
[  954.293271][T12478]  ? __pfx_dump_stack_lvl+0x10/0x10
[  954.293284][T12478]  ? __pfx__printk+0x10/0x10
[  954.293295][T12478]  ? __might_fault+0xb0/0x130
[  954.293314][T12478]  should_fail_ex+0x46c/0x600
[  954.293330][T12478]  _copy_from_user+0x2d/0xb0
[  954.293342][T12478]  ___sys_recvmsg+0x12e/0x510
[  954.293359][T12478]  ? __pfx____sys_recvmsg+0x10/0x10
[  954.293388][T12478]  ? __might_fault+0xb0/0x130
[  954.293403][T12478]  do_recvmmsg+0x30d/0x770
[  954.293421][T12478]  ? __pfx_do_recvmmsg+0x10/0x10
[  954.293432][T12478]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  954.293445][T12478]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  954.293463][T12478]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  954.293481][T12478]  __x64_sys_recvmmsg+0x190/0x240
[  954.293495][T12478]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  954.293507][T12478]  ? rcu_is_watching+0x15/0xb0
[  954.293524][T12478]  ? do_syscall_64+0xbe/0x3b0
[  954.293538][T12478]  do_syscall_64+0xfa/0x3b0
[  954.293549][T12478]  ? lockdep_hardirqs_on+0x9c/0x150
[  954.293560][T12478]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  954.293570][T12478]  ? clear_bhb_loop+0x60/0xb0
[  954.293581][T12478]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  954.293589][T12478] RIP: 0033:0x7f5bae1eebe9
[  954.293599][T12478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  954.293607][T12478] RSP: 002b:00007f5bac42d038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  954.293618][T12478] RAX: ffffffffffffffda RBX: 00007f5bae426090 RCX: 00007f5bae1eebe9
[  954.293625][T12478] RDX: 0000000000000f02 RSI: 00002000000004c0 RDI: 0000000000000006
[  954.293631][T12478] RBP: 00007f5bac42d090 R08: 0000000000000000 R09: 0000000000000000
[  954.293637][T12478] R10: 00000000000000f0 R11: 0000000000000246 R12: 0000000000000001
[  954.293643][T12478] R13: 00007f5bae426128 R14: 00007f5bae426090 R15: 00007ffd65f25508
[  954.293658][T12478]  </TASK>
[  954.418222][   T44] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  955.020642][   T44] usb 3-1: config 0 has an invalid interface number: 91 but max is 0
[  955.020668][   T44] usb 3-1: config 0 has no interface number 0
[  955.027447][   T44] usb 3-1: New USB device found, idVendor=05ac, idProduct=a9d2, bcdDevice=95.16
[  955.027474][   T44] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  955.027491][   T44] usb 3-1: Product: syz
[  955.027503][   T44] usb 3-1: Manufacturer: syz
[  955.027516][   T44] usb 3-1: SerialNumber: syz
[  955.092860][   T44] usb 3-1: config 0 descriptor??
[  955.576783][T12487] tmpfs: Unexpected value for 'usrquota'
[  956.297845][T12505] netlink: 'syz.3.1756': attribute type 10 has an invalid length.
[  956.375126][ T7874] usb 3-1: USB disconnect, device number 39
[  956.476848][    C0] vkms_vblank_simulate: vblank timer overrun
[  956.867162][    C0] vkms_vblank_simulate: vblank timer overrun
[  957.208985][    C0] vkms_vblank_simulate: vblank timer overrun
[  958.164496][    C0] vkms_vblank_simulate: vblank timer overrun
[  958.434023][T12505] mac80211_hwsim hwsim7 wlan1: entered promiscuous mode
[  958.435228][T12505] team0: Port device wlan1 added
[  958.995546][    C0] vkms_vblank_simulate: vblank timer overrun
[  959.940330][    C0] vkms_vblank_simulate: vblank timer overrun
[  960.250308][    C0] vkms_vblank_simulate: vblank timer overrun
[  960.782030][T12541] bridge_slave_0: left allmulticast mode
[  960.782064][T12541] bridge_slave_0: left promiscuous mode
[  960.782322][T12541] bridge0: port 1(bridge_slave_0) entered disabled state
[  961.017732][    C0] vkms_vblank_simulate: vblank timer overrun
[  961.807164][T12541] bridge_slave_1: left allmulticast mode
[  961.807196][T12541] bridge_slave_1: left promiscuous mode
[  961.807449][T12541] bridge0: port 2(bridge_slave_1) entered disabled state
[  963.107158][T12541] bond0: (slave bond_slave_0): Releasing backup interface
[  963.247994][T12541] bond0: (slave bond_slave_1): Releasing backup interface
[  963.419829][T12541] team0: Port device team_slave_0 removed
[  963.514707][T12541] team0: Port device team_slave_1 removed
[  963.517115][T12541] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  963.517145][T12541] batman_adv: batadv0: Removing interface: batadv_slave_0
[  963.578423][T12541] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  963.578457][T12541] batman_adv: batadv0: Removing interface: batadv_slave_1
[  963.786557][T12541] bond1: (slave ip6gretap1): Releasing backup interface
[  964.521113][T12541] bond3: (slave bond4): Releasing backup interface
[  964.569549][T12541] bond4: left promiscuous mode
[  966.585644][    C0] vkms_vblank_simulate: vblank timer overrun
[  966.869821][    C0] vkms_vblank_simulate: vblank timer overrun
[  967.077967][    C0] vkms_vblank_simulate: vblank timer overrun
[  968.022920][    C0] vkms_vblank_simulate: vblank timer overrun
[  969.263034][    C0] vkms_vblank_simulate: vblank timer overrun
[  969.418348][    C0] vkms_vblank_simulate: vblank timer overrun
[  969.464598][    C0] vkms_vblank_simulate: vblank timer overrun
[  969.508501][    C0] vkms_vblank_simulate: vblank timer overrun
[  969.526427][ T9922] Bluetooth: hci3: unexpected event for opcode 0x2060
[  969.969250][    C0] vkms_vblank_simulate: vblank timer overrun
[  971.484738][    C0] vkms_vblank_simulate: vblank timer overrun
[  971.531589][    C0] vkms_vblank_simulate: vblank timer overrun
[  973.086239][T12649] syz.3.1795: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  973.086850][T12649] CPU: 0 UID: 0 PID: 12649 Comm: syz.3.1795 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  973.086873][T12649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  973.086884][T12649] Call Trace:
[  973.086891][T12649]  <TASK>
[  973.086900][T12649]  dump_stack_lvl+0x189/0x250
[  973.086934][T12649]  ? __pfx_dump_stack_lvl+0x10/0x10
[  973.086960][T12649]  ? __pfx__printk+0x10/0x10
[  973.086980][T12649]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  973.087000][T12649]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  973.087021][T12649]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  973.087045][T12649]  warn_alloc+0x22e/0x3b0
[  973.087071][T12649]  ? ___free_pages+0xb2/0x200
[  973.087095][T12649]  ? __pfx_warn_alloc+0x10/0x10
[  973.087126][T12649]  ? __kasan_kmalloc+0x93/0xb0
[  973.087146][T12649]  ? __kmalloc_cache_noprof+0x1a8/0x320
[  973.087168][T12649]  ? xskq_create+0x56/0x170
[  973.087188][T12649]  ? xsk_init_queue+0xb0/0x110
[  973.087206][T12649]  ? xsk_setsockopt+0x57b/0x8d0
[  973.087228][T12649]  ? do_sock_setsockopt+0x17c/0x1b0
[  973.087251][T12649]  ? __x64_sys_setsockopt+0x145/0x1b0
[  973.087274][T12649]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  973.087296][T12649]  __vmalloc_node_range_noprof+0x125/0x12f0
[  973.087351][T12649]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  973.087381][T12649]  ? __kasan_kmalloc+0x93/0xb0
[  973.087403][T12649]  vmalloc_user_noprof+0xad/0xf0
[  973.087424][T12649]  ? xskq_create+0xbf/0x170
[  973.087443][T12649]  xskq_create+0xbf/0x170
[  973.087464][T12649]  xsk_init_queue+0xb0/0x110
[  973.087485][T12649]  xsk_setsockopt+0x57b/0x8d0
[  973.087506][T12649]  ? __pfx_xsk_setsockopt+0x10/0x10
[  973.087539][T12649]  ? __fget_files+0x2a/0x420
[  973.087566][T12649]  ? __fget_files+0x2a/0x420
[  973.087587][T12649]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  973.087604][T12649]  ? __pfx_xsk_setsockopt+0x10/0x10
[  973.087625][T12649]  do_sock_setsockopt+0x17c/0x1b0
[  973.087652][T12649]  __x64_sys_setsockopt+0x145/0x1b0
[  973.087680][T12649]  do_syscall_64+0xfa/0x3b0
[  973.087704][T12649]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  973.087720][T12649]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  973.087737][T12649]  ? clear_bhb_loop+0x60/0xb0
[  973.087758][T12649]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  973.087774][T12649] RIP: 0033:0x7fc87437ebe9
[  973.087792][T12649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  973.087807][T12649] RSP: 002b:00007fc8725c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  973.087825][T12649] RAX: ffffffffffffffda RBX: 00007fc8745b6090 RCX: 00007fc87437ebe9
[  973.087839][T12649] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000006
[  973.087850][T12649] RBP: 00007fc874401e19 R08: 0000000000000004 R09: 0000000000000000
[  973.087861][T12649] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000
[  973.087870][T12649] R13: 00007fc8745b6128 R14: 00007fc8745b6090 R15: 00007fff02881688
[  973.087899][T12649]  </TASK>
[  973.110518][T12649] Mem-Info:
[  973.110545][T12649] active_anon:4080 inactive_anon:25665 isolated_anon:0
[  973.110545][T12649]  active_file:16541 inactive_file:40445 isolated_file:0
[  973.110545][T12649]  unevictable:1789 dirty:140 writeback:0
[  973.110545][T12649]  slab_reclaimable:12383 slab_unreclaimable:110428
[  973.110545][T12649]  mapped:34270 shmem:25186 pagetables:1404
[  973.110545][T12649]  sec_pagetables:0 bounce:0
[  973.110545][T12649]  kernel_misc_reclaimable:0
[  973.110545][T12649]  free:1283475 free_pcp:3613 free_cma:0
[  973.110607][T12649] Node 0 active_anon:16320kB inactive_anon:102660kB active_file:65744kB inactive_file:161780kB unevictable:5620kB isolated(anon):0kB isolated(file):0kB mapped:136896kB dirty:560kB writeback:0kB shmem:99208kB kernel_stack:14116kB pagetables:5436kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  973.110653][T12649] Node 1 active_anon:0kB inactive_anon:0kB active_file:420kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:184kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:64kB pagetables:180kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  973.110697][T12649] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  973.110755][T12649] lowmem_reserve[]: 0 2512 2513 2513 2513
[  973.110788][T12649] Node 0 DMA32 free:1221060kB boost:0kB min:3940kB low:6484kB high:9028kB reserved_highatomic:0KB free_highatomic:0KB active_anon:16416kB inactive_anon:102516kB active_file:64732kB inactive_file:161708kB unevictable:5620kB writepending:560kB present:3129332kB managed:2572324kB mlocked:4084kB bounce:0kB free_pcp:14452kB local_pcp:7152kB free_cma:0kB
[  973.110853][T12649] lowmem_reserve[]: 0 0 1 1 1
[  973.110885][T12649] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1012kB inactive_file:72kB unevictable:0kB writepending:0kB present:1048580kB managed:1132kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  973.110938][T12649] lowmem_reserve[]: 0 0 0 0 0
[  973.110969][T12649] Node 1 Normal free:3897480kB boost:0kB min:6364kB low:10472kB high:14580kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:420kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  973.111022][T12649] lowmem_reserve[]: 0 0 0 0 0
[  973.111052][T12649] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  973.114173][T12649] Node 0 DMA32: 116*4kB (UE) 30*8kB (UME) 20*16kB (UME) 196*32kB (UME) 166*64kB (UME) 66*128kB (UME) 127*256kB (UME) 86*512kB (UME) 50*1024kB (UME) 17*2048kB (UM) 252*4096kB (ME) = 1221120kB
[  973.114324][T12649] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  973.114417][T12649] Node 1 Normal: 166*4kB (UM) 52*8kB (UME) 35*16kB (UME) 205*32kB (UME) 96*64kB (UME) 29*128kB (UME) 10*256kB (UM) 8*512kB (UME) 4*1024kB (UM) 3*2048kB (UME) 943*4096kB (M) = 3897480kB
[  973.114576][T12649] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  973.114593][T12649] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  973.114609][T12649] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  973.114626][T12649] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  973.114641][T12649] 82165 total pagecache pages
[  973.114653][T12649] 0 pages in swap cache
[  973.114660][T12649] Free swap  = 124996kB
[  973.114667][T12649] Total swap = 124996kB
[  973.114675][T12649] 2097051 pages RAM
[  973.114682][T12649] 0 pages HighMem/MovableOnly
[  973.114688][T12649] 422072 pages reserved
[  973.114695][T12649] 0 pages cma reserved
[  974.504806][T12654] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1796'.
[  974.506057][T12654] fuse: Bad value for 'fd'
[  976.965281][T12677] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1803'.
[  978.118842][T12671] team0: Port device wlan1 removed
[  979.916700][T12723] netlink: 'syz.3.1815': attribute type 10 has an invalid length.
[  980.086012][T12726] netlink: 'syz.2.1813': attribute type 10 has an invalid length.
[  981.404870][T12737] netlink: 'syz.4.1816': attribute type 10 has an invalid length.
[  982.252477][T12726] team0: Port device wlan1 added
[  982.624123][T12737] team0: Port device wlan1 added
[  982.851665][T12731] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1817'.
[  984.504021][T12749] team0: Port device wlan1 removed
[  986.160138][T12792] netlink: 'syz.1.1832': attribute type 1 has an invalid length.
[  986.160158][T12792] netlink: 'syz.1.1832': attribute type 6 has an invalid length.
[  986.160171][T12792] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1832'.
[  988.302428][T12816] netlink: 'syz.6.1836': attribute type 10 has an invalid length.
[  988.358697][T12816] team0: Port device wlan1 added
[  993.336572][T12857] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1849'.
[  993.792496][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  993.796700][ T1325] aoe: packet could not be sent on ipvlan1.  consider increasing tx_queue_len
[  994.318995][T12862] netlink: 'syz.1.1846': attribute type 10 has an invalid length.
[  994.321458][T12862] team0: Port device wlan1 added
[  996.535676][T12876] input: syz0 as /devices/virtual/input/input16
[ 1003.530381][T12917] netlink: 5128 bytes leftover after parsing attributes in process `syz.4.1863'.
[ 1003.544124][T12917] netlink: 5128 bytes leftover after parsing attributes in process `syz.4.1863'.
[ 1003.544172][T12917] netlink: 640 bytes leftover after parsing attributes in process `syz.4.1863'.
[ 1004.139604][T12924] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1864'.
[ 1004.178675][T12924] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1864'.
[ 1004.814355][   T37] kauditd_printk_skb: 62 callbacks suppressed
[ 1004.814372][   T37] audit: type=1326 audit(1756820766.186:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12922 comm="syz.3.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc87437ebe9 code=0x7fc00000
[ 1005.992329][ T5926] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[ 1006.864825][ T5926] hid-generic 0000:0000:0000.0009: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1009.116121][T12980] macsec0: entered promiscuous mode
[ 1009.116344][T12980] macsec0: entered allmulticast mode
[ 1009.116356][T12980] veth1_macvtap: entered allmulticast mode
[ 1009.191611][T12980] nfs: Unknown parameter '	"'
[ 1009.368246][T12964] lo speed is unknown, defaulting to 1000
[ 1011.618576][T13002] FAT-fs (nullb0): bogus number of reserved sectors
[ 1011.618613][T13002] FAT-fs (nullb0): Can't find a valid FAT filesystem
[ 1011.942701][T11862] usb 5-1: new low-speed USB device number 25 using dummy_hcd
[ 1012.096454][T11862] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[ 1012.096470][T11862] usb 5-1: config 0 has no interface number 0
[ 1012.096496][T11862] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 1012.096510][T11862] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[ 1012.096532][T11862] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1012.096544][T11862] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1012.100551][T11862] usb 5-1: config 0 descriptor??
[ 1012.101731][T13002] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1012.163407][ T5926] usb 2-1: new full-speed USB device number 48 using dummy_hcd
[ 1012.226580][T11862] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1012.315230][ T5926] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1012.315247][ T5926] usb 2-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[ 1012.315256][ T5926] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1012.315284][ T5926] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 12336, setting to 64
[ 1012.316853][ T5926] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1012.316868][ T5926] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1012.316878][ T5926] usb 2-1: Product: syz
[ 1012.316885][ T5926] usb 2-1: Manufacturer: syz
[ 1012.407708][ T5850] usb 5-1: USB disconnect, device number 25
[ 1012.463748][ T5926] cdc_wdm 2-1:1.0: skipping garbage
[ 1012.463768][ T5926] cdc_wdm 2-1:1.0: skipping garbage
[ 1012.469157][ T5926] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[ 1012.469186][ T5926] cdc_wdm 2-1:1.0: Unknown control protocol
[ 1012.798338][ T5850] usb 2-1: USB disconnect, device number 48
[ 1012.986411][T13019] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1012.986411][T13019]    program syz.6.1894 not setting count and/or reply_len properly
[ 1014.637514][T13028] netlink: 68 bytes leftover after parsing attributes in process `syz.6.1898'.
[ 1014.830335][T13031] 9pnet_fd: Insufficient options for proto=fd
[ 1014.830904][T13031] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1898'.
[ 1014.960467][T13034] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[ 1014.960528][T13034] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1014.961088][T13034] vhci_hcd vhci_hcd.0: Device attached
[ 1015.308134][T13035] vhci_hcd: connection closed
[ 1015.344347][ T6083] vhci_hcd: stop threads
[ 1015.344366][ T6083] vhci_hcd: release socket
[ 1015.344437][ T6083] vhci_hcd: disconnect device
[ 1015.451543][T13032] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1897'.
[ 1015.466328][T13042] netlink: 'syz.4.1899': attribute type 1 has an invalid length.
[ 1015.466350][T13042] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1899'.
[ 1015.592530][T13045] netlink: 18 bytes leftover after parsing attributes in process `syz.4.1899'.
[ 1015.909812][T13042] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1016.545136][   T44] IPVS: starting estimator thread 0...
[ 1016.653906][T13052] IPVS: using max 7 ests per chain, 16800 per kthread
[ 1019.867041][T13075] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[ 1020.231116][T13081] ubi31: attaching mtd0
[ 1020.580873][T13081] ubi31: scanning is finished
[ 1020.580893][T13081] ubi31: empty MTD device detected
[ 1020.683994][T13084] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1908'.
[ 1020.685452][T13084] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1908'.
[ 1023.195891][T13094] 9pnet_virtio: no channels available for device syz
[ 1023.576337][T13081] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[ 1025.253643][T13115] lo speed is unknown, defaulting to 1000
[ 1025.259369][T13115] lo speed is unknown, defaulting to 1000
[ 1025.312319][T13115] lo speed is unknown, defaulting to 1000
[ 1025.624853][T13115] infiniband 3yz0: RDMA CMA: cma_listen_on_dev, error -98
[ 1025.762191][T13115] lo speed is unknown, defaulting to 1000
[ 1025.764533][T13115] lo speed is unknown, defaulting to 1000
[ 1025.766119][T13115] lo speed is unknown, defaulting to 1000
[ 1025.767652][T13115] lo speed is unknown, defaulting to 1000
[ 1025.769676][T13115] lo speed is unknown, defaulting to 1000
[ 1025.771248][T13115] lo speed is unknown, defaulting to 1000
[ 1025.772764][T13115] lo speed is unknown, defaulting to 1000
[ 1026.706729][T13127] binder: 13125:13127 ioctl c0709411 200000113e40 returned -22
[ 1026.707636][T13127] binder: 13125:13127 ioctl d000943d 200000113ec0 returned -22
[ 1026.708083][T13127] binder: 13125:13127 ioctl d000943e 0 returned -22
[ 1026.708400][T13127] binder: 13125:13127 ioctl d000943d 200000116ec0 returned -22
[ 1028.805073][T13154] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1929'.
[ 1029.379767][   T37] audit: type=1326 audit(1756820789.876:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13146 comm="syz.1.1929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60e92eebe9 code=0x7ffc0000
[ 1029.379827][   T37] audit: type=1326 audit(1756820789.876:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13146 comm="syz.1.1929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60e92eebe9 code=0x7ffc0000
[ 1029.379877][   T37] audit: type=1326 audit(1756820789.886:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13146 comm="syz.1.1929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=66 compat=0 ip=0x7f60e92eebe9 code=0x7ffc0000
[ 1029.379921][   T37] audit: type=1326 audit(1756820789.896:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13146 comm="syz.1.1929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60e92eebe9 code=0x7ffc0000
[ 1029.379962][   T37] audit: type=1326 audit(1756820789.896:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13146 comm="syz.1.1929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60e92eebe9 code=0x7ffc0000
[ 1029.380001][   T37] audit: type=1326 audit(1756820789.896:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13146 comm="syz.1.1929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f60e92ed550 code=0x7ffc0000
[ 1029.380041][   T37] audit: type=1326 audit(1756820789.906:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13146 comm="syz.1.1929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f60e92f0417 code=0x7ffc0000
[ 1029.380080][   T37] audit: type=1326 audit(1756820789.906:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13146 comm="syz.1.1929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f60e92eebe9 code=0x7ffc0000
[ 1029.380120][   T37] audit: type=1326 audit(1756820789.906:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13146 comm="syz.1.1929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f60e92f0417 code=0x7ffc0000
[ 1029.380159][   T37] audit: type=1326 audit(1756820789.916:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13146 comm="syz.1.1929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f60e92ed84a code=0x7ffc0000
[ 1030.394116][T13162] lo speed is unknown, defaulting to 1000
[ 1030.396716][T13162] lo speed is unknown, defaulting to 1000
[ 1030.424541][T13162] lo speed is unknown, defaulting to 1000
[ 1030.841172][T13162] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[ 1031.221364][T13162] lo speed is unknown, defaulting to 1000
[ 1031.258263][T13162] lo speed is unknown, defaulting to 1000
[ 1031.298153][T13162] lo speed is unknown, defaulting to 1000
[ 1031.330166][T13162] lo speed is unknown, defaulting to 1000
[ 1031.361808][T13162] lo speed is unknown, defaulting to 1000
[ 1031.385754][T13162] lo speed is unknown, defaulting to 1000
[ 1031.456632][T13162] lo speed is unknown, defaulting to 1000
[ 1032.461909][T13172] input: syz1 as /devices/virtual/input/input18
[ 1032.552710][T13171] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1037.867057][T13226] netlink: 'syz.2.1949': attribute type 3 has an invalid length.
[ 1039.458274][T13242] hub 1-0:1.0: USB hub found
[ 1039.463823][T13242] hub 1-0:1.0: 1 port detected
[ 1039.861429][ T9922] Bluetooth: hci2: ACL packet for unknown connection handle 200
[ 1039.950359][T13247] netlink: 'syz.3.1958': attribute type 1 has an invalid length.
[ 1040.283808][ T5933] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[ 1040.334278][ T6086] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1040.564248][ T5933] usb 2-1: Using ep0 maxpacket: 8
[ 1040.671777][T13254] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1960'.
[ 1040.672270][T13254] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1960'.
[ 1041.283168][ T5933] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1041.283221][ T5933] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1041.283242][ T5933] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1041.354755][ T5933] usb 2-1: config 0 descriptor??
[ 1041.471450][T13254] Process accounting resumed
[ 1041.582497][ T5933] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[ 1041.696797][T13259] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1961'.
[ 1041.696822][T13259] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1961'.
[ 1041.928932][T13248] Unsupported ieee802154 address type: 0
[ 1042.005616][ T7874] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[ 1042.191653][ T7874] usb 7-1: Using ep0 maxpacket: 16
[ 1042.386058][ T7874] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1042.489082][ T7874] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1042.489111][ T7874] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1042.489129][ T7874] usb 7-1: Product: syz
[ 1042.489141][ T7874] usb 7-1: Manufacturer: syz
[ 1042.489153][ T7874] usb 7-1: SerialNumber: syz
[ 1042.686720][ T7874] usb 7-1: config 0 descriptor??
[ 1042.691152][ T6086] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1042.839121][ T7874] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1042.839154][ T7874] em28xx 7-1:0.0: DVB interface 0 found: bulk
[ 1043.113200][T13263] loop4: detected capacity change from 0 to 524255232
[ 1043.133052][T11862] usb 2-1: USB disconnect, device number 49
[ 1043.224219][ T7874] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[ 1043.264904][T13265] loop4: detected capacity change from 524255232 to 524287956
[ 1043.340988][ T6086] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1043.377609][ T7874] em28xx 7-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[ 1043.377630][ T7874] em28xx 7-1:0.0: board has no eeprom
[ 1043.610983][ T7874] em28xx 7-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[ 1043.611015][ T7874] em28xx 7-1:0.0: dvb set to bulk mode.
[ 1043.751410][ T7874] usb 7-1: USB disconnect, device number 10
[ 1043.786386][ T7874] em28xx 7-1:0.0: Disconnecting em28xx
[ 1043.788601][T11862] em28xx 7-1:0.0: Binding DVB extension
[ 1043.944815][T11862] em28xx 7-1:0.0: Registering input extension
[ 1044.039119][ T7874] em28xx 7-1:0.0: Closing input extension
[ 1044.430394][T13259] team0: Port device wlan1 removed
[ 1044.695944][ T7874] em28xx 7-1:0.0: Freeing device
[ 1045.108101][ T6086] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1046.219945][ T6086] bridge_slave_1: left allmulticast mode
[ 1046.220215][ T6086] bridge_slave_1: left promiscuous mode
[ 1046.223201][ T6086] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1046.531717][ T6086] bridge_slave_0: left allmulticast mode
[ 1046.531750][ T6086] bridge_slave_0: left promiscuous mode
[ 1046.536483][ T6086] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1046.963873][T11862] usb 3-1: new full-speed USB device number 40 using dummy_hcd
[ 1047.137885][T11862] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1047.137901][T11862] usb 3-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[ 1047.137910][T11862] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1047.137949][T11862] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 12336, setting to 64
[ 1047.139570][T11862] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1047.139585][T11862] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1047.139595][T11862] usb 3-1: Product: syz
[ 1047.139601][T11862] usb 3-1: Manufacturer: syz
[ 1047.224906][T11862] cdc_wdm 3-1:1.0: skipping garbage
[ 1047.224918][T11862] cdc_wdm 3-1:1.0: skipping garbage
[ 1047.249845][T11862] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[ 1047.249864][T11862] cdc_wdm 3-1:1.0: Unknown control protocol
[ 1047.441419][T11862] usb 3-1: USB disconnect, device number 40
[ 1051.184678][ T6086] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1051.248070][ T6086] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1051.289309][ T6086] bond0 (unregistering): Released all slaves
[ 1051.575749][T13307] geneve2: entered promiscuous mode
[ 1051.575777][T13307] geneve2: entered allmulticast mode
[ 1051.583506][T13320] batman_adv: batadv0: Adding interface: dummy0
[ 1051.583517][T13320] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1051.634190][T13320] batman_adv: batadv0: Interface activated: dummy0
[ 1051.849900][T13322] batadv0: mtu less than device minimum
[ 1051.857519][T13322] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1051.862111][T13322] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1051.866781][T13322] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1051.871363][T13322] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1051.875988][T13322] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1051.880596][T13322] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1051.885620][T13322] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1051.890217][T13322] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1051.894824][T13322] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1052.002526][ T6093] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[ 1052.002846][ T6093] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[ 1052.002881][ T6093] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[ 1052.002912][ T6093] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[ 1052.491322][T13349] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1988'.
[ 1053.551761][T13357] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1986'.
[ 1055.161672][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[ 1055.429227][T13357] bridge2: entered promiscuous mode
[ 1058.408492][T13403] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1998'.
[ 1059.433813][T13406] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[ 1060.607729][ T6086] hsr_slave_0: left promiscuous mode
[ 1060.671269][ T6086] hsr_slave_1: left promiscuous mode
[ 1060.672027][ T6086] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1060.675683][ T6086] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1060.720940][ T6086] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1060.720972][ T6086] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1062.059596][ T6086] veth1_macvtap: left promiscuous mode
[ 1062.060172][ T6086] veth0_macvtap: left promiscuous mode
[ 1062.064326][ T6086] veth1_vlan: left promiscuous mode
[ 1062.064937][ T6086] veth0_vlan: left promiscuous mode
[ 1064.461315][   T13] wlan1: Trigger new scan to find an IBSS to join
[ 1068.594089][ T1108] wlan1: Trigger new scan to find an IBSS to join
[ 1069.575804][ T6091] wlan1: Creating new IBSS network, BSSID ae:dc:aa:a2:74:e2
[ 1071.164722][ T6086] team0 (unregistering): Port device team_slave_1 removed
[ 1071.427192][ T6086] team0 (unregistering): Port device team_slave_0 removed
[ 1074.433402][T13479] bond0: entered promiscuous mode
[ 1074.493575][T13481] overlayfs: failed to clone upperpath
[ 1075.214446][T13497] ptrace attach of "./syz-executor exec"[5838] was attempted by "                                                                ��\x0c��H;�'���Sde/Ȑ|�zP��иW��\x0b�P�<�I7�{���Wr�עӇam�L5��{�޶-ڨ���ظ�����E�f�YS�7�?�V�s��\x0b�M�������`���g��ر/◒��U�C�ΐ�OG�Dn��\x07��w��m}O��q�����p�]��K|I(����9�/�k��Y_�֤vqy����rƲ�.+/�n�y�]�6�B\x5c
*���Lo��� �\x0a��B�\x0d��An���\x0bptQU�olL��obB��M�����ȹ.��T3#(D�\x1b�����?-�M��M�\x0d�{�X���Lhl1G�J(��\x0a����\x07�b\x0cf��\x5c�L�e#�y�w�O%�0��,��zǂ�r�\x5cH�\x22�@)E�lĪo��=��0}�|�����m ��~�M��UK\x0b�QoDU1h$�t�Qf�\x0b�;\x0bvN�T/��rP��x0m�؇dG>�t5Q�I����0k��p��;����t�>?7~��՞��8�)>�\x0a.F�v\x5c0CP�{�\x07ԭ4OT)���%��DkfCkF 籥�;��m\x0c�v�\x0cTʪz5��m֢����v����ī'c���^ت�g_\x0bƍ��8�)c,�(q��e�B���㑻SPt4�o� 
�I�HwL#��@mU�p�E�^a��gh~d�_��9\x07r|��GJj+&ҽk(�\x07���rn�E�4�(����#ë�\x0b Y�βB��\x0aЦ&��R��`�?��L1t����իw��.M�=3�|G����s�m�g�4`|\x22{б�춋���1�[{��ȯw/B�_g�6-�qyk*�o��\x0d\x5cc8����\x5
[ 1076.889805][T13505] input: syz1 as /devices/virtual/input/input21
[ 1081.094530][T13518] siw: device registration error -23
[ 1081.311061][ T5846] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1081.324909][ T5846] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1081.326917][ T5846] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1081.350644][ T5846] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1081.369700][ T5846] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1083.365447][T13519] lo speed is unknown, defaulting to 1000
[ 1083.367168][T13519] lo speed is unknown, defaulting to 1000
[ 1083.477041][ T9922] Bluetooth: hci5: command tx timeout
[ 1084.272715][T13519] chnl_net:caif_netlink_parms(): no params data found
[ 1086.105903][ T9922] Bluetooth: hci5: command tx timeout
[ 1086.721574][T13519] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1086.721712][T13519] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1086.721964][T13519] bridge_slave_0: entered allmulticast mode
[ 1086.745709][T13519] bridge_slave_0: entered promiscuous mode
[ 1086.784818][T13519] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1086.784966][T13519] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1086.785231][T13519] bridge_slave_1: entered allmulticast mode
[ 1086.787960][T13519] bridge_slave_1: entered promiscuous mode
[ 1087.347426][T13519] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1087.349878][T13519] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1088.001151][   T37] kauditd_printk_skb: 147 callbacks suppressed
[ 1088.001193][   T37] audit: type=1326 audit(1756820849.346:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13591 comm="syz.4.2037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88c7bbebe9 code=0x7ffc0000
[ 1088.001446][   T37] audit: type=1326 audit(1756820849.346:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13591 comm="syz.4.2037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88c7bbebe9 code=0x7ffc0000
[ 1088.001750][   T37] audit: type=1326 audit(1756820849.356:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13591 comm="syz.4.2037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=66 compat=0 ip=0x7f88c7bbebe9 code=0x7ffc0000
[ 1088.002001][   T37] audit: type=1326 audit(1756820849.356:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13591 comm="syz.4.2037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88c7bbebe9 code=0x7ffc0000
[ 1088.002244][   T37] audit: type=1326 audit(1756820849.356:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13591 comm="syz.4.2037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88c7bbebe9 code=0x7ffc0000
[ 1088.002463][   T37] audit: type=1326 audit(1756820849.356:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13591 comm="syz.4.2037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f88c7bbebe9 code=0x7ffc0000
[ 1088.633871][ T9922] Bluetooth: hci5: command tx timeout
[ 1089.295737][T13519] team0: Port device team_slave_0 added
[ 1089.299301][T13519] team0: Port device team_slave_1 added
[ 1089.747267][T13519] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1089.747285][T13519] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1089.747311][T13519] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1089.752191][T13519] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1089.752206][T13519] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1089.752231][T13519] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1090.299775][   T37] audit: type=1326 audit(1756820851.666:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13614 comm="syz.4.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88c7bbebe9 code=0x7ffc0000
[ 1090.299828][   T37] audit: type=1326 audit(1756820851.676:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13614 comm="syz.4.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88c7bbebe9 code=0x7ffc0000
[ 1090.358472][T13519] hsr_slave_0: entered promiscuous mode
[ 1090.359850][T13519] hsr_slave_1: entered promiscuous mode
[ 1090.673927][ T9922] Bluetooth: hci5: command tx timeout
[ 1095.269617][   T37] audit: type=1326 audit(1756820855.976:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13637 comm="syz.6.2047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bae1eebe9 code=0x7ffc0000
[ 1095.269669][   T37] audit: type=1326 audit(1756820855.976:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13637 comm="syz.6.2047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bae1eebe9 code=0x7ffc0000
[ 1095.269706][   T37] audit: type=1326 audit(1756820855.976:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13637 comm="syz.6.2047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f5bae1eebe9 code=0x7ffc0000
[ 1095.580906][T13644] virtio-fs: tag </dev/md0> not found
[ 1095.692439][T13652] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2046'.
[ 1096.221006][T13519] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1096.407135][T13519] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1096.577343][T13519] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1096.665567][T13519] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1097.150106][T13678] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2053'.
[ 1097.150122][T13678] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2053'.
[ 1097.970778][T13519] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1098.408617][T13519] 8021q: adding VLAN 0 to HW filter on device team0
[ 1098.556260][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1098.556433][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1098.660688][ T6092] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1098.663925][ T6092] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1099.055643][T13697] overlayfs: failed to clone upperpath
[ 1100.442458][ T5846] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1100.494100][ T5846] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1100.499612][ T5846] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1100.529495][ T5846] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1100.530310][ T5846] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1100.841873][T13703] lo speed is unknown, defaulting to 1000
[ 1100.851115][T13703] lo speed is unknown, defaulting to 1000
[ 1101.474674][T11862] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[ 1101.697997][T11862] usb 7-1: config 1 has an invalid interface number: 7 but max is 0
[ 1101.698015][T11862] usb 7-1: config 1 has no interface number 0
[ 1101.698045][T11862] usb 7-1: config 1 interface 7 altsetting 0 bulk endpoint 0x9 has invalid maxpacket 16
[ 1101.698069][T11862] usb 7-1: config 1 interface 7 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1101.818404][T11862] usb 7-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[ 1101.818423][T11862] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1101.818433][T11862] usb 7-1: Product: syz
[ 1101.818440][T11862] usb 7-1: Manufacturer: syz
[ 1101.818446][T11862] usb 7-1: SerialNumber: syz
[ 1101.877092][ T6089] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1102.039170][T13720] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1102.039714][T13720] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1102.056643][T11862] usb 7-1: Expected 3 endpoints, found: 2
[ 1102.326118][T13731] siw: device registration error -23
[ 1102.674470][ T9922] Bluetooth: hci4: command tx timeout
[ 1102.739504][T13519] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1103.058374][T13703] chnl_net:caif_netlink_parms(): no params data found
[ 1103.352426][T13747] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2065'.
[ 1104.158001][   T37] audit: type=1800 audit(1756820865.516:301): pid=13753 uid=0 auid=4294967295 ses=4294967295 subj=_ op=set_data cause=unavailable-hash-algorithm comm="syz.3.2067" name="/newroot/490/file0" dev="tmpfs" ino=2571 res=0 errno=0
[ 1104.432947][T13703] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1104.455452][T13703] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1104.455784][T13703] bridge_slave_0: entered allmulticast mode
[ 1104.521956][T13703] bridge_slave_0: entered promiscuous mode
[ 1104.533308][T13703] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1104.533446][T13703] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1104.533597][T13703] bridge_slave_1: entered allmulticast mode
[ 1104.556763][T13703] bridge_slave_1: entered promiscuous mode
[ 1104.753778][ T9922] Bluetooth: hci4: command tx timeout
[ 1104.867131][T13703] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1104.885982][T13703] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1106.194246][T11862] usb 7-1: USB disconnect, device number 11
[ 1106.481229][T13703] team0: Port device team_slave_0 added
[ 1106.504495][T13703] team0: Port device team_slave_1 added
[ 1106.833909][ T9922] Bluetooth: hci4: command tx timeout
[ 1107.141061][T13802] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1107.874857][T13703] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1107.874874][T13703] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1107.874898][T13703] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1107.955741][T13703] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1107.955757][T13703] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1107.955782][T13703] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1108.749353][T13703] hsr_slave_0: entered promiscuous mode
[ 1108.785509][T13703] hsr_slave_1: entered promiscuous mode
[ 1108.804279][T13703] debugfs: 'hsr0' already exists in 'hsr'
[ 1108.804307][T13703] Cannot create hsr debugfs directory
[ 1108.936957][ T9922] Bluetooth: hci4: command tx timeout
[ 1110.107433][T13519] veth0_vlan: entered promiscuous mode
[ 1110.370520][T13519] veth1_vlan: entered promiscuous mode
[ 1110.383824][ T5933] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[ 1110.554819][ T5933] usb 7-1: Using ep0 maxpacket: 8
[ 1110.556858][ T5933] usb 7-1: config 0 has no interfaces?
[ 1110.559315][ T5933] usb 7-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[ 1110.559329][ T5933] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1110.559339][ T5933] usb 7-1: Product: syz
[ 1110.559346][ T5933] usb 7-1: Manufacturer: syz
[ 1110.559353][ T5933] usb 7-1: SerialNumber: syz
[ 1110.618558][ T5933] usb 7-1: config 0 descriptor??
[ 1110.860338][ T5828] usb 7-1: USB disconnect, device number 12
[ 1111.276224][T13519] veth0_macvtap: entered promiscuous mode
[ 1111.311571][T13519] veth1_macvtap: entered promiscuous mode
[ 1111.369396][T13519] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1111.483302][T13519] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1111.875432][ T1108] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1111.926974][   T12] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1112.016112][   T12] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1112.787701][ T6089] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1112.983810][T13703] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1112.988524][T13863] 9pnet_virtio: no channels available for device syz
[ 1112.991740][T13863] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1112.991760][T13863] overlayfs: missing 'lowerdir'
[ 1113.293799][T13703] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1113.700797][T13703] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1113.839200][T13703] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1114.783338][ T6092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1114.783357][ T6092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1114.944752][T13896] loop7: detected capacity change from 0 to 7
[ 1114.957487][    C1] blk_print_req_error: 5 callbacks suppressed
[ 1114.957520][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1114.957548][    C1] buffer_io_error: 5 callbacks suppressed
[ 1114.957557][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1114.966893][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1114.966928][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1114.967235][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1114.967261][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1114.967478][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1114.967503][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1114.967715][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1114.967740][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1114.971435][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1114.971465][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1114.971765][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1114.971791][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1114.997260][T13631] ldm_validate_partition_table(): Disk read failed.
[ 1115.003747][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1115.003782][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1115.014959][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1115.014991][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1115.018305][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1115.018337][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1115.018643][T13631] Dev loop7: unable to read RDB block 0
[ 1115.019473][T13631]  loop7: unable to read partition table
[ 1115.019709][T13631] loop7: partition table beyond EOD, truncated
[ 1115.272260][T10694] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1115.272279][T10694] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1115.731187][T13898] Invalid logical block size (6)
[ 1115.833866][T13896] ldm_validate_partition_table(): Disk read failed.
[ 1115.946789][T13896] Dev loop7: unable to read RDB block 0
[ 1115.978440][T13896]  loop7: unable to read partition table
[ 1115.978650][T13896] loop7: partition table beyond EOD, truncated
[ 1115.978689][T13896] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[ 1116.604672][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[ 1116.756417][T13703] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1116.919825][T13703] 8021q: adding VLAN 0 to HW filter on device team0
[ 1117.032899][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1117.033128][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1117.158945][ T6091] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1117.159097][ T6091] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1119.969960][T13703] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1122.826204][T13703] veth0_vlan: entered promiscuous mode
[ 1122.865602][T13703] veth1_vlan: entered promiscuous mode
[ 1123.134590][T13703] veth0_macvtap: entered promiscuous mode
[ 1123.274646][T13703] veth1_macvtap: entered promiscuous mode
[ 1123.470107][T13703] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1123.626806][T13703] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1123.762340][ T6091] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1123.762872][ T6091] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1123.763390][ T6091] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1123.764252][ T6091] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1125.098314][ T6085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1125.098332][ T6085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1126.033074][ T6088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1126.033090][ T6088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1126.574624][T11862] usb 7-1: new full-speed USB device number 13 using dummy_hcd
[ 1126.736071][T11862] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1126.736087][T11862] usb 7-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[ 1126.736097][T11862] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1126.736129][T11862] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 12336, setting to 64
[ 1126.911677][T11862] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1126.911695][T11862] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1126.911706][T11862] usb 7-1: Product: syz
[ 1126.911712][T11862] usb 7-1: Manufacturer: syz
[ 1127.144112][T11862] cdc_wdm 7-1:1.0: skipping garbage
[ 1127.144131][T11862] cdc_wdm 7-1:1.0: skipping garbage
[ 1127.289658][T11862] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[ 1127.289678][T11862] cdc_wdm 7-1:1.0: Unknown control protocol
[ 1127.370221][T11862] usb 7-1: USB disconnect, device number 13
[ 1130.070912][T14098] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[ 1130.070930][T14098] overlayfs: missing 'lowerdir'
[ 1130.572894][T14103] 9pnet_virtio: no channels available for device syz
[ 1132.366114][T14124] 9pnet_virtio: no channels available for device syz
[ 1132.610751][T14131] 9pnet_virtio: no channels available for device syz
[ 1132.626794][T14131] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1132.626813][T14131] overlayfs: missing 'lowerdir'
[ 1133.888831][T10694] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1134.681202][T14158] program syz.6.2153 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1135.357837][T14169] hsr0: entered allmulticast mode
[ 1135.357858][T14169] hsr_slave_0: entered allmulticast mode
[ 1135.357882][T14169] hsr_slave_1: entered allmulticast mode
[ 1135.399072][T14169] hsr_slave_0: left promiscuous mode
[ 1135.583926][   T37] audit: type=1326 audit(1756820896.956:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14170 comm="syz.8.2157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbced9ebe9 code=0x7ffc0000
[ 1135.585083][   T37] audit: type=1326 audit(1756820896.966:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14170 comm="syz.8.2157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbced9ebe9 code=0x7ffc0000
[ 1135.586256][   T37] audit: type=1326 audit(1756820896.966:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14170 comm="syz.8.2157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fcbced9e7eb code=0x7ffc0000
[ 1135.587803][   T37] audit: type=1326 audit(1756820896.966:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14170 comm="syz.8.2157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbced9ebe9 code=0x7ffc0000
[ 1135.588178][   T37] audit: type=1326 audit(1756820896.966:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14170 comm="syz.8.2157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcbced9ebe9 code=0x7ffc0000
[ 1135.599493][   T37] audit: type=1326 audit(1756820896.966:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14170 comm="syz.8.2157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbced9ebe9 code=0x7ffc0000
[ 1135.599543][   T37] audit: type=1326 audit(1756820896.976:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14170 comm="syz.8.2157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbced9ebe9 code=0x7ffc0000
[ 1135.599583][   T37] audit: type=1326 audit(1756820896.976:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14170 comm="syz.8.2157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fcbced9ebe9 code=0x7ffc0000
[ 1135.599621][   T37] audit: type=1326 audit(1756820896.976:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14170 comm="syz.8.2157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbced9ebe9 code=0x7ffc0000
[ 1135.599659][   T37] audit: type=1326 audit(1756820896.976:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14170 comm="syz.8.2157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbced9ebe9 code=0x7ffc0000
[ 1135.825772][T14169] hsr_slave_1: left promiscuous mode
[ 1136.024181][T14169] hsr0 (unregistering): left allmulticast mode
[ 1136.126119][T14175] netlink: 'syz.4.2158': attribute type 1 has an invalid length.
[ 1136.433711][T14176] bond2: (slave bridge1): making interface the new active one
[ 1136.449574][T14176] bond2: (slave bridge1): Enslaving as an active interface with an up link
[ 1136.742519][T14188] 9pnet_virtio: no channels available for device syz
[ 1136.914958][T14188] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1136.914990][T14188] overlayfs: missing 'lowerdir'
[ 1137.396394][T14198] tipc: Can't bind to reserved service type 0
[ 1137.542077][T14196] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2164'.
[ 1139.335561][T14196] dummy0: entered promiscuous mode
[ 1139.337373][T14196] macvtap1: entered promiscuous mode
[ 1139.337600][T14196] macvtap1: entered allmulticast mode
[ 1139.337613][T14196] dummy0: entered allmulticast mode
[ 1142.660087][T14244] 9pnet_virtio: no channels available for device syz
[ 1142.678844][T14244] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1142.678875][T14244] overlayfs: missing 'lowerdir'
[ 1145.890364][T14278] netlink: 'syz.3.2183': attribute type 2 has an invalid length.
[ 1145.891699][T14278] netlink: 'syz.3.2183': attribute type 19 has an invalid length.
[ 1147.730233][T14295] 9pnet_virtio: no channels available for device syz
[ 1147.744991][T14295] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1147.745010][T14295] overlayfs: missing 'lowerdir'
[ 1150.440450][T14324] netlink: 64 bytes leftover after parsing attributes in process `syz.6.2196'.
[ 1150.541921][T14328] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2197'.
[ 1150.644112][ T5828] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[ 1151.337801][T14332] lo speed is unknown, defaulting to 1000
[ 1151.339263][T14332] lo speed is unknown, defaulting to 1000
[ 1151.955710][ T5828] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1151.955732][ T5828] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1151.955753][ T5828] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1151.955765][ T5828] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1151.960707][T14325] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[ 1152.039346][ T5828] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[ 1152.197566][ T5828] usb 9-1: USB disconnect, device number 2
[ 1152.321347][T13631] udevd[13631]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1153.069703][T14348] 9pnet_virtio: no channels available for device syz
[ 1153.080857][T14348] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1153.080888][T14348] overlayfs: missing 'lowerdir'
[ 1155.103874][ T5933] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[ 1155.131661][T14373] nftables ruleset with unbound chain
[ 1155.263760][ T5933] usb 7-1: Using ep0 maxpacket: 8
[ 1155.266404][ T5933] usb 7-1: config 0 has no interfaces?
[ 1155.269506][ T5933] usb 7-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[ 1155.269531][ T5933] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1155.269548][ T5933] usb 7-1: Product: syz
[ 1155.269561][ T5933] usb 7-1: Manufacturer: syz
[ 1155.269573][ T5933] usb 7-1: SerialNumber: syz
[ 1155.375976][ T5933] usb 7-1: config 0 descriptor??
[ 1155.423547][T14383] fuse: Unknown parameter ''
[ 1155.423870][ T5850] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[ 1155.447131][T14383] 9pnet_virtio: no channels available for device syz
[ 1155.465114][T14383] overlayfs: failed to clone upperpath
[ 1155.585404][ T5933] usb 7-1: USB disconnect, device number 14
[ 1155.593830][ T5850] usb 8-1: Using ep0 maxpacket: 8
[ 1155.596461][ T5850] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[ 1155.596517][ T5850] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1155.596543][ T5850] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1155.596566][ T5850] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1155.596589][ T5850] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1155.601160][ T5850] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[ 1155.601232][ T5850] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1155.601257][ T5850] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1155.601279][ T5850] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1155.601301][ T5850] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1155.605722][ T5850] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[ 1155.605774][ T5850] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1155.605798][ T5850] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1155.605820][ T5850] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1155.605843][ T5850] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1155.678778][ T5850] usb 8-1: string descriptor 0 read error: -22
[ 1155.678925][ T5850] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1155.678954][ T5850] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1155.739902][ T5850] adutux 8-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1156.261883][T14391] hub 9-0:1.0: USB hub found
[ 1156.270390][T14391] hub 9-0:1.0: 1 port detected
[ 1157.504766][ T5844] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[ 1157.654947][ T5844] usb 7-1: too many configurations: 9, using maximum allowed: 8
[ 1157.676833][ T5844] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1157.676906][ T5844] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1157.676931][ T5844] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1157.679483][ T5844] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1157.679516][ T5844] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1157.679530][ T5844] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1157.681750][ T5844] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1157.681790][ T5844] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1157.681804][ T5844] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1157.893256][ T5844] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1157.893452][ T5844] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1157.893510][ T5844] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1157.934392][ T5844] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1157.934429][ T5844] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1157.934443][ T5844] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1157.935388][ T5844] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1157.935420][ T5844] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1157.935434][ T5844] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1157.939304][ T5844] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1157.939339][ T5844] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1157.939352][ T5844] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1157.940568][ T5844] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1157.940599][ T5844] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1157.940612][ T5844] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1158.163028][ T5844] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1158.163056][ T5844] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1158.163075][ T5844] usb 7-1: Product: syz
[ 1158.163124][ T5844] usb 7-1: Manufacturer: syz
[ 1158.163171][ T5844] usb 7-1: SerialNumber: syz
[ 1158.268422][ T5844] usb 7-1: config 0 descriptor??
[ 1158.356002][ T5844] yurex 7-1:0.0: USB YUREX device now attached to Yurex #1
[ 1158.563223][T14411] netlink: 60 bytes leftover after parsing attributes in process `syz.7.2207'.
[ 1159.604275][    C1] vcan0: j1939_tp_rxtimer: 0xffff88803e51a000: rx timeout, send abort
[ 1159.611213][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88803e51a000: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1160.804322][ T7872] usb 7-1: USB disconnect, device number 15
[ 1160.828442][ T7872] yurex 7-1:0.0: USB YUREX #1 now disconnected
[ 1160.994416][ T8837] usb 8-1: USB disconnect, device number 2
[ 1162.534853][ T5828] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[ 1162.715355][ T5828] usb 8-1: Using ep0 maxpacket: 8
[ 1162.717128][ T5828] usb 8-1: config 0 has no interfaces?
[ 1162.719424][ T5828] usb 8-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[ 1162.719439][ T5828] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1162.719449][ T5828] usb 8-1: Product: syz
[ 1162.719456][ T5828] usb 8-1: Manufacturer: syz
[ 1162.719463][ T5828] usb 8-1: SerialNumber: syz
[ 1162.727473][ T5828] usb 8-1: config 0 descriptor??
[ 1162.935651][ T5828] usb 8-1: USB disconnect, device number 3
[ 1170.859604][ T6091] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1171.241841][T14502] block nbd6: Attempted send on invalid socket
[ 1171.241864][T14502] blk_print_req_error: 25 callbacks suppressed
[ 1171.241877][T14502] I/O error, dev nbd6, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1171.242447][T14502] block nbd6: Attempted send on invalid socket
[ 1171.242461][T14502] I/O error, dev nbd6, sector 256 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1171.242559][T14502] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[ 1172.223828][T14502] block nbd6: Attempted send on invalid socket
[ 1172.223853][T14502] I/O error, dev nbd6, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1172.223974][T14502] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[ 1172.472889][T14502] block nbd6: Attempted send on invalid socket
[ 1172.472913][T14502] I/O error, dev nbd6, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1172.473283][T14502] block nbd6: Attempted send on invalid socket
[ 1172.473297][T14502] I/O error, dev nbd6, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1172.473389][T14502] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[ 1172.490630][T14502] block nbd6: Attempted send on invalid socket
[ 1172.494891][T14502] I/O error, dev nbd6, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1172.495017][T14502] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[ 1172.501512][T14502] block nbd6: Attempted send on invalid socket
[ 1172.501535][T14502] I/O error, dev nbd6, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1172.501890][T14502] block nbd6: Attempted send on invalid socket
[ 1172.501904][T14502] I/O error, dev nbd6, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1172.501996][T14502] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[ 1172.502200][T14502] block nbd6: Attempted send on invalid socket
[ 1172.502214][T14502] I/O error, dev nbd6, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1172.502305][T14502] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[ 1172.517547][T14502] block nbd6: Attempted send on invalid socket
[ 1172.517570][T14502] I/O error, dev nbd6, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1172.550163][T14502] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[ 1172.550465][T14502] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[ 1172.550491][T14502] UDF-fs: warning (device nbd6): udf_fill_super: No partition found (1)
[ 1176.006102][ T5844] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[ 1176.324995][ T5844] usb 7-1: Using ep0 maxpacket: 8
[ 1176.330025][ T5844] usb 7-1: config 0 has no interfaces?
[ 1176.348280][ T5844] usb 7-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[ 1176.348306][ T5844] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1176.348324][ T5844] usb 7-1: Product: syz
[ 1176.348336][ T5844] usb 7-1: Manufacturer: syz
[ 1176.348348][ T5844] usb 7-1: SerialNumber: syz
[ 1176.379995][ T5844] usb 7-1: config 0 descriptor??
[ 1176.595799][ T5926] usb 7-1: USB disconnect, device number 16
[ 1178.039052][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[ 1178.138066][T14561] input input22: cannot allocate more than FF_MAX_EFFECTS effects
[ 1182.059054][ T5846] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1182.069304][ T5846] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1182.074113][ T5846] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1182.087494][ T5846] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1182.090794][ T5846] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1182.432510][T14603] IPv6: NLM_F_REPLACE set, but no existing node found!
[ 1183.544868][T14595] lo speed is unknown, defaulting to 1000
[ 1183.724085][T14607] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2261'.
[ 1184.193993][ T5846] Bluetooth: hci1: command tx timeout
[ 1184.636021][T14595] lo speed is unknown, defaulting to 1000
[ 1186.117695][T14617] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 1186.117727][T14617] overlayfs: failed to set xattr on upper
[ 1186.117735][T14617] overlayfs: ...falling back to redirect_dir=nofollow.
[ 1186.117742][T14617] overlayfs: ...falling back to index=off.
[ 1186.117749][T14617] overlayfs: ...falling back to uuid=null.
[ 1186.273757][ T5846] Bluetooth: hci1: command tx timeout
[ 1187.334902][T14630] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2267'.
[ 1187.521129][ T5933] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[ 1187.521165][ T5933] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[ 1187.521191][ T5933] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[ 1187.521214][ T5933] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[ 1187.521238][ T5933] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[ 1187.521262][ T5933] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[ 1187.521286][ T5933] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[ 1187.521314][ T5933] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[ 1187.521337][ T5933] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[ 1187.521361][ T5933] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[ 1187.867118][T14595] chnl_net:caif_netlink_parms(): no params data found
[ 1187.935375][ T5933] hid-generic 0000:007F:FFFFFFFE.000A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1188.295986][T14644] fido_id[14644]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[ 1188.353833][ T5846] Bluetooth: hci1: command tx timeout
[ 1188.937370][T14650] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2271'.
[ 1190.403182][T14659] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2272'.
[ 1190.466667][ T5846] Bluetooth: hci1: command tx timeout
[ 1191.086321][T14665] 9pnet_virtio: no channels available for device syz
[ 1193.266643][T14659] batadv1: entered allmulticast mode
[ 1193.404731][    C1] ------------[ cut here ]------------
[ 1193.404747][    C1] WARNING: CPU: 1 PID: 29 at ./include/linux/seqlock.h:221 est_timer+0x6dc/0x9f0
[ 1193.404774][    C1] Modules linked in:
[ 1193.404788][    C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1193.404801][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1193.404808][    C1] RIP: 0010:est_timer+0x6dc/0x9f0
[ 1193.404820][    C1] Code: ff c7 42 80 3c 23 00 74 08 4c 89 f7 e8 bd 2c 41 f9 4d 89 3e 42 80 3c 23 00 0f 85 54 ff ff ff e9 57 ff ff ff e8 d5 f4 e1 f8 90 <0f> 0b 90 e9 63 fd ff ff 44 89 e1 80 e1 07 38 c1 0f 8c 65 fa ff ff
[ 1193.404830][    C1] RSP: 0018:ffffc90000a3f7a0 EFLAGS: 00010246
[ 1193.404839][    C1] RAX: ffffffff88dc69fb RBX: 0000000000000001 RCX: ffff88801cab1dc0
[ 1193.404847][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100
[ 1193.404854][    C1] RBP: ffffc90000a3f8b0 R08: 0000000000000000 R09: 0000000000000100
[ 1193.404861][    C1] R10: dffffc0000000000 R11: fffff52000147f0a R12: 0000000000000004
[ 1193.404869][    C1] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8880485ad468
[ 1193.404876][    C1] FS:  0000000000000000(0000) GS:ffff8881269c2000(0000) knlGS:0000000000000000
[ 1193.404885][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1193.404893][    C1] CR2: 00007f88c7df7dac CR3: 0000000032106000 CR4: 00000000003526f0
[ 1193.404903][    C1] Call Trace:
[ 1193.404908][    C1]  <TASK>
[ 1193.404922][    C1]  ? __pfx_est_timer+0x10/0x10
[ 1193.404942][    C1]  call_timer_fn+0x17b/0x5f0
[ 1193.404957][    C1]  ? __pfx_est_timer+0x10/0x10
[ 1193.404968][    C1]  ? call_timer_fn+0xbe/0x5f0
[ 1193.404980][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[ 1193.405000][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1193.405014][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1193.405027][    C1]  ? __pfx_est_timer+0x10/0x10
[ 1193.405039][    C1]  __run_timer_base+0x648/0x970
[ 1193.405061][    C1]  ? __pfx___run_timer_base+0x10/0x10
[ 1193.405085][    C1]  run_timer_softirq+0xb7/0x180
[ 1193.405098][    C1]  handle_softirqs+0x22c/0x710
[ 1193.405117][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 1193.405137][    C1]  run_ktimerd+0xcf/0x190
[ 1193.405151][    C1]  ? __pfx_run_ktimerd+0x10/0x10
[ 1193.405164][    C1]  ? schedule+0x91/0x360
[ 1193.405181][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[ 1193.405193][    C1]  smpboot_thread_fn+0x542/0xa60
[ 1193.405207][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[ 1193.405225][    C1]  kthread+0x711/0x8a0
[ 1193.405243][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[ 1193.405255][    C1]  ? __pfx_kthread+0x10/0x10
[ 1193.405273][    C1]  ? __pfx_kthread+0x10/0x10
[ 1193.405289][    C1]  ret_from_fork+0x3f9/0x770
[ 1193.405304][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1193.405322][    C1]  ? __switch_to_asm+0x39/0x70
[ 1193.405331][    C1]  ? __switch_to_asm+0x33/0x70
[ 1193.405340][    C1]  ? __pfx_kthread+0x10/0x10
[ 1193.405356][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1193.405376][    C1]  </TASK>
[ 1193.405382][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1193.405390][    C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1193.405402][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1193.405408][    C1] Call Trace:
[ 1193.405412][    C1]  <TASK>
[ 1193.405416][    C1]  dump_stack_lvl+0x99/0x250
[ 1193.405431][    C1]  ? __asan_memcpy+0x40/0x70
[ 1193.405443][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1193.405458][    C1]  ? __pfx__printk+0x10/0x10
[ 1193.405477][    C1]  vpanic+0x281/0x750
[ 1193.405492][    C1]  ? __pfx__printk+0x10/0x10
[ 1193.405503][    C1]  ? __pfx_vpanic+0x10/0x10
[ 1193.405517][    C1]  ? is_bpf_text_address+0x26/0x2b0
[ 1193.405539][    C1]  panic+0xb9/0xc0
[ 1193.405553][    C1]  ? __pfx_panic+0x10/0x10
[ 1193.405577][    C1]  __warn+0x31b/0x4b0
[ 1193.405590][    C1]  ? est_timer+0x6dc/0x9f0
[ 1193.405603][    C1]  ? est_timer+0x6dc/0x9f0
[ 1193.405614][    C1]  report_bug+0x2be/0x4f0
[ 1193.405627][    C1]  ? est_timer+0x6dc/0x9f0
[ 1193.405638][    C1]  ? est_timer+0x6dc/0x9f0
[ 1193.405655][    C1]  ? est_timer+0x6de/0x9f0
[ 1193.405666][    C1]  handle_bug+0x84/0x160
[ 1193.405682][    C1]  exc_invalid_op+0x1a/0x50
[ 1193.405697][    C1]  asm_exc_invalid_op+0x1a/0x20
[ 1193.405708][    C1] RIP: 0010:est_timer+0x6dc/0x9f0
[ 1193.405719][    C1] Code: ff c7 42 80 3c 23 00 74 08 4c 89 f7 e8 bd 2c 41 f9 4d 89 3e 42 80 3c 23 00 0f 85 54 ff ff ff e9 57 ff ff ff e8 d5 f4 e1 f8 90 <0f> 0b 90 e9 63 fd ff ff 44 89 e1 80 e1 07 38 c1 0f 8c 65 fa ff ff
[ 1193.405729][    C1] RSP: 0018:ffffc90000a3f7a0 EFLAGS: 00010246
[ 1193.405737][    C1] RAX: ffffffff88dc69fb RBX: 0000000000000001 RCX: ffff88801cab1dc0
[ 1193.405745][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100
[ 1193.405752][    C1] RBP: ffffc90000a3f8b0 R08: 0000000000000000 R09: 0000000000000100
[ 1193.405759][    C1] R10: dffffc0000000000 R11: fffff52000147f0a R12: 0000000000000004
[ 1193.405767][    C1] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8880485ad468
[ 1193.405778][    C1]  ? est_timer+0x6db/0x9f0
[ 1193.405802][    C1]  ? __pfx_est_timer+0x10/0x10
[ 1193.405820][    C1]  call_timer_fn+0x17b/0x5f0
[ 1193.405833][    C1]  ? __pfx_est_timer+0x10/0x10
[ 1193.405844][    C1]  ? call_timer_fn+0xbe/0x5f0
[ 1193.405856][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[ 1193.405875][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1193.405888][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1193.405900][    C1]  ? __pfx_est_timer+0x10/0x10
[ 1193.405912][    C1]  __run_timer_base+0x648/0x970
[ 1193.405934][    C1]  ? __pfx___run_timer_base+0x10/0x10
[ 1193.405956][    C1]  run_timer_softirq+0xb7/0x180
[ 1193.405969][    C1]  handle_softirqs+0x22c/0x710
[ 1193.405988][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 1193.406007][    C1]  run_ktimerd+0xcf/0x190
[ 1193.406021][    C1]  ? __pfx_run_ktimerd+0x10/0x10
[ 1193.406033][    C1]  ? schedule+0x91/0x360
[ 1193.406050][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[ 1193.406062][    C1]  smpboot_thread_fn+0x542/0xa60
[ 1193.406076][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[ 1193.406094][    C1]  kthread+0x711/0x8a0
[ 1193.406111][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[ 1193.406123][    C1]  ? __pfx_kthread+0x10/0x10
[ 1193.406141][    C1]  ? __pfx_kthread+0x10/0x10
[ 1193.406156][    C1]  ret_from_fork+0x3f9/0x770
[ 1193.406171][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1193.406188][    C1]  ? __switch_to_asm+0x39/0x70
[ 1193.406197][    C1]  ? __switch_to_asm+0x33/0x70
[ 1193.406206][    C1]  ? __pfx_kthread+0x10/0x10
[ 1193.406221][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1193.406241][    C1]  </TASK>
[ 1193.406502][    C1] Kernel Offset: disabled